Windows Error Recovery-Malware?

mcgilvraydh · January 25, 2012

I think my computer has malware but before I could run the logs and post them it crashed and now it won't restart.

I tried recovery back to an earlier version but that won't work either.

I am thinking the malware is something to do with "Advanced Registry Optimizer". Something that was trying to run and look for viruses on my computer.

Any help you can Offer is greatly appreciated.

I was able to get a restart today and ran malwarebytes. It said there were no threats.

I tried to go to do the following step:

Download

DDS

from here:

dds.scr

or here:

dds.com

and save it to your desktop.

and my computer said it had an error and was restarting. I will try again to see if I can make it any further in this step.

LDTate · January 29, 2012

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs for these tools, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Please run a new MBAM scan being sure to update before scanning.

Post the scan results

Also please describe how your computer behaves at the moment.

Please don't attach the scans / logs, use "copy/paste".

mcgilvraydh · January 30, 2012

I was able to update Malwarebytes and below is the latest scan from today. I also was able to run the DDS scans so went ahead and attached those since I was able to get on.

The computer is restarting over and over again. It gets in a loop and eventually I can get it back up and run the scans,etc. but I only have a short time and then it will shut down again and I start the process again. Also seems to be some files on my desktop I don't recognize. My symantic says that file system auto protect is not functioning correctly.

I have some updates to windows that are ready to install but I have to restart it to install them. Since it hasn't shut down yet I am trying to get this posted before I try and restart for the updates.

Malwarebytes Anti-Malware 1.60.0.1800

www.malwarebytes.org

Database version: v2012.01.29.04

Windows 7 x64 NTFS

Internet Explorer 8.0.7600.16385

McGilvray :: MCGILVRAY-VAIO [administrator]

1/29/2012 3:54:57 PM

mbam-log-2012-01-29 (15-54-57).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 193251

Time elapsed: 19 minute(s), 58 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 2/13/2010 3:42:42 PM

System Uptime: 1/29/2012 3:33:09 PM (0 hours ago)

.

Motherboard: Sony Corporation | | VAIO

Processor: Intel® Core2 Duo CPU T6600 @ 2.20GHz | N/A | 2200/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 287 GiB total, 150.472 GiB free.

E: is Removable

F: is Removable

G: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP109: 1/26/2012 12:58:50 PM - Scheduled Checkpoint

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

Adobe AIR

Adobe Flash Player 10 Plugin

Adobe Flash Player 11 ActiveX

Adobe Photoshop Elements 6.0

Adobe Reader X (10.1.2) MUI

Adobe Shockwave Player 11.5

Advanced Registry Optimizer

Apple Application Support

Apple Software Update

ArcSoft Magic-i Visual Effects 2

ArcSoft WebCam Companion 3

Ask Toolbar

Ask Toolbar Updater

AviSynth 2.5

Bing Bar

Bing Bar Platform

Bing Rewards Client Installer

Compatibility Pack for the 2007 Office system

Coupon Printer for Windows

D3DX10

DING!

DVD Decrypter (Remove Only)

ESET Online Scanner v3

Evernote

Facebook Video Calling 1.1.1.1

GameXN GO

Google Chrome

Google Earth Plug-in

Google Talk Plugin

Google Toolbar for Internet Explorer

Google Update Helper

HP Officejet 6500 E710n-z Help

HP Update

I.R.I.S. OCR

InterActual Player

Java Auto Updater

Junk Mail filter update

LeapFrog Connect

LeapFrog Tag Plugin

LiveUpdate 3.3 (Symantec Corporation)

Malwarebytes' Anti-Malware version 1.51.1.1800

Marketsplash Print Software

Marketsplash Shortcuts

Media Gallery

Microsoft Default Manager

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office Home and Student 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Suite Activation Assistant

Microsoft Office Word MUI (English) 2007

Microsoft Search Enhancement Pack

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft SQL Server 2008

Microsoft SQL Server 2008 Browser

Microsoft SQL Server 2008 Common Files

Microsoft SQL Server 2008 Database Engine Services

Microsoft SQL Server 2008 Database Engine Shared

Microsoft SQL Server 2008 RsFx Driver

Microsoft SQL Server 2008 Setup Support Files

Microsoft SQL Server Compact 3.5 SP2 ENU

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Works

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Oasis2Service

Picaboo X

Picasa 3

PMB

PMB VAIO Edition Guide

PMB VAIO Edition plug-in (Click to Disc)

PMB VAIO Edition plug-in (VAIO Image Optimizer)

PMB VAIO Edition plug-in (VAIO Movie Story)

QuickBooks Financial Center

QuickTime

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

Realtek High Definition Audio Driver

RealUpgrade 1.1

Roxio Central Audio

Roxio Central Copy

Roxio Central Core

Roxio Central Data

Roxio Central Tools

Roxio Easy Media Creator 10 LJ

Roxio Easy Media Creator Home

Safari

Search Toolbar

Security Update for 2007 Microsoft Office System (KB2288621)

Security Update for 2007 Microsoft Office System (KB2288931)

Security Update for 2007 Microsoft Office System (KB2345043)

Security Update for 2007 Microsoft Office System (KB2553089)

Security Update for 2007 Microsoft Office System (KB2553090)

Security Update for 2007 Microsoft Office System (KB2584063)

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office Access 2007 (KB979440)

Security Update for Microsoft Office Groove 2007 (KB2552997)

Security Update for Microsoft Office InfoPath 2007 (KB2510061)

Security Update for Microsoft Office InfoPath 2007 (KB979441)

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB2344993)

Service Pack 1 for SQL Server 2008 (KB968369)

Setting Utility Series

Skype Click to Call

Skype™ 5.5

SmartWi Connection Utility

Sony Home Network Library

Sql Server Customer Experience Improvement Program

The Weather Channel Desktop 6

TurboTax 2010

TurboTax 2010 winiper

TurboTax 2010 WinPerFedFormset

TurboTax 2010 WinPerReleaseEngine

TurboTax 2010 WinPerTaxSupport

TurboTax 2010 wrapper

Update for 2007 Microsoft Office System (KB2284654)

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596686) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition

Update for Microsoft Office 2007 System (KB2539530)

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office OneNote 2007 (KB980729)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 (KB2583910)

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin)

VAIO Care

VAIO Content Metadata Intelligent Analyzing Manager

VAIO Content Metadata Intelligent Network Service Manager

VAIO Content Metadata Manager Settings

VAIO Content Metadata XML Interface Library

VAIO Content Monitoring Settings

VAIO Control Center

VAIO Data Restore Tool

VAIO DVD Menu Data

VAIO Entertainment Platform

VAIO Event Service

VAIO Hardware Diagnostics

VAIO Help and Support

VAIO Media plus

VAIO Media plus Opening Movie

VAIO Messenger

VAIO Movie Story Template Data

VAIO OOBE and Startup Assistant

VAIO Original Function Settings

VAIO Personalization Manager

VAIO Power Management

VAIO Quick Web Access

VAIO Sample Contents

VAIO Survey

VAIO Transfer Support

VAIO Update 5

VAIO Wallpaper Contents

VAIO Window Organizer

Videora iPod Converter 6

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

YouTube Downloader App 3.00

.

==== Event Viewer Messages From Past Week ========

.

1/29/2012 3:41:37 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk0\DR0.

1/29/2012 3:41:16 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.

1/29/2012 3:40:02 PM, Error: SRTSPL [11] - Unable to allocate open file data.

1/29/2012 3:40:02 PM, Error: SRTSP [5] - Error loading Symantec real time Anti-Virus driver.

1/29/2012 3:40:02 PM, Error: SRTSP [4] - Error loading virus definitions.

1/29/2012 3:40:02 PM, Error: Service Control Manager [7000] - The SRTSPL service failed to start due to the following error: A device attached to the system is not functioning.

1/29/2012 3:40:02 PM, Error: Service Control Manager [7000] - The SRTSP service failed to start due to the following error: A device attached to the system is not functioning.

1/29/2012 3:38:38 PM, Error: Service Control Manager [7022] - The VAIO Content Folder Watcher service hung on starting.

1/29/2012 3:36:37 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer MCGILVRA-2AC3AE that believes that it is the master browser for the domain on transport NetBT_Tcpip_{53249536-ECA8-4D56-8F55-6C3E89A1799C}. The master browser is stopping or an election is being forced.

1/29/2012 3:34:19 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SRTSP

1/29/2012 3:34:02 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Roxio Upnp Server 10 service to connect.

1/26/2012 12:27:21 PM, Error: Service Control Manager [7034] - The Windows Search service terminated unexpectedly. It has done this 3 time(s).

1/26/2012 12:25:56 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

1/26/2012 12:24:35 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

1/26/2012 11:33:45 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.

1/26/2012 11:33:14 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the CryptSvc service.

1/26/2012 10:36:51 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

1/25/2012 12:22:37 PM, Error: Service Control Manager [7022] - The Network Location Awareness service hung on starting.

1/25/2012 11:39:51 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running.

1/25/2012 11:38:45 AM, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:.

1/25/2012 11:35:00 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Oasis2Service service to connect.

1/25/2012 11:35:00 AM, Error: Service Control Manager [7000] - The Oasis2Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

1/25/2012 11:34:18 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intuit Update Service service to connect.

1/25/2012 11:34:18 AM, Error: Service Control Manager [7000] - The Intuit Update Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

1/25/2012 11:29:43 AM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.

1/24/2012 9:29:42 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.

1/24/2012 9:27:32 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the VCFw service.

1/24/2012 8:08:59 AM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{53249536-ECA8-4D56-8F55-6C3E89A1799C} because another computer on the network has the same name. The server could not start.

1/24/2012 12:20:48 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect.

1/24/2012 12:20:48 PM, Error: Service Control Manager [7000] - The Windows Live ID Sign-in Assistant service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

1/24/2012 12:18:55 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Symantec Endpoint Protection service to connect.

1/24/2012 12:17:54 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SeaPort service to connect.

1/24/2012 12:17:54 PM, Error: Service Control Manager [7000] - The SeaPort service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

1/24/2012 11:51:10 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the LeapFrog Connect Device Service service to connect.

1/24/2012 11:50:27 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Bluetooth Service service to connect.

1/24/2012 11:50:27 AM, Error: Service Control Manager [7000] - The Bluetooth Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

1/24/2012 11:49:30 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.

1/24/2012 11:49:30 AM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

1/24/2012 10:01:59 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.

1/23/2012 9:08:43 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X64 service to connect.

1/23/2012 10:40:29 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intuit Update Service v4 service to connect.

1/23/2012 10:40:29 AM, Error: Service Control Manager [7000] - The Intuit Update Service v4 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

1/23/2012 10:38:09 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.

1/23/2012 10:01:35 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service.

.

==== End Of File ===========================

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7600.16385

Run by McGilvray at 15:38:40 on 2012-01-29

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3935.2517 [GMT -8:00]

.

AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe

C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe

C:\Windows\system32\msiexec.exe

C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe

C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe

C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe

C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\SysWOW64\DllHost.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe

C:\Windows\system32\sppsvc.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe

C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe

C:\Program Files\Apoint\Apoint.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Windows\system32\igfxsrvc.exe

C:\Users\McGilvray\AppData\Local\Google\Update\GoogleUpdate.exe

C:\ProgramData\GameXN\GameXNGO.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Windows\system32\taskeng.exe

C:\Users\McGilvray\AppData\Local\Facebook\Update\FacebookUpdate.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Apoint\ApMsgFwd.exe

C:\Program Files\Sony\VAIO Care\VAIOCareService.exe

C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

C:\Program Files (x86)\Hewlett-Packard\Marketsplash by HP\HPLocalWebPrintAgent.exe

C:\Program Files\Apoint\Apvfb.exe

C:\Program Files\Apoint\Apntex.exe

C:\Program Files (x86)\Southwest Airlines\Ding\Ding.exe

C:\Windows\system32\conhost.exe

C:\Users\McGilvray\AppData\Local\Facebook\Update\FacebookUpdate.exe

C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe

C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe

C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe

C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe

C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe

C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe

C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe

C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files (x86)\Ask.com\Updater\Updater.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe

C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\taskhost.exe

C:\Windows\System32\wsqmcons.exe

C:\Program Files\Sony\First Experience\OOBESendInfo.exe

C:\Program Files\Sony\VAIO Care\VCsystray.exe

C:\Program Files\Sony\First Experience\OOBEFcdRegistration.exe

C:\Program Files (x86)\Sony\VAIO Survey\VAIO Sat Survey.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Sony\VAIO Power Management\SPMService.exe

C:\Windows\system32\DllHost.exe

C:\Program Files (x86)\DDNi\Oasis\DDNiStartup.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uSearch Page = hxxp://www.google.com

uStart Page = hxxp://www.bing.com/?pc=Z039&form=ZGAPHP

uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT

uSearch Bar = hxxp://www.google.com/ie

uDefault_Search_URL = hxxp://www.google.com/ie

mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll

BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll

BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll

TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

uRun: [Google Update] "C:\Users\McGilvray\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [DW6] "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"

uRun: [AROReminder] C:\Program Files (x86)\Advanced Registry Optimizer\ARO.exe -rem

uRun: [GameXN (update)] "C:\ProgramData\GameXN\GameXNGO.exe" /u

uRun: [GameXN (news)] "C:\ProgramData\GameXN\GameXNGO.exe" /n

uRun: [GameXN] "C:\ProgramData\GameXN\GameXNGO.exe" /silent

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized

uRun: [Facebook Update] "C:\Users\McGilvray\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

mRun: [smartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup

mRun: [iSBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"

mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe

mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"

mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"

mRun: [Adobe Photo Downloader] "C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe"

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot

mRun: [<NO NAME>]

mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"

mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

StartupFolder: C:\Users\MCGILV~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ADVANC~1.LNK - C:\Program Files (x86)\Advanced Registry Optimizer\ARO.exe

StartupFolder: C:\Users\MCGILV~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DING!.lnk - C:\Program Files (x86)\Southwest Airlines\Ding\Ding.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MARKET~1.LNK - C:\Program Files (x86)\Hewlett-Packard\Marketsplash by HP\HPLocalWebPrintAgent.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll

Trusted Zone: intuit.com\ttlc

DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100

TCP: DhcpNameServer = 75.75.75.75 75.75.76.76

TCP: Interfaces\{1B4C9337-1350-489A-8601-C7E07B94A658} : DhcpNameServer = 172.16.2.5 172.18.82.11 4.2.2.2

TCP: Interfaces\{53249536-ECA8-4D56-8F55-6C3E89A1799C} : DhcpNameServer = 75.75.75.75 75.75.76.76

TCP: Interfaces\{53249536-ECA8-4D56-8F55-6C3E89A1799C}\2516C6078623E243 : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{53249536-ECA8-4D56-8F55-6C3E89A1799C}\64275656D456974656E62616575627 : DhcpNameServer = 205.171.3.65 205.171.2.65

TCP: Interfaces\{53249536-ECA8-4D56-8F55-6C3E89A1799C}\84F4D45413 : DhcpNameServer = 192.168.0.1 192.168.0.1

TCP: Interfaces\{53249536-ECA8-4D56-8F55-6C3E89A1799C}\A657C64656C6 : DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

Notify: VESWinlogon - VESWinlogon.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO-X64: Search Helper - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll

BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll

BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

BHO-X64: Ask Toolbar BHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll

TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

TB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

mRun-x64: [smartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup

mRun-x64: [iSBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"

mRun-x64: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe

mRun-x64: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"

mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun-x64: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"

mRun-x64: [Adobe Photo Downloader] "C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe"

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

mRun-x64: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot

mRun-x64: [(Default)]

mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"

mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

.

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys --> C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [?]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]

R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\drivers\SFEP.sys --> C:\Windows\system32\drivers\SFEP.sys [?]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]

S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]

S3 FlyUsb;FLY Fusion;C:\Windows\system32\DRIVERS\FlyUsb.sys --> C:\Windows\system32\DRIVERS\FlyUsb.sys [?]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

.

=============== Created Last 30 ================

.

2012-01-29 23:38:10 -------- d-----w- C:\Users\McGilvray\AppData\Local\{5888FA63-2AA3-4445-847E-9E9D7B6C7312}

2012-01-29 23:37:47 -------- d-----w- C:\Users\McGilvray\AppData\Local\{0A589FE7-DDA2-4E6B-9CF3-49F2F5331BDB}

2012-01-26 19:29:46 -------- d-----w- C:\Users\McGilvray\AppData\Local\{E0D7E75D-DF55-4C52-8A5A-7CD60B063208}

2012-01-26 19:29:15 -------- d-----w- C:\Users\McGilvray\AppData\Local\{2E988083-1CA9-4CBC-A27C-438C21DA3800}

2012-01-26 18:18:13 -------- d-----w- C:\Users\McGilvray\AppData\Local\{F99A63FB-A997-4764-84E9-BEBD7E7EEC93}

2012-01-26 18:17:52 -------- d-----w- C:\Users\McGilvray\AppData\Local\{AF0E5BA5-9482-4A06-9BFF-6699FA959BF2}

2012-01-25 20:23:32 -------- d-----w- C:\Users\McGilvray\AppData\Local\{F76EC0DE-2D0B-4008-BFCD-A91AC1323EFD}

2012-01-25 20:22:57 -------- d-----w- C:\Users\McGilvray\AppData\Local\{1323CB3E-0927-48D8-A26C-A4811E013E54}

2012-01-25 19:37:12 -------- d-----w- C:\Users\McGilvray\AppData\Local\{A3AA4BE9-2D1C-4D71-843F-25ED3F08B85F}

2012-01-25 19:36:51 -------- d-----w- C:\Users\McGilvray\AppData\Local\{8C77DEAF-3328-471C-BB6D-98A37E0DFAD8}

2012-01-25 18:51:59 -------- d-----w- C:\Users\McGilvray\AppData\Local\{BB12E931-4F75-44EC-93C4-5DA1E52BD0A7}

2012-01-25 18:51:23 -------- d-----w- C:\Users\McGilvray\AppData\Local\{F6317BF2-7B13-42FA-B606-DB6BE01580CC}

2012-01-25 05:42:30 -------- d-----w- C:\Users\McGilvray\AppData\Local\{132F1B26-B7F5-4BFE-A2EC-C44EE7C55263}

2012-01-25 05:42:01 -------- d-----w- C:\Users\McGilvray\AppData\Local\{FBF4C919-097B-4E65-99DF-2D6ABFE24F96}

2012-01-25 05:29:18 -------- d-----w- C:\Users\McGilvray\AppData\Local\{57BEFAAA-443F-4E97-9177-34D7A63485BC}

2012-01-25 05:28:54 -------- d-----w- C:\Users\McGilvray\AppData\Local\{B8BAEE55-A013-41F4-9D23-130882D6C091}

2012-01-24 21:21:04 -------- d-----w- C:\Users\McGilvray\AppData\Local\{BF79DD79-2CFA-4091-999A-8AC5E3A6D480}

2012-01-24 21:20:43 -------- d-----w- C:\Users\McGilvray\AppData\Local\{1188A502-DD9F-4A30-93E0-1E24273940E5}

2012-01-24 20:21:49 -------- d-----w- C:\Users\McGilvray\AppData\Local\{5C3B352C-FE19-4EC6-9481-C96E4A433E94}

2012-01-24 20:21:30 -------- d-----w- C:\Users\McGilvray\AppData\Local\{B2C2B03C-6474-4357-9056-03FB36368EEF}

2012-01-24 20:08:08 -------- d-----w- C:\Users\McGilvray\AppData\Local\{38C5B404-67DD-42A2-B5D4-8AB597870B37}

2012-01-24 20:07:32 -------- d-----w- C:\Users\McGilvray\AppData\Local\{C80870E5-D708-45A8-A03D-7B86D308AF15}

2012-01-24 19:53:43 -------- d-----w- C:\Users\McGilvray\AppData\Local\{05B58725-B522-4ED0-BA30-9F7DFF725D47}

2012-01-24 19:53:28 -------- d-----w- C:\Users\McGilvray\AppData\Local\{F6392456-9908-46E7-A905-2E93F914C9C7}

2012-01-23 18:38:41 -------- d-----w- C:\Users\McGilvray\AppData\Local\{F5947848-2895-4BEE-8334-A3F3D65DF3D1}

2012-01-23 18:38:09 -------- d-----w- C:\Users\McGilvray\AppData\Local\{0DB501C9-BB8E-4BD4-B4F4-4FCD4566C841}

2012-01-23 17:11:33 -------- d-----w- C:\Users\McGilvray\AppData\Local\{6245406E-9C65-4685-8E16-628B4F742202}

2012-01-23 17:11:11 -------- d-----w- C:\Users\McGilvray\AppData\Local\{686A08F5-CD5F-4F02-9EB1-B9947CF2267A}

2012-01-19 21:48:06 -------- d-----w- C:\Program Files (x86)\Rinse

2012-01-14 04:02:27 -------- d-----w- C:\Users\McGilvray\AppData\Local\{E9498BE7-85A4-4762-AA38-0229D08B3A0B}

2012-01-14 04:02:16 -------- d-----w- C:\Users\McGilvray\AppData\Local\{A8653CE6-1446-40EC-A937-08BF32B93FF1}

2012-01-11 16:43:43 -------- d-----w- C:\Users\McGilvray\AppData\Local\{71947371-DA9B-4D5E-9686-B0ECF0600539}

2012-01-11 16:43:32 -------- d-----w- C:\Users\McGilvray\AppData\Local\{D79D7945-94BB-4E64-AF1E-66880468C474}

2012-01-11 00:53:25 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll

2012-01-11 00:53:25 366592 ----a-w- C:\Windows\System32\qdvd.dll

2012-01-11 00:53:25 1572864 ----a-w- C:\Windows\System32\quartz.dll

2012-01-11 00:53:25 1328640 ----a-w- C:\Windows\SysWow64\quartz.dll

2012-01-11 00:53:20 1739160 ----a-w- C:\Windows\System32\ntdll.dll

2012-01-11 00:53:20 1292592 ----a-w- C:\Windows\SysWow64\ntdll.dll

2012-01-11 00:53:18 77312 ----a-w- C:\Windows\System32\packager.dll

2012-01-11 00:53:18 67072 ----a-w- C:\Windows\SysWow64\packager.dll

2012-01-07 18:02:49 -------- d-----w- C:\Users\McGilvray\AppData\Local\{5C33D533-FFE8-4C0D-9FF1-B88AD1CEFF45}

2012-01-07 18:02:38 -------- d-----w- C:\Users\McGilvray\AppData\Local\{8FD710B1-77EF-4CB1-B3BD-EF502644DDDC}

2012-01-04 22:46:27 -------- d-----w- C:\Users\McGilvray\AppData\Local\{01B31D66-534A-4B87-B7D3-8A0C5AB1075A}

2012-01-04 22:46:17 -------- d-----w- C:\Users\McGilvray\AppData\Local\{A556C761-CCA2-4A54-840A-7D9C4D035DB7}

2012-01-03 13:10:44 182672 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll

.

==================== Find3M ====================

.

2011-12-15 19:28:46 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-11-24 05:00:47 3141632 ----a-w- C:\Windows\System32\win32k.sys

2011-11-05 05:26:29 1197568 ----a-w- C:\Windows\System32\wininet.dll

2011-11-05 05:23:10 57856 ----a-w- C:\Windows\System32\licmgr10.dll

2011-11-05 05:17:42 2048 ----a-w- C:\Windows\System32\tzres.dll

2011-11-05 04:35:50 981504 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-11-05 04:34:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll

2011-11-05 04:30:11 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2011-11-05 04:07:32 482816 ----a-w- C:\Windows\System32\html.iec

2011-11-05 03:28:41 386048 ----a-w- C:\Windows\SysWow64\html.iec

2011-11-05 03:25:44 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2011-11-05 02:55:38 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

.

============= FINISH: 15:41:53.37 ===============

LDTate · January 30, 2012

C:\Program Files (x86)\Advanced Registry Optimizer\ARO.exe -rem

That location should be OK, but that program might have also removed register files that are / were needed.

I don't recommend any registry cleaning programs.

Try this:

1. Use the System File Checker tool (SFC.exe) to determine which file is causing the issue, and then replace the file. To do this, follow these steps:

Open an elevated command prompt. To do this, click Start, click All Programs, click Accessories, right-click Command Prompt, and then click Run as administrator. If you are prompted for an administrator password or for a confirmation, type the password, or click Allow.

2. Type the following command, and then press ENTER:

sfc /scannow <--Note the space, it needs to be there

The sfc /scannow command scans all protected system files and replaces incorrect versions with correct Microsoft versions.

mcgilvraydh · January 30, 2012

Okay so I tried it 2 times and it caused it to shut down with an error. I didn't see the first time what exactly happned but the 2nd time it pulled up another box that said UpdateTask.exe applicaton error. Then it pulled up a screen that had a bunch of text but moved to quickly before I could read it.

I think that the Advanced Registry Optimizer was something that my husband accidently downloaded when he was trying to download something else to download movies to our ipod. I have tried to remove the program and somehow it always seems to come back. As far as I know the program has never been run on the computer though it is constantly popping up screens trying to get us to run it and saying we have things that are at risk on our computer.

Below are some things that are on my desktop that I don't recognize. I am pretty sure they are new and I don't know where they came from:

7zDecode

DinaryFiles.7z

BSTIEPrint

ini

NPcol400.dll

Selfdel.dll

A few other things that pop up when I am trying to get it to restart:

1. A recent hardware of software change....the screen goes away too quickly before I can read more than that.

2. Blank Screen-operating system not found

3. sometimes it gives me an option to try and fix things and sometimes it gives me an option to start in safe mode.

Any other ideas or things to try?

LDTate · January 30, 2012

Please do not attach the scan results from Combofx. Use copy/paste.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
Double click on ComboFix.exe & follow the prompts.
Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
Note: If you have XP SP3, use the XP SP2 package.
If Vista or Windows 7, skip the Recovery Console part
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

mcgilvraydh · January 31, 2012

<P>Okay I got it to run and below is the report.</P>

<P></P>

<DIV>ComboFix 12-01-30.02 - McGilvray 01/30/2012 18:48:09.1.2 - x64</DIV>

<DIV>Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3935.1862 [GMT -8:00]</DIV>

<DIV>Running from: c:\users\McGilvray\Downloads\ComboFix.exe</DIV>

<DIV>AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}</DIV>

<DIV>SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}</DIV>

<DIV>SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}</DIV>

<DIV>* Created a new restore point</DIV>

<DIV>((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))</DIV>

<DIV>c:\program files (x86)\Search Toolbar</DIV>

<DIV>c:\program files (x86)\Search Toolbar\icon.ico</DIV>

<DIV>c:\program files (x86)\Search Toolbar\SearchToolbar.dll</DIV>

<DIV>c:\program files (x86)\Search Toolbar\SearchToolbarUninstall.exe</DIV>

<DIV>c:\program files (x86)\Search Toolbar\SearchToolbarUpdater.exe</DIV>

<DIV>c:\users\McGilvray\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tool</DIV>

<DIV>c:\users\McGilvray\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tool\System Tool 2011.lnk</DIV>

<DIV>((((((((((((((((((((((((( Files Created from 2011-12-28 to 2012-01-31 )))))))))))))))))))))))))))))))</DIV>

<DIV>2012-01-31 03:02 . 2012-01-31 03:02<SPAN style="WHITE-SPACE: pre" class=Apple-tab-span> </SPAN>--------<SPAN style="WHITE-SPACE: pre" class=Apple-tab-span> </SPAN>d-----w-<SPAN style="WHITE-SPACE: pre" class=Apple-tab-span> </SPAN>c:\users\Default\AppData\Local\temp</DIV>

<DIV>2012-01-19 21:48 . 2012-01-24 19:36<SPAN style="WHITE-SPACE: pre" class=Apple-tab-span> </SPAN>--------<SPAN style="WHITE-SPACE: pre" class=Apple-tab-span> </SPAN>d-----w-<SPAN style="WHITE-SPACE: pre" class=Apple-tab-span> </SPAN>c:\program files (x86)\Rinse</DIV>

<DIV>2012-01-11 00:53 . 2011-10-26 05:22<SPAN style="WHITE-SPACE: pre" class=Apple-tab-span> </SPAN>366592<SPAN style="WHITE-SPACE: pre" class=Apple-tab-span> </SPAN>----a-w-<SPAN style="WHITE-SPACE: pre" class=Apple-tab-span> </SPAN>c:\windows\system32\qdvd.dll</DIV>

<DIV>2012-01-11 00:53 . 2011-10-26 05:22<SPAN style="WHITE-SPACE: pre" class=Apple-tab-span> </SPAN>1572864<SPAN style="WHITE-SPACE: pre" class=Apple-tab-span> </SPAN>----a-w-<SPAN style="WHITE-SPACE: pre" class=Apple-tab-span> </SPAN>c:\windows\system32\quartz.dll</DIV>

<DIV>2012-01-11 00:53 . 2011-10-26 04:28<SPAN style="WHITE-SPACE: pre" class=Apple-tab-span> </SPAN>1328640<SPAN style="WHITE-SPACE: pre" class=Apple-tab-span> </SPAN>----a-w-<SPAN style="WHITE-SPACE: pre" class=Apple-tab-span> </SPAN>c:\windows\SysWow64\quartz.dll</DIV>

<DIV>2012-01-11 00:53 . 2011-10-26 04:28<SPAN style="WHITE-SPACE: pre" class=Apple-tab-span> </SPAN>514560<SPAN style="WHITE-SPACE: pre" class=Apple-tab-span> </SPAN>----a-w-<SPAN style="WHITE-SPACE: pre" class=Apple-tab-span> </SPAN>c:\windows\SysWow64\qdvd.dll</DIV>

<DIV>2012-01-11 00:53 . 2011-11-17 07:14<SPAN style="WHITE-SPACE: pre" class=Apple-tab-span> </SPAN>1739160<SPAN style="WHITE-SPACE: pre" class=Apple-tab-span> </SPAN>----a-w-<SPAN style="WHITE-SPACE: pre" class=Apple-tab-span> </SPAN>c:\windows\system32\ntdll.dll</DIV>

<DIV>2012-01-11 00:53 . 2011-11-17 05:41<SPAN style="WHITE-SPACE: pre" class=Apple-tab-span> </SPAN>1292592<SPAN style="WHITE-SPACE: pre" class=Apple-tab-span> </SPAN>----a-w-<SPAN style="WHITE-SPACE: pre" class=Apple-tab-span> </SPAN>c:\windows\SysWow64\ntdll.dll</DIV>

<DIV>2012-01-11 00:53 . 2011-11-19 15:07<SPAN style="WHITE-SPACE: pre" class=Apple-tab-span> </SPAN>77312<SPAN style="WHITE-SPACE: pre" class=Apple-tab-span> </SPAN>----a-w-<SPAN style="WHITE-SPACE: pre" class=Apple-tab-span> </SPAN>c:\windows\system32\packager.dll</DIV>

<DIV>2012-01-11 00:53 . 2011-11-19 14:06<SPAN style="WHITE-SPACE: pre" class=Apple-tab-span> </SPAN>67072<SPAN style="WHITE-SPACE: pre" class=Apple-tab-span> </SPAN>----a-w-<SPAN style="WHITE-SPACE: pre" class=Apple-tab-span> </SPAN>c:\windows\SysWow64\packager.dll</DIV>

<DIV>2012-01-03 13:10 . 2012-01-03 13:10<SPAN style="WHITE-SPACE: pre" class=Apple-tab-span> </SPAN>182672<SPAN style="WHITE-SPACE: pre" class=Apple-tab-span> </SPAN>----a-w-<SPAN style="WHITE-SPACE: pre" class=Apple-tab-span> </SPAN>c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll</DIV>

<DIV>(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))</DIV>

<DIV>2011-12-15 19:28 . 2011-06-15 02:56<SPAN style="WHITE-SPACE: pre" class=Apple-tab-span> </SPAN>414368<SPAN style="WHITE-SPACE: pre" class=Apple-tab-span> </SPAN>----a-w-<SPAN style="WHITE-SPACE: pre" class=Apple-tab-span> </SPAN>c:\windows\SysWow64\FlashPlayerCPLApp.cpl</DIV>

<DIV>2011-12-10 23:24 . 2010-12-28 00:32<SPAN style="WHITE-SPACE: pre" class=Apple-tab-span> </SPAN>23152<SPAN style="WHITE-SPACE: pre" class=Apple-tab-span> </SPAN>----a-w-<SPAN style="WHITE-SPACE: pre" class=Apple-tab-span> </SPAN>c:\windows\system32\drivers\mbam.sys</DIV>

<DIV>2011-12-07 21:12 . 2011-12-07 17:25<SPAN style="WHITE-SPACE: pre" class=Apple-tab-span> </SPAN>485576<SPAN style="WHITE-SPACE: pre" class=Apple-tab-span> </SPAN>----a-w-<SPAN style="WHITE-SPACE: pre" class=Apple-tab-span> </SPAN>c:\users\McGilvray\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalina Marketing Corp\UninstallCouponActivator.exe</DIV>

<DIV>2011-11-29 19:09 . 2011-11-29 19:09<SPAN style="WHITE-SPACE: pre" class=Apple-tab-span> </SPAN>158056<SPAN style="WHITE-SPACE: pre" class=Apple-tab-span> </SPAN>----a-w-<SPAN style="WHITE-SPACE: pre" class=Apple-tab-span> </SPAN>c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10139.bin</DIV>

<DIV>2011-11-24 05:00 . 2011-12-14 19:56<SPAN style="WHITE-SPACE: pre" class=Apple-tab-span> </SPAN>3141632<SPAN style="WHITE-SPACE: pre" class=Apple-tab-span> </SPAN>----a-w-<SPAN style="WHITE-SPACE: pre" class=Apple-tab-span> </SPAN>c:\windows\system32\win32k.sys</DIV>

<DIV>2011-11-05 05:26 . 2011-12-14 19:59<SPAN style="WHITE-SPACE: pre" class=Apple-tab-span> </SPAN>1197568<SPAN style="WHITE-SPACE: pre" class=Apple-tab-span> </SPAN>----a-w-<SPAN style="WHITE-SPACE: pre" class=Apple-tab-span> </SPAN>c:\windows\system32\wininet.dll</DIV>

<DIV>2011-11-05 05:23 . 2011-12-14 19:59<SPAN style="WHITE-SPACE: pre" class=Apple-tab-span> </SPAN>57856<SPAN style="WHITE-SPACE: pre" class=Apple-tab-span> </SPAN>----a-w-<SPAN style="WHITE-SPACE: pre" class=Apple-tab-span> </SPAN>c:\windows\system32\licmgr10.dll</DIV>

<DIV>2011-11-05 05:17 . 2011-12-14 19:54<SPAN style="WHITE-SPACE: pre" class=Apple-tab-span> </SPAN>2048<SPAN style="WHITE-SPACE: pre" class=Apple-tab-span> </SPAN>----a-w-<SPAN style="WHITE-SPACE: pre" class=Apple-tab-span> </SPAN>c:\windows\system32\tzres.dll</DIV>

<DIV>2011-11-05 04:35 . 2011-12-14 19:59<SPAN style="WHITE-SPACE: pre" class=Apple-tab-span> </SPAN>981504<SPAN style="WHITE-SPACE: pre" class=Apple-tab-span> </SPAN>----a-w-<SPAN style="WHITE-SPACE: pre" class=Apple-tab-span> </SPAN>c:\windows\SysWow64\wininet.dll</DIV>

<DIV>2011-11-05 04:34 . 2011-12-14 19:59<SPAN style="WHITE-SPACE: pre" class=Apple-tab-span> </SPAN>44544<SPAN style="WHITE-SPACE: pre" class=Apple-tab-span> </SPAN>----a-w-<SPAN style="WHITE-SPACE: pre" class=Apple-tab-span> </SPAN>c:\windows\SysWow64\licmgr10.dll</DIV>

<DIV>2011-11-05 04:30 . 2011-12-14 19:54<SPAN style="WHITE-SPACE: pre" class=Apple-tab-span> </SPAN>2048<SPAN style="WHITE-SPACE: pre" class=Apple-tab-span> </SPAN>----a-w-<SPAN style="WHITE-SPACE: pre" class=Apple-tab-span> </SPAN>c:\windows\SysWow64\tzres.dll</DIV>

<DIV>2011-11-05 04:07 . 2011-12-14 19:59<SPAN style="WHITE-SPACE: pre" class=Apple-tab-span> </SPAN>482816<SPAN style="WHITE-SPACE: pre" class=Apple-tab-span> </SPAN>----a-w-<SPAN style="WHITE-SPACE: pre" class=Apple-tab-span> </SPAN>c:\windows\system32\html.iec</DIV>

<DIV>2011-11-05 03:28 . 2011-12-14 19:59<SPAN style="WHITE-SPACE: pre" class=Apple-tab-span> </SPAN>386048<SPAN style="WHITE-SPACE: pre" class=Apple-tab-span> </SPAN>----a-w-<SPAN style="WHITE-SPACE: pre" class=Apple-tab-span> </SPAN>c:\windows\SysWow64\html.iec</DIV>

<DIV>2011-11-05 03:25 . 2011-12-14 19:59<SPAN style="WHITE-SPACE: pre" class=Apple-tab-span> </SPAN>1638912<SPAN style="WHITE-SPACE: pre" class=Apple-tab-span> </SPAN>----a-w-<SPAN style="WHITE-SPACE: pre" class=Apple-tab-span> </SPAN>c:\windows\system32\mshtml.tlb</DIV>

<DIV>2011-11-05 02:55 . 2011-12-14 19:59<SPAN style="WHITE-SPACE: pre" class=Apple-tab-span> </SPAN>1638912<SPAN style="WHITE-SPACE: pre" class=Apple-tab-span> </SPAN>----a-w-<SPAN style="WHITE-SPACE: pre" class=Apple-tab-span> </SPAN>c:\windows\SysWow64\mshtml.tlb</DIV>

<DIV>((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))</DIV>

<DIV>*Note* empty entries & legit default entries are not shown </DIV>

<DIV>REGEDIT4</DIV>

<DIV>[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]</DIV>

<DIV>"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-12-14 1514152]</DIV>

<DIV>[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]</DIV>

<DIV>[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]</DIV>

<DIV>2011-12-14 23:51<SPAN style="WHITE-SPACE: pre" class=Apple-tab-span> </SPAN>1514152<SPAN style="WHITE-SPACE: pre" class=Apple-tab-span> </SPAN>----a-w-<SPAN style="WHITE-SPACE: pre" class=Apple-tab-span> </SPAN>c:\program files (x86)\Ask.com\GenericAskToolbar.dll</DIV>

<DIV>[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]</DIV>

<DIV>"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-12-14 1514152]</DIV>

<DIV>[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]</DIV>

<DIV>[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]</DIV>

<DIV>[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]</DIV>

<DIV>[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]</DIV>

<DIV>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</DIV>

<DIV>"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-25 39408]</DIV>

<DIV>"DW6"="c:\program files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe" [2011-06-08 822456]</DIV>

<DIV>"AROReminder"="c:\program files (x86)\Advanced Registry Optimizer\ARO.exe" [2010-07-27 2216968]</DIV>

<DIV>"GameXN (update)"="c:\programdata\GameXN\GameXNGO.exe" [2011-09-10 347008]</DIV>

<DIV>"GameXN (news)"="c:\programdata\GameXN\GameXNGO.exe" [2011-09-10 347008]</DIV>

<DIV>"GameXN"="c:\programdata\GameXN\GameXNGO.exe" [2011-09-10 347008]</DIV>

<DIV>"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304]</DIV>

<DIV>"Facebook Update"="c:\users\McGilvray\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-09-19 137536]</DIV>

<DIV>[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]</DIV>

<DIV>"SmartWiHelper"="c:\program files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" [2009-10-05 80384]</DIV>

<DIV>"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2009-08-27 320880]</DIV>

<DIV>"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2009-10-24 597792]</DIV>

<DIV>"ccApp"="c:\program files (x86)\Common Files\Symantec Shared\ccApp.exe" [2009-07-09 115560]</DIV>

<DIV>"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]</DIV>

<DIV>"Monitor"="c:\program files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe" [2010-11-19 193880]</DIV>

<DIV>"Adobe Photo Downloader"="c:\program files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe" [2007-09-11 67488]</DIV>

<DIV>"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-01-03 35736]</DIV>

<DIV>"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]</DIV>

<DIV>"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]</DIV>

<DIV>"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2011-05-26 273544]</DIV>

<DIV>"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2011-12-14 1398440]</DIV>

<DIV>"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]</DIV>

<DIV>"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]</DIV>

<DIV>"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]</DIV>

<DIV>"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]</DIV>

<DIV>"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]</DIV>

<DIV>c:\users\McGilvray\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\</DIV>

<DIV>Advanced Registry Optimizer.lnk - c:\program files (x86)\Advanced Registry Optimizer\ARO.exe [2011-2-13 2216968]</DIV>

<DIV>DING!.lnk - c:\program files (x86)\Southwest Airlines\Ding\Ding.exe [2006-6-22 462848]</DIV>

<DIV>c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\</DIV>

<DIV>Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 1081632]</DIV>

<DIV>Marketsplash Print Software.lnk - c:\program files (x86)\Hewlett-Packard\Marketsplash by HP\HPLocalWebPrintAgent.exe [2010-10-11 93752]</DIV>

<DIV>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]</DIV>

<DIV>"ConsentPromptBehaviorAdmin"= 5 (0x5)</DIV>

<DIV>"ConsentPromptBehaviorUser"= 3 (0x3)</DIV>

<DIV>"EnableUIADesktopToggle"= 0 (0x0)</DIV>

<DIV>[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]</DIV>

<DIV>2009-11-05 02:32<SPAN style="WHITE-SPACE: pre" class=Apple-tab-span> </SPAN>98304<SPAN style="WHITE-SPACE: pre" class=Apple-tab-span> </SPAN>----a-w-<SPAN style="WHITE-SPACE: pre" class=Apple-tab-span> </SPAN>c:\windows\System32\VESWinlogon.dll</DIV>

<DIV>[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]</DIV>

<DIV>"aux"=wdmaud.drv</DIV>

<DIV>[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]</DIV>

<DIV>Security Packages<SPAN style="WHITE-SPACE: pre" class=Apple-tab-span> </SPAN>REG_MULTI_SZ <SPAN style="WHITE-SPACE: pre" class=Apple-tab-span></SPAN>kerberos msv1_0 schannel wdigest tspkg pku2u livessp</DIV>

<DIV>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]</DIV>

<DIV>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]</DIV>

<DIV>@="Service"</DIV>

<DIV>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]</DIV>

<DIV>@="Service"</DIV>

<DIV>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]</DIV>

<DIV>@="Service"</DIV>

<DIV>[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]</DIV>

<DIV>"DisableMonitoring"=dword:00000001</DIV>

<DIV>R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]</DIV>

<DIV>R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]</DIV>

<DIV>R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-25 135664]</DIV>

<DIV>R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-08-31 362992]</DIV>

<DIV>R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]</DIV>

<DIV>R3 FlyUsb;FLY Fusion;c:\windows\system32\DRIVERS\FlyUsb.sys [x]</DIV>

<DIV>R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-25 135664]</DIV>

<DIV>R3 MSSQL$DDNI;SQL Server (DDNI);c:\program files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\sqlservr.exe [2009-03-30 43010392]</DIV>

<DIV>R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-08-31 313840]</DIV>

<DIV>R3 SampleCollector;Intel® Sample Collector;c:\program files\Sony\VAIO Care\collsvc.exe [2009-09-17 167424]</DIV>

<DIV>R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-10-16 120104]</DIV>

<DIV>R3 SOHDBSvr;VAIO Media plus Database Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-10-16 70952]</DIV>

<DIV>R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-10-16 427304]</DIV>

<DIV>R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-10-16 75048]</DIV>

<DIV>R3 SOHPlMgr;VAIO Media plus Playlist Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-10-16 91432]</DIV>

<DIV>R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]</DIV>

<DIV>R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]</DIV>

<DIV>R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]</DIV>

<DIV>R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]</DIV>

<DIV>R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-09-16 480624]</DIV>

<DIV>R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2009-09-02 361840]</DIV>

<DIV>R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2009-09-09 110960]</DIV>

<DIV>R3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe [2009-10-30 1165680]</DIV>

<DIV>R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]</DIV>

<DIV>R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files (x86)\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-03-31 47128]</DIV>

<DIV>R4 SQLAgent$DDNI;SQL Server Agent (DDNI);c:\program files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]</DIV>

<DIV>S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]</DIV>

<DIV>S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]</DIV>

<DIV>S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]</DIV>

<DIV>S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]</DIV>

<DIV>S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752]</DIV>

<DIV>S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]</DIV>

<DIV>S2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [2011-08-14 49152]</DIV>

<DIV>S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]</DIV>

<DIV>S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [2009-09-17 189984]</DIV>

<DIV>S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]</DIV>

<DIV>S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-09-15 642416]</DIV>

<DIV>S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]</DIV>

<DIV>S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-01-16 138360]</DIV>

<DIV>S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]</DIV>

<DIV>S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [x]</DIV>

<DIV>S3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2009-11-19 571248]</DIV>

<DIV>S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]</DIV>

<DIV>Contents of the 'Scheduled Tasks' folder</DIV>

<DIV>2012-01-30 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3433877063-799979752-1565309084-1004Core.job</DIV>

<DIV>- c:\users\McGilvray\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-19 04:21]</DIV>

<DIV>2012-01-31 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3433877063-799979752-1565309084-1004UA.job</DIV>

<DIV>- c:\users\McGilvray\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-19 04:21]</DIV>

<DIV>2012-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job</DIV>

<DIV>- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-25 14:54]</DIV>

<DIV>2012-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job</DIV>

<DIV>- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-11-25 14:54]</DIV>

<DIV>2012-01-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3433877063-799979752-1565309084-1004Core.job</DIV>

<DIV>- c:\users\McGilvray\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-17 20:59]</DIV>

<DIV>2012-01-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3433877063-799979752-1565309084-1004UA.job</DIV>

<DIV>- c:\users\McGilvray\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-17 20:59]</DIV>

<DIV>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</DIV>

<DIV>"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]</DIV>

<DIV>"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-10-22 165912]</DIV>

<DIV>"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-10-22 387608]</DIV>

<DIV>"Persistence"="c:\windows\system32\igfxpers.exe" [2009-10-22 365592]</DIV>

<DIV>"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-09-17 7938080]</DIV>

<DIV>"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-09-17 1833504]</DIV>

<DIV>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]</DIV>

<DIV>"LoadAppInit_DLLs"=0x0</DIV>

<DIV>------- Supplementary Scan -------</DIV>

<DIV>uLocal Page = c:\windows\system32\blank.htm</DIV>

<DIV>uStart Page = hxxp://www.bing.com/?pc=Z039&form=ZGAPHP</DIV>

<DIV>uDefault_Search_URL = hxxp://www.google.com/ie</DIV>

<DIV>mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT</DIV>

<DIV>mLocal Page = c:\windows\SysWOW64\blank.htm</DIV>

<DIV>uInternet Settings,ProxyOverride = *.local</DIV>

<DIV>uSearchAssistant = hxxp://www.google.com/ie</DIV>

<DIV>uSearchURL,(Default) = hxxp://www.google.com/search?q=%s</DIV>

<DIV>IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200</DIV>

<DIV>IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000</DIV>

<DIV>Trusted Zone: intuit.com\ttlc</DIV>

<DIV>TCP: DhcpNameServer = 75.75.75.75 75.75.76.76</DIV>

<DIV>- - - - ORPHANS REMOVED - - - -</DIV>

<DIV>SafeBoot-Symantec Antvirus</DIV>

<DIV>WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)</DIV>

<DIV>HKLM-Run-Apoint - c:\program files (x86)\Apoint\Apoint.exe</DIV>

<DIV>AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe</DIV>

<DIV>AddRemove-Search Toolbar - c:\program files (x86)\Search Toolbar\SearchToolbarUninstall.exe</DIV>

<DIV>[HKEY_LOCAL_MACHINE\system\ControlSet001\services\SampleCollector]</DIV>

<DIV>"ImagePath"="\"c:\program files\Sony\VAIO Care\collsvc.exe\" \"/service\" \"/counter=\Processor(_Total)\% Processor Time:5\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5\" \"/counter=\Network Interface(*)\Bytes Total/sec:5\" \"/directory=inteldata\""</DIV>

<DIV>--------------------- LOCKED REGISTRY KEYS ---------------------</DIV>

<DIV>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]</DIV>

<DIV>@Denied: (A 2) (Everyone)</DIV>

<DIV>@="FlashBroker"</DIV>

<DIV>"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"</DIV>

<DIV>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]</DIV>

<DIV>"Enabled"=dword:00000001</DIV>

<DIV>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]</DIV>

<DIV>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"</DIV>

<DIV>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]</DIV>

<DIV>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]</DIV>

<DIV>@Denied: (A 2) (Everyone)</DIV>

<DIV>@="Shockwave Flash Object"</DIV>

<DIV>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]</DIV>

<DIV>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"</DIV>

<DIV>"ThreadingModel"="Apartment"</DIV>

<DIV>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]</DIV>

<DIV>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]</DIV>

<DIV>@="ShockwaveFlash.ShockwaveFlash.10"</DIV>

<DIV>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]</DIV>

<DIV>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"</DIV>

<DIV>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]</DIV>

<DIV>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]</DIV>

<DIV>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]</DIV>

<DIV>@="ShockwaveFlash.ShockwaveFlash"</DIV>

<DIV>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]</DIV>

<DIV>@Denied: (A 2) (Everyone)</DIV>

<DIV>@="Macromedia Flash Factory Object"</DIV>

<DIV>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]</DIV>

<DIV>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"</DIV>

<DIV>"ThreadingModel"="Apartment"</DIV>

<DIV>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]</DIV>

<DIV>@="FlashFactory.FlashFactory.1"</DIV>

<DIV>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]</DIV>

<DIV>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"</DIV>

<DIV>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]</DIV>

<DIV>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]</DIV>

<DIV>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]</DIV>

<DIV>@="FlashFactory.FlashFactory"</DIV>

<DIV>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]</DIV>

<DIV>@Denied: (A 2) (Everyone)</DIV>

<DIV>@="IFlashBroker4"</DIV>

<DIV>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]</DIV>

<DIV>[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]</DIV>

<DIV>"Version"="1.0"</DIV>

<DIV>[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]</DIV>

<DIV>@Denied: (Full) (Everyone)</DIV>

<DIV>Completion time: 2012-01-30 19:09:00</DIV>

<DIV>ComboFix-quarantined-files.txt 2012-01-31 03:08</DIV>

<DIV>Pre-Run: 177,490,796,544 bytes free</DIV>

<DIV>Post-Run: 179,459,121,152 bytes free</DIV>

LDTate · January 31, 2012

How's it running now?

mcgilvraydh · January 31, 2012

Well I thought it might be fixed because after I posted the above scan report it stayed on for longer than it had been doing. However after some time it again crashed. It said there was an error and forcing a shut down. (Blue screen with a lot of text I couldn't read before it shut down). Then it started in the same loop saying operating system not found. I turned it off and I haven't turned it back on again after that.

LDTate · January 31, 2012

Uninstall Advanced Registry Optimizer and see if that helps

mcgilvraydh · February 1, 2012

Nope still doing the same thing

LDTate · February 1, 2012

I don't think it's an infection cause the issues.

Give this a try.

How to Do a Repair Install to Fix Windows 7

http://www.sevenforums.com/tutorials/3413-repair-install.html

mcgilvraydh · February 1, 2012

Thank you so much for your help on this.

I gave it a try. I downloaded the above link and ran the scan. It found a lot of errors and fixed them. But now again it just crashed and is saying the same black screen with Operating System Not Found.

Any other ideas?

LDTate · February 1, 2012

Did you do the Repair Install of your Windows OS?

mcgilvraydh · February 1, 2012

Oh I think I did something wrong. When I clicked on the above link at the top there was a button that said

scan your PC for errors." I assumed that is what I was supposed to do so that is what I did.

Now I realize that if I had scrolled down I woud have seen the directions Repair Install.

I was just getting ready to do that when I read this:

You cannot use a OEM Windows 7 "Factory" Restore/Recovery type of installation disc that came with or created from a store bought computer to do a repair install with. These can only be used do a clean install

I am pretty sure this what my computer had. In fact there is still a sticker on it that says Windows 7.

LDTate · February 1, 2012

See if this helps

Windows 7 - System Restore

http://www.sevenforums.com/tutorials/700-system-restore.html

See Option one.

mcgilvraydh · February 2, 2012

I think it may be functioning properly now. I will have to try again tomorrow and let you know. So far it has been open for an hour which is the longest it has gone without crashing in a week.

Thanks again for you help with this.

LDTate · February 2, 2012

Was it the Repair Install or the System Restore?

mcgilvraydh · February 2, 2012

It was the System Restore. I had to create a file for it to go back to so I had to put the date of yesterday. I didn't have a restore option to go back to at an earlier date so it made me a little nervous because I am wondering if it will still have the same problems?

I just got on today so I am going to see what it does.

Heather

mcgilvraydh · February 2, 2012

Well bad news again. I had it open/on for the morning and it wasn't crashing but I noticed that it was running pretty slowly. Took quite a bit of time to open a web page, etc. Then as I was writing an email it just crashed, giving me the same error pages.

LDTate · February 2, 2012

I'm not seeing any infections.

I'm not sure if you're having hardware or software issues.

You can try another Combofix scan if you like.

LDTate · February 8, 2012

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Windows Error Recovery-Malware?

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information