TechSpot

Google redirect bug

By daveym1983
May 22, 2012
  1. My computer is infected with a virus that redirects to other pages after I click a link from a Google search. I would appreciate any help in removing this. Thanks

    Malwarebytes Anti-Malware (Trial) 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.05.22.03

    Windows Vista Service Pack 1 x86 NTFS
    Internet Explorer 8.0.6001.19088

    David :: SONY-LAPTOP [administrator]

    Protection: Enabled

    22/05/2012 21:38:13
    mbam-log-2012-05-22 (21-38-13).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 232291
    Time elapsed: 2 minute(s), 26 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)


    MER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-05-22 21:15:27
    Windows 6.0.6001 Service Pack 1
    Running: p9d4redo.exe; Driver: C:\Users\David\AppData\Local\Temp\kwliypob.sys


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\001e3d028a02 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\00214f5169a2 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\00214f577747 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\00214f577747@001842e9e304 0x38 0xB8 0x67 0xC5 ...
    Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\00214f577747@2421abed309f 0xD7 0x97 0x90 0x88 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e3d028a02
    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00214f5169a2
    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00214f577747
    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00214f577747@001842e9e304 0x38 0xB8 0x67 0xC5 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00214f577747@2421abed309f 0xD7 0x97 0x90 0x88 ...
    Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\001e3d028a02 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\00214f5169a2 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\00214f577747 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\00214f577747@001842e9e304 0x38 0xB8 0x67 0xC5 ...
    Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\00214f577747@2421abed309f 0xD7 0x97 0x90 0x88 ...
    Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\001e3d028a02 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\00214f5169a2 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\00214f577747 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\00214f577747@001842e9e304 0x38 0xB8 0x67 0xC5 ...
    Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\00214f577747@2421abed309f 0xD7 0x97 0x90 0x88 ...
    Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\001e3d028a02 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\00214f5169a2 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\00214f577747 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\00214f577747@001842e9e304 0x38 0xB8 0x67 0xC5 ...
    Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\00214f577747@2421abed309f 0xD7 0x97 0x90 0x88 ...
    Reg HKLM\SYSTEM\ControlSet007\Services\BTHPORT\Parameters\Keys\001e3d028a02 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet007\Services\BTHPORT\Parameters\Keys\00214f5169a2 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet007\Services\BTHPORT\Parameters\Keys\00214f577747 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet007\Services\BTHPORT\Parameters\Keys\00214f577747@001842e9e304 0x38 0xB8 0x67 0xC5 ...
    Reg HKLM\SYSTEM\ControlSet007\Services\BTHPORT\Parameters\Keys\00214f577747@2421abed309f 0xD7 0x97 0x90 0x88 ...

    ---- EOF - GMER 1.0.15 ----
     
  2. daveym1983

    daveym1983 TS Rookie Topic Starter Posts: 30

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.19088 BrowserJavaVersion: 1.6.0_31
    Run by David at 21:16:11 on 2012-05-22
    Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.353.1033.18.3038.1503 [GMT 1:00]
    .
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\RtkAudioService.exe
    C:\Windows\system32\rundll32.exe
    C:\Program Files\Protector Suite QL\upeksvr.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Program Files\Sony\ISB Utility\ISBMgr.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Windows\system32\svchost.exe -k hpdevmgmt
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
    C:\Program Files\Kontiki\KService.exe
    C:\Windows\StartupMonitor.exe
    C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
    C:\Program Files\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Sony\Network Utility\LANUtil.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe
    C:\Program Files\Protector Suite QL\psqltray.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files\Sony\Network Utility\NSUService.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
    C:\Program Files\Sony\VAIO Power Management\SPMService.exe
    C:\Windows\system32\DllHost.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k HPService
    C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
    C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
    C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
    C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\wermgr.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Windows\System32\svchost.exe -k NetworkService
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\REGSVR32.exe
    C:\Windows\system32\conime.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.ie/
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: MHURLSearchHook Class: {1c4ab6a5-595f-4e86-b15f-f93cce2bbd48} - c:\program files\celebrity toolbar\tbhelper.dll
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: MHTBPos00 Class: {0c37b053-fd68-456a-82e1-d788ee342e6f} - c:\program files\celebrity toolbar\tbcore3.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
    BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\progra~1\google~1\BAE.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
    TB: Celebrity Toolbar: {fd2fd708-1f6f-4b68-b141-c5778f0c19bb} - c:\program files\celebrity toolbar\tbcore3.dll
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
    uRun: [NSUFloatingUI] "c:\program files\sony\network utility\LANUtil.exe"
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [Nokia.PCSync] "c:\program files\nokia\nokia pc suite 7\PCSync2.exe" /NoDialog
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
    mRun: [ISBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe"
    mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
    mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
    mRun: [PSQLLauncher] "c:\program files\protector suite ql\launcher.exe" /startup
    mRun: [MarketingTools] c:\program files\sony\marketing tools\MarketingTools.exe
    mRun: [AML] c:\program files\sony\vaio launcher\AML.exe InitApp
    mRun: [Run StartupMonitor] StartupMonitor.exe
    mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: DisableCAD = 1 (0x1)
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    TCP: DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{8A6E4EFB-BE48-4C95-B171-A5176696F996} : DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{A575AA6B-D6D6-4D3C-BEAD-63611D847F94} : DhcpNameServer = 192.168.1.254
    Notify: psfus - c:\windows\system32\psqlpwd.dll
    Notify: VESWinlogon - VESWinlogon.dll
    AppInit_DLLs: c:\progra~1\google\google~1\googledesktopnetwork3.dll c:\progra~1\google\google~1\GOEC62~1.DLL
    LSA: Notification Packages = scecli psqlpwd
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\david\appdata\roaming\mozilla\firefox\profiles\knnxaer7.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.ie/ig
    FF - prefs.js: network.proxy.type - 0
    FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
    FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
    FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
    FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
    FF - plugin: c:\program files\picasa2\npPicasa2.dll
    FF - plugin: c:\program files\picasa2\npPicasa3.dll
    FF - plugin: c:\program files\veetle\player\npvlc.dll
    FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
    FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll
    FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\users\david\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-2-18 435032]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-2-18 314456]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-2-18 20568]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-2-18 55128]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-2-18 44768]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-2-16 654408]
    R2 NSUService;NSUService;c:\program files\sony\network utility\NSUService.exe [2008-8-20 299008]
    R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-18 11032]
    R2 RtkAudioService;Realtek Audio Service;c:\windows\RTKAUDIOSERVICE.EXE [2008-7-31 98304]
    R2 VAIO Power Management;VAIO Power Management;c:\program files\sony\vaio power management\SPMService.exe [2008-7-31 411488]
    R2 VCFw;VAIO Content Folder Watcher;c:\program files\common files\sony shared\vaio content folder watcher\VCFw.exe [2008-6-20 415744]
    R3 AVerAVF2;AVerAVF2;c:\windows\system32\drivers\AVerAVF2.sys [2008-7-31 979584]
    R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2008-7-31 29736]
    R3 JMCR_CFS;JMCR_CFS;c:\windows\system32\drivers\jmcr_cfs.sys [2008-7-2 52752]
    R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2009-12-25 114672]
    R3 kwliypob;kwliypob;c:\users\david\appdata\local\temp\kwliypob.sys [2012-5-22 100864]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-2-16 22344]
    R3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\drivers\NETw5v32.sys [2008-4-28 3658752]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-7-31 44064]
    R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2010-9-18 27632]
    R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2008-7-31 9344]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-1 135664]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-9 257696]
    S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2009-4-6 13224]
    S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-8-20 30192]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-1 135664]
    S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-28 129976]
    S3 SOHCImp;VAIO Media plus Content Importer;c:\program files\sony\vaio media plus\SOHCImp.exe [2008-8-20 103712]
    S3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\sony\vaio media plus\SOHDms.exe [2008-8-20 353568]
    S3 SOHDs;VAIO Media plus Device Searcher;c:\program files\sony\vaio media plus\SOHDs.exe [2008-8-20 62752]
    S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\sony ericsson\sony ericsson pc companion\PCCService.exe [2010-9-19 155344]
    S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe [2008-8-20 337184]
    S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper.exe [2008-8-20 83232]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2012-05-16 18:51:18 6734704 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{602d7b5c-d2d3-4a8f-be5e-74df134eb8d1}\mpengine.dll
    2012-04-29 22:06:51 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
    2012-04-29 22:06:51 190464 ----a-w- c:\windows\system32\iphlpsvc.dll
    2012-04-27 23:34:49 -------- d-----w- c:\program files\Mozilla Maintenance Service
    2012-04-27 23:34:32 157352 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe
    2012-04-27 23:34:32 129976 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe
    .
    ==================== Find3M ====================
    .
    2012-05-06 13:26:14 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-05-06 13:26:13 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-05-06 13:26:10 4140192 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
    2012-04-04 14:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-02-26 01:07:20 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2012-02-23 09:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe
    .
    ============= FINISH: 21:23:11.85 ===============
     
  3. daveym1983

    daveym1983 TS Rookie Topic Starter Posts: 30

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft® Windows Vista™ Ultimate
    Boot Device: \Device\HarddiskVolume2
    Install Date: 29/10/2008 02:20:30
    System Uptime: 22/05/2012 17:47:27 (4 hours ago)
    .
    Motherboard: Sony Corporation | | VAIO
    Processor: Intel(R) Core(TM)2 Duo CPU T9600 @ 2.80GHz | N/A | 2801/266mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 107 GiB total, 9.553 GiB free.
    D: is FIXED (NTFS) - 466 GiB total, 363.95 GiB free.
    E: is Removable
    F: is Removable
    G: is Removable
    H: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
    Description: Photosmart C4700 series
    Device ID: ROOT\IMAGE\0000
    Manufacturer: HP
    Name: Photosmart C4700 series
    PNP Device ID: ROOT\IMAGE\0000
    Service: StillCam
    .
    Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
    Description: Photosmart C4700 series
    Device ID: ROOT\MULTIFUNCTION\0000
    Manufacturer: HP
    Name: Photosmart C4700 series
    PNP Device ID: ROOT\MULTIFUNCTION\0000
    Service:
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    .
    Update for Microsoft Office 2007 (KB2508958)
    32 Bit HP CIO Components Installer
    7-Zip 4.57
    Activation Assistant for the 2007 Microsoft Office suites
    Adobe Acrobat 8 Standard - English, Français, Deutsch
    Adobe Acrobat 8.1.3 Standard
    Adobe Common File Installer
    Adobe Download Manager
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Photoshop Elements 6.0
    Adobe Premiere Elements 4.0
    Adobe Premiere Elements 4.0 Templates
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ArcSoft WebCam Companion 2
    AudibleManager
    avast! Free Antivirus
    Big Fish Games Game Suite
    BitTornado 0.3.17
    Bonjour
    Browser Address Error Redirector
    BufferChm
    C4700
    Click to Disc
    Click to Disc Editor
    Compatibility Pack for the 2007 Office system
    Coupon Printer for Windows
    COWON Media Center - jetAudio Basic VX
    COWON S9 User's Guide
    Destinations
    DeviceDiscovery
    DivX Converter
    DivX Converter Mobile
    DivX Plus DirectShow Filters
    DivX Setup
    DivX Version Checker
    Dolby Control Center
    DSD Direct
    DSD Direct Player
    DSD Playback Plug-in
    eircom broadband usage meter
    ESET Online Scanner v3
    ffdshow
    FLFooty TV 2.2
    FM Genie Scout 11 version 1.00
    FMRTE
    FMRTE 5.2.3
    Football Manager 2011
    Football Manager 2012
    FootyOnline.tv
    Google Chrome
    Google Desktop
    Google Earth
    Google Talk (remove only)
    Google Toolbar for Internet Explorer
    Google Update Helper
    Google Updater
    Gordon's Gate Flash Driver 2.2.0.8
    GPBaseService2
    H264 Codecs
    HDAUDIO SoftV92 Data Fax Modem with SmartCP
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Customer Participation Program 14.0
    HP Imaging Device Functions 14.0
    HP Photo Creations
    HP Photosmart C4700 All-in-One Driver Software 14.0 Rel. 6
    HP Smart Web Printing 4.60
    HP Solution Center 14.0
    HP Update
    HPPhotoGadget
    HPProductAssistant
    HPSSupply
    Intel PROSet Wireless
    Intel(R) PROSet/Wireless WiFi Software
    Intel® Matrix Storage Manager
    IPTV
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 31
    Java(TM) 6 Update 7
    JMicron JMB368 ExpressCard CF Adapter
    KeyScrambler
    LG PC Suite II
    LG USB Modem driver
    Malwarebytes Anti-Malware version 1.61.0.1400
    MarketResearch
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Professional 2007
    Microsoft Office Professional 2007 Trial
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Works
    MKV Player 2.0.1
    Mozilla Firefox 12.0 (x86 en-GB)
    Mozilla Maintenance Service
    MSVC80_x86
    MSVCRT
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB941833)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Music Transfer
    Network
    Nokia Connectivity Cable Driver
    Nokia PC Suite
    NVIDIA Drivers
    OpenMG Secure Module 5.1.00
    PC Connectivity Solution
    Picasa 3
    Primo
    Protector Suite QL 5.6
    PS_AIO_06_C4700_SW_Min
    PVSonyDll
    QuickTime
    QuickTransfer
    RealPlayer
    Realtek High Definition Audio Driver
    Revo Uninstaller 1.85
    Roxio Central Audio
    Roxio Central Copy
    Roxio Central Core
    Roxio Central Data
    Roxio Central Tools
    Roxio Easy Media Creator 10 LJ
    Roxio Easy Media Creator Home
    Scan
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
    Setting Utility Series
    Shop for HP Supplies
    Sky Player
    Skype™ 5.5
    SmartWebPrinting
    SolutionCenter
    SonicStage Mastering Studio
    SonicStage Mastering Studio Audio Filter
    SonicStage Mastering Studio Audio Filter Custom Preset
    SonicStage Mastering Studio Plugins
    Sony Ericsson PC Companion 2.01.217
    Sony Ericsson Update Engine
    Sony Image Data Suite
    Sony Picture Utility
    Sony Video Shared Library
    StartupMonitor
    Status
    Steam
    Synaptics Pointing Device Driver
    ThemeEditor
    Toolbox
    TrayApp
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2598290) 32-Bit Edition
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update Service
    UseNeXT
    VAIO BD Menu Data
    VAIO Content Folder Setting
    VAIO Content Metadata Intelligent Analyzing Manager
    VAIO Content Metadata Manager Setting
    VAIO Content Metadata XML Interface Library
    VAIO Control Center
    VAIO Data Restore Tool
    VAIO DVD Menu Data Basic
    VAIO Edit Components 6.4
    VAIO Entertainment Platform
    VAIO Event Service
    VAIO Guide 
    VAIO Launcher
    VAIO Marketing Tools
    VAIO Media plus
    VAIO Movie Story
    VAIO Movie Story Template Data
    VAIO MusicBox Sample Music
    VAIO Original Function Setting
    VAIO Power Management
    VAIO Presentation Support
    VAIO Smart Network
    VAIO Update 4
    VAIO Wallpaper Contents
    VC80CRTRedist - 8.0.50727.6195
    Veetle TV 0.9.18
    VideoLAN VLC media player 0.8.1
    Virtual Earth 3D (Beta)
    WebReg
    WIDCOMM Bluetooth Software 6.2.0.4100
    Winamp (remove only)
    Windows Driver Package - Nokia Modem (05/22/2008 3.8)
    Windows Driver Package - Nokia Modem (05/22/2008 7.00.0.1)
    Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Upload Tool
    Windows Media Player Firefox Plugin
    WinDVD BD for VAIO
    WinRAR archiver
    x264 Revision 534 x264.nl (remove only)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    20/05/2012 15:55:30, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the VzCdbSvc service.
    20/05/2012 09:43:45, Error: EventLog [6008] - The previous system shutdown at 21:45:54 on 18/05/2012 was unexpected.
    16/05/2012 21:32:21, Error: disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
    16/05/2012 20:21:42, Error: Service Control Manager [7034] - The Terminal Services service terminated unexpectedly. It has done this 3 time(s).
    16/05/2012 20:21:42, Error: Service Control Manager [7034] - The Telephony service terminated unexpectedly. It has done this 3 time(s).
    16/05/2012 20:21:42, Error: Service Control Manager [7034] - The Network Location Awareness service terminated unexpectedly. It has done this 3 time(s).
    16/05/2012 20:21:42, Error: Service Control Manager [7034] - The KtmRm for Distributed Transaction Coordinator service terminated unexpectedly. It has done this 3 time(s).
    16/05/2012 20:21:42, Error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 3 time(s).
    16/05/2012 20:15:41, Error: Service Control Manager [7034] - The Cryptographic Services service terminated unexpectedly. It has done this 2 time(s).
    16/05/2012 20:15:41, Error: Service Control Manager [7031] - The Terminal Services service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    16/05/2012 20:15:41, Error: Service Control Manager [7031] - The Telephony service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    16/05/2012 20:15:41, Error: Service Control Manager [7031] - The Network Location Awareness service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
    16/05/2012 20:15:41, Error: Service Control Manager [7031] - The KtmRm for Distributed Transaction Coordinator service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 11000 milliseconds: Restart the service.
    16/05/2012 20:15:41, Error: Service Control Manager [7031] - The DNS Client service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    16/05/2012 20:14:40, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Telephony service, but this action failed with the following error: An instance of the service is already running.
    16/05/2012 20:12:40, Error: Service Control Manager [7031] - The Terminal Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    16/05/2012 20:12:40, Error: Service Control Manager [7031] - The Telephony service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    16/05/2012 20:12:40, Error: Service Control Manager [7031] - The Network Location Awareness service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
    16/05/2012 20:12:40, Error: Service Control Manager [7031] - The KtmRm for Distributed Transaction Coordinator service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    16/05/2012 20:12:40, Error: Service Control Manager [7031] - The DNS Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    16/05/2012 20:12:40, Error: Service Control Manager [7031] - The Cryptographic Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    16/05/2012 19:58:45, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    16/05/2012 19:58:06, Error: volmgr [46] - Crash dump initialization failed!
    16/05/2012 19:56:48, Error: disk [11] - The driver detected a controller error on \Device\Harddisk0\DR0.
    .
    ==== End Of File ===========================
     
  4. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ======================================================================

    Download Bootkit Remover to your desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.

    =================================================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
     
  5. daveym1983

    daveym1983 TS Rookie Topic Starter Posts: 30

    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows Vista Ultimate Edition Service Pack 1 (build 6001)
    , 32-bit

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000003`12800000
    ATA_Read(): DeviceIoControl() ERROR 87

    Size Device Name MBR Status
    --------------------------------------------
    119 GB \\.\PhysicalDrive0 Controlled by rootkit!

    Boot code on some of your physical disks is hidden by a rootkit.
    To disinfect the master boot sector, use the following command:
    remover.exe fix <device_name>
    To inspect the boot code manually, dump the master boot sector:
    remover.exe dump <device_name> [output_file]


    Done;
    Press any key to quit...
     
  6. daveym1983

    daveym1983 TS Rookie Topic Starter Posts: 30

    I have downloaded aswMBR but I can't get it to run. I have tried restarting and running as administrator but it just won't run.
     
  7. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Please download and run ListParts by Farbar (for 32-bit system) to your desktop.

    Please download and run ListParts64 by Farbar (for 64-bit system) to your desktop.

    Click on Scan button.

    Scan result will open in Notepad.
    Post it in your next reply.
     
  8. daveym1983

    daveym1983 TS Rookie Topic Starter Posts: 30

    ListParts by Farbar Version: 12-03-2012 03
    Ran by David (administrator) on 22-05-2012 at 23:45:40
    Windows Vista (X86)
    Running From: C:\Users\David\Downloads
    Language: 0409
    ************************************************************

    ========================= Memory info ======================

    Percentage of memory in use: 46%
    Total physical RAM: 3038.14 MB
    Available physical RAM: 1637.23 MB
    Total Pagefile: 6281.28 MB
    Available Pagefile: 4620.02 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1964.77 MB

    ======================= Partitions =========================

    1 Drive c: () (Fixed) (Total:106.96 GB) (Free:9.55 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    2 Drive d: () (Fixed) (Total:465.75 GB) (Free:363.95 GB) NTFS

    Disk ### Status Size Free Dyn Gpt
    -------- ---------- ------- ------- --- ---
    Disk 0 Online 119 GB 0 B
    Disk 1 Online 466 GB 6144 KB
    Disk 2 No Media 0 B 0 B
    Disk 3 No Media 0 B 0 B
    Disk 4 No Media 0 B 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 OEM 12 GB 1024 KB
    Partition 2 Primary 107 GB 12 GB
    Partition 3 Primary 1016 KB 119 GB

    ======================================================================================================

    Disk: 0
    Partition 1
    Type : 27
    Hidden: Yes
    Active: No

    There is no volume associated with this partition.

    ======================================================================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 C NTFS Partition 107 GB Healthy System (partition with boot components)

    ======================================================================================================

    Disk: 0
    Partition 3
    Type : 17 (Suspicious Type)
    Hidden: Yes
    Active: Yes

    There is no volume associated with this partition.

    ======================================================================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 0 Extended 466 GB 8033 KB
    Partition 1 Logical 466 GB 8064 KB

    ======================================================================================================

    Disk: 1
    Partition 1
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 D NTFS Partition 466 GB Healthy

    ======================================================================================================

    ****** End Of Log ******
     
  9. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    It looks like we have rootkited partition there.

    WARNING!
    Proceed with extreme caution!
    Deleting wrong partition will result with your computer being unusable.
    If you have any doubts, ask.


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Download GETxPUD.exe to the desktop of your clean computer

    • Double click on GETxPUD.exe
    • A new folder will appear on the desktop.
    • Open the GETxPUD folder and click on the get&burn.bat
    • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
    • Insert blank CD into your CD drive.
    • Click on Start and follow the prompts to burn the image to a CD.
    • Boot bad computer from the CD
    • Click Menu then Terminal Emulator
    • Type parted /dev/sda set 2 boot on
    • Press Enter
    • Type parted /dev/sda rm 3
    • Press Enter
    • Remove xPUD CD, reboot, run aswMBR and post the log
     
  10. daveym1983

    daveym1983 TS Rookie Topic Starter Posts: 30

    Thanks for the help. I have created the disc and booted from it but when I go into Terminal Emulator and type parted /dev/sda set 2 boot on I get an error message saying "can't have a partition oustide the disk"
     
  11. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    That's weird.
    Let's try a different way...

    WARNING!
    Proceed with extreme caution!
    Deleting wrong partition will result with your computer being unusable.
    If you have any doubts, ask.


    ===========================================================================================

    Download Download gparted-live-0.11.0-7.iso (119.8 MB)

    Burn it to a CD: http://neosmart.net/wiki/display/G/Burning+ISO+Images+to+a+CD+or+DVD

    Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
    Boot off of the newly created Gparted CD.

    You should be here:
    [​IMG]
    Press Enter.

    By default, "do not touch keymap" is highlighted. Leave this setting alone and just press ENTER:
    [​IMG]

    Choose your language and press ENTER. English is default [33]:
    [​IMG]

    Once again, at this prompt, press ENTER:
    [​IMG]

    You will now be taken to the main GUI screen below:
    [​IMG]
    According to your logs, the partition that you want to delete is the small partition of 1016 KB.
    Click on it to highlight it.
    Click the trash can icon to delete and then click Apply.

    You should now be here confirming your actions:
    [​IMG]

    Now you should be here:
    [​IMG]

    Is "boot" next to your OS drive?
    [​IMG]

    If "boot" is NOT next to your OS drive under "Flags", right-mouse click the OS drive while in Gparted and select Manage Flags.

    In the menu that pops up, place a checkmark in boot like the picture below:
    [​IMG]

    Now double-click the [​IMG] button.

    You should receive a small pop up like this:
    [​IMG]

    Choose reboot and then press OK.

    Post new ListParts by Farbar log.
     
  12. daveym1983

    daveym1983 TS Rookie Topic Starter Posts: 30

    That seems to have worked. Thanks.

    ListParts by Farbar Version: 12-03-2012 03
    Ran by David (administrator) on 27-05-2012 at 01:19:25
    Windows Vista (X86)
    Running From: C:\Users\David\Downloads
    Language: 0409
    ************************************************************

    ========================= Memory info ======================

    Percentage of memory in use: 43%
    Total physical RAM: 3038.14 MB
    Available physical RAM: 1715.57 MB
    Total Pagefile: 6277.29 MB
    Available Pagefile: 5070.44 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1964.77 MB

    ======================= Partitions =========================

    1 Drive c: () (Fixed) (Total:106.96 GB) (Free:9.49 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    2 Drive d: () (Fixed) (Total:465.75 GB) (Free:363.95 GB) NTFS

    Disk ### Status Size Free Dyn Gpt
    -------- ---------- ------- ------- --- ---
    Disk 0 Online 119 GB 0 B
    Disk 1 Online 466 GB 6144 KB
    Disk 2 No Media 0 B 0 B
    Disk 3 No Media 0 B 0 B
    Disk 4 No Media 0 B 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 OEM 12 GB 1024 KB
    Partition 2 Primary 107 GB 12 GB

    ======================================================================================================

    Disk: 0
    Partition 1
    Type : 27
    Hidden: Yes
    Active: No

    There is no volume associated with this partition.

    ======================================================================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 C NTFS Partition 107 GB Healthy System (partition with boot components)

    ======================================================================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 0 Extended 466 GB 8033 KB
    Partition 1 Logical 466 GB 8064 KB

    ======================================================================================================

    Disk: 1
    Partition 1
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 D NTFS Partition 466 GB Healthy

    ======================================================================================================

    ****** End Of Log ******
     
  13. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Excellent job :)

    How is redirection?

    See if aswMBR will work now.
     
  14. daveym1983

    daveym1983 TS Rookie Topic Starter Posts: 30

    Redirection is gone and browser is a lot faster.

    I've tried aswMBR, it begins the scan, runs for about 30 seconds then the computer suddenly reboots before the scan has finished. I've tried it 3 times with the same result each time.
     
  15. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Try to run it from safe mode.

    If it still fails....

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  16. daveym1983

    daveym1983 TS Rookie Topic Starter Posts: 30

    aswMBR was a no go in safe mode also

    3:03:54.0893 3784 TDSS rootkit removing tool 2.7.37.0 May 23 2012 08:15:30
    03:03:55.0197 3784 ============================================================
    03:03:55.0197 3784 Current date / time: 2012/05/27 03:03:55.0197
    03:03:55.0197 3784 SystemInfo:
    03:03:55.0197 3784
    03:03:55.0197 3784 OS Version: 6.0.6001 ServicePack: 1.0
    03:03:55.0197 3784 Product type: Workstation
    03:03:55.0197 3784 ComputerName: SONY-LAPTOP
    03:03:55.0197 3784 UserName: David
    03:03:55.0197 3784 Windows directory: C:\Windows
    03:03:55.0197 3784 System windows directory: C:\Windows
    03:03:55.0197 3784 Processor architecture: Intel x86
    03:03:55.0197 3784 Number of processors: 2
    03:03:55.0197 3784 Page size: 0x1000
    03:03:55.0197 3784 Boot type: Normal boot
    03:03:55.0197 3784 ============================================================
    03:03:55.0524 3784 Drive \Device\Harddisk0\DR0 - Size: 0x1DCFE00000 (119.25 Gb), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    03:03:55.0882 3784 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    03:03:55.0986 3784 ============================================================
    03:03:55.0986 3784 \Device\Harddisk0\DR0:
    03:03:55.0986 3784 MBR partitions:
    03:03:55.0986 3784 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1894000, BlocksNum 0xD5EA800
    03:03:55.0986 3784 \Device\Harddisk1\DR1:
    03:03:55.0986 3784 MBR partitions:
    03:03:55.0994 3784 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F00, BlocksNum 0x3A380D41
    03:03:55.0994 3784 ============================================================
    03:03:55.0996 3784 C: <-> \Device\Harddisk0\DR0\Partition0
    03:03:56.0018 3784 D: <-> \Device\Harddisk1\DR1\Partition0
    03:03:56.0019 3784 ============================================================
    03:03:56.0019 3784 Initialize success
    03:03:56.0019 3784 ============================================================
    03:04:17.0385 5248 ============================================================
    03:04:17.0385 5248 Scan started
    03:04:17.0385 5248 Mode: Manual;
    03:04:17.0385 5248 ============================================================
    03:04:17.0530 5248 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
    03:04:17.0533 5248 ACPI - ok
    03:04:17.0544 5248 AdobeActiveFileMonitor6.0 (e8fe4fce23d2809bd88bcc1d0f8408ce) C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
    03:04:17.0546 5248 AdobeActiveFileMonitor6.0 - ok
    03:04:17.0563 5248 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    03:04:17.0566 5248 AdobeFlashPlayerUpdateSvc - ok
    03:04:17.0592 5248 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
    03:04:17.0596 5248 adp94xx - ok
    03:04:17.0617 5248 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
    03:04:17.0621 5248 adpahci - ok
    03:04:17.0629 5248 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
    03:04:17.0631 5248 adpu160m - ok
    03:04:17.0649 5248 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
    03:04:17.0653 5248 adpu320 - ok
    03:04:17.0658 5248 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
    03:04:17.0659 5248 AeLookupSvc - ok
    03:04:17.0675 5248 AFD (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys
    03:04:17.0678 5248 AFD - ok
    03:04:17.0683 5248 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
    03:04:17.0684 5248 agp440 - ok
    03:04:17.0690 5248 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
    03:04:17.0691 5248 aic78xx - ok
    03:04:17.0696 5248 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
    03:04:17.0697 5248 ALG - ok
    03:04:17.0701 5248 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
    03:04:17.0702 5248 aliide - ok
    03:04:17.0707 5248 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
    03:04:17.0708 5248 amdagp - ok
    03:04:17.0712 5248 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
    03:04:17.0713 5248 amdide - ok
    03:04:17.0717 5248 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
    03:04:17.0719 5248 AmdK7 - ok
    03:04:17.0724 5248 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
    03:04:17.0726 5248 AmdK8 - ok
    03:04:17.0730 5248 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
    03:04:17.0731 5248 Appinfo - ok
    03:04:17.0739 5248 Apple Mobile Device (018857ead9a077a56aedfc0e5ef7a24a) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    03:04:17.0741 5248 Apple Mobile Device - ok
    03:04:17.0750 5248 AppMgmt (c56ded3fe618c8bae1aaaf4e801ccb3e) C:\Windows\System32\appmgmts.dll
    03:04:17.0752 5248 AppMgmt - ok
    03:04:17.0758 5248 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
    03:04:17.0760 5248 arc - ok
    03:04:17.0765 5248 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
    03:04:17.0768 5248 arcsas - ok
    03:04:17.0782 5248 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
    03:04:17.0784 5248 aspnet_state - ok
    03:04:17.0788 5248 aswFsBlk (054df24c92b55427e0757cfff160e4f2) C:\Windows\system32\drivers\aswFsBlk.sys
    03:04:17.0789 5248 aswFsBlk - ok
    03:04:17.0794 5248 aswMonFlt (258143605e77e4008f1758481d6a977d) C:\Windows\system32\drivers\aswMonFlt.sys
    03:04:17.0795 5248 aswMonFlt - ok
    03:04:17.0799 5248 aswRdr (352d5a48ebab35a7693b048679304831) C:\Windows\system32\drivers\aswRdr.sys
    03:04:17.0800 5248 aswRdr - ok
    03:04:17.0824 5248 aswSnx (8d34d2b24297e27d93e847319abfdec4) C:\Windows\system32\drivers\aswSnx.sys
    03:04:17.0829 5248 aswSnx - ok
    03:04:17.0847 5248 aswSP (010012597333da1f46c3243f33f8409e) C:\Windows\system32\drivers\aswSP.sys
    03:04:17.0851 5248 aswSP - ok
    03:04:17.0855 5248 aswTdi (f9f84364416658e9786235904d448d37) C:\Windows\system32\drivers\aswTdi.sys
    03:04:17.0856 5248 aswTdi - ok
    03:04:17.0860 5248 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
    03:04:17.0861 5248 AsyncMac - ok
    03:04:17.0864 5248 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
    03:04:17.0865 5248 atapi - ok
    03:04:17.0884 5248 AudioEndpointBuilder (42076e29aafa0830a2c5d4e310f58dd1) C:\Windows\System32\Audiosrv.dll
    03:04:17.0887 5248 AudioEndpointBuilder - ok
    03:04:17.0890 5248 Audiosrv (42076e29aafa0830a2c5d4e310f58dd1) C:\Windows\System32\Audiosrv.dll
    03:04:17.0891 5248 Audiosrv - ok
    03:04:17.0898 5248 avast! Antivirus (996e6d052438e8d8dfd501f31560b2e0) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    03:04:17.0899 5248 avast! Antivirus - ok
    03:04:17.0953 5248 AVerAVF2 (d853b8cc794681baa69617174c5d9db8) C:\Windows\system32\DRIVERS\AVerAVF2.sys
    03:04:17.0964 5248 AVerAVF2 - ok
    03:04:17.0970 5248 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
    03:04:17.0971 5248 Beep - ok
    03:04:17.0989 5248 BFE (8582e233c346aefe759833e8a30dd697) C:\Windows\System32\bfe.dll
    03:04:17.0992 5248 BFE - ok
    03:04:18.0030 5248 BITS (02ed7b4dbc2a3232a389106da7515c3d) C:\Windows\system32\qmgr.dll
    03:04:18.0044 5248 BITS - ok
    03:04:18.0050 5248 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
    03:04:18.0051 5248 blbdrive - ok
    03:04:18.0071 5248 Bonjour Service (f832f1505ad8b83474bd9a5b1b985e01) C:\Program Files\Bonjour\mDNSResponder.exe
    03:04:18.0073 5248 Bonjour Service - ok
    03:04:18.0079 5248 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
    03:04:18.0080 5248 bowser - ok
    03:04:18.0083 5248 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
    03:04:18.0085 5248 BrFiltLo - ok
    03:04:18.0088 5248 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
    03:04:18.0089 5248 BrFiltUp - ok
    03:04:18.0096 5248 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
    03:04:18.0098 5248 Browser - ok
    03:04:18.0110 5248 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
    03:04:18.0112 5248 Brserid - ok
    03:04:18.0120 5248 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
    03:04:18.0122 5248 BrSerWdm - ok
    03:04:18.0126 5248 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
    03:04:18.0127 5248 BrUsbMdm - ok
    03:04:18.0130 5248 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
    03:04:18.0131 5248 BrUsbSer - ok
    03:04:18.0141 5248 BthEnum (ae19cfbbba41800f3d5343e21d2ca09f) C:\Windows\system32\DRIVERS\BthEnum.sys
    03:04:18.0142 5248 BthEnum - ok
    03:04:18.0147 5248 BTHMODEM (5ffa6988ff9597986ff2ada736cc90c0) C:\Windows\system32\DRIVERS\bthmodem.sys
    03:04:18.0149 5248 BTHMODEM - ok
    03:04:18.0156 5248 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
    03:04:18.0157 5248 BthPan - ok
    03:04:18.0184 5248 BTHPORT (75f19df0bc62992d05fdd8a32d968531) C:\Windows\system32\Drivers\BTHport.sys
    03:04:18.0188 5248 BTHPORT - ok
    03:04:18.0193 5248 BthServ (fc930b47a83f5f61dfadc64a0719de43) C:\Windows\System32\bthserv.dll
    03:04:18.0194 5248 BthServ - ok
    03:04:18.0198 5248 BTHUSB (4ce2a25c5936bc515357d60fee73f221) C:\Windows\system32\Drivers\BTHUSB.sys
    03:04:18.0199 5248 BTHUSB - ok
    03:04:18.0205 5248 btwaudio (ed97cd06ef748004b8aac56c2d0aa5db) C:\Windows\system32\drivers\btwaudio.sys
    03:04:18.0206 5248 btwaudio - ok
    03:04:18.0213 5248 btwavdt (4871b5ed4757197135ff65be61da44b3) C:\Windows\system32\drivers\btwavdt.sys
    03:04:18.0214 5248 btwavdt - ok
    03:04:18.0240 5248 btwdins (346b62198c40d6cf12a3fa8804247adf) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    03:04:18.0246 5248 btwdins - ok
    03:04:18.0250 5248 btwl2cap (6af9fd2aeebdc16a98d3e30e68440c5c) C:\Windows\system32\DRIVERS\btwl2cap.sys
    03:04:18.0251 5248 btwl2cap - ok
    03:04:18.0255 5248 btwrchid (f5da7df99cf11fcb68e2bea12002f63a) C:\Windows\system32\DRIVERS\btwrchid.sys
    03:04:18.0256 5248 btwrchid - ok
    03:04:18.0263 5248 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
    03:04:18.0264 5248 cdfs - ok
    03:04:18.0270 5248 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
    03:04:18.0271 5248 cdrom - ok
    03:04:18.0275 5248 CertPropSvc (87c2d0377b23e2d8a41093c2f5fb1a5b) C:\Windows\System32\certprop.dll
    03:04:18.0277 5248 CertPropSvc - ok
    03:04:18.0281 5248 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
    03:04:18.0282 5248 circlass - ok
    03:04:18.0296 5248 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
    03:04:18.0299 5248 CLFS - ok
    03:04:18.0307 5248 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    03:04:18.0310 5248 clr_optimization_v2.0.50727_32 - ok
    03:04:18.0321 5248 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    03:04:18.0328 5248 clr_optimization_v4.0.30319_32 - ok
    03:04:18.0333 5248 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
    03:04:18.0334 5248 CmBatt - ok
    03:04:18.0337 5248 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
    03:04:18.0338 5248 cmdide - ok
    03:04:18.0342 5248 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
    03:04:18.0343 5248 Compbatt - ok
    03:04:18.0345 5248 COMSysApp - ok
    03:04:18.0350 5248 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
    03:04:18.0351 5248 crcdisk - ok
    03:04:18.0356 5248 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
    03:04:18.0357 5248 Crusoe - ok
    03:04:18.0366 5248 CryptSvc (6de363f9f99334514c46aec02d3e3678) C:\Windows\system32\cryptsvc.dll
    03:04:18.0368 5248 CryptSvc - ok
    03:04:18.0384 5248 CSC (9a5434125c3dfe42393de4bbb791bd19) C:\Windows\system32\drivers\csc.sys
    03:04:18.0388 5248 CSC - ok
    03:04:18.0411 5248 CscService (cb1d480676229a09eef1dd4d23c5edf3) C:\Windows\System32\cscsvc.dll
    03:04:18.0417 5248 CscService - ok
    03:04:18.0443 5248 DcomLaunch (301ae00e12408650baddc04dbc832830) C:\Windows\system32\rpcss.dll
    03:04:18.0449 5248 DcomLaunch - ok
    03:04:18.0459 5248 DfsC (a3e9fa213f443ac77c7746119d13feec) C:\Windows\system32\Drivers\dfsc.sys
    03:04:18.0460 5248 DfsC - ok
    03:04:18.0569 5248 DFSR (fa3463f25f9cc9c3bcf1e7912feff099) C:\Windows\system32\DFSR.exe
    03:04:18.0603 5248 DFSR - ok
    03:04:18.0658 5248 Dhcp (43a988a9c10333476cb5fb667cbd629d) C:\Windows\System32\dhcpcsvc.dll
    03:04:18.0660 5248 Dhcp - ok
    03:04:18.0670 5248 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
    03:04:18.0671 5248 disk - ok
    03:04:18.0674 5248 DMICall (f206e28ed74c491fd5d7c0a1119ce37f) C:\Windows\system32\DRIVERS\DMICall.sys
    03:04:18.0675 5248 DMICall - ok
    03:04:18.0681 5248 Dnscache (4805d9a6d281c7a7defd9094dec6af7d) C:\Windows\System32\dnsrslvr.dll
    03:04:18.0683 5248 Dnscache - ok
    03:04:18.0694 5248 dot3svc (5af620a08c614e24206b79e8153cf1a8) C:\Windows\System32\dot3svc.dll
    03:04:18.0697 5248 dot3svc - ok
    03:04:18.0707 5248 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
    03:04:18.0710 5248 Dot4 - ok
    03:04:18.0713 5248 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
    03:04:18.0714 5248 Dot4Print - ok
    03:04:18.0719 5248 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
    03:04:18.0720 5248 dot4usb - ok
    03:04:18.0729 5248 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
    03:04:18.0732 5248 DPS - ok
    03:04:18.0734 5248 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
    03:04:18.0736 5248 drmkaud - ok
    03:04:18.0770 5248 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
    03:04:18.0778 5248 DXGKrnl - ok
    03:04:18.0787 5248 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
    03:04:18.0788 5248 E1G60 - ok
    03:04:18.0794 5248 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
    03:04:18.0796 5248 EapHost - ok
    03:04:18.0805 5248 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
    03:04:18.0807 5248 Ecache - ok
    03:04:18.0825 5248 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
    03:04:18.0829 5248 ehRecvr - ok
    03:04:18.0837 5248 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
    03:04:18.0838 5248 ehSched - ok
    03:04:18.0841 5248 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
    03:04:18.0842 5248 ehstart - ok
    03:04:18.0862 5248 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
    03:04:18.0866 5248 elxstor - ok
    03:04:18.0898 5248 EMDMgmt (70b1a86df0c8ead17d2bc332edae2c7c) C:\Windows\system32\emdmgmt.dll
    03:04:18.0908 5248 EMDMgmt - ok
    03:04:18.0911 5248 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
    03:04:18.0912 5248 ErrDev - ok
    03:04:18.0931 5248 EventSystem (3cb3343d720168b575133a0a20dc2465) C:\Windows\system32\es.dll
    03:04:18.0935 5248 EventSystem - ok
    03:04:18.0979 5248 EvtEng (306ac856622864c761cbdb5e816bb9d8) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    03:04:18.0988 5248 EvtEng - ok
    03:04:18.0998 5248 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
    03:04:19.0001 5248 exfat - ok
    03:04:19.0010 5248 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
    03:04:19.0013 5248 fastfat - ok
    03:04:19.0042 5248 Fax (dfba0f60fa301e5b1bfb1403a93ee23e) C:\Windows\system32\fxssvc.exe
    03:04:19.0050 5248 Fax - ok
    03:04:19.0054 5248 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
    03:04:19.0055 5248 fdc - ok
    03:04:19.0058 5248 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
    03:04:19.0060 5248 fdPHost - ok
    03:04:19.0064 5248 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
    03:04:19.0066 5248 FDResPub - ok
    03:04:19.0071 5248 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
    03:04:19.0072 5248 FileInfo - ok
    03:04:19.0076 5248 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
    03:04:19.0078 5248 Filetrace - ok
    03:04:19.0116 5248 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    03:04:19.0120 5248 FLEXnet Licensing Service - ok
    03:04:19.0125 5248 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
    03:04:19.0126 5248 flpydisk - ok
    03:04:19.0138 5248 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
    03:04:19.0140 5248 FltMgr - ok
    03:04:19.0146 5248 FontCache3.0.0.0 (c9be08664611ddaf98e2331e9288b00b) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    03:04:19.0147 5248 FontCache3.0.0.0 - ok
    03:04:19.0150 5248 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
    03:04:19.0150 5248 Fs_Rec - ok
    03:04:19.0160 5248 fvevol (1400c747e2b73966b100fdce5426b7b2) C:\Windows\system32\DRIVERS\fvevol.sys
    03:04:19.0162 5248 fvevol - ok
    03:04:19.0168 5248 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
    03:04:19.0170 5248 gagp30kx - ok
    03:04:19.0174 5248 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    03:04:19.0174 5248 GEARAspiWDM - ok
    03:04:19.0180 5248 getPlusHelper (947da3ad94a7593bfa439939ac5e823b) C:\Program Files\NOS\bin\getPlus_Helper.dll
    03:04:19.0182 5248 getPlusHelper - ok
    03:04:19.0185 5248 ggflt (007aea2e06e7cef7372e40c277163959) C:\Windows\system32\DRIVERS\ggflt.sys
    03:04:19.0186 5248 ggflt - ok
    03:04:19.0190 5248 ggsemc (c73de35960ca75c5ab4ae636b127c64e) C:\Windows\system32\DRIVERS\ggsemc.sys
    03:04:19.0191 5248 ggsemc - ok
    03:04:19.0196 5248 GoogleDesktopManager-051210-111108 (9f5f2f0fb0a7f5aa9f16b9a7b6dad89f) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    03:04:19.0197 5248 GoogleDesktopManager-051210-111108 - ok
    03:04:19.0227 5248 gpsvc (d9f1113d9401185245573350712f92fc) C:\Windows\System32\gpsvc.dll
    03:04:19.0237 5248 gpsvc - ok
    03:04:19.0245 5248 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
    03:04:19.0247 5248 gupdate - ok
    03:04:19.0249 5248 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
    03:04:19.0249 5248 gupdatem - ok
    03:04:19.0262 5248 gusvc (408ddd80eede47175f6844817b90213e) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    03:04:19.0264 5248 gusvc - ok
    03:04:19.0280 5248 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
    03:04:19.0284 5248 HdAudAddService - ok
    03:04:19.0290 5248 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
    03:04:19.0290 5248 HDAudBus - ok
    03:04:19.0294 5248 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
    03:04:19.0296 5248 HidBth - ok
    03:04:19.0299 5248 HidIr (5a87127718873bd7f3bd7ac42b951d8e) C:\Windows\system32\DRIVERS\hidir.sys
    03:04:19.0300 5248 HidIr - ok
    03:04:19.0304 5248 hidserv (8fa640195279ace21bea91396a0054fc) C:\Windows\System32\hidserv.dll
    03:04:19.0306 5248 hidserv - ok
    03:04:19.0309 5248 HidUsb (e2b5bd48afcc0f0974fb44641b223250) C:\Windows\system32\DRIVERS\hidusb.sys
    03:04:19.0310 5248 HidUsb - ok
    03:04:19.0316 5248 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
    03:04:19.0319 5248 hkmsvc - ok
    03:04:19.0324 5248 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
    03:04:19.0326 5248 HpCISSs - ok
    03:04:19.0342 5248 hpqcxs08 (5da42d24712e00728cea2342a65009b2) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
    03:04:19.0344 5248 hpqcxs08 - ok
    03:04:19.0352 5248 hpqddsvc (d86a39bf100069444d026d22d9a6e555) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
    03:04:19.0353 5248 hpqddsvc - ok
    03:04:19.0390 5248 HPSLPSVC (a04f4ac48895774a2cf9d1c9eaaacef0) C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
    03:04:19.0394 5248 HPSLPSVC - ok
    03:04:19.0409 5248 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
    03:04:19.0414 5248 HSFHWAZL - ok
    03:04:19.0464 5248 HSF_DPV (7bc42c65b5c6281777c1a7605b253ba8) C:\Windows\system32\DRIVERS\HSX_DPV.sys
    03:04:19.0475 5248 HSF_DPV - ok
    03:04:19.0489 5248 HSXHWAZL (9ebf2d102ccbb6bcdfbf1b7922f8ba2e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
    03:04:19.0491 5248 HSXHWAZL - ok
    03:04:19.0516 5248 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
    03:04:19.0521 5248 HTTP - ok
    03:04:19.0526 5248 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
    03:04:19.0527 5248 i2omp - ok
    03:04:19.0532 5248 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
    03:04:19.0534 5248 i8042prt - ok
    03:04:19.0557 5248 IAANTMON (cb686f44bf955ea02520710a56874fa4) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    03:04:19.0561 5248 IAANTMON - ok
    03:04:19.0580 5248 iaStor (db0cc620b27a928d968c1a1e9cd9cb87) C:\Windows\system32\drivers\iastor.sys
    03:04:19.0582 5248 iaStor - ok
    03:04:19.0597 5248 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
    03:04:19.0600 5248 iaStorV - ok
    03:04:19.0658 5248 idsvc (7b630acaed64fef0c3e1cf255cb56686) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    03:04:19.0673 5248 idsvc - ok
    03:04:19.0678 5248 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
    03:04:19.0679 5248 iirsp - ok
    03:04:19.0703 5248 IKEEXT (a3bc480a2bf8aa8e4dabd2d5dce0afac) C:\Windows\System32\ikeext.dll
    03:04:19.0709 5248 IKEEXT - ok
    03:04:19.0824 5248 IntcAzAudAddService (cf2219a2fed4f8f2e0817a2bf1658799) C:\Windows\system32\drivers\RTKVHDA.sys
    03:04:19.0847 5248 IntcAzAudAddService - ok
    03:04:19.0888 5248 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
    03:04:19.0889 5248 intelide - ok
    03:04:19.0894 5248 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
    03:04:19.0895 5248 intelppm - ok
    03:04:19.0901 5248 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
    03:04:19.0904 5248 IPBusEnum - ok
    03:04:19.0909 5248 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    03:04:19.0911 5248 IpFilterDriver - ok
    03:04:19.0923 5248 iphlpsvc (6a35d233693edc29a12742049bc5e37f) C:\Windows\System32\iphlpsvc.dll
    03:04:19.0926 5248 iphlpsvc - ok
    03:04:19.0929 5248 IpInIp - ok
    03:04:19.0935 5248 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
    03:04:19.0937 5248 IPMIDRV - ok
    03:04:19.0945 5248 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
    03:04:19.0946 5248 IPNAT - ok
    03:04:19.0997 5248 iPod Service (0ca8c2e721617aa2f923a8151c96fb33) C:\Program Files\iPod\bin\iPodService.exe
    03:04:20.0008 5248 iPod Service - ok
    03:04:20.0011 5248 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
    03:04:20.0012 5248 IRENUM - ok
    03:04:20.0019 5248 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
    03:04:20.0021 5248 isapnp - ok
    03:04:20.0032 5248 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
    03:04:20.0034 5248 iScsiPrt - ok
    03:04:20.0039 5248 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
    03:04:20.0041 5248 iteatapi - ok
    03:04:20.0046 5248 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
    03:04:20.0047 5248 iteraid - ok
    03:04:20.0055 5248 IviRegMgr (213822072085b5bbad9af30ab577d817) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    03:04:20.0056 5248 IviRegMgr - ok
    03:04:20.0062 5248 JMCR_CFS (9d3824e189ee26c0ad54db8a76985b39) C:\Windows\system32\DRIVERS\jmcr_cfs.sys
    03:04:20.0062 5248 JMCR_CFS - ok
    03:04:20.0066 5248 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
    03:04:20.0067 5248 kbdclass - ok
    03:04:20.0071 5248 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
    03:04:20.0072 5248 kbdhid - ok
    03:04:20.0075 5248 KeyIso (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
    03:04:20.0078 5248 KeyIso - ok
    03:04:20.0086 5248 KeyScrambler (7af1e06154e9ee07811b44bbf4fa8f60) C:\Windows\system32\drivers\keyscrambler.sys
    03:04:20.0088 5248 KeyScrambler - ok
    03:04:20.0112 5248 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
    03:04:20.0117 5248 KSecDD - ok
    03:04:20.0279 5248 KService (0423bc118534ec23a063e54ebca9b92d) C:\Program Files\Kontiki\KService.exe
    03:04:20.0301 5248 KService - ok
    03:04:20.0353 5248 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
    03:04:20.0359 5248 KtmRm - ok
    03:04:20.0372 5248 LanmanServer (1925e63c91cf1610ae41bfd539062079) C:\Windows\System32\srvsvc.dll
    03:04:20.0376 5248 LanmanServer - ok
    03:04:20.0387 5248 LanmanWorkstation (2ae2e1628c5d3f1c0a46a67c9fa1df15) C:\Windows\System32\wkssvc.dll
    03:04:20.0393 5248 LanmanWorkstation - ok
    03:04:20.0403 5248 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
    03:04:20.0404 5248 lltdio - ok
    03:04:20.0416 5248 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
    03:04:20.0420 5248 lltdsvc - ok
    03:04:20.0424 5248 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
    03:04:20.0426 5248 lmhosts - ok
    03:04:20.0434 5248 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
    03:04:20.0437 5248 LSI_FC - ok
    03:04:20.0443 5248 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
    03:04:20.0445 5248 LSI_SAS - ok
    03:04:20.0453 5248 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
    03:04:20.0454 5248 LSI_SCSI - ok
    03:04:20.0461 5248 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
    03:04:20.0462 5248 luafv - ok
    03:04:20.0466 5248 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
    03:04:20.0466 5248 MBAMProtector - ok
    03:04:20.0500 5248 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    03:04:20.0504 5248 MBAMService - ok
    03:04:20.0510 5248 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
    03:04:20.0512 5248 Mcx2Svc - ok
    03:04:20.0532 5248 MDM (7cf1b716372b89568ae4c0fe769f5869) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    03:04:20.0534 5248 MDM - ok
    03:04:20.0538 5248 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
    03:04:20.0538 5248 mdmxsdk - ok
    03:04:20.0543 5248 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
    03:04:20.0544 5248 megasas - ok
    03:04:20.0564 5248 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
    03:04:20.0568 5248 MegaSR - ok
    03:04:20.0573 5248 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
    03:04:20.0576 5248 MMCSS - ok
    03:04:20.0580 5248 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
    03:04:20.0582 5248 Modem - ok
    03:04:20.0586 5248 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
    03:04:20.0587 5248 monitor - ok
    03:04:20.0592 5248 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
    03:04:20.0593 5248 mouclass - ok
    03:04:20.0596 5248 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
    03:04:20.0597 5248 mouhid - ok
    03:04:20.0602 5248 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
    03:04:20.0604 5248 MountMgr - ok
    03:04:20.0613 5248 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    03:04:20.0615 5248 MozillaMaintenance - ok
    03:04:20.0622 5248 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
    03:04:20.0624 5248 mpio - ok
    03:04:20.0630 5248 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
    03:04:20.0631 5248 mpsdrv - ok
    03:04:20.0659 5248 MpsSvc (d1639ba315b0d79dec49a4b0e1fb929b) C:\Windows\system32\mpssvc.dll
    03:04:20.0667 5248 MpsSvc - ok
    03:04:20.0671 5248 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
    03:04:20.0673 5248 Mraid35x - ok
    03:04:20.0680 5248 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
    03:04:20.0682 5248 MRxDAV - ok
    03:04:20.0690 5248 mrxsmb (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\Windows\system32\DRIVERS\mrxsmb.sys
    03:04:20.0691 5248 mrxsmb - ok
    03:04:20.0704 5248 mrxsmb10 (6b5fa5adfacac9dbbe0991f4566d7d55) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    03:04:20.0705 5248 mrxsmb10 - ok
    03:04:20.0712 5248 mrxsmb20 (5c80d8159181c7abf1b14ba703b01e0b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    03:04:20.0713 5248 mrxsmb20 - ok
    03:04:20.0717 5248 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
    03:04:20.0719 5248 msahci - ok
    03:04:20.0727 5248 MSCSPTISRV (a99d2c7e30ad63ef920a894131caf5f7) C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    03:04:20.0729 5248 MSCSPTISRV - ok
    03:04:20.0736 5248 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
    03:04:20.0738 5248 msdsm - ok
    03:04:20.0746 5248 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
    03:04:20.0749 5248 MSDTC - ok
    03:04:20.0755 5248 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
    03:04:20.0756 5248 Msfs - ok
    03:04:20.0760 5248 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
    03:04:20.0761 5248 msisadrv - ok
    03:04:20.0769 5248 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
    03:04:20.0772 5248 MSiSCSI - ok
    03:04:20.0775 5248 msiserver - ok
    03:04:20.0779 5248 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
    03:04:20.0780 5248 MSKSSRV - ok
    03:04:20.0783 5248 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
     
  17. daveym1983

    daveym1983 TS Rookie Topic Starter Posts: 30

    03:04:20.0784 5248 MSPCLOCK - ok
    03:04:20.0788 5248 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
    03:04:20.0789 5248 MSPQM - ok
    03:04:20.0800 5248 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
    03:04:20.0802 5248 MsRPC - ok
    03:04:20.0808 5248 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
    03:04:20.0809 5248 mssmbios - ok
    03:04:20.0812 5248 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
    03:04:20.0813 5248 MSTEE - ok
    03:04:20.0818 5248 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
    03:04:20.0819 5248 Mup - ok
    03:04:20.0835 5248 napagent (c43b25863fbd65b6d2a142af3ae320ca) C:\Windows\system32\qagentRT.dll
    03:04:20.0841 5248 napagent - ok
    03:04:20.0850 5248 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
    03:04:20.0852 5248 NativeWifiP - ok
    03:04:20.0877 5248 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
    03:04:20.0885 5248 NDIS - ok
    03:04:20.0889 5248 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
    03:04:20.0890 5248 NdisTapi - ok
    03:04:20.0893 5248 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
    03:04:20.0894 5248 Ndisuio - ok
    03:04:20.0902 5248 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
    03:04:20.0904 5248 NdisWan - ok
    03:04:20.0909 5248 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
    03:04:20.0910 5248 NDProxy - ok
    03:04:20.0915 5248 Net Driver HPZ12 (69c503c004f49aee8b8e3067cc047ba7) C:\Windows\system32\HPZinw12.dll
    03:04:20.0917 5248 Net Driver HPZ12 - ok
    03:04:20.0921 5248 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
    03:04:20.0922 5248 NetBIOS - ok
    03:04:20.0932 5248 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
    03:04:20.0935 5248 netbt - ok
    03:04:20.0938 5248 Netlogon (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
    03:04:20.0940 5248 Netlogon - ok
    03:04:20.0957 5248 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
    03:04:20.0964 5248 Netman - ok
    03:04:20.0980 5248 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    03:04:20.0984 5248 NetMsmqActivator - ok
    03:04:20.0986 5248 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    03:04:20.0987 5248 NetPipeActivator - ok
    03:04:21.0000 5248 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
    03:04:21.0004 5248 netprofm - ok
    03:04:21.0007 5248 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    03:04:21.0008 5248 NetTcpActivator - ok
    03:04:21.0010 5248 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    03:04:21.0011 5248 NetTcpPortSharing - ok
    03:04:21.0189 5248 NETw5v32 (e559ea9138c77b5d1fda8c558764a25f) C:\Windows\system32\DRIVERS\NETw5v32.sys
    03:04:21.0228 5248 NETw5v32 - ok
    03:04:21.0271 5248 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
    03:04:21.0273 5248 nfrd960 - ok
    03:04:21.0284 5248 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
    03:04:21.0288 5248 NlaSvc - ok
    03:04:21.0292 5248 nmwcd (b4e87d4f40c57d036e821bd06db1d1b7) C:\Windows\system32\drivers\ccdcmb.sys
    03:04:21.0293 5248 nmwcd - ok
    03:04:21.0296 5248 nmwcdc (bee0addf01d62725ddc2cc113d6b374c) C:\Windows\system32\drivers\ccdcmbo.sys
    03:04:21.0297 5248 nmwcdc - ok
    03:04:21.0302 5248 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
    03:04:21.0303 5248 Npfs - ok
    03:04:21.0307 5248 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
    03:04:21.0310 5248 nsi - ok
    03:04:21.0313 5248 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
    03:04:21.0314 5248 nsiproxy - ok
    03:04:21.0334 5248 NSUService (fd141d19f1392920a6a517316910d770) C:\Program Files\Sony\Network Utility\NSUService.exe
    03:04:21.0335 5248 NSUService - ok
    03:04:21.0391 5248 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
    03:04:21.0409 5248 Ntfs - ok
    03:04:21.0413 5248 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
    03:04:21.0415 5248 ntrigdigi - ok
    03:04:21.0418 5248 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
    03:04:21.0419 5248 Null - ok
    03:04:21.0424 5248 NVHDA (2c7ac27710e8d41c1eb7d1599187d237) C:\Windows\system32\drivers\nvhda32v.sys
    03:04:21.0425 5248 NVHDA - ok
    03:04:21.0824 5248 nvlddmkm (7067e24fde736901a1c4197b008c6e9f) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    03:04:21.0899 5248 nvlddmkm - ok
    03:04:21.0944 5248 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
    03:04:21.0946 5248 nvraid - ok
    03:04:21.0952 5248 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
    03:04:21.0953 5248 nvstor - ok
    03:04:21.0966 5248 nvsvc (51ab114bafdcccfb0990b9883ef6c28b) C:\Windows\system32\nvvsvc.exe
    03:04:21.0970 5248 nvsvc - ok
    03:04:21.0980 5248 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
    03:04:21.0982 5248 nv_agp - ok
    03:04:21.0984 5248 NwlnkFlt - ok
    03:04:21.0988 5248 NwlnkFwd - ok
    03:04:22.0020 5248 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    03:04:22.0027 5248 odserv - ok
    03:04:22.0033 5248 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
    03:04:22.0034 5248 ohci1394 - ok
    03:04:22.0044 5248 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    03:04:22.0046 5248 ose - ok
    03:04:22.0085 5248 p2pimsvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
    03:04:22.0098 5248 p2pimsvc - ok
    03:04:22.0103 5248 p2psvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
    03:04:22.0109 5248 p2psvc - ok
    03:04:22.0116 5248 PACSPTISVR (41c33fb4fd929fed732a00d2daef5be0) C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    03:04:22.0119 5248 PACSPTISVR - ok
    03:04:22.0125 5248 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
    03:04:22.0127 5248 Parport - ok
    03:04:22.0132 5248 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
    03:04:22.0134 5248 partmgr - ok
    03:04:22.0138 5248 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
    03:04:22.0139 5248 Parvdm - ok
    03:04:22.0144 5248 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
    03:04:22.0147 5248 PcaSvc - ok
    03:04:22.0153 5248 pccsmcfd (175cc28dcf819f78caa3fbd44ad9e52a) C:\Windows\system32\DRIVERS\pccsmcfd.sys
    03:04:22.0155 5248 pccsmcfd - ok
    03:04:22.0165 5248 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
    03:04:22.0167 5248 pci - ok
    03:04:22.0171 5248 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
    03:04:22.0173 5248 pciide - ok
    03:04:22.0184 5248 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
    03:04:22.0186 5248 pcmcia - ok
    03:04:22.0235 5248 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
    03:04:22.0250 5248 PEAUTH - ok
    03:04:22.0335 5248 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
    03:04:22.0361 5248 pla - ok
    03:04:22.0404 5248 PlugPlay (78f975cb6d18265be6f492edb2d7bc7b) C:\Windows\system32\umpnpmgr.dll
    03:04:22.0410 5248 PlugPlay - ok
    03:04:22.0416 5248 Pml Driver HPZ12 (12b4549d515cb26bb8d375038017ca65) C:\Windows\system32\HPZipm12.dll
    03:04:22.0418 5248 Pml Driver HPZ12 - ok
    03:04:22.0455 5248 PNRPAutoReg (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
    03:04:22.0460 5248 PNRPAutoReg - ok
    03:04:22.0466 5248 PNRPsvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
    03:04:22.0471 5248 PNRPsvc - ok
    03:04:22.0493 5248 PolicyAgent (47b8f37aa18b74d8c2e1bc1a7a2c8f8a) C:\Windows\System32\ipsecsvc.dll
    03:04:22.0500 5248 PolicyAgent - ok
    03:04:22.0512 5248 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
    03:04:22.0513 5248 PptpMiniport - ok
    03:04:22.0518 5248 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
    03:04:22.0520 5248 Processor - ok
    03:04:22.0523 5248 PROCEXP151 - ok
    03:04:22.0535 5248 ProfSvc (b627e4fc8585e8843c5905d4d3587a90) C:\Windows\system32\profsvc.dll
    03:04:22.0539 5248 ProfSvc - ok
    03:04:22.0542 5248 ProtectedStorage (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
    03:04:22.0544 5248 ProtectedStorage - ok
    03:04:22.0551 5248 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
    03:04:22.0553 5248 PSched - ok
    03:04:22.0558 5248 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
    03:04:22.0560 5248 PxHelp20 - ok
    03:04:22.0625 5248 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
    03:04:22.0638 5248 ql2300 - ok
    03:04:22.0651 5248 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
    03:04:22.0653 5248 ql40xx - ok
    03:04:22.0668 5248 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
    03:04:22.0673 5248 QWAVE - ok
    03:04:22.0678 5248 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
    03:04:22.0679 5248 QWAVEdrv - ok
    03:04:22.0682 5248 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
    03:04:22.0683 5248 RasAcd - ok
    03:04:22.0690 5248 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
    03:04:22.0694 5248 RasAuto - ok
    03:04:22.0701 5248 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
    03:04:22.0702 5248 Rasl2tp - ok
    03:04:22.0718 5248 RasMan (6e7c284fc5c4ec07ad164d93810385a6) C:\Windows\System32\rasmans.dll
    03:04:22.0723 5248 RasMan - ok
    03:04:22.0728 5248 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
    03:04:22.0729 5248 RasPppoe - ok
    03:04:22.0736 5248 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
    03:04:22.0737 5248 RasSstp - ok
    03:04:22.0751 5248 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
    03:04:22.0754 5248 rdbss - ok
    03:04:22.0758 5248 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
    03:04:22.0759 5248 RDPCDD - ok
    03:04:22.0774 5248 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\DRIVERS\rdpdr.sys
    03:04:22.0777 5248 rdpdr - ok
    03:04:22.0780 5248 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
    03:04:22.0782 5248 RDPENCDD - ok
    03:04:22.0794 5248 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
    03:04:22.0797 5248 RDPWD - ok
    03:04:22.0801 5248 regi (001b4278407f4303efc902a2b16f2453) C:\Windows\system32\drivers\regi.sys
    03:04:22.0802 5248 regi - ok
    03:04:22.0830 5248 RegSrvc (b33c88df3588acf250b87a004526c31a) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    03:04:22.0833 5248 RegSrvc - ok
    03:04:22.0840 5248 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
    03:04:22.0843 5248 RemoteAccess - ok
    03:04:22.0851 5248 RemoteRegistry (cc4e32400f3c7253400cf8f3f3a0b676) C:\Windows\system32\regsvc.dll
    03:04:22.0855 5248 RemoteRegistry - ok
    03:04:22.0865 5248 RFCOMM (23f486726da7a9b2f3ec7326421a9c36) C:\Windows\system32\DRIVERS\rfcomm.sys
    03:04:22.0867 5248 RFCOMM - ok
    03:04:22.0874 5248 rimsptsk (d0c2a0ce1091e08efb7ccba6cea4c3f9) C:\Windows\system32\DRIVERS\rimsptsk.sys
    03:04:22.0875 5248 rimsptsk - ok
    03:04:22.0880 5248 risdptsk (c22e4e27ccdf9aa5fe8143104f28cde3) C:\Windows\system32\DRIVERS\risdptsk.sys
    03:04:22.0882 5248 risdptsk - ok
    03:04:22.0885 5248 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
    03:04:22.0887 5248 RpcLocator - ok
    03:04:22.0918 5248 RpcSs (301ae00e12408650baddc04dbc832830) C:\Windows\system32\rpcss.dll
    03:04:22.0923 5248 RpcSs - ok
    03:04:22.0929 5248 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
    03:04:22.0930 5248 rspndr - ok
    03:04:22.0937 5248 RtkAudioService (93eb7f2f895952ac8fe100b5dfc3fe39) C:\Windows\RtkAudioService.exe
    03:04:22.0939 5248 RtkAudioService - ok
    03:04:22.0942 5248 SamSs (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
    03:04:22.0944 5248 SamSs - ok
    03:04:22.0951 5248 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
    03:04:22.0953 5248 sbp2port - ok
    03:04:22.0961 5248 SCardSvr (11387e32642269c7e62e8b52c060b3c6) C:\Windows\System32\SCardSvr.dll
    03:04:22.0965 5248 SCardSvr - ok
    03:04:22.0999 5248 Schedule (7b587b8a6d4a99f79d2902d0385f29bd) C:\Windows\system32\schedsvc.dll
    03:04:23.0011 5248 Schedule - ok
    03:04:23.0016 5248 SCPolicySvc (87c2d0377b23e2d8a41093c2f5fb1a5b) C:\Windows\System32\certprop.dll
    03:04:23.0017 5248 SCPolicySvc - ok
    03:04:23.0024 5248 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
    03:04:23.0026 5248 sdbus - ok
    03:04:23.0034 5248 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
    03:04:23.0038 5248 SDRSVC - ok
    03:04:23.0042 5248 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    03:04:23.0043 5248 secdrv - ok
    03:04:23.0047 5248 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
    03:04:23.0051 5248 seclogon - ok
    03:04:23.0055 5248 seehcri (e5b56569a9f79b70314fede6c953641e) C:\Windows\system32\DRIVERS\seehcri.sys
    03:04:23.0056 5248 seehcri - ok
    03:04:23.0061 5248 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
    03:04:23.0065 5248 SENS - ok
    03:04:23.0069 5248 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
    03:04:23.0070 5248 Serenum - ok
    03:04:23.0077 5248 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
    03:04:23.0079 5248 Serial - ok
    03:04:23.0083 5248 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
    03:04:23.0085 5248 sermouse - ok
    03:04:23.0119 5248 ServiceLayer (277d0890e10584c216bccfa4ef6b9b3d) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    03:04:23.0126 5248 ServiceLayer - ok
    03:04:23.0138 5248 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
    03:04:23.0142 5248 SessionEnv - ok
    03:04:23.0146 5248 SFEP (8b7c1768d2cde2e02e09a66563ddfd16) C:\Windows\system32\DRIVERS\SFEP.sys
    03:04:23.0147 5248 SFEP - ok
    03:04:23.0151 5248 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
    03:04:23.0153 5248 sffdisk - ok
    03:04:23.0156 5248 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
    03:04:23.0158 5248 sffp_mmc - ok
    03:04:23.0162 5248 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
    03:04:23.0163 5248 sffp_sd - ok
    03:04:23.0167 5248 sfloppy (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\Windows\system32\DRIVERS\sfloppy.sys
    03:04:23.0168 5248 sfloppy - ok
    03:04:23.0187 5248 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
    03:04:23.0191 5248 SharedAccess - ok
    03:04:23.0208 5248 ShellHWDetection (1e3fdb80e40a3ce645f229dfbdfb7694) C:\Windows\System32\shsvcs.dll
    03:04:23.0213 5248 ShellHWDetection - ok
    03:04:23.0219 5248 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
    03:04:23.0222 5248 sisagp - ok
    03:04:23.0227 5248 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
    03:04:23.0228 5248 SiSRaid2 - ok
    03:04:23.0236 5248 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
    03:04:23.0238 5248 SiSRaid4 - ok
    03:04:23.0376 5248 slsvc (0ba91e1358ad25236863039bb2609a2e) C:\Windows\system32\SLsvc.exe
    03:04:23.0424 5248 slsvc - ok
    03:04:23.0462 5248 SLUINotify (7c6dc44ca0bfa6291629ab764200d1d4) C:\Windows\system32\SLUINotify.dll
    03:04:23.0466 5248 SLUINotify - ok
    03:04:23.0476 5248 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
    03:04:23.0478 5248 Smb - ok
    03:04:23.0485 5248 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
    03:04:23.0489 5248 SNMPTRAP - ok
    03:04:23.0503 5248 SOHCImp (dc826affa608f50c385bca4c71ef1bdd) C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe
    03:04:23.0505 5248 SOHCImp - ok
    03:04:23.0527 5248 SOHDms (1ec739f65c51fa1c7ac4502464a3c3a8) C:\Program Files\Sony\VAIO Media plus\SOHDms.exe
    03:04:23.0532 5248 SOHDms - ok
    03:04:23.0538 5248 SOHDs (ec8fab4ac684445d6032aa5c6e77ca2e) C:\Program Files\Sony\VAIO Media plus\SOHDs.exe
    03:04:23.0539 5248 SOHDs - ok
    03:04:23.0551 5248 Sony Ericsson PCCompanion (1a623f2b69e1f182f995f963c55db935) C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
    03:04:23.0553 5248 Sony Ericsson PCCompanion - ok
    03:04:23.0558 5248 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
    03:04:23.0560 5248 spldr - ok
    03:04:23.0569 5248 Spooler (3665f79026a3f91fbca63f2c65a09b19) C:\Windows\System32\spoolsv.exe
    03:04:23.0573 5248 Spooler - ok
    03:04:23.0583 5248 SPTISRV (f63102f289ae2039940b22e9b2a8e0bd) C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    03:04:23.0584 5248 SPTISRV - ok
    03:04:23.0604 5248 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
    03:04:23.0608 5248 srv - ok
    03:04:23.0618 5248 srv2 (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys
    03:04:23.0620 5248 srv2 - ok
    03:04:23.0628 5248 srvnet (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys
    03:04:23.0629 5248 srvnet - ok
    03:04:23.0649 5248 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
    03:04:23.0655 5248 SSDPSRV - ok
    03:04:23.0664 5248 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
    03:04:23.0668 5248 SstpSvc - ok
    03:04:23.0671 5248 Steam Client Service - ok
    03:04:23.0676 5248 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
    03:04:23.0678 5248 StillCam - ok
    03:04:23.0704 5248 stisvc (7dd08a597bc56051f320da0baf69e389) C:\Windows\System32\wiaservc.dll
    03:04:23.0712 5248 stisvc - ok
    03:04:23.0717 5248 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
    03:04:23.0718 5248 swenum - ok
    03:04:23.0737 5248 swprv (b36c7cdb86f7f7a8e884479219766950) C:\Windows\System32\swprv.dll
    03:04:23.0743 5248 swprv - ok
    03:04:23.0748 5248 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
    03:04:23.0749 5248 Symc8xx - ok
    03:04:23.0754 5248 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
    03:04:23.0756 5248 Sym_hi - ok
    03:04:23.0760 5248 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
    03:04:23.0762 5248 Sym_u3 - ok
    03:04:23.0775 5248 SynTP (99da94793332aadbb17bbb521ae56e21) C:\Windows\system32\DRIVERS\SynTP.sys
    03:04:23.0777 5248 SynTP - ok
    03:04:23.0811 5248 SysMain (8710a92d0024b03b5fb9540df1f71f1d) C:\Windows\system32\sysmain.dll
    03:04:23.0823 5248 SysMain - ok
    03:04:23.0830 5248 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
    03:04:23.0834 5248 TabletInputService - ok
    03:04:23.0849 5248 TapiSrv (680916bb09ee0f3a6aca7c274b0d633f) C:\Windows\System32\tapisrv.dll
    03:04:23.0855 5248 TapiSrv - ok
    03:04:23.0862 5248 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
    03:04:23.0866 5248 TBS - ok
    03:04:23.0914 5248 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
    03:04:23.0929 5248 Tcpip - ok
    03:04:23.0937 5248 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
    03:04:23.0942 5248 Tcpip6 - ok
    03:04:23.0948 5248 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
    03:04:23.0950 5248 tcpipreg - ok
    03:04:23.0955 5248 TcUsb (72b9e77565da5fa564581976e000d29b) C:\Windows\system32\Drivers\tcusb.sys
    03:04:23.0956 5248 TcUsb - ok
    03:04:23.0961 5248 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
    03:04:23.0962 5248 TDPIPE - ok
    03:04:23.0967 5248 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
    03:04:23.0968 5248 TDTCP - ok
    03:04:23.0975 5248 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
    03:04:23.0977 5248 tdx - ok
    03:04:23.0983 5248 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
    03:04:23.0984 5248 TermDD - ok
    03:04:24.0008 5248 TermService (d605031e225aaccbceb5b76a4f1603a6) C:\Windows\System32\termsrv.dll
    03:04:24.0016 5248 TermService - ok
    03:04:24.0031 5248 Themes (1e3fdb80e40a3ce645f229dfbdfb7694) C:\Windows\system32\shsvcs.dll
    03:04:24.0035 5248 Themes - ok
    03:04:24.0041 5248 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
    03:04:24.0043 5248 THREADORDER - ok
    03:04:24.0050 5248 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
    03:04:24.0054 5248 TrkWks - ok
    03:04:24.0059 5248 TrustedInstaller (16613a1bad034d4ecf957af18b7c2ff5) C:\Windows\servicing\TrustedInstaller.exe
    03:04:24.0060 5248 TrustedInstaller - ok
    03:04:24.0065 5248 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
    03:04:24.0066 5248 tssecsrv - ok
    03:04:24.0070 5248 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
    03:04:24.0071 5248 tunmp - ok
    03:04:24.0075 5248 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
    03:04:24.0077 5248 tunnel - ok
    03:04:24.0082 5248 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
    03:04:24.0084 5248 uagp35 - ok
    03:04:24.0100 5248 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
    03:04:24.0103 5248 udfs - ok
    03:04:24.0111 5248 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
    03:04:24.0115 5248 UI0Detect - ok
    03:04:24.0117 5248 UIUSys - ok
    03:04:24.0125 5248 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
    03:04:24.0127 5248 uliagpkx - ok
    03:04:24.0145 5248 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
    03:04:24.0149 5248 uliahci - ok
    03:04:24.0158 5248 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
    03:04:24.0160 5248 UlSata - ok
    03:04:24.0169 5248 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
    03:04:24.0172 5248 ulsata2 - ok
    03:04:24.0177 5248 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
    03:04:24.0178 5248 umbus - ok
    03:04:24.0191 5248 UmRdpService (909795b5b15047d9331f3d6b276b3993) C:\Windows\System32\umrdp.dll
    03:04:24.0197 5248 UmRdpService - ok
    03:04:24.0213 5248 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
    03:04:24.0219 5248 upnphost - ok
    03:04:24.0223 5248 upperdev (f5d2aa9d56a3a01a190d01cd961ba0e7) C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
    03:04:24.0224 5248 upperdev - ok
    03:04:24.0231 5248 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys
    03:04:24.0233 5248 USBAAPL - ok
    03:04:24.0237 5248 usbbus (3cd48971e76bfa457d7a75e58cd48edc) C:\Windows\system32\DRIVERS\lgusbbus.sys
    03:04:24.0238 5248 usbbus - ok
    03:04:24.0244 5248 usbccgp (a7cd5b4adea26765cab06bdab7b07b13) C:\Windows\system32\DRIVERS\usbccgp.sys
    03:04:24.0246 5248 usbccgp - ok
    03:04:24.0252 5248 usbcir (47b9770ea21436de4ad5aea7926e0900) C:\Windows\system32\DRIVERS\usbcir.sys
    03:04:24.0254 5248 usbcir - ok
    03:04:24.0257 5248 UsbDiag (46ba8ded8d1439f362cbfe22d132200e) C:\Windows\system32\DRIVERS\lgusbdiag.sys
    03:04:24.0259 5248 UsbDiag - ok
    03:04:24.0264 5248 usbehci (686d4188ae36254c3008b71fedacadf3) C:\Windows\system32\DRIVERS\usbehci.sys
    03:04:24.0265 5248 usbehci - ok
    03:04:24.0276 5248 usbhub (4e42f665a658f08d153f7fffe7c83806) C:\Windows\system32\DRIVERS\usbhub.sys
    03:04:24.0279 5248 usbhub - ok
    03:04:24.0283 5248 USBModem (c828cbd0a15380020443945b975eb701) C:\Windows\system32\DRIVERS\lgusbmodem.sys
    03:04:24.0284 5248 USBModem - ok
    03:04:24.0288 5248 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
    03:04:24.0290 5248 usbohci - ok
    03:04:24.0294 5248 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
    03:04:24.0295 5248 usbprint - ok
    03:04:24.0300 5248 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
    03:04:24.0302 5248 usbscan - ok
    03:04:24.0306 5248 usbser (a96191470581a7091420d25ecd444502) C:\Windows\system32\drivers\usbser.sys
    03:04:24.0308 5248 usbser - ok
    03:04:24.0311 5248 UsbserFilt (eb2d3830646e393776e1ef98ac76a43d) C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
    03:04:24.0313 5248 UsbserFilt - ok
    03:04:24.0318 5248 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    03:04:24.0319 5248 USBSTOR - ok
    03:04:24.0324 5248 usbuhci (40f95a3d6d50d82f947f1d167c2ec39d) C:\Windows\system32\DRIVERS\usbuhci.sys
    03:04:24.0325 5248 usbuhci - ok
    03:04:24.0334 5248 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
    03:04:24.0336 5248 usbvideo - ok
    03:04:24.0340 5248 UxSms (032a0acc3909ae7215d524e29d536797) C:\Windows\System32\uxsms.dll
    03:04:24.0344 5248 UxSms - ok
    03:04:24.0354 5248 VAIO Entertainment TV Device Arbitration Service (2a640dc735cb0112ac1dcd1e1549b27e) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
    03:04:24.0356 5248 VAIO Entertainment TV Device Arbitration Service - ok
    03:04:24.0369 5248 VAIO Event Service (693a3fdd279c345105fff9dde277849b) C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
    03:04:24.0370 5248 VAIO Event Service - ok
    03:04:24.0390 5248 VAIO Power Management (43cec9bf5a4f2917982ad01d92e0f44d) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
    03:04:24.0392 5248 VAIO Power Management - ok
    03:04:24.0414 5248 VCFw (cbcbe2233d21e9b278f95f5cb28bc8ae) C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
    03:04:24.0416 5248 VCFw - ok
    03:04:24.0437 5248 VcmIAlzMgr (27888f132d2ee0b72b28093a5f5f20eb) C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
    03:04:24.0440 5248 VcmIAlzMgr - ok
    03:04:24.0448 5248 VcmXmlIfHelper (ee9abfc2f8f2dcdc624b6a9d5cf3b19d) C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
    03:04:24.0451 5248 VcmXmlIfHelper - ok
    03:04:24.0453 5248 Vcsw - ok
    03:04:24.0500 5248 vds (b13bc395b9d6116628f5af47e0802ac4) C:\Windows\System32\vds.exe
    03:04:24.0507 5248 vds - ok
    03:04:24.0516 5248 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
    03:04:24.0517 5248 vga - ok
    03:04:24.0522 5248 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
    03:04:24.0524 5248 VgaSave - ok
    03:04:24.0529 5248 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
    03:04:24.0532 5248 viaagp - ok
    03:04:24.0537 5248 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
    03:04:24.0539 5248 ViaC7 - ok
    03:04:24.0543 5248 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
    03:04:24.0545 5248 viaide - ok
    03:04:24.0550 5248 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
    03:04:24.0552 5248 volmgr - ok
    03:04:24.0568 5248 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
    03:04:24.0572 5248 volmgrx - ok
    03:04:24.0585 5248 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
    03:04:24.0588 5248 volsnap - ok
    03:04:24.0598 5248 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
    03:04:24.0600 5248 vsmraid - ok
    03:04:24.0664 5248 VSS (d5fb73d19c46ade183f968e13f186b23) C:\Windows\system32\vssvc.exe
    03:04:24.0685 5248 VSS - ok
    03:04:24.0701 5248 VzCdbSvc (071634532066c2e29350d450c3412837) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
    03:04:24.0702 5248 VzCdbSvc - ok
    03:04:24.0722 5248 W32Time (1cf9206966a8458cda9a8b20df8ab7d3) C:\Windows\system32\w32time.dll
    03:04:24.0728 5248 W32Time - ok
    03:04:24.0738 5248 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
    03:04:24.0739 5248 WacomPen - ok
    03:04:24.0746 5248 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    03:04:24.0747 5248 Wanarp - ok
    03:04:24.0749 5248 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    03:04:24.0750 5248 Wanarpv6 - ok
    03:04:24.0799 5248 wbengine (f0e594dd07b2163df9f5d5b6b471ddfa) C:\Windows\system32\wbengine.exe
    03:04:24.0817 5248 wbengine - ok
    03:04:24.0842 5248 wcncsvc (f3a5c2e1a6533192b070d06ecf6be796) C:\Windows\System32\wcncsvc.dll
    03:04:24.0849 5248 wcncsvc - ok
    03:04:24.0855 5248 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
    03:04:24.0859 5248 WcsPlugInService - ok
    03:04:24.0867 5248 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
    03:04:24.0869 5248 Wd - ok
    03:04:24.0897 5248 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
    03:04:24.0903 5248 Wdf01000 - ok
    03:04:24.0910 5248 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
    03:04:24.0914 5248 WdiServiceHost - ok
    03:04:24.0917 5248 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
    03:04:24.0921 5248 WdiSystemHost - ok
    03:04:24.0933 5248 WebClient (cf9a5f41789b642db967021de06a2713) C:\Windows\System32\webclnt.dll
    03:04:24.0939 5248 WebClient - ok
    03:04:24.0949 5248 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
    03:04:24.0954 5248 Wecsvc - ok
    03:04:24.0961 5248 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
    03:04:24.0965 5248 wercplsupport - ok
    03:04:24.0975 5248 WerSvc (fd1965aaa112c6818a30ab02742d0461) C:\Windows\System32\WerSvc.dll
    03:04:24.0979 5248 WerSvc - ok
    03:04:24.0989 5248 WimFltr (090a2b8f055343815556a01f725f6c35) C:\Windows\system32\DRIVERS\wimfltr.sys
    03:04:24.0992 5248 WimFltr - ok
    03:04:25.0030 5248 winachsf (5a77ac34a0ffb70ce8b35b524fede9ba) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
    03:04:25.0039 5248 winachsf - ok
    03:04:25.0058 5248 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
    03:04:25.0061 5248 WinDefend - ok
    03:04:25.0067 5248 WinHttpAutoProxySvc - ok
    03:04:25.0083 5248 Winmgmt (00b79a7c984678f24cf052e5beb3a2f5) C:\Windows\system32\wbem\WMIsvc.dll
    03:04:25.0086 5248 Winmgmt - ok
    03:04:25.0150 5248 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
    03:04:25.0174 5248 WinRM - ok
    03:04:25.0187 5248 WinUSB (f03110711b17ad31271cb2baf0dbb2b1) C:\Windows\system32\DRIVERS\WinUSB.sys
    03:04:25.0189 5248 WinUSB - ok
    03:04:25.0219 5248 Wlansvc (275f4346e569df56cfb95243bd6f6ff0) C:\Windows\System32\wlansvc.dll
    03:04:25.0228 5248 Wlansvc - ok
    03:04:25.0232 5248 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
    03:04:25.0233 5248 WmiAcpi - ok
    03:04:25.0249 5248 wmiApSrv (aba4cf9f856d9a3a25f4ddd7690a6e9d) C:\Windows\system32\wbem\WmiApSrv.exe
    03:04:25.0251 5248 wmiApSrv - ok
    03:04:25.0302 5248 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
    03:04:25.0317 5248 WMPNetworkSvc - ok
    03:04:25.0329 5248 WPCSvc (5d94cd167751294962ba238d82dd1bb8) C:\Windows\System32\wpcsvc.dll
    03:04:25.0334 5248 WPCSvc - ok
    03:04:25.0340 5248 WPDBusEnum (396d406292b0cd26e3504ffe82784702) C:\Windows\system32\wpdbusenum.dll
    03:04:25.0346 5248 WPDBusEnum - ok
    03:04:25.0355 5248 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
    03:04:25.0357 5248 WpdUsb - ok
    03:04:25.0407 5248 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    03:04:25.0421 5248 WPFFontCache_v0400 - ok
    03:04:25.0427 5248 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
    03:04:25.0428 5248 ws2ifsl - ok
    03:04:25.0434 5248 wscsvc (683dd16b590372f2c9661d277f35e49c) C:\Windows\system32\wscsvc.dll
    03:04:25.0439 5248 wscsvc - ok
    03:04:25.0442 5248 WSearch - ok
    03:04:25.0543 5248 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
    03:04:25.0579 5248 wuauserv - ok
    03:04:25.0624 5248 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
    03:04:25.0626 5248 WUDFRd - ok
    03:04:25.0632 5248 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
    03:04:25.0636 5248 wudfsvc - ok
    03:04:25.0641 5248 XAudio (88af537264f2b818da15479ceeaf5d7c) C:\Windows\system32\DRIVERS\xaudio.sys
    03:04:25.0642 5248 XAudio - ok
    03:04:25.0672 5248 XAudioService (15a317674a08df26be65164d959e9203) C:\Windows\system32\DRIVERS\xaudio.exe
    03:04:25.0674 5248 XAudioService - ok
    03:04:25.0693 5248 yukonwlh (67e3d2af24c3873e6a0cac89de78d63b) C:\Windows\system32\DRIVERS\yk60x86.sys
    03:04:25.0697 5248 yukonwlh - ok
    03:04:25.0704 5248 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
    03:04:25.0978 5248 \Device\Harddisk0\DR0 - ok
    03:04:26.0050 5248 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
    03:04:26.0052 5248 \Device\Harddisk1\DR1 - ok
    03:04:26.0055 5248 Boot (0x1200) (ca674a5cdb66b5729ad7b0d103c757e8) \Device\Harddisk0\DR0\Partition0
    03:04:26.0055 5248 \Device\Harddisk0\DR0\Partition0 - ok
    03:04:26.0057 5248 Boot (0x1200) (9cede0656759ce8bb281a573de0c2d3e) \Device\Harddisk1\DR1\Partition0
    03:04:26.0058 5248 \Device\Harddisk1\DR1\Partition0 - ok
    03:04:26.0059 5248 ============================================================
    03:04:26.0059 5248 Scan finished
    03:04:26.0059 5248 ============================================================
    03:04:26.0064 4056 Detected object count: 0
    03:04:26.0064 4056 Actual detected object count: 0
     
  18. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Looks good :)

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  19. daveym1983

    daveym1983 TS Rookie Topic Starter Posts: 30

    ComboFix 12-05-27.01 - David 27/05/2012 11:38:47.2.2 - x86
    Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.353.1033.18.3038.1767 [GMT 1:00]
    Running from: c:\users\David\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\security\Database\tmp.edb
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-04-27 to 2012-05-27 )))))))))))))))))))))))))))))))
    .
    .
    2012-05-27 10:45 . 2012-05-27 10:45 -------- d-----w- c:\users\Public\AppData\Local\temp
    2012-05-27 10:45 . 2012-05-27 10:45 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-05-27 10:45 . 2012-05-27 10:45 -------- d-----w- c:\users\Administrator\AppData\Local\temp
    2012-05-26 23:16 . 2012-05-26 23:26 -------- d-----w- c:\users\David\AppData\Roaming\ImgBurn
    2012-05-26 22:40 . 2012-05-26 22:40 -------- d-----w- c:\program files\ImgBurn
    2012-05-23 18:24 . 2007-03-14 21:54 332800 ----a-w- c:\program files\Mozilla Firefox\GETxPUD\WGET.EXE
    2012-05-23 18:24 . 2006-03-17 19:39 147456 ----a-w- c:\program files\Mozilla Firefox\GETxPUD\BurnCDCC.exe
    2012-05-16 18:51 . 2012-04-18 02:06 6734704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{602D7B5C-D2D3-4A8F-BE5E-74DF134EB8D1}\mpengine.dll
    2012-04-29 22:06 . 2010-02-18 14:11 190464 ----a-w- c:\windows\system32\iphlpsvc.dll
    2012-04-29 22:06 . 2010-02-18 11:52 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
    2012-04-27 23:34 . 2012-04-27 23:34 -------- d-----w- c:\program files\Mozilla Maintenance Service
    2012-04-27 23:34 . 2012-04-27 23:34 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
    2012-04-27 23:34 . 2012-04-27 23:34 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-05-06 13:26 . 2012-04-09 17:56 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-05-06 13:26 . 2011-05-19 20:09 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-05-06 13:26 . 2012-04-14 02:26 4140192 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
    2012-04-27 23:34 . 2011-09-16 18:35 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    2010-08-11 21:36 . 2009-11-15 20:25 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
    2010-10-13 22:28 . 2010-09-29 21:32 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48}"= "c:\program files\Celebrity Toolbar\tbhelper.dll" [2009-05-07 355840]
    .
    [HKEY_CLASSES_ROOT\clsid\{1c4ab6a5-595f-4e86-b15f-f93cce2bbd48}]
    [HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook.1]
    [HKEY_CLASSES_ROOT\TypeLib\{1EA6B471-CAD2-419a-9539-0586EEFE2D09}]
    [HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0C37B053-FD68-456a-82E1-D788EE342E6F}]
    2009-05-07 21:46 2642432 ----a-w- c:\program files\Celebrity Toolbar\tbcore3.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\program files\Celebrity Toolbar\tbcore3.dll" [2009-05-07 2642432]
    .
    [HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
    [HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
    [HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
    [HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\program files\Celebrity Toolbar\tbcore3.dll" [2009-05-07 2642432]
    .
    [HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
    [HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
    [HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
    [HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
    @="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
    [HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
    2008-06-19 19:04 2957312 ----a-w- c:\program files\Protector Suite QL\farchns.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
    @="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
    [HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
    2008-06-19 19:04 2957312 ----a-w- c:\program files\Protector Suite QL\farchns.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2008-06-28 262144]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
    "Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="RtHDVCpl.exe" [2008-07-11 6244896]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-10 835584]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-23 13543968]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-23 92704]
    "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-14 623992]
    "ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2008-04-04 317280]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
    "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-11 30192]
    "PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2008-06-19 48904]
    "MarketingTools"="c:\program files\Sony\Marketing Tools\MarketingTools.exe" [2008-08-20 24576]
    "AML"="c:\program files\Sony\VAIO Launcher\AML.exe" [2008-06-13 1097728]
    "Run StartupMonitor"="StartupMonitor.exe" [2000-05-20 86016]
    "googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-7-1 768552]
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "DisableCAD"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
    2008-06-19 18:51 90112 ----a-w- c:\windows\System32\psqlpwd.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
    2008-07-16 01:04 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "mixer3"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Notification Packages REG_MULTI_SZ scecli psqlpwd
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 257696]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs REG_MULTI_SZ BthServ
    getPlusHelper REG_MULTI_SZ getPlusHelper
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    HPService REG_MULTI_SZ HPSLPSVC
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-05-27 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 13:26]
    .
    2012-05-20 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-20 18:12]
    .
    2012-05-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-01 20:25]
    .
    2012-05-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-01 20:25]
    .
    2012-05-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1606192458-1090443840-3868715709-1000Core.job
    - c:\users\David\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-06 09:06]
    .
    2012-05-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1606192458-1090443840-3868715709-1000UA.job
    - c:\users\David\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-06 09:06]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.ie/
    uInternet Settings,ProxyOverride = *.local
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    TCP: DhcpNameServer = 192.168.1.254
    FF - ProfilePath - c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\knnxaer7.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.ie/ig
    FF - prefs.js: network.proxy.type - 0
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-05-27 11:45
    Windows 6.0.6001 Service Pack 1 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 6.0.6001 Disk: Intel___ rev.1.0. -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    .
    device: opened successfully
    user: MBR read successfully
    kernel: MBR read successfully
    user != kernel MBR !!!
    sectors 250081278 (+255): user != kernel
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-1606192458-1090443840-3868715709-1000\Software\G*e*n*I*e*"!\FM Genie Scout 10]
    @Allowed: (Read) (RestrictedCode)
    "GameDir"="c:\\Users\\David\\Documents\\Sports Interactive\\Football Manager 2010\\games"
    "ShortlistDir"=""
    "ScreenshotsDir"="c:\\Users\\David\\Documents\\Sports Interactive\\Football Manager 2010"
    "SaveDir"="c:\\Users\\David\\Documents\\Sports Interactive\\Football Manager 2010\\"
    "HistoryDir"="c:\\Users\\David\\AppData\\Local\\Temp\\Rar$EX00.502\\FM Genie Scout 10\\History Points"
    "LangDB"="c:\\program files\\steam\\steamapps\\common\\football manager 2010\\data\\updates\\update-1030\\db\\1030\\lang_db.dat"
    "LastSaveGame"="c:\\Users\\David\\Documents\\Sports Interactive\\Football Manager 2010\\games\\hoops.fm"
    "Language"="English"
    "LoadLangDB"=dword:00000001
    "CompressHistoryPoints"=dword:00000000
    "HighlightedAttributes"=dword:00000000
    "MinCondition"=dword:00000050
    "GraphStep"=dword:00000000
    "SkinName"="Steklo Black"
    "LastUpdateCheck"=dword:00009d94
    "HighQualityGUI"=dword:00000001
    "AutomaticallyUpdateCheck"=dword:00000001
    "AdvancedGeneration"=dword:00000000
    "TranslateStaffSkills"=dword:00000001
    "TranslatePlayerSkills"=dword:00000001
    "TranslatePositions"=dword:00000001
    "ShowHistory"=dword:00000001
    "Version"=dword:00000074
    "UniqueID"="65-E780-E62F"
    "Currency"=dword:00000056
    "UseProxy"=dword:00000000
    "ProxyHost"=""
    "ProxyPort"=""
    "UseAuthentication"=dword:00000000
    "UserName"=""
    "UserPassword"=""
    .
    [HKEY_USERS\S-1-5-21-1606192458-1090443840-3868715709-1000\Software\G*e*n*I*e*"!\FM Genie Scout 11]
    @Allowed: (Read) (RestrictedCode)
    "GameDir"="c:\\Users\\David\\Documents\\Sports Interactive\\Football Manager 2011\\games"
    "ShortlistDir"=""
    "FMPath"="c:\\program files\\steam\\steamapps\\common\\football manager 2011\\"
    "ScreenshotsDir"="c:\\Users\\David\\Documents\\Sports Interactive\\Football Manager 2011"
    "SaveDir"="c:\\Users\\David\\Documents\\Sports Interactive\\Football Manager 2011\\"
    "HistoryDir"="c:\\FM Genie Scout 11\\History Points"
    "LangDB"="c:\\program files\\steam\\steamapps\\common\\football manager 2011\\data\\updates\\update-1130\\db\\1130\\lang_db.dat"
    "LastSaveGame"="c:\\Users\\David\\Documents\\Sports Interactive\\Football Manager 2011\\games\\stras 18th.fm"
    "Language"="English"
    "LoadLangDB"=dword:00000001
    "CompressHistoryPoints"=dword:00000000
    "HighlightedAttributes"=dword:00000000
    "MinCondition"=dword:00000050
    "GraphStep"=dword:00000000
    "SkinName"="PSV Eindhoven"
    "LastUpdateCheck"=dword:00009f6c
    "HighQualityGUI"=dword:00000001
    "AutomaticallyUpdateCheck"=dword:00000001
    "AdvancedGeneration"=dword:00000000
    "TranslateStaffSkills"=dword:00000001
    "TranslatePlayerSkills"=dword:00000001
    "TranslatePositions"=dword:00000001
    "ShowHistory"=dword:00000001
    "Version"=dword:00000081
    "UniqueID"="65-E780-E62F"
    "UseProxy"=dword:00000000
    "ProxyHost"=""
    "ProxyPort"=""
    "UseAuthentication"=dword:00000000
    "UserName"=""
    "UserPassword"=""
    "PlayerSearchFeatureNum"=dword:00000011
    "StaffSearchFeatureNum"=dword:00000000
    "ClubSearchFeatureNum"=dword:00000002
    "FilterByClubFeatureNum"=dword:00000008
    "CompareFeatureNum"=dword:00000000
    "ShortlistFeatureNum"=dword:00000000
    "ExportFeatureNum"=dword:00000000
    "HistoryFeatureNum"=dword:00000000
    "LanguageDBFeatureNum"=dword:00000014
    "HintsFeatureNum"=dword:00000000
    "GenieReportFeatureNum"=dword:00000000
    "TopFormationFeatureNum"=dword:00000000
    "ScreenshotFeatureNum"=dword:00000000
    "Currency"=dword:00000056
    "VersionOf"=dword:0000007b
    .
    [HKEY_USERS\S-1-5-21-1606192458-1090443840-3868715709-1000\Software\G*e*n*I*e*"!\FM Genie Scout 11g]
    @Allowed: (Read) (RestrictedCode)
    "PicturesNumber"=dword:00000000
    .
    [HKEY_USERS\S-1-5-21-1606192458-1090443840-3868715709-1000\Software\G*e*n*I*e*"!\FM Genie Scout 2009 XE]
    "GameDir"="c:\\Users\\David\\Documents\\Sports Interactive\\Football Manager 2009\\games"
    "ShortlistDir"="c:\\Users\\David\\Documents\\Sports Interactive\\Football Manager 2009\\shortlists"
    "ScreenshotsDir"="c:\\Users\\David\\Documents\\Sports Interactive\\Football Manager 2009"
    "SaveDir"="c:\\Users\\David\\Documents\\Sports Interactive\\Football Manager 2009\\"
    "HistoryDir"="c:\\Users\\David\\AppData\\Local\\Temp\\Rar$EX00.705\\FM Genie Scout 2009 XE\\History Points"
    "LangDB"=""
    "LastSaveGame"=""
    "Language"="English"
    "LoadLangDB"=dword:00000000
    "CompressHistoryPoints"=dword:00000000
    "HighlightedAttributes"=dword:00000000
    "MinCondition"=dword:00000032
    "GraphStep"=dword:00000000
    "SkinName"="Steklo Black"
    "LastUpdateCheck"=dword:00000000
    "HighQualityGUI"=dword:00000000
    "AutomaticallyUpdateCheck"=dword:00000001
    "AdvancedGeneration"=dword:00000000
    "TranslateStaffSkills"=dword:00000001
    "TranslatePlayerSkills"=dword:00000001
    "TranslatePositions"=dword:00000001
    "ShowHistory"=dword:00000001
    "Version"=dword:00000067
    "UniqueID"="65-E780-E62F"
    "UseProxy"=dword:00000000
    "ProxyHost"=""
    "ProxyPort"=""
    "UseAuthentication"=dword:00000000
    "UserName"=""
    "UserPassword"=""
    "Currency"=dword:0000001c
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b4
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'lsass.exe'(756)
    c:\windows\system32\psqlpwd.dll
    c:\program files\Protector Suite QL\homefus2.dll
    c:\program files\Protector Suite QL\infra.dll
    .
    Completion time: 2012-05-27 11:47:23
    ComboFix-quarantined-files.txt 2012-05-27 10:47
    .
    Pre-Run: 18,239,995,904 bytes free
    Post-Run: 18,777,104,384 bytes free
    .
    - - End Of File - - 394955FBDC2315D80C4587C2C1D9389B
     
  20. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Looks good.

    Any current issues?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\tasks\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /I " " /c
    dir /b "%systemroot%\*.exe" | find /I " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  21. daveym1983

    daveym1983 TS Rookie Topic Starter Posts: 30

    Thanks for all the help.

    Only issue I have at the moment is a rundll32 error I get whenever I try to change screensaver/display settings/theme saying "Windows host process (Rundll32) has stopped working". Not sure if this is related to any malware/viruses or just an error with windows?

    OTL logfile created on: 28/05/2012 20:22:56 - Run 1
    OTL by OldTimer - Version 3.2.43.2 Folder = C:\Users\David\Downloads
    Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.19088)
    Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

    2.97 Gb Total Physical Memory | 1.67 Gb Available Physical Memory | 56.20% Memory free
    6.14 Gb Paging File | 4.93 Gb Available in Paging File | 80.36% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 106.96 Gb Total Space | 16.94 Gb Free Space | 15.83% Space Free | Partition Type: NTFS
    Drive D: | 465.75 Gb Total Space | 363.95 Gb Free Space | 78.14% Space Free | Partition Type: NTFS

    Computer Name: SONY-LAPTOP | User Name: David | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/05/28 20:17:00 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\David\Downloads\OTL.exe
    PRC - [2011/11/28 19:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2011/11/28 19:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2009/01/02 13:05:42 | 003,098,152 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe
    PRC - [2008/10/29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2008/10/14 22:38:56 | 000,623,992 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
    PRC - [2008/08/20 22:42:52 | 000,024,576 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
    PRC - [2008/07/31 23:27:48 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    PRC - [2008/07/16 02:04:08 | 000,182,112 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
    PRC - [2008/07/16 02:04:08 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
    PRC - [2008/07/11 12:45:49 | 000,098,304 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RTKAUDIOSERVICE.EXE
    PRC - [2008/07/01 16:56:38 | 002,247,208 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
    PRC - [2008/07/01 16:56:38 | 000,768,552 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    PRC - [2008/06/28 05:01:36 | 000,299,008 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Network Utility\NSUService.exe
    PRC - [2008/06/28 05:01:34 | 000,262,144 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Network Utility\LANUtil.exe
    PRC - [2008/06/20 16:56:44 | 000,415,744 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
    PRC - [2008/06/20 03:53:20 | 001,771,360 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
    PRC - [2008/06/20 03:53:20 | 000,411,488 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe
    PRC - [2008/06/19 19:52:28 | 000,045,056 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\upeksvr.exe
    PRC - [2008/06/19 19:35:52 | 000,053,512 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\psqltray.exe
    PRC - [2008/06/19 16:55:48 | 000,279,848 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
    PRC - [2008/06/17 17:00:34 | 001,249,280 | ---- | M] (Time Information Services Ltd.) -- C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe
    PRC - [2008/06/12 03:46:10 | 000,866,144 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
    PRC - [2008/05/22 22:23:10 | 000,192,512 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
    PRC - [2008/05/22 16:05:06 | 000,474,624 | ---- | M] (Nokia Corporation) -- C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
    PRC - [2008/05/01 03:41:12 | 000,815,104 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    PRC - [2008/05/01 03:10:10 | 000,466,944 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    PRC - [2008/04/16 01:54:42 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    PRC - [2008/04/16 01:54:40 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    PRC - [2008/04/04 04:03:38 | 000,317,280 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\ISB Utility\ISBMgr.exe
    PRC - [2007/09/11 08:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
    PRC - [2007/01/05 03:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    PRC - [2000/05/20 18:23:48 | 000,086,016 | ---- | M] () -- C:\Windows\StartupMonitor.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/02/20 19:45:11 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\bf3b757c821a36e6a9c7c1988b39a15d\System.IdentityModel.Selectors.ni.dll
    MOD - [2012/02/20 19:45:09 | 001,070,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\3fb6b9b320c78fa02be3fa8ce26b7559\System.IdentityModel.ni.dll
    MOD - [2012/02/20 19:45:07 | 002,345,472 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\0393b1448497e28ae9bbfed9be19bd3e\System.Runtime.Serialization.ni.dll
    MOD - [2012/02/20 19:45:06 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\06bb41fe681650a017fa2c99e197edf0\SMDiagnostics.ni.dll
    MOD - [2012/02/20 19:45:05 | 017,403,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\0dd1924dbe8ac43b923a28409d351619\System.ServiceModel.ni.dll
    MOD - [2012/02/20 19:44:46 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\c933fd5d1d27f268331890d7ddba8fec\System.ServiceProcess.ni.dll
    MOD - [2012/02/20 19:44:39 | 011,800,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0a1195c6b5fab213527364c9e8b26ef0\System.Web.ni.dll
    MOD - [2012/02/20 19:44:04 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\aa3e053d433c48e1e8c3f436b4de1ed3\System.Configuration.ni.dll
    MOD - [2012/02/20 08:35:18 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll
    MOD - [2012/02/20 08:35:07 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll
    MOD - [2012/02/20 08:35:00 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll
    MOD - [2012/02/20 08:34:13 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll
    MOD - [2012/02/20 08:34:08 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
    MOD - [2010/08/11 22:36:03 | 000,034,816 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\gzlib.dll
    MOD - [2008/07/31 23:30:04 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\SPMDam\3.1.0.6020__1b3c579b6925895f\SPMDam.dll
    MOD - [2008/07/31 23:30:02 | 000,086,016 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\SPMCommon\3.1.0.6020__e3c7096ba83f9295\SPMCommon.dll
    MOD - [2008/07/01 16:43:28 | 000,126,976 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
    MOD - [2000/05/20 18:23:48 | 000,086,016 | ---- | M] () -- C:\Windows\StartupMonitor.exe


    ========== Win32 Services (SafeList) ==========

    SRV - [2012/05/06 14:26:14 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/04/28 00:34:32 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2011/11/28 19:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2011/06/29 15:59:18 | 000,155,344 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
    SRV - [2010/01/25 11:00:54 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper)
    SRV - [2009/11/14 20:31:23 | 000,320,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2009/01/02 13:05:42 | 003,098,152 | ---- | M] (Kontiki Inc.) [Auto | Running] -- C:\Program Files\Kontiki\KService.exe -- (KService)
    SRV - [2008/08/07 12:17:30 | 000,575,488 | ---- | M] (Nokia.) [Disabled | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
    SRV - [2008/07/31 23:27:48 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2008/07/16 02:04:08 | 000,182,112 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
    SRV - [2008/07/11 12:45:49 | 000,098,304 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Windows\RTKAUDIOSERVICE.EXE -- (RtkAudioService)
    SRV - [2008/06/28 05:01:36 | 000,299,008 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\Network Utility\NSUService.exe -- (NSUService)
    SRV - [2008/06/20 16:56:44 | 000,415,744 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
    SRV - [2008/06/20 03:53:20 | 000,411,488 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
    SRV - [2008/06/19 16:55:48 | 000,279,848 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
    SRV - [2008/06/12 07:13:24 | 000,337,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
    SRV - [2008/06/12 07:10:48 | 000,083,232 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper)
    SRV - [2008/05/22 22:23:10 | 000,192,512 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
    SRV - [2008/05/22 22:21:44 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
    SRV - [2008/05/21 03:05:40 | 000,353,568 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHDms.exe -- (SOHDms)
    SRV - [2008/05/21 03:05:40 | 000,103,712 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe -- (SOHCImp)
    SRV - [2008/05/21 03:05:40 | 000,062,752 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHDs.exe -- (SOHDs)
    SRV - [2008/05/20 09:51:34 | 000,077,824 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
    SRV - [2008/05/20 09:49:04 | 000,053,248 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
    SRV - [2008/05/20 09:29:06 | 000,053,248 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
    SRV - [2008/05/01 03:41:12 | 000,815,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
    SRV - [2008/05/01 03:10:10 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
    SRV - [2008/04/16 01:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
    SRV - [2008/01/21 03:21:41 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2007/09/11 08:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
    SRV - [2007/01/05 03:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\Drivers\PROCEXP151.SYS -- (PROCEXP151)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\David\AppData\Local\Temp\catchme.sys -- (catchme)
    DRV - [2011/11/28 18:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
    DRV - [2011/11/28 18:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2011/11/28 18:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2011/11/28 18:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2011/11/28 18:52:07 | 000,055,128 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV - [2011/11/28 18:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2010/09/18 16:14:52 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri)
    DRV - [2009/07/30 21:10:06 | 000,114,672 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\keyscrambler.sys -- (KeyScrambler)
    DRV - [2009/04/06 08:13:52 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
    DRV - [2009/04/06 08:13:52 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
    DRV - [2008/07/23 01:01:44 | 007,541,248 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2008/07/23 01:01:41 | 000,044,064 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
    DRV - [2008/07/12 00:42:58 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
    DRV - [2008/07/11 15:04:57 | 000,979,584 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVerAVF2.sys -- (AVerAVF2)
    DRV - [2008/07/02 05:10:56 | 000,052,752 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr_cfs.sys -- (JMCR_CFS)
    DRV - [2008/06/28 01:33:45 | 000,068,608 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
    DRV - [2008/06/21 01:03:04 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\risdptsk.sys -- (risdptsk)
    DRV - [2008/06/07 01:02:55 | 000,131,000 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
    DRV - [2008/06/06 10:24:44 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
    DRV - [2008/05/07 08:38:36 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
    DRV - [2008/05/07 08:38:20 | 000,020,864 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
    DRV - [2008/05/07 08:38:20 | 000,017,536 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
    DRV - [2008/04/28 14:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
    DRV - [2008/03/26 15:56:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
    DRV - [2008/03/26 15:55:00 | 000,019,840 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
    DRV - [2008/03/26 15:55:00 | 000,012,800 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
    DRV - [2008/03/10 12:01:26 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
    DRV - [2008/01/25 03:14:25 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
    DRV - [2008/01/21 03:21:34 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
    DRV - [2007/09/17 16:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
    DRV - [2007/04/18 04:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope = {7FF8B97B-5383-4B1C-B78C-E3328B75B3B7}
    IE - HKLM\..\SearchScopes\{7FF8B97B-5383-4B1C-B78C-E3328B75B3B7}: "URL" = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-1606192458-1090443840-3868715709-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
    IE - HKU\S-1-5-21-1606192458-1090443840-3868715709-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
    IE - HKU\S-1-5-21-1606192458-1090443840-3868715709-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-1606192458-1090443840-3868715709-1000\..\URLSearchHook: {1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48} - C:\Program Files\Celebrity Toolbar\tbhelper.dll ()
    IE - HKU\S-1-5-21-1606192458-1090443840-3868715709-1000\..\SearchScopes,DefaultScope = {7FF8B97B-5383-4B1C-B78C-E3328B75B3B7}
    IE - HKU\S-1-5-21-1606192458-1090443840-3868715709-1000\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=SWOyhj-j6XiqDliathmeJ-FsTPo?q={searchTerms}
    IE - HKU\S-1-5-21-1606192458-1090443840-3868715709-1000\..\SearchScopes\{7FF8B97B-5383-4B1C-B78C-E3328B75B3B7}: "URL" = http://www.google.com/search?q={sea...&oe={outputEncoding}&sourceid=ie7&rlz=1I7SNYK
    IE - HKU\S-1-5-21-1606192458-1090443840-3868715709-1000\..\SearchScopes\{CDB4725A-6192-44E4-942B-37FF7C9066C4}: "URL" = http://uk.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
    IE - HKU\S-1-5-21-1606192458-1090443840-3868715709-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-1606192458-1090443840-3868715709-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://www.google.ie/ig"
    FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
    FF - prefs.js..extensions.enabledItems: anycolor.pavlos256@gmail.com:0.3.3
    FF - prefs.js..extensions.enabledItems: {D9A7CBEC-DE1A-444f-A092-844461596C4D}:4.5
    FF - prefs.js..extensions.enabledItems: FasterFox_Lite@BigRedBrent:3.9.1Lite
    FF - prefs.js..extensions.enabledItems: {d33c2f7c-b1e6-4d46-ab0e-be1f6d05c904}:2.0.4
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
    FF - prefs.js..extensions.enabledItems: ferronf3@gmail.com:1.9
    FF - prefs.js..extensions.enabledItems: {4ED1F68A-5463-4931-9384-8FFF5ED91D92}:3.4.0
    FF - prefs.js..network.proxy.type: 0
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=3.0: C:\Program Files\Virtual Earth 3D\ [2009/04/10 16:57:57 | 000,000,000 | ---D | M]
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2009/04/10 16:57:57 | 000,000,000 | ---D | M]
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
    FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
    FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=0.8.1: "C:\Program Files\VideoLAN\VLC\mozilla\npvlc.dll" File not found
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\David\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\David\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/11/05 21:35:38 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/07/05 20:11:41 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/12/25 21:23:54 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/02/18 15:44:37 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/04/28 00:34:36 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/25 21:23:53 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/07/05 20:11:41 | 000,000,000 | ---D | M]

    [2008/11/05 19:13:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\David\AppData\Roaming\Mozilla\Extensions
    [2012/05/17 16:44:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\knnxaer7.default\extensions
    [2010/04/27 22:55:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\knnxaer7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2012/05/09 16:01:54 | 000,000,000 | ---D | M] (FT DeepDark) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\knnxaer7.default\extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66}
    [2012/05/17 16:44:01 | 000,000,000 | ---D | M] (WOT) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\knnxaer7.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
    [2011/07/09 01:24:33 | 000,000,000 | ---D | M] (Tiny Menu) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\knnxaer7.default\extensions\{d33c2f7c-b1e6-4d46-ab0e-be1f6d05c904}
    [2011/10/29 14:47:51 | 000,000,000 | ---D | M] ("Default Full Zoom Level") -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\knnxaer7.default\extensions\{D9A7CBEC-DE1A-444f-A092-844461596C4D}
    [2010/08/22 10:38:35 | 000,000,000 | ---D | M] (AnyColor) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\knnxaer7.default\extensions\anycolor.pavlos256@gmail.com
    [2008/11/20 21:47:08 | 000,000,000 | ---D | M] (PC Sync 2 Synchronisation Extension) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\knnxaer7.default\extensions\bkmrksync@nokia.com
    [2010/06/04 19:17:08 | 000,000,000 | ---D | M] ("MultiMediaWebRecorder") -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\knnxaer7.default\extensions\CarCastWebRecorder@inrete.it
    [2012/04/29 22:19:46 | 000,000,000 | ---D | M] (Fasterfox Lite) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\knnxaer7.default\extensions\FasterFox_Lite@BigRedBrent
    [2011/08/14 15:09:55 | 000,000,000 | ---D | M] (Get Back Old Facebook Chat) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\knnxaer7.default\extensions\ferronf3@gmail.com
    [2009/12/25 17:58:17 | 000,000,000 | ---D | M] (KeyScrambler) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\knnxaer7.default\extensions\keyscrambler@qfx.software.corporation
    [2012/05/22 17:50:52 | 000,002,103 | ---- | M] () -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\knnxaer7.default\searchplugins\wot-safe-search.xml
    [2012/03/19 18:53:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2012/02/18 15:44:37 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
    [2011/12/25 21:23:54 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
    [2012/02/12 12:43:20 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KNNXAER7.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
    [2012/04/28 00:34:35 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2010/10/13 23:28:54 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
    [2009/11/06 16:37:19 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
    [2012/02/26 02:07:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2009/11/06 16:37:20 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
    [2012/04/28 00:34:27 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
    [2012/04/28 00:34:27 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012/04/28 00:34:27 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
    [2012/04/28 00:34:27 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
    [2010/06/08 22:44:35 | 000,002,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
    [2012/04/28 00:34:27 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
    [2012/04/28 00:34:27 | 000,001,121 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Shockwave Flash (Disabled) = C:\Users\David\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\David\AppData\Local\Google\Chrome\Application\17.0.963.56\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\David\AppData\Local\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\David\AppData\Local\Google\Chrome\Application\17.0.963.56\pdf.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Browser\nppdf32.dll
    CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
    CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
    CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
    CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
    CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
    CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
    CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
    CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
    CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
    CHR - plugin: getPlusPlus for Adobe 16260 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
    CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
    CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
    CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa2.dll
    CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa3.dll
    CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
    CHR - plugin: Veetle Broadcaster Plugin (Enabled) = C:\Program Files\Veetle\VLCBroadcast\npvbp.dll
    CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
    CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: Splendid = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdfkbdkkfmmckaadapdipihjfaacnkgd\3_0\
    CHR - Extension: Adblock Plus (Beta) = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
    CHR - Extension: avast! WebRep = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1374_0\
    CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
     
  22. daveym1983

    daveym1983 TS Rookie Topic Starter Posts: 30

    O1 HOSTS File: ([2012/05/27 11:45:17 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (MHTBPos00 Class) - {0C37B053-FD68-456a-82E1-D788EE342E6F} - C:\Program Files\Celebrity Toolbar\tbcore3.dll ()
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
    O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google BAE\BAE.dll (Your Company Name)
    O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (Celebrity Toolbar) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Celebrity Toolbar\tbcore3.dll ()
    O3 - HKU\S-1-5-21-1606192458-1090443840-3868715709-1000\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
    O3 - HKU\S-1-5-21-1606192458-1090443840-3868715709-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKU\S-1-5-21-1606192458-1090443840-3868715709-1000\..\Toolbar\WebBrowser: (Celebrity Toolbar) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Celebrity Toolbar\tbcore3.dll ()
    O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
    O4 - HKLM..\Run: [AML] C:\Program Files\Sony\VAIO Launcher\AML.exe (Sony)
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
    O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
    O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
    O4 - HKLM..\Run: [MarketingTools] C:\Program Files\Sony\Marketing Tools\MarketingTools.exe (Sony Corporation)
    O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.)
    O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [Run StartupMonitor] C:\Windows\StartupMonitor.exe ()
    O4 - HKU\S-1-5-21-1606192458-1090443840-3868715709-1000..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe (Time Information Services Ltd.)
    O4 - HKU\S-1-5-21-1606192458-1090443840-3868715709-1000..\Run: [NSUFloatingUI] C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-21-1606192458-1090443840-3868715709-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1606192458-1090443840-3868715709-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-21-1606192458-1090443840-3868715709-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-1606192458-1090443840-3868715709-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
    O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8A6E4EFB-BE48-4C95-B171-A5176696F996}: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A575AA6B-D6D6-4D3C-BEAD-63611D847F94}: DhcpNameServer = 192.168.1.254
    O18 - Protocol\Handler\dssrequest - No CLSID value found
    O18 - Protocol\Handler\sacore - No CLSID value found
    O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
    O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\System32\vrlogon.dll (UPEK Inc.)
    O20 - Winlogon\Notify\psfus: DllName - (C:\Windows\system32\psqlpwd.dll) - C:\Windows\System32\psqlpwd.dll (UPEK Inc.)
    O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
    O24 - Desktop WallPaper: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
    O24 - Desktop BackupWallPaper: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    Drivers32: msacm.avis - C:\Windows\System32\ff_acm.acm ()
    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\Windows\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
    Drivers32: VIDC.dvsd - C:\Program Files\Common Files\Sony Shared\VideoLib\sonydv.dll (Sony Corporation)
    Drivers32: vidc.ffds - C:\Windows\System32\ff_vfw.dll ()
    Drivers32: vidc.X264 - C:\Windows\System32\x264vfw.dll ()
    Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/05/27 11:51:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/05/27 11:51:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/05/27 11:51:26 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2012/05/27 11:51:26 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2012/05/27 11:47:28 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/05/27 11:36:55 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/05/27 11:36:55 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/05/27 11:36:55 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/05/27 11:36:47 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2012/05/27 11:36:45 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/05/27 11:07:27 | 004,529,532 | R--- | C] (Swearware) -- C:\Users\David\Desktop\ComboFix.exe
    [2012/05/27 03:03:34 | 002,126,936 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\David\Desktop\TDSSKiller.exe
    [2012/05/27 00:16:03 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\ImgBurn
    [2012/05/26 23:40:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
    [2012/05/26 23:40:38 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn
    [2012/05/22 23:06:50 | 000,083,968 | ---- | C] (Esage Lab) -- C:\Users\David\Desktop\boot_cleaner.exe
    [2012/05/16 19:34:45 | 000,000,000 | ---D | C] -- C:\Config.Msi

    ========== Files - Modified Within 30 Days ==========

    [2012/05/28 20:26:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/05/28 19:54:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1606192458-1090443840-3868715709-1000UA.job
    [2012/05/28 19:46:43 | 000,219,731 | ---- | M] () -- C:\ProgramData\nvModes.dat
    [2012/05/28 19:46:43 | 000,219,731 | ---- | M] () -- C:\ProgramData\nvModes.001
    [2012/05/28 19:46:18 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/05/28 19:42:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/05/28 19:25:22 | 000,648,292 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/05/28 19:25:22 | 000,126,266 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012/05/28 19:17:31 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/05/28 19:17:31 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/05/28 19:17:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/05/27 15:03:29 | 000,002,140 | ---- | M] () -- C:\Windows\bthservsdp.dat
    [2012/05/27 11:45:17 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2012/05/27 11:07:35 | 004,529,532 | R--- | M] (Swearware) -- C:\Users\David\Desktop\ComboFix.exe
    [2012/05/27 03:01:02 | 000,418,704 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2012/05/26 23:54:01 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1606192458-1090443840-3868715709-1000Core.job
    [2012/05/23 08:16:44 | 002,126,936 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\David\Desktop\TDSSKiller.exe
    [2012/05/20 11:23:01 | 000,000,820 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
    [2012/05/16 17:13:18 | 000,121,344 | ---- | M] () -- C:\Users\David\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    ========== Files Created - No Company Name ==========

    [2012/05/27 11:36:55 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/05/27 11:36:55 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/05/27 11:36:55 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/05/27 11:36:55 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/05/27 11:36:55 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/05/26 23:40:39 | 000,001,662 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
    [2011/07/12 17:31:36 | 000,000,000 | ---- | C] () -- C:\Users\David\AppData\Local\{E99CA243-FC3D-4368-A680-35C8D645E6C5}
    [2011/07/05 20:05:12 | 000,208,151 | ---- | C] () -- C:\Windows\hpoins43.dat
    [2011/07/05 20:05:12 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl43.dat
    [2010/12/17 00:09:28 | 000,000,056 | ---- | C] () -- C:\Windows\System32\ezsidmv.dat

    ========== LOP Check ==========

    [2008/11/30 18:44:51 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\.BitTornado
    [2010/03/14 21:05:46 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\COWON
    [2012/05/27 00:26:20 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\ImgBurn
    [2008/11/10 20:26:04 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\InterVideo
    [2012/02/13 21:55:55 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\IObit
    [2009/05/12 20:59:46 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\LG Electronics
    [2008/11/20 21:48:20 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Nokia
    [2008/11/20 21:48:33 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\PC Suite
    [2011/10/29 18:49:42 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Sports Interactive
    [2009/01/28 00:57:13 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Template
    [2011/12/11 03:00:01 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\UseNeXT
    [2012/02/16 01:05:48 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\IObit
    [2012/02/16 01:05:48 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\IObit
    [2012/05/27 15:03:29 | 000,032,652 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========

    < %SYSTEMDRIVE%\*.* >
    [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2008/01/21 03:22:49 | 000,333,203 | RHS- | M] () -- C:\bootmgr
    [2008/07/31 21:32:16 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
    [2012/05/27 11:47:23 | 000,019,470 | ---- | M] () -- C:\ComboFix.txt
    [2006/09/18 22:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2008/08/20 22:37:03 | 000,000,188 | ---- | M] () -- C:\Installer_Setup.log
    [2012/02/19 19:34:15 | 000,048,683 | ---- | M] () -- C:\JavaRa.log
    [2008/11/09 17:57:17 | 000,024,058 | ---- | M] () -- C:\output.log
    [2012/05/28 19:17:21 | 3500,290,048 | -HS- | M] () -- C:\pagefile.sys
    [2012/05/27 03:11:19 | 000,139,474 | ---- | M] () -- C:\TDSSKiller.2.7.37.0_27.05.2012_03.03.54_log.txt
    [2008/08/20 22:27:11 | 000,386,282 | ---- | M] () -- C:\vcredist_x86.log
    [2010/04/18 21:06:02 | 000,005,474 | ---- | M] () -- C:\WirelessDiagLog.csv

    < %systemroot%\Fonts\*.com >
    [2006/11/02 13:35:26 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2006/11/02 13:35:26 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2006/11/02 13:35:26 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2006/11/02 13:35:26 | 000,030,808 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2006/09/18 22:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2009/04/16 14:08:20 | 000,312,832 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\hpfpp70v.dll
    [2006/11/02 13:34:09 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
    [2006/10/26 20:58:12 | 000,030,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\mdippr.dll
    [2006/10/27 03:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\msonpppr.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2011/11/28 19:01:25 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
    [2009/07/10 13:15:46 | 000,306,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2008/01/21 03:41:56 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2008/07/31 21:32:04 | 013,733,888 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
    [2008/07/31 21:31:59 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
    [2008/07/31 21:32:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
    [2008/07/31 21:32:13 | 017,604,608 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
    [2008/07/31 21:32:14 | 006,713,344 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >

    < %USERPROFILE%\Desktop\*.exe >
    [2011/09/20 03:02:40 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Users\David\Desktop\boot_cleaner.exe
    [2012/05/27 11:07:35 | 004,529,532 | R--- | M] (Swearware) -- C:\Users\David\Desktop\ComboFix.exe
    [2012/05/23 08:16:44 | 002,126,936 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\David\Desktop\TDSSKiller.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\tasks\*.* >
    [2012/05/28 20:26:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/05/20 11:23:01 | 000,000,820 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
    [2012/05/28 19:46:18 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/05/28 19:42:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/05/26 23:54:01 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1606192458-1090443840-3868715709-1000Core.job
    [2012/05/28 19:54:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1606192458-1090443840-3868715709-1000UA.job
    [2012/05/28 19:17:42 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
    [2012/05/27 15:03:29 | 000,032,652 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >
    [2010/09/21 20:40:19 | 000,083,968 | ---- | M] (eSage Lab) -- C:\Users\David\remover.exe

    < %systemroot%\ADDINS\*.* >
    [2006/11/02 13:33:56 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >
    [2012/02/20 08:31:36 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
    [2012/02/20 08:31:06 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
    [2008/10/29 03:20:07 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
    [2008/10/29 03:20:07 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2008/10/28 20:30:13 | 000,000,402 | -HS- | M] () -- C:\Users\David\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2011/07/05 20:14:37 | 000,007,743 | ---- | M] () -- C:\ProgramData\hpzinstall.log
    [2012/05/28 19:46:43 | 000,219,731 | ---- | M] () -- C:\ProgramData\nvModes.001

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /I " " /c >

    < dir /b "%systemroot%\*.exe" | find /I " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-05-16 18:56:06

    < End of report >
     
  23. daveym1983

    daveym1983 TS Rookie Topic Starter Posts: 30

    OTL Extras logfile created on: 28/05/2012 20:22:56 - Run 1
    OTL by OldTimer - Version 3.2.43.2 Folder = C:\Users\David\Downloads
    Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.19088)
    Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

    2.97 Gb Total Physical Memory | 1.67 Gb Available Physical Memory | 56.20% Memory free
    6.14 Gb Paging File | 4.93 Gb Available in Paging File | 80.36% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 106.96 Gb Total Space | 16.94 Gb Free Space | 15.83% Space Free | Partition Type: NTFS
    Drive D: | 465.75 Gb Total Space | 363.95 Gb Free Space | 78.14% Space Free | Partition Type: NTFS

    Computer Name: SONY-LAPTOP | User Name: David | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-1606192458-1090443840-3868715709-1000\SOFTWARE\Classes\<extension>]
    .bat [@ = batfile] -- Reg Error: Key error. File not found
    .html [@ = htmlfile] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
    Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
    Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{1E0575B5-10A9-4401-BAE6-8A5DA810A66F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{1E454BA2-A142-4D7F-823B-24397C64CC48}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{48428F88-1117-46BB-BF97-EB01E3295DFD}" = rport=137 | protocol=17 | dir=out | app=system |
    "{5A46240A-15C5-467A-AD4A-286517304850}" = lport=138 | protocol=17 | dir=in | app=system |
    "{5D377E9E-ABAA-49F0-AE7F-74F9056B4E8C}" = rport=139 | protocol=6 | dir=out | app=system |
    "{61A93897-741B-41B4-A0AC-444770817FAF}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{6A26A0A8-65C2-4675-8B95-26DCA616AD84}" = rport=445 | protocol=6 | dir=out | app=system |
    "{6DA89D64-9348-49D6-8400-37C5919A5CD7}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
    "{7FA6253C-B3D6-4D58-B3D1-0ABA1D92D2E1}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
    "{84B27C55-8D01-454A-BFE1-1D46D2B4FB52}" = lport=445 | protocol=6 | dir=in | app=system |
    "{A06B1860-0F63-4A17-81CD-B7154EF81956}" = lport=139 | protocol=6 | dir=in | app=system |
    "{A21F4630-F435-40DE-B60C-1072874AE464}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{AED28ADA-E509-4BCB-A084-F3A62404DECD}" = rport=138 | protocol=17 | dir=out | app=system |
    "{C9E6C4DB-6415-4A06-94C3-F718052A58C9}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
    "{F05445CF-305A-4211-B814-16B18125F6F4}" = lport=137 | protocol=17 | dir=in | app=system |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{042DEF76-2FFC-41F4-A92F-ED68C7F346FB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{093C5B72-FE17-4C2E-9F33-E825623E7B57}" = protocol=17 | dir=in | app=c:\program files\google\google talk\googletalk.exe |
    "{0D4EF8DB-36D5-4CE9-8E82-2CC0CB14E39A}" = protocol=6 | dir=in | app=c:\program files\kontiki\kservice.exe |
    "{0D67D80D-B427-4910-98FC-F2044E5819DF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
    "{0E6FBE4D-D390-4941-9AE6-74B38D5337C9}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
    "{0F837844-F4B6-4B44-8BCB-FCEAAC175170}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{0F91A068-E6BA-4C58-B2E5-66D568DC946B}" = protocol=6 | dir=in | app=c:\program files\google\google talk\googletalk.exe |
    "{1A3554FD-94A4-49D7-91A8-8C421678AD49}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe |
    "{2CAE3043-789E-413E-8BEE-E832664E4782}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
    "{2DF9995B-4A2E-4CB6-A1CD-9A32D126EC25}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
    "{2EB423B6-9FF4-4906-980A-AAD76B15787D}" = dir=in | app=h:\setup\hpznui01.exe |
    "{36286C3D-B4B5-4070-92A1-A8C66ECEBA04}" = protocol=17 | dir=in | app=c:\program files\sports interactive\football manager 2010 demo\fm.exe |
    "{3BB51444-CF7A-421D-BC72-A21946B057AF}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\football manager 2012\fm.exe |
    "{4275A20C-24AD-4EC8-93AF-C4A4AABE7328}" = protocol=17 | dir=in | app=c:\program files\kontiki\kservice.exe |
    "{4A7FCE23-C6EB-4F9F-8B65-FA398EAFAF6C}" = protocol=6 | dir=in | app=c:\program files\relevantknowledge\rlvknlg.exe |
    "{4AE15CC6-FC8B-4084-A675-63BE12C04004}" = protocol=17 | dir=in | app=c:\program files\relevantknowledge\rlvknlg.exe |
    "{4DE3D666-C295-4C85-AEE4-FC9A75CDA1D7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{4EDA0DD6-EAA6-43F0-8CB0-CCCD2D8687DB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
    "{53720762-BB03-46FA-AB9B-BFA297581F82}" = protocol=17 | dir=in | app=c:\program files\relevantknowledge\rlvknlg.exe |
    "{5448E0A0-2426-4D9B-9991-2EFCFEA2DA04}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\football manager 2011\fm.exe |
    "{55EF83D3-1A96-4F36-894E-330EA4630751}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\football manager 2009\fm.exe |
    "{5742AA7E-A03B-44FB-BD29-30035DEA2426}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
    "{597622B7-5096-4326-8B53-29B0CB7321B0}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
    "{5A2DA032-AB59-4F53-BAE3-D6B14BAB5954}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
    "{5C76DC68-83AA-430C-9B9F-9B72F82EC82E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{5DFC91C9-C523-4166-B204-B609FBA6DC52}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
    "{63A68F53-F22D-4DC2-8F1B-80B06867D156}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
    "{693750BD-03BE-4BC7-A64A-FCC711DEA9C2}" = protocol=17 | dir=in | app=c:\program files\kontiki\kservice.exe |
    "{69A94648-D400-43E0-B583-D05AC734866F}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
    "{6FDBB561-522F-4BC0-A800-F9254650DCAA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{6FE39BDC-6971-4999-90FF-81E432E19699}" = protocol=6 | dir=in | app=c:\program files\sports interactive\football manager 2010 demo\fm.exe |
    "{77A04939-8D2E-4479-88A7-A8AF9C4CEF33}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\football manager 2009\fm.exe |
    "{7B929F53-0983-4ADF-98D6-A77DC4A6CDF7}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
    "{7C0F528B-5A62-4069-9146-425CBFAE0D24}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
    "{7FC9269A-2CD3-4993-A159-B5A6A144D34F}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe |
    "{843A0584-FC69-478A-BE60-B4D765309F72}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
    "{851EFF59-9817-4720-BC1E-0753F558B0C6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{9B71A613-B8D1-4A05-9742-BF6E9F87B6BB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
    "{A48FD3F8-D5CF-4C46-AEB1-DAF7A7A51A46}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\football manager 2009\fm.exe |
    "{A65E2B1F-F411-4F1E-B9F5-D4035293A98C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
    "{A8407509-86CB-48EB-8811-BDDC67D2EA1B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{ACA36DA8-C68B-4EF8-940B-27084389B057}" = dir=in | app=c:\program files\itunes\itunes.exe |
    "{B0293F75-7114-4E21-91E2-4A27D9D11D64}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{B2978732-6309-4C58-BF98-912C0223C9B6}" = protocol=6 | dir=in | app=c:\program files\kontiki\kservice.exe |
    "{C49B8222-118C-4F2B-B64C-E1CA41658077}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\football manager 2011\fm.exe |
    "{C5F46FE1-364B-439F-A6AF-3C3DF1896D79}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\football manager 2009\fm.exe |
    "{C916606A-0319-41E6-8FFD-C73BC7EB6AB6}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{C9661140-E95B-496D-A1A0-D3882A7FC7C0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
    "{D5E0D6D4-3612-42F8-AEF5-BFE3B479A1B5}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
    "{D705FE2F-92BB-4FAA-BFD8-E4EC087E4ED2}" = protocol=6 | dir=in | app=c:\users\david\appdata\local\temp\~osaafe.tmp\rlvknlg.exe |
    "{DBF52046-721A-4DD2-A5B1-7EFFFF244DA7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
    "{E0311F77-41D2-4E49-B1ED-D88FF7BBBC49}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe |
    "{E5FF41F6-8448-4564-8679-515A25FBCA9B}" = protocol=6 | dir=in | app=c:\program files\relevantknowledge\rlvknlg.exe |
    "{ECFC76A5-91D9-4D0A-B634-7EA9E43106B8}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\football manager 2012\fm.exe |
    "{EDC4F63A-D86A-44E2-AF8A-D0A49BECDCE0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
    "{EE808A1B-FEB0-4252-BAA5-4664DE97AD50}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe |
    "{FCDB7974-8FE3-47B5-A3AE-18210DFDA8DE}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{009E7FB7-1775-4D89-8956-F5C9A1C019FC}" = DSD Playback Plug-in
    "{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
    "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
    "{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
    "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
    "{0D67FBBE-3F68-4B0B-9647-8F3DE93593AE}" = FMRTE
    "{1316AEF2-E086-46C7-B1FB-8C9A39A2ABF9}" = VAIO Media plus
    "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
    "{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
    "{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
    "{14DCD95A-EBA3-4BF0-B7EF-533852E99BE6}" = LG PC Suite II
    "{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
    "{151CB4B7-FC63-4C72-8A21-5E87EB419DBB}" = Protector Suite QL 5.6
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}" = VAIO Launcher
    "{1A524CFE-DF85-4555-8BC2-0C89DBD8BC2C}" = PC Connectivity Solution
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
    "{2018C019-30D9-4240-8C01-0865C10DCF5A}" = VAIO Presentation Support
    "{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD BD for VAIO
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
    "{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{22C29E59-2EF5-4B64-9B7F-9F7A69BC7D1A}" = FMRTE
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting
    "{26921B2E-3E62-47F9-A514-1FC4A83BD738}" = Intel(R) PROSet/Wireless WiFi Software
    "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
    "{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
    "{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
    "{2D87E961-577B-492B-AD54-1368680FB9A7}" = Virtual Earth 3D (Beta)
    "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
    "{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
    "{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
    "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
    "{326DC400-1FC4-4D7D-946D-06D1EAB93200}" = VAIO Guide 
    "{359FCAA7-B544-4147-AE3B-8C8A526E2427}" = Sony Image Data Suite
    "{363611D9-1106-41F2-B74E-BD8481C41219}" = Click to Disc
    "{3B659FAD-E772-44A3-B7E7-560FF084669F}" = VAIO Smart Network
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
    "{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
    "{3E2C691B-B7E6-4053-B5C3-94B8BC407E7A}" = Adobe Premiere Elements 4.0
    "{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
    "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
    "{472080B7-D6E7-49E8-9383-FF136B8A8C34}" = JMicron JMB368 ExpressCard CF Adapter
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4B41AE13-BA0E-4328-8E83-AD2A0BEB33EB}" = Sky Player
    "{4DA77E56-5B67-4A9D-A79D-2157A08FA84A}" = IPTV
    "{4DB64298-5934-4E27-812D-15FC5A79EE6E}" = ThemeEditor
    "{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
    "{533D0A8A-D7E7-4F15-BC9E-FF2916A6BAA7}" = DSD Direct Player
    "{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy Media Creator 10 LJ
    "{537DB9D6-1AB1-4CE9-8DE7-312256B49A98}" = PS_AIO_06_C4700_SW_Min
    "{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
    "{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic
    "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
    "{5C5EE8F2-0B38-4C13-AE4E-A87A237FE718}" =
    "{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
    "{5F5867F0-2D23-4338-A206-01A76C823924}" = VAIO Power Management
    "{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
    "{6332AFF1-9D9A-429C-AA03-F82749FA4F49}" = SonicStage Mastering Studio
    "{63486834-B10B-4DD4-8216-C8D66A157D7E}_is1" = FMRTE 5.2.3
    "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
    "{68550918-63B5-4762-85CB-3C160AA4B213}" = HP Photosmart C4700 All-in-One Driver Software 14.0 Rel. 6
    "{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
    "{6C50525A-2D77-4C22-B058-9AA2F27ACFF2}" = VAIO Content Metadata Intelligent Analyzing Manager
    "{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
    "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
    "{76EFAC4F-1712-401F-B2AE-590B170C9BCE}" = StartupMonitor
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7E823DA5-43A2-46E8-A75E-5A2A0FDE81A1}" = VAIO Content Metadata Manager Setting
    "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
    "{82D5BACA-3619-4D34-99DB-3A65CFB4DA33}" = DSD Direct
    "{83CDA18E-0BF3-4ACA-872C-B4CDABF2360E}" = VAIO Update 4
    "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8BD60AEF-3F9D-47AE-B80A-FB7FFCE335A0}" = VAIO Movie Story
    "{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
    "{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
    "{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}_PROR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}_PROR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
    "{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
    "{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
    "{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" =
    "{98F96FD4-B867-448B-82A0-8F5F5202E28F}" = IPTV
    "{98FC7A64-774B-49B5-B046-4B4EBC053FA9}" = VAIO MusicBox Sample Music
    "{9973498D-EA29-4A68-BE0B-C88D6E03E928}" = ArcSoft WebCam Companion 2
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9C1C8A04-F8CA-4472-A92D-4288CE32DE86}" = SonicStage Mastering Studio Plugins
    "{A3A1A5F0-0B94-4E69-B3E1-92F25E31BEE9}" = H264 Codecs
    "{A552C4EA-D41E-4C61-A0FB-C0E05440F7D7}" = VAIO Entertainment Platform
    "{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Function Setting
    "{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
    "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
    "{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
    "{AC76BA86-1033-F400-BA7E-000000000003}" = Adobe Acrobat 8 Standard - English, Français, Deutsch
    "{AF145F8997B44EE9B106D018EF1DB58B}" = DivX Converter Mobile
    "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
    "{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story
    "{B3164E9E-BE08-4F3B-94BC-C6D09C0205E1}" = Nokia Connectivity Cable Driver
    "{B513C7B0-024A-498F-B0F5-00C67E2440A9}" = VAIO Content Metadata Intelligent Analyzing Manager
    "{B5978DF3-8A04-4F22-AF67-8CCE52E04B13}" = C4700
    "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
    "{B7C03E84-AF46-42F4-809D-D4127D9086D0}" = VAIO Edit Components 6.4
    "{BACD22AE-5B6B-4F23-B506-3FCFF13AC137}" = VAIO Media plus
    "{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
    "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
    "{C1083DBC-C541-4E8C-91EA-D92397AB9A2C}" = OpenMG Secure Module 5.1.00
    "{C3618839-0E38-4B2F-AD49-3DEAC31D1FFC}" = LG PC Suite II
    "{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
    "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
    "{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
    "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
    "{CB8A8696-93EC-414E-A752-850AB133F68A}" = VAIO Content Metadata XML Interface Library
    "{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
    "{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Music Transfer
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D035FBF6-FDEF-487D-89CA-6F9DD07B783F}" = Dolby Control Center
    "{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
    "{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
    "{D5577624-0626-4C4B-87AA-D966DA1739D6}" = Nokia PC Suite
    "{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
    "{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
    "{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
    "{DF0415CC-0563-407F-B560-9B7F277122C5}" = VAIO BD Menu Data
    "{DF7DB916-90E5-40F2-9010-B8125EB5FD6F}" = SonicStage Mastering Studio Audio Filter
    "{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = COWON Media Center - jetAudio Basic VX
    "{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
    "{E464702F-5433-46EC-8F65-159276C0A54F}" = WIDCOMM Bluetooth Software 6.2.0.4100
    "{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
    "{E6A3770D-C87A-4505-B8C6-A4CF96AC395C}" = SonicStage Mastering Studio
    "{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
    "{EB52A893-E159-4B6C-B184-895EC889F03A}" = eircom broadband usage meter
    "{EC37A846-53AC-4DA7-98FA-76A4E74AA900}" = SonicStage Mastering Studio Audio Filter Custom Preset
    "{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
    "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
    "{EE59BBF9-415C-45DB-8C4B-EE43CF635FEA}" = VAIO Content Metadata XML Interface Library
    "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
    "{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.01.217
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F41D847E-D635-4A60-B3CB-E08CFB24F1F9}" = COWON S9 User's Guide
    "{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
    "{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" =
    "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
    "{F85C7118-F3DC-4ED9-AB27-3E7931EA3D88}" = Adobe Premiere Elements 4.0 Templates
    "{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
    "{FAE36873-1941-4076-A9A5-48812B5EA0B7}" = iTunes
    "{FD72E69E-CF34-4071-BFD6-FD081A365E2C}" = VAIO Content Metadata Intelligent Analyzing Manager
    "{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Easy Media Creator Home
    "{FE697886-F392-4E0D-A0C0-47587BF60992}" = VAIO Content Metadata Manager Setting
    "3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
    "7-Zip" = 7-Zip 4.57
    "9CD348AE9C64C4B939B624E8E24F3903EFDFC82B" = Windows Driver Package - Nokia Modem (05/22/2008 7.00.0.1)
    "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
    "Adobe Acrobat 8 Standard - English, Français, Deutsch" = Adobe Acrobat 8.1.3 Standard
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
    "AudibleManager" = AudibleManager
    "avast" = avast! Free Antivirus
    "BFG-Big Fish Games Game Suite" = Big Fish Games Game Suite
    "BitTornado" = BitTornado 0.3.17
    "C5A76DC11BABDA0A881E7BE8DDEB641365A77FFD" = Windows Driver Package - Nokia Modem (05/22/2008 3.8)
    "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
    "Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
    "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
    "DivX Setup" = DivX Setup
    "dt icon module" =
    "ESET Online Scanner" = ESET Online Scanner v3
    "ffdshow" = ffdshow
    "FLFooty TV 2.2" = FLFooty TV 2.2
    "FM Genie Scout 11_is1" = FM Genie Scout 11 version 1.00
    "FootyOnline.tv" = FootyOnline.tv
    "Google Desktop" = Google Desktop
    "Google Updater" = Google Updater
    "Gordon's Gate Flash Driver" = Gordon's Gate Flash Driver 2.2.0.8
    "gtfirstboot Setting Request" =
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "HP Imaging Device Functions" = HP Imaging Device Functions 14.0
    "HP Photo Creations" = HP Photo Creations
    "HP Smart Web Printing" = HP Smart Web Printing 4.60
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
    "HPExtendedCapabilities" = HP Customer Participation Program 14.0
    "ImgBurn" = ImgBurn
    "InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD BD for VAIO
    "InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
    "InstallShield_{C1083DBC-C541-4E8C-91EA-D92397AB9A2C}" = OpenMG Secure Module 5.1.00
    "KeyScrambler" = KeyScrambler
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
    "MarketingTools" = VAIO Marketing Tools
    "MFU Module" =
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "MKV Player_is1" = MKV Player 2.0.1
    "Mozilla Firefox 12.0 (x86 en-GB)" = Mozilla Firefox 12.0 (x86 en-GB)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "Nokia PC Suite" = Nokia PC Suite
    "NVIDIA Drivers" = NVIDIA Drivers
    "Picasa 3" = Picasa 3
    "PremElem40" = Adobe Premiere Elements 4.0
    "PremElem40Templates" = Adobe Premiere Elements 4.0 Templates
    "ProInst" = Intel PROSet Wireless
    "PROR" = Microsoft Office Professional 2007 Trial
    "RealPlayer 6.0" = RealPlayer
    "Revo Uninstaller" = Revo Uninstaller 1.85
    "Shop for HP Supplies" = Shop for HP Supplies
    "Steam App 34220" = Football Manager 2011
    "Steam App 71270" = Football Manager 2012
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "Update Engine" = Sony Ericsson Update Engine
    "Update Service" = Update Service
    "UseNeXT_is1" = UseNeXT
    "VAIO Help and Support" =
    "Veetle TV" = Veetle TV 0.9.18
    "VLC media player" = VideoLAN VLC media player 0.8.1
    "Winamp" = Winamp (remove only)
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WinRAR archiver" = WinRAR archiver
    "x264 Revision 534 x264.nl" = x264 Revision 534 x264.nl (remove only)

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1606192458-1090443840-3868715709-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Google Chrome" = Google Chrome

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 27/05/2012 09:57:07 | Computer Name = Sony-Laptop | Source = Windows Search Service | ID = 3013
    Description =

    Error - 27/05/2012 09:57:08 | Computer Name = Sony-Laptop | Source = Windows Search Service | ID = 3013
    Description =

    Error - 27/05/2012 09:57:08 | Computer Name = Sony-Laptop | Source = Windows Search Service | ID = 3013
    Description =

    Error - 27/05/2012 09:57:08 | Computer Name = Sony-Laptop | Source = Windows Search Service | ID = 3013
    Description =

    Error - 27/05/2012 09:57:08 | Computer Name = Sony-Laptop | Source = Windows Search Service | ID = 3013
    Description =

    Error - 27/05/2012 09:57:08 | Computer Name = Sony-Laptop | Source = Windows Search Service | ID = 3013
    Description =

    Error - 27/05/2012 09:57:08 | Computer Name = Sony-Laptop | Source = Windows Search Service | ID = 3013
    Description =

    Error - 28/05/2012 14:17:47 | Computer Name = Sony-Laptop | Source = WinMgmt | ID = 10
    Description =

    Error - 28/05/2012 14:17:49 | Computer Name = Sony-Laptop | Source = VzCdbSvc | ID = 7
    Description = Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error
    code = 0x80042019)

    Error - 28/05/2012 14:46:31 | Computer Name = Sony-Laptop | Source = Microsoft-Windows-CAPI2 | ID = 131083
    Description =

    [ OSession Events ]
    Error - 27/01/2009 20:46:02 | Computer Name = Sony-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 2, Application Name: Microsoft Office Access, Application Version:
    12.0.4518.1014, Microsoft Office Version: 12.0.6215.1000. This session lasted 108
    seconds with 60 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 27/05/2012 06:31:39 | Computer Name = Sony-Laptop | Source = HTTP | ID = 15016
    Description =

    Error - 27/05/2012 06:31:48 | Computer Name = Sony-Laptop | Source = Service Control Manager | ID = 7000
    Description =

    Error - 27/05/2012 06:37:46 | Computer Name = Sony-Laptop | Source = Service Control Manager | ID = 7034
    Description =

    Error - 27/05/2012 06:38:34 | Computer Name = Sony-Laptop | Source = Service Control Manager | ID = 7030
    Description =

    Error - 27/05/2012 06:41:53 | Computer Name = Sony-Laptop | Source = Service Control Manager | ID = 7030
    Description =

    Error - 27/05/2012 06:45:19 | Computer Name = Sony-Laptop | Source = Service Control Manager | ID = 7030
    Description =

    Error - 28/05/2012 14:17:09 | Computer Name = Sony-Laptop | Source = volmgr | ID = 262190
    Description = Crash dump initialization failed!

    Error - 28/05/2012 14:17:23 | Computer Name = Sony-Laptop | Source = volmgr | ID = 262190
    Description = Crash dump initialization failed!

    Error - 28/05/2012 14:17:42 | Computer Name = Sony-Laptop | Source = HTTP | ID = 15016
    Description =

    Error - 28/05/2012 14:17:48 | Computer Name = Sony-Laptop | Source = Service Control Manager | ID = 7000
    Description =


    < End of report >
     
  24. Broni

    Broni Malware Annihilator Posts: 52,892   +344

    Good news :)

    That may be a subject to a different forum.
    Let's see how it goes when we're done.

    OTL logs are perfectly clean.

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it.
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    =========================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  25. daveym1983

    daveym1983 TS Rookie Topic Starter Posts: 30

    Eset scan was clean.

    Results of screen317's Security Check version 0.99.24
    Windows Vista Service Pack 1 x86 (UAC is disabled!)
    Out of date service pack!!
    Internet Explorer 8 Out of date!
    ``````````````````````````````
    Antivirus/Firewall Check:
    Windows Firewall Enabled!
    avast! Free Antivirus
    ESET Online Scanner v3
    SonicStage Mastering Studio Audio Filter Custom Preset
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:
    JavaFX 2.1.0
    Java(TM) 6 Update 31
    Java(TM) 7 Update 4
    Java(TM) 6 Update 7
    Out of date Java installed!
    Adobe Flash Player 11.2.202.235
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent
    AVAST Software Avast AvastSvc.exe
    AVAST Software Avast AvastUI.exe
    ``````````End of Log````````````
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...