Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Suspect VAIO is infected

This is a discussion on Suspect VAIO is infected within the Resolved HJT Threads forums, part of the Tech Support Forum category. My computer began running slowly, and now whenever my computer has been sleeping/hibernating the internet disconnects and reconnects. It takes


 
 
Thread Tools Search this Thread
Old 07-05-2011, 11:02 AM   #1
Registered Member
 
Join Date: Jul 2011
Posts: 20
OS: Windows 7 Home Premium, Service pack 1



My computer began running slowly, and now whenever my computer has been sleeping/hibernating the internet disconnects and reconnects. It takes it a while to establish a connection. Today my browser seems to have been reset(settings, home page, etc.) In my running processes I am seeing things that have not been there before. I noticed this process running "Program Files(x86)\IE\iexplore.ex" SCODEF:3748 CREDAT 203009 this started to appear yesterday. Also at the end of some processes I am seeing things like -Embedding(appears after these processes VaioCareService.exe and FlashUtil10t_ActiveX.exe), -hide runkey(this appears after Microsoft essentienals) I am not sure if these mean anything or not. Im just noting things that I did not normally see before. I did do a scan with ME and it found VirTool:JS/Obfuscator.BN and says it was removed.

Here is the DDS.txt pasted below & zip file for other txts(Attached & ark)is attached:

.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by SNPG2 at 10:59:47 on 2011-07-05
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3935.1951 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe
C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Care\VAIOCareService.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe
C:\Program Files (x86)\DDNI\Oasis\VAIO Messenger.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESGfxMgr.exe
C:\Windows\system32\igfxext.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10t_ActiveX.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
uSearch Bar = Preserve
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [igndlm.exe] C:\Program Files (x86)\Download Manager\DLM.exe /windowsstart /startifwork
uRun: [Google Update] "C:\Users\SNPG2\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [SmartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup
mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\SNPG2\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\VAIOME~1.LNK - C:\Program Files (x86)\DDNi\Oasis\Delay.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-US/wlscctrl2.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-beta/OnlineScanner.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - hxxp://ax.emsisoft.com/asquared.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{94C285ED-C7EF-4DF7-9424-ED82B6BEB9A0} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{94C285ED-C7EF-4DF7-9424-ED82B6BEB9A0}\2375942554330323 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{94C285ED-C7EF-4DF7-9424-ED82B6BEB9A0}\2456C6B696E6E253644454 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{94C285ED-C7EF-4DF7-9424-ED82B6BEB9A0}\2462E4 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{94C285ED-C7EF-4DF7-9424-ED82B6BEB9A0}\35475656C6562702E4164796F6E6 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{94C285ED-C7EF-4DF7-9424-ED82B6BEB9A0}\35475656C65627E2E4164796F6E6 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{94C285ED-C7EF-4DF7-9424-ED82B6BEB9A0}\35E4057413025465F4 : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Notify: VESWinlogon - VESWinlogon.dll
mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [SmartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup
mRun-x64: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun-x64: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
mRun-x64: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
IE-X64: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 SBRE;SBRE;\??\C:\Windows\system32\drivers\SBREdrv.sys --> C:\Windows\system32\drivers\SBREdrv.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 Oasis2Service;Oasis2Service;C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe [2010-6-24 46080]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2009-11-25 189984]
R2 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-9-27 864000]
R2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-10-25 549168]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys --> C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 MSSQL$DDNI;SQL Server (DDNI);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\sqlservr.exe [2009-3-30 43010392]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\drivers\SFEP.sys --> C:\Windows\system32\drivers\SFEP.sys [?]
R3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2010-9-27 303872]
R3 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2009-11-25 571248]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-11-25 135664]
S2 lxdu_device;lxdu_device; [x]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-8-31 362992]
S2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2009-11-25 104960]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-11-25 135664]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-8-31 313840]
S3 SampleCollector;Intel(R) Sample Collector;C:\Program Files\Sony\VAIO Care\collsvc.exe [2009-11-25 167424]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-10-25 387896]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2009-11-25 110960]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-3-31 47128]
S4 SQLAgent$DDNI;SQL Server Agent (DDNI);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 366936]
.
=============== Created Last 30 ================
.
2011-07-04 15:15:13 8873296 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{ECD86D45-BE0D-4928-8CA5-600954914BCB}\mpengine.dll
2011-07-02 12:25:06 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{88413039-8D19-46CD-91B0-B5D72695CA2E}
2011-07-02 12:25:06 -------- d-----w- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{AF149D8F-808D-4E1E-AB1A-90D0434A15A2}
2011-07-02 12:25:05 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{71AA5E62-3F2E-4190-9042-9549425AE0D9}
2011-07-02 12:25:04 -------- d-----w- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{B92F8549-7A01-46F8-B615-056ED7449EE3}
2011-07-02 12:25:03 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{E99CBE34-5E30-400C-9175-ECCE0FCE73C8}
2011-07-02 12:25:03 -------- d-----w- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{A5970775-3337-49CC-B413-650A7721F26C}
2011-07-02 12:25:02 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{D6B48077-7DB4-433B-AB34-46CBAD8B56E1}
2011-07-02 12:25:01 -------- d-----w- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{CAC53B25-1E57-4FD8-A401-48F32DD04892}
2011-07-02 12:23:59 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{4BE5A213-3153-4500-8241-922378CEC339}
2011-07-01 16:07:45 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2011-07-01 01:00:49 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-06-30 21:49:59 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{FE0182C1-52DE-412F-A584-74BA56D27EDC}
2011-06-29 11:19:56 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2011-06-28 21:14:54 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{FBC77A08-7C84-4BA1-BD24-EB4073CB6293}
2011-06-28 21:13:59 -------- d-----w- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{8F7973C0-72E7-4ADA-A6D8-E0A7F6A03670}
2011-06-28 21:12:59 -------- d-----w- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{9646B20C-D39C-49E5-B3F6-0C18142AE8E7}
2011-06-28 21:11:59 -------- d-----w- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{B8C31F98-EE8A-4B18-9A21-C73C1CF7E649}
2011-06-28 21:10:59 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{C858FA76-8A86-4EE7-BDDF-9137BC8C25EF}
2011-06-28 21:09:59 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{FB0271BD-A6E4-4AC2-8443-1BACFA76E39C}
2011-06-28 21:08:59 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{9230F119-A659-497F-80C9-52597C65547A}
2011-06-28 21:07:59 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{B1D3122B-9C4A-4955-8FCF-32E3CA7EC583}
2011-06-28 2159 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{BC32B525-8E0A-47A5-8438-28E486D92CF5}
2011-06-28 21:05:59 -------- d-----w- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{F3B8D0C6-6710-4722-AE09-96143EEDC921}
2011-06-28 21:04:59 -------- d-----w- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{D3227025-3AA6-457B-9BFF-EF96BE6F2E42}
2011-06-28 21:03:59 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{ADD43300-0B52-49E4-B716-93864CEA3455}
2011-06-28 21:02:59 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{17B6CDB8-A647-43BC-A3AA-EFA2F8257D19}
2011-06-28 21:01:59 -------- d-----w- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{CA9B532B-87B5-4EA3-8F50-8CD5DE4F402C}
2011-06-28 21:00:59 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{DB23808D-0197-4ABF-BA41-FB60B463AC24}
2011-06-28 20:59:59 -------- d-----w- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{FDC62CE6-6217-4712-B8CF-D32A5035C0A2}
2011-06-28 20:58:59 -------- d-----w- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{FB9C12C7-E1D1-429D-9A7E-7ACD43E54C18}
2011-06-28 20:58:59 -------- d-----w- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{911C819E-A93B-40E9-B07F-FF38B521CB51}
2011-06-27 23:35:47 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-06-25 15:47:01 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{EA880E1B-C432-4979-844B-D8F373951889}
2011-06-25 15:47:01 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{D5734742-9F31-4D2C-83F9-E5B3022694E7}
2011-06-25 15:47:01 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{765EB193-4F8E-41FD-BD2C-B39F71923600}
2011-06-25 15:47:01 -------- d-----w- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{E2176721-9D3D-4675-961C-2DED9292F13F}
2011-06-25 15:47:01 -------- d-----w- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{77AB06C3-A741-475D-99E2-22D9A06F405A}
2011-06-25 15:47:00 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{E4A3E3C8-2E1A-4B26-BC11-1A13BC23E468}
2011-06-25 15:47:00 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{1B588FAF-9537-4D34-9EB4-281FF06B7F41}
2011-06-25 15:47:00 -------- d-----w- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{4D8E67C8-A4C9-4126-9AF1-6AA830A03B9E}
2011-06-25 15:47:00 -------- d-----w- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{8A37C4CF-5C35-4B1B-92D8-F562FE0E8F10}
2011-06-24 02:26:36 8873296 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-06-22 18:15:07 -------- d-----w- C:\Windows\SysWow64\Adobe
2011-06-22 18:11:41 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-22 15:39:32 -------- d-----w- C:\ProgramData\SecTaskMan
2011-06-22 15:20:15 601424 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D0087906-9D21-447E-9002-1CE882FFA042}\gapaengine.dll
2011-06-22 15:17:19 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2011-06-22 15:16:53 -------- d-----w- C:\Program Files\Microsoft Security Client
2011-06-22 15:16:19 -------- d-----w- C:\45e94807f7dd6ad7f0c5c0a3ad07
2011-06-22 10:45:59 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{AC83D0DC-B75F-453D-81AB-8B4061736435}
2011-06-20 16:47:06 -------- d-----w- C:\Windows\SysWow64\{A2D9AE42-F9AF-499F-B7F4-7E3359E14C4E}{C1E85C83-1895-4F70-A2CE-1EACD7EFBE80}
2011-06-18 20:00:13 -------- d-----w- C:\Windows\SysWow64\{A2D9AE42-F9AF-499F-B7F4-7E3359E14C4E}{F9F337B6-682A-45DB-89E2-D6C23E0CE513}
2011-06-18 19:58:58 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{3D896B43-24A9-4160-A56B-770BB07114A2}
2011-06-18 19:58:57 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{34D2B07B-4215-4D84-ADD1-C09743E3F245}
2011-06-18 19:58:56 -------- d-----w- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{E088B716-8839-46D6-A14A-86A5B154642A}
2011-06-18 19:58:56 -------- d-----w- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{A60139D3-3173-4B80-A788-9ABC79AE9723}
2011-06-18 19:58:56 -------- d-----w- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{A3892803-D390-4E83-9D70-C4617AE9D62E}
2011-06-18 19:58:54 -------- d-----w- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{50F4AC26-FBB1-4E16-BFAE-A30CA4978601}
2011-06-18 19:58:53 -------- d-----w- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{D1670D0A-B2DD-4D3A-B54B-184DE6EB7EB1}
2011-06-16 19:21:26 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{FF15FAEA-50A2-4FD8-B78F-987AC8F0141A}
2011-06-16 11:44:16 -------- d-----w- C:\Windows\System32\SPReview
2011-06-16 11:43:02 -------- d-----w- C:\Windows\System32\EventProviders
2011-06-16 11:29:26 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-06-16 11:29:25 499200 ----a-w- C:\Windows\System32\drivers\afd.sys
2011-06-16 11:29:24 288640 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2011-06-16 11:29:19 289280 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-06-16 11:29:16 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-06-16 11:29:14 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-06-16 11:27:42 3135488 ----a-w- C:\Windows\System32\win32k.sys
2011-06-16 11:27:36 321024 ----a-w- C:\Windows\System32\d3d10_1core.dll
2011-06-16 11:27:36 219136 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2011-06-16 11:27:36 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2011-06-16 11:27:36 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2011-06-16 11:27:13 410112 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-06-16 11:27:11 467456 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-06-16 11:27:11 168448 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-06-16 11:27:09 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2011-06-16 11:27:08 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-06-16 11:27:06 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-06-16 11:27:05 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-06-15 15:01:59 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{C4F4B2BF-EF2A-43CD-80DD-D5E5E29F4BA2}
2011-06-15 15:00:59 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{AE38437E-7BCA-4AD1-A234-C45A2E6FD107}
2011-06-14 14:44:46 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{F8D1C4C7-BCEB-443B-BD1E-A3F6CB2D26DA}
2011-06-13 22:11:15 89 ----a-w- C:\Users\SNPG2\AppData\Roaming\netstat.bat
2011-06-13 21:41:00 55384 ----a-w- C:\Windows\System32\drivers\sbredrv.sys
2011-06-13 21:41:00 45904 ----a-w- C:\Windows\System32\sbbd.exe
2011-06-13 12:28:59 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{4FB6F003-2B24-4220-BBDF-2F78B0ED3592}
2011-06-12 00:20:48 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{57010769-0443-4853-8726-7698BEA0157E}
2011-06-12 00:19:59 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{D9EC9151-180E-43A2-BAFB-4D2F11FC6D3C}
2011-06-10 22:07:04 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{FA7D6E25-5B88-4D9F-89B3-EF5120DFEDEB}
2011-06-10 2259 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{C2CCF409-1522-4030-BCFA-3A7907DD1DD9}
2011-06-10 11:47:58 8718160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{317D538D-3D1A-4B7E-BF80-90C7363A1009}\mpengine.dll
2011-06-09 2258 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{FC37CCB5-0D75-404F-A3B8-A756B18B4D08}
2011-06-09 2258 -------- d-----w- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{A01E88EE-FEED-4F0A-87FB-7DF40E437F10}
2011-06-09 2255 -------- d-----w- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{D5786462-9632-478D-BCE2-F630C8D5B3E4}
2011-06-09 00:37:58 444752 ----a-w- C:\Windows\System32\mscoree.dll
2011-06-09 00:36:59 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2011-06-09 00:35:59 726528 ----a-w- C:\Windows\System32\AuxiliaryDisplayCpl.dll
2011-06-09 00:34:59 840192 ----a-w- C:\Windows\System32\blackbox.dll
2011-06-09 00:33:59 8192 ----a-w- C:\Windows\System32\KBDCZ1.DLL
2011-06-09 00:32:10 323072 ----a-w- C:\Windows\SysWow64\drvstore.dll
2011-06-09 00:32:10 257024 ----a-w- C:\Windows\SysWow64\dpx.dll
2011-06-09 00:31:39 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll
2011-06-09 00:31:39 363008 ----a-w- C:\Windows\SysWow64\wbemcomn.dll
2011-06-09 00:22:44 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
2011-06-09 00:22:44 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2011-06-09 00:22:44 1225216 ----a-w- C:\Windows\System32\wbem\wbemcore.dll
2011-06-09 00:22:10 933376 ----a-w- C:\Windows\System32\SmiEngine.dll
2011-06-09 00:21:52 199168 ----a-w- C:\Windows\System32\PkgMgr.exe
2011-06-09 00:20:04 422912 ----a-w- C:\Windows\System32\drvstore.dll
2011-06-09 00:20:03 399872 ----a-w- C:\Windows\System32\dpx.dll
2011-06-08 22:08:59 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{DA2F9A05-020A-479B-A484-984D7936541F}
2011-06-07 17:52:13 -------- d-----w- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{FCDED598-3C0D-4FB1-8CA9-AD83AF86CDE2}
2011-06-06 17:54:39 -------- d-----w- C:\Windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{C9A6E7BE-70D1-4286-9833-232159E28329}
2011-06-06 17:54:29 -------- d-----w- C:\Windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{868EAFD2-3A02-48CE-B0C3-25BD9AC78AB4}
2011-06-06 17:54:25 -------- d-----w- C:\Windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{9D1A531D-B3C3-40F1-913D-5503C34631A6}
2011-06-06 17:54:18 -------- d-----w- C:\Windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{F097E42B-1E79-44A7-B939-007679A4FC74}
2011-06-06 17:54:13 -------- d-----w- C:\Windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{283DF2A9-B30C-4F90-80B3-6820EC995121}
2011-06-06 17:54:04 -------- d-----w- C:\Windows\SysWow64\{36C7D2EC-06C2-4796-A89F-93AD16CB453C}{A735B8FD-26B7-4A1A-9000-DAE00DD99DF7}
2011-06-06 16:55:30 183696 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
==================== Find3M ====================
.
2011-06-16 19:48:25 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-06-16 19:48:24 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-05-29 13:11:20 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-05-24 11:42:55 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll
2011-05-24 10:40:05 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
2011-05-24 10:39:38 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
2011-05-24 10:37:54 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
2011-05-04 08:52:22 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-05-04 05:25:03 2315776 ----a-w- C:\Windows\System32\tquery.dll
2011-05-04 05:22:25 778752 ----a-w- C:\Windows\System32\mssvp.dll
2011-05-04 05:22:25 2223616 ----a-w- C:\Windows\System32\mssrch.dll
2011-05-04 05:22:24 75264 ----a-w- C:\Windows\System32\msscntrs.dll
2011-05-04 05:22:24 491520 ----a-w- C:\Windows\System32\mssph.dll
2011-05-04 05:22:24 288256 ----a-w- C:\Windows\System32\mssphtb.dll
2011-05-04 05:19:28 591872 ----a-w- C:\Windows\System32\SearchIndexer.exe
2011-05-04 05:19:28 249856 ----a-w- C:\Windows\System32\SearchProtocolHost.exe
2011-05-04 05:19:28 113664 ----a-w- C:\Windows\System32\SearchFilterHost.exe
2011-05-04 04:34:43 1549312 ----a-w- C:\Windows\SysWow64\tquery.dll
2011-05-04 04:32:02 666624 ----a-w- C:\Windows\SysWow64\mssvp.dll
2011-05-04 04:32:01 337408 ----a-w- C:\Windows\SysWow64\mssph.dll
2011-05-04 04:32:01 197120 ----a-w- C:\Windows\SysWow64\mssphtb.dll
2011-05-04 04:32:01 1401344 ----a-w- C:\Windows\SysWow64\mssrch.dll
2011-05-04 04:32:00 59392 ----a-w- C:\Windows\SysWow64\msscntrs.dll
2011-05-04 04:28:31 86528 ----a-w- C:\Windows\SysWow64\SearchFilterHost.exe
2011-05-04 04:28:31 427520 ----a-w- C:\Windows\SysWow64\SearchIndexer.exe
2011-05-04 04:28:31 164352 ----a-w- C:\Windows\SysWow64\SearchProtocolHost.exe
2011-04-22 22:15:29 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2011-04-13 22:40:10 4284416 ----a-w- C:\Windows\SysWow64\GPhotos.scr
2011-04-09 07:02:55 5562240 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-04-09 06:58:56 142336 ----a-w- C:\Windows\System32\poqexec.exe
2011-04-09 06:02:25 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-04-09 06:02:25 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-04-09 05:56:38 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
.
============= FINISH: 11:00:44.18 ===============
Attached Files
File Type: zip Attach.zip (3.4 KB, 42 views)
SNPG09 is offline  
Sponsored Links
Advertisement
 
Old 07-05-2011, 01:10 PM   #2
Registered Member
 
Join Date: Jul 2011
Posts: 20
OS: Windows 7 Home Premium, Service pack 1



This error screen popped up not sure if it means anything. See attached screen shot.
Attached Thumbnails
Click image for larger version

Name:	error msg.jpg
Views:	133
Size:	214.5 KB
ID:	94458  
SNPG09 is offline  
Old 07-07-2011, 08:50 AM   #3
Security Team
Analyst
 
Join Date: Apr 2007
Location: Montreal, QC. Canada
Posts: 2,656
OS: Windows 2000 Pro. - Vista SP 2, W7



Hello, Welcome to TSF.
I'm nasdaq and will be helping you.

You may wish to Subscribe to this thread (Thread Tools > Subscribe to this thread) so that you are notified when you receive a reply.

Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix.

Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.

If there is anything you don't understand, please ask BEFORE proceeding with the fixes.

Please ensure that you follow the instructions in the order I have them listed.

Please do not install or uninstall any programs, or run any other scanners or software, unless I specifically ask you to do so. Also please copy and paste logs into the thread, rather than add them as attachments.
===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: A guide and tutorial on using ComboFix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs


For AVG antivirus and anti-spyware security software users only.
Quote:
Due to recent changes in AVG and how it interacts with CF, AVG must be uninstalled to run ComboFix. You will get a message from CF stating such.

If AVG will not uninstall, it is first recommended to uninstall it with this AppRemover by Opswat. The AVG uninstaller can be downloaded from here > AppRemover.exe Go to their homepage and you will see they have support for removal of other AV's as well AVG appremover tool.
Please let me know what problem persists.
nasdaq is offline  
Sponsored Links
Advertisement
 
Old 07-07-2011, 01:08 PM   #4
Registered Member
 
Join Date: Jul 2011
Posts: 20
OS: Windows 7 Home Premium, Service pack 1



ComboFix.txt:

ComboFix 11-07-07.03 - SNPG2 07/07/2011 14:22:56.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3935.2451 [GMT -4:00]
Running from: c:\users\SNPG2\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.dat
c:\windows\system32\drivers\etc\lmhosts
.
.
((((((((((((((((((((((((( Files Created from 2011-06-07 to 2011-07-07 )))))))))))))))))))))))))))))))
.
.
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-16 19:48 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-06-16 19:48 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-06-03 22:44 . 2010-04-22 14:54 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-05-29 13:11 . 2011-02-16 19:22 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-24 23:14 . 2010-04-22 14:57 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-05-22 20:34 . 2011-05-22 20:34 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-04-27 19:25 . 2011-04-27 19:25 84864 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2011-04-22 22:15 . 2011-05-25 12:48 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-04-18 17:18 . 2011-04-18 17:18 40832 ----a-w- c:\windows\system32\drivers\MpNWMon.sys
2011-04-18 17:18 . 2011-04-18 17:18 189440 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2011-04-13 22:40 . 2011-04-13 22:40 4284416 ----a-w- c:\windows\SysWow64\GPhotos.scr
2011-04-09 07:02 . 2011-05-11 21:45 5562240 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-09 06:58 . 2011-05-24 15:45 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-04-09 06:02 . 2011-05-11 21:45 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-04-09 06:02 . 2011-05-11 21:45 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-04-09 05:56 . 2011-05-24 15:45 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2010-03-19 5248312]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
"igndlm.exe"="c:\program files (x86)\Download Manager\DLM.exe" [2009-10-27 1103216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SmartWiHelper"="c:\program files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" [2009-10-05 80384]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2009-08-27 320880]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2009-10-24 597792]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2010-11-09 274608]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
.
c:\users\SNPG2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-3-29 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 1081632]
VAIO Messenger.lnk - c:\program files (x86)\DDNi\Oasis\Delay.exe [2010-7-14 14176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-11-05 02:32 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-25 135664]
R2 lxdu_device;lxdu_device; [x]
R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-08-31 362992]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-25 135664]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-08-31 313840]
R3 rspSanity;rspSanity;c:\windows\system32\DRIVERS\rspSanity64.sys [x]
R3 SampleCollector;Intel(R) Sample Collector;c:\program files\Sony\VAIO Care\collsvc.exe [2009-09-17 167424]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-03-31 47128]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe [2010-06-24 46080]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [2009-09-17 189984]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 MSSQL$DDNI;SQL Server (DDNI);c:\program files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\sqlservr.exe [2009-03-30 43010392]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPFILTER
*NewlyCreated* - MPNWMON
*NewlyCreated* - NISDRV
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
2010-11-20 12:17 302592 ----a-w- c:\windows\System32\cmd.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-25 14:52]
.
2011-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-25 14:52]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-10-22 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-10-22 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-10-22 365592]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-09-17 7938080]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-09-17 1833504]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-Apoint - c:\program files (x86)\Apoint\Apoint.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\collsvc.exe\" \"/service\" \"/counter=\Processor(_Total)\% Processor Time:5\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5\" \"/counter=\Network Interface(*)\Bytes Total/sec:5\" \"/directory=inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c5,1b,e6,ef,8b,5b,56,44,93,ef,98,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c5,1b,e6,ef,8b,5b,56,44,93,ef,98,\
.
[HKEY_USERS\S-1-5-21-3185347565-3230318506-4069241986-1004\Software\SecuROM\License information*]
"datasecu"=hex:66,18,10,cd,72,5a,8c,82,74,b6,27,55,76,44,52,9f,55,da,f3,22,fc,
85,f8,89,93,4f,62,b3,a8,6a,33,49,bc,2d,02,9c,29,b2,4e,a9,40,aa,4d,4d,e9,5c,\
"rkeysecu"=hex:00,b4,5e,ff,6c,a9,18,44,87,d8,4b,ad,85,75,e8,bb
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-07-07 15:46:20
ComboFix-quarantined-files.txt 2011-07-07 19:46
.
Pre-Run: 248,842,264,576 bytes free
Post-Run: 248,386,015,232 bytes free
.
- - End Of File - - 351696099F0BA4647AB079CF7FAF920E
SNPG09 is offline  
Old 07-08-2011, 05:58 AM   #5
Security Team
Analyst
 
Join Date: Apr 2007
Location: Montreal, QC. Canada
Posts: 2,656
OS: Windows 2000 Pro. - Vista SP 2, W7



Your ComboFix log is clean.

I'd like us to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push

Please let me know what problem persists.
nasdaq is offline  
Old 07-08-2011, 09:53 AM   #6
Registered Member
 
Join Date: Jul 2011
Posts: 20
OS: Windows 7 Home Premium, Service pack 1



Eset Scan found no threats. Scan was run online in browser. However, it is only detecting Windows Defender as my antivirus and Im using MS Essentials? Windows Defender isn't even enabled. My browser is still disconnecting/reconnecting, but computer seems to be running a bit faster. I am still seeing the following in processes after IE SCODEF:5944 CREDAT:71939 or 71937? Also this process VESMgrSub.exe is running. It has no user/command line/description info and no file location. It will also not let me stop the process. Should I be concerned with this?
SNPG09 is offline  
Old 07-08-2011, 11:01 AM   #7
Security Team
Analyst
 
Join Date: Apr 2007
Location: Montreal, QC. Canada
Posts: 2,656
OS: Windows 2000 Pro. - Vista SP 2, W7



VESMgrSub.exe is a process from Sony. If the system needs it you will not be able to stop it.
VESMgrSub.exe Windows process - What is it?

===

This is caused by a TAB or tabs in Internet Explorer.
Quote:
I noticed this process running "Program Files(x86)\IE\iexplore.ex" SCODEF:3748 CREDAT 203009 this started to appear yesterday.
Read this blog for now we may use the Process Explorer tool if needed later.
How to determine which IE tabs goes to which Iexplore.exe process when using Internet Explorer 8 - We know IE! - Site Home - MSDN Blogs

I suspect that the file is iexplore.exe and not iexplore.ex "Program Files(x86)\IE\iexplore.ex"

However normally Iexplore.exe is placed here C:\Program Files (x86)\Internet Explorer\iexplore.exe

Can you check if you have the .exe file in both folders.

This being the case please rename the file in the Program Files(x86)\IE\iexplore.exe to iexplore.exe.old, accept the change and restart the computer and Internet Explorer.

Keep me posted.
nasdaq is offline  
Old 07-08-2011, 02:16 PM   #8
Registered Member
 
Join Date: Jul 2011
Posts: 20
OS: Windows 7 Home Premium, Service pack 1



I have it in both Program files and Program Files(x86) folders. It would not let me rename the file. A box popped up stating that I needed permission from TrustedInstaller to make changes to the file.
SNPG09 is offline  
Old 07-09-2011, 06:34 AM   #9
Security Team
Analyst
 
Join Date: Apr 2007
Location: Montreal, QC. Canada
Posts: 2,656
OS: Windows 2000 Pro. - Vista SP 2, W7



Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2


If your operating system is 64 bit download this tool:
SystemLook_x64.exe
  • Double-click SystemLook.exe to run it.
  • Copy and paste the content of the following bold text into the main textfield:


    :filefind
    Iexplore.exe

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
nasdaq is offline  
Old 07-11-2011, 07:09 AM   #10
Registered Member
 
Join Date: Jul 2011
Posts: 20
OS: Windows 7 Home Premium, Service pack 1



Had a bit of trouble getting online. Will run SystemLook and post results.
SNPG09 is offline  
Old 07-11-2011, 07:16 AM   #11
Registered Member
 
Join Date: Jul 2011
Posts: 20
OS: Windows 7 Home Premium, Service pack 1



SystemLook 04.09.10 by jpshortstuff
Log created at 10:12 on 11/07/2011 by SNPG2
Administrator - Elevation successful
========== filefind ==========
Searching for "Iexplore.exe"
C:\Program Files\Internet Explorer\iexplore.exe --a---- 695056 bytes [00:36 09/06/2011] [13:28 20/11/2010] 86257731DDB311FBC283534CC0091634
C:\Program Files (x86)\Internet Explorer\iexplore.exe --a---- 673040 bytes [00:35 09/06/2011] [12:22 20/11/2010] C613E69C3B191BB02C7A191741A1D024
C:\Windows\ERDNT\cache86\iexplore.exe --a---- 673040 bytes [19:37 07/07/2011] [12:22 20/11/2010] C613E69C3B191BB02C7A191741A1D024
C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16385_none_0f6595383e78c6f8\iexplore.exe --a---- 696600 bytes [23:58 13/07/2009] [01:43 14/07/2009] F2B0D41E1D08D0B2006DF5AA2E74C81E
C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16671_none_0f6c69ae3e743d20\iexplore.exe --a---- 696592 bytes [23:29 14/10/2010] [05:49 08/09/2010] 498035ABCCF1ED47AE6791D239187587
C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16700_none_0fb71abe3e3c5d59\iexplore.exe --a---- 696592 bytes [19:26 15/12/2010] [06:37 04/11/2010] D8E00EA671A1EFE95C69C7566C505AD4
C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16722_none_0fa37b7a3e4ac7e9\iexplore.exe --a---- 696592 bytes [07:39 09/02/2011] [06:17 18/12/2010] 700B40EA39DFB25517A81032F03D6D20
C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16766_none_0f7c3cf23e679d09\iexplore.exe --a---- 696592 bytes [20:17 15/04/2011] [06:32 24/02/2011] E1BBDE0F187194D4B08335234A4B9FC7
C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16800_none_0fb71ca43e3c5a80\iexplore.exe --a---- 696592 bytes [11:28 16/06/2011] [20:16 22/04/2011] D6F57A9ECB4606076FB9519D1698FCBA
C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20795_none_0fe467c9579e7a28\iexplore.exe --a---- 696592 bytes [23:29 14/10/2010] [05:37 08/09/2010] 4879CB864E290BED38C5BDB641144B1B
C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20831_none_1021480f57716a4d\iexplore.exe --a---- 696592 bytes [19:26 15/12/2010] [06:42 04/11/2010] E220FB009F54AAF649C6A278A5156764
C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20861_none_1000d84b5789be20\iexplore.exe --a---- 696592 bytes [07:39 09/02/2011] [06:11 18/12/2010] 8C6C32E4AF8A3D7155656F5897C504E0
C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20908_none_1048bbbf5752c502\iexplore.exe --a---- 696592 bytes [20:17 15/04/2011] [06:29 24/02/2011] B4881B8F6EDB48CABD44BCC9FB5475C4
C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20949_none_101e7c5957724e1d\iexplore.exe --a---- 696592 bytes [11:28 16/06/2011] [20:15 22/04/2011] 281C23EC5BCB1853A5D571F1A6E52FB1
C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1196a9003b674a92\iexplore.exe --a---- 695056 bytes [00:36 09/06/2011] [13:28 20/11/2010] 86257731DDB311FBC283534CC0091634
C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16385_none_19ba3f8a72d988f3\iexplore.exe --a---- 673048 bytes [23:43 13/07/2009] [01:17 14/07/2009] 2C32E3E596CFE660353753EABEFB0540
C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16671_none_19c1140072d4ff1b\iexplore.exe --a---- 673040 bytes [23:29 14/10/2010] [04:31 08/09/2010] 61EDBCE47ADF3E52AB0B9F49EE4AEBB8
C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16700_none_1a0bc510729d1f54\iexplore.exe --a---- 673040 bytes [19:26 15/12/2010] [05:54 04/11/2010] 58CF468D3FF4CF830339FE5E45356355
C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16722_none_19f825cc72ab89e4\iexplore.exe --a---- 673040 bytes [07:39 09/02/2011] [05:33 18/12/2010] AA08B68EF4E35EFA170CF85A44B23B70
C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16766_none_19d0e74472c85f04\iexplore.exe --a---- 673040 bytes [20:17 15/04/2011] [05:32 24/02/2011] C6697A46554E36541E81182B258A19D6
C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16800_none_1a0bc6f6729d1c7b\iexplore.exe --a---- 673040 bytes [11:28 16/06/2011] [19:29 22/04/2011] 64EFAF916C4009F1B84153D0BB491FB0
C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20795_none_1a39121b8bff3c23\iexplore.exe --a---- 673040 bytes [23:29 14/10/2010] [04:36 08/09/2010] 14803EA3E5DD7CB37CB446C74CFDA38F
C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20831_none_1a75f2618bd22c48\iexplore.exe --a---- 673040 bytes [19:26 15/12/2010] [05:54 04/11/2010] 6B2258FF6D2332073FE9E90122FA4168
C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20861_none_1a55829d8bea801b\iexplore.exe --a---- 673040 bytes [07:39 09/02/2011] [05:32 18/12/2010] 9321CF0D023528C71E3645F8433C86C8
C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20908_none_1a9d66118bb386fd\iexplore.exe --a---- 673040 bytes [20:17 15/04/2011] [05:45 24/02/2011] AB2BB40A5FE49AD236791AC22BD08869
C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.20949_none_1a7326ab8bd31018\iexplore.exe --a---- 673040 bytes [11:28 16/06/2011] [19:11 22/04/2011] F94877A94996B3C12BB31AD722840457
C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1beb53526fc80c8d\iexplore.exe --a---- 673040 bytes [00:35 09/06/2011] [12:22 20/11/2010] C613E69C3B191BB02C7A191741A1D024
-= EOF =-
SNPG09 is offline  
Old 07-11-2011, 08:47 AM   #12
Security Team
Analyst
 
Join Date: Apr 2007
Location: Montreal, QC. Canada
Posts: 2,656
OS: Windows 2000 Pro. - Vista SP 2, W7



Lets check this file for malware infection.


>>> Run Jotti's malware scan: Please copy this line (in bold):
C:\Program Files\Internet Explorer\iexplore.exe
  • Go to Jotti's malware scan and click the Browse button,
  • A window will open, right-click in the File name field and choose Paste.
  • Click the Submit button and let the scan run uninterrupted.
  • At the end right-click the Permalink button and choose "Copy the link".
  • Open Notepad (Start => All Programs => Accessories) and click "Edition" => "Paste".
Please copy and paste these Permalink in your next reply.
If Jotti is busy, please go to https://www.virustotal.com
nasdaq is offline  
Old 07-11-2011, 11:58 AM   #13
Registered Member
 
Join Date: Jul 2011
Posts: 20
OS: Windows 7 Home Premium, Service pack 1



iexplore.exe - Jotti's malware scan
SNPG09 is offline  
Old 07-11-2011, 12:33 PM   #14
Registered Member
 
Join Date: Jul 2011
Posts: 20
OS: Windows 7 Home Premium, Service pack 1



Have noticed that browser is starting to freeze at times temporarily.
SNPG09 is offline  
Old 07-12-2011, 04:56 AM   #15
Security Team
Analyst
 
Join Date: Apr 2007
Location: Montreal, QC. Canada
Posts: 2,656
OS: Windows 2000 Pro. - Vista SP 2, W7



  • Download OTL to your Desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scan box paste this in

    %SYSTEMDRIVE%\*.exe
    %systemroot%\system32\drivers\*.sys /90
    %systemroot%\*. /mp /s
    c:\$recycle.bin\*.* /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    explorer.exe
    svchost.exe
    userinit.exe
    qmgr.dll
    proquota.exe
    kernel32.dll
    ndis.sys
    autochk.exe
    spoolsv.exe
    xmlprov.dll
    ntmssvc.dll
    mswsock.dll
    Beep.SYS
    ntfs.sys
    termsrv.dll
    sfcfiles.dll
    st3shark.sys
    ahcix86.sys
    srsvc.dll
    /md5stop
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
nasdaq is offline  
Old 07-12-2011, 12:51 PM   #16
Registered Member
 
Join Date: Jul 2011
Posts: 20
OS: Windows 7 Home Premium, Service pack 1



OTL Extras logfile created on: 7/12/2011 2:58:07 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\SNPG2\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.84 Gb Total Physical Memory | 2.36 Gb Available Physical Memory | 61.31% Memory free
7.68 Gb Paging File | 5.74 Gb Available in Paging File | 74.76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.99 Gb Total Space | 232.03 Gb Free Space | 80.85% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: SNPG2-VAIO | User Name: SNPG2 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{0826F9E4-787E-481D-83E0-BC6A57B056D5}" = Microsoft SQL Server VSS Writer
"{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{725D5BA4-E9FA-452B-8CF5-D7E5F8055C71}" = VAIO Content Metadata Intelligent Network Service Manager
"{77B8B4A5-EE79-4907-A318-2DA86325B8D7}" = iTunes
"{7ECD4ACB-E1B6-425B-B8AA-5761A59B77E0}" = Setup_VEP_x64_Contain_SSDB
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{A1255354-11F3-4D25-95CC-C9B1C2320761}" = VAIO Content Metadata Intelligent Analyzing Manager
"{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}" = Microsoft SQL Server 2008 Native Client
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{DB9C43F7-0B0F-4E43-9E6B-F945C71C469E}" = VD64Inst
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{E5C95CA5-4565-4B9D-97ED-05088D775614}" = Apple Mobile Device Support
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1" = Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
"6B8550A319DDC8B17F35F4A89988705E4592349B" = Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000)
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00721C5E-5B17-494C-95E5-208415864F62}" =
"{0131D7EF-65FF-478F-8ABD-5ABEE24EC8EF}" = VAIO Messenger
"{0489D044-6386-4BDF-9F98-577D60CF79DD}" = VAIO Entertainment Platform
"{07441A52-E208-478A-92B7-5C337CA8C131}" = Remote Play with PlayStation®3
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{0F962B79-D0DC-40D9-96BA-ED1355120CBA}" = QuickBooks Financial Center
"{127C8955-B5C5-4682-9428-B8243EC4E6AE}" = Remote Play with PlayStation 3
"{12D0BE8D-538C-4AB1-86DE-C540308F50DA}" = VAIO Content Metadata Manager Settings
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1873FFC1-FDCB-47E1-B7C7-F418211E3530}" = PMB VAIO Edition plug-in (VAIO Image Optimizer)
"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
"{1B500D37-E7CF-480B-8054-8A563594EC4E}" = VAIO OOBE and Startup Assistant
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java(TM) 6 Update 25
"{27F9068F-27D3-42FF-BE10-94CC94F46F33}" = VAIO Content Metadata Manager Settings
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{291FB4BF-EEC7-4CF9-8469-F39ED1DBC4D8}" = VAIO Content Metadata XML Interface Library
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver
"{34B37A74-125E-4406-87BA-E4BD3D097AE5}" = VAIO Survey
"{34DC654E-6E43-4BFA-9E00-6C16CFA7B9F0}" = VAIO Data Restore Tool
"{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}" = VAIO Care
"{40C4903E-EDFB-4CAE-A611-41FEBA585921}" = VTech Download Agent Library
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = PMB VAIO Edition plug-in (Click to Disc)
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy Media Creator 10 LJ
"{547C9EB4-4CA6-402F-9D1B-8BD30DC71E44}" = VAIO Sample Contents
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data
"{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = VAIO Transfer Support
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65B138AE-F636-4D4C-BA5D-A06E21E47C53}" = Remote Keyboard with PlayStation 3
"{6754AE0D-B2E1-45E4-835F-FDFEC373DE8A}" = VAIO Hardware Diagnostics
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{6BF03C88-C06A-48DC-B9A1-FE72B24E5FA9}" = VAIO Media plus Opening Movie
"{6D320CE8-79EB-4D45-8C6D-DEF74D84B49A}" = VAIO Window Organizer
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{70991E0A-1108-437E-BA7D-085702C670C0}" =
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-i Visual Effects 2
"{803E4FA5-A940-4420-B89D-A8BC2E160247}" = VAIO Power Management
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{88C252C8-A7EE-4B60-BF74-8E5919A8048F}" = PMB VAIO Edition Guide
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}" = VAIO Media plus
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8FA63AA5-7138-4B6F-8404-F18835E2B8F4}" = Media Gallery
"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{931FE23C-BB40-4C7A-A594-DB35908D8E83}" = VAIO Quick Web Access
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" =
"{9B163B82-3B46-4CE5-BF01-A53E550A8E58}" = Sony Home Network Library
"{9B5F85CA-90D4-4AFC-BB37-32477FD0D2B9}" = SmartWi Connection Utility
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3563827-B0DB-44DC-B037-15CC4E5E692F}" = VAIO Content Metadata XML Interface Library
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A95187EF-BCF4-4468-B501-C0BAB976ADD1}" = VAIO Personalization Manager
"{AC050677-EAFC-4B57-8F83-8205F65134D2}" = VAIO Content Metadata XML Interface Library
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B1DADBEB-7F82-4B29-84D6-5F14A020F0A0}" = VAIO Content Metadata Intelligent Analyzing Manager
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = PMB VAIO Edition plug-in (VAIO Movie Story)
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{BA4DA261-CB60-4690-B202-44998DFC6986}" = Microsoft SQL Server 2008 Setup Support Files
"{BCA907B6-5A0F-473E-8C63-0FF0CFAEB7B7}" = VAIO Personalization Manager
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{DB1C9CB7-DF65-4991-BD17-71BF9CD15BA0}" = VAIO Help and Support
"{DD88F979-FA58-41AC-980C-A6E1A82B61D9}" = Media Gallery
"{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}" = ArcSoft WebCam Companion 3
"{E3DC1111-5D32-40F9-BB81-64E31294C1A4}" = VAIO Personalization Manager
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E50FC5DB-7CBD-407D-A46E-0C13E45BC386}" = Oasis2Service 1.0
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{FB77DB0C-6951-47B6-9D80-A0FDBEE0334C}" =
"{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Easy Media Creator Home
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10
"am-cookingdashrdinertownstudiostm" = Cooking Dash(R) - DinerTown Studios(TM)
"am-dinerdashfloonthego" = Diner Dash - Flo on the Go
"am-supermarketmaniar2" = Supermarket Mania(R) 2
"BFGC" = Big Fish Games: Game Manager
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Download Manager" = Download Manager 2.3.10
"ESET Online Scanner" = ESET Online Scanner v3
"Google Chrome" = Google Chrome
"InstallShield_{1873FFC1-FDCB-47E1-B7C7-F418211E3530}" = PMB VAIO Edition plug-in (VAIO Image Optimizer)
"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = PMB VAIO Edition plug-in (Click to Disc)
"InstallShield_{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"InstallShield_{88C252C8-A7EE-4B60-BF74-8E5919A8048F}" = PMB VAIO Edition Guide
"InstallShield_{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = PMB VAIO Edition plug-in (VAIO Movie Story)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Nancy Drew Shadow at the Water’s Edge" = Nancy Drew Shadow at the Water’s Edge
"Office14.SingleImage" = Microsoft Office Professional 2010
"Picasa 3" = Picasa 3
"Picturetrail Photo Editor version 2.1.0.0_is1" = Picturetrail Photo Editor 2.1.0.0
"RealPlayer 12.0" = RealPlayer
"splashtop" = VAIO Quick Web Access
"VAIO Messenger" = VAIO Messenger
"VTechDownloadManager" = Learning Lodge Navigator
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.1
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle" = Amazon Kindle

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/5/2011 8:51:10 AM | Computer Name = SNPG2-VAIO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3245

Error - 7/5/2011 8:51:10 AM | Computer Name = SNPG2-VAIO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3245

Error - 7/5/2011 2:31:46 PM | Computer Name = SNPG2-VAIO | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 7/5/2011 2:32:45 PM | Computer Name = SNPG2-VAIO | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 7/5/2011 2:32:45 PM | Computer Name = SNPG2-VAIO | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 7/5/2011 2:32:45 PM | Computer Name = SNPG2-VAIO | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 7/5/2011 2:32:45 PM | Computer Name = SNPG2-VAIO | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 7/6/2011 11:13:37 AM | Computer Name = SNPG2-VAIO | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 7/6/2011 3:01:24 PM | Computer Name = SNPG2-VAIO | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files (x86)\real\realplayer\plugins\rmxrend.dll".
Dependent
Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 7/6/2011 3:01:35 PM | Computer Name = SNPG2-VAIO | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "c:\program files (x86)\real\realplayer\plugins\rmxrend.dll".
Dependent
Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

[ System Events ]
Error - 12/24/2010 10:01:06 PM | Computer Name = SNPG2-VAIO | Source = bowser | ID = 8003
Description =

Error - 12/26/2010 11:58:58 AM | Computer Name = SNPG2-VAIO | Source = bowser | ID = 8003
Description =

Error - 12/31/2010 1:31:48 PM | Computer Name = SNPG2-VAIO | Source = bowser | ID = 8003
Description =

Error - 12/31/2010 4:07:45 PM | Computer Name = SNPG2-VAIO | Source = bowser | ID = 8003
Description =

Error - 1/2/2011 5:40:51 PM | Computer Name = SNPG2-VAIO | Source = EventLog | ID = 6008
Description = The previous system shutdown at 9:34:08 AM on ?1/?2/?2011 was unexpected.

Error - 1/2/2011 5:40:59 PM | Computer Name = SNPG2-VAIO | Source = BugCheck | ID = 1001
Description =

Error - 1/2/2011 5:41:06 PM | Computer Name = SNPG2-VAIO | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Roxio
Upnp Server 10 service to connect.

Error - 1/2/2011 8:35:06 PM | Computer Name = SNPG2-VAIO | Source = bowser | ID = 8003
Description =

Error - 1/2/2011 9:11:09 PM | Computer Name = SNPG2-VAIO | Source = bowser | ID = 8003
Description =

Error - 1/2/2011 9:35:12 PM | Computer Name = SNPG2-VAIO | Source = bowser | ID = 8003
Description =


< End of report >
SNPG09 is offline  
Old 07-12-2011, 12:53 PM   #17
Registered Member
 
Join Date: Jul 2011
Posts: 20
OS: Windows 7 Home Premium, Service pack 1



OTL logfile created on: 7/12/2011 2:58:07 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\SNPG2\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.84 Gb Total Physical Memory | 2.36 Gb Available Physical Memory | 61.31% Memory free
7.68 Gb Paging File | 5.74 Gb Available in Paging File | 74.76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.99 Gb Total Space | 232.03 Gb Free Space | 80.85% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: SNPG2-VAIO | User Name: SNPG2 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\SNPG2\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10q_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
PRC - C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe (Digital Delivery Networks, Inc.)
PRC - C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe ()
PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe ()
PRC - C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe ()
PRC - C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe ()
PRC - C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe ()
PRC - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)


========== Modules (SafeList) ==========

MOD - C:\Users\SNPG2\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (VcmINSMgr) -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe (Sony Corporation)
SRV:64bit: - (VcmIAlzMgr) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
SRV:64bit: - (SpfService) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe (Sony Corporation)
SRV:64bit: - (VAIO Power Management) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)
SRV:64bit: - (SampleCollector) -- C:\Program Files\Sony\VAIO Care\collsvc.exe (Intel Corporation)
SRV:64bit: - (RtkAudioService) -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor)
SRV:64bit: - (VcmXmlIfHelper) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe (Sony Corporation)
SRV:64bit: - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (VCFw) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
SRV - (Oasis2Service) -- C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe ()
SRV - (VAIO Event Service) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (PMBDeviceInfoProvider) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (Roxio Upnp Server 10) -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe (Sonic Solutions)
SRV - (Roxio UPnP Renderer 10) -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe (Sonic Solutions)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (uCamMonitor) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (SBRE) -- C:\Windows\SysNative\drivers\sbredrv.sys (Sunbelt Software)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (rspSanity) -- C:\Windows\SysNative\drivers\rspSanity64.sys (Resplendence Software Projects Sp.)
DRV:64bit: - (dc3d) MS Hardware Device Detection Driver (HID) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (IntcHdmiAddService) Intel(R) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:64bit: - (risdptsk) -- C:\Windows\SysNative\drivers\risdsn64.sys (REDC)
DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\drivers\rimssn64.sys (REDC)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (SFEP) -- C:\Windows\SysNative\drivers\SFEP.sys (Sony Corporation)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (ArcSoftKsUFilter) -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: C:\Program Files (x86)\Download Manager\npfpdlm.dll (IGN Entertainment)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.599: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.599: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.599: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.599: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)


[2011/01/18 11:46:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SNPG2\AppData\Roaming\Mozilla\Extensions

O1 HOSTS File: ([2011/07/07 15:16:27 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [SmartWiHelper] C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe (Sony Electronics Corporation)
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [igndlm.exe] C:\Program Files (x86)\Download Manager\DLM.exe (IGN Entertainment)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10q_ActiveX.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} https://appldnld.apple.com.edgesuite....x/qtplugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} https://download.macromedia.com/pub/s...irector/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} https://security.symantec.com/sscv6/S...in/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} https://cdn.scan.onecare.live.com/res.../wlscctrl2.cab (Windows Live OneCare safety scanner control)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} https://www.fileplanet.com/fpdlmgr/ca...2.3.10.115.cab (CDownloadCtrl Object)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} https://download.bitdefender.com/reso...an8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} https://security.symantec.com/sscv6/S.../bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} https://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} https://upload.facebook.com/controls/...Uploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} https://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} https://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} https://ax.emsisoft.com/asquared.cab (a-squared Scanner)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} https://trial.trymicrosoftoffice.com/...soft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} https://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} https://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} https://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
SNPG09 is offline  
Old 07-12-2011, 01:04 PM   #18
Registered Member
 
Join Date: Jul 2011
Posts: 20
OS: Windows 7 Home Premium, Service pack 1



========== Files/Folders - Created Within 30 Days ==========

[2011/07/12 14:55:20 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\SNPG2\Desktop\OTL.exe
[2011/07/12 07:50:54 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{F726B430-0FA1-4EAE-ABC4-A76E4EA7A35C}
[2011/07/12 07:50:53 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{716C031E-979B-447C-A033-86B833495719}
[2011/07/12 07:50:53 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{912C30AB-FEF1-48FD-B012-DD07679BF31F}
[2011/07/12 07:50:53 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{58E33DB6-C933-491B-974A-2E6FEC30C098}
[2011/07/12 07:50:51 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{C5BC9D26-3D9B-4DAD-B3E9-8B9D5C7985FB}
[2011/07/12 07:50:51 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{3D24AC24-C87A-46B2-9E1F-A41BC0C775B6}
[2011/07/11 10:17:30 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/07/08 15:09:38 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{8BF78677-FEED-4223-8724-7ED0D8A84F27}
[2011/07/08 15:09:38 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{5CADB45E-B15B-46A0-97D0-C7DF150BE285}
[2011/07/08 15:09:36 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{95E96BBC-EF27-4252-AFA5-EC3CDA6B7650}
[2011/07/07 15:46:52 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/07/07 14:21:08 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/07/07 14:21:08 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/07/07 14:21:08 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/07/07 14:21:02 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/07/07 14:21:00 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/07/07 14:19:31 | 004,135,577 | R--- | C] (Swearware) -- C:\Users\SNPG2\Desktop\ComboFix.exe
[2011/07/07 13:58:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2011/07/07 13:58:24 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/07/07 13:21:21 | 000,029,752 | ---- | C] (Resplendence Software Projects Sp.) -- C:\Windows\SysNative\drivers\rspSanity64.sys
[2011/07/06 20:16:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/06 20:16:36 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/07/06 20:16:31 | 000,000,000 | ---D | C] -- C:\Users\SNPG2\Desktop\Malwarebytes' Anti-Malware
[2011/07/06 15:14:05 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe
[2011/07/06 15:14:05 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devrtl.dll
[2011/07/06 15:14:00 | 002,315,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll
[2011/07/06 15:14:00 | 002,223,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll
[2011/07/06 15:13:59 | 001,549,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll
[2011/07/06 15:13:59 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll
[2011/07/06 15:13:59 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe
[2011/07/06 15:13:58 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll
[2011/07/06 15:13:57 | 000,778,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll
[2011/07/06 15:13:57 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll
[2011/07/06 15:13:57 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll
[2011/07/06 15:13:57 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe
[2011/07/06 15:13:56 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll
[2011/07/06 15:13:56 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssphtb.dll
[2011/07/06 15:13:56 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll
[2011/07/06 15:13:55 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll
[2011/07/06 10:39:56 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{5FDF1F93-3286-4F42-98CA-8876E74D3657}
[2011/07/06 10:39:55 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{CAD71535-8477-4418-95AC-094E757A5AA0}
[2011/07/06 10:39:54 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{324D40BC-ADFF-4D2D-8442-939E73DA7E93}
[2011/07/05 10:44:08 | 000,000,000 | ---D | C] -- C:\Users\SNPG2\AppData\Roaming\InstallShield
[2011/07/02 08:25:06 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{88413039-8D19-46CD-91B0-B5D72695CA2E}
[2011/07/02 08:25:06 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{AF149D8F-808D-4E1E-AB1A-90D0434A15A2}
[2011/07/02 08:25:05 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{71AA5E62-3F2E-4190-9042-9549425AE0D9}
[2011/07/02 08:25:04 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{B92F8549-7A01-46F8-B615-056ED7449EE3}
[2011/07/02 08:25:03 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{E99CBE34-5E30-400C-9175-ECCE0FCE73C8}
[2011/07/02 08:25:03 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{A5970775-3337-49CC-B413-650A7721F26C}
[2011/07/02 08:25:02 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{D6B48077-7DB4-433B-AB34-46CBAD8B56E1}
[2011/07/02 08:25:01 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{CAC53B25-1E57-4FD8-A401-48F32DD04892}
[2011/07/02 08:24:58 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{A4FF4B97-B8B9-4826-9948-86521F26985F}
[2011/07/02 08:24:58 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{5A124852-B6C0-4C73-B7F1-0479EC60E838}
[2011/07/02 08:24:58 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{1C297E17-1224-454D-85DF-7EC01A1D9084}
[2011/07/02 08:24:56 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{F8146CB6-0D88-4FEE-A45D-6CA92B7C9EF1}
[2011/07/02 08:24:56 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{BC649B4C-960A-4B87-8C60-A2EDDAA5B3BF}
[2011/07/02 08:24:54 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{A9BA672B-AA47-446E-9147-B2A6706B8A82}
[2011/07/02 08:24:53 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{2388A2B5-0B30-4E67-8FDA-85567284AEE1}
[2011/07/02 08:24:52 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{C75DF936-40A6-4055-9442-4894231FDE27}
[2011/07/02 08:24:51 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{DE1E4017-671D-4157-B8EC-EB8AC6020441}
[2011/07/02 08:24:51 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{5C3FA4C3-33AB-474F-B6A3-AB8EC96FF534}
[2011/07/02 08:24:51 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{0C916A17-93D8-4929-A680-A5749669A699}
[2011/07/02 08:24:51 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{97026D3D-B882-464F-85D2-CEC1E7C5DFBA}
[2011/07/02 08:24:49 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{25F119CA-0B16-4F85-B321-25CF575A5ADD}
[2011/07/02 08:24:49 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{20C3C650-E66E-4AFD-84FA-07FF3616BAAB}
[2011/07/02 08:24:48 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{3E0773B2-ACAB-4C55-8D13-0769AB840642}
[2011/07/02 08:24:48 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{EF5687E7-79C5-45C9-BDF2-2529ECD9E559}
[2011/07/02 08:24:48 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{78908613-DCA3-4D31-AB62-2127AA8F5E4E}
[2011/07/02 08:24:47 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{6643EE5A-110B-4185-AC99-D3B507554DE2}
[2011/07/02 08:24:43 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{435B6431-FBB6-4D31-9CEF-F0FEA975D0A1}
[2011/07/02 08:24:36 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{DE36E858-9C30-4A79-8091-37C158C06548}
[2011/07/02 08:24:36 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{C33EC26B-E71B-48C4-921B-C09EC1F9DA8D}
[2011/07/02 08:24:26 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{1BBBA318-7DCA-4495-8253-C86AC77395FE}
[2011/07/02 08:24:25 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{B4225DB4-04EA-4F0D-A649-8E0913879740}
[2011/07/02 08:24:24 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{715CA5DB-E265-4DA4-83FB-D309EC4E7D83}
[2011/07/02 08:24:23 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{0E8E456E-8F7B-41D0-ACF2-ED3966D904C9}
[2011/07/02 08:24:21 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{4953880A-33DB-4B9F-A9AE-981E0E30EE84}
[2011/07/02 08:24:21 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{2366F4FB-1359-436E-98C6-AC6F55666B54}
[2011/07/02 08:24:19 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{9735E709-3AF7-4AE2-83F1-9D70B260C28E}
[2011/07/02 08:24:18 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{22958C83-ACC6-4D0C-B1E1-C010E6B83047}
[2011/07/02 08:24:18 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{44BF0F9F-E2B5-4331-BA25-FB6DDEF34A9C}
[2011/07/02 08:24:18 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{5C4188B5-6468-4833-BCFC-BC20E2CEA0DB}
[2011/07/02 08:24:17 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{C1250D3C-B734-4B45-B893-D0B91A69627F}
[2011/07/02 08:24:17 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{277A3B69-1AA6-4315-9DE1-F4708B28FBFF}
[2011/07/02 08:24:15 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{C717E6E9-859D-4F8F-B8E4-2A5A4E5FCC57}
[2011/07/02 08:24:15 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{A039E0D8-3C3C-4F7A-B1BD-03A0FFA0878C}
[2011/07/02 08:24:12 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{DD60BCF5-C25C-4F77-927A-98F778D5D09C}
[2011/07/02 08:24:12 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{7C1A52FF-3633-4B06-B6CD-5365A9C5E47D}
[2011/07/02 08:24:12 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{30903E73-7B69-4EA5-A8B5-32C9905D81ED}
[2011/07/02 08:24:11 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{B102B698-5026-42EF-B976-E39B0299FA15}
[2011/07/02 08:24:07 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{F8FE3FFC-9337-4584-811A-5CFBEBCDCFC0}
[2011/07/02 08:23:59 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{4BE5A213-3153-4500-8241-922378CEC339}
[2011/07/02 08:23:55 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{CA9A6EE1-9BCC-47E0-98D9-4BAB8F281C7F}
[2011/07/02 08:23:53 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{A177835F-D1F2-415E-8B54-A4BFB1312FCF}
[2011/07/02 08:23:53 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{EA39452E-D8F9-49C8-BE98-CC953EA5DEE4}
[2011/07/02 08:23:53 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{1CAB639A-FC22-48E8-BB70-0F3388502A68}
[2011/07/02 08:23:53 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{4E5F7816-0BB1-428B-A079-D7C4D100F9FD}
[2011/07/02 08:23:47 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{6E91B662-000D-4078-9349-D3A5D9729CE2}
[2011/07/02 08:23:46 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{216D647F-2B23-4489-B883-E077A1E97DEA}
[2011/07/02 08:23:45 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{4C1CF9F0-56C3-4A91-841F-776E839D168C}
[2011/07/02 08:23:44 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{2B47F122-71E8-43D6-AFBC-921412C0D606}
[2011/07/02 08:23:44 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{4A8B30D6-7DDF-4F3D-BEBD-6BDCCFA4AA49}
[2011/07/02 08:23:43 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{D09049A0-8116-470F-894C-12EE4DE53FE1}
[2011/07/02 08:23:43 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{3AAAF1AF-C04F-4EB8-93A2-145696F5BADE}
[2011/07/02 08:23:43 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{2980CC9E-7C90-485A-9C22-4279BF63FAFE}
[2011/07/02 08:23:40 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{3523DB24-9349-4398-9F50-1EB0A0ADDCE1}
[2011/07/02 08:23:39 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{2822FCD1-7186-412D-ACED-B43CCC1DF26A}
[2011/07/02 08:23:37 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{6EAEF8DF-FE4B-4DA0-98BD-0E699C3BF1DE}
[2011/07/02 08:23:37 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{3BF1BE31-D368-4B19-8AA3-81C31B25AD04}
[2011/07/02 08:23:37 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{2A689BD6-8C1A-4531-A606-C916D27AF91C}
[2011/07/02 08:23:34 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{295F3F18-AA8F-4A4E-B18C-AE3B17A40F93}
[2011/07/02 08:23:34 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{FEFCFD7D-E133-49E9-8D1A-42B7498147DA}
[2011/07/02 08:23:32 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{A0AAE342-06F7-407D-B472-4394553EC6BD}
[2011/07/02 08:23:32 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{543B98DD-CC98-4499-A751-348DAF0DDB49}
[2011/07/02 08:23:32 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{C0FC1243-CC9A-440F-A5D3-37B9631344D7}
[2011/07/02 08:23:32 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{8BADEB13-E314-4283-AF2B-16D529A37B39}
[2011/07/02 08:23:30 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{7DCEFF66-0EC7-44A7-B66C-C4175865DFFF}
[2011/07/02 08:23:30 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{5FCAE113-56E2-46FA-8CFC-13E5612D83EB}
[2011/07/02 08:23:29 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{3675C506-9823-47C8-953B-0A992E1E0940}
[2011/07/02 08:23:28 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{993F4498-C46B-402C-9939-7715EA50B2AD}
[2011/07/02 08:23:25 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{B6281F07-9B39-41CD-B5E5-D02C9C12685E}
[2011/07/02 08:23:24 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{DA05BB87-A26A-435A-A328-9161FF2408BB}
[2011/07/02 08:23:24 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{68F6F537-F058-4ECB-9075-B56CFE0A2374}
[2011/07/02 08:23:24 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{39DC4FB1-4D45-4D42-9D4F-13F42036C49D}
[2011/07/02 08:23:22 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{E9AB7F25-D3A0-4449-B32A-EF32AEA55AE2}
[2011/07/02 08:23:22 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{87AD9DDC-393D-4213-9011-36A84175ED5D}
[2011/07/02 08:23:22 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{6621F5FE-7B27-45E6-BED0-609AB79CFBBF}
[2011/07/02 08:23:22 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{35695475-8D87-4593-951B-2E43C8D31088}
[2011/07/02 08:23:21 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{EE8921BC-4FEB-4FE4-A79B-AE6B256704FE}
[2011/07/02 08:23:21 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{6E867BCF-4907-490E-85DC-3835D50E2106}
[2011/06/30 17:50:03 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{D6AEC98F-6ADC-47C1-AAA5-A4E66AC20500}
[2011/06/30 17:50:03 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{B441A0C5-CB5B-4844-BF3F-F184742F03BD}
[2011/06/30 17:50:02 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{DC6F567C-8B60-460A-8306-713BD409B474}
[2011/06/30 17:50:02 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{DA399B21-E1A9-4C4F-AF27-389D20BCDB74}
[2011/06/30 17:50:02 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{063CB82A-4EE0-4A07-87FF-F9ABF7757F71}
[2011/06/30 17:50:02 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{F44C6711-E13B-4DE7-BDBD-66702CAC1E22}
[2011/06/30 17:50:02 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{206316E0-5C1F-4670-8B17-9E9CA16E75EE}
[2011/06/30 17:50:01 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{86535BDE-1D08-4047-B79F-F2AD7C1C9C94}
[2011/06/30 17:50:01 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{0AC628F9-EADA-4347-8692-F44BADDD9979}
[2011/06/30 17:50:01 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{CDBD39CA-5F9A-4218-80F1-2879A9856AE2}
[2011/06/30 17:50:01 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{76FA0FF7-7745-4F5F-8904-D3E4BB6AAC23}
[2011/06/30 17:50:00 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{9CABFCF8-6C65-4DC2-BB31-A6C4E86B4667}
[2011/06/30 17:50:00 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{A5CAB0E0-25BB-4FFD-8316-BF76F54B06E4}
[2011/06/30 17:50:00 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{54187A37-08A8-4CF0-ADB2-5E884724F7FD}
[2011/06/30 17:50:00 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{B1C21AA1-A816-4120-85E9-23B72D303930}
[2011/06/30 17:49:59 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{FE0182C1-52DE-412F-A584-74BA56D27EDC}
[2011/06/30 17:49:59 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{93DD2820-BA5F-43C3-99D6-815ED8DE0096}
[2011/06/30 17:49:59 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{725866CF-CA5A-4879-BABE-2A2A950AAB2B}
[2011/06/30 17:49:59 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{5C77A0FB-D354-4D9F-9A98-AF06F8C2BF0A}
[2011/06/30 17:49:59 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{FAA70129-E233-442C-A1EA-FC18C04DC5B7}
[2011/06/30 17:49:58 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{45D890F5-4842-4D48-9825-BFD16E250265}
[2011/06/30 17:49:58 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{2B2AFF22-8DCA-433D-8CB9-065CFFF99BC9}
[2011/06/30 17:49:58 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{938086A9-0309-48FE-B48B-28BB6A8CB0D1}
[2011/06/30 17:49:58 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{6DCA6F19-86A5-4EB2-9E52-FC540583ECB5}
[2011/06/30 17:49:56 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{5C8F7E8B-38CC-4591-842E-F20A576EB39D}
[2011/06/30 17:49:56 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{28149C14-0F5C-4689-8B53-7766FB5A852A}
[2011/06/30 17:49:55 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{F6CB8E15-4269-4795-8F81-D53C7535812B}
[2011/06/30 17:49:55 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{9D0747D9-9068-4C25-857E-B81D78EEFE16}
[2011/06/30 17:49:54 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{00C842DE-3E3F-4B4F-BBCD-3615B789E99D}
[2011/06/30 17:49:53 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{C8F8333D-DF6C-4E31-8F41-6DF08388C890}
[2011/06/30 17:49:52 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{572A799B-48C4-4F4D-8749-CF24493B34B9}
[2011/06/30 17:49:52 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{17D34307-17E4-40F1-97DD-F73EE503139D}
[2011/06/30 17:49:52 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{A471D795-C7B6-4954-8A26-ABF97C157A42}
[2011/06/30 17:49:49 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{C946A5D4-20AF-49ED-920D-DFC2804E6DFF}
[2011/06/30 17:49:48 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{3B20901A-CBA2-45F8-B389-B32CFE999A41}
[2011/06/30 17:49:47 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{4EFC4B48-32EC-4409-A818-92DCE50B7A3E}
[2011/06/30 17:49:45 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{258A8426-48D1-4F76-9283-8B4B35526724}
[2011/06/30 17:49:43 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{D98F1DF4-4ED4-4EDA-97BE-DF712BE441B8}
[2011/06/30 17:49:43 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{9879DFFE-2271-4CB8-B186-A293687F2540}
[2011/06/28 17:14:54 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{FBC77A08-7C84-4BA1-BD24-EB4073CB6293}
[2011/06/28 17:14:54 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{D49A90F1-2626-4A73-BCDE-320694817196}
[2011/06/28 17:14:54 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{790FC08C-077F-4B7E-920C-7B4599C55380}
[2011/06/28 17:14:54 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{D3EE4DBF-87CE-4D85-9D14-1ECB89701D3F}
[2011/06/28 17:14:54 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{1A831111-DC5E-4ED9-AFDF-4E80B9F46FFE}
[2011/06/28 17:14:53 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{BBE33565-2EC9-4E89-BEA5-65DBE7A9EF72}
[2011/06/28 17:14:53 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{553A15B4-B934-4400-B154-F9BD94DEA4EB}
[2011/06/28 17:14:53 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{250BE578-9EAB-4948-A158-AC2417D427FB}
[2011/06/28 17:14:53 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{92226BA3-9C64-42B8-B08F-50B86F3CBE84}
[2011/06/28 17:14:53 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{243BE47F-7FDE-4F37-B9DC-9D6338087BD9}
[2011/06/28 17:14:53 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{0BF95730-03C2-46E3-B86A-5E2A0C476002}
[2011/06/28 17:14:52 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{E414CB31-6AFD-441D-B620-2B1D2D39B21C}
[2011/06/28 17:14:52 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{A026DACC-52C0-4295-BE8D-F9CCA8671D1C}
[2011/06/28 17:14:52 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{780896CA-0B5C-4B8B-ABF8-6452AF630C69}
[2011/06/28 17:14:52 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{C64C2033-42CA-49D9-8183-CC19B93416CC}
[2011/06/28 17:14:52 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{651EF254-CB9B-4E4C-ABB5-8D459E8B6445}
[2011/06/28 17:14:51 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{BE95156C-A0F9-4138-B1AE-00BFD86BD3CB}
[2011/06/28 17:14:51 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{1C03BDA9-7F70-4E14-802B-C1C7B5DA1569}
[2011/06/28 17:14:51 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{D33DEA35-21A2-48BC-A335-088ACB73460A}
[2011/06/28 17:14:51 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{4B22B892-9A9C-4D5E-A026-7C1506976490}
[2011/06/28 17:14:51 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{098A67F7-C4F6-45B9-B80B-CD5528C71BA6}
[2011/06/28 17:14:50 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{C3728F81-455B-49D5-853F-A1B447D89DFC}
[2011/06/28 17:14:50 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{93E137DD-6BB9-45EA-B85E-E0E937C435C0}
[2011/06/28 17:14:50 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{049115C4-6E0D-4230-912B-79E08AB39D95}
[2011/06/28 17:14:49 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{B697BB38-442A-4F50-B60E-888EB7FEF234}
[2011/06/28 17:14:49 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{A64797CD-EE49-4196-9C47-8FE44B30542C}
[2011/06/28 17:14:49 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{CE43E40A-D7CA-4C3E-B2CB-E8ECA367ECB8}
[2011/06/28 17:14:49 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{84542172-DC7E-4304-8A42-1CF8740982DD}
[2011/06/28 17:14:49 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{5FC6A6CA-7978-43C3-9B09-36AB410CCEDE}
[2011/06/28 17:14:49 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{98F974BF-FC30-4BAC-90D9-9CBA538C2B43}
[2011/06/28 17:14:49 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{1A5B8C99-8086-4A44-8767-578D9790AC87}
[2011/06/28 17:14:48 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{F81ABFF4-5AE8-41ED-BAA9-4E117D4D84CC}
[2011/06/28 17:14:48 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{9621161D-E0EE-434C-A297-4633BF785220}
[2011/06/28 17:14:48 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{26837589-18A3-4259-901B-99DEC4F12B85}
[2011/06/28 17:14:48 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{C2CD9C42-4660-44B0-8CFA-F0AF9316A672}
[2011/06/28 17:14:48 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{264A466B-30E2-4011-9783-323BCCE98A77}
[2011/06/28 17:14:48 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{7CCAD907-7B5E-4C51-8225-4810D59723D8}
[2011/06/28 17:14:48 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{46A92938-DBAA-43E6-87E5-C10446B094E3}
[2011/06/28 17:14:47 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{1FEDA7B1-57D1-4F2E-99BF-511186773011}
[2011/06/28 17:14:47 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{73BA5F34-5888-41E1-822A-5935B94664EF}
[2011/06/28 17:14:47 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{581BC074-A934-4387-A53D-52D0348A1348}
[2011/06/28 17:14:47 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{F17F89B2-0A23-4E1B-A1BE-C93071ECA2A1}
[2011/06/28 17:14:47 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{AC127BC6-B6AF-417A-8B47-84EFEBC6E985}
[2011/06/28 17:14:46 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{D1198142-DBAB-4FEC-A5DF-E6A7F363ADFD}
[2011/06/28 17:14:46 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{CFD4D734-6092-4475-80EF-A257AE8FD15D}
[2011/06/28 17:14:46 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{8C1206CD-03B7-4148-A922-6FED2C2313FF}
[2011/06/28 17:14:46 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{3D7482FF-1CE8-4F8F-A7E7-A6A2BF0899FE}
[2011/06/28 17:14:46 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{075F613A-FE5A-47F7-B701-C5728B0A743A}
[2011/06/28 17:14:45 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{F3A591C7-6E3C-4F29-B8BA-A3EAFAB4025E}
[2011/06/28 17:14:45 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{288EC6CD-94DA-4972-8F3B-65F88FBFB7CC}
[2011/06/28 17:14:45 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{B33FF369-4528-494B-A9D0-764C9F25DE7A}
[2011/06/28 17:14:45 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{2FE3593E-FF3D-4768-9E31-B2CE6FB160F8}
[2011/06/28 17:14:45 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{F07D52C9-3255-42A7-A018-F8E60043C0F9}
[2011/06/28 17:14:44 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{A5606344-E362-474D-A909-70D9C6B2647B}
[2011/06/28 17:14:44 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{8A46494E-B310-4107-8A05-D92C0CDDD4A5}
[2011/06/28 17:14:44 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{75A5FB76-1A76-4733-898A-16CA19027448}
[2011/06/28 17:14:44 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{26C52885-8A1D-4D4C-9AC8-82D313F8010E}
[2011/06/28 17:14:44 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{0FD9B3AE-920E-4DA5-901A-0F6F8761F858}
[2011/06/28 17:14:44 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{BE1DC702-172E-4A60-B760-D4EA55B7554C}
[2011/06/28 17:14:44 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{6FE6C780-F902-4714-82A2-691B3FE1D336}
[2011/06/28 17:14:43 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{83A2EAE8-4E5D-41FF-A0A2-58B45510F94C}
[2011/06/28 17:14:43 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{0DD110CD-DAE0-473A-B09F-E64C4597F331}
[2011/06/28 17:14:43 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{65502BA4-785F-4DB5-906A-EFEC0F41EE1A}
[2011/06/28 17:14:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{3F41CB5E-AEFA-4697-BF07-D62460170D8A}
[2011/06/28 17:14:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{35E62073-EEDB-4BC9-BC37-3B427C097BCE}
[2011/06/28 17:14:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{E571469A-7EF4-43BC-8B8D-D09DC9E7C849}
[2011/06/28 17:14:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{C320678A-97FB-4DA6-9577-30B6E7F4DC83}
[2011/06/28 17:14:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{67E42A94-2A21-47AE-BF3E-3747EFB1E17E}
[2011/06/28 17:14:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{331BFCA2-2836-4079-8DCD-3F74F9B6EC0A}
[2011/06/28 17:14:42 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{2AF9A50A-124A-4B18-9AD3-0182910FF922}
[2011/06/28 17:14:41 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{40B2FE12-2C87-4661-911F-9EADD2333DA1}
[2011/06/28 17:14:41 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{076E1BFC-B01A-4B3C-BD14-D529C4589F6E}
[2011/06/28 17:14:41 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{46ABC77B-3FC9-46A9-8FC7-4252DBB9C0B0}
[2011/06/28 17:14:41 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{0E2CDCC7-CCD4-4A77-9879-4B53ED7E8711}
[2011/06/28 17:14:40 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{BBD23033-889F-4A08-86A0-6DE13F868C4F}
[2011/06/28 17:14:40 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{7E5AA09F-9884-42F5-94FC-ECDD8BE68BAA}
[2011/06/28 17:14:40 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{F2BB7F0C-2736-4BCC-A4E9-9700A4D5D6ED}
[2011/06/28 17:14:40 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{1238AD64-D963-46F9-8D9B-3438493564EB}
[2011/06/28 17:14:40 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{F352D692-CE61-49C3-8414-266F5D4E7EB9}
[2011/06/28 17:14:39 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{0E42AB9A-B77C-47ED-B0FC-CD298F5D1AF5}
[2011/06/28 17:14:39 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{FF03DC64-6A14-4AE8-A6A1-9139C0D26E71}
[2011/06/28 17:14:39 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{9C31A6B0-DC5A-4296-96FB-6191D6041FE9}
[2011/06/28 17:14:39 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{5239707C-56E9-427E-809B-B3AC067F2618}
[2011/06/28 17:14:38 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{CBBEE464-470A-4DAB-BD49-7F6FBA2C3400}
[2011/06/28 17:14:38 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{FA43D353-9B12-482D-8CC3-E50410C242F9}
[2011/06/28 17:14:38 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{907017C1-DA03-4365-865B-A7936753FD6B}
[2011/06/28 17:14:38 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{F8977113-89A5-4BC1-A5D7-8F26A5D92FF8}
[2011/06/28 17:14:38 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{8A4FEBE7-2F20-4E69-B8FF-4A76F65F61F9}
[2011/06/28 17:14:38 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{161ECABB-D60B-4748-BF30-98E32B80BEFA}
[2011/06/28 17:14:37 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{EBDC7768-8436-452F-9A93-09C6883E497B}
[2011/06/28 17:14:37 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{CCBAA11F-93F6-4658-9014-CEAD9901A459}
[2011/06/28 17:14:37 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{42B4D0A1-82B0-45FD-BD5C-C62F55C27A06}
[2011/06/28 17:14:37 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{C03EDD65-2401-48EF-BA60-E18008EB860A}
[2011/06/28 17:14:37 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{BE8E3B2D-3436-4E2D-8E07-C15E3DD929D5}
[2011/06/28 17:14:36 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{C48EAAE7-407A-4415-8811-777021CEBE6F}
[2011/06/28 17:14:36 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{61832C7E-A809-4D73-9F59-A5244A4DDDCD}
[2011/06/28 17:14:36 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{616ECC3E-91D4-4042-A30E-A35834BC6DDA}
[2011/06/28 17:14:36 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{23BAC8ED-AFB0-4C1B-952D-4785B18327E3}
[2011/06/28 17:14:35 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{BAA7D8D7-FCA9-47A6-BD5F-B16590E0089A}
[2011/06/28 17:14:35 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{83230A7B-B39C-4E3F-9870-1CCFF43F856E}
[2011/06/28 17:14:35 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{F98809B3-5A77-4A11-9BA1-727516D9F8DC}
[2011/06/28 17:14:35 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{D49CBF81-DA40-4C20-AF3D-AE3842705410}
[2011/06/28 17:14:35 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{AB2FE71A-4949-481F-9B86-6DBA58129873}
[2011/06/28 17:14:35 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{99452D57-FC3C-453A-B00E-9156EB7C6D24}
[2011/06/28 17:14:34 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{F79A89A8-26BC-4D31-9FF9-695B5D0C9D93}
[2011/06/28 17:14:34 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{5BEBE81C-37B7-40F6-8F2C-AFF6292ED765}
[2011/06/28 17:14:34 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{157730B3-48FD-4B8B-8BA3-2642CCCFAF71}
[2011/06/28 17:14:34 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{111CB2D4-11FE-4D0D-A38F-64190E53AA88}
[2011/06/28 17:14:33 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{3FC48E53-B83A-4E4B-8BAE-115FF9A4A78E}
[2011/06/28 17:14:33 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{5B5F915A-F2CE-491C-81C3-C10EC6608F35}
[2011/06/28 17:14:33 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{14F8826A-2D13-4A56-9D53-D33F0A98F54B}
[2011/06/28 17:14:32 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{E59A28E7-691D-49D1-94C4-623B6CE9D4B1}
[2011/06/28 17:14:32 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{3A362DA1-20EF-4B71-BE7D-2BDB0C428E39}
[2011/06/28 17:14:32 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{87033758-CA73-408C-94B9-145299A09C46}
[2011/06/28 17:14:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{7C8FAF15-7B21-41E3-B51A-C7E0AFD8DFD8}
[2011/06/28 17:14:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{F8939A10-36CE-493E-BAD9-DB9B0F12DFE6}
[2011/06/28 17:14:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{7521B5FB-AAD5-45B6-8EAD-E56A37371816}
[2011/06/28 17:14:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{A2AA0414-8A34-4C77-BDBD-9B5A1FA575C6}
[2011/06/28 17:14:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{7BC7222C-655B-4B01-B68D-BBC4FFD3A6F5}
[2011/06/28 17:14:30 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{E4A90259-137B-42A9-9BAD-3190B40AAC19}
[2011/06/28 17:14:30 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{CC114D3B-F34A-412E-9B58-C74D5C0AFD5A}
[2011/06/28 17:14:30 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{7213E644-E351-4880-B8AA-C5E3DECA942F}
[2011/06/28 17:14:30 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{EF37032E-441D-44D7-92E2-ACCE5A383442}
[2011/06/28 17:14:30 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{E896EFC5-D5DD-457D-8947-AEA163259F04}
[2011/06/28 17:14:30 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{9233A8EC-87A0-4FDD-869D-23B08C5A1514}
[2011/06/28 17:14:30 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{3758D422-065B-4AF6-8140-289D47ED42FC}
[2011/06/28 17:14:29 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{AD634839-970F-42D1-998A-7FA869D015D4}
[2011/06/28 17:14:29 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{98958364-9F1A-4E86-B5B7-D2D0F1708434}
[2011/06/28 17:14:28 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{CF97E017-C068-496E-8408-550E5333C697}
[2011/06/28 17:14:28 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{82727A95-3E3D-4F96-A1B9-91DE6936F44D}
[2011/06/28 17:14:28 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{54387D4A-8F21-4CBE-A0D5-AF1F6173B419}
[2011/06/28 17:14:28 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{B44B5A26-70FB-43F6-9BDB-22BCD8587257}
[2011/06/28 17:14:28 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{5503AA7B-A8EE-4819-9AF7-D81C1BBA5793}
[2011/06/28 17:14:28 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{357C4F4A-D828-458C-85CD-3074D0452CA6}
[2011/06/28 17:14:28 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{783A4540-AE49-4CA0-A7EC-05FCCCAF80FA}
[2011/06/28 17:14:27 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{9BDF911E-96F0-4599-9F50-B011CF4D3FA6}
[2011/06/28 17:14:27 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{39D5C2AA-3EF4-4578-97C3-5021C34E1BA8}
[2011/06/28 17:14:27 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{CB614405-5ACD-4CA2-9567-4BC903AF4F83}
[2011/06/28 17:14:27 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{96302A10-6E95-4BCA-B7B5-363B919E0BF3}
[2011/06/28 17:14:26 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{66D3A4F3-8918-49FD-AD90-B311FDE0D588}
[2011/06/28 17:14:26 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{A43799DC-9320-46F8-B4B2-ECE5B89537EC}
[2011/06/28 17:14:26 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{9378A7D6-1F69-4472-A34E-99F83EE18DAA}
[2011/06/28 17:14:26 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{7BFCDA2D-A170-429B-9916-1608A1904CAE}
[2011/06/28 17:14:26 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{804708CF-B1A3-494F-909A-71DF27C95929}
[2011/06/28 17:14:25 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{C93F1039-E043-41D0-9E99-806C77177B6F}
[2011/06/28 17:14:25 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{A51D4D2C-B348-4F06-A2E6-F0FA7D061714}
[2011/06/28 17:14:25 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{C682C42F-93E3-4D15-951D-AA8DFF469FFA}
[2011/06/28 17:14:25 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{B9F307DA-7206-4075-A43D-C6A022C2CFC4}
[2011/06/28 17:14:25 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{BC168FE0-2FF0-4607-8251-93B70B77CFA6}
[2011/06/28 17:14:25 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{11F5AC5E-82A5-4126-AAE0-52B4DC6F192A}
[2011/06/28 17:14:24 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{81189232-AC16-4C3B-90CB-93776D525822}
[2011/06/28 17:14:24 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{3287F1D5-B97D-4F8D-9A25-7873D19C52FB}
[2011/06/28 17:14:24 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{B03A2AA5-040E-4D15-A43E-8183DBC7A0CE}
[2011/06/28 17:14:24 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{3D026652-10DE-42B0-A477-95C5A7BC679D}
[2011/06/28 17:14:23 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{3A43C164-62A4-4A14-A8F0-7D730D4A5547}
[2011/06/28 17:14:23 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{E5877BDA-8A55-468C-B213-E70BF4B56C1C}
[2011/06/28 17:14:22 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{7F7FC0C2-D75A-459E-8B06-FB3A4FC2F049}
[2011/06/28 17:14:22 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{FFB8D0F0-F52B-488F-A3F9-E8B0FA5307DA}
[2011/06/28 17:14:22 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{E5CE3243-F24D-4B1E-AF4D-4BA7E174ACCB}
[2011/06/28 17:14:22 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{2E905A1A-677D-4828-9608-3CA2D10DFAAF}
[2011/06/28 17:14:21 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{F2004985-D4E4-4E9B-BC24-83393999CF45}
[2011/06/28 17:14:21 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{CCAEF6BB-C392-45DF-91DD-EDD6EB8E85C4}
[2011/06/28 17:14:20 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{A078F887-8FE0-4DCC-8C51-7F7485FD7784}
[2011/06/28 17:14:20 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{24AEB26E-389C-4288-B359-3C88D3E9727B}
[2011/06/28 17:14:18 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{FEFE4A70-CD33-403B-A31A-AEE1B4FB5392}
[2011/06/28 17:14:18 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{A8390BBE-2769-44C9-8683-F1296C214139}
[2011/06/28 17:14:17 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{851E8E86-A0AC-4C60-BCD3-879431A24D80}
[2011/06/28 17:14:17 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{0D10BC41-B5BC-4D7A-BC21-57030CC47CE5}
[2011/06/28 17:14:17 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{1BB0E6E9-00A0-48F7-8228-BE8764479516}
[2011/06/28 17:14:15 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{B0CF616E-CB28-42F3-A893-5075BE5F3AAF}
[2011/06/28 17:14:15 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{87E578C3-4227-415F-954F-C21D7E46D1C5}
[2011/06/28 17:14:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{0D3014D9-250A-4C36-BF39-2734807A83AE}
[2011/06/28 17:14:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{EA60D504-3DEB-42D7-A15D-414ACFFA7674}
[2011/06/28 17:14:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{C8E60D81-097B-4E14-9B08-29D2A0E6C53D}
[2011/06/28 17:14:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{D6990E8D-D041-430E-8ED6-DEC81BFDDF03}
[2011/06/28 17:14:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{D455308D-1F80-4787-AC0D-0BF908554398}
[2011/06/28 17:14:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{2BAD457A-F2FF-42EF-8B18-4543C0B62776}
[2011/06/28 17:14:13 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{E9AF3F57-E74C-49ED-B3AE-68CD385C60A9}
[2011/06/28 17:14:13 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{3469221D-6FC5-4BEF-9061-FF89CEBCDFF3}
[2011/06/28 17:14:13 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{E2F761E0-5705-4558-85EE-68D965018F21}
[2011/06/28 17:14:13 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{E9F5A83E-B3F0-41F2-A6B3-1EEF6540039B}
[2011/06/28 17:14:13 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{6B748515-2D77-44A6-983F-35417546816A}
[2011/06/28 17:14:12 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{ED8F079F-75C4-4D4F-9DB0-22F883183429}
[2011/06/28 17:14:12 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{146E06E5-4162-408A-9066-F8981E508BF1}
[2011/06/28 17:14:12 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{7109B88C-AD8A-4C72-8222-C316C586B453}
[2011/06/28 17:14:12 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{466EACC7-3405-4DAE-B42A-DBB28A4FEC09}
[2011/06/28 17:14:12 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{9339BCB6-284A-4B83-B8C9-1772B4656E8C}
[2011/06/28 17:14:11 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{31975C18-FD6C-45EE-84CE-2FA767157E21}
[2011/06/28 17:14:11 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{F3A6C553-9800-4A7A-B342-66D7C2C80208}
[2011/06/28 17:14:11 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{17224E4C-9C3F-42BE-BEB0-B6FE2F5F40EE}
[2011/06/28 17:14:11 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{8927FE0A-5650-49D4-8119-0085E997709D}
[2011/06/28 17:14:10 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{A1E6F949-6D87-4819-8A4C-29528FA9B530}
[2011/06/28 17:14:10 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{59F40712-29BB-4BE6-B6F7-A92BC18735B1}
[2011/06/28 17:14:09 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{B801C9C1-3A8F-4E4A-BDA8-537652DC62A3}
[2011/06/28 17:14:09 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{93952BE9-AC83-4072-AD32-63AE42ED5FC5}
[2011/06/28 17:14:09 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{61ABF1ED-7642-41F9-BB94-C08B75744F89}
[2011/06/28 17:14:08 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{86B56765-733A-4620-90FB-61E9C380CFA1}
[2011/06/28 17:14:08 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{DEF955DA-738B-4812-A77C-B04661818454}
[2011/06/28 17:14:08 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{C5F1B8A0-314F-43E8-ACB9-72CC9C454743}
[2011/06/28 17:14:07 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{F638CE99-E593-4295-B7E1-A9D36D601439}
[2011/06/28 17:14:07 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{53D587C1-4692-4344-9DFF-F44E289EFC3F}
[2011/06/28 17:14:07 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{BCD99327-B6DB-429E-B5B2-703B801F37B0}
[2011/06/28 17:14:07 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{B6F44EA9-B463-495C-8A72-560D4DDF205A}
[2011/06/28 17:14:07 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{11A1C674-0F56-4C05-9A84-FA462ED6B579}
[2011/06/28 17:14:07 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{DC2A7E3B-296D-4105-BF47-41C6752FDDB3}
[2011/06/28 17:14:07 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{49B8B941-8582-4D4A-BE22-A4A20D4B315E}
[2011/06/28 17:14:06 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{B975AF76-E8A4-4AFD-87D9-6BB67374DCC6}
[2011/06/28 17:14:06 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{21299A3C-D4D0-4A92-8348-153E959623AB}
[2011/06/28 17:14:06 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{B3534E66-A311-4589-BB6E-98ACA5D00CA3}
[2011/06/28 17:14:06 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{2B7A2DB4-A3F2-4B4B-B9EE-C097B44FC39E}
[2011/06/28 17:14:05 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{CBE5E668-BFF5-426C-9C04-273A2158CF9A}
[2011/06/28 17:14:05 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{C0A4C9BC-1479-4B72-9E33-F76288686729}
[2011/06/28 17:14:05 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{3E7F58DE-55C5-4D8E-9A1D-10BB97A7F5D3}
[2011/06/28 17:14:05 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{2CFF65D2-E004-45A2-ACC5-39783196519B}
[2011/06/28 17:14:05 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{101D5AAD-4409-4707-8576-3D87A7DAE723}
[2011/06/28 17:14:05 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{EF99D9A7-7A54-43F2-AA48-C583EE5EE553}
[2011/06/28 17:14:05 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{78F02E5D-FC89-4EFD-94B7-A746EEFF8AC4}
[2011/06/28 17:14:04 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{BE4C4B75-631D-4B4C-9029-87C1DFDEC117}
[2011/06/28 17:14:04 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{BAB282EA-5F0C-408D-A825-C2882731C027}
[2011/06/28 17:14:04 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{398412B1-6EA5-4C83-8614-1F698E37BB84}
[2011/06/28 17:14:04 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{C5CCE1B1-842C-4AF8-97CB-5A8221CF82B6}
[2011/06/28 17:14:03 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{96813E86-2B9B-4A99-AA9B-756AFC71321D}
[2011/06/28 17:14:02 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{C7036194-5D85-4850-8214-F68D0114D5C3}
[2011/06/28 17:14:02 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{530BB9FD-1C1A-472B-938F-694F41702FD2}
[2011/06/28 17:14:02 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{5222A053-C5AF-4819-9A57-B5A508BE8E95}
[2011/06/28 17:14:02 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{C6F4A4E0-F122-4386-AF9C-818A783E6F98}
[2011/06/28 17:14:02 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{4839099F-2433-4B86-8F82-8BABE58F221B}
[2011/06/28 17:14:02 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{174542A0-0A71-4D90-9B58-A1B42C91569E}
[2011/06/28 17:14:01 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{044FC6F8-5236-4A86-A923-2D73A68B29CA}
[2011/06/28 17:14:01 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{752BAB23-CF46-4155-8AD0-89799DF5A7B7}
[2011/06/28 17:14:01 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{53610989-1118-4867-B022-427F83207530}
[2011/06/28 17:14:01 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{580CD78C-CD33-4213-8147-B1C0F396453D}
[2011/06/28 17:14:00 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{F942650C-BE61-4A1B-B36C-7F875D7EB002}{289FE80A-6C74-43ED-B909-72ADEF585C70}
[2011/06/28 17:14:00 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{63AEB89A-7CA0-4707-A250-8D7752C5EEE9}{59FC6184-ABCA-4755-ACDA-6E7A67D0CDC6}
[2011/06/28 17:14:00 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\{0B6B3F7F-4C05-48C4-95C6-6A688CA9F3B0}{F759B30C-5D65-495C-9E3F-2F8E55C1D904}
SNPG09 is offline  
Old 07-12-2011, 01:09 PM   #19
Registered Member
 
Join Date: Jul 2011
Posts: 20
OS: Windows 7 Home Premium, Service pack 1



OTL log too long to copy past. txt is attached.
Attached Files
File Type: txt OTL.Txt (1.55 MB, 53 views)
SNPG09 is offline  
Old 07-13-2011, 08:52 AM   #20
Registered Member
 
Join Date: Jul 2011
Posts: 20
OS: Windows 7 Home Premium, Service pack 1



Have noticed the following files throughout my system "desktop.ini", ".picasa.ini" ".thumbs.db.". Just noticed these files today when I went to view my picture folder. I noticed there were multiple copies of files/folders and that the previous mentioned files were also present and could not be deleted. Recieved a message that said it was a system file??? These files appear throughout my documents, music, pictures, desktop, downloads etc folders. Is this a virus???
SNPG09 is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Infections / Malware / rundll32.exe error
My computer was last used by someone to download games and watch videos on the internet. The next thing I know, there were pop-ups. I am constantly getting these fake spyware removal pop ups. I tried going into control panel/add-remove programs and I get a 'rundll32.exe' error message. I used...
6one9 Resolved HJT Threads 54 05-16-2011 06:06 AM
"The memory could not be written"
Hi. I appreciate any help you could provide. Recently, I started getting an error that popped up when I run Real Player. Now, anytime I try to install a program I get an application error referencing memory at "0x71ab4a07" and am unable to complete installation. Here is the specific message when...
calbum2 Inactive Malware Help Topics 6 05-09-2011 07:32 AM
Windows 7 Recovery Problem
Hello, I first got this about a month ago as "Win 7 2011 Security Alert" which wouldn't let me open internet explorer, disabled malwarebytes and caused general chaos. I managed to get malware bytes open by running an antivirus scan (Panda) and then malware bytes could update and detect/remove...
RichieFth Virus/Trojan/Spyware Help 21 04-28-2011 01:08 PM
"Internet Protection" malware problem. Help
Hello I have a problem with my laptop which is running on Windows 7. I do not have access to the windows disc/boot disc. Two days ago a small window popped up with the title of "Internet Protection" and in the small window of it, it looked like this program was running a scan and finding...
poorscousertomy Resolved HJT Threads 11 04-17-2011 10:21 AM
XP security center
Hi, using XP SP3, with up to date AVG free. Using other PC to post this. I got the XP security center malware while browsing. I can not open exe files (but get no prompts like for missing associations for example, anything I have tried like Firefox, etc. I can navigate in windows explorer...
rgmm Resolved HJT Threads 16 04-09-2011 08:00 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 11:01 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts