Solved Antimalware Doctor Inc

living life · 2010/08/20

[Resolved] Antimalware Doctor Inc

Hi there,

This just showed up on my laptop this morning!

I am attaching the mbam and panda logs.

Thank you for your help!
Living life

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4451

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

8/20/2010 8:13:24 AM
mbam-log-2010-08-20 (08-13-24).txt

Scan type: Quick scan
Objects scanned: 153911
Time elapsed: 6 minute(s), 45 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 4
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
C:\Users\Andrew\AppData\Roaming\5CE2A6BA57EA9EF51EE22CCA1D948AC3\newsecureapp70700.exe (Malware.Packer.Gen) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\AVSolution (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AVSolution (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\newsecureapp70700.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mrwuugpy (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uyawunakamika (Trojan.Agent.U) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jkexigihaji (Trojan.Agent.U) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ( "regedit.exe" "%1 ") Good: (regedit.exe "%1 ") -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Andrew\AppData\Roaming\5CE2A6BA57EA9EF51EE22CCA1D948AC3\newsecureapp70700.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\Andrew\Favorites\_favdata.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\Andrew\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Antimalware Doctor.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.
C:\Users\Andrew\Local Settings\Application Data\Windows Server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully.

;***********************************************************************************************************************************************************************************
ANALYSIS: 2010-08-20 11:07:46
PROTECTIONS: 1
MALWARE: 17
SUSPECTS: 3
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
AVG Anti-Virus Free Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No c:\users\grant\appdata\local\temp\low\cookies\grant@casalemedia[2].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No c:\users\grant\appdata\roaming\microsoft\windows\cookies\grant@casalemedia[2].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\grant\appdata\roaming\microsoft\windows\cookies\grant@doubleclick[5].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\grant\appdata\roaming\microsoft\windows\cookies\grant@doubleclick[4].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\grant\appdata\roaming\microsoft\windows\cookies\grant@doubleclick[3].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\grant\appdata\roaming\microsoft\windows\cookies\grant@doubleclick[2].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\grant\appdata\roaming\microsoft\windows\cookies\grant@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\grant\appdata\local\temp\low\cookies\grant@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\andrew\appdata\roaming\microsoft\windows\cookies\andrew@atdmt[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\guest\appdata\roaming\microsoft\windows\cookies\guest@atdmt[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\grant\appdata\roaming\microsoft\windows\cookies\grant@atdmt[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\grant\appdata\roaming\microsoft\windows\cookies\grant@atdmt[5].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\grant\appdata\roaming\microsoft\windows\cookies\grant@atdmt[4].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\grant\appdata\roaming\microsoft\windows\cookies\grant@atdmt[3].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No c:\users\grant\appdata\roaming\microsoft\windows\cookies\grant@atdmt[2].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No c:\users\guest\appdata\roaming\microsoft\windows\cookies\guest@fastclick[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\users\grant\appdata\roaming\microsoft\windows\cookies\grant@mediaplex[2].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No c:\users\grant\appdata\roaming\microsoft\windows\cookies\grant@com[2].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No c:\users\grant\appdata\roaming\microsoft\windows\cookies\grant@com[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\grant\appdata\roaming\microsoft\windows\cookies\grant@ad.yieldmanager[3].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\grant\appdata\roaming\microsoft\windows\cookies\grant@ad.yieldmanager[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\grant\appdata\roaming\microsoft\windows\cookies\grant@ad.yieldmanager[4].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\guest\appdata\roaming\microsoft\windows\cookies\guest@ad.yieldmanager[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\grant\appdata\local\temp\low\cookies\grant@ad.yieldmanager[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\grant\appdata\roaming\microsoft\windows\cookies\grant@ad.yieldmanager[1].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\users\grant\appdata\roaming\microsoft\windows\cookies\grant@apmebf[1].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No c:\users\grant\appdata\roaming\microsoft\windows\cookies\grant@burstnet[1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\grant\appdata\roaming\microsoft\windows\cookies\grant@serving-sys[1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\grant\appdata\roaming\microsoft\windows\cookies\grant@serving-sys[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\grant\appdata\local\temp\low\cookies\grant@serving-sys[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\grant\appdata\roaming\microsoft\windows\cookies\grant@serving-sys[4].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\grant\appdata\roaming\microsoft\windows\cookies\grant@bs.serving-sys[1].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\grant\appdata\roaming\microsoft\windows\cookies\grant@bs.serving-sys[2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\grant\appdata\roaming\microsoft\windows\cookies\grant@bs.serving-sys[3].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\grant\appdata\local\temp\low\cookies\grant@bs.serving-sys[1].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\users\grant\appdata\roaming\microsoft\windows\cookies\grant@advertising[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\users\grant\appdata\local\temp\low\cookies\grant@advertising[1].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No c:\users\grant\appdata\roaming\microsoft\windows\cookies\grant@statse.webtrendslive[2].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\users\grant\appdata\roaming\microsoft\windows\cookies\grant@ads.pointroll[1].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No c:\users\grant\appdata\local\temp\low\cookies\grant@realmedia[1].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No c:\users\grant\appdata\roaming\microsoft\windows\cookies\grant@realmedia[3].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No c:\users\grant\appdata\roaming\microsoft\windows\cookies\grant@realmedia[2].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No c:\users\grant\appdata\roaming\microsoft\windows\cookies\grant@realmedia[1].txt
03074964 Trj/CI.A Virus/Trojan No 0 Yes No c:\users\andrew\appdata\local\microsoft\windows\temporary internet files\content.ie5\sckizsz5\newsecureapp70700[1].exe
06320774 Adware/AntimalwareDoctor Adware No 0 Yes No c:\users\andrew\appdata\roaming\5ce2a6ba57ea9ef51ee22cca1d948ac3\enemies-names.txt
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
No c:\users\andrew\appdata\local\temp\roswexamcn.exe
No c:\windows\sonysys\google\editregistry.exe
No c:\windows\syswow64\wininit.exe
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
;===================================================================================================================================================================================

PeteC · 2010/08/20

I am attaching the mbam and panda logs.
Click to expand...

Why? They are not requested, see ....

Please read this as indicated at the head of the forum and post the logs requested in this thread.

living life · 2010/08/20

DDS scan

DDS (Ver_10-03-17.01) - NTFSX64
Run by Andrew at 11:49:12.76 on Fri 08/20/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3935.2176 [GMT -4:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
C:\Windows\system32\lsm.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\Apvfb.exe
C:\Program Files\Apoint\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Windows\system32\DRIVERS\xaudio64.exe
C:\Program Files (x86)\AVG\AVG9\avgemc.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Sony\VAIO Update 5\VUAgent.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Andrew\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.businessballs.com/salestraining.htm
mLocal Page = c:\windows\syswow64\blank.htm
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files (x86)\avg\avg9\toolbar\IEToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files (x86)\avg\avg9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~2\micros~2\office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files (x86)\avg\avg9\toolbar\IEToolbar.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~2\micros~2\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files (x86)\avg\avg9\toolbar\IEToolbar.dll
uRun: [AdobeBridge]
mRun: [ISBMgr.exe] "c:\program files (x86)\sony\isb utility\ISBMgr.exe "
mRun: [SmartWiHelper] "c:\program files (x86)\sony\smartwi connection utility\SmartWiHelper.exe" /WindowsStartup
mRun: [AdobeCS4ServiceManager] "c:\program files (x86)\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe "
mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe "
mRun: [SwitchBoard] c:\program files (x86)\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files (x86)\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [AVG9_TRAY] c:\progra~2\avg\avg9\avgtray.exe
mRun: [IJNetworkScanUtility] c:\program files (x86)\canon\canon ij network scan utility\CNMNSUT.EXE
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe "
mRun: [roswexamcn.exe] "c:\users\andrew\appdata\local\temp\roswexamcn.exe "
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files (x86)\mcafee security scan\2.0.181\SSScheduler.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~2\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\micros~2\office14\ONBttnIE.dll/105
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files (x86)\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files (x86)\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} - hxxp://esupport.sony.com/VaioInfo.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} - hxxp://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.1.66.0.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files (x86)\avg\avg9\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files (x86)\avg\avg9\avgpp.dll
Notify: VESWinlogon - VESWinlogon.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~2\micros~2\office14\GROOVEEX.DLL
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files (x86)\avg\avg9\avgssiea.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\program files (x86)\hotspot shield\hssie\HssIE_64.dll
mRun-x64: [Apoint] c:\program files\apoint\Apoint.exe
mRun-x64: [RtHDVCpl] c:\program files\realtek\audio\hda\RAVCpl64.exe
mRun-x64: [Skytel] c:\program files\realtek\audio\hda\Skytel.exe
mRun-x64: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun-x64: [Persistence] c:\windows\system32\igfxpers.exe
mRun-x64: [AdobeAAMUpdater-1.0] "c:\program files (x86)\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe "
mRun-x64: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun-x64: [CanonSolutionMenu] c:\program files (x86)\canon\solutionmenu\CNSLMAIN.exe /logon
mRun-x64: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
AppInit_DLLs-X64: avgrssta.dll
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\progra~1\micros~2\office14\GROOVEEX.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\andrew\appdata\roaming\mozilla\firefox\profiles\4ra4osnx.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.canadaslargestlender.com/|http://www.imambo.com/www/login.htm|http://dominionintranet.ca/
FF - component: c:\program files (x86)\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files (x86)\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files (x86)\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files (x86)\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files (x86)\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\progra~2\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~2\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files (x86)\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files (x86)\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files (x86)\microsoft\office live\npOLW.dll
FF - plugin: c:\program files (x86)\tabletplugins\npwacom.dll
FF - plugin: c:\program files (x86)\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\syswow64\macromed\flash\NPSWF32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: XULRunner: {982D8D41-48AD-4E16-90DF-32814F96EB9C} - c:\users\andrew\appdata\local\{982D8D41-48AD-4E16-90DF-32814F96EB9C}

---- FIREFOX POLICIES ----
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "ui.use_native_popup_windows ", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "browser.enable_click_image_resizing ", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "accessibility.browsewithcaret_shortcut.enabled ", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.high_water_mark ", 32);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.gc_frequency ", 1600);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.lu ", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.nu ", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.nz ", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbaam7a8h ", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--p1ai ", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbayh7gpa ", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "network.IDN.whitelist.tel ", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "network.proxy.type ", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "network.buffer.cache.count ", 24);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "network.buffer.cache.size ", 4096);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "dom.ipc.plugins.timeoutSecs ", 45);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "ui.trackpoint_hack.enabled ", -1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "browser.formfill.debug ", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "browser.formfill.agedWeight ", 2);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "browser.formfill.bucketSize ", 1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "browser.formfill.maxTimeGroupings ", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "browser.formfill.timeGroupingSize ", 604800);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "browser.formfill.boundaryWeight ", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "browser.formfill.prefixWeight ", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "accelerometer.enabled ", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref( "html5.enable ", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.download.backgroundInterval ", 600);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.url.manual ", "http://www.firefox.com ");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-ja ", "mozff ");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add ", "addons.mozilla.org ");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add.36 ", "getpersonas.com ");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "lightweightThemes.update.enabled ", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "browser.allTabs.previews ", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.hide_infobar_for_outdated_plugin ", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "toolbar.customization.usesheet ", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.nptest.dll ", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npswf32.dll ", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npctrl.dll ", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled.npqtplugin.dll ", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "dom.ipc.plugins.enabled ", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.enable ", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.max ", 20);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.cachetime ", 20);

============= SERVICES / DRIVERS ===============

R0 PxHlpa64;PxHlpa64;c:\windows\system32\drivers\PxHlpa64.sys [2009-12-26 55280]
R1 AvgLdx64;AVG Free AVI Loader Driver x64;c:\windows\system32\drivers\avgldx64.sys [2010-5-18 269904]
R1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;c:\windows\system32\drivers\avgmfx64.sys [2010-5-18 35536]
R1 AvgTdiA;AVG Free Network Redirector x64;c:\windows\system32\drivers\avgtdia.sys [2010-5-18 317520]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 59904]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files (x86)\avg\avg9\avgemc.exe [2010-7-15 921952]
R2 avg9wd;AVG Free WatchDog;c:\program files (x86)\avg\avg9\avgwdsvc.exe [2010-7-15 308136]
R2 RtkAudioService;Realtek Audio Service;c:\program files\realtek\audio\hda\RtkAudioService64.exe [2010-1-27 189984]
R2 uCamMonitor;CamMonitor;c:\program files (x86)\arcsoft\magic-i visual effects 2\uCamMonitor.exe [2009-12-26 104960]
R2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\common files\sony shared\vaio content folder watcher\VCFw.exe [2009-7-22 642920]
R2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe [2009-12-26 394536]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\drivers\ArcSoftKsUFilter.sys [2009-12-26 19968]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2010-1-27 139264]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2009-4-23 11392]
R3 VUAgent;VUAgent;c:\program files\sony\vaio update 5\VUAgent.exe [2010-2-1 1164656]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x64.sys [2009-6-10 389120]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate1ca864abed9ec02;Google Update Service (gupdate1ca864abed9ec02);c:\program files (x86)\google\update\GoogleUpdate.exe [2009-12-26 133104]
S2 KMService;KMService;c:\windows\system32\srvany.exe --> c:\windows\system32\srvany.exe [?]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\roxio\digital home 10\RoxioUpnpService10.exe [2009-6-26 362992]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files (x86)\avg\avg9\toolbar\ToolbarBroker.exe [2010-8-16 430152]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2009-4-23 36392]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\drivers\CAXHWAZL.sys [2009-4-23 300032]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam_x64.sys [2008-3-13 27136]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 51456888]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\drivers\MijXfilt.sys [2010-4-26 55296]
S3 ose64;Office 64 Source Engine;c:\program files\common files\microsoft shared\source engine\OSE.EXE [2010-1-9 174440]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\roxio\digital home 10\RoxioUPnPRenderer10.exe [2009-6-26 313840]
S3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\common files\sony shared\sohlib\SOHCImp.exe [2010-1-27 120104]
S3 SOHDBSvr;VAIO Media plus Database Manager;c:\program files (x86)\common files\sony shared\sohlib\SOHDBSvr.exe [2010-1-27 70952]
S3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\common files\sony shared\sohlib\SOHDms.exe [2010-1-27 427304]
S3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\common files\sony shared\sohlib\SOHDs.exe [2010-1-27 75048]
S3 SOHPlMgr;VAIO Media plus Playlist Manager;c:\program files (x86)\common files\sony shared\sohlib\SOHPlMgr.exe [2010-1-27 91432]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2010-4-19 50688]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper64.exe [2009-12-26 110376]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-2-24 1255736]

=============== Created Last 30 ================

2010-08-20 12:25:34 33800 ----a-w- c:\windows\system32\drivers\pavboot64.sys
2010-08-20 12:24:55 0 d-----w- c:\program files (x86)\Panda Security
2010-08-20 12:03:27 0 d-----w- c:\users\andrew\appdata\roaming\Malwarebytes
2010-08-20 12:03:21 0 d-----w- c:\programdata\Malwarebytes
2010-08-20 12:03:20 24664 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-20 12:03:20 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2010-08-20 03:19:14 0 d-----w- c:\users\andrew\appdata\roaming\5CE2A6BA57EA9EF51EE22CCA1D948AC3
2010-08-17 01:42:31 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2010-08-16 23:44:25 0 d-----w- c:\programdata\AVG Security Toolbar
2010-08-13 01:59:35 203944 ---ha-w- c:\windows\syswow64\mlfcache.dat
2010-08-12 22:44:03 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-08-12 22:44:03 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
2010-08-12 22:44:03 107368 ----a-w- c:\windows\syswow64\GEARAspi.dll
2010-08-12 22:41:53 0 d-----w- c:\program files\iPod
2010-08-12 22:41:52 0 d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2010-08-12 22:41:51 0 d-----w- c:\program files\iTunes
2010-08-12 22:41:51 0 d-----w- c:\program files (x86)\iTunes
2010-08-12 22:40:30 0 d-----w- c:\programdata\Apple Computer
2010-08-12 22:35:37 0 d-----w- c:\program files\Bonjour
2010-08-12 22:35:37 0 d-----w- c:\program files (x86)\Bonjour
2010-08-10 19:56:53 52224 ----a-w- c:\windows\system32\rtutils.dll
2010-08-10 19:56:52 37376 ----a-w- c:\windows\syswow64\rtutils.dll
2010-08-10 19:56:49 82944 ----a-w- c:\windows\syswow64\iccvid.dll
2010-08-10 19:56:42 3122688 ----a-w- c:\windows\system32\win32k.sys
2010-08-10 19:56:41 1877504 ----a-w- c:\windows\system32\msxml3.dll
2010-08-10 19:56:41 1233920 ----a-w- c:\windows\syswow64\msxml3.dll
2010-08-03 01:04:44 12867584 ----a-w- c:\windows\syswow64\shell32.dll

==================== Find3M ====================

2010-08-08 17:40:28 30 ----a-w- c:\program files (x86)\Exiferupdate.ini
2010-07-15 16:34:17 317520 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2010-07-15 16:34:16 13048 ----a-w- c:\windows\system32\avgrssta.dll
2010-07-15 16:33:33 269904 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2010-06-30 07:13:46 1192960 ----a-w- c:\windows\system32\wininet.dll
2010-06-30 06:25:31 978432 ----a-w- c:\windows\syswow64\wininet.dll
2010-06-30 06:25:18 1226240 ----a-w- c:\windows\syswow64\urlmon.dll
2010-06-30 06:22:45 606208 ----a-w- c:\windows\syswow64\mstime.dll
2010-06-30 06:22:34 5971456 ----a-w- c:\windows\syswow64\mshtml.dll
2010-06-30 06:22:33 64512 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2010-06-30 06:21:57 48128 ----a-w- c:\windows\syswow64\jsproxy.dll
2010-06-30 06:21:47 185856 ----a-w- c:\windows\syswow64\iepeers.dll
2010-06-30 06:21:47 176640 ----a-w- c:\windows\syswow64\ieui.dll
2010-06-30 06:21:46 10985472 ----a-w- c:\windows\syswow64\ieframe.dll
2010-06-30 06:21:44 381440 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-06-30 06:19:16 12800 ----a-w- c:\windows\syswow64\msfeedssync.exe
2010-06-22 03:21:15 463360 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-22 03:20:50 404992 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-06-22 03:20:34 162304 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-06-19 07:05:01 5507968 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-19 06:33:29 3955080 ----a-w- c:\windows\syswow64\ntkrnlpa.exe
2010-06-19 06:33:29 3899784 ----a-w- c:\windows\syswow64\ntoskrnl.exe
2010-06-16 06:11:10 340992 ----a-w- c:\windows\system32\schannel.dll
2010-06-16 05:48:35 224256 ----a-w- c:\windows\syswow64\schannel.dll
2010-05-28 01:05:22 0 ----a-w- c:\users\andrew\appdata\roaming\wklnhst.dat
2010-05-27 07:24:13 34304 ----a-w- c:\windows\syswow64\atmlib.dll
2010-05-27 06:34:09 46080 ----a-w- c:\windows\system32\atmlib.dll
2010-05-27 04:11:32 366080 ----a-w- c:\windows\system32\atmfd.dll
2010-05-27 03:49:37 293888 ----a-w- c:\windows\syswow64\atmfd.dll
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2010-02-11 00:52:48 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 11:50:05.05 ===============

living life · 2010/08/20

attach

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 1/27/2010 12:15:42 AM
System Uptime: 8/20/2010 8:14:32 AM (3 hours ago)

Motherboard: Sony Corporation | | VAIO
Processor: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz | N/A | 2000/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 288 GiB total, 179.589 GiB free.
D: is Removable
E: is Removable
F: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E97B-E325-11CE-BFC1-08002BE10318}
Description: AU5FDPIX IDE Controller
Device ID: ACPI\PNPA000\4&5D18F2DF&0
Manufacturer: (Standard mass storage controllers)
Name: AU5FDPIX IDE Controller
PNP Device ID: ACPI\PNPA000\4&5D18F2DF&0
Service: apf4jp29

==== System Restore Points ===================

RP160: 7/5/2010 8:22:17 PM - Scheduled Checkpoint
RP161: 7/13/2010 4:52:18 AM - Scheduled Checkpoint
RP162: 7/15/2010 7:10:49 AM - Windows Update
RP163: 7/15/2010 12:32:01 PM - Avg Update
RP164: 7/15/2010 12:34:22 PM - Avg Update
RP165: 7/21/2010 6:44:56 PM - Avg Update
RP166: 7/29/2010 12:34:13 AM - Scheduled Checkpoint
RP167: 8/3/2010 9:44:53 AM - Windows Update
RP168: 8/10/2010 6:36:34 PM - Windows Update
RP169: 8/12/2010 6:41:04 PM - Installed iTunes
RP170: 8/16/2010 6:16:33 PM - Avg Update

==== Installed Programs ======================

µTorrent
Acrobat.com
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Community Help
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Drive CS4
Adobe Dynamiclink Support
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash CS4 Professional
Adobe Flash CS4 STI-en
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Linguistics CS4
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Importer
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS5
Adobe Reader 9.3.3
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Shockwave Player 11.5
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Apple Application Support
Apple Software Update
ArcSoft Magic-i Visual Effects 2
ArcSoft WebCam Companion 2
ASIO4ALL
AVG Free 9.0
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon MP Navigator EX 2.1
Canon MX860 series User Registration
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
Click to Disc
Click to Disc Editor
Connect
Google Update Helper
Java(TM) 6 Update 17
Java(TM) SE Runtime Environment 6
Junk Mail filter update
kuler
Malwarebytes' Anti-Malware
McAfee Security Scan Plus
Microsoft Choice Guard
Microsoft Office Live Add-in 1.4
Microsoft Office Suite Activation Assistant
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
Microsoft XNA Framework Redistributable 3.0
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mozilla Firefox (3.6.8)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music Transfer
OpenAL
OpenMG Secure Module 5.3.00
Panda ActiveScan 2.0
PDF Settings CS4
PDF Settings CS5
Photoshop Camera Raw
Pixel Bender Toolkit
Primo
QuickTime
Realtek High Definition Audio Driver
Roxio Central Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio Easy Media Creator 10 LJ
Roxio Easy Media Creator Home
Runtime
Setting Utility Series
SmartWi Connection Utility
Sony Home Network Library
Sony Picture Utility
Splashtop
Suite Shared Configuration CS4
VAIO BD Menu Data
VAIO Content Metadata Intelligent Analyzing Manager
VAIO Content Metadata Manager Setting
VAIO Content Metadata XML Interface Library
VAIO Control Center
VAIO Data Restore Tool
VAIO DVD Menu Data Basic
VAIO Entertainment Platform
VAIO Event Service
VAIO Help and Support
VAIO Media plus
VAIO Media plus Opening Movie
VAIO Movie Story
VAIO Movie Story Template Data
VAIO MusicBox Sample Music
VAIO OOBE and Welcome Center
VAIO Original Function Settings
VAIO Survey
VAIO Update 5
VAIO Wallpaper Contents
Visual C++ 8.0 Runtime Setup Package (x64)
VLC media player 1.1.2
WebTablet IE Plugin
WebTablet Netscape Plugin
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
WinDVD for VAIO
WinRAR archiver

==== Event Viewer Messages From Past Week ========

8/20/2010 8:30:04 AM, Error: Service Control Manager [7000] - The RkPavproc1 service failed to start due to the following error: This driver has been blocked from loading
8/20/2010 8:30:04 AM, Error: Application Popup [1060] - \??\C:\Windows\SysWow64\drivers\RkPavproc1.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
8/20/2010 8:15:44 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Roxio Upnp Server 10 service to connect.
8/19/2010 11:04:52 PM, Error: Service Control Manager [7034] - The AVG Free E-mail Scanner service terminated unexpectedly. It has done this 1 time(s).

==== End Of File ===========================

PeteC · 2010/08/20

I see you have P2P software ( Azures, Limewire, BitTorrent, uTorrent etc…) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares and their infections.

References for the risk of these programs are here, and here.

I would strongly recommend that you uninstall them, and read the links above for educational value!

Note: Please be advised that continued use of these programs after being warned of the danger of infections from them, may result in the discontinued help of future cleaning of your system here at WindowsBBS Malware and Virus removal.

A Malware expert will have a look at your log in due course.

BTW - your Java is 4 versions behind the current version and insecure.

living life · 2010/08/20

I didn't know that they are on the computer. I spoke with my children (who told me that they loaded them about one month ago. I will remove them.

broni · 2010/08/20

Please, update Malwarebytes (MBAM), run another "Quick scan" and post its log.

=================================================================

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

==============================================================

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:

netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\system32\spool\prtprocs\w32x86\*.tmp
%systemroot%\*. /mp /s
/md5start
/md5stop
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

living life · 2010/08/22

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Sony Corporation
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: Sony Corporation
System Product Name: VGN-NW110D
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 194):
0x0304F000 \SystemRoot\system32\ntoskrnl.exe
0x03006000 \SystemRoot\system32\hal.dll
0x00BD2000 \SystemRoot\system32\kdcom.dll
0x00CE9000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00D2D000 \SystemRoot\system32\PSHED.dll
0x00D41000 \SystemRoot\system32\CLFS.SYS
0x00C00000 \SystemRoot\system32\CI.dll
0x00E18000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00EBC000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00ECB000 \SystemRoot\System32\Drivers\spqi.sys
0x00FF1000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x00D9F000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x01013000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x0106A000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x01074000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x01081000 \SystemRoot\system32\DRIVERS\pci.sys
0x010B4000 \SystemRoot\System32\drivers\partmgr.sys
0x010C9000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x010DE000 \SystemRoot\System32\drivers\volmgrx.sys
0x0113A000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x01143000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x0114F000 \SystemRoot\System32\drivers\mountmgr.sys
0x01169000 \SystemRoot\system32\drivers\pavboot64.sys
0x012EF000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x01200000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x0120B000 \SystemRoot\system32\drivers\fltmgr.sys
0x01257000 \SystemRoot\system32\drivers\fileinfo.sys
0x0126B000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x01440000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01277000 \SystemRoot\System32\Drivers\msrpc.sys
0x015E3000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01174000 \SystemRoot\System32\Drivers\cng.sys
0x01400000 \SystemRoot\System32\drivers\pcw.sys
0x01411000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x016EF000 \SystemRoot\system32\drivers\ndis.sys
0x01600000 \SystemRoot\system32\drivers\NETIO.SYS
0x01660000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01802000 \SystemRoot\System32\drivers\tcpip.sys
0x0168B000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01A75000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x01AC1000 \SystemRoot\System32\Drivers\spldr.sys
0x01AC9000 \SystemRoot\System32\drivers\rdyboost.sys
0x01B03000 \SystemRoot\System32\Drivers\mup.sys
0x01B15000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01B1E000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01B58000 \SystemRoot\system32\DRIVERS\disk.sys
0x01B6E000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x02F3B000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x02F65000 \SystemRoot\System32\Drivers\Null.SYS
0x02F6E000 \SystemRoot\System32\Drivers\Beep.SYS
0x02F75000 \SystemRoot\System32\drivers\vga.sys
0x02F83000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x02FA8000 \SystemRoot\System32\drivers\watchdog.sys
0x02FB8000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x02FC1000 \SystemRoot\system32\drivers\rdpencdd.sys
0x02FCA000 \SystemRoot\system32\drivers\rdprefmp.sys
0x02FD3000 \SystemRoot\System32\Drivers\Msfs.SYS
0x02FDE000 \SystemRoot\System32\Drivers\Npfs.SYS
0x01BAC000 \SystemRoot\system32\DRIVERS\tdx.sys
0x02FEF000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x01A00000 \SystemRoot\System32\Drivers\avgtdia.sys
0x03C50000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03C95000 \SystemRoot\system32\drivers\afd.sys
0x03D1F000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x03D28000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03D4E000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x03D64000 \SystemRoot\system32\DRIVERS\netbios.sys
0x03D73000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03D8E000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03DA2000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03DF3000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03C00000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x03C0B000 \SystemRoot\System32\drivers\discache.sys
0x03C1A000 \SystemRoot\System32\Drivers\dfsc.sys
0x03C38000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x02E00000 \SystemRoot\System32\Drivers\avgmfx64.sys
0x03EBA000 \SystemRoot\System32\Drivers\avgldx64.sys
0x03F01000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x04028000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x04A29000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04B1D000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04B63000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x04B70000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x04BC6000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x04BD7000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x04730000 \SystemRoot\system32\DRIVERS\yk62x64.sys
0x04C0B000 \SystemRoot\system32\DRIVERS\athrx.sys
0x04D88000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x04D95000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x04DD3000 \SystemRoot\system32\DRIVERS\risdsn64.sys
0x04A00000 \SystemRoot\system32\DRIVERS\rimssn64.sys
0x04793000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x04DEB000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x047B1000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0x047E7000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x04DFA000 \SystemRoot\system32\DRIVERS\SFEP.sys
0x04000000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x0400D000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x04C00000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x04A1E000 \SystemRoot\system32\DRIVERS\serscan.sys
0x04C05000 \SystemRoot\system32\drivers\ksthunk.sys
0x03F27000 \SystemRoot\system32\drivers\ks.sys
0x047F6000 \SystemRoot\system32\DRIVERS\ArcSoftKsUFilter.sys
0x03F6A000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x03F7A000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x03F90000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x03FB4000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x03FC0000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x03E00000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x03E1B000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x03E3C000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x04DFD000 \SystemRoot\system32\DRIVERS\swenum.sys
0x03E56000 \SystemRoot\system32\DRIVERS\umbus.sys
0x0503B000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x05095000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x05A1C000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x050AA000 \SystemRoot\system32\drivers\portcls.sys
0x05BD8000 \SystemRoot\system32\drivers\drmk.sys
0x050E7000 \SystemRoot\system32\drivers\IntcHdmi.sys
0x0510E000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x05BFA000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x0512B000 \SystemRoot\System32\Drivers\usbvideo.sys
0x05A00000 \SystemRoot\System32\Drivers\crashdmp.sys
0x02E08000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x05159000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x00080000 \SystemRoot\System32\win32k.sys
0x05A0E000 \SystemRoot\System32\drivers\Dxapi.sys
0x05187000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00430000 \SystemRoot\System32\TSDDD.dll
0x00760000 \SystemRoot\System32\cdd.dll
0x00970000 \SystemRoot\System32\ATMFD.DLL
0x05195000 \SystemRoot\system32\drivers\luafv.sys
0x051B8000 \SystemRoot\system32\drivers\WudfPf.sys
0x051D9000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x02814000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x02867000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x0287A000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x02892000 \SystemRoot\system32\drivers\HTTP.sys
0x0295A000 \SystemRoot\system32\DRIVERS\bowser.sys
0x02978000 \SystemRoot\System32\drivers\mpsdrv.sys
0x02990000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x03E68000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x029BD000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x029E0000 \SystemRoot\System32\Drivers\adfs.SYS
0x029F8000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x06ABD000 \SystemRoot\system32\drivers\peauth.sys
0x06B63000 \SystemRoot\System32\Drivers\secdrv.SYS
0x06B6E000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x06B9B000 \SystemRoot\System32\drivers\tcpipreg.sys
0x06BAD000 \SystemRoot\system32\DRIVERS\xaudio64.sys
0x06A00000 \SystemRoot\System32\DRIVERS\srv2.sys
0x07A2F000 \SystemRoot\System32\DRIVERS\srv.sys
0x07AC5000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x07B67000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x778A0000 \Windows\System32\ntdll.dll
0x48150000 \Windows\System32\smss.exe
0xFFBC0000 \Windows\System32\apisetschema.dll
0xFFFC0000 \Windows\System32\autochk.exe
0x77780000 \Windows\System32\kernel32.dll
0xFFAA0000 \Windows\System32\msctf.dll
0xFFA50000 \Windows\System32\Wldap32.dll
0xFFA40000 \Windows\System32\lpk.dll
0xFF910000 \Windows\System32\rpcrt4.dll
0xFF6B0000 \Windows\System32\iertutil.dll
0x77A70000 \Windows\System32\psapi.dll
0xFF610000 \Windows\System32\msvcrt.dll
0xFF4E0000 \Windows\System32\wininet.dll
0xFF2D0000 \Windows\System32\ole32.dll
0xFF0F0000 \Windows\System32\setupapi.dll
0xFF010000 \Windows\System32\oleaut32.dll
0xFEFA0000 \Windows\System32\gdi32.dll
0xFE210000 \Windows\System32\shell32.dll
0x77A60000 \Windows\System32\normaliz.dll
0xFE170000 \Windows\System32\comdlg32.dll
0x77680000 \Windows\System32\user32.dll
0xFE120000 \Windows\System32\ws2_32.dll
0xFE110000 \Windows\System32\nsi.dll
0xFE0F0000 \Windows\System32\sechost.dll
0xFE070000 \Windows\System32\difxapi.dll
0xFE050000 \Windows\System32\imagehlp.dll
0xFDED0000 \Windows\System32\urlmon.dll
0xFDE50000 \Windows\System32\shlwapi.dll
0xFDD80000 \Windows\System32\usp10.dll
0xFDCE0000 \Windows\System32\clbcatq.dll
0xFDC00000 \Windows\System32\advapi32.dll
0xFDBD0000 \Windows\System32\imm32.dll
0xFDBB0000 \Windows\System32\devobj.dll
0xFDB70000 \Windows\System32\cfgmgr32.dll
0xFDAD0000 \Windows\System32\comctl32.dll
0xFDA60000 \Windows\System32\KernelBase.dll
0xFDA20000 \Windows\System32\wintrust.dll
0xFD8B0000 \Windows\System32\crypt32.dll
0xFD8A0000 \Windows\System32\msasn1.dll
0x76380000 \Windows\SysWOW64\normaliz.dll

Processes (total 85):
0 System Idle Process
4 System
312 C:\Windows\System32\smss.exe
492 csrss.exe
552 csrss.exe
560 C:\Windows\System32\wininit.exe
580 C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
588 C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
624 C:\Windows\System32\winlogon.exe
712 C:\Windows\System32\services.exe
724 C:\Windows\System32\lsass.exe
732 C:\Windows\System32\lsm.exe
748 C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
848 C:\Windows\System32\svchost.exe
928 C:\Windows\System32\svchost.exe
112 C:\Windows\System32\svchost.exe
480 C:\Windows\System32\svchost.exe
512 C:\Windows\System32\svchost.exe
1244 C:\Windows\System32\svchost.exe
1296 C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
1372 C:\Windows\System32\svchost.exe
1528 C:\Windows\System32\spoolsv.exe
1564 C:\Windows\System32\svchost.exe
1680 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1812 C:\Windows\System32\taskhost.exe
1892 C:\Windows\System32\dwm.exe
1960 C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
1284 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
1668 C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
1744 C:\Windows\System32\svchost.exe
2132 C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
2276 C:\Windows\System32\svchost.exe
2352 C:\Windows\System32\taskeng.exe
2408 C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
2628 C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
2664 C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
2704 C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
2716 C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
2764 C:\Program Files\Apoint\Apoint.exe
2848 dllhost.exe
2892 C:\Program Files\Apoint\ApMsgFwd.exe
2992 C:\Program Files\Apoint\Apvfb.exe
3008 C:\Windows\System32\hkcmd.exe
3016 C:\Program Files\Apoint\ApntEx.exe
3052 C:\Windows\System32\igfxsrvc.exe
2212 C:\Windows\System32\conhost.exe
2224 C:\Windows\System32\igfxpers.exe
2472 C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
2904 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2984 C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
3380 C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
3544 C:\Windows\System32\drivers\XAudio64.exe
3568 C:\Program Files (x86)\AVG\AVG9\avgemc.exe
3592 C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
3700 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
3768 C:\Program Files (x86)\AVG\AVG9\avgtray.exe
3776 C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe
3788 C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
3804 C:\Program Files (x86)\iTunes\iTunesHelper.exe
3984 C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
4056 C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
3440 C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
3800 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
3280 C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe
2560 C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
4548 C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
4556 C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe
4648 C:\Windows\System32\SearchIndexer.exe
5016 C:\Windows\System32\svchost.exe
4416 WUDFHost.exe
5012 C:\Program Files\iPod\bin\iPodService.exe
2380 C:\Program Files\Windows Media Player\wmpnetwk.exe
3060 taskhost.exe
3740 C:\Windows\explorer.exe
5508 C:\Windows\SysWOW64\svchost.exe
5928 C:\Program Files (x86)\Internet Explorer\iexplore.exe
3336 C:\Program Files (x86)\Internet Explorer\iexplore.exe
7352 C:\Windows\System32\svchost.exe
5208 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
6600 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
6724 C:\Windows\System32\audiodg.exe
3520 C:\Windows\System32\SearchProtocolHost.exe
7952 C:\Windows\System32\SearchFilterHost.exe
5556 C:\Users\Andrew\Downloads\MBRCheck.exe
3940 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`73800000 (NTFS)

PhysicalDrive0 Model Number: WDCWD3200BEVS-26VAT0, Rev: 11.01A11

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79

Done!

living life · 2010/08/22

OTL part one

OTL logfile created on: 8/22/2010 11:05:50 AM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\Andrew\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 60.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 288.29 Gb Total Space | 179.65 Gb Free Space | 62.32% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ANDREW-PC
Current User Name: Andrew
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/22 11:03:40 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Andrew\Downloads\OTL.exe
PRC - [2010/08/22 11:02:12 | 000,080,384 | ---- | M] () -- C:\Users\Andrew\Downloads\MBRCheck.exe
PRC - [2010/07/24 16:50:48 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
PRC - [2010/07/24 16:50:46 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/07/21 18:44:08 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe
PRC - [2010/07/15 12:34:19 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgtray.exe
PRC - [2010/07/15 12:34:07 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/15 12:33:33 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/01/15 08:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/08/26 18:11:50 | 000,173,368 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe
PRC - [2009/08/26 18:11:50 | 000,033,792 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe
PRC - [2009/08/26 18:11:50 | 000,017,408 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe
PRC - [2009/08/26 18:11:48 | 000,017,920 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
PRC - [2009/07/23 11:39:38 | 000,313,264 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2009/07/23 11:39:36 | 000,206,336 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2009/07/22 16:03:04 | 000,642,920 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
PRC - [2009/07/14 12:15:12 | 000,204,648 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
PRC - [2009/07/14 12:15:12 | 000,112,488 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2009/05/26 10:23:14 | 000,317,288 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
PRC - [2009/01/19 20:43:04 | 000,394,536 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
PRC - [2008/09/18 14:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
PRC - [2007/05/21 04:37:00 | 000,124,512 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
PRC - [2007/01/04 23:48:50 | 000,112,152 | ---- | M] (InterVideo) -- c:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe

========== Modules (SafeList) ==========

MOD - [2010/08/22 11:03:40 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Andrew\Downloads\OTL.exe
MOD - [2009/07/13 21:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/13 21:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Stopped] -- C:\Windows\SysNative\srvany.exe -- (KMService)
SRV:64bit: - [2010/03/25 10:41:00 | 051,456,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV:64bit: - [2010/01/09 20:20:56 | 000,174,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose64)
SRV:64bit: - [2009/12/09 17:31:06 | 001,164,656 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Update 5\VUAgent.exe -- (VUAgent)
SRV:64bit: - [2009/09/03 17:15:38 | 000,189,984 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe -- (RtkAudioService)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/03/30 18:19:56 | 002,297,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV:64bit: - [2009/03/02 03:14:36 | 000,844,328 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/01/19 20:43:04 | 000,394,536 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV:64bit: - [2009/01/17 01:59:12 | 000,110,376 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
SRV:64bit: - [2008/04/27 20:00:38 | 000,410,624 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.exe -- (XAudioService)
SRV - [2010/08/21 20:34:12 | 002,854,488 | ---- | M] () [Auto | Running] -- C:/Program Files (x86)/Common Files/Akamai/rswin_3745.dll -- (Akamai)
SRV - [2010/07/21 18:44:08 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/07/15 12:34:07 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/04/19 10:25:38 | 000,430,152 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\AVG\AVG9\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/02/23 10:41:21 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/07/23 11:39:38 | 000,313,264 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2009/07/23 11:39:38 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2009/07/23 11:39:36 | 000,206,336 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2009/07/22 16:03:04 | 000,642,920 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2009/07/17 12:31:28 | 000,427,304 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)
SRV - [2009/07/17 12:31:28 | 000,091,432 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe -- (SOHPlMgr)
SRV - [2009/07/17 12:31:28 | 000,075,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2009/07/17 12:31:26 | 000,120,104 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2009/07/17 12:31:26 | 000,070,952 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe -- (SOHDBSvr)
SRV - [2009/07/16 17:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/07/14 12:15:12 | 000,204,648 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2009/06/26 12:25:36 | 000,362,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10)
SRV - [2009/06/26 12:25:24 | 000,313,840 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10)
SRV - [2009/01/08 04:10:32 | 000,114,688 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2008/09/18 14:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2007/01/04 23:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- c:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2003/04/18 19:06:26 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)

========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\MijUfilt.sys -- (MotioninJoyUSBFilter)
DRV:64bit: - [2010/07/15 12:34:17 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (AvgTdiA)
DRV:64bit: - [2010/07/15 12:33:33 | 000,269,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (AvgLdx64)
DRV:64bit: - [2010/06/02 23:18:13 | 000,035,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (AvgMfx64)
DRV:64bit: - [2010/04/19 20:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/04/19 16:54:27 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/03/18 19:00:50 | 000,055,296 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV:64bit: - [2010/03/05 17:31:42 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2010/02/01 19:26:53 | 007,370,176 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/11/24 15:29:16 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/10/05 17:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/09/01 11:50:22 | 000,139,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV:64bit: - [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/13 20:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/06/30 09:37:16 | 000,033,800 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pavboot64.sys -- (pavboot)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/20 04:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/13 16:16:44 | 000,204,848 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009/04/10 16:03:29 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/04/10 16:03:27 | 000,134,184 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/04/10 16:03:27 | 000,096,296 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/04/10 16:02:52 | 000,036,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009/02/23 16:07:49 | 000,190,496 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/01/09 15:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2008/11/18 20:08:46 | 000,011,392 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV:64bit: - [2008/10/22 20:02:17 | 000,085,504 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rimssn64.sys -- (rimsptsk)
DRV:64bit: - [2008/10/22 20:02:08 | 000,076,288 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsn64.sys -- (risdptsk)
DRV:64bit: - [2008/05/28 06:23:40 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2008/04/29 20:03:13 | 000,388,120 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2008/04/27 20:00:38 | 000,009,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2008/04/27 20:00:35 | 001,511,936 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2008/04/27 20:00:35 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV:64bit: - [2008/04/27 20:00:33 | 000,731,648 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2008/04/27 20:00:33 | 000,300,032 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2008/04/24 18:06:42 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV:64bit: - [2008/03/13 03:46:00 | 000,027,136 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ManyCam_x64.sys -- (ManyCam)
DRV:64bit: - [2007/05/14 16:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV - [2008/08/14 08:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.businessballs.com/salestraining.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/iat/us_ca.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 18 38 C8 07 EF 01 CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.canadaslargestlender.com/|http://www.imambo.com/www/login.htm|http://dominionintranet.ca/ "
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.845
FF - prefs.js..extensions.enabledItems: {982D8D41-48AD-4E16-90DF-32814F96EB9C}:1.9.1
FF - prefs.js..extensions.enabledItems: avg@igeared:4.504.019.002

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG9\Firefox [2010/07/21 18:47:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{982D8D41-48AD-4E16-90DF-32814F96EB9C}: C:\Users\Andrew\AppData\Local\{982D8D41-48AD-4E16-90DF-32814F96EB9C} [2010/07/08 16:35:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files (x86)\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/08/16 19:44:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/08/12 18:40:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/08/12 18:40:42 | 000,000,000 | ---D | M]

[2010/05/17 22:46:16 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Mozilla\Extensions
[2010/08/22 10:06:44 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\4ra4osnx.default\extensions
[2010/05/18 07:46:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\4ra4osnx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/26 17:18:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/04/30 14:56:09 | 000,001,798 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 adobe.activate.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 125.252.224.90
O1 - Hosts: 127.0.0.1 125.252.224.91
O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\hssie\HssIE_64.dll File not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [roswexamcn.exe] C:\Users\Andrew\AppData\Local\Temp\roswexamcn.exe File not found
O4 - HKLM..\Run: [SmartWiHelper] C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe (Sony Electronics Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AdobeBridge] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} http://esupport.sony.com/VaioInfo.CAB (VaioInfo.CMClass)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} http://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.1.66.0.cab (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{94889c82-8eeb-11df-8c7c-001dbaf4400b}\Shell - " " = AutoRun
O33 - MountPoints2\{94889c82-8eeb-11df-8c7c-001dbaf4400b}\Shell\AutoRun\command - " " = G:\launcher.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

Drivers32:64bit: aux - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midimapper - midimap.dll (Microsoft Corporation)
Drivers32:64bit: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32:64bit: MSVideo8 - VfWWDM32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.i420 - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.IYUV - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.UYVY - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YUY2 - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YVU9 - tsbyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YVYU - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: wave - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wavemapper - msacm32.drv (Microsoft Corporation)
Drivers32: aux - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\SysWow64\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\Windows\SysWow64\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\SysWow64\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\SysWow64\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\SysWow64\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\Windows\SysWow64\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.vorbis - C:\Windows\SysWow64\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.dvsd - C:\Program Files (x86)\Common Files\Sony Shared\VideoLib\sonydv.dll (Sony Corporation)
Drivers32: vidc.i420 - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.iyuv - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\SysWow64\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\SysWow64\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\Windows\SysWow64\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\SysWow64\msacm32.drv (Microsoft Corporation)

living life · 2010/08/22

OTL part two

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010/08/21 20:34:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Akamai
[2010/08/20 08:25:34 | 000,033,800 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysNative\drivers\pavboot64.sys
[2010/08/20 08:24:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda Security
[2010/08/20 08:03:27 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Roaming\Malwarebytes
[2010/08/20 08:03:21 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/08/20 08:03:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/08/20 08:03:20 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/08/20 08:03:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/08/19 23:19:20 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\Windows Server
[2010/08/19 23:19:14 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Roaming\5CE2A6BA57EA9EF51EE22CCA1D948AC3
[2010/08/16 20:05:04 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\AVG Security Toolbar
[2010/08/16 19:44:25 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar
[2010/08/14 06:15:10 | 000,000,000 | ---D | C] -- C:\Users\Andrew\Documents\morgan jump drive
[2010/08/12 18:44:12 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Roaming\Apple Computer
[2010/08/12 18:44:12 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\Apple Computer
[2010/08/12 18:41:53 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/08/12 18:41:52 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2010/08/12 18:41:51 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/08/12 18:41:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010/08/12 18:40:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010/08/12 18:40:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010/08/12 18:39:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2010/08/12 18:35:37 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/08/12 18:35:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010/08/05 01:14:11 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Roaming\vlc
[2010/07/18 16:24:15 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\crdlfwluw
[2010/07/15 12:34:16 | 000,013,048 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\avgrssta.dll
[2010/07/15 12:33:35 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\avg
[2010/07/12 23:34:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
[2010/07/12 22:56:08 | 000,000,000 | ---D | C] -- C:\Users\Andrew\Documents\My Received Files
[2010/07/08 16:35:00 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\{982D8D41-48AD-4E16-90DF-32814F96EB9C}
[2010/06/29 21:50:30 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2010/06/28 00:53:37 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/06/27 11:39:07 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2010/06/27 11:39:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan
[2010/06/21 17:35:34 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Roaming\Download Manager
[2010/06/20 22:42:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2010/06/20 22:42:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/06/20 22:41:42 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/06/20 22:41:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2010/06/20 22:41:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2010/06/20 22:41:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2010/06/20 22:36:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2010/06/20 22:35:32 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2010/06/20 22:35:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2010/06/20 21:04:46 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/06/20 14:32:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2010/06/20 14:20:19 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Roaming\DAEMON Tools Lite
[2010/06/19 23:20:11 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2010/06/13 22:24:58 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\Apple
[2010/06/04 22:48:27 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJEGV
[2010/06/03 07:47:01 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\ElevatedDiagnostics
[2010/05/30 22:14:39 | 000,000,000 | ---D | C] -- C:\Users\Andrew\Documents\kristina noah
[2010/05/30 21:32:37 | 000,000,000 | R--D | C] -- C:\Users\Andrew\Documents\Pictures
[2010/05/30 21:29:56 | 000,000,000 | R--D | C] -- C:\Users\Andrew\Documents\Videos
[2010/05/30 21:21:52 | 000,000,000 | ---D | C] -- C:\Users\Andrew\Documents\iTunes
[2010/05/28 06:52:34 | 000,000,000 | ---D | C] -- C:\Users\Andrew\Documents\Outlook Files
[2010/05/28 01:24:44 | 000,000,000 | ---D | C] -- C:\Users\Andrew\Documents\Grant
[2010/05/28 01:24:36 | 000,000,000 | ---D | C] -- C:\Users\Andrew\Documents\Dominion lending
[2010/05/28 01:24:32 | 000,000,000 | ---D | C] -- C:\Users\Andrew\Documents\Dominion Leasing
[2010/05/28 01:24:31 | 000,000,000 | ---D | C] -- C:\Users\Andrew\Documents\Canadian Micro Distillery
[2010/05/28 01:24:29 | 000,000,000 | ---D | C] -- C:\Users\Andrew\Documents\andrew career
[2010/05/28 01:24:27 | 000,000,000 | ---D | C] -- C:\Users\Andrew\Documents\TDMP
[2010/05/28 01:24:27 | 000,000,000 | ---D | C] -- C:\Users\Andrew\Documents\My eBooks
[2010/05/28 01:24:27 | 000,000,000 | ---D | C] -- C:\Users\Andrew\Documents\Morgan
[2010/05/28 01:24:26 | 000,000,000 | ---D | C] -- C:\Users\Andrew\Documents\Kristina
[2010/05/27 21:05:28 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Roaming\Template
[2010/05/26 22:29:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\CANON
[2010/05/26 22:27:45 | 000,000,000 | ---D | C] -- C:\Program Files\Canon
[2010/05/26 22:26:08 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2010/05/26 22:25:58 | 000,000,000 | -H-D | C] -- C:\Windows\SysNative\CanonIJ Uninstaller Information
[2010/05/26 22:24:45 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
[2010/05/26 22:23:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canon
[2010/05/25 07:37:46 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Roaming\WinRAR

========== Files - Modified Within 90 Days ==========

[2010/08/22 11:11:21 | 003,670,016 | -HS- | M] () -- C:\Users\Andrew\ntuser.dat
[2010/08/22 10:56:38 | 000,000,000 | ---- | M] () -- C:\Users\Andrew\AppData\Local\prvlcl.dat
[2010/08/22 10:35:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/22 09:59:44 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/22 09:57:57 | 063,714,321 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/08/22 09:52:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/21 20:33:54 | 000,337,480 | ---- | M] () -- C:\Users\Andrew\Desktop\AkamaiDownloadManagerInstaller.exe
[2010/08/21 13:51:09 | 000,011,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/21 13:51:09 | 000,011,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/21 13:43:10 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/21 13:42:22 | 3094,622,208 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/21 13:41:16 | 003,638,513 | -H-- | M] () -- C:\Users\Andrew\AppData\Local\IconCache.db
[2010/08/21 12:24:59 | 000,730,320 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/08/21 12:24:59 | 000,627,082 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/08/21 12:24:59 | 000,107,366 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/08/20 08:03:24 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/17 14:24:09 | 000,024,143 | ---- | M] () -- C:\Users\Andrew\Desktop\Grade Report.docx
[2010/08/16 21:42:31 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010/08/16 13:34:37 | 000,027,067 | ---- | M] () -- C:\Users\Andrew\Desktop\Assessment 9.docx
[2010/08/16 13:34:37 | 000,000,162 | -H-- | M] () -- C:\Users\Andrew\Desktop\~$sessment 9.docx
[2010/08/16 12:35:50 | 000,025,771 | ---- | M] () -- C:\Users\Andrew\Desktop\Assessment 8.docx
[2010/08/16 11:08:48 | 000,023,198 | ---- | M] () -- C:\Users\Andrew\Desktop\Assessment 7.docx
[2010/08/15 23:14:35 | 000,023,332 | ---- | M] () -- C:\Users\Andrew\Desktop\Assessment 2.docx
[2010/08/15 21:14:51 | 000,025,435 | ---- | M] () -- C:\Users\Andrew\Desktop\Assessment unit 1.docx
[2010/08/15 20:41:05 | 000,058,565 | ---- | M] () -- C:\Users\Andrew\Desktop\kyc-checklist-ifse.pdf
[2010/08/15 20:29:44 | 000,084,560 | ---- | M] () -- C:\Users\Andrew\Desktop\MF_U1L2_MFDA_KYC_Info.pdf
[2010/08/15 17:26:47 | 000,123,888 | ---- | M] () -- C:\Users\Andrew\Desktop\CIFCFormulaSheet.pdf
[2010/08/14 09:05:25 | 000,014,735 | ---- | M] () -- C:\Users\Andrew\Desktop\plug in codes.docx
[2010/08/13 18:31:13 | 000,014,361 | ---- | M] () -- C:\Users\Andrew\Documents\Ruffle butts.docx
[2010/08/13 15:08:49 | 000,035,027 | ---- | M] () -- C:\Users\Andrew\Desktop\Thank you for placing your order at RalphLauren.docx
[2010/08/12 21:59:35 | 000,203,944 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat
[2010/08/11 23:21:37 | 000,020,892 | ---- | M] () -- C:\Users\Andrew\Desktop\MATH10037 Assignment 2.docx
[2010/08/11 23:15:26 | 000,009,571 | ---- | M] () -- C:\Users\Andrew\Desktop\Question 7.xlsx
[2010/08/10 20:03:16 | 005,017,064 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/08/09 15:31:00 | 000,075,324 | ---- | M] () -- C:\Users\Andrew\Desktop\Final Assessment.docx
[2010/08/09 01:52:21 | 000,079,647 | ---- | M] () -- C:\Users\Andrew\Desktop\CIFC Assessment pre test.docx
[2010/08/08 19:16:45 | 000,017,246 | ---- | M] () -- C:\Users\Andrew\Desktop\blackberry_8330_sm.gif
[2010/08/08 19:15:43 | 000,086,095 | ---- | M] () -- C:\Users\Andrew\Desktop\blackberrycurve8330-mainmenu.jpg
[2010/08/08 19:15:00 | 000,054,375 | ---- | M] () -- C:\Users\Andrew\Desktop\blackberry-curve-8330-review-2.jpg
[2010/08/08 19:11:45 | 000,008,285 | ---- | M] () -- C:\Users\Andrew\Desktop\BB Storm 2.jpg
[2010/08/08 19:11:06 | 000,008,610 | ---- | M] () -- C:\Users\Andrew\Desktop\storm.jpg
[2010/08/08 16:17:40 | 000,037,804 | ---- | M] () -- C:\Users\Andrew\Desktop\Benchmarks Roof Painting & Repair.pdf
[2010/08/08 13:40:28 | 000,000,030 | ---- | M] () -- C:\Program Files (x86)\Exiferupdate.ini
[2010/08/07 07:16:13 | 000,090,601 | ---- | M] () -- C:\Users\Andrew\Desktop\blackberry-storm2.jpg
[2010/08/03 22:12:26 | 000,020,945 | ---- | M] () -- C:\Users\Andrew\Desktop\UNIT 1.docx
[2010/07/30 01:19:05 | 000,027,162 | ---- | M] () -- C:\Users\Andrew\Documents\One Healthy Scalp Manipulation Technique.docx
[2010/07/19 16:26:30 | 000,000,120 | ---- | M] () -- C:\Users\Andrew\AppData\Local\Rqegoka.dat
[2010/07/19 14:26:02 | 000,000,000 | ---- | M] () -- C:\Users\Andrew\AppData\Local\Syoru.bin
[2010/07/15 12:34:17 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
[2010/07/15 12:34:16 | 000,013,048 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\avgrssta.dll
[2010/07/15 12:33:33 | 000,269,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[2010/07/02 16:53:23 | 005,257,278 | ---- | M] () -- C:\Users\Andrew\Desktop\Jacobsen maintenance manual.pdf
[2010/07/02 16:52:59 | 015,033,860 | ---- | M] () -- C:\Users\Andrew\Desktop\Jacobsen schematic 2.pdf
[2010/07/02 16:52:37 | 001,113,920 | ---- | M] () -- C:\Users\Andrew\Desktop\Jacobsen schematic 1.pdf
[2010/07/02 16:52:14 | 021,361,500 | ---- | M] () -- C:\Users\Andrew\Desktop\Jacobsen service manual.pdf
[2010/07/01 12:20:00 | 000,460,025 | ---- | M] () -- C:\Users\Andrew\Desktop\IMG00114.jpg
[2010/07/01 00:44:42 | 000,004,986 | ---- | M] () -- C:\Users\Andrew\Desktop\Morgan and Grant.jpg
[2010/06/28 21:30:51 | 000,001,864 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010/06/27 11:32:25 | 000,594,944 | ---- | M] () -- C:\Users\Andrew\Desktop\May 6, 2010.jpg
[2010/06/25 06:38:56 | 004,848,931 | ---- | M] () -- C:\Users\Andrew\Desktop\C230 Owners Manual.pdf
[2010/06/22 22:46:00 | 013,579,601 | ---- | M] () -- C:\Users\Andrew\Desktop\Math Assignment 2 and final review with modules as well.pdf
[2010/06/21 16:33:12 | 000,000,162 | -H-- | M] () -- C:\Users\Andrew\Desktop\~$st Volume relationships.doc
[2010/06/21 08:00:48 | 000,121,448 | ---- | M] () -- C:\Users\Andrew\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/06/20 22:50:46 | 000,001,101 | ---- | M] () -- C:\Users\Andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2010/06/20 22:36:03 | 000,000,219 | ---- | M] () -- C:\Windows\win.ini
[2010/06/20 21:57:06 | 000,524,288 | -HS- | M] () -- C:\Users\Andrew\ntuser.dat{8d2400da-7cd1-11df-a2cc-001dbaf4400b}.TMContainer00000000000000000002.regtrans-ms
[2010/06/20 21:57:06 | 000,524,288 | -HS- | M] () -- C:\Users\Andrew\ntuser.dat{8d2400da-7cd1-11df-a2cc-001dbaf4400b}.TMContainer00000000000000000001.regtrans-ms
[2010/06/20 21:57:06 | 000,065,536 | -HS- | M] () -- C:\Users\Andrew\ntuser.dat{8d2400da-7cd1-11df-a2cc-001dbaf4400b}.TM.blf
[2010/06/15 06:07:38 | 000,026,337 | ---- | M] () -- C:\Users\Andrew\Desktop\Math Assignment 1.docx
[2010/06/12 23:40:16 | 000,118,399 | ---- | M] () -- C:\Users\Andrew\Desktop\sheridan financial_planning.pdf
[2010/06/12 23:01:51 | 000,177,066 | ---- | M] () -- C:\Users\Andrew\Desktop\Noah June 11, 2010.jpg
[2010/06/05 02:00:04 | 000,114,688 | ---- | M] () -- C:\Users\Andrew\Desktop\Thank you card.pub
[2010/06/02 23:18:13 | 000,035,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys
[2010/05/31 19:58:50 | 000,014,902 | ---- | M] () -- C:\Users\Andrew\Desktop\IFSE book.docx
[2010/05/31 12:22:25 | 008,320,787 | R--- | M] () -- C:\Users\Andrew\Desktop\noah park newest May 16, 2010.jpg
[2010/05/31 12:19:06 | 005,974,887 | R--- | M] () -- C:\Users\Andrew\Desktop\May 23 2010.jpg
[2010/05/27 21:05:22 | 000,000,000 | ---- | M] () -- C:\Users\Andrew\AppData\Roaming\wklnhst.dat
[2010/05/25 23:16:02 | 001,352,503 | ---- | M] () -- C:\Users\Andrew\Desktop\CH 2R - Financial Statements and Plans.pptx
[2010/05/25 23:15:20 | 000,249,868 | ---- | M] () -- C:\Users\Andrew\Desktop\CH 2 worksheets.docx
[2010/05/25 21:47:04 | 000,083,414 | ---- | M] () -- C:\Users\Andrew\Signature.jpg
[2010/05/25 21:18:48 | 000,020,658 | ---- | M] () -- C:\Users\Andrew\Desktop\Net Worth Statement.xlsx

========== Files Created - No Company Name ==========

[2010/08/21 20:33:54 | 000,337,480 | ---- | C] () -- C:\Users\Andrew\Desktop\AkamaiDownloadManagerInstaller.exe
[2010/08/20 08:03:24 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/17 14:24:08 | 000,024,143 | ---- | C] () -- C:\Users\Andrew\Desktop\Grade Report.docx
[2010/08/16 21:42:31 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010/08/16 13:34:37 | 000,027,067 | ---- | C] () -- C:\Users\Andrew\Desktop\Assessment 9.docx
[2010/08/16 13:34:37 | 000,000,162 | -H-- | C] () -- C:\Users\Andrew\Desktop\~$sessment 9.docx
[2010/08/16 12:35:49 | 000,025,771 | ---- | C] () -- C:\Users\Andrew\Desktop\Assessment 8.docx
[2010/08/16 11:08:47 | 000,023,198 | ---- | C] () -- C:\Users\Andrew\Desktop\Assessment 7.docx
[2010/08/15 23:14:35 | 000,023,332 | ---- | C] () -- C:\Users\Andrew\Desktop\Assessment 2.docx
[2010/08/15 21:14:50 | 000,025,435 | ---- | C] () -- C:\Users\Andrew\Desktop\Assessment unit 1.docx
[2010/08/15 20:41:05 | 000,058,565 | ---- | C] () -- C:\Users\Andrew\Desktop\kyc-checklist-ifse.pdf
[2010/08/15 20:29:44 | 000,084,560 | ---- | C] () -- C:\Users\Andrew\Desktop\MF_U1L2_MFDA_KYC_Info.pdf
[2010/08/15 17:26:47 | 000,123,888 | ---- | C] () -- C:\Users\Andrew\Desktop\CIFCFormulaSheet.pdf
[2010/08/14 09:05:25 | 000,014,735 | ---- | C] () -- C:\Users\Andrew\Desktop\plug in codes.docx
[2010/08/14 06:04:17 | 005,702,876 | ---- | C] () -- C:\Users\Andrew\Desktop\_MG_2480.JPG
[2010/08/13 18:31:12 | 000,014,361 | ---- | C] () -- C:\Users\Andrew\Documents\Ruffle butts.docx
[2010/08/13 15:08:48 | 000,035,027 | ---- | C] () -- C:\Users\Andrew\Desktop\Thank you for placing your order at RalphLauren.docx
[2010/08/12 21:59:35 | 000,203,944 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010/08/11 23:15:25 | 000,009,571 | ---- | C] () -- C:\Users\Andrew\Desktop\Question 7.xlsx
[2010/08/11 08:51:17 | 000,020,892 | ---- | C] () -- C:\Users\Andrew\Desktop\MATH10037 Assignment 2.docx
[2010/08/09 15:30:59 | 000,075,324 | ---- | C] () -- C:\Users\Andrew\Desktop\Final Assessment.docx
[2010/08/09 01:52:20 | 000,079,647 | ---- | C] () -- C:\Users\Andrew\Desktop\CIFC Assessment pre test.docx
[2010/08/08 19:16:45 | 000,017,246 | ---- | C] () -- C:\Users\Andrew\Desktop\blackberry_8330_sm.gif
[2010/08/08 19:15:43 | 000,086,095 | ---- | C] () -- C:\Users\Andrew\Desktop\blackberrycurve8330-mainmenu.jpg
[2010/08/08 19:15:00 | 000,054,375 | ---- | C] () -- C:\Users\Andrew\Desktop\blackberry-curve-8330-review-2.jpg
[2010/08/08 19:11:44 | 000,008,285 | ---- | C] () -- C:\Users\Andrew\Desktop\BB Storm 2.jpg
[2010/08/08 19:11:06 | 000,008,610 | ---- | C] () -- C:\Users\Andrew\Desktop\storm.jpg
[2010/08/08 16:17:40 | 000,037,804 | ---- | C] () -- C:\Users\Andrew\Desktop\Benchmarks Roof Painting & Repair.pdf
[2010/08/08 13:40:28 | 000,000,030 | ---- | C] () -- C:\Program Files (x86)\Exiferupdate.ini
[2010/08/07 07:16:13 | 000,090,601 | ---- | C] () -- C:\Users\Andrew\Desktop\blackberry-storm2.jpg
[2010/08/03 22:12:21 | 000,020,945 | ---- | C] () -- C:\Users\Andrew\Desktop\UNIT 1.docx
[2010/07/30 01:19:04 | 000,027,162 | ---- | C] () -- C:\Users\Andrew\Documents\One Healthy Scalp Manipulation Technique.docx
[2010/07/14 20:05:46 | 000,000,000 | ---- | C] () -- C:\Users\Andrew\AppData\Roaming\monFDE.log
[2010/07/08 16:35:01 | 000,000,000 | ---- | C] () -- C:\Users\Andrew\AppData\Local\Syoru.bin
[2010/07/08 16:35:00 | 000,000,120 | ---- | C] () -- C:\Users\Andrew\AppData\Local\Rqegoka.dat
[2010/07/02 16:53:23 | 005,257,278 | ---- | C] () -- C:\Users\Andrew\Desktop\Jacobsen maintenance manual.pdf
[2010/07/02 16:52:58 | 015,033,860 | ---- | C] () -- C:\Users\Andrew\Desktop\Jacobsen schematic 2.pdf
[2010/07/02 16:52:37 | 001,113,920 | ---- | C] () -- C:\Users\Andrew\Desktop\Jacobsen schematic 1.pdf
[2010/07/02 16:52:14 | 021,361,500 | ---- | C] () -- C:\Users\Andrew\Desktop\Jacobsen service manual.pdf
[2010/07/01 12:20:00 | 000,460,025 | ---- | C] () -- C:\Users\Andrew\Desktop\IMG00114.jpg
[2010/07/01 00:44:42 | 000,004,986 | ---- | C] () -- C:\Users\Andrew\Desktop\Morgan and Grant.jpg
[2010/06/27 11:39:06 | 000,001,864 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010/06/25 06:38:56 | 004,848,931 | ---- | C] () -- C:\Users\Andrew\Desktop\C230 Owners Manual.pdf
[2010/06/22 22:55:53 | 013,579,601 | ---- | C] () -- C:\Users\Andrew\Desktop\Math Assignment 2 and final review with modules as well.pdf
[2010/06/21 16:33:12 | 000,000,162 | -H-- | C] () -- C:\Users\Andrew\Desktop\~$st Volume relationships.doc
[2010/06/20 22:50:46 | 000,001,101 | ---- | C] () -- C:\Users\Andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2010/06/20 21:50:22 | 000,524,288 | -HS- | C] () -- C:\Users\Andrew\ntuser.dat{8d2400da-7cd1-11df-a2cc-001dbaf4400b}.TMContainer00000000000000000002.regtrans-ms
[2010/06/20 21:50:22 | 000,524,288 | -HS- | C] () -- C:\Users\Andrew\ntuser.dat{8d2400da-7cd1-11df-a2cc-001dbaf4400b}.TMContainer00000000000000000001.regtrans-ms
[2010/06/20 21:50:22 | 000,065,536 | -HS- | C] () -- C:\Users\Andrew\ntuser.dat{8d2400da-7cd1-11df-a2cc-001dbaf4400b}.TM.blf
[2010/06/14 07:57:34 | 000,026,337 | ---- | C] () -- C:\Users\Andrew\Desktop\Math Assignment 1.docx
[2010/06/12 23:40:16 | 000,118,399 | ---- | C] () -- C:\Users\Andrew\Desktop\sheridan financial_planning.pdf
[2010/06/12 23:01:51 | 000,177,066 | ---- | C] () -- C:\Users\Andrew\Desktop\Noah June 11, 2010.jpg
[2010/06/07 22:28:30 | 000,000,000 | ---- | C] () -- C:\Users\Andrew\AppData\Local\prvlcl.dat
[2010/06/05 02:00:03 | 000,114,688 | ---- | C] () -- C:\Users\Andrew\Desktop\Thank you card.pub
[2010/05/31 21:22:30 | 000,014,902 | ---- | C] () -- C:\Users\Andrew\Desktop\IFSE book.docx
[2010/05/31 12:22:00 | 008,320,787 | R--- | C] () -- C:\Users\Andrew\Desktop\noah park newest May 16, 2010.jpg
[2010/05/31 12:19:00 | 005,974,887 | R--- | C] () -- C:\Users\Andrew\Desktop\May 23 2010.jpg
[2010/05/31 10:29:00 | 000,594,944 | ---- | C] () -- C:\Users\Andrew\Desktop\May 6, 2010.jpg
[2010/05/30 14:51:53 | 000,011,264 | -HS- | C] () -- C:\Users\Andrew\Thumbs.db
[2010/05/28 01:24:29 | 001,008,128 | ---- | C] () -- C:\Users\Andrew\Documents\normalleads original.xls
[2010/05/28 01:24:29 | 000,788,570 | ---- | C] () -- C:\Users\Andrew\Documents\Hartford-et-al FINRA award.pdf
[2010/05/28 01:24:29 | 000,514,560 | ---- | C] () -- C:\Users\Andrew\Documents\normalleads.xls
[2010/05/28 01:24:29 | 000,334,336 | ---- | C] () -- C:\Users\Andrew\Documents\Sandiego list.xls
[2010/05/28 01:24:29 | 000,309,747 | ---- | C] () -- C:\Users\Andrew\Documents\Statute of limitations.pdf
[2010/05/28 01:24:29 | 000,173,932 | ---- | C] () -- C:\Users\Andrew\Documents\KeyChangesToCFPCertificationRequirements.pdf
[2010/05/28 01:24:29 | 000,060,394 | ---- | C] () -- C:\Users\Andrew\Documents\What is Zero Based Budgeting.pdf
[2010/05/28 01:24:29 | 000,052,224 | ---- | C] () -- C:\Users\Andrew\Documents\Rick Handel - Sucralose.doc
[2010/05/28 01:24:29 | 000,051,712 | ---- | C] () -- C:\Users\Andrew\Documents\You are not Warren Buffet.doc
[2010/05/28 01:24:29 | 000,050,176 | ---- | C] () -- C:\Users\Andrew\Documents\Money_famous-quotes.doc
[2010/05/28 01:24:29 | 000,049,318 | ---- | C] () -- C:\Users\Andrew\Documents\Sony Receipt.tif
[2010/05/28 01:24:29 | 000,049,144 | ---- | C] () -- C:\Users\Andrew\Documents\Statute of Limitations Transition Rules Chart.pdf
[2010/05/28 01:24:29 | 000,045,056 | ---- | C] () -- C:\Users\Andrew\Documents\SEPARATION AGREEMENT 2.doc
[2010/05/28 01:24:29 | 000,042,496 | ---- | C] () -- C:\Users\Andrew\Documents\The new way to make money in real estate - Copy.doc
[2010/05/28 01:24:29 | 000,034,304 | ---- | C] () -- C:\Users\Andrew\Documents\What children say.msg
[2010/05/28 01:24:29 | 000,030,720 | ---- | C] () -- C:\Users\Andrew\Documents\The Small Claims Court Act of Ontario - Copy.doc
[2010/05/28 01:24:29 | 000,030,208 | ---- | C] () -- C:\Users\Andrew\Documents\Separation Agreement 1.doc
[2010/05/28 01:24:29 | 000,030,208 | ---- | C] () -- C:\Users\Andrew\Documents\increase your bench pressing strength.doc
[2010/05/28 01:24:29 | 000,029,184 | ---- | C] () -- C:\Users\Andrew\Documents\the best ab exercises.doc
[2010/05/28 01:24:29 | 000,028,160 | ---- | C] () -- C:\Users\Andrew\Documents\How to pick mutual funds.doc
[2010/05/28 01:24:29 | 000,027,648 | ---- | C] () -- C:\Users\Andrew\Documents\July 22 letter to Alison Chitty.doc
[2010/05/28 01:24:29 | 000,025,600 | ---- | C] () -- C:\Users\Andrew\Documents\July 16 Alison Chitty.doc
[2010/05/28 01:24:29 | 000,025,088 | ---- | C] () -- C:\Users\Andrew\Documents\The New Employee.doc
[2010/05/28 01:24:29 | 000,022,016 | ---- | C] () -- C:\Users\Andrew\Documents\Life lessons.doc
[2010/05/28 01:24:29 | 000,020,829 | ---- | C] () -- C:\Users\Andrew\Documents\Worldwide Health Link Invoice for Joseph Wehbe unlocked.docx
[2010/05/28 01:24:29 | 000,019,968 | ---- | C] () -- C:\Users\Andrew\Documents\Home made shampoo.doc
[2010/05/28 01:24:29 | 000,016,234 | ---- | C] () -- C:\Users\Andrew\Documents\MiniLimitationsChart.pdf
[2010/05/28 01:24:29 | 000,012,688 | ---- | C] () -- C:\Users\Andrew\Documents\WORLD WIDE HEALTH LINK invoice to Joseph Wehbe unlocked.docx
[2010/05/28 01:24:28 | 005,142,528 | ---- | C] () -- C:\Users\Andrew\Documents\Happy Mother’s Day!.pptx
[2010/05/28 01:24:28 | 005,098,825 | ---- | C] () -- C:\Users\Andrew\Documents\Happy Mother’s Day 2010!.ppsx
[2010/05/28 01:24:28 | 005,098,823 | ---- | C] () -- C:\Users\Andrew\Documents\Happy Mother’s Day 2010!.pptx
[2010/05/28 01:24:28 | 002,450,944 | ---- | C] () -- C:\Users\Andrew\Documents\bmw list.XLS
[2010/05/28 01:24:28 | 000,285,184 | ---- | C] () -- C:\Users\Andrew\Documents\Bank Statement.doc
[2010/05/28 01:24:28 | 000,270,926 | ---- | C] () -- C:\Users\Andrew\Documents\BabysRus receipt.pdf
[2010/05/28 01:24:28 | 000,221,184 | ---- | C] () -- C:\Users\Andrew\Documents\Bank Statement November28.doc
[2010/05/28 01:24:28 | 000,195,072 | ---- | C] () -- C:\Users\Andrew\Documents\Andy doc.doc
[2010/05/28 01:24:28 | 000,177,152 | ---- | C] () -- C:\Users\Andrew\Documents\Bank statement Nov 21 2008 to Feb 9, 2009.doc
[2010/05/28 01:24:28 | 000,160,768 | ---- | C] () -- C:\Users\Andrew\Documents\Bank Account statement April 1 June 2 2009.doc
[2010/05/28 01:24:28 | 000,113,152 | ---- | C] () -- C:\Users\Andrew\Documents\Bank Account Details July 22, 2009.doc
[2010/05/28 01:24:28 | 000,083,898 | ---- | C] () -- C:\Users\Andrew\Documents\Christian farmers district_boards_list.pdf
[2010/05/28 01:24:28 | 000,079,872 | ---- | C] () -- C:\Users\Andrew\Documents\Andy's signature.doc
[2010/05/28 01:24:28 | 000,078,336 | ---- | C] () -- C:\Users\Andrew\Documents\Copy of Burl-Oakphonelist-Oct05.xls
[2010/05/28 01:24:28 | 000,054,784 | ---- | C] () -- C:\Users\Andrew\Documents\Armando Morales.doc
[2010/05/28 01:24:28 | 000,043,520 | ---- | C] () -- C:\Users\Andrew\Documents\freelife list.xls
[2010/05/28 01:24:28 | 000,037,376 | ---- | C] () -- C:\Users\Andrew\Documents\Business Plan.doc
[2010/05/28 01:24:28 | 000,030,720 | ---- | C] () -- C:\Users\Andrew\Documents\A Garnishment Refresher.doc
[2010/05/28 01:24:28 | 000,027,648 | ---- | C] () -- C:\Users\Andrew\Documents\Appeal to Alison Chitty August 26.doc
[2010/05/28 01:24:28 | 000,026,112 | ---- | C] () -- C:\Users\Andrew\Documents\Consent to Use Motor Vehicle License Plate Mercedes.doc
[2010/05/28 01:24:28 | 000,026,112 | ---- | C] () -- C:\Users\Andrew\Documents\CCRA August 29.doc
[2010/05/28 01:24:28 | 000,025,600 | ---- | C] () -- C:\Users\Andrew\Documents\CCRA September 12.doc
[2010/05/28 01:24:28 | 000,024,576 | ---- | C] () -- C:\Users\Andrew\Documents\Break it Off.doc
[2010/05/28 01:24:28 | 000,020,992 | ---- | C] () -- C:\Users\Andrew\Documents\Goals.doc
[2010/05/28 01:24:28 | 000,017,885 | ---- | C] () -- C:\Users\Andrew\Documents\DOC072309 Collect Canada.tif
[2010/05/28 01:24:27 | 006,051,255 | ---- | C] () -- C:\Users\Andrew\Documents\2007 Income Stats.pdf
[2010/05/28 01:24:27 | 000,027,136 | ---- | C] () -- C:\Users\Andrew\Documents\5 steps to help you reduce your debt.doc
[2010/05/27 23:21:38 | 012,182,801 | ---- | C] () -- C:\Users\Andrew\Desktop\What_s in a Name_ Part B.mp3
[2010/05/27 23:21:38 | 000,900,266 | ---- | C] () -- C:\Users\Andrew\Desktop\SecuredVisaApplication3.pdf
[2010/05/27 23:21:38 | 000,150,208 | ---- | C] () -- C:\Users\Andrew\Desktop\CurrentVendors on buy board.pdf
[2010/05/27 23:21:38 | 000,057,888 | ---- | C] () -- C:\Users\Andrew\Desktop\Economics order.docx
[2010/05/27 23:21:38 | 000,057,133 | ---- | C] () -- C:\Users\Andrew\Desktop\bid_schedule for buy board.pdf
[2010/05/27 23:21:38 | 000,031,896 | ---- | C] () -- C:\Users\Andrew\Desktop\z.jpg
[2010/05/27 23:21:38 | 000,021,434 | ---- | C] () -- C:\Users\Andrew\Desktop\IFSE EXAM 1.docx
[2010/05/27 23:21:38 | 000,020,658 | ---- | C] () -- C:\Users\Andrew\Desktop\Net Worth Statement.xlsx
[2010/05/27 23:21:38 | 000,012,545 | ---- | C] () -- C:\Users\Andrew\Desktop\IFSE Invoice.docx
[2010/05/27 23:21:38 | 000,011,938 | ---- | C] () -- C:\Users\Andrew\Desktop\logarithym questions.docx
[2010/05/27 23:21:38 | 000,005,229 | ---- | C] () -- C:\Users\Andrew\Desktop\VFD Drive.jpg
[2010/05/27 23:21:38 | 000,004,950 | ---- | C] () -- C:\Users\Andrew\Desktop\VFD Drive 3.jpg
[2010/05/27 23:21:38 | 000,004,286 | ---- | C] () -- C:\Users\Andrew\Desktop\Transformer 4.jpg
[2010/05/27 23:21:38 | 000,003,784 | ---- | C] () -- C:\Users\Andrew\Desktop\VFD Drive 1.jpg
[2010/05/27 23:21:38 | 000,003,620 | ---- | C] () -- C:\Users\Andrew\Desktop\Transformer 5.jpg
[2010/05/27 23:21:38 | 000,003,317 | ---- | C] () -- C:\Users\Andrew\Desktop\VFD Drive 2.jpg
[2010/05/27 23:21:38 | 000,003,294 | ---- | C] () -- C:\Users\Andrew\Desktop\VFD Drive 4.jpg
[2010/05/27 23:21:38 | 000,002,952 | ---- | C] () -- C:\Users\Andrew\Desktop\Transformer 2.jpg
[2010/05/27 23:21:38 | 000,002,944 | ---- | C] () -- C:\Users\Andrew\Desktop\Transformer 3.jpg
[2010/05/27 23:21:38 | 000,002,776 | ---- | C] () -- C:\Users\Andrew\Desktop\Transformer.jpg
[2010/05/27 23:21:38 | 000,000,341 | ---- | C] () -- C:\Users\Andrew\Desktop\Truth For Life Podcasts.pcast
[2010/05/27 23:21:37 | 000,129,536 | ---- | C] () -- C:\Users\Andrew\Desktop\Cost Volume relationships.doc
[2010/05/27 21:05:22 | 000,000,000 | ---- | C] () -- C:\Users\Andrew\AppData\Roaming\wklnhst.dat
[2010/05/26 22:25:45 | 000,014,592 | ---- | C] () -- C:\Windows\SysNative\CNC1735D.TBL
[2010/05/26 22:24:36 | 000,117,850 | ---- | C] () -- C:\Windows\SysNative\Cnmnput.chm
[2010/05/25 23:16:02 | 001,352,503 | ---- | C] () -- C:\Users\Andrew\Desktop\CH 2R - Financial Statements and Plans.pptx
[2010/05/25 23:15:15 | 000,249,868 | ---- | C] () -- C:\Users\Andrew\Desktop\CH 2 worksheets.docx
[2010/05/25 21:47:04 | 000,083,414 | ---- | C] () -- C:\Users\Andrew\Signature.jpg
[2010/05/11 09:29:59 | 000,225,280 | ---- | C] () -- C:\Windows\SysWow64\net_rim_plazmic_flint_dialog.dll
[2010/04/18 22:00:41 | 000,735,110 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/01/27 21:05:28 | 000,000,033 | ---- | C] () -- C:\Windows\WININIT.INI
[2010/01/26 00:20:42 | 000,000,336 | ---- | C] () -- C:\Windows\game.ini
[2009/12/28 13:09:55 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/12/26 13:44:50 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010/08/19 23:34:32 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\5CE2A6BA57EA9EF51EE22CCA1D948AC3
[2010/06/20 14:21:03 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\DAEMON Tools Lite
[2010/05/17 22:32:56 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\NVD
[2010/05/19 08:16:17 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\SoftGrid Client
[2010/06/28 00:53:37 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/05/27 21:05:29 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\Template
[2010/08/22 11:00:38 | 000,000,000 | ---D | M] -- C:\Users\Andrew\AppData\Roaming\uTorrent
[2010/07/30 22:54:12 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2009/07/13 21:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2010/01/27 03:24:42 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2010/05/10 20:25:36 | 000,000,721 | ---- | M] () -- C:\deltaStartup.log
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 09:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 09:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2008/04/11 11:07:18 | 000,010,134 | ---- | M] () -- C:\eula.1049.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2008/04/11 11:07:18 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2010/08/21 13:42:22 | 3094,622,208 | -HS- | M] () -- C:\hiberfil.sys
[2008/04/11 09:03:48 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2008/04/11 11:07:18 | 000,000,843 | ---- | M] () -- C:\install.ini
[2008/04/11 09:03:48 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2008/04/11 09:03:48 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2008/04/11 09:03:48 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2008/04/11 09:03:48 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2008/04/11 09:03:48 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2008/04/11 09:03:48 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2008/04/11 09:03:48 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2008/04/11 11:09:24 | 000,093,200 | ---- | M] (Microsoft Corporation) -- C:\install.res.1049.dll
[2008/04/11 09:03:48 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2008/04/11 09:03:48 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2010/01/27 21:35:05 | 000,000,187 | ---- | M] () -- C:\Installer_Setup.log
[2006/12/02 03:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2010/08/21 13:42:26 | 4126,167,040 | -HS- | M] () -- C:\pagefile.sys
[2010/01/27 21:01:53 | 000,002,494 | ---- | M] () -- C:\RHDSetup.log
[2009/12/26 13:30:54 | 000,000,073 | -H-- | M] () -- C:\splash.idx
[2008/04/11 11:07:18 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2009/12/26 13:47:49 | 000,389,266 | ---- | M] () -- C:\vcredist_x86.log
[2007/11/07 09:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 09:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI
[2009/04/11 00:06:56 | 000,003,632 | -H-- | M] () -- C:\version

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2009/07/14 01:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 01:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 01:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 01:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\user32.dll /md5 >
[2009/07/13 21:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2009/07/13 21:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\SysWOW64\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2009/07/13 21:11:26 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=808AABDF9337312195CAFF76D1804786 -- C:\Windows\SysWOW64\ws2help.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >
< End of report >

living life · 2010/08/22

Extras txt

OTL Extras logfile created on: 8/22/2010 11:05:50 AM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Users\Andrew\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 60.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 288.29 Gb Total Space | 179.65 Gb Free Space | 62.32% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ANDREW-PC
Current User Name: Andrew
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- Reg Error: Key error. File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- Reg Error: Value error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" File not found
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll ",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1 ",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- Reg Error: Value error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" File not found
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll ",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX860_series" = Canon MX860 series MP Drivers
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{23B45E10-0CA5-43E9-BD6D-C2BD6CBE11AC}" = iTunes
"{328CC232-CFDC-468B-A214-2E21300E4CB5}" = Apple Mobile Device Support
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{91140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B0EFB716-085B-4564-8060-212E41F5CE50}" = Windows Live ID Sign-in Assistant
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}" = Bonjour
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{DB9C43F7-0B0F-4E43-9E6B-F945C71C469E}" = VD64Inst
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{068F037B-2723-48E3-85F1-4D7D93A29D2A}" = VAIO Content Metadata Intelligent Analyzing Manager
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1B500D37-E7CF-480B-8054-8A563594EC4E}" = VAIO OOBE and Welcome Center
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{2E8631C2-72E6-4A95-A86E-CB912D8D1537}" = Sony Home Network Library
"{2F839384-6AB0-449B-8772-25E607036357}" = VAIO Help and Support
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{34B37A74-125E-4406-87BA-E4BD3D097AE5}" = VAIO Survey
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{376DCC77-BFDA-4AC0-A57E-2CEB000D5E47}" = VAIO Content Metadata Intelligent Analyzing Manager
"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{484D0DD1-57D3-4AE5-8B5A-40232C83B674}" = VAIO Entertainment Platform
"{48E91AD2-2A80-4E70-98E6-450A189F6048}" = VAIO Movie Story
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy Media Creator 10 LJ
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic
"{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update 5
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6BF03C88-C06A-48DC-B9A1-FE72B24E5FA9}" = VAIO Media plus Opening Movie
"{6EB6A82E-4918-481F-9AF8-3129E6D29B7E}" = Sony Home Network Library
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{70991E0A-1108-437E-BA7D-085702C670C0}" =
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{78780A45-B180-4297-AE6D-12C45EC5AD35}" = VAIO Content Metadata Manager Setting
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7B79CD75-F848-4B33-83E3-0EE1A1805A8C}" = VAIO Movie Story
"{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-i Visual Effects 2
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}" = VAIO Media plus
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8F47B673-8D71-49E3-98B6-BCF547C82F57}" = Click to Disc
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{931FE23C-BB40-4C7A-A594-DB35908D8E83}" = Splashtop
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" =
"{98FC7A64-774B-49B5-B046-4B4EBC053FA9}" = VAIO MusicBox Sample Music
"{9973498D-EA29-4A68-BE0B-C88D6E03E928}" = ArcSoft WebCam Companion 2
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B5F85CA-90D4-4AFC-BB37-32477FD0D2B9}" = SmartWi Connection Utility
"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Function Settings
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9D3D707-4A1A-4227-BE6E-F16448B4CB63}" = VAIO Entertainment Platform
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BFD85D24-D4F3-4CCC-B518-D7C4FC29C76D}" = VAIO Content Metadata Intelligent Analyzing Manager
"{C1555BC5-88B1-466B-BC79-062B5715DF92}" = VAIO Content Metadata XML Interface Library
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{CC2541A6-BC6A-4099-B711-7911C884AEB8}" = VAIO Content Metadata XML Interface Library
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CD7E6232-D41D-4E5B-ABE1-0264B6260309}" = VAIO Content Metadata Intelligent Analyzing Manager
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Music Transfer
"{D03D02D8-AB64-4785-A48E-5AA8B0FB8C14}" = Sony Home Network Library
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{DB1C9CB7-DF65-4991-BD17-71BF9CD15BA0}" = VAIO Help and Support
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{DEF97A70-C67D-41E1-837C-6462C97A6F65}" = OpenMG Secure Module 5.3.00
"{DF0415CC-0563-407F-B560-9B7F277122C5}" = VAIO BD Menu Data
"{E3453B1B-C91B-4C48-B046-8DF635DD46F2}" = VAIO Content Metadata XML Interface Library
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5FCED12-3E77-4C0E-A305-5AEB38A52A70}" = AdobeColorCommonSetCMYK
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EADE97A7-E7AA-43FD-A042-92A68E0187A6}" = VAIO Content Metadata Manager Setting
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EED50C97-C79E-4149-BD82-7C5A22437708}" = Adobe Setup
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1432614-6183-49E6-98E8-674485463CFE}" = VAIO Original Function Settings
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Easy Media Creator Home
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_a68eec966ce913ddaa63251dc82ed31" = Adobe Flash CS4 Professional
"Akamai" = Akamai NetSession Interface
"ASIO4ALL" = ASIO4ALL
"AVG9Uninstall" = AVG Free 9.0
"Canon MX860 series User Registration" = Canon MX860 series User Registration
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"InstallShield_{DEF97A70-C67D-41E1-837C-6462C97A6F65}" = OpenMG Secure Module 5.3.00
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MP Navigator EX 2.1" = Canon MP Navigator EX 2.1
"OpenAL" = OpenAL
"splashtop" = Splashtop
"VLC media player" = VLC media player 1.1.2
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

broni · 2010/08/22

You didn't give me fresh Malwarebytes log.

living life · 2010/08/22

malware report

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4451

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

8/22/2010 1:15:09 PM
mbam-log-2010-08-22 (13-15-09).txt

Scan type: Quick scan
Objects scanned: 153921
Time elapsed: 5 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

broni · 2010/08/22

Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.

Accept any prompts.

===============================================================

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL
SRV:64bit: - File not found [Auto | Stopped] -- C:\Windows\SysNative\srvany.exe -- (KMService)
SRV - [2003/04/18 19:06:26 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\srvany.exe -- (KMService)
DRV:64bit: - [2009/06/30 09:37:16 | 000,033,800 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pavboot64.sys -- (pavboot)
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\hssie\HssIE_64.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [roswexamcn.exe] C:\Users\Andrew\AppData\Local\Temp\roswexamcn.exe File not found
O4 - HKCU..\Run: [AdobeBridge] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} http://srtest-cdn.systemrequirements...qlabdetect.cab (Reg Error: Key error.)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab...l_4.1.66.0.cab (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18:64bit: - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O33 - MountPoints2\{94889c82-8eeb-11df-8c7c-001dbaf4400b}\Shell - " " = AutoRun
O33 - MountPoints2\{94889c82-8eeb-11df-8c7c-001dbaf4400b}\Shell\AutoRun\command - " " = G:\launcher.exe -- File not found
[2010/08/21 20:34:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Akamai
[2010/08/20 08:25:34 | 000,033,800 | ---- | C] (Panda Security, S.L.) -- C:\Windows\SysNative\drivers\pavboot64.sys
[2010/08/20 08:24:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda Security
[2010/08/19 23:19:14 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Roaming\5CE2A6BA57EA9EF51EE22CCA1D948AC3
[2010/07/18 16:24:15 | 000,000,000 | ---D | C] -- C:\Users\Andrew\AppData\Local\crdlfwluw


:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.
==============================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

3. Go to Kaspersky website and perform an online antivirus scan.

Disable your active antivirus program.

Read through the requirements and privacy statement and click on Accept button.

It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.

When the downloads have finished, click on Settings.

Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

Spyware, Adware, Dialers, and other potentially dangerous programs

Archives

Mail databases

Click on My Computer under Scan.

Once the scan is complete, it will display the results. Click on View Scan Report.

You will see a list of infected items there. Click on Save Report As....

Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

living life · 2010/08/22

security check

Results of screen317's Security Check version 0.99.5
Windows 7 (UAC is disabled!)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
AVG Free 9.0
McAfee Security Scan Plus
WMI entry may not exist for antivirus; attempting automatic update.
AVG9 successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 21
Adobe Flash Player 10.1.82.76
Adobe Reader 9.3.3
Mozilla Firefox (3.6.8)
````````````````````````````````
Process Check:
objlist.exe by Laurent
AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgemc.exe
````````````````````````````````
DNS Vulnerability Check:
POOR! (Vulnerable to DNS cache poisoning!!-- Consider OPENDNS)

``````````End of Log````````````

living life · 2010/08/22

Kapersky

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Sunday, August 22, 2010
Operating system: Microsoft (build 7600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Sunday, August 22, 2010 15:12:11
Records in database: 4134853
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\

Scan statistics:
Objects scanned: 161510
Threats found: 1
Infected objects found: 2
Suspicious objects found: 0
Scan duration: 04:13:49

File name / Threat / Threats count
C:\Windows\System32\wininit.exe Infected: Trojan.Win32.Patched.kl 1
C:\Windows\SysWOW64\wininit.exe Infected: Trojan.Win32.Patched.kl 1

Selected area has been scanned.

broni · 2010/08/22

You didn't post a log from OTL fix.

==============================================

Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders.
Upload following files to http://www.virustotal.com/ for security check:
- C:\Windows\System32\wininit.exe
- C:\Windows\SysWOW64\wininit.exe
IMPORTANT! If the file is listed as already analyzed, click on Reanalyse file now button.
Post scan results.

living life · 2010/08/22

OTL Fix

All processes killed
========== OTL ==========
Service KMService stopped successfully!
Service KMService deleted successfully!
File C:\Windows\SysNative\srvany.exe not found.
Error: No service named KMService was found to stop!
Service\Driver key KMService not found.
C:\Windows\SysWOW64\srvany.exe moved successfully.
Error: Unable to stop service pavboot!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pavboot deleted successfully.
C:\Windows\SysNative\drivers\pavboot64.sys moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\roswexamcn.exe deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Starting removal of ActiveX control {40F576AD-8680-4F9E-9490-99D069CD665F}
C:\Windows\Downloaded Program Files\sysreqlabdetect.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{40F576AD-8680-4F9E-9490-99D069CD665F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40F576AD-8680-4F9E-9490-99D069CD665F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{40F576AD-8680-4F9E-9490-99D069CD665F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{40F576AD-8680-4F9E-9490-99D069CD665F}\ not found.
Starting removal of ActiveX control {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F}
C:\Windows\Downloaded Program Files\srldetect.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CF84DAC5-A4F5-419E-A0BA-C01FFD71112F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF84DAC5-A4F5-419E-A0BA-C01FFD71112F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CF84DAC5-A4F5-419E-A0BA-C01FFD71112F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF84DAC5-A4F5-419E-A0BA-C01FFD71112F}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\avgsecuritytoolbar\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F2DDE6B2-9684-4A55-86D4-E255E237B77C}\ not found.
File {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ not found.
File {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-itss\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0A9007C0-4076-11D3-8789-0000F8105754}\ not found.
File {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ not found.
File {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03C514A3-1EFB-4856-9F99-10D7BE1653C0}\ not found.
File {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{314111c7-a502-11d2-bbca-00c04f8ec294}\ not found.
File {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui\ deleted successfully.
C:\Windows\SysNative\igfxdev.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{94889c82-8eeb-11df-8c7c-001dbaf4400b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{94889c82-8eeb-11df-8c7c-001dbaf4400b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{94889c82-8eeb-11df-8c7c-001dbaf4400b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{94889c82-8eeb-11df-8c7c-001dbaf4400b}\ not found.
File G:\launcher.exe not found.
C:\Program Files (x86)\Common Files\Akamai\Cache folder moved successfully.
Folder move failed. C:\Program Files (x86)\Common Files\Akamai scheduled to be moved on reboot.
File C:\Windows\SysNative\drivers\pavboot64.sys not found.
C:\Program Files (x86)\Panda Security\ActiveScan 2.0\psqstore folder moved successfully.
C:\Program Files (x86)\Panda Security\ActiveScan 2.0 folder moved successfully.
C:\Program Files (x86)\Panda Security folder moved successfully.
C:\Users\Andrew\AppData\Roaming\5CE2A6BA57EA9EF51EE22CCA1D948AC3 folder moved successfully.
C:\Users\Andrew\AppData\Local\crdlfwluw folder moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Andrew
->Temp folder emptied: 1005007972 bytes
->Temporary Internet Files folder emptied: 69541368 bytes
->Java cache emptied: 919750 bytes
->FireFox cache emptied: 37748854 bytes
->Flash cache emptied: 147855 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Grant
->Temp folder emptied: 2243032193 bytes
->Temporary Internet Files folder emptied: 510927275 bytes
->Java cache emptied: 18556645 bytes
->FireFox cache emptied: 38081098 bytes
->Flash cache emptied: 151434 bytes

User: Guest
->Temp folder emptied: 151652 bytes
->Temporary Internet Files folder emptied: 4282788 bytes
->Flash cache emptied: 56960 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 15850336 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 274529 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 3,762.00 mb

[EMPTYFLASH]

User: All Users

User: Andrew
->Flash cache emptied: 0 bytes

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Grant
->Flash cache emptied: 0 bytes

User: Guest
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.10.0 log created on 08222010_162034

Files\Folders moved on Reboot...
C:\Program Files (x86)\Common Files\Akamai\Cache folder moved successfully.
Folder move failed. C:\Program Files (x86)\Common Files\Akamai scheduled to be moved on reboot.
C:\Users\Andrew\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Andrew\AppData\Local\Mozilla\Firefox\Profiles\4ra4osnx.default\Cache\_CACHE_001_ moved successfully.
C:\Users\Andrew\AppData\Local\Mozilla\Firefox\Profiles\4ra4osnx.default\Cache\_CACHE_002_ moved successfully.
C:\Users\Andrew\AppData\Local\Mozilla\Firefox\Profiles\4ra4osnx.default\Cache\_CACHE_003_ moved successfully.
C:\Users\Andrew\AppData\Local\Mozilla\Firefox\Profiles\4ra4osnx.default\Cache\_CACHE_MAP_ moved successfully.
C:\Users\Andrew\AppData\Local\Mozilla\Firefox\Profiles\4ra4osnx.default\urlclassifier3.sqlite moved successfully.
C:\Users\Andrew\AppData\Local\Mozilla\Firefox\Profiles\4ra4osnx.default\XUL.mfl moved successfully.

Registry entries deleted on Reboot...

broni · 2010/08/22

Good

VirusTotal, please...

living life · 2010/08/23

system 32

File name:
wininit.exe
Submission date:
2010-08-23 12:46:51 (UTC)
Current status:
queued queued (#11) analysing finished
Result:
22/ 42 (52.4%)

Antivirus Version Last Update Result
AhnLab-V3 2010.08.23.06 2010.08.23 -
AntiVir 8.2.4.38 2010.08.23 TR/Spy.96256.30
Antiy-AVL 2.0.3.7 2010.08.23 -
Authentium 5.2.0.5 2010.08.23 -
Avast 4.8.1351.0 2010.08.22 Win32:Malware-gen
Avast5 5.0.332.0 2010.08.22 Win32:Bamital-X
AVG 9.0.0.851 2010.08.23 -
BitDefender 7.2 2010.08.23 Win32.Loader.O
CAT-QuickHeal 11.00 2010.08.23 -
ClamAV 0.96.2.0-git 2010.08.23 -
Comodo 5830 2010.08.23 -
DrWeb 5.0.2.03300 2010.08.23 modification of Win32.Dat.2
Emsisoft 5.0.0.37 2010.08.23 Gen.Trojan!IK
eSafe 7.0.17.0 2010.08.23 Win32.TRSpy
eTrust-Vet 36.1.7804 2010.08.21 Win32/Patcher.F
F-Prot 4.6.1.107 2010.08.22 -
F-Secure 9.0.15370.0 2010.08.23 Win32.Loader.O
Fortinet 4.1.143.0 2010.08.23 -
GData 21 2010.08.23 Win32.Loader.O
Ikarus T3.1.1.88.0 2010.08.23 Gen.Trojan
Jiangmin 13.0.900 2010.08.23 -
Kaspersky 7.0.0.125 2010.08.23 Trojan.Win32.Patched.kl
McAfee 5.400.0.1158 2010.08.23 Artemis!ED9D72465A62
McAfee-GW-Edition 2010.1B 2010.08.23 Artemis!ED9D72465A62
Microsoft 1.6103 2010.08.23 Virus:Win32/Bamital.C
NOD32 5388 2010.08.23 -
Norman 6.05.11 2010.08.23 -
nProtect 2010-08-23.01 2010.08.23 Win32.Loader.O
Panda 10.0.2.7 2010.08.22 Suspicious file
PCTools 7.0.3.5 2010.08.23 -
Prevx 3.0 2010.08.23 Medium Risk Malware
Rising 22.62.00.04 2010.08.23 Trojan.Win32.Generic.5225A171
Sophos 4.56.0 2010.08.23 -
Sunbelt 6778 2010.08.23 Virus.Win32.Bamital.c (v)
SUPERAntiSpyware 4.40.0.1006 2010.08.23 -
Symantec 20101.1.1.7 2010.08.23 WS.Reputation.1
TheHacker 6.5.2.1.355 2010.08.23 -
TrendMicro 9.120.0.1004 2010.08.23 -
TrendMicro-HouseCall 9.120.0.1004 2010.08.23 -
VBA32 3.12.14.0 2010.08.23 -
ViRobot 2010.8.23.4003 2010.08.23 Win32.Patched.AF
VirusBuster 5.0.27.0 2010.08.22 -
Additional information
Show all
MD5 : ed9d72465a62706e3f4849b61b5df33b
SHA1 : 8f5e39f9986e25de7abc6bd949bab5b5c12e64f9
SHA256: 29f2bab686339ad17217623a5a8c7a533896c614f901db0665bd6ddd5a38b74c

Log in or Sign up

Solved Antimalware Doctor Inc

living life Inactive Thread Starter

PeteC SuperGeek Staff

living life Inactive Thread Starter

living life Inactive Thread Starter

PeteC SuperGeek Staff

living life Inactive Thread Starter

broni Moderator Malware Analyst

living life Inactive Thread Starter

living life Inactive Thread Starter

living life Inactive Thread Starter

living life Inactive Thread Starter

broni Moderator Malware Analyst

living life Inactive Thread Starter

broni Moderator Malware Analyst

living life Inactive Thread Starter

living life Inactive Thread Starter

broni Moderator Malware Analyst

living life Inactive Thread Starter

broni Moderator Malware Analyst

living life Inactive Thread Starter

Share This Page

Log in or Sign up

Solved Antimalware Doctor Inc

living life Inactive Thread Starter

PeteC SuperGeek Staff

living life Inactive Thread Starter

living life Inactive Thread Starter

PeteC SuperGeek Staff

living life Inactive Thread Starter

broni Moderator Malware Analyst

living life Inactive Thread Starter

living life Inactive Thread Starter

living life Inactive Thread Starter

living life Inactive Thread Starter

broni Moderator Malware Analyst

living life Inactive Thread Starter

broni Moderator Malware Analyst

living life Inactive Thread Starter

living life Inactive Thread Starter

broni Moderator Malware Analyst

living life Inactive Thread Starter

broni Moderator Malware Analyst

living life Inactive Thread Starter

Share This Page

Useful Searches