TechSpot

Infected with law enforcement malware

Inactive
By NeoBob
Jul 6, 2012
  1. Hi, I wondered if you could help me. I recently visited a webpage that infected my computer with malware which made my computer stop working and just displayed an image saying I needed to pay money to law enforcement in order to get my computer working again!

    Anyway I managed to remove it by running avira anti-virus and found out it was caused through an old verison of java that was still installed, which I have now removed. My computer, although working again, now seems to be running very slowly and I'm not sure if there are any other issues with it. If someone could take a look at the following logs that would be great.

    --- MBAM LOG ---
    Malwarebytes Anti-Malware (PRO) 1.61.0.1400
    www.malwarebytes.org
    Database version: v2012.07.06.05
    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 9.0.8112.16421
    C :: C-PC [administrator]
    Protection: Enabled
    06/07/2012 09:21:07
    mbam-log-2012-07-06 (09-21-07).txt
    Scan type: Full scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 524446
    Time elapsed: 3 hour(s), 9 minute(s), 25 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 0
    (No malicious items detected)
    (end)
    -----

    --- DDS.txt ---
    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421
    Run by C at 21:11:30 on 2012-07-05
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2046.1023 [GMT 1:00]
    .
    AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
    SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: FireWall *Enabled* {CE40CCC0-8ADB-6D67-25A0-C5B6438E4B57}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Windows\system32\bgsvcgen.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    C:\Program Files\ArcSoft\Magic-I Visual Effects\uCamMonitor.exe
    C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
    C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k HPService
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
    C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Page = hxxp://www.google.com
    uStart Page = https://www.google.co.uk/
    uSearch Bar = hxxp://www.google.com/ie
    mDefault_Page_URL = hxxp://www.club-vaio.com
    uInternet Settings,ProxyOverride = *.local
    BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\adobe contribute cs5\plugins\ieplugin\contributeieplugin.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\progra~1\google~1\BAE.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\adobe contribute cs5\plugins\ieplugin\contributeieplugin.dll
    uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    uRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [AnyDVD] c:\program files\slysoft\anydvd\AnyDVDtray.exe
    uRun: [AdobeBridge]
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [Skytel] Skytel.exe
    mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
    mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
    mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
    mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    StartupFolder: c:\users\c\appdata\roaming\micros~1\windows\startm~1\programs\startup\ccc.lnk - c:\program files\ati technologies\ati.ace\core-static\CCC.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    LSP: c:\program files\avira\antivir desktop\avsda.dll
    DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.22.0.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    TCP: DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{40E368A9-D2DF-4925-A965-E950DB7546EB} : NameServer = 208.67.220.222,208.67.220.220
    TCP: Interfaces\{40E368A9-D2DF-4925-A965-E950DB7546EB} : DhcpNameServer = 192.168.0.1
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Notify: igfxcui - igfxdev.dll
    Notify: VESWinlogon - VESWinlogon.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    mASetup: {ASm05c53-56M9-486d-xF0Y-60rIh1NU6d3d} - c:\users\c\appdata\roaming\microsoft\windows firewall\WIN32.exe
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\c\appdata\roaming\mozilla\firefox\profiles\0xxmzmav.default\
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
    FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
    FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
    FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\picasa2\npPicasa3.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 avfwot;avfwot;c:\windows\system32\drivers\avfwot.sys [2012-6-9 112032]
    R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-6-9 36000]
    R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
    R2 AntiVirFirewallService;Avira FireWall;c:\program files\avira\antivir desktop\avfwsvc.exe [2012-6-9 619472]
    R2 AntiVirMailService;Avira Mail Protection;c:\program files\avira\antivir desktop\avmailc.exe [2012-6-9 375760]
    R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2012-6-9 86224]
    R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2012-6-9 110032]
    R2 AntiVirWebService;Avira Web Protection;c:\program files\avira\antivir desktop\avwebgrd.exe [2012-6-9 465360]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-6-9 83392]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-8-18 21504]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-3-12 654408]
    R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-18 11032]
    R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2010-8-24 92008]
    R2 uCamMonitor;CamMonitor;c:\program files\arcsoft\magic-I visual effects\uCamMonitor.exe [2007-12-21 125440]
    R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\drivers\ArcSoftKsUFilter.sys [2007-12-21 17920]
    R3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\drivers\avfwim.sys [2012-6-9 91968]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-3-12 22344]
    R3 NETwLv32; Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETwLv32.sys [2010-10-31 6639616]
    R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\drivers\R5U870FLx86.sys [2007-11-26 73472]
    R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\drivers\R5U870FUx86.sys [2007-11-26 43904]
    R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2007-11-26 9344]
    R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-11-26 818688]
    R3 VUAgent;VUAgent;c:\program files\sony\vaio update common\VUAgent.exe [2012-1-13 939624]
    RUnknown athrnt;athrnt; [x]
    RUnknown lsi_ex;lsi_ex; [x]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2007-11-27 28464]
    S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2009-8-22 13224]
    S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-25 129976]
    S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]
    S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
    S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\sony\vaio media integrated server\UCLS.exe [2007-12-21 745472]
    S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\sony\vaio media integrated server\platform\SV_Httpd.exe [2007-12-21 397312]
    S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\sony\vaio media integrated server\platform\UPnPFramework.exe [2007-12-21 1089536]
    S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe [2007-12-21 292128]
    S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper.exe [2011-5-17 83312]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-8-18 16896]
    .
    =============== Created Last 30 ================
    .
    2012-07-04 21:51:45 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-06-23 12:23:10 2422272 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-23 12:21:40 88576 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-23 12:21:04 33792 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-23 12:21:04 171904 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-14 19:56:36 -------- d-----w- c:\program files\iPod
    2012-06-14 19:56:35 -------- d-----w- c:\program files\iTunes
    2012-06-12 22:15:49 984064 ----a-w- c:\windows\system32\crypt32.dll
    2012-06-12 22:15:49 98304 ----a-w- c:\windows\system32\cryptnet.dll
    2012-06-12 22:15:49 133120 ----a-w- c:\windows\system32\cryptsvc.dll
    2012-06-12 22:15:11 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-06-12 22:15:06 2045440 ----a-w- c:\windows\system32\win32k.sys
    2012-06-09 18:11:48 -------- d-----w- c:\users\c\appdata\roaming\Avira
    2012-06-09 18:06:05 91968 ----a-w- c:\windows\system32\drivers\avfwim.sys
    2012-06-09 18:06:05 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2012-06-09 18:06:05 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
    2012-06-09 18:06:05 112032 ----a-w- c:\windows\system32\drivers\avfwot.sys
    2012-06-09 18:06:04 -------- d-----w- c:\program files\Avira
    2012-06-07 19:56:36 -------- d-----w- c:\users\c\appdata\roaming\VSRevoGroup
    .
    ==================== Find3M ====================
    .
    2012-07-05 17:46:15 4982411 ----a-w- c:\windows\system32\sofcache.dll
    2012-05-19 00:46:59 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-05-19 00:46:59 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-05-17 22:45:37 1800192 ----a-w- c:\windows\system32\jscript9.dll
    2012-05-17 22:35:47 1129472 ----a-w- c:\windows\system32\wininet.dll
    2012-05-17 22:35:39 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-05-17 22:29:45 142848 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-05-17 22:24:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-04-18 19:56:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2012-04-18 19:56:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
    .
    ============= FINISH: 21:12:14.36 ===============

    --- Attach.txt ---
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 07/08/2008 03:04:07
    System Uptime: 05/07/2012 19:05:13 (2 hours ago)
    .
    Motherboard: Sony Corporation | | VAIO
    Processor: Intel(R) Core(TM)2 Duo CPU T8100 @ 2.10GHz | N/A | 2101/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 140 GiB total, 14.46 GiB free.
    D: is Removable
    E: is Removable
    F: is CDROM ()
    G: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
    Description: Photosmart Prem C410 series
    Device ID: ROOT\IMAGE\0000
    Manufacturer: HP
    Name: Photosmart Prem C410 series
    PNP Device ID: ROOT\IMAGE\0000
    Service: StillCam
    .
    Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
    Description: Photosmart Prem C410 series
    Device ID: ROOT\MULTIFUNCTION\0000
    Manufacturer: HP
    Name: Photosmart Prem C410 series
    PNP Device ID: ROOT\MULTIFUNCTION\0000
    Service:
    .
    Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
    Description: Microsoft WPD FileSystem Volume Driver
    Device ID: WPDBUSENUMROOT\UMB\2&37C186B&2&STORAGE#VOLUME#1&19F7E59C&0&_??_FLASHMEDIA#MEMORYSTICKDEVICE0#5&3ACC2F50&0&002#
    Manufacturer: (WPD file system device)
    Name: Microsoft WPD FileSystem Volume Driver
    PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&2&STORAGE#VOLUME#1&19F7E59C&0&_??_FLASHMEDIA#MEMORYSTICKDEVICE0#5&3ACC2F50&0&002#
    Service: WUDFRd
    .
    Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
    Description: Microsoft WPD FileSystem Volume Driver
    Device ID: WPDBUSENUMROOT\UMB\2&37C186B&2&STORAGE#VOLUME#1&19F7E59C&0&_??_FLASHMEDIA#SDDEVICE1#5&3ACC2F50&0&003#
    Manufacturer: (WPD file system device)
    Name: Microsoft WPD FileSystem Volume Driver
    PNP Device ID: WPDBUSENUMROOT\UMB\2&37C186B&2&STORAGE#VOLUME#1&19F7E59C&0&_??_FLASHMEDIA#SDDEVICE1#5&3ACC2F50&0&003#
    Service: WUDFRd
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
    .
    Update for Microsoft Office 2007 (KB2508958)
    32 Bit HP CIO Components Installer
    AC3Filter 1.63b
    Adobe AIR
    Adobe Community Help
    Adobe Creative Suite 5 Master Collection
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Media Player
    Adobe Reader X (10.1.3)
    AnyDVD
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ArcSoft Magic-I Visual Effects
    ATI Catalyst Install Manager
    µTorrent
    AutoUpdate
    Avi2Dvd 0.6.2
    Avira Internet Security 2012
    AviSynth 2.5
    BayGenie eBay Auction Sniper Pro Edition 3.3.5.7
    Bonjour
    Branding
    Browser Address Error Redirector
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center Localization Chinese Standard
    Catalyst Control Center Localization Chinese Traditional
    Catalyst Control Center Localization Czech
    Catalyst Control Center Localization Danish
    Catalyst Control Center Localization Dutch
    Catalyst Control Center Localization Finnish
    Catalyst Control Center Localization French
    Catalyst Control Center Localization German
    Catalyst Control Center Localization Greek
    Catalyst Control Center Localization Hungarian
    Catalyst Control Center Localization Italian
    Catalyst Control Center Localization Japanese
    Catalyst Control Center Localization Korean
    Catalyst Control Center Localization Norwegian
    Catalyst Control Center Localization Polish
    Catalyst Control Center Localization Portuguese
    Catalyst Control Center Localization Russian
    Catalyst Control Center Localization Spanish
    Catalyst Control Center Localization Swedish
    Catalyst Control Center Localization Thai
    Catalyst Control Center Localization Turkish
    ccc-core-static
    ccc-utility
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Click to Disc
    Click to Disc Editor
    CoreAAC Audio Decoder (remove only)
    D3DX10
    DivX Codec
    DivX Converter
    DivX Player
    DivX Web Player
    DVD Decrypter (Remove Only)
    DVD Shrink 3.2
    EASEUS Data Recovery Wizard Professional 5.0.1
    EasyRecovery Professional
    ffdshow [rev 3299] [2010-03-03]
    FileZilla Client 3.5.0
    Football Manager 2009
    Foxit PDF Editor
    GameSpy Arcade
    GearDrvs
    GTA2
    Haali Media Splitter
    HDAUDIO SoftV92 Data Fax Modem with SmartCP
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Photosmart Prem C410 All-In-One Driver 14.0 Rel. 7
    Instant Mode
    InterVideo Register Manager
    iTunes
    K-Lite Mega Codec Pack 4.4.5
    Malwarebytes Anti-Malware version 1.61.0.1400
    MediaCoder iPod Edition
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional Edition 2003
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Ultimate 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Rise Of Nations
    Microsoft Silverlight
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    mIRC
    Mozilla Firefox 12.0 (x86 en-GB)
    Mozilla Maintenance Service
    MSVCRT
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB941833)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    My Club VAIO
    NETGEAR WG111v3 wireless USB 2.0 adapter
    Network
    Nokia Connectivity Cable Driver
    OGA Notifier 2.0.0048.0
    OpenMG Limited Patch 4.7-07-15-19-01
    OpenMG Secure Module 4.7.00
    PDF Settings CS5
    Photo****et
    Photoshop Camera Raw
    Picasa 3
    PS_AIO_07_C410_SW_Min
    PxMergeModule
    QuickTime
    RapidShare Manager
    Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
    Realtek High Definition Audio Driver
    Recover My Files
    Recuva
    RescuePRO Deluxe 4.0
    Roxio Activation Module
    Roxio Easy Media Creator Home
    Scan
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
    Segoe UI
    Setting Utility Series
    Skins
    SonicStage Mastering Studio
    SonicStage Mastering Studio Audio Filter
    SonicStage Mastering Studio Audio Filter Custom Preset
    SonicStage Mastering Studio Plugins
    Sony Video Shared Library
    Suite Shared Configuration CS4
    Synaptics Pointing Device Driver
    TMPGEnc Authoring Works 4
    TomTom HOME 2.7.6.2056
    TomTom HOME Visual Studio Merge Modules
    Toolbox
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687267) 32-Bit Edition
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update Service
    VAIO Camera Capture Utility
    VAIO Content Folder Setting
    VAIO Content Metadata Intelligent Analyzing Manager
    VAIO Content Metadata Manager Settings
    VAIO Content Metadata XML Interface Library
    VAIO Control Center
    VAIO Data Restore Tool
    VAIO DVD Menu Data Basic
    VAIO Entertainment Platform
    VAIO Event Service
    VAIO Launcher
    Vaio Marketing Tools
    VAIO Media
    VAIO Media 6.0
    VAIO Media AC3 Decoder 1.0
    VAIO Media Content Collection 6.0
    VAIO Media Integrated Server 6.1
    VAIO Media Redistribution 6.0
    VAIO Media Registration Tool
    VAIO Media Registration Tool 6.0
    VAIO Movie Story
    VAIO Movie Story 1.5 Upgrade
    VAIO Movie Story Template Data
    VAIO MusicBox
    VAIO MusicBox Sample Music
    VAIO Original Function Settings
    VAIO Power Management
    VAIO Update
    VAIO Update Merge Module x86
    VAIO Wallpaper Contents
    VC80CRTRedist - 8.0.50727.762
    VirtualCloneDrive
    VU5x86
    WBFS Manager 3.0
    WIDCOMM Bluetooth Software 6.1.0.2200
    Windows Installer Clean Up
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Messenger
    Windows Live OneCare safety scanner
    Windows Live Photo Common
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    WinDVD for VAIO
    WinPcap 4.0.2
    WinRAR archiver
    Wireless Switch Setting Utility
    X2X Free Video Flip and Rotate 2.0
    Xvid 1.2.2 final uninstall
    Your Uninstaller! 2008 Version 6.0
    Zattoo 3.3.4 Beta
    .
    ==== Event Viewer Messages From Past Week ========
    .
    05/07/2012 19:34:56, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
    05/07/2012 19:34:56, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    05/07/2012 19:07:14, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: usbc2k
    05/07/2012 19:07:14, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    05/07/2012 03:27:51, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    05/07/2012 03:26:22, Error: Microsoft-Windows-ResourcePublication [1002] - Element Provider\Microsoft.Base.Publication/Publication/Computer failed to publish. Ensure that both PKEY_PUBSVCS_METADATA and PKEY_PUBSVCS_TYPE are set properly on the function instance and there were no errors adding the function instance.
    05/07/2012 03:24:15, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    05/07/2012 03:14:36, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    05/07/2012 03:14:07, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    05/07/2012 03:13:56, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    05/07/2012 03:13:49, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avfwot avipbb avkmgr DfsC DMICall ElbyCDIO lsi_ex NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr ssmdrv tdx usbc2k Wanarpv6 ws2ifsl
    05/07/2012 03:13:49, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    05/07/2012 03:13:49, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    05/07/2012 03:13:49, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
    05/07/2012 03:13:49, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    05/07/2012 03:13:49, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    05/07/2012 03:13:49, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    05/07/2012 03:13:49, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    05/07/2012 03:13:49, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
    05/07/2012 03:13:49, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    05/07/2012 03:13:49, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    05/07/2012 03:13:49, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    05/07/2012 03:13:49, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    05/07/2012 03:13:49, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    05/07/2012 03:13:15, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    05/07/2012 03:13:15, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    05/07/2012 03:13:15, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
    05/07/2012 03:13:11, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    05/07/2012 03:12:59, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    04/07/2012 22:26:31, Error: EventLog [6008] - The previous system shutdown at 22:23:24 on 04/07/2012 was unexpected.
    03/07/2012 22:25:55, Error: EventLog [6008] - The previous system shutdown at 22:24:36 on 03/07/2012 was unexpected.
    03/07/2012 22:21:32, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.
    03/07/2012 22:12:28, Error: EventLog [6008] - The previous system shutdown at 15:07:40 on 23/06/2012 was unexpected.
    .
    ==== End Of File ===========================
     
  2. NeoBob

    NeoBob TS Rookie Topic Starter

    GMER Log...

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-07-06 09:16:22
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK1637GSX rev.DL030G
    Running: xx4n02h2.exe; Driver: C:\Users\c\AppData\Local\Temp\ugloqpob.sys

    ---- System - GMER 1.0.15 ----
    SSDT 8FB3BCC6 ZwCreateSection
    SSDT 8FB3BC9E ZwCreateSymbolicLinkObject
    SSDT 8FB3BCA3 ZwLoadDriver
    SSDT 8FB3BC99 ZwOpenSection
    SSDT 8FB3BCD0 ZwRequestWaitReplyPort
    SSDT 8FB3BCCB ZwSetContextThread
    SSDT 8FB3BCD5 ZwSetSecurityObject
    SSDT 8FB3BCA8 ZwSetSystemInformation
    SSDT 8FB3BCDA ZwSystemDebugControl
    SSDT 8FB3BC67 ZwTerminateProcess
    SSDT 8FB3BC62 ZwWriteVirtualMemory
    ---- Kernel code sections - GMER 1.0.15 ----
    .text ntkrnlpa.exe!KeSetEvent + 215 88EE18D8 4 Bytes [C6, BC, B3, 8F]
    .text ntkrnlpa.exe!KeSetEvent + 21D 88EE18E0 4 Bytes [9E, BC, B3, 8F]
    .text ntkrnlpa.exe!KeSetEvent + 37D 88EE1A40 4 Bytes [A3, BC, B3, 8F]
    .text ntkrnlpa.exe!KeSetEvent + 3FD 88EE1AC0 4 Bytes [99, BC, B3, 8F]
    .text ntkrnlpa.exe!KeSetEvent + 539 88EE1BFC 4 Bytes [D0, BC, B3, 8F]
    .text ...
    ? system32\drivers\lsi_ex.sys The system cannot find the path specified. !
    ? system32\drivers\athrnt.sys The system cannot find the path specified. !
    ? C:\Users\c\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !
    ---- User code sections - GMER 1.0.15 ----
    .text C:\Program Files\Internet Explorer\iexplore.exe[3924] kernel32.dll!CreateThread 770BCB2E 5 Bytes JMP 6C2975CB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!CreateDialogParamW 76AE72A2 5 Bytes JMP 6C4290F0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!GetAsyncKeyState 76AE863C 5 Bytes JMP 6C27DEAD C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!SetWindowsHookExW 76AE87AD 5 Bytes JMP 6C2D25AC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!CallNextHookEx 76AE8E3B 5 Bytes JMP 6C2F7FDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!UnhookWindowsHookEx 76AE98DB 5 Bytes JMP 6C31ECE0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!EnableWindow 76AECD8B 5 Bytes JMP 6C2D9EAC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!DefWindowProcA 76AEDB88 7 Bytes JMP 6C2997F5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!CreateWindowExA 76AEDC2A 5 Bytes JMP 6C2A362B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!CreateWindowExW 76AF1305 5 Bytes JMP 6C3003B7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!GetKeyState 76AF8CB1 5 Bytes JMP 6C27DD87 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!DefWindowProcW 76B003B4 7 Bytes JMP 6C2F8042 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!IsDialogMessageW 76B00745 5 Bytes JMP 6C429855 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!CreateDialogParamA 76B017AA 5 Bytes JMP 6C4290B8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!IsDialogMessage 76B01847 5 Bytes JMP 6C42982D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!CreateDialogIndirectParamA 76B026F1 5 Bytes JMP 6C429128 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!CreateDialogIndirectParamW 76B09A62 5 Bytes JMP 6C429160 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!SetKeyboardState 76B10987 5 Bytes JMP 6C42A11D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!DialogBoxParamW 76B110B0 5 Bytes JMP 6C23187B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!DialogBoxIndirectParamW 76B12EF5 5 Bytes JMP 6C428D86 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!SendInput 76B12F75 5 Bytes JMP 6C42A0C5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!EndDialog 76B1326E 5 Bytes JMP 6C429B01 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!SetCursorPos 76B26FB2 5 Bytes JMP 6C42A19E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!DialogBoxParamA 76B28152 5 Bytes JMP 6C428D21 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!DialogBoxIndirectParamA 76B2847D 5 Bytes JMP 6C428DEB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!MessageBoxIndirectA 76B3D4D9 5 Bytes JMP 6C428CA8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!MessageBoxIndirectW 76B3D5D3 5 Bytes JMP 6C428C2F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!MessageBoxExA 76B3D639 5 Bytes JMP 6C428BCB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!MessageBoxExW 76B3D65D 5 Bytes JMP 6C428B67 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3924] USER32.dll!keybd_event 76B3D972 5 Bytes JMP 6C42A082 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[3924] SHELL32.dll!SHRestricted + D95 75F489A8 4 Bytes [CF, 01, D7, 63]
    .text C:\Program Files\Internet Explorer\iexplore.exe[3924] SHELL32.dll!SHRestricted + D9D 75F489B0 8 Bytes [E0, 61, D6, 63, 79, F7, D6, ...]
    .text C:\Program Files\Internet Explorer\iexplore.exe[3924] ole32.dll!OleLoadFromStream 76E91E80 5 Bytes JMP 6C42955F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4564] USER32.dll!EnableWindow 76AECD8B 5 Bytes JMP 6C2D9EAC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4564] USER32.dll!DialogBoxParamW 76B110B0 5 Bytes JMP 6C23187B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4564] USER32.dll!DialogBoxIndirectParamW 76B12EF5 5 Bytes JMP 6C428D86 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4564] USER32.dll!DialogBoxParamA 76B28152 5 Bytes JMP 6C428D21 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4564] USER32.dll!DialogBoxIndirectParamA 76B2847D 5 Bytes JMP 6C428DEB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4564] USER32.dll!MessageBoxIndirectA 76B3D4D9 5 Bytes JMP 6C428CA8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4564] USER32.dll!MessageBoxIndirectW 76B3D5D3 5 Bytes JMP 6C428C2F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4564] USER32.dll!MessageBoxExA 76B3D639 5 Bytes JMP 6C428BCB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4564] USER32.dll!MessageBoxExW 76B3D65D 5 Bytes JMP 6C428B67 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
    ---- User IAT/EAT - GMER 1.0.15 ----
    IAT C:\Windows\Explorer.EXE[3752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74247817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7428B4E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7424BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7423F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [742475E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7423E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [742773F5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7424DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7423FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7423FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [742371CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [742CCAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7426C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7423D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74236853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7423687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\Explorer.EXE[3752] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74242AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [63D647BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [63D647BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SearchPathW] [63D7029E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [63D65EC7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CopyFileW] [63D7BC51] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!MoveFileW] [63D7E089] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!DeleteFileW] [63D7C811] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [63D77F4F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetCurrentDirectoryW] [63D7F500] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindClose] [63D7F94D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindNextFileW] [63D807CA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindFirstFileW] [63D7FCF6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [63D66D22] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateFileW] [63D663E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!WritePrivateProfileStringW] [63D7B56B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [63D64E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [63D647BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetPrivateProfileStringW] [63D7ABDB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegQueryInfoKeyW] [63D71555] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegEnumValueW] [63D70E28] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegOpenKeyExW] [63D660B5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegQueryValueExW] [63D67278] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegDeleteKeyW] [63D833C5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegCreateKeyExW] [63D719CA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegCloseKey] [63D66692] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [63D65EC7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [63D66D22] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CopyFileW] [63D7BC51] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [63D647BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [63D64E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [63D663E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SearchPathW] [63D7029E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!DeleteFileW] [63D7C811] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindClose] [63D7F94D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindFirstFileA] [63D7F9A0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindNextFileA] [63D8072B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindFirstFileW] [63D7FCF6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindNextFileW] [63D807CA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetFileAttributesA] [63D70ADF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetCurrentDirectoryA] [63D7EFD7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetFileAttributesA] [63D79229] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateDirectoryA] [63D7E73F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!RemoveDirectoryA] [63D7ECFB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!DeleteFileA] [63D7C6B1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetFileAttributesW] [63D65F62] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetCurrentDirectoryW] [63D7F500] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetFileAttributesW] [63D7939B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateDirectoryW] [63D66291] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!DeleteFileW] [63D7C811] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!MoveFileW] [63D7E089] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!RemoveDirectoryW] [63D7EE67] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!MoveFileA] [63D7DFBD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [63D647BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [63D66D22] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [63D77BE8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [63D77F4F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateFileA] [63D6F1F1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateFileW] [63D663E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryW] [63D64E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [63D64E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!ReplaceFileW] [63D7E457] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!WritePrivateProfileStringW] [63D7B56B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringW] [63D7ABDB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringA] [63D7AA37] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!DeleteFileW] [63D7C811] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [63D65EC7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesW] [63D7939B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [63D663E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileW] [63D7FCF6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileW] [63D807CA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathW] [63D7029E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesW] [63D65F62] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesA] [63D79229] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [63D6F1F1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileA] [63D7F9A0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileA] [63D8072B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindClose] [63D7F94D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathA] [63D7F2BD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesA] [63D70ADF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [63D66D22] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [63D647BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
     
  3. NeoBob

    NeoBob TS Rookie Topic Starter

    GMER continued....


    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!WinHelpW] [63D7D6BF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!WinHelpA] [63D7D557] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCloseKey] [63D66692] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExA] [63D82FB4] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyA] [63D8327D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryInfoKeyA] [63D83B2F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExA] [63D6EEBD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExW] [63D719CA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExW] [63D660B5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyExW] [63D70859] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueW] [63D83983] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyW] [63D833C5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryInfoKeyW] [63D71555] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExW] [63D67278] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumValueW] [63D70E28] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyW] [63D83E89] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyExA] [63D6F30B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumValueA] [63D83FED] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyA] [63D83D27] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExA] [63D6FCC5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionW] [63D7A56D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindNextFileW] [63D807CA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!ReplaceFileW] [63D7E457] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionNamesW] [63D7A89F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileSectionW] [63D7B245] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileStringW] [63D7B56B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateHardLinkW] [63D7C49D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetCurrentDirectoryW] [63D7F500] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] [63D7BC51] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetBinaryTypeW] [63D79F4B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [63D65EC7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [63D77F4F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileW] [63D7E089] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindFirstFileW] [63D7FCF6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindClose] [63D7F94D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameA] [63D79AF3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesA] [63D70ADF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SearchPathW] [63D7029E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileIntW] [63D7A249] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW] [63D7ABDB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!RemoveDirectoryW] [63D7EE67] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateDirectoryW] [63D66291] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!DeleteFileW] [63D7C811] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetFileAttributesW] [63D7939B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesW] [63D65F62] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] [63D7E0C1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameW] [63D79C69] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [63D64E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] [63D663E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesExW] [63D7968F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [63D66D22] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetLongPathNameW] [63D7997F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHELL32.dll [USER32.dll!LoadImageW] [63D7CB0F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHELL32.dll [USER32.dll!WinHelpW] [63D7D6BF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHELL32.dll [USER32.dll!PrivateExtractIconsW] [63D7D11F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringByKeyW] [63D80DFB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHCreateStreamOnFileW] [63D6F725] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryKeyW] [63D6F817] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringW] [63D80D47] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyA] [63D81F32] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCombineW] [63D81095] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHOpenRegStream2W] [63D6FB25] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryW] [63D812D2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsURLW] [63D6FA79] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootA] [63D81542] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootW] [63D81590] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripToRootW] [63D81C5E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathFindOnPathW] [63D81191] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripPathW] [63D81BC6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathRemoveArgsW] [63D819EE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetBoolUSValueW] [63D6E265] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathSkipRootW] [63D81B2E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryEmptyW] [63D8136E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsSystemFolderW] [63D8162F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryA] [63D81284] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathRelativePathToW] [63D8194A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootA] [63D80F4E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetPathW] [63D82769] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegSetPathW] [63D82937] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetUSValueW] [63D67430] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCreateFromUrlW] [63D70178] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHQueryValueExW] [63D6FC0B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetValueW] [63D64984] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsNetworkPathW] [63D8140A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerShareW] [63D817B8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerW] [63D8171C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathUnExpandEnvStringsW] [63D81CAC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathMakeSystemFolderW] [63D818A2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCW] [63D6FA2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRelativeW] [63D65D08] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHGetValueW] [63D64927] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootW] [63D80F9F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteValueW] [63D82028] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHSetValueW] [63D82B62] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumKeyExW] [63D820D3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumValueW] [63D8218A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathFileExistsW] [63D70123] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyW] [63D81F83] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] [63D78C1A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FindClose] [63D7F94D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] [63D7FCF6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [63D65EC7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SearchPathW] [63D7029E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [63D77F4F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!DeleteFileW] [63D7C811] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetShortPathNameW] [63D79C69] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileAttributesExW] [63D7968F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateFileW] [63D663E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [63D64E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileAttributesW] [63D65F62] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [63D66D22] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathUnExpandEnvStringsA] [63D6F6D1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteKeyA] [63D81F32] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteValueW] [63D82028] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueA] [63D82B05] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueW] [63D82B62] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCreateFromUrlW] [63D70178] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetUSValueA] [63D664C5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueA] [63D64CAA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueW] [63D64927] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueW] [63D64984] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueA] [63D66528] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [63D647BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [63D647BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [63D647BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [63D647BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [63D647BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [63D647BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!GetProcAddress] [63D647BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[3924] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [63D647BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
    ---- Devices - GMER 1.0.15 ----
    AttachedDevice \FileSystem\Ntfs \Ntfs lsi_ex.sys
    Device \Driver\BTHUSB \Device\000000da bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\fastfat \Fat lsi_ex.sys
    ---- Registry - GMER 1.0.15 ----
    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001bfb57dc05
    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e3d3c2224
    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e3d3c2224@001e4518f059 0x75 0x4A 0xF7 0xF7 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e3d3c2224@0009dd611cc9 0x8E 0xC2 0xF7 0x3E ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e3d3c2224@001d28e7073d 0x68 0x43 0x96 0xD0 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e3d3c2224@e806885dd7ba 0x88 0x48 0x62 0xB9 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001bfb57dc05 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e3d3c2224 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e3d3c2224@001e4518f059 0x75 0x4A 0xF7 0xF7 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e3d3c2224@0009dd611cc9 0x8E 0xC2 0xF7 0x3E ...
    Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e3d3c2224@001d28e7073d 0x68 0x43 0x96 0xD0 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001e3d3c2224@e806885dd7ba 0x88 0x48 0x62 0xB9 ...
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-3380559664-2801486859-31628170-1000@RefCount 6
    ---- EOF - GMER 1.0.15 ----
     
  4. NeoBob

    NeoBob TS Rookie Topic Starter

    Can anyone help???
     
  5. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    You will need to have some patience. You only put this thread up about 5 hours ago!

    It looks like you may have a keylogger:

    Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------

    • Download Combofix from HERE or HERE and save to the desktop
      • Double click combofix.exe & follow the prompts.
      • If prompted for Recovery Console, please allow.
      • Once installed, you should see a blue screen prompt that says:
        [o] Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.[/b]
        [o] Note: No query will be made if the Recovery Console is already on the system.
    • Close any open browsers.
    • Before you run the Combofix scan, please disable any security software you have running.
      (If you need help with this, please see HERE)
    • Click on Yes, to continue scanning for malware
    • If Combofix asks you to update the program, allow
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..

    Re-enable your Antivirus software.
    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
    Note 3:CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficultyand terminates prematurely, the connection can be manually restored by restarting your machine.
    ==============================
    I see you ran TDSSKiller. IF you still have the log, please include it in your next reply with the Combofix log.

    NOTE: If you do NOT have the log, don't run the program again at this time.

    Please don't run any cleaning or scanning programs other than those I ask you to run.
     
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

  7. NeoBob

    NeoBob TS Rookie Topic Starter

    Hi Bobbye, thanks for looking in to this for me. Please find the logs below...

    ---- ComboFix ----
    ComboFix 12-07-07.04 - c 07/07/2012 19:47:47.1.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2046.697 [GMT 1:00]
    Running from: c:\users\c\Desktop\Downloads\ComboFix.exe
    AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
    FW: FireWall *Disabled* {CE40CCC0-8ADB-6D67-25A0-C5B6438E4B57}
    SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ADS - Windows: deleted 24 bytes in 1 streams.
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\c\AppData\Roaming\Local
    c:\users\c\AppData\Roaming\Microsoft\Windows Firewall
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-06-07 to 2012-07-07 )))))))))))))))))))))))))))))))
    .
    .
    2012-07-04 21:51 . 2012-07-04 21:51 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-06-23 12:23 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-23 12:23 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
    2012-06-23 12:23 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-23 12:23 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-23 12:21 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
    2012-06-23 12:21 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-23 12:21 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-23 12:21 . 2012-06-02 14:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-23 12:21 . 2012-06-02 14:12 33792 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-14 19:56 . 2012-06-14 19:56 -------- d-----w- c:\program files\iPod
    2012-06-14 19:56 . 2012-06-14 19:58 -------- d-----w- c:\program files\iTunes
    2012-06-12 22:15 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll
    2012-06-12 22:15 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll
    2012-06-12 22:15 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll
    2012-06-12 22:15 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-06-12 22:15 . 2012-05-15 19:51 2045440 ----a-w- c:\windows\system32\win32k.sys
    2012-06-09 18:11 . 2012-06-09 18:11 -------- d-----w- c:\users\c\AppData\Roaming\Avira
    2012-06-09 18:06 . 2012-05-09 10:19 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
    2012-06-09 18:06 . 2012-05-09 10:19 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2012-06-09 18:06 . 2012-05-09 10:19 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2012-06-09 18:06 . 2012-05-09 10:18 91968 ----a-w- c:\windows\system32\drivers\avfwim.sys
    2012-06-09 18:06 . 2012-05-09 10:18 112032 ----a-w- c:\windows\system32\drivers\avfwot.sys
    2012-06-09 18:06 . 2012-06-09 18:06 -------- d-----w- c:\program files\Avira
    2012-06-07 19:56 . 2012-06-07 19:56 -------- d-----w- c:\users\c\AppData\Roaming\VSRevoGroup
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-05-19 00:46 . 2012-04-15 13:08 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-05-19 00:46 . 2011-06-26 00:16 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-04-18 19:56 . 2012-04-18 19:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2012-04-18 19:56 . 2012-04-18 19:56 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
    2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
    2012-04-25 20:24 . 2011-04-03 13:06 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
    "Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2007-09-12 443968]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
    "AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2009-03-12 2587584]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-04-08 4423680]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-10 835584]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
    "Skytel"="Skytel.exe" [2007-04-08 1822720]
    "VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
    "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
    "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
    "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-09 348624]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
    .
    c:\users\c\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2007-6-1 49152]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-10-30 748072]
    .
    c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2007-6-1 49152]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
    2007-08-15 04:05 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    bthsvcs REG_MULTI_SZ BthServ
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    HPService REG_MULTI_SZ HPSLPSVC
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = https://www.google.co.uk/
    uInternet Settings,ProxyOverride = *.local
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
    TCP: DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{40E368A9-D2DF-4925-A965-E950DB7546EB}: NameServer = 208.67.220.222,208.67.220.220
    FF - ProfilePath - c:\users\c\AppData\Roaming\Mozilla\Firefox\Profiles\0xxmzmav.default\
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKCU-Run-AdobeBridge - (no file)
    MSConfigStartUp-Update - c:\users\c\AppData\Roaming\0_0u_l.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-07-07 20:36
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b4
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'Explorer.exe'(2356)
    c:\windows\system32\btncopy.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\Ati2evxx.exe
    c:\windows\system32\Ati2evxx.exe
    c:\program files\Avira\AntiVir Desktop\sched.exe
    c:\program files\Avira\AntiVir Desktop\avfwsvc.exe
    c:\program files\Avira\AntiVir Desktop\avguard.exe
    c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\windows\system32\bgsvcgen.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\TomTom HOME 2\TomTomHOMEService.exe
    c:\program files\ArcSoft\Magic-I Visual Effects\uCamMonitor.exe
    c:\program files\Sony\VAIO Event Service\VESMgr.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\program files\Sony\VAIO Event Service\VESMgrSub.exe
    c:\windows\system32\DRIVERS\xaudio.exe
    c:\program files\Avira\AntiVir Desktop\avshadow.exe
    c:\program files\Avira\AntiVir Desktop\avmailc.exe
    c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE
    c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
    c:\program files\Sony\VAIO Power Management\SPMgr.exe
    c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe
    c:\program files\Sony\VAIO Update 5\VAIOUpdt.exe
    c:\program files\Sony\VAIO Update Common\VUAgent.exe
    .
    **************************************************************************
    .
    Completion time: 2012-07-07 20:44:25 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-07-07 19:44
    .
    Pre-Run: 17,475,608,576 bytes free
    Post-Run: 17,023,479,808 bytes free
    .
    - - End Of File - - E98E3EA7080E61889A62DE720C187250
     
  8. NeoBob

    NeoBob TS Rookie Topic Starter

    ---- TDSKILLER ----
    19:27:24.0758 2552 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08
    19:27:25.0398 2552 ============================================================
    19:27:25.0398 2552 Current date / time: 2012/07/06 19:27:25.0398
    19:27:25.0398 2552 SystemInfo:
    19:27:25.0398 2552
    19:27:25.0398 2552 OS Version: 6.0.6002 ServicePack: 2.0
    19:27:25.0398 2552 Product type: Workstation
    19:27:25.0398 2552 ComputerName: c-PC
    19:27:25.0398 2552 UserName: c
    19:27:25.0398 2552 Windows directory: C:\Windows
    19:27:25.0398 2552 System windows directory: C:\Windows
    19:27:25.0398 2552 Processor architecture: Intel x86
    19:27:25.0398 2552 Number of processors: 2
    19:27:25.0398 2552 Page size: 0x1000
    19:27:25.0398 2552 Boot type: Normal boot
    19:27:25.0398 2552 ============================================================
    19:27:27.0534 2552 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
    19:27:28.0148 2552 Drive \Device\Harddisk2\DR2 - Size: 0x1E657C000 (7.60 Gb), SectorSize: 0x200, Cylinders: 0x3E0, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    19:27:28.0149 2552 ============================================================
    19:27:28.0149 2552 \Device\Harddisk0\DR0:
    19:27:28.0201 2552 MBR partitions:
    19:27:28.0201 2552 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x12CD800, BlocksNum 0x1174BEB0
    19:27:28.0201 2552 \Device\Harddisk2\DR2:
    19:27:28.0201 2552 MBR partitions:
    19:27:28.0201 2552 \Device\Harddisk2\DR2\Partition0: MBR, Type 0xB, StartLBA 0x2000, BlocksNum 0xF34000
    19:27:28.0201 2552 ============================================================
    19:27:28.0604 2552 C: <-> \Device\Harddisk0\DR0\Partition0
    19:27:28.0604 2552 ============================================================
    19:27:28.0604 2552 Initialize success
    19:27:28.0604 2552 ============================================================
    19:27:34.0747 4020 ============================================================
    19:27:34.0747 4020 Scan started
    19:27:34.0747 4020 Mode: Manual;
    19:27:34.0747 4020 ============================================================
    19:27:39.0057 4020 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
    19:27:39.0107 4020 ACPI - ok
    19:27:39.0237 4020 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    19:27:39.0257 4020 AdobeARMservice - ok
    19:27:39.0337 4020 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
    19:27:39.0367 4020 adp94xx - ok
    19:27:39.0387 4020 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
    19:27:39.0427 4020 adpahci - ok
    19:27:39.0457 4020 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
    19:27:39.0477 4020 adpu160m - ok
    19:27:39.0487 4020 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
    19:27:39.0517 4020 adpu320 - ok
    19:27:39.0557 4020 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
    19:27:39.0557 4020 AeLookupSvc - ok
    19:27:39.0627 4020 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
    19:27:39.0657 4020 AFD - ok
    19:27:39.0697 4020 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
    19:27:39.0717 4020 agp440 - ok
    19:27:39.0757 4020 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
    19:27:39.0777 4020 aic78xx - ok
    19:27:39.0807 4020 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
    19:27:39.0807 4020 ALG - ok
    19:27:39.0827 4020 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
    19:27:39.0837 4020 aliide - ok
    19:27:39.0857 4020 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
    19:27:39.0877 4020 amdagp - ok
    19:27:39.0897 4020 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
    19:27:39.0917 4020 amdide - ok
    19:27:39.0967 4020 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
    19:27:39.0997 4020 AmdK7 - ok
    19:27:40.0017 4020 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
    19:27:40.0017 4020 AmdK8 - ok
    19:27:40.0157 4020 AntiVirFirewallService (d8674e6097cdd4b2fb9bec42eee046d7) C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
    19:27:40.0167 4020 AntiVirFirewallService - ok
    19:27:40.0237 4020 AntiVirMailService (b089c306d4df73a28cef5240d0142cb3) C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
    19:27:40.0247 4020 AntiVirMailService - ok
    19:27:40.0277 4020 AntiVirSchedulerService (45879699881c9fd3fb53bde187163661) C:\Program Files\Avira\AntiVir Desktop\sched.exe
    19:27:40.0297 4020 AntiVirSchedulerService - ok
    19:27:40.0327 4020 AntiVirService (ec5cbedd47bae12e7d369c3b5b857964) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    19:27:40.0327 4020 AntiVirService - ok
    19:27:40.0387 4020 AntiVirWebService (f7c781c4c098fc3f8e2e4dfb48ee019d) C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
    19:27:40.0427 4020 AntiVirWebService - ok
    19:27:40.0617 4020 AnyDVD (29f70fcdd00c1237ef69880a26886fc7) C:\Windows\system32\Drivers\AnyDVD.sys
    19:27:40.0617 4020 AnyDVD - ok
    19:27:40.0667 4020 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
    19:27:40.0667 4020 Appinfo - ok
    19:27:40.0817 4020 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    19:27:40.0828 4020 Apple Mobile Device - ok
    19:27:40.0873 4020 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
    19:27:40.0876 4020 arc - ok
    19:27:40.0917 4020 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
    19:27:40.0937 4020 arcsas - ok
    19:27:40.0991 4020 ArcSoftKsUFilter (97422da56910a24b7ac8d295f5fd9535) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
    19:27:41.0032 4020 ArcSoftKsUFilter - ok
    19:27:41.0079 4020 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
    19:27:41.0080 4020 AsyncMac - ok
    19:27:41.0121 4020 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
    19:27:41.0121 4020 atapi - ok
    19:27:41.0226 4020 athr (d5abeb24a3a3138b35f88931fb04e100) C:\Windows\system32\DRIVERS\athr.sys
    19:27:41.0261 4020 athr - ok
    19:27:41.0356 4020 Ati External Event Utility (983f6e0febe34a887633581b948d0ed6) C:\Windows\system32\Ati2evxx.exe
    19:27:41.0372 4020 Ati External Event Utility - ok
    19:27:41.0622 4020 atikmdag (932481db5f321e7bd56d3d7baa1fb3c3) C:\Windows\system32\DRIVERS\atikmdag.sys
    19:27:41.0715 4020 atikmdag - ok
    19:27:41.0862 4020 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
    19:27:41.0872 4020 AudioEndpointBuilder - ok
    19:27:41.0872 4020 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
    19:27:41.0872 4020 Audiosrv - ok
    19:27:41.0942 4020 avfwim (e6263cdd0ef3b98cfa2a251a21d8be2e) C:\Windows\system32\DRIVERS\avfwim.sys
    19:27:41.0942 4020 avfwim - ok
    19:27:41.0982 4020 avfwot (48929a52c039738c3193581f7fc483a5) C:\Windows\system32\DRIVERS\avfwot.sys
    19:27:42.0022 4020 avfwot - ok
    19:27:42.0052 4020 avgntflt (d5541f0afb767e85fc412fc609d96a74) C:\Windows\system32\DRIVERS\avgntflt.sys
    19:27:42.0052 4020 avgntflt - ok
    19:27:42.0102 4020 avipbb (7d967a682d4694df7fa57d63a2db01fe) C:\Windows\system32\DRIVERS\avipbb.sys
    19:27:42.0102 4020 avipbb - ok
    19:27:42.0112 4020 avkmgr (53e56450da16a1a7f0d002f511113f67) C:\Windows\system32\DRIVERS\avkmgr.sys
    19:27:42.0122 4020 avkmgr - ok
    19:27:42.0172 4020 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
    19:27:42.0192 4020 Beep - ok
    19:27:42.0262 4020 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
    19:27:42.0262 4020 BFE - ok
    19:27:42.0322 4020 bgsvcgen (27fdd13bec08ceeac4be6b900a6c39ce) C:\Windows\system32\bgsvcgen.exe
    19:27:42.0332 4020 bgsvcgen - ok
    19:27:42.0442 4020 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
    19:27:42.0462 4020 BITS - ok
    19:27:42.0482 4020 blbdrive - ok
    19:27:42.0632 4020 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
    19:27:42.0642 4020 Bonjour Service - ok
    19:27:42.0702 4020 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
    19:27:42.0722 4020 bowser - ok
    19:27:42.0772 4020 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
    19:27:42.0772 4020 BrFiltLo - ok
    19:27:42.0802 4020 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
    19:27:42.0812 4020 BrFiltUp - ok
    19:27:42.0852 4020 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
    19:27:42.0852 4020 Browser - ok
    19:27:42.0892 4020 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
    19:27:42.0922 4020 Brserid - ok
    19:27:42.0932 4020 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
    19:27:42.0942 4020 BrSerWdm - ok
    19:27:42.0952 4020 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
    19:27:42.0982 4020 BrUsbMdm - ok
    19:27:43.0002 4020 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
    19:27:43.0022 4020 BrUsbSer - ok
    19:27:43.0072 4020 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
    19:27:43.0102 4020 BthEnum - ok
    19:27:43.0142 4020 BTHMODEM (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys
    19:27:43.0162 4020 BTHMODEM - ok
    19:27:43.0192 4020 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
    19:27:43.0202 4020 BthPan - ok
    19:27:43.0272 4020 BTHPORT (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
    19:27:43.0282 4020 BTHPORT - ok
    19:27:43.0322 4020 BthServ (a4c8377fa4a994e07075107dbe2e3dce) C:\Windows\System32\bthserv.dll
    19:27:43.0332 4020 BthServ - ok
    19:27:43.0332 4020 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
    19:27:43.0342 4020 BTHUSB - ok
    19:27:43.0402 4020 btwaudio (7f256d9fff384faa40df5db1cb8531d9) C:\Windows\system32\drivers\btwaudio.sys
    19:27:43.0422 4020 btwaudio - ok
    19:27:43.0462 4020 btwavdt (d87d990131aaabb27d4046790292366d) C:\Windows\system32\drivers\btwavdt.sys
    19:27:43.0482 4020 btwavdt - ok
    19:27:43.0522 4020 btwl2cap (d02f4d18aa4a38f781beefeb1892e144) C:\Windows\system32\DRIVERS\btwl2cap.sys
    19:27:43.0552 4020 btwl2cap - ok
    19:27:43.0592 4020 btwrchid (e1771c0fb49e747ab2b2d29da50510f9) C:\Windows\system32\DRIVERS\btwrchid.sys
    19:27:43.0592 4020 btwrchid - ok
    19:27:43.0642 4020 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
    19:27:43.0662 4020 cdfs - ok
    19:27:43.0702 4020 cdrbsdrv (9008ad94f28360a2f1409592bfc7acf7) C:\Windows\system32\drivers\cdrbsdrv.sys
    19:27:43.0722 4020 cdrbsdrv - ok
    19:27:43.0782 4020 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
    19:27:43.0802 4020 cdrom - ok
    19:27:43.0873 4020 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
    19:27:43.0874 4020 CertPropSvc - ok
    19:27:43.0907 4020 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
    19:27:43.0930 4020 circlass - ok
    19:27:43.0979 4020 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
    19:27:44.0011 4020 CLFS - ok
    19:27:44.0092 4020 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    19:27:44.0134 4020 clr_optimization_v2.0.50727_32 - ok
    19:27:44.0203 4020 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    19:27:44.0225 4020 clr_optimization_v4.0.30319_32 - ok
    19:27:44.0282 4020 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
    19:27:44.0286 4020 CmBatt - ok
    19:27:44.0321 4020 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
    19:27:44.0350 4020 cmdide - ok
    19:27:44.0389 4020 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
    19:27:44.0395 4020 Compbatt - ok
    19:27:44.0398 4020 COMSysApp - ok
    19:27:44.0455 4020 cpudrv - ok
    19:27:44.0462 4020 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
    19:27:44.0464 4020 crcdisk - ok
    19:27:44.0480 4020 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
    19:27:44.0504 4020 Crusoe - ok
    19:27:44.0557 4020 CryptSvc (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll
    19:27:44.0561 4020 CryptSvc - ok
    19:27:44.0661 4020 CrystalSysInfo (f054744f67576a01139885173392502b) C:\Program Files\MediaCoder iPod Edition\SysInfo.sys
    19:27:44.0683 4020 CrystalSysInfo - ok
    19:27:44.0763 4020 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
    19:27:44.0775 4020 DcomLaunch - ok
    19:27:44.0816 4020 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
    19:27:44.0837 4020 DfsC - ok
    19:27:45.0022 4020 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
    19:27:45.0062 4020 DFSR - ok
    19:27:45.0245 4020 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
    19:27:45.0250 4020 Dhcp - ok
    19:27:45.0351 4020 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
    19:27:45.0378 4020 disk - ok
    19:27:45.0404 4020 DMICall (f206e28ed74c491fd5d7c0a1119ce37f) C:\Windows\system32\DRIVERS\DMICall.sys
    19:27:45.0428 4020 DMICall - ok
    19:27:45.0476 4020 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
    19:27:45.0477 4020 Dnscache - ok
    19:27:45.0524 4020 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
    19:27:45.0551 4020 dot3svc - ok
    19:27:45.0602 4020 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
    19:27:45.0603 4020 DPS - ok
    19:27:45.0654 4020 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
    19:27:45.0657 4020 drmkaud - ok
    19:27:45.0745 4020 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
    19:27:45.0758 4020 DXGKrnl - ok
    19:27:45.0809 4020 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
    19:27:45.0809 4020 E1G60 - ok
    19:27:45.0872 4020 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
    19:27:45.0872 4020 EapHost - ok
    19:27:45.0934 4020 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
    19:27:45.0965 4020 Ecache - ok
    19:27:46.0043 4020 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
    19:27:46.0043 4020 ehRecvr - ok
    19:27:46.0074 4020 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
    19:27:46.0090 4020 ehSched - ok
    19:27:46.0106 4020 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
    19:27:46.0121 4020 ehstart - ok
    19:27:46.0168 4020 ElbyCDIO (d71233d7ccc2e64f8715a20428d5a33b) C:\Windows\system32\Drivers\ElbyCDIO.sys
    19:27:46.0184 4020 ElbyCDIO - ok
    19:27:46.0246 4020 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
    19:27:46.0277 4020 elxstor - ok
    19:27:46.0371 4020 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
    19:27:46.0371 4020 EMDMgmt - ok
    19:27:46.0433 4020 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
    19:27:46.0433 4020 EventSystem - ok
    19:27:46.0464 4020 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
    19:27:46.0511 4020 exfat - ok
    19:27:46.0558 4020 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
    19:27:46.0589 4020 fastfat - ok
    19:27:46.0652 4020 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
    19:27:46.0652 4020 fdc - ok
    19:27:46.0683 4020 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
    19:27:46.0683 4020 fdPHost - ok
    19:27:46.0698 4020 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
    19:27:46.0698 4020 FDResPub - ok
    19:27:46.0745 4020 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
    19:27:46.0761 4020 FileInfo - ok
    19:27:46.0823 4020 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
    19:27:46.0839 4020 Filetrace - ok
    19:27:47.0026 4020 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    19:27:47.0088 4020 FLEXnet Licensing Service - ok
    19:27:47.0151 4020 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
    19:27:47.0182 4020 flpydisk - ok
    19:27:47.0229 4020 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
    19:27:47.0244 4020 FltMgr - ok
    19:27:47.0400 4020 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
    19:27:47.0416 4020 FontCache - ok
    19:27:47.0494 4020 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    19:27:47.0510 4020 FontCache3.0.0.0 - ok
    19:27:47.0556 4020 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
    19:27:47.0634 4020 Fs_Rec - ok
    19:27:47.0666 4020 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
    19:27:47.0697 4020 gagp30kx - ok
    19:27:47.0744 4020 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys
    19:27:47.0759 4020 GEARAspiWDM - ok
    19:27:47.0837 4020 ggflt (007aea2e06e7cef7372e40c277163959) C:\Windows\system32\DRIVERS\ggflt.sys
    19:27:47.0853 4020 ggflt - ok
    19:27:47.0868 4020 ggsemc (c73de35960ca75c5ab4ae636b127c64e) C:\Windows\system32\DRIVERS\ggsemc.sys
    19:27:47.0900 4020 ggsemc - ok
    19:27:47.0962 4020 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
    19:27:47.0978 4020 gpsvc - ok
    19:27:48.0056 4020 gusvc (751c1d2ca2abf4a9f5a6b8d7d45b907c) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    19:27:48.0087 4020 gusvc - ok
    19:27:48.0134 4020 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
    19:27:48.0165 4020 HdAudAddService - ok
    19:27:48.0227 4020 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
    19:27:48.0274 4020 HDAudBus - ok
    19:27:48.0305 4020 HidBth (fcb3f4be408f72c1bd81bcaba87fc22f) C:\Windows\system32\DRIVERS\hidbth.sys
    19:27:48.0321 4020 HidBth - ok
    19:27:48.0352 4020 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
    19:27:48.0352 4020 HidIr - ok
    19:27:48.0383 4020 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
    19:27:48.0383 4020 hidserv - ok
    19:27:48.0414 4020 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
    19:27:48.0414 4020 HidUsb - ok
    19:27:48.0461 4020 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
    19:27:48.0461 4020 hkmsvc - ok
    19:27:48.0508 4020 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
    19:27:48.0524 4020 HpCISSs - ok
    19:27:48.0726 4020 HPSLPSVC (a04f4ac48895774a2cf9d1c9eaaacef0) C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
    19:27:48.0773 4020 HPSLPSVC - ok
    19:27:48.0820 4020 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
    19:27:48.0836 4020 HSFHWAZL - ok
    19:27:48.0914 4020 HSF_DPV (7bc42c65b5c6281777c1a7605b253ba8) C:\Windows\system32\DRIVERS\HSX_DPV.sys
    19:27:48.0960 4020 HSF_DPV - ok
    19:27:49.0007 4020 HSXHWAZL (9ebf2d102ccbb6bcdfbf1b7922f8ba2e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
    19:27:49.0038 4020 HSXHWAZL - ok
    19:27:49.0101 4020 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
    19:27:49.0132 4020 HTTP - ok
    19:27:49.0163 4020 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
    19:27:49.0179 4020 i2omp - ok
    19:27:49.0241 4020 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
    19:27:49.0257 4020 i8042prt - ok
    19:27:49.0304 4020 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
    19:27:49.0319 4020 iaStorV - ok
    19:27:49.0413 4020 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    19:27:49.0444 4020 IDriverT - ok
    19:27:49.0553 4020 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    19:27:49.0584 4020 idsvc - ok
    19:27:49.0678 4020 igfx - ok
    19:27:49.0694 4020 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
    19:27:49.0694 4020 iirsp - ok
    19:27:49.0756 4020 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
    19:27:49.0772 4020 IKEEXT - ok
    19:27:49.0943 4020 IntcAzAudAddService (2bd6633db50a98534aa3262e0f9f5a14) C:\Windows\system32\drivers\RTKVHDA.sys
    19:27:49.0990 4020 IntcAzAudAddService - ok
    19:27:50.0130 4020 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
    19:27:50.0146 4020 intelide - ok
    19:27:50.0177 4020 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
    19:27:50.0177 4020 intelppm - ok
    19:27:50.0208 4020 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
    19:27:50.0224 4020 IPBusEnum - ok
    19:27:50.0255 4020 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    19:27:50.0286 4020 IpFilterDriver - ok
    19:27:50.0316 4020 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
    19:27:50.0316 4020 iphlpsvc - ok
    19:27:50.0326 4020 IpInIp - ok
    19:27:50.0346 4020 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
    19:27:50.0346 4020 IPMIDRV - ok
    19:27:50.0386 4020 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
    19:27:50.0416 4020 IPNAT - ok
    19:27:50.0536 4020 iPod Service (e6be7a41a28d8f2db174957454d32448) C:\Program Files\iPod\bin\iPodService.exe
    19:27:50.0586 4020 iPod Service - ok
    19:27:50.0606 4020 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
    19:27:50.0636 4020 IRENUM - ok
    19:27:50.0666 4020 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
    19:27:50.0666 4020 isapnp - ok
    19:27:50.0726 4020 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
    19:27:50.0736 4020 iScsiPrt - ok
    19:27:50.0756 4020 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
    19:27:50.0776 4020 iteatapi - ok
    19:27:50.0796 4020 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
    19:27:50.0796 4020 iteraid - ok
    19:27:50.0846 4020 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
    19:27:50.0876 4020 kbdclass - ok
    19:27:50.0906 4020 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
    19:27:50.0926 4020 kbdhid - ok
    19:27:50.0956 4020 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
    19:27:50.0966 4020 KeyIso - ok
    19:27:51.0006 4020 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
    19:27:51.0036 4020 KSecDD - ok
    19:27:51.0096 4020 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
    19:27:51.0106 4020 KtmRm - ok
    19:27:51.0156 4020 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
    19:27:51.0166 4020 LanmanServer - ok
    19:27:51.0206 4020 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
    19:27:51.0216 4020 LanmanWorkstation - ok
    19:27:51.0246 4020 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
    19:27:51.0266 4020 lltdio - ok
    19:27:51.0496 4020 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
    19:27:51.0526 4020 lltdsvc - ok
    19:27:51.0556 4020 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
    19:27:51.0556 4020 lmhosts - ok
    19:27:51.0596 4020 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
    19:27:51.0606 4020 LSI_FC - ok
    19:27:51.0646 4020 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
    19:27:51.0646 4020 LSI_SAS - ok
    19:27:51.0666 4020 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
    19:27:51.0696 4020 LSI_SCSI - ok
    19:27:51.0726 4020 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
    19:27:51.0746 4020 luafv - ok
    19:27:51.0786 4020 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
    19:27:51.0796 4020 MBAMProtector - ok
    19:27:51.0929 4020 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    19:27:51.0934 4020 MBAMService - ok
    19:27:51.0970 4020 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
    19:27:52.0007 4020 Mcx2Svc - ok
    19:27:52.0029 4020 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
    19:27:52.0047 4020 mdmxsdk - ok
    19:27:52.0082 4020 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
    19:27:52.0087 4020 megasas - ok
    19:27:52.0182 4020 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
    19:27:52.0208 4020 Microsoft Office Groove Audit Service - ok
    19:27:52.0248 4020 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
    19:27:52.0250 4020 MMCSS - ok
    19:27:52.0285 4020 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
    19:27:52.0287 4020 Modem - ok
    19:27:52.0340 4020 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
    19:27:52.0371 4020 monitor - ok
    19:27:52.0387 4020 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
    19:27:52.0418 4020 mouclass - ok
    19:27:52.0434 4020 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
    19:27:52.0465 4020 mouhid - ok
    19:27:52.0481 4020 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
    19:27:52.0496 4020 MountMgr - ok
    19:27:52.0527 4020 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    19:27:52.0559 4020 MozillaMaintenance - ok
    19:27:52.0590 4020 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
    19:27:52.0621 4020 mpio - ok
    19:27:52.0668 4020 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
    19:27:52.0683 4020 mpsdrv - ok
    19:27:52.0781 4020 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
    19:27:52.0791 4020 MpsSvc - ok
    19:27:52.0801 4020 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
    19:27:52.0801 4020 Mraid35x - ok
    19:27:52.0851 4020 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
    19:27:52.0881 4020 MRxDAV - ok
    19:27:52.0911 4020 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
    19:27:52.0931 4020 mrxsmb - ok
    19:27:52.0991 4020 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    19:27:53.0011 4020 mrxsmb10 - ok
    19:27:53.0031 4020 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    19:27:53.0041 4020 mrxsmb20 - ok
    19:27:53.0081 4020 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
    19:27:53.0101 4020 msahci - ok
    19:27:53.0201 4020 MSCSPTISRV (8e46a7bac823dd82d4fb2a34c3df4c1d) C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    19:27:53.0211 4020 MSCSPTISRV - ok
    19:27:53.0231 4020 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
    19:27:53.0251 4020 msdsm - ok
    19:27:53.0281 4020 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
    19:27:53.0321 4020 MSDTC - ok
    19:27:53.0351 4020 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
    19:27:53.0351 4020 Msfs - ok
    19:27:53.0391 4020 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
    19:27:53.0411 4020 msisadrv - ok
    19:27:53.0451 4020 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
    19:27:53.0471 4020 MSiSCSI - ok
    19:27:53.0481 4020 msiserver - ok
    19:27:53.0541 4020 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
    19:27:53.0541 4020 MSKSSRV - ok
    19:27:53.0571 4020 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
    19:27:53.0581 4020 MSPCLOCK - ok
    19:27:53.0611 4020 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
    19:27:53.0621 4020 MSPQM - ok
    19:27:53.0671 4020 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
    19:27:53.0691 4020 MsRPC - ok
    19:27:53.0741 4020 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
    19:27:53.0771 4020 mssmbios - ok
    19:27:53.0791 4020 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
    19:27:53.0791 4020 MSTEE - ok
    19:27:53.0831 4020 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
    19:27:53.0851 4020 Mup - ok
    19:27:53.0912 4020 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
    19:27:53.0912 4020 napagent - ok
    19:27:53.0968 4020 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
    19:27:53.0990 4020 NativeWifiP - ok
    19:27:54.0070 4020 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
    19:27:54.0114 4020 NDIS - ok
    19:27:54.0172 4020 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
    19:27:54.0191 4020 NdisTapi - ok
    19:27:54.0222 4020 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
    19:27:54.0241 4020 Ndisuio - ok
    19:27:54.0291 4020 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
    19:27:54.0295 4020 NdisWan - ok
    19:27:54.0332 4020 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
    19:27:54.0352 4020 NDProxy - ok
    19:27:54.0378 4020 Net Driver HPZ12 (80b7a96f908da13617e7e6832c5c6a64) C:\Windows\system32\HPZinw12.dll
    19:27:54.0380 4020 Net Driver HPZ12 - ok
    19:27:54.0399 4020 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
    19:27:54.0423 4020 NetBIOS - ok
    19:27:54.0472 4020 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
    19:27:54.0497 4020 netbt - ok
    19:27:54.0535 4020 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
    19:27:54.0537 4020 Netlogon - ok
    19:27:54.0576 4020 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
    19:27:54.0580 4020 Netman - ok
    19:27:54.0628 4020 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
    19:27:54.0631 4020 netprofm - ok
    19:27:54.0703 4020 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    19:27:54.0734 4020 NetTcpPortSharing - ok
    19:27:54.0961 4020 NETw4v32 (25acccfc33dd448b9d3037c5e439e830) C:\Windows\system32\DRIVERS\NETw4v32.sys
    19:27:55.0011 4020 NETw4v32 - ok
    19:27:55.0515 4020 NETwLv32 (d4ef7a9767c05905500ec312cb29ef46) C:\Windows\system32\DRIVERS\NETwLv32.sys
    19:27:55.0759 4020 NETwLv32 - ok
    19:27:55.0917 4020 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
    19:27:55.0948 4020 nfrd960 - ok
    19:27:55.0995 4020 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
    19:27:55.0995 4020 NlaSvc - ok
    19:27:56.0057 4020 NPF (6623e51595c0076755c29c00846c4eb2) C:\Windows\system32\drivers\npf.sys
    19:27:56.0057 4020 NPF - ok
    19:27:56.0088 4020 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
    19:27:56.0104 4020 Npfs - ok
    19:27:56.0151 4020 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
    19:27:56.0151 4020 nsi - ok
    19:27:56.0182 4020 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
    19:27:56.0198 4020 nsiproxy - ok
    19:27:56.0291 4020 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
    19:27:56.0354 4020 Ntfs - ok
    19:27:56.0385 4020 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
    19:27:56.0416 4020 ntrigdigi - ok
    19:27:56.0432 4020 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
    19:27:56.0463 4020 Null - ok
    19:27:56.0494 4020 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
    19:27:56.0510 4020 nvraid - ok
    19:27:56.0541 4020 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
    19:27:56.0541 4020 nvstor - ok
    19:27:56.0572 4020 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
    19:27:56.0572 4020 nv_agp - ok
    19:27:56.0572 4020 NwlnkFlt - ok
    19:27:56.0588 4020 NwlnkFwd - ok
    19:27:56.0728 4020 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    19:27:56.0744 4020 odserv - ok
    19:27:56.0853 4020 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
    19:27:56.0868 4020 ohci1394 - ok
    19:27:56.0931 4020 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    19:27:56.0946 4020 ose - ok
    19:27:57.0040 4020 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
    19:27:57.0056 4020 p2pimsvc - ok
    19:27:57.0056 4020 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
    19:27:57.0071 4020 p2psvc - ok
    19:27:57.0149 4020 PACSPTISVR (753a8f339f231d2b857e2ccd51a6e6ca) C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    19:27:57.0180 4020 PACSPTISVR - ok
    19:27:57.0227 4020 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
    19:27:57.0243 4020 Parport - ok
    19:27:57.0274 4020 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
    19:27:57.0290 4020 partmgr - ok
    19:27:57.0290 4020 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
    19:27:57.0321 4020 Parvdm - ok
    19:27:57.0352 4020 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
    19:27:57.0352 4020 PcaSvc - ok
    19:27:57.0399 4020 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
    19:27:57.0399 4020 pci - ok
    19:27:57.0414 4020 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
    19:27:57.0446 4020 pciide - ok
    19:27:57.0477 4020 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
    19:27:57.0508 4020 pcmcia - ok
    19:27:57.0602 4020 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
    19:27:57.0648 4020 PEAUTH - ok
    19:27:57.0773 4020 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
    19:27:57.0773 4020 pla - ok
    19:27:57.0929 4020 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
    19:27:57.0945 4020 PlugPlay - ok
    19:27:57.0960 4020 Pml Driver HPZ12 (0c155c5d8942b3cbcf9506a9d376b9ad) C:\Windows\system32\HPZipm12.dll
    19:27:57.0976 4020 Pml Driver HPZ12 - ok
    19:27:58.0070 4020 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
    19:27:58.0070 4020 PNRPAutoReg - ok
    19:27:58.0070 4020 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
    19:27:58.0085 4020 PNRPsvc - ok
    19:27:58.0148 4020 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
    19:27:58.0163 4020 PolicyAgent - ok
    19:27:58.0226 4020 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
    19:27:58.0257 4020 PptpMiniport - ok
    19:27:58.0288 4020 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
    19:27:58.0288 4020 Processor - ok
    19:27:58.0319 4020 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
    19:27:58.0319 4020 ProfSvc - ok
    19:27:58.0350 4020 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
    19:27:58.0366 4020 ProtectedStorage - ok
    19:27:58.0413 4020 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
    19:27:58.0413 4020 PSched - ok
    19:27:58.0444 4020 PxHelp20 (40fedd328f98245ad201cf5f9f311724) C:\Windows\system32\Drivers\PxHelp20.sys
    19:27:58.0460 4020 PxHelp20 - ok
    19:27:58.0538 4020 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
    19:27:58.0553 4020 ql2300 - ok
    19:27:58.0584 4020 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
    19:27:58.0584 4020 ql40xx - ok
    19:27:58.0631 4020 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
    19:27:58.0647 4020 QWAVE - ok
    19:27:58.0662 4020 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
    19:27:58.0662 4020 QWAVEdrv - ok
    19:27:58.0694 4020 R5U870FLx86 (68e04f3944e6f82c64b53f8a8f13fb3a) C:\Windows\system32\Drivers\R5U870FLx86.sys
    19:27:58.0694 4020 R5U870FLx86 - ok
     
  9. NeoBob

    NeoBob TS Rookie Topic Starter

    continued....

    19:27:58.0709 4020 R5U870FUx86 (7f1356060d1894b46554a0d8e6f13958) C:\Windows\system32\Drivers\R5U870FUx86.sys
    19:27:58.0725 4020 R5U870FUx86 - ok
    19:27:58.0756 4020 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
    19:27:58.0772 4020 RasAcd - ok
    19:27:58.0818 4020 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
    19:27:58.0818 4020 RasAuto - ok
    19:27:58.0865 4020 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
    19:27:58.0865 4020 Rasl2tp - ok
    19:27:58.0928 4020 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
    19:27:58.0928 4020 RasMan - ok
    19:27:58.0974 4020 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
    19:27:58.0990 4020 RasPppoe - ok
    19:27:59.0037 4020 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
    19:27:59.0052 4020 RasSstp - ok
    19:27:59.0099 4020 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
    19:27:59.0130 4020 rdbss - ok
    19:27:59.0162 4020 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
    19:27:59.0162 4020 RDPCDD - ok
    19:27:59.0208 4020 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
    19:27:59.0224 4020 rdpdr - ok
    19:27:59.0224 4020 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
    19:27:59.0240 4020 RDPENCDD - ok
    19:27:59.0286 4020 RDPWD (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
    19:27:59.0306 4020 RDPWD - ok
    19:27:59.0346 4020 regi (001b4278407f4303efc902a2b16f2453) C:\Windows\system32\drivers\regi.sys
    19:27:59.0366 4020 regi - ok
    19:27:59.0416 4020 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
    19:27:59.0426 4020 RemoteAccess - ok
    19:27:59.0476 4020 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
    19:27:59.0506 4020 RemoteRegistry - ok
    19:27:59.0556 4020 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
    19:27:59.0586 4020 RFCOMM - ok
    19:27:59.0656 4020 rpcapd (e51a8d02b4bd33eba1f7a5b76c3766ed) C:\Program Files\WinPcap\rpcapd.exe
    19:27:59.0686 4020 rpcapd - ok
    19:27:59.0716 4020 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
    19:27:59.0716 4020 RpcLocator - ok
    19:27:59.0786 4020 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
    19:27:59.0796 4020 RpcSs - ok
    19:27:59.0826 4020 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
    19:27:59.0846 4020 rspndr - ok
    19:27:59.0906 4020 RTL8169 (2d19a7469ea19993d0c12e627f4530bc) C:\Windows\system32\DRIVERS\Rtlh86.sys
    19:27:59.0936 4020 RTL8169 - ok
    19:27:59.0956 4020 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
    19:27:59.0956 4020 SamSs - ok
    19:27:59.0996 4020 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
    19:27:59.0996 4020 sbp2port - ok
    19:28:00.0056 4020 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
    19:28:00.0056 4020 SCardSvr - ok
    19:28:00.0126 4020 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
    19:28:00.0146 4020 Schedule - ok
    19:28:00.0196 4020 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
    19:28:00.0196 4020 SCPolicySvc - ok
    19:28:00.0216 4020 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
    19:28:00.0226 4020 SDRSVC - ok
    19:28:00.0236 4020 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    19:28:00.0256 4020 secdrv - ok
    19:28:00.0286 4020 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
    19:28:00.0286 4020 seclogon - ok
    19:28:00.0296 4020 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
    19:28:00.0306 4020 SENS - ok
    19:28:00.0326 4020 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
    19:28:00.0346 4020 Serenum - ok
    19:28:00.0376 4020 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
    19:28:00.0386 4020 Serial - ok
    19:28:00.0426 4020 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
    19:28:00.0456 4020 sermouse - ok
    19:28:00.0506 4020 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
    19:28:00.0506 4020 SessionEnv - ok
    19:28:00.0556 4020 SFEP (8b7c1768d2cde2e02e09a66563ddfd16) C:\Windows\system32\DRIVERS\SFEP.sys
    19:28:00.0576 4020 SFEP - ok
    19:28:00.0576 4020 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
    19:28:00.0586 4020 sffdisk - ok
    19:28:00.0606 4020 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
    19:28:00.0606 4020 sffp_mmc - ok
    19:28:00.0626 4020 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
    19:28:00.0636 4020 sffp_sd - ok
    19:28:00.0676 4020 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\DRIVERS\sfloppy.sys
    19:28:00.0676 4020 sfloppy - ok
    19:28:00.0726 4020 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
    19:28:00.0746 4020 SharedAccess - ok
    19:28:00.0806 4020 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
    19:28:00.0806 4020 ShellHWDetection - ok
    19:28:00.0836 4020 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
    19:28:00.0856 4020 sisagp - ok
    19:28:00.0896 4020 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
    19:28:00.0916 4020 SiSRaid2 - ok
    19:28:00.0966 4020 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
    19:28:00.0991 4020 SiSRaid4 - ok
    19:28:01.0043 4020 sjvs (e6d35f3aa51a65eb35c1f2340154a25e) C:\Windows\system32\drivers\brspa.sys
    19:28:01.0063 4020 sjvs - ok
    19:28:01.0295 4020 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
    19:28:01.0378 4020 slsvc - ok
    19:28:01.0526 4020 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
    19:28:01.0530 4020 SLUINotify - ok
    19:28:01.0588 4020 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
    19:28:01.0595 4020 Smb - ok
    19:28:01.0623 4020 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
    19:28:01.0629 4020 SNMPTRAP - ok
    19:28:01.0660 4020 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
    19:28:01.0680 4020 spldr - ok
    19:28:01.0719 4020 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
    19:28:01.0724 4020 Spooler - ok
    19:28:01.0849 4020 SPTISRV (e3e6c96b0ef4492c3c8fd0deef4e35a1) C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    19:28:01.0878 4020 SPTISRV - ok
    19:28:01.0930 4020 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
    19:28:01.0944 4020 srv - ok
    19:28:02.0000 4020 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
    19:28:02.0025 4020 srv2 - ok
    19:28:02.0075 4020 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
    19:28:02.0104 4020 srvnet - ok
    19:28:02.0132 4020 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
    19:28:02.0138 4020 SSDPSRV - ok
    19:28:02.0183 4020 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
    19:28:02.0185 4020 ssmdrv - ok
    19:28:02.0235 4020 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
    19:28:02.0238 4020 SstpSvc - ok
    19:28:02.0306 4020 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
    19:28:02.0322 4020 StillCam - ok
    19:28:02.0400 4020 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
    19:28:02.0415 4020 stisvc - ok
    19:28:02.0462 4020 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
    19:28:02.0462 4020 swenum - ok
    19:28:02.0618 4020 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    19:28:02.0634 4020 SwitchBoard - ok
    19:28:02.0681 4020 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
    19:28:02.0696 4020 swprv - ok
    19:28:02.0727 4020 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
    19:28:02.0743 4020 Symc8xx - ok
    19:28:02.0759 4020 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
    19:28:02.0769 4020 Sym_hi - ok
    19:28:02.0789 4020 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
    19:28:02.0809 4020 Sym_u3 - ok
    19:28:02.0839 4020 SynTP (99da94793332aadbb17bbb521ae56e21) C:\Windows\system32\DRIVERS\SynTP.sys
    19:28:02.0869 4020 SynTP - ok
    19:28:02.0949 4020 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
    19:28:02.0949 4020 SysMain - ok
    19:28:02.0989 4020 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
    19:28:02.0999 4020 TabletInputService - ok
    19:28:03.0059 4020 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
    19:28:03.0059 4020 TapiSrv - ok
    19:28:03.0099 4020 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
    19:28:03.0129 4020 TBS - ok
    19:28:03.0229 4020 Tcpip (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys
    19:28:03.0249 4020 Tcpip - ok
    19:28:03.0269 4020 Tcpip6 (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys
    19:28:03.0269 4020 Tcpip6 - ok
    19:28:03.0319 4020 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
    19:28:03.0349 4020 tcpipreg - ok
    19:28:03.0369 4020 TcUsb (07d174a992ab0ea6001f390de1afa27b) C:\Windows\system32\Drivers\tcusb.sys
    19:28:03.0379 4020 TcUsb - ok
    19:28:03.0409 4020 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
    19:28:03.0429 4020 TDPIPE - ok
    19:28:03.0459 4020 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
    19:28:03.0469 4020 TDTCP - ok
    19:28:03.0519 4020 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
    19:28:03.0519 4020 tdx - ok
    19:28:03.0559 4020 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
    19:28:03.0569 4020 TermDD - ok
    19:28:03.0639 4020 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
    19:28:03.0649 4020 TermService - ok
    19:28:03.0709 4020 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
    19:28:03.0709 4020 Themes - ok
    19:28:03.0749 4020 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
    19:28:03.0759 4020 THREADORDER - ok
    19:28:03.0839 4020 ti21sony (030f439ac1ccda7ac6ce01cc02102045) C:\Windows\system32\drivers\ti21sony.sys
    19:28:03.0859 4020 ti21sony - ok
    19:28:03.0949 4020 TomTomHOMEService (747e60b773e95f6c93d5621b550d6865) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    19:28:03.0969 4020 TomTomHOMEService - ok
    19:28:03.0985 4020 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
    19:28:03.0988 4020 TrkWks - ok
    19:28:04.0048 4020 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
    19:28:04.0069 4020 TrustedInstaller - ok
    19:28:04.0093 4020 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
    19:28:04.0114 4020 tssecsrv - ok
    19:28:04.0154 4020 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
    19:28:04.0155 4020 tunmp - ok
    19:28:04.0183 4020 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
    19:28:04.0207 4020 tunnel - ok
    19:28:04.0238 4020 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
    19:28:04.0245 4020 uagp35 - ok
    19:28:04.0314 4020 uCamMonitor (5704b9bf52bd0b611fe871f47a3230b9) C:\Program Files\ArcSoft\Magic-I Visual Effects\uCamMonitor.exe
    19:28:04.0342 4020 uCamMonitor - ok
    19:28:04.0402 4020 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
    19:28:04.0442 4020 udfs - ok
    19:28:04.0482 4020 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
    19:28:04.0486 4020 UI0Detect - ok
    19:28:04.0490 4020 UIUSys - ok
    19:28:04.0521 4020 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
    19:28:04.0545 4020 uliagpkx - ok
    19:28:04.0577 4020 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
    19:28:04.0597 4020 uliahci - ok
    19:28:04.0618 4020 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
    19:28:04.0636 4020 UlSata - ok
    19:28:04.0662 4020 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
    19:28:04.0690 4020 ulsata2 - ok
    19:28:04.0724 4020 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
    19:28:04.0729 4020 umbus - ok
    19:28:04.0771 4020 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
    19:28:04.0775 4020 upnphost - ok
    19:28:04.0810 4020 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
    19:28:04.0812 4020 USBAAPL - ok
    19:28:04.0817 4020 usbc2k - ok
    19:28:04.0858 4020 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
    19:28:04.0881 4020 usbccgp - ok
    19:28:04.0968 4020 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
    19:28:04.0971 4020 usbcir - ok
    19:28:05.0025 4020 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
    19:28:05.0042 4020 usbehci - ok
    19:28:05.0089 4020 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
    19:28:05.0093 4020 usbhub - ok
    19:28:05.0116 4020 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
    19:28:05.0136 4020 usbohci - ok
    19:28:05.0154 4020 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
    19:28:05.0173 4020 usbprint - ok
    19:28:05.0191 4020 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    19:28:05.0214 4020 USBSTOR - ok
    19:28:05.0245 4020 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
    19:28:05.0262 4020 usbuhci - ok
    19:28:05.0340 4020 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
    19:28:05.0372 4020 usbvideo - ok
    19:28:05.0418 4020 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
    19:28:05.0418 4020 UxSms - ok
    19:28:05.0559 4020 VAIO Entertainment TV Device Arbitration Service (afbcd738df9de3b6d71afc704e7f27fb) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
    19:28:05.0559 4020 VAIO Entertainment TV Device Arbitration Service - ok
    19:28:05.0637 4020 VAIO Event Service (8a9f18adad471402236ca931553bf79b) C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
    19:28:05.0668 4020 VAIO Event Service - ok
    19:28:05.0872 4020 VAIOMediaPlatform-IntegratedServer-AppServer (0a4cd617ed1f03c8b7310fc4871173a4) C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
    19:28:05.0952 4020 VAIOMediaPlatform-IntegratedServer-AppServer - ok
    19:28:06.0082 4020 VAIOMediaPlatform-IntegratedServer-HTTP (56e33aaa46cba8431e72486196afb3a1) C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
    19:28:06.0112 4020 VAIOMediaPlatform-IntegratedServer-HTTP - ok
    19:28:06.0192 4020 VAIOMediaPlatform-IntegratedServer-UPnP (addf0e4e19bd2ff0a0b852d324fdc281) C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    19:28:06.0252 4020 VAIOMediaPlatform-IntegratedServer-UPnP - ok
    19:28:06.0322 4020 VAIOMediaPlatform-UCLS-AppServer (52d4f568fe7d05ae5026b8717eeb59eb) C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
    19:28:06.0342 4020 VAIOMediaPlatform-UCLS-AppServer - ok
    19:28:06.0392 4020 VAIOMediaPlatform-UCLS-HTTP (56e33aaa46cba8431e72486196afb3a1) C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
    19:28:06.0402 4020 VAIOMediaPlatform-UCLS-HTTP - ok
    19:28:06.0482 4020 VAIOMediaPlatform-UCLS-UPnP (addf0e4e19bd2ff0a0b852d324fdc281) C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    19:28:06.0482 4020 VAIOMediaPlatform-UCLS-UPnP - ok
    19:28:06.0672 4020 VClone (fce98c43b5c5db8e0da8ea0e2b45e044) C:\Windows\system32\DRIVERS\VClone.sys
    19:28:06.0692 4020 VClone - ok
    19:28:06.0812 4020 VcmIAlzMgr (6ef45df2fcc4ae35c715a6c9b5c68b17) C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
    19:28:06.0852 4020 VcmIAlzMgr - ok
    19:28:06.0962 4020 VcmXmlIfHelper (b56cd01f36eef2967ef18d8df0e5c285) C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
    19:28:06.0976 4020 VcmXmlIfHelper - ok
    19:28:07.0009 4020 Vcsw - ok
    19:28:07.0071 4020 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
    19:28:07.0081 4020 vds - ok
    19:28:07.0107 4020 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
    19:28:07.0123 4020 vga - ok
    19:28:07.0153 4020 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
    19:28:07.0177 4020 VgaSave - ok
    19:28:07.0200 4020 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
    19:28:07.0223 4020 viaagp - ok
    19:28:07.0252 4020 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
    19:28:07.0275 4020 ViaC7 - ok
    19:28:07.0296 4020 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
    19:28:07.0297 4020 viaide - ok
    19:28:07.0336 4020 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
    19:28:07.0342 4020 volmgr - ok
    19:28:07.0404 4020 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
    19:28:07.0429 4020 volmgrx - ok
    19:28:07.0463 4020 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
    19:28:07.0475 4020 volsnap - ok
    19:28:07.0517 4020 vsbus (1c8a783e90c34d205596f1ab4a97e261) C:\Windows\system32\DRIVERS\vsb.sys
    19:28:07.0521 4020 vsbus - ok
    19:28:07.0542 4020 vserial (3377daa1cb8cac46a538c236f5f3d58f) C:\Windows\system32\DRIVERS\vserial.sys
    19:28:07.0568 4020 vserial - ok
    19:28:07.0612 4020 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
    19:28:07.0637 4020 vsmraid - ok
    19:28:07.0746 4020 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
    19:28:07.0769 4020 VSS - ok
    19:28:07.0932 4020 VUAgent (bdb755f9b3e01bf33993c10c007202df) C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
    19:28:07.0951 4020 VUAgent - ok
    19:28:08.0038 4020 VzCdbSvc (2e785f4f92c4c67cebb61dd55ed1f6a1) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
    19:28:08.0044 4020 VzCdbSvc - ok
    19:28:08.0068 4020 VzFw (2d876cad8c7ffb08179dff361ff851e6) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
    19:28:08.0100 4020 VzFw - ok
    19:28:08.0258 4020 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
    19:28:08.0262 4020 W32Time - ok
    19:28:08.0315 4020 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
    19:28:08.0337 4020 WacomPen - ok
    19:28:08.0371 4020 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    19:28:08.0401 4020 Wanarp - ok
    19:28:08.0404 4020 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    19:28:08.0405 4020 Wanarpv6 - ok
    19:28:08.0443 4020 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
    19:28:08.0454 4020 wcncsvc - ok
    19:28:08.0481 4020 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
    19:28:08.0501 4020 WcsPlugInService - ok
    19:28:08.0530 4020 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
    19:28:08.0556 4020 Wd - ok
    19:28:08.0617 4020 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
    19:28:08.0677 4020 Wdf01000 - ok
    19:28:08.0720 4020 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
    19:28:08.0723 4020 WdiServiceHost - ok
    19:28:08.0728 4020 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
    19:28:08.0731 4020 WdiSystemHost - ok
    19:28:08.0774 4020 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
    19:28:08.0807 4020 WebClient - ok
    19:28:08.0854 4020 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
    19:28:08.0869 4020 Wecsvc - ok
    19:28:08.0900 4020 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
    19:28:08.0916 4020 wercplsupport - ok
    19:28:08.0947 4020 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
    19:28:08.0963 4020 WerSvc - ok
    19:28:09.0150 4020 wg111nd5 (5dc04e2badf701d7a9d00365b623df2f) C:\Windows\system32\DRIVERS\wg111nd5.sys
    19:28:09.0181 4020 wg111nd5 - ok
    19:28:09.0212 4020 WimFltr (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\Windows\system32\DRIVERS\wimfltr.sys
    19:28:09.0228 4020 WimFltr - ok
    19:28:09.0306 4020 winachsf (5a77ac34a0ffb70ce8b35b524fede9ba) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
    19:28:09.0337 4020 winachsf - ok
    19:28:09.0446 4020 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
    19:28:09.0478 4020 WinDefend - ok
    19:28:09.0478 4020 WinHttpAutoProxySvc - ok
    19:28:09.0571 4020 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
    19:28:09.0571 4020 Winmgmt - ok
    19:28:09.0665 4020 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
    19:28:09.0727 4020 WinRM - ok
    19:28:09.0805 4020 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
    19:28:09.0821 4020 Wlansvc - ok
    19:28:10.0008 4020 wlidsvc (0a70f4022ec2e14c159efc4f69aa2477) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    19:28:10.0070 4020 wlidsvc - ok
    19:28:10.0211 4020 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
    19:28:10.0226 4020 WmiAcpi - ok
    19:28:10.0320 4020 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
    19:28:10.0336 4020 wmiApSrv - ok
    19:28:10.0445 4020 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
    19:28:10.0523 4020 WMPNetworkSvc - ok
    19:28:10.0570 4020 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
    19:28:10.0570 4020 WPCSvc - ok
    19:28:10.0616 4020 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
    19:28:10.0616 4020 WPDBusEnum - ok
    19:28:10.0710 4020 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
    19:28:10.0741 4020 WpdUsb - ok
    19:28:10.0897 4020 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    19:28:10.0944 4020 WPFFontCache_v0400 - ok
    19:28:11.0022 4020 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
    19:28:11.0038 4020 ws2ifsl - ok
    19:28:11.0100 4020 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
    19:28:11.0100 4020 wscsvc - ok
    19:28:11.0147 4020 WSDPrintDevice (4422ac5ed8d4c2f0db63e71d4c069dd7) C:\Windows\system32\DRIVERS\WSDPrint.sys
    19:28:11.0147 4020 WSDPrintDevice - ok
    19:28:11.0147 4020 WSearch - ok
    19:28:11.0297 4020 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
    19:28:11.0307 4020 wuauserv - ok
    19:28:11.0437 4020 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
    19:28:11.0447 4020 wudfsvc - ok
    19:28:11.0497 4020 XAudio (88af537264f2b818da15479ceeaf5d7c) C:\Windows\system32\DRIVERS\xaudio.sys
    19:28:11.0507 4020 XAudio - ok
    19:28:11.0557 4020 XAudioService (15a317674a08df26be65164d959e9203) C:\Windows\system32\DRIVERS\xaudio.exe
    19:28:11.0567 4020 XAudioService - ok
    19:28:11.0637 4020 ZSMC301b (1e41295eac56589efd9dc3ca14bf3fec) C:\Windows\system32\Drivers\usbVM31b.sys
    19:28:11.0667 4020 ZSMC301b - ok
    19:28:11.0717 4020 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
    19:28:11.0957 4020 \Device\Harddisk0\DR0 - ok
    19:28:11.0967 4020 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk2\DR2
    19:28:11.0997 4020 \Device\Harddisk2\DR2 - ok
    19:28:11.0997 4020 Boot (0x1200) (23de37c666b5364496902dd90e110a8b) \Device\Harddisk0\DR0\Partition0
    19:28:11.0997 4020 \Device\Harddisk0\DR0\Partition0 - ok
    19:28:12.0007 4020 Boot (0x1200) (cd60dfa1b0e8bd4b2323be34f8c04129) \Device\Harddisk2\DR2\Partition0
    19:28:12.0007 4020 \Device\Harddisk2\DR2\Partition0 - ok
    19:28:12.0007 4020 ============================================================
    19:28:12.0007 4020 Scan finished
    19:28:12.0007 4020 ============================================================
    19:28:12.0017 5244 Detected object count: 0
    19:28:12.0017 5244 Actual detected object count: 0
    19:28:36.0478 5340 Deinitialize success
     
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Please run the following- it will produce 2 logs. I am asking our new malware helper DragonMasterJay to pick up the thread and continue with your help. Please leave the logs for him to review.
    • Download OTL from one of the links below and save it to your desktop.
      OTL.exe
      OTL.com
      OTL.scr
      You just need one. Sometimes the file extension gets blocked.

      Note: When using these links, use Internet Explorer to download. If using Firefox, you should right-click and use "Save link As". Otherwise, on some systems, FF attempts to open the file as a script and just a bunch of gibberish is displayed.
    • Double click the OTL icon to run it.[​IMG]
    • The opened console will resemble this: [​IMG]
    • Set Output at the top to Minimal Output.
    • Check the boxes beside LOP Check and Purity Check.
    • Copy the entries in the Codebox below> Paste in the Custom Scan box.
      Code:
      netsvcs
      %SYSTEMDRIVE%\*.exe
      %systemroot%\*. /mp /s
      /md5start
      explorer.exe
      winlogon.exe
      userinit.exe
      /md5stop
      %systemroot%\*. /mp /s
      CREATERESTOREPOINT
      
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      Make sure all other windows are closed and to let it run uninterrupted.
    • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
     
  11. NeoBob

    NeoBob TS Rookie Topic Starter

    ---- OTListIt.TXT ----
    OTL logfile created on: 08/07/2012 01:45:32 - Run 1
    OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\c\Desktop\Downloads
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    2.00 Gb Total Physical Memory | 1.27 Gb Available Physical Memory | 63.53% Memory free
    4.23 Gb Paging File | 2.90 Gb Available in Paging File | 68.47% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 139.65 Gb Total Space | 15.33 Gb Free Space | 10.98% Space Free | Partition Type: NTFS
    Drive D: | 1.90 Gb Total Space | 1.61 Gb Free Space | 84.63% Space Free | Partition Type: FAT
    Drive E: | 7.60 Gb Total Space | 7.60 Gb Free Space | 100.00% Space Free | Partition Type: FAT32

    Computer Name: c-PC | User Name: c | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\c\Desktop\Downloads\OTL.exe (OldTimer Tools)
    PRC - C:\Windows\System32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe (Adobe Systems Incorporated)
    PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
    PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
    PRC - C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
    PRC - C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe (Avira Operations GmbH & Co. KG)
    PRC - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
    PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
    PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
    PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
    PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    PRC - C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe (Sony Corporation)
    PRC - C:\Program Files\Sony\VAIO Update Common\VUAgent.exe (Sony Corporation)
    PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
    PRC - C:\Windows\System32\bgsvcgen.exe (SOURCENEXT)
    PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
    PRC - C:\Windows\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
    PRC - C:\Program Files\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
    PRC - C:\Program Files\ArcSoft\Magic-I Visual Effects\uCamMonitor.exe (ArcSoft, Inc.)
    PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.)
    PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
    PRC - C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)
    PRC - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
    PRC - C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation)
    PRC - C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)


    ========== Modules (No Company Name) ==========

    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll ()
    MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll ()
    MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
    MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
    MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2783.40029__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.2783.40085__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.2783.40064__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Runtime\2.0.2783.40085__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Runtime.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.2783.40072__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.2783.40300__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2783.40293__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2783.40250__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2783.40186__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2783.40049__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.2783.40327__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.2783.40195__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.2783.40278__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.2783.40258__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.2783.40334__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.2783.40265__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.2783.40043__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.2783.40257__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.2783.40294__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.2783.40098__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.2783.40187__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.2783.40050__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.2783.40237__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.2783.40105__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.2783.40092__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.2783.40217__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.2783.40194__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.2783.40186__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.2783.40104__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.2783.40194__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.2783.40216__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.2783.40237__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2729.30202__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2729.30197__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2729.30224__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2729.30212__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2729.30222__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Shared\2.0.2729.30219__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2729.30178__90ba9c70f846762e\CLI.Foundation.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2729.30199__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2729.30231__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2729.30227__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2729.30264__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2729.30174__90ba9c70f846762e\LOG.Foundation.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2729.30313__90ba9c70f846762e\CLI.Foundation.XManifest.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2729.30184__90ba9c70f846762e\NEWAEM.Foundation.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2729.30259__90ba9c70f846762e\DEM.OS.I0602.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2729.30211__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2729.30199__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2729.30185__90ba9c70f846762e\CLI.Component.Client.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2729.30207__90ba9c70f846762e\MOM.Foundation.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.2729.30242__90ba9c70f846762e\DEM.OS.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.2729.30256__90ba9c70f846762e\DEM.Graphics.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2729.30203__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2729.30216__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2729.30241__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2729.30231__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2729.30226__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2729.30225__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2729.30230__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2729.30213__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2729.30219__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2729.30259__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2729.30228__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2729.30212__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\AEM.Foundation\2.0.2729.30176__90ba9c70f846762e\AEM.Foundation.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2729.30216__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.2729.30208__90ba9c70f846762e\APM.Foundation.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2729.30201__90ba9c70f846762e\AEM.Server.Shared.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.2783.40314__90ba9c70f846762e\MOM.Implementation.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2783.40312__90ba9c70f846762e\LOG.Foundation.Implementation.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2783.40357__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2729.30188__90ba9c70f846762e\LOG.Foundation.Private.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2729.30211__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.2783.40019__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.2783.40037__90ba9c70f846762e\CLI.Component.Dashboard.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2783.40058__90ba9c70f846762e\CLI.Component.Wizard.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.2783.40305__90ba9c70f846762e\CLI.Component.Systemtray.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2783.40021__90ba9c70f846762e\CLI.Component.Runtime.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.2783.40022__90ba9c70f846762e\ATIDEMOS.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.2783.40021__90ba9c70f846762e\APM.Server.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.2783.40020__90ba9c70f846762e\AEM.Server.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2729.30193__90ba9c70f846762e\CLI.Foundation.Private.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2729.30209__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2729.30205__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.2783.40313__90ba9c70f846762e\CCC.Implementation.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2729.30258__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2729.30214__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll ()
    MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2729.30243__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll ()
    MOD - C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll ()
    MOD - C:\Windows\System32\btwhidcs.dll ()
    MOD - C:\Windows\System32\atitmmxx.dll ()
    MOD - C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll ()


    ========== Win32 Services (SafeList) ==========

    SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
    SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
    SRV - (AntiVirFirewallService) -- C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe (Avira Operations GmbH & Co. KG)
    SRV - (AntiVirMailService) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
    SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
    SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
    SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
    SRV - (VUAgent) -- C:\Program Files\Sony\VAIO Update Common\VUAgent.exe (Sony Corporation)
    SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
    SRV - (bgsvcgen) -- C:\Windows\System32\bgsvcgen.exe (SOURCENEXT)
    SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
    SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
    SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
    SRV - (VcmXmlIfHelper) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe (Sony Corporation)
    SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies)
    SRV - (uCamMonitor) -- C:\Program Files\ArcSoft\Magic-I Visual Effects\uCamMonitor.exe (ArcSoft, Inc.)
    SRV - (VcmIAlzMgr) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
    SRV - (VzFw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation)
    SRV - (VzCdbSvc) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
    SRV - (VAIO Event Service) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
    SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
    SRV - (Vcsw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
    SRV - (VAIOMediaPlatform-IntegratedServer-AppServer) -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe (Sony Corporation)
    SRV - (VAIOMediaPlatform-Mobile-Gateway) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe (Sony Corporation)
    SRV - (VAIOMediaPlatform-UCLS-UPnP) VAIO Media Content Collection (UPnP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation)
    SRV - (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation)
    SRV - (VAIOMediaPlatform-UCLS-HTTP) VAIO Media Content Collection (HTTP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation)
    SRV - (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation)
    SRV - (VAIOMediaPlatform-UCLS-AppServer) -- C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe (Sony Corporation)
    SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
    SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
    SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe ()


    ========== Driver Services (SafeList) ==========

    DRV - (usbc2k) -- system32\drivers\usbc2k.sys File not found
    DRV - (UIUSys) -- system32\DRIVERS\UIUSYS.SYS File not found
    DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
    DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
    DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
    DRV - (igfx) -- system32\DRIVERS\igdkmd32.sys File not found
    DRV - (cpudrv) -- C:\Program Files\SystemRequirementsLab\cpudrv.sys File not found
    DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
    DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
    DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
    DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
    DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
    DRV - (avfwot) -- C:\Windows\System32\drivers\avfwot.sys (Avira GmbH)
    DRV - (avfwim) -- C:\Windows\System32\drivers\avfwim.sys (Avira GmbH)
    DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
    DRV - (cdrbsdrv) -- C:\Windows\System32\drivers\cdrbsdrv.sys (B.H.A Corporation)
    DRV - (NETwLv32) Intel(R) -- C:\Windows\System32\drivers\NETwLv32.sys (Intel Corporation)
    DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek )
    DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
    DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
    DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
    DRV - (AnyDVD) -- C:\Windows\System32\drivers\AnyDVD.sys (SlySoft, Inc.)
    DRV - (vserial) -- C:\Windows\System32\drivers\vserial.sys ()
    DRV - (vsbus) -- C:\Windows\System32\drivers\vsb.sys ()
    DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
    DRV - (ti21sony) -- C:\Windows\System32\drivers\ti21sony.sys (Texas Instruments)
    DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies)
    DRV - (ArcSoftKsUFilter) -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)
    DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
    DRV - (R5U870FLx86) -- C:\Windows\System32\drivers\R5U870FLx86.sys (Ricoh)
    DRV - (R5U870FUx86) -- C:\Windows\System32\drivers\R5U870FUx86.sys (Ricoh)
    DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
    DRV - (CrystalSysInfo) -- C:\Program Files\MediaCoder iPod Edition\SysInfo.sys ()
    DRV - (DMICall) -- C:\Windows\System32\drivers\DMICall.sys (Sony Corporation)
    DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
    DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
    DRV - (SFEP) -- C:\Windows\System32\drivers\SFEP.sys (Sony Corporation)
    DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
    DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo)
    DRV - (wg111nd5) -- C:\Windows\System32\drivers\wg111nd5.sys (NETGEAR, Inc.)
    DRV - (ZSMC301b) -- C:\Windows\System32\drivers\usbVM31b.sys (VM)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope = {E115E925-94B7-4564-A881-A5577682B700}
    IE - HKLM\..\SearchScopes\{E115E925-94B7-4564-A881-A5577682B700}: "URL" = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\..\SearchScopes,DefaultScope = {E115E925-94B7-4564-A881-A5577682B700}
    IE - HKCU\..\SearchScopes\{E115E925-94B7-4564-A881-A5577682B700}: "URL" = http://www.google.com/search?q={sea...&oe={outputEncoding}&sourceid=ie7&rlz=1I7SNYK
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..network.proxy.backup.ftp: "24.99.35.42"
    FF - prefs.js..network.proxy.backup.ftp_port: 8085
    FF - prefs.js..network.proxy.backup.socks: "24.99.35.42"
    FF - prefs.js..network.proxy.backup.socks_port: 8085
    FF - prefs.js..network.proxy.backup.ssl: "24.99.35.42"
    FF - prefs.js..network.proxy.backup.ssl_port: 8085
    FF - prefs.js..network.proxy.ftp: "210.75.194.192"
    FF - prefs.js..network.proxy.ftp_port: 8909
    FF - prefs.js..network.proxy.http: "210.75.194.192"
    FF - prefs.js..network.proxy.http_port: 8909
    FF - prefs.js..network.proxy.share_proxy_settings: true
    FF - prefs.js..network.proxy.socks: "210.75.194.192"
    FF - prefs.js..network.proxy.socks_port: 8909
    FF - prefs.js..network.proxy.ssl: "210.75.194.192"
    FF - prefs.js..network.proxy.ssl_port: 8909
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011/06/26 22:28:04 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/14 20:42:48 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/14 20:42:48 | 000,000,000 | ---D | M]

    [2010/09/10 00:22:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\c\AppData\Roaming\Mozilla\Extensions
    [2010/09/10 00:22:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\c\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
    [2012/06/09 14:53:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\c\AppData\Roaming\Mozilla\Firefox\Profiles\0xxmzmav.default\extensions
    [2012/05/12 13:24:21 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\c\AppData\Roaming\Mozilla\Firefox\Profiles\0xxmzmav.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    [2012/02/27 23:43:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2012/06/09 14:53:18 | 000,135,517 | ---- | M] () (No name found) -- C:\USERS\c\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0XXMZMAV.DEFAULT\EXTENSIONS\{4093C4DE-454A-4329-8AFF-C6B0B123C386}.XPI
    [2009/07/15 22:55:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
    [2012/04/25 21:24:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2012/02/18 18:47:11 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2012/04/25 21:23:57 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
    [2012/02/27 23:43:07 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012/04/25 21:23:57 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
    [2012/04/25 21:23:57 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
    [2012/04/25 21:24:00 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
    [2012/04/25 21:23:57 | 000,001,121 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google ()
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&output=chrome&hl={language}&q={searchTerms}

    O1 HOSTS File: ([2011/06/26 23:01:42 | 000,000,842 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
    O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
    O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google BAE\BAE.dll (Your Company Name)
    O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
    O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
    O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
    O4 - HKCU..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
    O4 - HKCU..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)
    O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
    O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
    O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.22.0.cab (Reg Error: Key error.)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{40E368A9-D2DF-4925-A965-E950DB7546EB}: DhcpNameServer = 192.168.0.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{40E368A9-D2DF-4925-A965-E950DB7546EB}: NameServer = 208.67.220.222,208.67.220.220
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - File not found
    O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
    O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\VAIO CR Wallpaper Blue 1280x800.jpg
    O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\VAIO CR Wallpaper Blue 1280x800.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
     
     
  12. NeoBob

    NeoBob TS Rookie Topic Starter

    OTListIt.TXT continued...

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/07/07 20:44:29 | 000,000,000 | ---D | C] -- C:\Users\c\AppData\Local\temp
    [2012/07/07 20:34:22 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2012/07/07 19:44:25 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/07/07 19:44:25 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/07/07 19:44:25 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/07/07 19:44:06 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2012/07/07 19:43:59 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/07/07 19:42:26 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/07/04 22:51:45 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2012/06/14 20:58:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    [2012/06/14 20:56:36 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2012/06/14 20:56:35 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2012/06/14 20:42:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
    [2012/06/14 20:42:05 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
    [2012/06/09 19:11:48 | 000,000,000 | ---D | C] -- C:\Users\c\AppData\Roaming\Avira
    [2012/06/09 19:07:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
    [2012/06/09 19:06:06 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
    [2012/06/09 19:06:05 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
    [2012/06/09 19:06:05 | 000,112,032 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avfwot.sys
    [2012/06/09 19:06:05 | 000,091,968 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avfwim.sys
    [2012/06/09 19:06:05 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
    [2012/06/09 19:06:05 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
    [2012/06/09 19:06:04 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
    [2012/06/09 14:31:09 | 000,000,000 | ---D | C] -- C:\Users\c\Desktop\Downloads

    ========== Files - Modified Within 30 Days ==========

    [2012/07/08 00:47:35 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/07/08 00:47:35 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/07/07 20:47:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/07/07 20:46:32 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
    [2012/07/06 09:20:11 | 000,020,066 | ---- | M] () -- C:\Users\c\Documents\cc_20120706_092005.reg
    [2012/07/05 19:05:30 | 261,880,411 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2012/07/05 18:46:15 | 004,982,411 | ---- | M] () -- C:\Windows\System32\sofcache.dll
    [2012/06/15 00:05:52 | 000,136,192 | ---- | M] () -- C:\Users\c\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/06/14 21:45:57 | 000,000,104 | ---- | M] () -- C:\Users\c\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
    [2012/06/14 21:37:57 | 003,775,256 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2012/06/14 21:17:46 | 000,600,690 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/06/14 21:17:45 | 000,108,572 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012/06/14 20:58:23 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2012/06/14 20:42:34 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
    [2012/06/09 19:07:50 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
    [2012/06/08 18:06:27 | 000,008,268 | ---- | M] () -- C:\Users\c\AppData\Local\d3d9caps.dat

    ========== Files Created - No Company Name ==========

    [2012/07/07 19:44:25 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/07/07 19:44:25 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/07/07 19:44:25 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/07/07 19:44:25 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/07/07 19:44:25 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/07/06 09:20:09 | 000,020,066 | ---- | C] () -- C:\Users\c\Documents\cc_20120706_092005.reg
    [2012/07/05 19:05:30 | 261,880,411 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2012/06/14 21:45:57 | 000,000,104 | ---- | C] () -- C:\Users\c\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Explorer.lnk
    [2012/06/14 20:58:23 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2012/06/14 20:42:34 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
    [2012/06/09 19:07:50 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
    [2011/11/23 19:57:27 | 004,982,411 | ---- | C] () -- C:\Windows\System32\sofcache.dll
    [2011/09/13 21:46:16 | 001,889,766 | ---- | C] () -- C:\Windows\System32\offcache.dll
    [2011/06/25 17:14:16 | 000,171,778 | ---- | C] () -- C:\Windows\hpoins52.dat
    [2011/06/25 17:14:16 | 000,001,333 | ---- | C] () -- C:\Windows\hpomdl52.dat
    [2011/06/12 14:39:46 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
    [2011/06/08 22:59:40 | 000,033,019 | ---- | C] () -- C:\Windows\System32\CoreAAC-uninstall.exe
    [2011/05/02 19:24:38 | 000,001,456 | ---- | C] () -- C:\Users\c\AppData\Local\Adobe Save for Web 12.0 Prefs
    [2011/04/21 19:56:00 | 000,000,001 | ---- | C] () -- C:\Windows\System32\uuddc32.dll
    [2010/09/21 10:10:30 | 003,133,440 | ---- | C] () -- C:\Windows\System32\w32tmsvr.exe
    [2010/09/21 10:10:30 | 003,133,440 | ---- | C] () -- C:\Windows\System32\credwsvr.exe
    [2010/09/21 10:00:36 | 001,094,144 | ---- | C] () -- C:\Windows\System32\wudrix86.dll
    [2010/09/21 10:00:36 | 001,094,144 | ---- | C] () -- C:\Windows\System32\NlsLex86.dll
    [2010/09/21 10:00:24 | 000,135,168 | ---- | C] () -- C:\Windows\System32\rtutil32.dll
    [2010/09/21 10:00:24 | 000,135,168 | ---- | C] () -- C:\Windows\System32\mdm32.dll
    [2009/07/16 10:40:21 | 000,004,096 | -H-- | C] () -- C:\Users\c\AppData\Local\keyfile3.drm
    [2009/03/15 22:56:13 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
    [2008/12/08 21:52:58 | 000,000,111 | ---- | C] () -- C:\Users\c\rpdeluxe.properties
    [2008/08/06 18:14:27 | 000,136,192 | ---- | C] () -- C:\Users\c\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2008/08/06 18:14:26 | 000,008,268 | ---- | C] () -- C:\Users\c\AppData\Local\d3d9caps.dat

    ========== LOP Check ==========

    [2010/09/23 10:15:41 | 000,000,000 | ---D | M] -- C:\Users\c\AppData\Roaming\BraCa_Soft
    [2009/12/30 00:13:36 | 000,000,000 | ---D | M] -- C:\Users\c\AppData\Roaming\Broad Intelligence
    [2011/06/27 22:56:37 | 000,000,000 | ---D | M] -- C:\Users\c\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2011/03/26 18:13:14 | 000,000,000 | ---D | M] -- C:\Users\c\AppData\Roaming\DameWare Development
    [2012/07/05 03:24:24 | 000,000,000 | ---D | M] -- C:\Users\c\AppData\Roaming\FileZilla
    [2009/03/27 00:44:32 | 000,000,000 | ---D | M] -- C:\Users\c\AppData\Roaming\InterVideo
    [2011/08/06 21:28:45 | 000,000,000 | ---D | M] -- C:\Users\c\AppData\Roaming\LEAPS
    [2011/03/26 20:45:14 | 000,000,000 | ---D | M] -- C:\Users\c\AppData\Roaming\mkvtoolnix
    [2011/08/06 21:23:27 | 000,000,000 | ---D | M] -- C:\Users\c\AppData\Roaming\Pegasys Inc
    [2009/02/17 20:34:31 | 000,000,000 | ---D | M] -- C:\Users\c\AppData\Roaming\Sports Interactive
    [2011/09/26 16:21:49 | 000,000,000 | ---D | M] -- C:\Users\c\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
    [2011/11/05 13:16:22 | 000,000,000 | ---D | M] -- C:\Users\c\AppData\Roaming\TeamViewer
    [2011/03/26 18:13:10 | 000,000,000 | ---D | M] -- C:\Users\c\AppData\Roaming\Thinstall
    [2010/09/10 00:22:35 | 000,000,000 | ---D | M] -- C:\Users\c\AppData\Roaming\TomTom
    [2008/09/09 19:43:12 | 000,000,000 | ---D | M] -- C:\Users\c\AppData\Roaming\URSoft
    [2012/04/19 20:00:22 | 000,000,000 | ---D | M] -- C:\Users\c\AppData\Roaming\uTorrent
    [2012/06/07 20:56:36 | 000,000,000 | ---D | M] -- C:\Users\c\AppData\Roaming\VSRevoGroup
    [2012/06/05 15:44:09 | 000,000,000 | ---D | M] -- C:\Users\c\AppData\Roaming\Yamb
    [2012/07/07 20:46:35 | 000,032,626 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========

    < %SYSTEMDRIVE%\*.exe >

    < %systemroot%\*. /mp /s >

    < MD5 for: EXPLORER.EXE >
    [2007/09/01 17:56:14 | 000,041,327 | ---- | M] (Корпорация Майкрософт) MD5=1A737E01558ACD57E9BAFD1407998FB7 -- C:\Users\c\Desktop\EHAC\Thinstalled Apps\Thinstaller\explorer.exe
    [2008/10/29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
    [2008/10/29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
    [2008/10/30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
    [2008/08/07 19:20:48 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
    [2008/08/07 19:20:48 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
    [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\erdnt\cache\explorer.exe
    [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
    [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
    [2008/10/28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
    [2006/11/02 10:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
    [2008/01/19 08:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

    < MD5 for: USERINIT.EXE >
    [2008/01/19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\erdnt\cache\userinit.exe
    [2008/01/19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
    [2008/01/19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
    [2006/11/02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

    < MD5 for: WINLOGON.EXE >
    [2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
    [2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\erdnt\cache\winlogon.exe
    [2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
    [2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
    [2006/11/02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
    [2008/01/19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

    < %systemroot%\*. /mp /s >

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 184 bytes -> C:\ProgramData\TEMP:8303F807
    @Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:B3D74A13
    < End of report >
     
  13. NeoBob

    NeoBob TS Rookie Topic Starter

    ---- Extras.TXT ----
    OTL Extras logfile created on: 08/07/2012 01:45:32 - Run 1
    OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\c\Desktop\Downloads
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

    2.00 Gb Total Physical Memory | 1.27 Gb Available Physical Memory | 63.53% Memory free
    4.23 Gb Paging File | 2.90 Gb Available in Paging File | 68.47% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 139.65 Gb Total Space | 15.33 Gb Free Space | 10.98% Space Free | Partition Type: NTFS
    Drive D: | 1.90 Gb Total Space | 1.61 Gb Free Space | 84.63% Space Free | Partition Type: FAT
    Drive E: | 7.60 Gb Total Space | 7.60 Gb Free Space | 100.00% Space Free | Partition Type: FAT32

    Computer Name: c-PC | User Name: c | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0772BAF7-EFE7-4CBF-8B41-489BDE5B9250}" = lport=137 | protocol=17 | dir=in | app=system |
    "{0ECB8187-8E12-41F0-98AB-553A722667A5}" = rport=138 | protocol=17 | dir=out | app=system |
    "{12F3C868-B44C-49CA-B786-5161C287B904}" = lport=139 | protocol=6 | dir=in | app=system |
    "{2EED7AD9-C31B-4046-8C93-DA41331E6BA1}" = lport=138 | protocol=17 | dir=in | app=system |
    "{311170C1-5B38-449B-9CEE-91215AD7FBEA}" = rport=137 | protocol=17 | dir=out | app=system |
    "{5B2E64F1-416F-43D9-BD92-BA527218010A}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
    "{76707660-42B1-4AB3-8190-8A241C22E422}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
    "{7C498688-0852-4260-AD11-F1C6E755FD57}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{7CAD31E5-7139-48F9-992A-2ED80A330B56}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{89583AD5-307A-4589-8D53-8E900C14314C}" = rport=445 | protocol=6 | dir=out | app=system |
    "{98B323D3-C15D-41A9-A1C9-873F87D8F7D4}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{A51FCFDB-BA97-497B-AE99-BCC65199B32D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{A8F49689-DB3E-478C-8438-47C35F4768B9}" = rport=139 | protocol=6 | dir=out | app=system |
    "{B4C24D86-0B75-4A09-B5E9-2884F56762EA}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{C73BD1E4-38A3-4BDD-A8E9-480D9EFDAFB1}" = lport=445 | protocol=6 | dir=in | app=system |
    "{F833F03E-2149-4FC8-93E6-B89F54956167}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{049DC1F0-FEA5-4D60-A6A3-3A3B7D6C0C67}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
    "{0B623A3D-29AC-445C-9573-F054622CE5F8}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{15E25E15-7026-4722-9E0E-376848744615}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
    "{1B668A00-E8D7-45C1-A613-C0DD6965D47E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{1C3902C0-FB07-47DB-9166-C3E0828813E6}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
    "{1F581B24-0D59-4F0F-9362-E8E2CA3C6DD2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
    "{23CDCC52-DB5B-4CC0-B94F-A99484D8BBB8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{2AA2971C-ACC6-49D4-A36E-DAA12D510581}" = protocol=17 | dir=in | app=c:\program files\sports interactive\football manager 2009\fm.exe |
    "{2EF4C253-6A0B-416E-9A24-2404B639C1E2}" = dir=in | app=c:\program files\itunes\itunes.exe |
    "{2FB86C56-ECD9-4D6F-B123-31A6E58582EB}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
    "{346A1340-14DF-41D3-A600-A975E31581F7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{5D663C07-A0B9-43CB-8E89-516551E613CD}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
    "{616A8A6B-E973-48A5-9835-A444ED9EE080}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
    "{65AB96B5-DAA9-4B9C-B530-B871C7653541}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
    "{6B3778E1-2D8F-41FE-A00F-EF6E6E8EBF54}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{88B8667D-712F-4228-A449-9F5427BFB13F}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
    "{925DF098-64F4-4EA0-A58B-B55E0DA8C3AF}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{CA6C21EA-85D6-47B9-886A-2DB3D8C3C9EE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{D3829045-FAF6-4F91-92C7-EE17BCB2C4E9}" = protocol=6 | dir=in | app=c:\program files\sports interactive\football manager 2009\fm.exe |
    "{DEAA5ECC-8B61-4F2B-82D0-91AFCE21E751}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{EE867A8F-538F-4860-97FC-412A79F99E4D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
    "TCP Query User{0C89CDCF-601A-43F8-A323-ADF1F6B32911}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe |
    "TCP Query User{1554C10E-5467-4846-929B-0621EC046F3C}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe |
    "TCP Query User{196AFE6C-3195-43E9-8D63-C8187A01F30A}C:\xampp\mysql\bin\mysqld.exe" = protocol=6 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
    "TCP Query User{337BCF39-3552-4B2F-9C13-811C7D1892E7}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
    "TCP Query User{39ED8FEA-21DE-4623-AE47-D188C04F6AEE}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "TCP Query User{9454C5CA-8A90-433C-BFF9-983D28CEC661}C:\program files\microsoft games\rise of nations\nations.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\rise of nations\nations.exe |
    "TCP Query User{F3AE8659-C20E-406A-AEA3-FC404CC8049A}C:\programdata\kaspersky lab setup files\kaspersky internet security 2009\english\setup.exe" = protocol=6 | dir=in | app=c:\programdata\kaspersky lab setup files\kaspersky internet security 2009\english\setup.exe |
    "UDP Query User{13BCED9F-012C-4B87-A2B2-E42A8C8B5F4B}C:\program files\microsoft games\rise of nations\nations.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\rise of nations\nations.exe |
    "UDP Query User{B00CDFDC-9B48-46EF-ABDF-F8B18C36D115}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe |
    "UDP Query User{B9F10E00-141E-4A0A-9F83-1E31741BD9DF}C:\xampp\mysql\bin\mysqld.exe" = protocol=17 | dir=in | app=c:\xampp\mysql\bin\mysqld.exe |
    "UDP Query User{BBF2AE54-80A0-4045-A3F0-25C6D8702F39}C:\programdata\kaspersky lab setup files\kaspersky internet security 2009\english\setup.exe" = protocol=17 | dir=in | app=c:\programdata\kaspersky lab setup files\kaspersky internet security 2009\english\setup.exe |
    "UDP Query User{D8A3E46F-0F4F-40EF-BF7F-AE6551450DD3}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
    "UDP Query User{DE2D9CA9-F29D-45F7-8DAE-C04CD2D7058D}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe |
    "UDP Query User{FC74074B-0210-4A0C-8EBE-FCA4D9C40CF7}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00E3E16A-EF37-6F18-2501-821AAB6903AB}" = ccc-core-static
    "{017FDD1B-A971-4084-B652-584181002812}" = VAIO Content Metadata Intelligent Analyzing Manager
    "{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
    "{021AD585-5EEE-4B58-83BC-0AC86008EBC8}" = VAIO Media Registration Tool
    "{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
    "{0299E902-A8ED-7748-4A47-8080C42436F2}" = Catalyst Control Center Core Implementation
    "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
    "{0360D8F0-626A-4E87-8A16-938BD0BEBCC5}" = 32 Bit HP CIO Components Installer
    "{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.1.0.2200
    "{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
    "{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
    "{0AF28D4B-7525-4C85-A89E-10C23D6959AA}" = TMPGEnc Authoring Works 4
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
    "{0D8189EB-8824-AA13-6A45-8201E3353AC8}" = CCC Help German
    "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
    "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
    "{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
    "{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
    "{12D0BE8D-538C-4AB1-86DE-C540308F50DA}" = VAIO Content Metadata Manager Settings
    "{14F47992-EF70-16D9-1DD6-8A240073CD82}" = ATI Catalyst Install Manager
    "{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}" = VAIO Launcher
    "{165E861A-D87F-5BED-190E-8EBC4ECCE65E}" = Catalyst Control Center Graphics Light
    "{17F8195F-91B9-35A7-E4B9-6E54C0B7B9B3}" = CCC Help Korean
    "{18510937-0146-417B-95D8-14706649C384}" = VAIO Content Metadata Manager Settings
    "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
    "{1B47F7BA-7CF9-4F00-9340-099E3A004059}" = VAIO Update Merge Module x86
    "{1EDDE5D9-7455-3159-41BE-1BC8C76B8950}" = CCC Help Spanish
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
    "{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0
    "{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
    "{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting
    "{248BF282-92C4-4C53-09F4-454E81503277}" = Catalyst Control Center Localization Italian
    "{268723B7-A994-4286-9F85-B974D5CAFC7B}" = EasyRecovery Professional
    "{28549656-3CB3-44B6-9FAB-925A18DAC796}" = VAIO Movie Story
    "{28B52CF6-FC4D-38E7-2438-62EB527780FD}" = Catalyst Control Center Graphics Full Existing
    "{291FB4BF-EEC7-4CF9-8469-F39ED1DBC4D8}" = VAIO Content Metadata XML Interface Library
    "{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
    "{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}" = GTA2
    "{29ADBAC3-97C3-1963-0F76-1687F73154D7}" = Catalyst Control Center Localization French
    "{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}" = Wireless Switch Setting Utility
    "{2E0993DB-99D1-3D3D-FDD8-757F7C44BB7F}" = CCC Help French
    "{2E2F4CB9-70B3-B6BA-1241-BC53FE5BE5DA}" = Catalyst Control Center Localization Thai
    "{31E6A959-22FA-51B9-4E5A-1E2D2C0C8F1E}" = CCC Help Hungarian
    "{356181AD-C50C-394F-20D8-C6CB0A961589}" = Catalyst Control Center Localization Portuguese
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
    "{46B9C26B-4370-C68D-1743-4F13AC12B4CD}" = CCC Help Turkish
    "{495B3F8D-06AA-216A-6159-C9EABA6B7D8E}" = CCC Help Chinese Traditional
    "{4A074D34-1F3D-B98F-CFF9-B2794DA33871}" = Catalyst Control Center Localization Danish
    "{4A790D47-EBBF-659B-96BD-46AF5D69730B}" = Catalyst Control Center Localization Chinese Traditional
    "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
    "{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
    "{4EA55D20-27FB-45D7-8726-147E8A5F6C62}" = VAIO MusicBox
    "{4F2D0C45-FA25-47B2-A013-E2B15D3C6E7E}_is1" = X2X Free Video Flip and Rotate 2.0
    "{4FE475AA-C4CC-115A-1422-5DFB86FC806D}" = Catalyst Control Center Localization Hungarian
    "{500162A0-4DD5-460A-BAFD-895AAE48C532}" = VAIO Media Content Collection 6.0
    "{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
    "{5463642B-44B3-34D3-E64E-0ACAA949BB5A}" = CCC Help Finnish
    "{560F6B2E-F0DF-44E5-8190-A4A161F0E205}" = VAIO Media 6.0
    "{56345504-DE57-4528-A18B-A567D1E52928}" = ArcSoft Magic-I Visual Effects
    "{568457D9-A55B-D9BC-13EC-14C84E69BD86}" = Catalyst Control Center Graphics Full New
    "{56A6F256-5323-4617-3AE8-45B28B559E37}" = CCC Help English
    "{57A3A36F-626E-8848-D9E0-41FCDC92FECA}" = CCC Help Portuguese
    "{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
    "{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}" = VAIO Media Redistribution 6.0
    "{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic
    "{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update
    "{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
    "{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
    "{6332AFF1-9D9A-429C-AA03-F82749FA4F49}" = SonicStage Mastering Studio
    "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
    "{6788581C-ECDA-326B-EE71-F9BE4635355F}" = Catalyst Control Center Localization Korean
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc
    "{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
    "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
    "{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
    "{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
    "{6CE464DB-CD52-F4F9-FB58-BC934702A499}" = CCC Help Japanese
    "{6D2576EC-A0E9-418A-A09A-409933A3B6F4}" = VAIO Camera Capture Utility
    "{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7193B0D6-65E4-6FB1-EB23-E9CE6D611BDC}" = CCC Help Czech
    "{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
    "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{785EB1D4-ECEC-4195-99B4-73C47E187721}" = VAIO Media Integrated Server 6.1
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
    "{7C404084-C5A6-42FF-B731-0BAC79A6E134}" = VAIO Original Function Settings
    "{7CB64BD2-0FB7-E037-6924-EA2B8BE44E7E}" = CCC Help Greek
    "{7F6C2F96-3302-784E-BF0D-65D794E39BC2}" = Catalyst Control Center Localization Norwegian
    "{802889F8-6AF5-45A5-9764-CA5B999E50FC}" = VAIO Power Management
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
    "{84EA9BEB-AFF7-06C6-60DF-608807EA7DF2}" = Catalyst Control Center Localization German
    "{8550D6A8-0DBC-AC89-F12B-71167346845E}" = Catalyst Control Center Localization Dutch
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A2224A1-7C5F-170C-74B6-6EEF9F92FCC3}" = CCC Help Norwegian
    "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
    "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
    "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
    "{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{95229EF6-F4A1-413A-BA50-668311FAFE19}" = VAIO Original Function Settings
    "{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" =
    "{96E425D4-2DB1-6B29-0944-7DC78E9EEF81}" = Catalyst Control Center Localization Finnish
    "{98FC7A64-774B-49B5-B046-4B4EBC053FA9}" = VAIO MusicBox Sample Music
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9C1C8A04-F8CA-4472-A92D-4288CE32DE86}" = SonicStage Mastering Studio Plugins
    "{9E332EEA-DCFC-424B-E499-0D35FFAD4D76}" = Catalyst Control Center Localization Greek
    "{9F165569-C622-3F85-0F90-23CF9B0B7E50}" = Catalyst Control Center Localization Turkish
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A3563827-B0DB-44DC-B037-15CC4E5E692F}" = VAIO Content Metadata XML Interface Library
    "{A38F2A2D-F9AC-6303-A14D-DD2D77519627}" = Catalyst Control Center Localization Polish
    "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
    "{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{ABF29EC7-47C1-4C63-8FE7-3824FD66F357}" = VAIO Content Metadata Intelligent Analyzing Manager
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
    "{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 6.0
    "{B07FD2DE-87AB-976B-9E7E-9CD9598D1188}" = CCC Help Italian
    "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story
    "{B66AD8F4-0951-407E-807F-C300F6970B5A}" = VAIO Media
    "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
    "{B74686F4-939E-9D89-2C09-3B0FCB3C2B37}" = Catalyst Control Center Localization Japanese
    "{B7FB0C86-41A4-4402-9A33-912C462042A0}" = Roxio Easy Media Creator Home
    "{B982D59B-B732-C911-51F3-CC962F906573}" = ccc-utility
    "{BFCBC9EC-8ECC-2E8F-85DF-9D02C3B6E8AD}" = CCC Help Thai
    "{C0482AA0-9CDF-49B4-9B39-551FD1A7A7E6}" = VAIO Movie Story 1.5 Upgrade
    "{C1141112-2968-FB36-0DF7-9D61AE6A0DCF}" = CCC Help Chinese Standard
    "{C1164ED0-EF08-4B0B-8084-3BDAEAAEFD8D}" = HP Photosmart Prem C410 All-In-One Driver 14.0 Rel. 7
    "{C11B0B31-C101-4B56-8BA8-F5113022EF2B}" = VAIO Content Metadata Intelligent Analyzing Manager
    "{C3F19A5F-35A8-4FDB-A6ED-0F4CE398DA48}" = Nokia Connectivity Cable Driver
    "{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
    "{C9B56B00-7A33-378D-E64E-E044BE535A46}" = Catalyst Control Center Localization Chinese Standard
    "{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
    "{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{CF0F8D1B-5FB9-468D-BD88-E6239906D2B7}" = Click to Disc
    "{D17D6E7A-DF1E-41E9-B8C2-0078110221A3}" = VAIO Update Merge Module x86
    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
    "{D2D23D08-D10E-43D6-883C-78E0B2AC9CC6}" = VU5x86
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
    "{D79FDDB3-D6DD-63CC-BA61-D5406F392979}" = Catalyst Control Center Localization Russian
    "{D7BF3B76-EEF9-4868-9B2B-42ABF60B279A}" = Microsoft_VC80_CRT_x86
    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
    "{DA3C6D93-6EB8-BF5C-2C14-2B1A08284DBD}" = Catalyst Control Center Graphics Previews Vista
    "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
    "{DEFB9CA4-6242-B988-E263-CD102219F54F}" = Skins
    "{DF02B276-8216-D2FC-1E3D-E6382F8F6D91}" = Catalyst Control Center Localization Swedish
    "{DF7DB916-90E5-40F2-9010-B8125EB5FD6F}" = SonicStage Mastering Studio Audio Filter
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E40EE28E-1009-B9B3-1E6B-635E878EAFF4}" = CCC Help Danish
    "{E4715C25-7114-4F40-A915-C1951D4D7520}" = VAIO Update Merge Module x86
    "{E626EA97-DC4B-B9C2-5120-F826D00623D5}" = Catalyst Control Center Localization Spanish
    "{E66BB7B9-EC7B-45A6-B479-AD43A9B32AA0}" = SonicStage Mastering Studio
    "{E6707034-D7A4-49B1-94D0-F5AACE46F06C}" = Instant Mode
    "{E8EF1266-1D1F-C2FB-1E98-2FB9E71B3C7C}" = Catalyst Control Center Graphics Previews Common
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{EC37A846-53AC-4DA7-98FA-76A4E74AA900}" = SonicStage Mastering Studio Audio Filter Custom Preset
    "{ED1273B9-C028-C97D-BBF4-B667AD1644AE}" = CCC Help Dutch
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
    "{F1FD0F66-34CF-4555-8B13-BCFC96F3864C}" = Branding
    "{F217D8AF-965B-4D3E-8F14-AC47B9CA535B}" = PS_AIO_07_C410_SW_Min
    "{F2D89AED-46DA-3DAF-CE35-BEA81D3CCE4B}" = CCC Help Polish
    "{F536B64C-FA0C-AAEE-AE89-E15B12E7C659}" = CCC Help Swedish
    "{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" =
    "{F76F1E24-BFF9-9754-FDB4-595A7DFF8651}" = CCC Help Russian
    "{F8ECA4D4-3CB6-3B1C-A20A-884D5744C0FF}" = Catalyst Control Center Localization Czech
    "{FBB02B04-C034-4382-A3F6-57416E2752C4}" = Adobe Creative Suite 5 Master Collection
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
    "AC3Filter_is1" = AC3Filter 1.63b
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "AnyDVD" = AnyDVD
    "Avi2Dvd" = Avi2Dvd 0.6.2
    "Avira AntiVir Desktop" = Avira Internet Security 2012
    "AviSynth" = AviSynth 2.5
    "BayGenie eBay Auction Sniper Pro Edition_is1" = BayGenie eBay Auction Sniper Pro Edition 3.3.5.7
    "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
    "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
    "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
    "CoreAAC Audio Decoder" = CoreAAC Audio Decoder (remove only)
    "dt icon module" =
    "DVD Decrypter" = DVD Decrypter (Remove Only)
    "DVD Shrink_is1" = DVD Shrink 3.2
    "EASEUS Data Recovery Wizard Professional 5.0.1_is1" = EASEUS Data Recovery Wizard Professional 5.0.1
    "ENTERPRISER" = Microsoft Office Enterprise 2007
    "ffdshow_is1" = ffdshow [rev 3299] [2010-03-03]
    "FileZilla Client" = FileZilla Client 3.5.0
    "Football Manager 2009" = Football Manager 2009
    "Foxit PDF Editor" = Foxit PDF Editor
    "GameSpy Arcade" = GameSpy Arcade
    "gtfirstboot Setting Request" =
    "HaaliMkx" = Haali Media Splitter
    "InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
    "InstallShield_{268723B7-A994-4286-9F85-B974D5CAFC7B}" = EasyRecovery Professional
    "InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
    "InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
    "KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.4.5
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
    "MarketingTools" = Vaio Marketing Tools
    "MediaCoder iPod Edition" = MediaCoder iPod Edition
    "MFU Module" =
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Mozilla Firefox 12.0 (x86 en-GB)" = Mozilla Firefox 12.0 (x86 en-GB)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-15-19-01
    "Photo****et" = Photo****et
    "Picasa 3" = Picasa 3
    "Recover My Files_is1" = Recover My Files
    "Recuva" = Recuva
    "RescuePRO-Deluxe" = RescuePRO Deluxe 4.0
    "RiseOfNations 1.0" = Microsoft Rise Of Nations
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "TomTom HOME" = TomTom HOME 2.7.6.2056
    "Update Service" = Update Service
    "uTorrent" = µTorrent
    "VAIO Help and Support" =
    "VAIO_My Club VAIO" = My Club VAIO
    "VAIO_Photoshop" =
    "VAIO_Standard" =
    "VirtualCloneDrive" = VirtualCloneDrive
    "WBFS Manager 3.0" = WBFS Manager 3.0
    "WinLiveSuite" = Windows Live Essentials
    "WinPcapInst" = WinPcap 4.0.2
    "WinRAR archiver" = WinRAR archiver
    "Xvid_is1" = Xvid 1.2.2 final uninstall
    "Your Uninstaller! 2008_is1" = Your Uninstaller! 2008 Version 6.0
    "Zattoo" = Zattoo 3.3.4 Beta

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "5f48e2ab41c5d005" = RapidShare Manager

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 20/11/2011 18:42:17 | Computer Name = c-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 2325

    Error - 20/11/2011 18:42:18 | Computer Name = c-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 20/11/2011 18:42:18 | Computer Name = c-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 3401

    Error - 20/11/2011 18:42:18 | Computer Name = c-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 3401

    Error - 20/11/2011 18:42:20 | Computer Name = c-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 20/11/2011 18:42:20 | Computer Name = c-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 5070

    Error - 20/11/2011 18:42:20 | Computer Name = c-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 5070

    Error - 20/11/2011 18:42:21 | Computer Name = c-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 20/11/2011 18:42:21 | Computer Name = c-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 6630

    Error - 20/11/2011 18:42:21 | Computer Name = c-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 6630

    [ System Events ]
    Error - 07/07/2012 14:45:44 | Computer Name = c-PC | Source = Service Control Manager | ID = 7034
    Description =

    Error - 07/07/2012 14:46:26 | Computer Name = c-PC | Source = Service Control Manager | ID = 7030
    Description =

    Error - 07/07/2012 15:12:09 | Computer Name = c-PC | Source = Service Control Manager | ID = 7030
    Description =

    Error - 07/07/2012 15:16:38 | Computer Name = c-PC | Source = Service Control Manager | ID = 7030
    Description =

    Error - 07/07/2012 15:20:23 | Computer Name = c-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 07/07/2012 15:20:23 | Computer Name = c-PC | Source = Service Control Manager | ID = 7026
    Description =

    Error - 07/07/2012 15:46:21 | Computer Name = c-PC | Source = DCOM | ID = 10010
    Description =

    Error - 07/07/2012 15:48:54 | Computer Name = c-PC | Source = DCOM | ID = 10016
    Description =

    Error - 07/07/2012 15:49:13 | Computer Name = c-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 07/07/2012 15:49:13 | Computer Name = c-PC | Source = Service Control Manager | ID = 7026
    Description =


    < End of report >
     
  14. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Did you enable all these proxies?


    Are restrictions like this typical for your computer? This attribute in NetSvcs controls the hours that the user is allowed to logon to the domain.

    In addition, there are A LOT of firewall rules. Were they set by you or is this a company computer? I want to make sure nobody is going to get in trouble here.

    Any more issues?

    We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

    Many of the things to note for us would be:

    • Slow computer
    • Error messages
    • Fake antivirus alerts or the icon in the system tray
    • svchost.exe running at 100%
    • System crashes or blue screen of death
     
  15. NeoBob

    NeoBob TS Rookie Topic Starter

    Hi DMJ,

    It's my home computer so no restrictions should be on it. I've got malwarebytes and avira premium installed if that makes any difference?

    The computer itself seems to be running a bit slow but I'm not sure why. In task manager it doesn't show any program using a high percentage of cpu. Other than that the computer seems ok. Many thanks.
     
  16. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    What about the proxies?
     
  17. NeoBob

    NeoBob TS Rookie Topic Starter

    Nope I didn't add any. What would they be for?
     
  18. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Used to protect/encrypt/anonymize access to certain websites.
     
  19. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello. Are you still with us?

    Your thread has been marked as "Inactive" because of your lack of reply. Please let us know how your computer is running, or if you want to continue in this topic.

    Thanks.
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.