Solved Google redirect bug

D

daveym1983

Posts: 30   +0
My computer is infected with a virus that redirects to other pages after I click a link from a Google search. I would appreciate any help in removing this. Thanks

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.22.03

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 8.0.6001.19088

David :: SONY-LAPTOP [administrator]

Protection: Enabled

22/05/2012 21:38:13
mbam-log-2012-05-22 (21-38-13).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 232291
Time elapsed: 2 minute(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


MER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-05-22 21:15:27
Windows 6.0.6001 Service Pack 1
Running: p9d4redo.exe; Driver: C:\Users\David\AppData\Local\Temp\kwliypob.sys


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\001e3d028a02 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\00214f5169a2 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\00214f577747 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\00214f577747@001842e9e304 0x38 0xB8 0x67 0xC5 ...
Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\00214f577747@2421abed309f 0xD7 0x97 0x90 0x88 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e3d028a02
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00214f5169a2
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00214f577747
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00214f577747@001842e9e304 0x38 0xB8 0x67 0xC5 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00214f577747@2421abed309f 0xD7 0x97 0x90 0x88 ...
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\001e3d028a02 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\00214f5169a2 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\00214f577747 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\00214f577747@001842e9e304 0x38 0xB8 0x67 0xC5 ...
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\00214f577747@2421abed309f 0xD7 0x97 0x90 0x88 ...
Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\001e3d028a02 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\00214f5169a2 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\00214f577747 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\00214f577747@001842e9e304 0x38 0xB8 0x67 0xC5 ...
Reg HKLM\SYSTEM\ControlSet005\Services\BTHPORT\Parameters\Keys\00214f577747@2421abed309f 0xD7 0x97 0x90 0x88 ...
Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\001e3d028a02 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\00214f5169a2 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\00214f577747 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\00214f577747@001842e9e304 0x38 0xB8 0x67 0xC5 ...
Reg HKLM\SYSTEM\ControlSet006\Services\BTHPORT\Parameters\Keys\00214f577747@2421abed309f 0xD7 0x97 0x90 0x88 ...
Reg HKLM\SYSTEM\ControlSet007\Services\BTHPORT\Parameters\Keys\001e3d028a02 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\BTHPORT\Parameters\Keys\00214f5169a2 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\BTHPORT\Parameters\Keys\00214f577747 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\BTHPORT\Parameters\Keys\00214f577747@001842e9e304 0x38 0xB8 0x67 0xC5 ...
Reg HKLM\SYSTEM\ControlSet007\Services\BTHPORT\Parameters\Keys\00214f577747@2421abed309f 0xD7 0x97 0x90 0x88 ...

---- EOF - GMER 1.0.15 ----
 
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19088 BrowserJavaVersion: 1.6.0_31
Run by David at 21:16:11 on 2012-05-22
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.353.1033.18.3038.1503 [GMT 1:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\RtkAudioService.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Protector Suite QL\upeksvr.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
C:\Program Files\Kontiki\KService.exe
C:\Windows\StartupMonitor.exe
C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Sony\Network Utility\LANUtil.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Sony\Network Utility\NSUService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\wermgr.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ie/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: MHURLSearchHook Class: {1c4ab6a5-595f-4e86-b15f-f93cce2bbd48} - c:\program files\celebrity toolbar\tbhelper.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: MHTBPos00 Class: {0c37b053-fd68-456a-82e1-d788ee342e6f} - c:\program files\celebrity toolbar\tbcore3.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\progra~1\google~1\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Celebrity Toolbar: {fd2fd708-1f6f-4b68-b141-c5778f0c19bb} - c:\program files\celebrity toolbar\tbcore3.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [NSUFloatingUI] "c:\program files\sony\network utility\LANUtil.exe"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Nokia.PCSync] "c:\program files\nokia\nokia pc suite 7\PCSync2.exe" /NoDialog
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [ISBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe"
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [PSQLLauncher] "c:\program files\protector suite ql\launcher.exe" /startup
mRun: [MarketingTools] c:\program files\sony\marketing tools\MarketingTools.exe
mRun: [AML] c:\program files\sony\vaio launcher\AML.exe InitApp
mRun: [Run StartupMonitor] StartupMonitor.exe
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{8A6E4EFB-BE48-4C95-B171-A5176696F996} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{A575AA6B-D6D6-4D3C-BEAD-63611D847F94} : DhcpNameServer = 192.168.1.254
Notify: psfus - c:\windows\system32\psqlpwd.dll
Notify: VESWinlogon - VESWinlogon.dll
AppInit_DLLs: c:\progra~1\google\google~1\googledesktopnetwork3.dll c:\progra~1\google\google~1\GOEC62~1.DLL
LSA: Notification Packages = scecli psqlpwd
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\david\appdata\roaming\mozilla\firefox\profiles\knnxaer7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ie/ig
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\picasa2\npPicasa2.dll
FF - plugin: c:\program files\picasa2\npPicasa3.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\david\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-2-18 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-2-18 314456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-2-18 20568]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-2-18 55128]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-2-18 44768]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-2-16 654408]
R2 NSUService;NSUService;c:\program files\sony\network utility\NSUService.exe [2008-8-20 299008]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-18 11032]
R2 RtkAudioService;Realtek Audio Service;c:\windows\RTKAUDIOSERVICE.EXE [2008-7-31 98304]
R2 VAIO Power Management;VAIO Power Management;c:\program files\sony\vaio power management\SPMService.exe [2008-7-31 411488]
R2 VCFw;VAIO Content Folder Watcher;c:\program files\common files\sony shared\vaio content folder watcher\VCFw.exe [2008-6-20 415744]
R3 AVerAVF2;AVerAVF2;c:\windows\system32\drivers\AVerAVF2.sys [2008-7-31 979584]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2008-7-31 29736]
R3 JMCR_CFS;JMCR_CFS;c:\windows\system32\drivers\jmcr_cfs.sys [2008-7-2 52752]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2009-12-25 114672]
R3 kwliypob;kwliypob;c:\users\david\appdata\local\temp\kwliypob.sys [2012-5-22 100864]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-2-16 22344]
R3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\drivers\NETw5v32.sys [2008-4-28 3658752]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-7-31 44064]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2010-9-18 27632]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2008-7-31 9344]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-1 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-9 257696]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2009-4-6 13224]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-8-20 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-1 135664]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-28 129976]
S3 SOHCImp;VAIO Media plus Content Importer;c:\program files\sony\vaio media plus\SOHCImp.exe [2008-8-20 103712]
S3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\sony\vaio media plus\SOHDms.exe [2008-8-20 353568]
S3 SOHDs;VAIO Media plus Device Searcher;c:\program files\sony\vaio media plus\SOHDs.exe [2008-8-20 62752]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\sony ericsson\sony ericsson pc companion\PCCService.exe [2010-9-19 155344]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe [2008-8-20 337184]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper.exe [2008-8-20 83232]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-05-16 18:51:18 6734704 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{602d7b5c-d2d3-4a8f-be5e-74df134eb8d1}\mpengine.dll
2012-04-29 22:06:51 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2012-04-29 22:06:51 190464 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-04-27 23:34:49 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-04-27 23:34:32 157352 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe
2012-04-27 23:34:32 129976 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe
.
==================== Find3M ====================
.
2012-05-06 13:26:14 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-06 13:26:13 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-06 13:26:10 4140192 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-04-04 14:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-26 01:07:20 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-23 09:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 21:23:11.85 ===============
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Ultimate
Boot Device: \Device\HarddiskVolume2
Install Date: 29/10/2008 02:20:30
System Uptime: 22/05/2012 17:47:27 (4 hours ago)
.
Motherboard: Sony Corporation | | VAIO
Processor: Intel(R) Core(TM)2 Duo CPU T9600 @ 2.80GHz | N/A | 2801/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 107 GiB total, 9.553 GiB free.
D: is FIXED (NTFS) - 466 GiB total, 363.95 GiB free.
E: is Removable
F: is Removable
G: is Removable
H: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: Photosmart C4700 series
Device ID: ROOT\IMAGE\0000
Manufacturer: HP
Name: Photosmart C4700 series
PNP Device ID: ROOT\IMAGE\0000
Service: StillCam
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart C4700 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart C4700 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
.
Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer
7-Zip 4.57
Activation Assistant for the 2007 Microsoft Office suites
Adobe Acrobat 8 Standard - English, Français, Deutsch
Adobe Acrobat 8.1.3 Standard
Adobe Common File Installer
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop Elements 6.0
Adobe Premiere Elements 4.0
Adobe Premiere Elements 4.0 Templates
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft WebCam Companion 2
AudibleManager
avast! Free Antivirus
Big Fish Games Game Suite
BitTornado 0.3.17
Bonjour
Browser Address Error Redirector
BufferChm
C4700
Click to Disc
Click to Disc Editor
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
COWON Media Center - jetAudio Basic VX
COWON S9 User's Guide
Destinations
DeviceDiscovery
DivX Converter
DivX Converter Mobile
DivX Plus DirectShow Filters
DivX Setup
DivX Version Checker
Dolby Control Center
DSD Direct
DSD Direct Player
DSD Playback Plug-in
eircom broadband usage meter
ESET Online Scanner v3
ffdshow
FLFooty TV 2.2
FM Genie Scout 11 version 1.00
FMRTE
FMRTE 5.2.3
Football Manager 2011
Football Manager 2012
FootyOnline.tv
Google Chrome
Google Desktop
Google Earth
Google Talk (remove only)
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
Gordon's Gate Flash Driver 2.2.0.8
GPBaseService2
H264 Codecs
HDAUDIO SoftV92 Data Fax Modem with SmartCP
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Participation Program 14.0
HP Imaging Device Functions 14.0
HP Photo Creations
HP Photosmart C4700 All-in-One Driver Software 14.0 Rel. 6
HP Smart Web Printing 4.60
HP Solution Center 14.0
HP Update
HPPhotoGadget
HPProductAssistant
HPSSupply
Intel PROSet Wireless
Intel(R) PROSet/Wireless WiFi Software
Intel® Matrix Storage Manager
IPTV
iTunes
Java Auto Updater
Java(TM) 6 Update 31
Java(TM) 6 Update 7
JMicron JMB368 ExpressCard CF Adapter
KeyScrambler
LG PC Suite II
LG USB Modem driver
Malwarebytes Anti-Malware version 1.61.0.1400
MarketResearch
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional 2007
Microsoft Office Professional 2007 Trial
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
MKV Player 2.0.1
Mozilla Firefox 12.0 (x86 en-GB)
Mozilla Maintenance Service
MSVC80_x86
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music Transfer
Network
Nokia Connectivity Cable Driver
Nokia PC Suite
NVIDIA Drivers
OpenMG Secure Module 5.1.00
PC Connectivity Solution
Picasa 3
Primo
Protector Suite QL 5.6
PS_AIO_06_C4700_SW_Min
PVSonyDll
QuickTime
QuickTransfer
RealPlayer
Realtek High Definition Audio Driver
Revo Uninstaller 1.85
Roxio Central Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio Easy Media Creator 10 LJ
Roxio Easy Media Creator Home
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Setting Utility Series
Shop for HP Supplies
Sky Player
Skype™ 5.5
SmartWebPrinting
SolutionCenter
SonicStage Mastering Studio
SonicStage Mastering Studio Audio Filter
SonicStage Mastering Studio Audio Filter Custom Preset
SonicStage Mastering Studio Plugins
Sony Ericsson PC Companion 2.01.217
Sony Ericsson Update Engine
Sony Image Data Suite
Sony Picture Utility
Sony Video Shared Library
StartupMonitor
Status
Steam
Synaptics Pointing Device Driver
ThemeEditor
Toolbox
TrayApp
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2598290) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update Service
UseNeXT
VAIO BD Menu Data
VAIO Content Folder Setting
VAIO Content Metadata Intelligent Analyzing Manager
VAIO Content Metadata Manager Setting
VAIO Content Metadata XML Interface Library
VAIO Control Center
VAIO Data Restore Tool
VAIO DVD Menu Data Basic
VAIO Edit Components 6.4
VAIO Entertainment Platform
VAIO Event Service
VAIO Guide 
VAIO Launcher
VAIO Marketing Tools
VAIO Media plus
VAIO Movie Story
VAIO Movie Story Template Data
VAIO MusicBox Sample Music
VAIO Original Function Setting
VAIO Power Management
VAIO Presentation Support
VAIO Smart Network
VAIO Update 4
VAIO Wallpaper Contents
VC80CRTRedist - 8.0.50727.6195
Veetle TV 0.9.18
VideoLAN VLC media player 0.8.1
Virtual Earth 3D (Beta)
WebReg
WIDCOMM Bluetooth Software 6.2.0.4100
Winamp (remove only)
Windows Driver Package - Nokia Modem (05/22/2008 3.8)
Windows Driver Package - Nokia Modem (05/22/2008 7.00.0.1)
Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Media Player Firefox Plugin
WinDVD BD for VAIO
WinRAR archiver
x264 Revision 534 x264.nl (remove only)
.
==== Event Viewer Messages From Past Week ========
.
20/05/2012 15:55:30, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the VzCdbSvc service.
20/05/2012 09:43:45, Error: EventLog [6008] - The previous system shutdown at 21:45:54 on 18/05/2012 was unexpected.
16/05/2012 21:32:21, Error: disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
16/05/2012 20:21:42, Error: Service Control Manager [7034] - The Terminal Services service terminated unexpectedly. It has done this 3 time(s).
16/05/2012 20:21:42, Error: Service Control Manager [7034] - The Telephony service terminated unexpectedly. It has done this 3 time(s).
16/05/2012 20:21:42, Error: Service Control Manager [7034] - The Network Location Awareness service terminated unexpectedly. It has done this 3 time(s).
16/05/2012 20:21:42, Error: Service Control Manager [7034] - The KtmRm for Distributed Transaction Coordinator service terminated unexpectedly. It has done this 3 time(s).
16/05/2012 20:21:42, Error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 3 time(s).
16/05/2012 20:15:41, Error: Service Control Manager [7034] - The Cryptographic Services service terminated unexpectedly. It has done this 2 time(s).
16/05/2012 20:15:41, Error: Service Control Manager [7031] - The Terminal Services service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
16/05/2012 20:15:41, Error: Service Control Manager [7031] - The Telephony service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
16/05/2012 20:15:41, Error: Service Control Manager [7031] - The Network Location Awareness service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
16/05/2012 20:15:41, Error: Service Control Manager [7031] - The KtmRm for Distributed Transaction Coordinator service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 11000 milliseconds: Restart the service.
16/05/2012 20:15:41, Error: Service Control Manager [7031] - The DNS Client service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
16/05/2012 20:14:40, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Telephony service, but this action failed with the following error: An instance of the service is already running.
16/05/2012 20:12:40, Error: Service Control Manager [7031] - The Terminal Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
16/05/2012 20:12:40, Error: Service Control Manager [7031] - The Telephony service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
16/05/2012 20:12:40, Error: Service Control Manager [7031] - The Network Location Awareness service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
16/05/2012 20:12:40, Error: Service Control Manager [7031] - The KtmRm for Distributed Transaction Coordinator service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
16/05/2012 20:12:40, Error: Service Control Manager [7031] - The DNS Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
16/05/2012 20:12:40, Error: Service Control Manager [7031] - The Cryptographic Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
16/05/2012 19:58:45, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
16/05/2012 19:58:06, Error: volmgr [46] - Crash dump initialization failed!
16/05/2012 19:56:48, Error: disk [11] - The driver detected a controller error on \Device\Harddisk0\DR0.
.
==== End Of File ===========================
 
Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

======================================================================

Download Bootkit Remover to your desktop.

  • Unzip downloaded file to your Desktop.
  • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.

=================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
 
Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows Vista Ultimate Edition Service Pack 1 (build 6001)
, 32-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000003`12800000
ATA_Read(): DeviceIoControl() ERROR 87

Size Device Name MBR Status
--------------------------------------------
119 GB \\.\PhysicalDrive0 Controlled by rootkit!

Boot code on some of your physical disks is hidden by a rootkit.
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]


Done;
Press any key to quit...
 
I have downloaded aswMBR but I can't get it to run. I have tried restarting and running as administrator but it just won't run.
 
ListParts by Farbar Version: 12-03-2012 03
Ran by David (administrator) on 22-05-2012 at 23:45:40
Windows Vista (X86)
Running From: C:\Users\David\Downloads
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 46%
Total physical RAM: 3038.14 MB
Available physical RAM: 1637.23 MB
Total Pagefile: 6281.28 MB
Available Pagefile: 4620.02 MB
Total Virtual: 2047.88 MB
Available Virtual: 1964.77 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:106.96 GB) (Free:9.55 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: () (Fixed) (Total:465.75 GB) (Free:363.95 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 119 GB 0 B
Disk 1 Online 466 GB 6144 KB
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 12 GB 1024 KB
Partition 2 Primary 107 GB 12 GB
Partition 3 Primary 1016 KB 119 GB

======================================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

There is no volume associated with this partition.

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 107 GB Healthy System (partition with boot components)

======================================================================================================

Disk: 0
Partition 3
Type : 17 (Suspicious Type)
Hidden: Yes
Active: Yes

There is no volume associated with this partition.

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 0 Extended 466 GB 8033 KB
Partition 1 Logical 466 GB 8064 KB

======================================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D NTFS Partition 466 GB Healthy

======================================================================================================

****** End Of Log ******
 
It looks like we have rootkited partition there.

WARNING!
Proceed with extreme caution!
Deleting wrong partition will result with your computer being unusable.
If you have any doubts, ask.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Download GETxPUD.exe to the desktop of your clean computer

  • Double click on GETxPUD.exe
  • A new folder will appear on the desktop.
  • Open the GETxPUD folder and click on the get&burn.bat
  • The program will download xpud_0.9.2.iso, and upon finished will open BurnCDCC ready to burn the image.
  • Insert blank CD into your CD drive.
  • Click on Start and follow the prompts to burn the image to a CD.
  • Boot bad computer from the CD
  • Click Menu then Terminal Emulator
  • Type parted /dev/sda set 2 boot on
  • Press Enter
  • Type parted /dev/sda rm 3
  • Press Enter
  • Remove xPUD CD, reboot, run aswMBR and post the log
 
That's weird.
Let's try a different way...

WARNING!
Proceed with extreme caution!
Deleting wrong partition will result with your computer being unusable.
If you have any doubts, ask.

===========================================================================================

Download Download gparted-live-0.11.0-7.iso (119.8 MB

Burn it to a CD: http://neosmart.net/wiki/display/G/Burning+ISO+Images+to+a+CD+or+DVD

Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
Boot off of the newly created Gparted CD.

You should be here:
gpartedsplash.png

Press Enter.

By default, "do not touch keymap" is highlighted. Leave this setting alone and just press ENTER:
gpartedkeymaps.png


Choose your language and press ENTER. English is default [33]:
gpartedlanguage.png


Once again, at this prompt, press ENTER:
gpartedgui.png


You will now be taken to the main GUI screen below:
gpartedo.png

According to your logs, the partition that you want to delete is the small partition of 1016 KB.
Click on it to highlight it.
Click the trash can icon to delete and then click Apply.

You should now be here confirming your actions:
gpartedsteps.png


Now you should be here:
gpartedsuccessclose.png


Is "boot" next to your OS drive?
gpartedboot.png


If "boot" is NOT next to your OS drive under "Flags", right-mouse click the OS drive while in Gparted and select Manage Flags.

In the menu that pops up, place a checkmark in boot like the picture below:
gpartedmanageflagsboot.png


Now double-click the
gpartedexit.png
button.

You should receive a small pop up like this:
gpartedexitreboot.png


Choose reboot and then press OK.

Post new ListParts by Farbar log.
 
That seems to have worked. Thanks.

ListParts by Farbar Version: 12-03-2012 03
Ran by David (administrator) on 27-05-2012 at 01:19:25
Windows Vista (X86)
Running From: C:\Users\David\Downloads
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 43%
Total physical RAM: 3038.14 MB
Available physical RAM: 1715.57 MB
Total Pagefile: 6277.29 MB
Available Pagefile: 5070.44 MB
Total Virtual: 2047.88 MB
Available Virtual: 1964.77 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:106.96 GB) (Free:9.49 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: () (Fixed) (Total:465.75 GB) (Free:363.95 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 119 GB 0 B
Disk 1 Online 466 GB 6144 KB
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 12 GB 1024 KB
Partition 2 Primary 107 GB 12 GB

======================================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

There is no volume associated with this partition.

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 107 GB Healthy System (partition with boot components)

======================================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 0 Extended 466 GB 8033 KB
Partition 1 Logical 466 GB 8064 KB

======================================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D NTFS Partition 466 GB Healthy

======================================================================================================

****** End Of Log ******
 
Redirection is gone and browser is a lot faster.

I've tried aswMBR, it begins the scan, runs for about 30 seconds then the computer suddenly reboots before the scan has finished. I've tried it 3 times with the same result each time.
 
Try to run it from safe mode.

If it still fails....

Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
aswMBR was a no go in safe mode also

3:03:54.0893 3784 TDSS rootkit removing tool 2.7.37.0 May 23 2012 08:15:30
03:03:55.0197 3784 ============================================================
03:03:55.0197 3784 Current date / time: 2012/05/27 03:03:55.0197
03:03:55.0197 3784 SystemInfo:
03:03:55.0197 3784
03:03:55.0197 3784 OS Version: 6.0.6001 ServicePack: 1.0
03:03:55.0197 3784 Product type: Workstation
03:03:55.0197 3784 ComputerName: SONY-LAPTOP
03:03:55.0197 3784 UserName: David
03:03:55.0197 3784 Windows directory: C:\Windows
03:03:55.0197 3784 System windows directory: C:\Windows
03:03:55.0197 3784 Processor architecture: Intel x86
03:03:55.0197 3784 Number of processors: 2
03:03:55.0197 3784 Page size: 0x1000
03:03:55.0197 3784 Boot type: Normal boot
03:03:55.0197 3784 ============================================================
03:03:55.0524 3784 Drive \Device\Harddisk0\DR0 - Size: 0x1DCFE00000 (119.25 Gb), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
03:03:55.0882 3784 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
03:03:55.0986 3784 ============================================================
03:03:55.0986 3784 \Device\Harddisk0\DR0:
03:03:55.0986 3784 MBR partitions:
03:03:55.0986 3784 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1894000, BlocksNum 0xD5EA800
03:03:55.0986 3784 \Device\Harddisk1\DR1:
03:03:55.0986 3784 MBR partitions:
03:03:55.0994 3784 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F00, BlocksNum 0x3A380D41
03:03:55.0994 3784 ============================================================
03:03:55.0996 3784 C: <-> \Device\Harddisk0\DR0\Partition0
03:03:56.0018 3784 D: <-> \Device\Harddisk1\DR1\Partition0
03:03:56.0019 3784 ============================================================
03:03:56.0019 3784 Initialize success
03:03:56.0019 3784 ============================================================
03:04:17.0385 5248 ============================================================
03:04:17.0385 5248 Scan started
03:04:17.0385 5248 Mode: Manual;
03:04:17.0385 5248 ============================================================
03:04:17.0530 5248 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
03:04:17.0533 5248 ACPI - ok
03:04:17.0544 5248 AdobeActiveFileMonitor6.0 (e8fe4fce23d2809bd88bcc1d0f8408ce) C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
03:04:17.0546 5248 AdobeActiveFileMonitor6.0 - ok
03:04:17.0563 5248 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
03:04:17.0566 5248 AdobeFlashPlayerUpdateSvc - ok
03:04:17.0592 5248 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
03:04:17.0596 5248 adp94xx - ok
03:04:17.0617 5248 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
03:04:17.0621 5248 adpahci - ok
03:04:17.0629 5248 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
03:04:17.0631 5248 adpu160m - ok
03:04:17.0649 5248 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
03:04:17.0653 5248 adpu320 - ok
03:04:17.0658 5248 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
03:04:17.0659 5248 AeLookupSvc - ok
03:04:17.0675 5248 AFD (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys
03:04:17.0678 5248 AFD - ok
03:04:17.0683 5248 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
03:04:17.0684 5248 agp440 - ok
03:04:17.0690 5248 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
03:04:17.0691 5248 aic78xx - ok
03:04:17.0696 5248 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
03:04:17.0697 5248 ALG - ok
03:04:17.0701 5248 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
03:04:17.0702 5248 aliide - ok
03:04:17.0707 5248 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
03:04:17.0708 5248 amdagp - ok
03:04:17.0712 5248 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
03:04:17.0713 5248 amdide - ok
03:04:17.0717 5248 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
03:04:17.0719 5248 AmdK7 - ok
03:04:17.0724 5248 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
03:04:17.0726 5248 AmdK8 - ok
03:04:17.0730 5248 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
03:04:17.0731 5248 Appinfo - ok
03:04:17.0739 5248 Apple Mobile Device (018857ead9a077a56aedfc0e5ef7a24a) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
03:04:17.0741 5248 Apple Mobile Device - ok
03:04:17.0750 5248 AppMgmt (c56ded3fe618c8bae1aaaf4e801ccb3e) C:\Windows\System32\appmgmts.dll
03:04:17.0752 5248 AppMgmt - ok
03:04:17.0758 5248 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
03:04:17.0760 5248 arc - ok
03:04:17.0765 5248 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
03:04:17.0768 5248 arcsas - ok
03:04:17.0782 5248 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
03:04:17.0784 5248 aspnet_state - ok
03:04:17.0788 5248 aswFsBlk (054df24c92b55427e0757cfff160e4f2) C:\Windows\system32\drivers\aswFsBlk.sys
03:04:17.0789 5248 aswFsBlk - ok
03:04:17.0794 5248 aswMonFlt (258143605e77e4008f1758481d6a977d) C:\Windows\system32\drivers\aswMonFlt.sys
03:04:17.0795 5248 aswMonFlt - ok
03:04:17.0799 5248 aswRdr (352d5a48ebab35a7693b048679304831) C:\Windows\system32\drivers\aswRdr.sys
03:04:17.0800 5248 aswRdr - ok
03:04:17.0824 5248 aswSnx (8d34d2b24297e27d93e847319abfdec4) C:\Windows\system32\drivers\aswSnx.sys
03:04:17.0829 5248 aswSnx - ok
03:04:17.0847 5248 aswSP (010012597333da1f46c3243f33f8409e) C:\Windows\system32\drivers\aswSP.sys
03:04:17.0851 5248 aswSP - ok
03:04:17.0855 5248 aswTdi (f9f84364416658e9786235904d448d37) C:\Windows\system32\drivers\aswTdi.sys
03:04:17.0856 5248 aswTdi - ok
03:04:17.0860 5248 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
03:04:17.0861 5248 AsyncMac - ok
03:04:17.0864 5248 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
03:04:17.0865 5248 atapi - ok
03:04:17.0884 5248 AudioEndpointBuilder (42076e29aafa0830a2c5d4e310f58dd1) C:\Windows\System32\Audiosrv.dll
03:04:17.0887 5248 AudioEndpointBuilder - ok
03:04:17.0890 5248 Audiosrv (42076e29aafa0830a2c5d4e310f58dd1) C:\Windows\System32\Audiosrv.dll
03:04:17.0891 5248 Audiosrv - ok
03:04:17.0898 5248 avast! Antivirus (996e6d052438e8d8dfd501f31560b2e0) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
03:04:17.0899 5248 avast! Antivirus - ok
03:04:17.0953 5248 AVerAVF2 (d853b8cc794681baa69617174c5d9db8) C:\Windows\system32\DRIVERS\AVerAVF2.sys
03:04:17.0964 5248 AVerAVF2 - ok
03:04:17.0970 5248 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
03:04:17.0971 5248 Beep - ok
03:04:17.0989 5248 BFE (8582e233c346aefe759833e8a30dd697) C:\Windows\System32\bfe.dll
03:04:17.0992 5248 BFE - ok
03:04:18.0030 5248 BITS (02ed7b4dbc2a3232a389106da7515c3d) C:\Windows\system32\qmgr.dll
03:04:18.0044 5248 BITS - ok
03:04:18.0050 5248 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
03:04:18.0051 5248 blbdrive - ok
03:04:18.0071 5248 Bonjour Service (f832f1505ad8b83474bd9a5b1b985e01) C:\Program Files\Bonjour\mDNSResponder.exe
03:04:18.0073 5248 Bonjour Service - ok
03:04:18.0079 5248 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
03:04:18.0080 5248 bowser - ok
03:04:18.0083 5248 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
03:04:18.0085 5248 BrFiltLo - ok
03:04:18.0088 5248 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
03:04:18.0089 5248 BrFiltUp - ok
03:04:18.0096 5248 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
03:04:18.0098 5248 Browser - ok
03:04:18.0110 5248 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
03:04:18.0112 5248 Brserid - ok
03:04:18.0120 5248 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
03:04:18.0122 5248 BrSerWdm - ok
03:04:18.0126 5248 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
03:04:18.0127 5248 BrUsbMdm - ok
03:04:18.0130 5248 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
03:04:18.0131 5248 BrUsbSer - ok
03:04:18.0141 5248 BthEnum (ae19cfbbba41800f3d5343e21d2ca09f) C:\Windows\system32\DRIVERS\BthEnum.sys
03:04:18.0142 5248 BthEnum - ok
03:04:18.0147 5248 BTHMODEM (5ffa6988ff9597986ff2ada736cc90c0) C:\Windows\system32\DRIVERS\bthmodem.sys
03:04:18.0149 5248 BTHMODEM - ok
03:04:18.0156 5248 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
03:04:18.0157 5248 BthPan - ok
03:04:18.0184 5248 BTHPORT (75f19df0bc62992d05fdd8a32d968531) C:\Windows\system32\Drivers\BTHport.sys
03:04:18.0188 5248 BTHPORT - ok
03:04:18.0193 5248 BthServ (fc930b47a83f5f61dfadc64a0719de43) C:\Windows\System32\bthserv.dll
03:04:18.0194 5248 BthServ - ok
03:04:18.0198 5248 BTHUSB (4ce2a25c5936bc515357d60fee73f221) C:\Windows\system32\Drivers\BTHUSB.sys
03:04:18.0199 5248 BTHUSB - ok
03:04:18.0205 5248 btwaudio (ed97cd06ef748004b8aac56c2d0aa5db) C:\Windows\system32\drivers\btwaudio.sys
03:04:18.0206 5248 btwaudio - ok
03:04:18.0213 5248 btwavdt (4871b5ed4757197135ff65be61da44b3) C:\Windows\system32\drivers\btwavdt.sys
03:04:18.0214 5248 btwavdt - ok
03:04:18.0240 5248 btwdins (346b62198c40d6cf12a3fa8804247adf) C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
03:04:18.0246 5248 btwdins - ok
03:04:18.0250 5248 btwl2cap (6af9fd2aeebdc16a98d3e30e68440c5c) C:\Windows\system32\DRIVERS\btwl2cap.sys
03:04:18.0251 5248 btwl2cap - ok
03:04:18.0255 5248 btwrchid (f5da7df99cf11fcb68e2bea12002f63a) C:\Windows\system32\DRIVERS\btwrchid.sys
03:04:18.0256 5248 btwrchid - ok
03:04:18.0263 5248 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
03:04:18.0264 5248 cdfs - ok
03:04:18.0270 5248 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
03:04:18.0271 5248 cdrom - ok
03:04:18.0275 5248 CertPropSvc (87c2d0377b23e2d8a41093c2f5fb1a5b) C:\Windows\System32\certprop.dll
03:04:18.0277 5248 CertPropSvc - ok
03:04:18.0281 5248 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
03:04:18.0282 5248 circlass - ok
03:04:18.0296 5248 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
03:04:18.0299 5248 CLFS - ok
03:04:18.0307 5248 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
03:04:18.0310 5248 clr_optimization_v2.0.50727_32 - ok
03:04:18.0321 5248 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
03:04:18.0328 5248 clr_optimization_v4.0.30319_32 - ok
03:04:18.0333 5248 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
03:04:18.0334 5248 CmBatt - ok
03:04:18.0337 5248 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
03:04:18.0338 5248 cmdide - ok
03:04:18.0342 5248 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
03:04:18.0343 5248 Compbatt - ok
03:04:18.0345 5248 COMSysApp - ok
03:04:18.0350 5248 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
03:04:18.0351 5248 crcdisk - ok
03:04:18.0356 5248 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
03:04:18.0357 5248 Crusoe - ok
03:04:18.0366 5248 CryptSvc (6de363f9f99334514c46aec02d3e3678) C:\Windows\system32\cryptsvc.dll
03:04:18.0368 5248 CryptSvc - ok
03:04:18.0384 5248 CSC (9a5434125c3dfe42393de4bbb791bd19) C:\Windows\system32\drivers\csc.sys
03:04:18.0388 5248 CSC - ok
03:04:18.0411 5248 CscService (cb1d480676229a09eef1dd4d23c5edf3) C:\Windows\System32\cscsvc.dll
03:04:18.0417 5248 CscService - ok
03:04:18.0443 5248 DcomLaunch (301ae00e12408650baddc04dbc832830) C:\Windows\system32\rpcss.dll
03:04:18.0449 5248 DcomLaunch - ok
03:04:18.0459 5248 DfsC (a3e9fa213f443ac77c7746119d13feec) C:\Windows\system32\Drivers\dfsc.sys
03:04:18.0460 5248 DfsC - ok
03:04:18.0569 5248 DFSR (fa3463f25f9cc9c3bcf1e7912feff099) C:\Windows\system32\DFSR.exe
03:04:18.0603 5248 DFSR - ok
03:04:18.0658 5248 Dhcp (43a988a9c10333476cb5fb667cbd629d) C:\Windows\System32\dhcpcsvc.dll
03:04:18.0660 5248 Dhcp - ok
03:04:18.0670 5248 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
03:04:18.0671 5248 disk - ok
03:04:18.0674 5248 DMICall (f206e28ed74c491fd5d7c0a1119ce37f) C:\Windows\system32\DRIVERS\DMICall.sys
03:04:18.0675 5248 DMICall - ok
03:04:18.0681 5248 Dnscache (4805d9a6d281c7a7defd9094dec6af7d) C:\Windows\System32\dnsrslvr.dll
03:04:18.0683 5248 Dnscache - ok
03:04:18.0694 5248 dot3svc (5af620a08c614e24206b79e8153cf1a8) C:\Windows\System32\dot3svc.dll
03:04:18.0697 5248 dot3svc - ok
03:04:18.0707 5248 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
03:04:18.0710 5248 Dot4 - ok
03:04:18.0713 5248 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
03:04:18.0714 5248 Dot4Print - ok
03:04:18.0719 5248 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
03:04:18.0720 5248 dot4usb - ok
03:04:18.0729 5248 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
03:04:18.0732 5248 DPS - ok
03:04:18.0734 5248 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
03:04:18.0736 5248 drmkaud - ok
03:04:18.0770 5248 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
03:04:18.0778 5248 DXGKrnl - ok
03:04:18.0787 5248 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
03:04:18.0788 5248 E1G60 - ok
03:04:18.0794 5248 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
03:04:18.0796 5248 EapHost - ok
03:04:18.0805 5248 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
03:04:18.0807 5248 Ecache - ok
03:04:18.0825 5248 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
03:04:18.0829 5248 ehRecvr - ok
03:04:18.0837 5248 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
03:04:18.0838 5248 ehSched - ok
03:04:18.0841 5248 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
03:04:18.0842 5248 ehstart - ok
03:04:18.0862 5248 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
03:04:18.0866 5248 elxstor - ok
03:04:18.0898 5248 EMDMgmt (70b1a86df0c8ead17d2bc332edae2c7c) C:\Windows\system32\emdmgmt.dll
03:04:18.0908 5248 EMDMgmt - ok
03:04:18.0911 5248 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
03:04:18.0912 5248 ErrDev - ok
03:04:18.0931 5248 EventSystem (3cb3343d720168b575133a0a20dc2465) C:\Windows\system32\es.dll
03:04:18.0935 5248 EventSystem - ok
03:04:18.0979 5248 EvtEng (306ac856622864c761cbdb5e816bb9d8) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
03:04:18.0988 5248 EvtEng - ok
03:04:18.0998 5248 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
03:04:19.0001 5248 exfat - ok
03:04:19.0010 5248 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
03:04:19.0013 5248 fastfat - ok
03:04:19.0042 5248 Fax (dfba0f60fa301e5b1bfb1403a93ee23e) C:\Windows\system32\fxssvc.exe
03:04:19.0050 5248 Fax - ok
03:04:19.0054 5248 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
03:04:19.0055 5248 fdc - ok
03:04:19.0058 5248 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
03:04:19.0060 5248 fdPHost - ok
03:04:19.0064 5248 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
03:04:19.0066 5248 FDResPub - ok
03:04:19.0071 5248 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
03:04:19.0072 5248 FileInfo - ok
03:04:19.0076 5248 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
03:04:19.0078 5248 Filetrace - ok
03:04:19.0116 5248 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
03:04:19.0120 5248 FLEXnet Licensing Service - ok
03:04:19.0125 5248 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
03:04:19.0126 5248 flpydisk - ok
03:04:19.0138 5248 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
03:04:19.0140 5248 FltMgr - ok
03:04:19.0146 5248 FontCache3.0.0.0 (c9be08664611ddaf98e2331e9288b00b) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
03:04:19.0147 5248 FontCache3.0.0.0 - ok
03:04:19.0150 5248 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
03:04:19.0150 5248 Fs_Rec - ok
03:04:19.0160 5248 fvevol (1400c747e2b73966b100fdce5426b7b2) C:\Windows\system32\DRIVERS\fvevol.sys
03:04:19.0162 5248 fvevol - ok
03:04:19.0168 5248 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
03:04:19.0170 5248 gagp30kx - ok
03:04:19.0174 5248 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
03:04:19.0174 5248 GEARAspiWDM - ok
03:04:19.0180 5248 getPlusHelper (947da3ad94a7593bfa439939ac5e823b) C:\Program Files\NOS\bin\getPlus_Helper.dll
03:04:19.0182 5248 getPlusHelper - ok
03:04:19.0185 5248 ggflt (007aea2e06e7cef7372e40c277163959) C:\Windows\system32\DRIVERS\ggflt.sys
03:04:19.0186 5248 ggflt - ok
03:04:19.0190 5248 ggsemc (c73de35960ca75c5ab4ae636b127c64e) C:\Windows\system32\DRIVERS\ggsemc.sys
03:04:19.0191 5248 ggsemc - ok
03:04:19.0196 5248 GoogleDesktopManager-051210-111108 (9f5f2f0fb0a7f5aa9f16b9a7b6dad89f) C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
03:04:19.0197 5248 GoogleDesktopManager-051210-111108 - ok
03:04:19.0227 5248 gpsvc (d9f1113d9401185245573350712f92fc) C:\Windows\System32\gpsvc.dll
03:04:19.0237 5248 gpsvc - ok
03:04:19.0245 5248 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
03:04:19.0247 5248 gupdate - ok
03:04:19.0249 5248 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files\Google\Update\GoogleUpdate.exe
03:04:19.0249 5248 gupdatem - ok
03:04:19.0262 5248 gusvc (408ddd80eede47175f6844817b90213e) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
03:04:19.0264 5248 gusvc - ok
03:04:19.0280 5248 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
03:04:19.0284 5248 HdAudAddService - ok
03:04:19.0290 5248 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
03:04:19.0290 5248 HDAudBus - ok
03:04:19.0294 5248 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
03:04:19.0296 5248 HidBth - ok
03:04:19.0299 5248 HidIr (5a87127718873bd7f3bd7ac42b951d8e) C:\Windows\system32\DRIVERS\hidir.sys
03:04:19.0300 5248 HidIr - ok
03:04:19.0304 5248 hidserv (8fa640195279ace21bea91396a0054fc) C:\Windows\System32\hidserv.dll
03:04:19.0306 5248 hidserv - ok
03:04:19.0309 5248 HidUsb (e2b5bd48afcc0f0974fb44641b223250) C:\Windows\system32\DRIVERS\hidusb.sys
03:04:19.0310 5248 HidUsb - ok
03:04:19.0316 5248 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
03:04:19.0319 5248 hkmsvc - ok
03:04:19.0324 5248 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
03:04:19.0326 5248 HpCISSs - ok
03:04:19.0342 5248 hpqcxs08 (5da42d24712e00728cea2342a65009b2) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
03:04:19.0344 5248 hpqcxs08 - ok
03:04:19.0352 5248 hpqddsvc (d86a39bf100069444d026d22d9a6e555) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
03:04:19.0353 5248 hpqddsvc - ok
03:04:19.0390 5248 HPSLPSVC (a04f4ac48895774a2cf9d1c9eaaacef0) C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
03:04:19.0394 5248 HPSLPSVC - ok
03:04:19.0409 5248 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
03:04:19.0414 5248 HSFHWAZL - ok
03:04:19.0464 5248 HSF_DPV (7bc42c65b5c6281777c1a7605b253ba8) C:\Windows\system32\DRIVERS\HSX_DPV.sys
03:04:19.0475 5248 HSF_DPV - ok
03:04:19.0489 5248 HSXHWAZL (9ebf2d102ccbb6bcdfbf1b7922f8ba2e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
03:04:19.0491 5248 HSXHWAZL - ok
03:04:19.0516 5248 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
03:04:19.0521 5248 HTTP - ok
03:04:19.0526 5248 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
03:04:19.0527 5248 i2omp - ok
03:04:19.0532 5248 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
03:04:19.0534 5248 i8042prt - ok
03:04:19.0557 5248 IAANTMON (cb686f44bf955ea02520710a56874fa4) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
03:04:19.0561 5248 IAANTMON - ok
03:04:19.0580 5248 iaStor (db0cc620b27a928d968c1a1e9cd9cb87) C:\Windows\system32\drivers\iastor.sys
03:04:19.0582 5248 iaStor - ok
03:04:19.0597 5248 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
03:04:19.0600 5248 iaStorV - ok
03:04:19.0658 5248 idsvc (7b630acaed64fef0c3e1cf255cb56686) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
03:04:19.0673 5248 idsvc - ok
03:04:19.0678 5248 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
03:04:19.0679 5248 iirsp - ok
03:04:19.0703 5248 IKEEXT (a3bc480a2bf8aa8e4dabd2d5dce0afac) C:\Windows\System32\ikeext.dll
03:04:19.0709 5248 IKEEXT - ok
03:04:19.0824 5248 IntcAzAudAddService (cf2219a2fed4f8f2e0817a2bf1658799) C:\Windows\system32\drivers\RTKVHDA.sys
03:04:19.0847 5248 IntcAzAudAddService - ok
03:04:19.0888 5248 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
03:04:19.0889 5248 intelide - ok
03:04:19.0894 5248 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
03:04:19.0895 5248 intelppm - ok
03:04:19.0901 5248 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
03:04:19.0904 5248 IPBusEnum - ok
03:04:19.0909 5248 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
03:04:19.0911 5248 IpFilterDriver - ok
03:04:19.0923 5248 iphlpsvc (6a35d233693edc29a12742049bc5e37f) C:\Windows\System32\iphlpsvc.dll
03:04:19.0926 5248 iphlpsvc - ok
03:04:19.0929 5248 IpInIp - ok
03:04:19.0935 5248 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
03:04:19.0937 5248 IPMIDRV - ok
03:04:19.0945 5248 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
03:04:19.0946 5248 IPNAT - ok
03:04:19.0997 5248 iPod Service (0ca8c2e721617aa2f923a8151c96fb33) C:\Program Files\iPod\bin\iPodService.exe
03:04:20.0008 5248 iPod Service - ok
03:04:20.0011 5248 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
03:04:20.0012 5248 IRENUM - ok
03:04:20.0019 5248 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
03:04:20.0021 5248 isapnp - ok
03:04:20.0032 5248 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
03:04:20.0034 5248 iScsiPrt - ok
03:04:20.0039 5248 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
03:04:20.0041 5248 iteatapi - ok
03:04:20.0046 5248 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
03:04:20.0047 5248 iteraid - ok
03:04:20.0055 5248 IviRegMgr (213822072085b5bbad9af30ab577d817) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
03:04:20.0056 5248 IviRegMgr - ok
03:04:20.0062 5248 JMCR_CFS (9d3824e189ee26c0ad54db8a76985b39) C:\Windows\system32\DRIVERS\jmcr_cfs.sys
03:04:20.0062 5248 JMCR_CFS - ok
03:04:20.0066 5248 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
03:04:20.0067 5248 kbdclass - ok
03:04:20.0071 5248 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
03:04:20.0072 5248 kbdhid - ok
03:04:20.0075 5248 KeyIso (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
03:04:20.0078 5248 KeyIso - ok
03:04:20.0086 5248 KeyScrambler (7af1e06154e9ee07811b44bbf4fa8f60) C:\Windows\system32\drivers\keyscrambler.sys
03:04:20.0088 5248 KeyScrambler - ok
03:04:20.0112 5248 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
03:04:20.0117 5248 KSecDD - ok
03:04:20.0279 5248 KService (0423bc118534ec23a063e54ebca9b92d) C:\Program Files\Kontiki\KService.exe
03:04:20.0301 5248 KService - ok
03:04:20.0353 5248 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
03:04:20.0359 5248 KtmRm - ok
03:04:20.0372 5248 LanmanServer (1925e63c91cf1610ae41bfd539062079) C:\Windows\System32\srvsvc.dll
03:04:20.0376 5248 LanmanServer - ok
03:04:20.0387 5248 LanmanWorkstation (2ae2e1628c5d3f1c0a46a67c9fa1df15) C:\Windows\System32\wkssvc.dll
03:04:20.0393 5248 LanmanWorkstation - ok
03:04:20.0403 5248 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
03:04:20.0404 5248 lltdio - ok
03:04:20.0416 5248 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
03:04:20.0420 5248 lltdsvc - ok
03:04:20.0424 5248 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
03:04:20.0426 5248 lmhosts - ok
03:04:20.0434 5248 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
03:04:20.0437 5248 LSI_FC - ok
03:04:20.0443 5248 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
03:04:20.0445 5248 LSI_SAS - ok
03:04:20.0453 5248 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
03:04:20.0454 5248 LSI_SCSI - ok
03:04:20.0461 5248 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
03:04:20.0462 5248 luafv - ok
03:04:20.0466 5248 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
03:04:20.0466 5248 MBAMProtector - ok
03:04:20.0500 5248 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
03:04:20.0504 5248 MBAMService - ok
03:04:20.0510 5248 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
03:04:20.0512 5248 Mcx2Svc - ok
03:04:20.0532 5248 MDM (7cf1b716372b89568ae4c0fe769f5869) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
03:04:20.0534 5248 MDM - ok
03:04:20.0538 5248 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
03:04:20.0538 5248 mdmxsdk - ok
03:04:20.0543 5248 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
03:04:20.0544 5248 megasas - ok
03:04:20.0564 5248 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
03:04:20.0568 5248 MegaSR - ok
03:04:20.0573 5248 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
03:04:20.0576 5248 MMCSS - ok
03:04:20.0580 5248 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
03:04:20.0582 5248 Modem - ok
03:04:20.0586 5248 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
03:04:20.0587 5248 monitor - ok
03:04:20.0592 5248 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
03:04:20.0593 5248 mouclass - ok
03:04:20.0596 5248 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
03:04:20.0597 5248 mouhid - ok
03:04:20.0602 5248 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
03:04:20.0604 5248 MountMgr - ok
03:04:20.0613 5248 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
03:04:20.0615 5248 MozillaMaintenance - ok
03:04:20.0622 5248 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
03:04:20.0624 5248 mpio - ok
03:04:20.0630 5248 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
03:04:20.0631 5248 mpsdrv - ok
03:04:20.0659 5248 MpsSvc (d1639ba315b0d79dec49a4b0e1fb929b) C:\Windows\system32\mpssvc.dll
03:04:20.0667 5248 MpsSvc - ok
03:04:20.0671 5248 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
03:04:20.0673 5248 Mraid35x - ok
03:04:20.0680 5248 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
03:04:20.0682 5248 MRxDAV - ok
03:04:20.0690 5248 mrxsmb (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\Windows\system32\DRIVERS\mrxsmb.sys
03:04:20.0691 5248 mrxsmb - ok
03:04:20.0704 5248 mrxsmb10 (6b5fa5adfacac9dbbe0991f4566d7d55) C:\Windows\system32\DRIVERS\mrxsmb10.sys
03:04:20.0705 5248 mrxsmb10 - ok
03:04:20.0712 5248 mrxsmb20 (5c80d8159181c7abf1b14ba703b01e0b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
03:04:20.0713 5248 mrxsmb20 - ok
03:04:20.0717 5248 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
03:04:20.0719 5248 msahci - ok
03:04:20.0727 5248 MSCSPTISRV (a99d2c7e30ad63ef920a894131caf5f7) C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
03:04:20.0729 5248 MSCSPTISRV - ok
03:04:20.0736 5248 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
03:04:20.0738 5248 msdsm - ok
03:04:20.0746 5248 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
03:04:20.0749 5248 MSDTC - ok
03:04:20.0755 5248 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
03:04:20.0756 5248 Msfs - ok
03:04:20.0760 5248 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
03:04:20.0761 5248 msisadrv - ok
03:04:20.0769 5248 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
03:04:20.0772 5248 MSiSCSI - ok
03:04:20.0775 5248 msiserver - ok
03:04:20.0779 5248 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
03:04:20.0780 5248 MSKSSRV - ok
03:04:20.0783 5248 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
 
03:04:20.0784 5248 MSPCLOCK - ok
03:04:20.0788 5248 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
03:04:20.0789 5248 MSPQM - ok
03:04:20.0800 5248 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
03:04:20.0802 5248 MsRPC - ok
03:04:20.0808 5248 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
03:04:20.0809 5248 mssmbios - ok
03:04:20.0812 5248 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
03:04:20.0813 5248 MSTEE - ok
03:04:20.0818 5248 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
03:04:20.0819 5248 Mup - ok
03:04:20.0835 5248 napagent (c43b25863fbd65b6d2a142af3ae320ca) C:\Windows\system32\qagentRT.dll
03:04:20.0841 5248 napagent - ok
03:04:20.0850 5248 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
03:04:20.0852 5248 NativeWifiP - ok
03:04:20.0877 5248 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
03:04:20.0885 5248 NDIS - ok
03:04:20.0889 5248 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
03:04:20.0890 5248 NdisTapi - ok
03:04:20.0893 5248 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
03:04:20.0894 5248 Ndisuio - ok
03:04:20.0902 5248 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
03:04:20.0904 5248 NdisWan - ok
03:04:20.0909 5248 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
03:04:20.0910 5248 NDProxy - ok
03:04:20.0915 5248 Net Driver HPZ12 (69c503c004f49aee8b8e3067cc047ba7) C:\Windows\system32\HPZinw12.dll
03:04:20.0917 5248 Net Driver HPZ12 - ok
03:04:20.0921 5248 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
03:04:20.0922 5248 NetBIOS - ok
03:04:20.0932 5248 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
03:04:20.0935 5248 netbt - ok
03:04:20.0938 5248 Netlogon (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
03:04:20.0940 5248 Netlogon - ok
03:04:20.0957 5248 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
03:04:20.0964 5248 Netman - ok
03:04:20.0980 5248 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
03:04:20.0984 5248 NetMsmqActivator - ok
03:04:20.0986 5248 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
03:04:20.0987 5248 NetPipeActivator - ok
03:04:21.0000 5248 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
03:04:21.0004 5248 netprofm - ok
03:04:21.0007 5248 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
03:04:21.0008 5248 NetTcpActivator - ok
03:04:21.0010 5248 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
03:04:21.0011 5248 NetTcpPortSharing - ok
03:04:21.0189 5248 NETw5v32 (e559ea9138c77b5d1fda8c558764a25f) C:\Windows\system32\DRIVERS\NETw5v32.sys
03:04:21.0228 5248 NETw5v32 - ok
03:04:21.0271 5248 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
03:04:21.0273 5248 nfrd960 - ok
03:04:21.0284 5248 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
03:04:21.0288 5248 NlaSvc - ok
03:04:21.0292 5248 nmwcd (b4e87d4f40c57d036e821bd06db1d1b7) C:\Windows\system32\drivers\ccdcmb.sys
03:04:21.0293 5248 nmwcd - ok
03:04:21.0296 5248 nmwcdc (bee0addf01d62725ddc2cc113d6b374c) C:\Windows\system32\drivers\ccdcmbo.sys
03:04:21.0297 5248 nmwcdc - ok
03:04:21.0302 5248 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
03:04:21.0303 5248 Npfs - ok
03:04:21.0307 5248 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
03:04:21.0310 5248 nsi - ok
03:04:21.0313 5248 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
03:04:21.0314 5248 nsiproxy - ok
03:04:21.0334 5248 NSUService (fd141d19f1392920a6a517316910d770) C:\Program Files\Sony\Network Utility\NSUService.exe
03:04:21.0335 5248 NSUService - ok
03:04:21.0391 5248 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
03:04:21.0409 5248 Ntfs - ok
03:04:21.0413 5248 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
03:04:21.0415 5248 ntrigdigi - ok
03:04:21.0418 5248 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
03:04:21.0419 5248 Null - ok
03:04:21.0424 5248 NVHDA (2c7ac27710e8d41c1eb7d1599187d237) C:\Windows\system32\drivers\nvhda32v.sys
03:04:21.0425 5248 NVHDA - ok
03:04:21.0824 5248 nvlddmkm (7067e24fde736901a1c4197b008c6e9f) C:\Windows\system32\DRIVERS\nvlddmkm.sys
03:04:21.0899 5248 nvlddmkm - ok
03:04:21.0944 5248 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
03:04:21.0946 5248 nvraid - ok
03:04:21.0952 5248 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
03:04:21.0953 5248 nvstor - ok
03:04:21.0966 5248 nvsvc (51ab114bafdcccfb0990b9883ef6c28b) C:\Windows\system32\nvvsvc.exe
03:04:21.0970 5248 nvsvc - ok
03:04:21.0980 5248 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
03:04:21.0982 5248 nv_agp - ok
03:04:21.0984 5248 NwlnkFlt - ok
03:04:21.0988 5248 NwlnkFwd - ok
03:04:22.0020 5248 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
03:04:22.0027 5248 odserv - ok
03:04:22.0033 5248 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
03:04:22.0034 5248 ohci1394 - ok
03:04:22.0044 5248 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
03:04:22.0046 5248 ose - ok
03:04:22.0085 5248 p2pimsvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
03:04:22.0098 5248 p2pimsvc - ok
03:04:22.0103 5248 p2psvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
03:04:22.0109 5248 p2psvc - ok
03:04:22.0116 5248 PACSPTISVR (41c33fb4fd929fed732a00d2daef5be0) C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
03:04:22.0119 5248 PACSPTISVR - ok
03:04:22.0125 5248 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
03:04:22.0127 5248 Parport - ok
03:04:22.0132 5248 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
03:04:22.0134 5248 partmgr - ok
03:04:22.0138 5248 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
03:04:22.0139 5248 Parvdm - ok
03:04:22.0144 5248 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
03:04:22.0147 5248 PcaSvc - ok
03:04:22.0153 5248 pccsmcfd (175cc28dcf819f78caa3fbd44ad9e52a) C:\Windows\system32\DRIVERS\pccsmcfd.sys
03:04:22.0155 5248 pccsmcfd - ok
03:04:22.0165 5248 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
03:04:22.0167 5248 pci - ok
03:04:22.0171 5248 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
03:04:22.0173 5248 pciide - ok
03:04:22.0184 5248 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
03:04:22.0186 5248 pcmcia - ok
03:04:22.0235 5248 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
03:04:22.0250 5248 PEAUTH - ok
03:04:22.0335 5248 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
03:04:22.0361 5248 pla - ok
03:04:22.0404 5248 PlugPlay (78f975cb6d18265be6f492edb2d7bc7b) C:\Windows\system32\umpnpmgr.dll
03:04:22.0410 5248 PlugPlay - ok
03:04:22.0416 5248 Pml Driver HPZ12 (12b4549d515cb26bb8d375038017ca65) C:\Windows\system32\HPZipm12.dll
03:04:22.0418 5248 Pml Driver HPZ12 - ok
03:04:22.0455 5248 PNRPAutoReg (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
03:04:22.0460 5248 PNRPAutoReg - ok
03:04:22.0466 5248 PNRPsvc (5de1a3972fd3112c75eb17bdcf454169) C:\Windows\system32\p2psvc.dll
03:04:22.0471 5248 PNRPsvc - ok
03:04:22.0493 5248 PolicyAgent (47b8f37aa18b74d8c2e1bc1a7a2c8f8a) C:\Windows\System32\ipsecsvc.dll
03:04:22.0500 5248 PolicyAgent - ok
03:04:22.0512 5248 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
03:04:22.0513 5248 PptpMiniport - ok
03:04:22.0518 5248 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
03:04:22.0520 5248 Processor - ok
03:04:22.0523 5248 PROCEXP151 - ok
03:04:22.0535 5248 ProfSvc (b627e4fc8585e8843c5905d4d3587a90) C:\Windows\system32\profsvc.dll
03:04:22.0539 5248 ProfSvc - ok
03:04:22.0542 5248 ProtectedStorage (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
03:04:22.0544 5248 ProtectedStorage - ok
03:04:22.0551 5248 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
03:04:22.0553 5248 PSched - ok
03:04:22.0558 5248 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\Windows\system32\Drivers\PxHelp20.sys
03:04:22.0560 5248 PxHelp20 - ok
03:04:22.0625 5248 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
03:04:22.0638 5248 ql2300 - ok
03:04:22.0651 5248 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
03:04:22.0653 5248 ql40xx - ok
03:04:22.0668 5248 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
03:04:22.0673 5248 QWAVE - ok
03:04:22.0678 5248 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
03:04:22.0679 5248 QWAVEdrv - ok
03:04:22.0682 5248 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
03:04:22.0683 5248 RasAcd - ok
03:04:22.0690 5248 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
03:04:22.0694 5248 RasAuto - ok
03:04:22.0701 5248 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
03:04:22.0702 5248 Rasl2tp - ok
03:04:22.0718 5248 RasMan (6e7c284fc5c4ec07ad164d93810385a6) C:\Windows\System32\rasmans.dll
03:04:22.0723 5248 RasMan - ok
03:04:22.0728 5248 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
03:04:22.0729 5248 RasPppoe - ok
03:04:22.0736 5248 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
03:04:22.0737 5248 RasSstp - ok
03:04:22.0751 5248 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
03:04:22.0754 5248 rdbss - ok
03:04:22.0758 5248 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
03:04:22.0759 5248 RDPCDD - ok
03:04:22.0774 5248 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\DRIVERS\rdpdr.sys
03:04:22.0777 5248 rdpdr - ok
03:04:22.0780 5248 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
03:04:22.0782 5248 RDPENCDD - ok
03:04:22.0794 5248 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
03:04:22.0797 5248 RDPWD - ok
03:04:22.0801 5248 regi (001b4278407f4303efc902a2b16f2453) C:\Windows\system32\drivers\regi.sys
03:04:22.0802 5248 regi - ok
03:04:22.0830 5248 RegSrvc (b33c88df3588acf250b87a004526c31a) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
03:04:22.0833 5248 RegSrvc - ok
03:04:22.0840 5248 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
03:04:22.0843 5248 RemoteAccess - ok
03:04:22.0851 5248 RemoteRegistry (cc4e32400f3c7253400cf8f3f3a0b676) C:\Windows\system32\regsvc.dll
03:04:22.0855 5248 RemoteRegistry - ok
03:04:22.0865 5248 RFCOMM (23f486726da7a9b2f3ec7326421a9c36) C:\Windows\system32\DRIVERS\rfcomm.sys
03:04:22.0867 5248 RFCOMM - ok
03:04:22.0874 5248 rimsptsk (d0c2a0ce1091e08efb7ccba6cea4c3f9) C:\Windows\system32\DRIVERS\rimsptsk.sys
03:04:22.0875 5248 rimsptsk - ok
03:04:22.0880 5248 risdptsk (c22e4e27ccdf9aa5fe8143104f28cde3) C:\Windows\system32\DRIVERS\risdptsk.sys
03:04:22.0882 5248 risdptsk - ok
03:04:22.0885 5248 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
03:04:22.0887 5248 RpcLocator - ok
03:04:22.0918 5248 RpcSs (301ae00e12408650baddc04dbc832830) C:\Windows\system32\rpcss.dll
03:04:22.0923 5248 RpcSs - ok
03:04:22.0929 5248 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
03:04:22.0930 5248 rspndr - ok
03:04:22.0937 5248 RtkAudioService (93eb7f2f895952ac8fe100b5dfc3fe39) C:\Windows\RtkAudioService.exe
03:04:22.0939 5248 RtkAudioService - ok
03:04:22.0942 5248 SamSs (a911ecac81f94adeafbe8e3f7873edb0) C:\Windows\system32\lsass.exe
03:04:22.0944 5248 SamSs - ok
03:04:22.0951 5248 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
03:04:22.0953 5248 sbp2port - ok
03:04:22.0961 5248 SCardSvr (11387e32642269c7e62e8b52c060b3c6) C:\Windows\System32\SCardSvr.dll
03:04:22.0965 5248 SCardSvr - ok
03:04:22.0999 5248 Schedule (7b587b8a6d4a99f79d2902d0385f29bd) C:\Windows\system32\schedsvc.dll
03:04:23.0011 5248 Schedule - ok
03:04:23.0016 5248 SCPolicySvc (87c2d0377b23e2d8a41093c2f5fb1a5b) C:\Windows\System32\certprop.dll
03:04:23.0017 5248 SCPolicySvc - ok
03:04:23.0024 5248 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
03:04:23.0026 5248 sdbus - ok
03:04:23.0034 5248 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
03:04:23.0038 5248 SDRSVC - ok
03:04:23.0042 5248 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
03:04:23.0043 5248 secdrv - ok
03:04:23.0047 5248 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
03:04:23.0051 5248 seclogon - ok
03:04:23.0055 5248 seehcri (e5b56569a9f79b70314fede6c953641e) C:\Windows\system32\DRIVERS\seehcri.sys
03:04:23.0056 5248 seehcri - ok
03:04:23.0061 5248 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
03:04:23.0065 5248 SENS - ok
03:04:23.0069 5248 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
03:04:23.0070 5248 Serenum - ok
03:04:23.0077 5248 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
03:04:23.0079 5248 Serial - ok
03:04:23.0083 5248 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
03:04:23.0085 5248 sermouse - ok
03:04:23.0119 5248 ServiceLayer (277d0890e10584c216bccfa4ef6b9b3d) C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
03:04:23.0126 5248 ServiceLayer - ok
03:04:23.0138 5248 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
03:04:23.0142 5248 SessionEnv - ok
03:04:23.0146 5248 SFEP (8b7c1768d2cde2e02e09a66563ddfd16) C:\Windows\system32\DRIVERS\SFEP.sys
03:04:23.0147 5248 SFEP - ok
03:04:23.0151 5248 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
03:04:23.0153 5248 sffdisk - ok
03:04:23.0156 5248 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
03:04:23.0158 5248 sffp_mmc - ok
03:04:23.0162 5248 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
03:04:23.0163 5248 sffp_sd - ok
03:04:23.0167 5248 sfloppy (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\Windows\system32\DRIVERS\sfloppy.sys
03:04:23.0168 5248 sfloppy - ok
03:04:23.0187 5248 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
03:04:23.0191 5248 SharedAccess - ok
03:04:23.0208 5248 ShellHWDetection (1e3fdb80e40a3ce645f229dfbdfb7694) C:\Windows\System32\shsvcs.dll
03:04:23.0213 5248 ShellHWDetection - ok
03:04:23.0219 5248 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
03:04:23.0222 5248 sisagp - ok
03:04:23.0227 5248 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
03:04:23.0228 5248 SiSRaid2 - ok
03:04:23.0236 5248 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
03:04:23.0238 5248 SiSRaid4 - ok
03:04:23.0376 5248 slsvc (0ba91e1358ad25236863039bb2609a2e) C:\Windows\system32\SLsvc.exe
03:04:23.0424 5248 slsvc - ok
03:04:23.0462 5248 SLUINotify (7c6dc44ca0bfa6291629ab764200d1d4) C:\Windows\system32\SLUINotify.dll
03:04:23.0466 5248 SLUINotify - ok
03:04:23.0476 5248 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
03:04:23.0478 5248 Smb - ok
03:04:23.0485 5248 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
03:04:23.0489 5248 SNMPTRAP - ok
03:04:23.0503 5248 SOHCImp (dc826affa608f50c385bca4c71ef1bdd) C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe
03:04:23.0505 5248 SOHCImp - ok
03:04:23.0527 5248 SOHDms (1ec739f65c51fa1c7ac4502464a3c3a8) C:\Program Files\Sony\VAIO Media plus\SOHDms.exe
03:04:23.0532 5248 SOHDms - ok
03:04:23.0538 5248 SOHDs (ec8fab4ac684445d6032aa5c6e77ca2e) C:\Program Files\Sony\VAIO Media plus\SOHDs.exe
03:04:23.0539 5248 SOHDs - ok
03:04:23.0551 5248 Sony Ericsson PCCompanion (1a623f2b69e1f182f995f963c55db935) C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
03:04:23.0553 5248 Sony Ericsson PCCompanion - ok
03:04:23.0558 5248 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
03:04:23.0560 5248 spldr - ok
03:04:23.0569 5248 Spooler (3665f79026a3f91fbca63f2c65a09b19) C:\Windows\System32\spoolsv.exe
03:04:23.0573 5248 Spooler - ok
03:04:23.0583 5248 SPTISRV (f63102f289ae2039940b22e9b2a8e0bd) C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
03:04:23.0584 5248 SPTISRV - ok
03:04:23.0604 5248 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
03:04:23.0608 5248 srv - ok
03:04:23.0618 5248 srv2 (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys
03:04:23.0620 5248 srv2 - ok
03:04:23.0628 5248 srvnet (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys
03:04:23.0629 5248 srvnet - ok
03:04:23.0649 5248 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
03:04:23.0655 5248 SSDPSRV - ok
03:04:23.0664 5248 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
03:04:23.0668 5248 SstpSvc - ok
03:04:23.0671 5248 Steam Client Service - ok
03:04:23.0676 5248 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
03:04:23.0678 5248 StillCam - ok
03:04:23.0704 5248 stisvc (7dd08a597bc56051f320da0baf69e389) C:\Windows\System32\wiaservc.dll
03:04:23.0712 5248 stisvc - ok
03:04:23.0717 5248 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
03:04:23.0718 5248 swenum - ok
03:04:23.0737 5248 swprv (b36c7cdb86f7f7a8e884479219766950) C:\Windows\System32\swprv.dll
03:04:23.0743 5248 swprv - ok
03:04:23.0748 5248 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
03:04:23.0749 5248 Symc8xx - ok
03:04:23.0754 5248 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
03:04:23.0756 5248 Sym_hi - ok
03:04:23.0760 5248 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
03:04:23.0762 5248 Sym_u3 - ok
03:04:23.0775 5248 SynTP (99da94793332aadbb17bbb521ae56e21) C:\Windows\system32\DRIVERS\SynTP.sys
03:04:23.0777 5248 SynTP - ok
03:04:23.0811 5248 SysMain (8710a92d0024b03b5fb9540df1f71f1d) C:\Windows\system32\sysmain.dll
03:04:23.0823 5248 SysMain - ok
03:04:23.0830 5248 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
03:04:23.0834 5248 TabletInputService - ok
03:04:23.0849 5248 TapiSrv (680916bb09ee0f3a6aca7c274b0d633f) C:\Windows\System32\tapisrv.dll
03:04:23.0855 5248 TapiSrv - ok
03:04:23.0862 5248 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
03:04:23.0866 5248 TBS - ok
03:04:23.0914 5248 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
03:04:23.0929 5248 Tcpip - ok
03:04:23.0937 5248 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
03:04:23.0942 5248 Tcpip6 - ok
03:04:23.0948 5248 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
03:04:23.0950 5248 tcpipreg - ok
03:04:23.0955 5248 TcUsb (72b9e77565da5fa564581976e000d29b) C:\Windows\system32\Drivers\tcusb.sys
03:04:23.0956 5248 TcUsb - ok
03:04:23.0961 5248 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
03:04:23.0962 5248 TDPIPE - ok
03:04:23.0967 5248 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
03:04:23.0968 5248 TDTCP - ok
03:04:23.0975 5248 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
03:04:23.0977 5248 tdx - ok
03:04:23.0983 5248 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
03:04:23.0984 5248 TermDD - ok
03:04:24.0008 5248 TermService (d605031e225aaccbceb5b76a4f1603a6) C:\Windows\System32\termsrv.dll
03:04:24.0016 5248 TermService - ok
03:04:24.0031 5248 Themes (1e3fdb80e40a3ce645f229dfbdfb7694) C:\Windows\system32\shsvcs.dll
03:04:24.0035 5248 Themes - ok
03:04:24.0041 5248 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
03:04:24.0043 5248 THREADORDER - ok
03:04:24.0050 5248 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
03:04:24.0054 5248 TrkWks - ok
03:04:24.0059 5248 TrustedInstaller (16613a1bad034d4ecf957af18b7c2ff5) C:\Windows\servicing\TrustedInstaller.exe
03:04:24.0060 5248 TrustedInstaller - ok
03:04:24.0065 5248 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
03:04:24.0066 5248 tssecsrv - ok
03:04:24.0070 5248 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
03:04:24.0071 5248 tunmp - ok
03:04:24.0075 5248 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
03:04:24.0077 5248 tunnel - ok
03:04:24.0082 5248 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
03:04:24.0084 5248 uagp35 - ok
03:04:24.0100 5248 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
03:04:24.0103 5248 udfs - ok
03:04:24.0111 5248 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
03:04:24.0115 5248 UI0Detect - ok
03:04:24.0117 5248 UIUSys - ok
03:04:24.0125 5248 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
03:04:24.0127 5248 uliagpkx - ok
03:04:24.0145 5248 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
03:04:24.0149 5248 uliahci - ok
03:04:24.0158 5248 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
03:04:24.0160 5248 UlSata - ok
03:04:24.0169 5248 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
03:04:24.0172 5248 ulsata2 - ok
03:04:24.0177 5248 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
03:04:24.0178 5248 umbus - ok
03:04:24.0191 5248 UmRdpService (909795b5b15047d9331f3d6b276b3993) C:\Windows\System32\umrdp.dll
03:04:24.0197 5248 UmRdpService - ok
03:04:24.0213 5248 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
03:04:24.0219 5248 upnphost - ok
03:04:24.0223 5248 upperdev (f5d2aa9d56a3a01a190d01cd961ba0e7) C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
03:04:24.0224 5248 upperdev - ok
03:04:24.0231 5248 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys
03:04:24.0233 5248 USBAAPL - ok
03:04:24.0237 5248 usbbus (3cd48971e76bfa457d7a75e58cd48edc) C:\Windows\system32\DRIVERS\lgusbbus.sys
03:04:24.0238 5248 usbbus - ok
03:04:24.0244 5248 usbccgp (a7cd5b4adea26765cab06bdab7b07b13) C:\Windows\system32\DRIVERS\usbccgp.sys
03:04:24.0246 5248 usbccgp - ok
03:04:24.0252 5248 usbcir (47b9770ea21436de4ad5aea7926e0900) C:\Windows\system32\DRIVERS\usbcir.sys
03:04:24.0254 5248 usbcir - ok
03:04:24.0257 5248 UsbDiag (46ba8ded8d1439f362cbfe22d132200e) C:\Windows\system32\DRIVERS\lgusbdiag.sys
03:04:24.0259 5248 UsbDiag - ok
03:04:24.0264 5248 usbehci (686d4188ae36254c3008b71fedacadf3) C:\Windows\system32\DRIVERS\usbehci.sys
03:04:24.0265 5248 usbehci - ok
03:04:24.0276 5248 usbhub (4e42f665a658f08d153f7fffe7c83806) C:\Windows\system32\DRIVERS\usbhub.sys
03:04:24.0279 5248 usbhub - ok
03:04:24.0283 5248 USBModem (c828cbd0a15380020443945b975eb701) C:\Windows\system32\DRIVERS\lgusbmodem.sys
03:04:24.0284 5248 USBModem - ok
03:04:24.0288 5248 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
03:04:24.0290 5248 usbohci - ok
03:04:24.0294 5248 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
03:04:24.0295 5248 usbprint - ok
03:04:24.0300 5248 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
03:04:24.0302 5248 usbscan - ok
03:04:24.0306 5248 usbser (a96191470581a7091420d25ecd444502) C:\Windows\system32\drivers\usbser.sys
03:04:24.0308 5248 usbser - ok
03:04:24.0311 5248 UsbserFilt (eb2d3830646e393776e1ef98ac76a43d) C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
03:04:24.0313 5248 UsbserFilt - ok
03:04:24.0318 5248 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
03:04:24.0319 5248 USBSTOR - ok
03:04:24.0324 5248 usbuhci (40f95a3d6d50d82f947f1d167c2ec39d) C:\Windows\system32\DRIVERS\usbuhci.sys
03:04:24.0325 5248 usbuhci - ok
03:04:24.0334 5248 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
03:04:24.0336 5248 usbvideo - ok
03:04:24.0340 5248 UxSms (032a0acc3909ae7215d524e29d536797) C:\Windows\System32\uxsms.dll
03:04:24.0344 5248 UxSms - ok
03:04:24.0354 5248 VAIO Entertainment TV Device Arbitration Service (2a640dc735cb0112ac1dcd1e1549b27e) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
03:04:24.0356 5248 VAIO Entertainment TV Device Arbitration Service - ok
03:04:24.0369 5248 VAIO Event Service (693a3fdd279c345105fff9dde277849b) C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
03:04:24.0370 5248 VAIO Event Service - ok
03:04:24.0390 5248 VAIO Power Management (43cec9bf5a4f2917982ad01d92e0f44d) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
03:04:24.0392 5248 VAIO Power Management - ok
03:04:24.0414 5248 VCFw (cbcbe2233d21e9b278f95f5cb28bc8ae) C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
03:04:24.0416 5248 VCFw - ok
03:04:24.0437 5248 VcmIAlzMgr (27888f132d2ee0b72b28093a5f5f20eb) C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
03:04:24.0440 5248 VcmIAlzMgr - ok
03:04:24.0448 5248 VcmXmlIfHelper (ee9abfc2f8f2dcdc624b6a9d5cf3b19d) C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
03:04:24.0451 5248 VcmXmlIfHelper - ok
03:04:24.0453 5248 Vcsw - ok
03:04:24.0500 5248 vds (b13bc395b9d6116628f5af47e0802ac4) C:\Windows\System32\vds.exe
03:04:24.0507 5248 vds - ok
03:04:24.0516 5248 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
03:04:24.0517 5248 vga - ok
03:04:24.0522 5248 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
03:04:24.0524 5248 VgaSave - ok
03:04:24.0529 5248 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
03:04:24.0532 5248 viaagp - ok
03:04:24.0537 5248 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
03:04:24.0539 5248 ViaC7 - ok
03:04:24.0543 5248 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
03:04:24.0545 5248 viaide - ok
03:04:24.0550 5248 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
03:04:24.0552 5248 volmgr - ok
03:04:24.0568 5248 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
03:04:24.0572 5248 volmgrx - ok
03:04:24.0585 5248 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
03:04:24.0588 5248 volsnap - ok
03:04:24.0598 5248 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
03:04:24.0600 5248 vsmraid - ok
03:04:24.0664 5248 VSS (d5fb73d19c46ade183f968e13f186b23) C:\Windows\system32\vssvc.exe
03:04:24.0685 5248 VSS - ok
03:04:24.0701 5248 VzCdbSvc (071634532066c2e29350d450c3412837) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
03:04:24.0702 5248 VzCdbSvc - ok
03:04:24.0722 5248 W32Time (1cf9206966a8458cda9a8b20df8ab7d3) C:\Windows\system32\w32time.dll
03:04:24.0728 5248 W32Time - ok
03:04:24.0738 5248 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
03:04:24.0739 5248 WacomPen - ok
03:04:24.0746 5248 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
03:04:24.0747 5248 Wanarp - ok
03:04:24.0749 5248 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
03:04:24.0750 5248 Wanarpv6 - ok
03:04:24.0799 5248 wbengine (f0e594dd07b2163df9f5d5b6b471ddfa) C:\Windows\system32\wbengine.exe
03:04:24.0817 5248 wbengine - ok
03:04:24.0842 5248 wcncsvc (f3a5c2e1a6533192b070d06ecf6be796) C:\Windows\System32\wcncsvc.dll
03:04:24.0849 5248 wcncsvc - ok
03:04:24.0855 5248 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
03:04:24.0859 5248 WcsPlugInService - ok
03:04:24.0867 5248 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
03:04:24.0869 5248 Wd - ok
03:04:24.0897 5248 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
03:04:24.0903 5248 Wdf01000 - ok
03:04:24.0910 5248 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
03:04:24.0914 5248 WdiServiceHost - ok
03:04:24.0917 5248 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
03:04:24.0921 5248 WdiSystemHost - ok
03:04:24.0933 5248 WebClient (cf9a5f41789b642db967021de06a2713) C:\Windows\System32\webclnt.dll
03:04:24.0939 5248 WebClient - ok
03:04:24.0949 5248 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
03:04:24.0954 5248 Wecsvc - ok
03:04:24.0961 5248 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
03:04:24.0965 5248 wercplsupport - ok
03:04:24.0975 5248 WerSvc (fd1965aaa112c6818a30ab02742d0461) C:\Windows\System32\WerSvc.dll
03:04:24.0979 5248 WerSvc - ok
03:04:24.0989 5248 WimFltr (090a2b8f055343815556a01f725f6c35) C:\Windows\system32\DRIVERS\wimfltr.sys
03:04:24.0992 5248 WimFltr - ok
03:04:25.0030 5248 winachsf (5a77ac34a0ffb70ce8b35b524fede9ba) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
03:04:25.0039 5248 winachsf - ok
03:04:25.0058 5248 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
03:04:25.0061 5248 WinDefend - ok
03:04:25.0067 5248 WinHttpAutoProxySvc - ok
03:04:25.0083 5248 Winmgmt (00b79a7c984678f24cf052e5beb3a2f5) C:\Windows\system32\wbem\WMIsvc.dll
03:04:25.0086 5248 Winmgmt - ok
03:04:25.0150 5248 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
03:04:25.0174 5248 WinRM - ok
03:04:25.0187 5248 WinUSB (f03110711b17ad31271cb2baf0dbb2b1) C:\Windows\system32\DRIVERS\WinUSB.sys
03:04:25.0189 5248 WinUSB - ok
03:04:25.0219 5248 Wlansvc (275f4346e569df56cfb95243bd6f6ff0) C:\Windows\System32\wlansvc.dll
03:04:25.0228 5248 Wlansvc - ok
03:04:25.0232 5248 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
03:04:25.0233 5248 WmiAcpi - ok
03:04:25.0249 5248 wmiApSrv (aba4cf9f856d9a3a25f4ddd7690a6e9d) C:\Windows\system32\wbem\WmiApSrv.exe
03:04:25.0251 5248 wmiApSrv - ok
03:04:25.0302 5248 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
03:04:25.0317 5248 WMPNetworkSvc - ok
03:04:25.0329 5248 WPCSvc (5d94cd167751294962ba238d82dd1bb8) C:\Windows\System32\wpcsvc.dll
03:04:25.0334 5248 WPCSvc - ok
03:04:25.0340 5248 WPDBusEnum (396d406292b0cd26e3504ffe82784702) C:\Windows\system32\wpdbusenum.dll
03:04:25.0346 5248 WPDBusEnum - ok
03:04:25.0355 5248 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
03:04:25.0357 5248 WpdUsb - ok
03:04:25.0407 5248 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
03:04:25.0421 5248 WPFFontCache_v0400 - ok
03:04:25.0427 5248 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
03:04:25.0428 5248 ws2ifsl - ok
03:04:25.0434 5248 wscsvc (683dd16b590372f2c9661d277f35e49c) C:\Windows\system32\wscsvc.dll
03:04:25.0439 5248 wscsvc - ok
03:04:25.0442 5248 WSearch - ok
03:04:25.0543 5248 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
03:04:25.0579 5248 wuauserv - ok
03:04:25.0624 5248 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
03:04:25.0626 5248 WUDFRd - ok
03:04:25.0632 5248 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
03:04:25.0636 5248 wudfsvc - ok
03:04:25.0641 5248 XAudio (88af537264f2b818da15479ceeaf5d7c) C:\Windows\system32\DRIVERS\xaudio.sys
03:04:25.0642 5248 XAudio - ok
03:04:25.0672 5248 XAudioService (15a317674a08df26be65164d959e9203) C:\Windows\system32\DRIVERS\xaudio.exe
03:04:25.0674 5248 XAudioService - ok
03:04:25.0693 5248 yukonwlh (67e3d2af24c3873e6a0cac89de78d63b) C:\Windows\system32\DRIVERS\yk60x86.sys
03:04:25.0697 5248 yukonwlh - ok
03:04:25.0704 5248 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
03:04:25.0978 5248 \Device\Harddisk0\DR0 - ok
03:04:26.0050 5248 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
03:04:26.0052 5248 \Device\Harddisk1\DR1 - ok
03:04:26.0055 5248 Boot (0x1200) (ca674a5cdb66b5729ad7b0d103c757e8) \Device\Harddisk0\DR0\Partition0
03:04:26.0055 5248 \Device\Harddisk0\DR0\Partition0 - ok
03:04:26.0057 5248 Boot (0x1200) (9cede0656759ce8bb281a573de0c2d3e) \Device\Harddisk1\DR1\Partition0
03:04:26.0058 5248 \Device\Harddisk1\DR1\Partition0 - ok
03:04:26.0059 5248 ============================================================
03:04:26.0059 5248 Scan finished
03:04:26.0059 5248 ============================================================
03:04:26.0064 4056 Detected object count: 0
03:04:26.0064 4056 Actual detected object count: 0
 
Looks good :)

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe
  • Double-click on the Rkill icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
ComboFix 12-05-27.01 - David 27/05/2012 11:38:47.2.2 - x86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.353.1033.18.3038.1767 [GMT 1:00]
Running from: c:\users\David\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\security\Database\tmp.edb
.
.
((((((((((((((((((((((((( Files Created from 2012-04-27 to 2012-05-27 )))))))))))))))))))))))))))))))
.
.
2012-05-27 10:45 . 2012-05-27 10:45 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-05-27 10:45 . 2012-05-27 10:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-27 10:45 . 2012-05-27 10:45 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-05-26 23:16 . 2012-05-26 23:26 -------- d-----w- c:\users\David\AppData\Roaming\ImgBurn
2012-05-26 22:40 . 2012-05-26 22:40 -------- d-----w- c:\program files\ImgBurn
2012-05-23 18:24 . 2007-03-14 21:54 332800 ----a-w- c:\program files\Mozilla Firefox\GETxPUD\WGET.EXE
2012-05-23 18:24 . 2006-03-17 19:39 147456 ----a-w- c:\program files\Mozilla Firefox\GETxPUD\BurnCDCC.exe
2012-05-16 18:51 . 2012-04-18 02:06 6734704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{602D7B5C-D2D3-4A8F-BE5E-74DF134EB8D1}\mpengine.dll
2012-04-29 22:06 . 2010-02-18 14:11 190464 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-04-29 22:06 . 2010-02-18 11:52 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2012-04-27 23:34 . 2012-04-27 23:34 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-04-27 23:34 . 2012-04-27 23:34 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-27 23:34 . 2012-04-27 23:34 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-06 13:26 . 2012-04-09 17:56 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-06 13:26 . 2011-05-19 20:09 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-06 13:26 . 2012-04-14 02:26 4140192 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-04-27 23:34 . 2011-09-16 18:35 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2010-08-11 21:36 . 2009-11-15 20:25 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2010-10-13 22:28 . 2010-09-29 21:32 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48}"= "c:\program files\Celebrity Toolbar\tbhelper.dll" [2009-05-07 355840]
.
[HKEY_CLASSES_ROOT\clsid\{1c4ab6a5-595f-4e86-b15f-f93cce2bbd48}]
[HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{1EA6B471-CAD2-419a-9539-0586EEFE2D09}]
[HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0C37B053-FD68-456a-82E1-D788EE342E6F}]
2009-05-07 21:46 2642432 ----a-w- c:\program files\Celebrity Toolbar\tbcore3.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\program files\Celebrity Toolbar\tbcore3.dll" [2009-05-07 2642432]
.
[HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\program files\Celebrity Toolbar\tbcore3.dll" [2009-05-07 2642432]
.
[HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2008-06-19 19:04 2957312 ----a-w- c:\program files\Protector Suite QL\farchns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2008-06-19 19:04 2957312 ----a-w- c:\program files\Protector Suite QL\farchns.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2008-06-28 262144]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-11 6244896]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-10 835584]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-23 13543968]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-23 92704]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-14 623992]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2008-04-04 317280]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-11 30192]
"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2008-06-19 48904]
"MarketingTools"="c:\program files\Sony\Marketing Tools\MarketingTools.exe" [2008-08-20 24576]
"AML"="c:\program files\Sony\VAIO Launcher\AML.exe" [2008-06-13 1097728]
"Run StartupMonitor"="StartupMonitor.exe" [2000-05-20 86016]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-7-1 768552]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2008-06-19 18:51 90112 ----a-w- c:\windows\System32\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2008-07-16 01:04 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 257696]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
getPlusHelper REG_MULTI_SZ getPlusHelper
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 13:26]
.
2012-05-20 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-20 18:12]
.
2012-05-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-01 20:25]
.
2012-05-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-01 20:25]
.
2012-05-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1606192458-1090443840-3868715709-1000Core.job
- c:\users\David\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-06 09:06]
.
2012-05-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1606192458-1090443840-3868715709-1000UA.job
- c:\users\David\AppData\Local\Google\Update\GoogleUpdate.exe [2010-06-06 09:06]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ie/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\knnxaer7.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ie/ig
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-27 11:45
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6001 Disk: Intel___ rev.1.0. -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
.
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user != kernel MBR !!!
sectors 250081278 (+255): user != kernel
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1606192458-1090443840-3868715709-1000\Software\G*e*n*I*e*"!\FM Genie Scout 10]
@Allowed: (Read) (RestrictedCode)
"GameDir"="c:\\Users\\David\\Documents\\Sports Interactive\\Football Manager 2010\\games"
"ShortlistDir"=""
"ScreenshotsDir"="c:\\Users\\David\\Documents\\Sports Interactive\\Football Manager 2010"
"SaveDir"="c:\\Users\\David\\Documents\\Sports Interactive\\Football Manager 2010\\"
"HistoryDir"="c:\\Users\\David\\AppData\\Local\\Temp\\Rar$EX00.502\\FM Genie Scout 10\\History Points"
"LangDB"="c:\\program files\\steam\\steamapps\\common\\football manager 2010\\data\\updates\\update-1030\\db\\1030\\lang_db.dat"
"LastSaveGame"="c:\\Users\\David\\Documents\\Sports Interactive\\Football Manager 2010\\games\\hoops.fm"
"Language"="English"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"GraphStep"=dword:00000000
"SkinName"="Steklo Black"
"LastUpdateCheck"=dword:00009d94
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"Version"=dword:00000074
"UniqueID"="65-E780-E62F"
"Currency"=dword:00000056
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
.
[HKEY_USERS\S-1-5-21-1606192458-1090443840-3868715709-1000\Software\G*e*n*I*e*"!\FM Genie Scout 11]
@Allowed: (Read) (RestrictedCode)
"GameDir"="c:\\Users\\David\\Documents\\Sports Interactive\\Football Manager 2011\\games"
"ShortlistDir"=""
"FMPath"="c:\\program files\\steam\\steamapps\\common\\football manager 2011\\"
"ScreenshotsDir"="c:\\Users\\David\\Documents\\Sports Interactive\\Football Manager 2011"
"SaveDir"="c:\\Users\\David\\Documents\\Sports Interactive\\Football Manager 2011\\"
"HistoryDir"="c:\\FM Genie Scout 11\\History Points"
"LangDB"="c:\\program files\\steam\\steamapps\\common\\football manager 2011\\data\\updates\\update-1130\\db\\1130\\lang_db.dat"
"LastSaveGame"="c:\\Users\\David\\Documents\\Sports Interactive\\Football Manager 2011\\games\\stras 18th.fm"
"Language"="English"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"GraphStep"=dword:00000000
"SkinName"="PSV Eindhoven"
"LastUpdateCheck"=dword:00009f6c
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"Version"=dword:00000081
"UniqueID"="65-E780-E62F"
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
"PlayerSearchFeatureNum"=dword:00000011
"StaffSearchFeatureNum"=dword:00000000
"ClubSearchFeatureNum"=dword:00000002
"FilterByClubFeatureNum"=dword:00000008
"CompareFeatureNum"=dword:00000000
"ShortlistFeatureNum"=dword:00000000
"ExportFeatureNum"=dword:00000000
"HistoryFeatureNum"=dword:00000000
"LanguageDBFeatureNum"=dword:00000014
"HintsFeatureNum"=dword:00000000
"GenieReportFeatureNum"=dword:00000000
"TopFormationFeatureNum"=dword:00000000
"ScreenshotFeatureNum"=dword:00000000
"Currency"=dword:00000056
"VersionOf"=dword:0000007b
.
[HKEY_USERS\S-1-5-21-1606192458-1090443840-3868715709-1000\Software\G*e*n*I*e*"!\FM Genie Scout 11g]
@Allowed: (Read) (RestrictedCode)
"PicturesNumber"=dword:00000000
.
[HKEY_USERS\S-1-5-21-1606192458-1090443840-3868715709-1000\Software\G*e*n*I*e*"!\FM Genie Scout 2009 XE]
"GameDir"="c:\\Users\\David\\Documents\\Sports Interactive\\Football Manager 2009\\games"
"ShortlistDir"="c:\\Users\\David\\Documents\\Sports Interactive\\Football Manager 2009\\shortlists"
"ScreenshotsDir"="c:\\Users\\David\\Documents\\Sports Interactive\\Football Manager 2009"
"SaveDir"="c:\\Users\\David\\Documents\\Sports Interactive\\Football Manager 2009\\"
"HistoryDir"="c:\\Users\\David\\AppData\\Local\\Temp\\Rar$EX00.705\\FM Genie Scout 2009 XE\\History Points"
"LangDB"=""
"LastSaveGame"=""
"Language"="English"
"LoadLangDB"=dword:00000000
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000032
"GraphStep"=dword:00000000
"SkinName"="Steklo Black"
"LastUpdateCheck"=dword:00000000
"HighQualityGUI"=dword:00000000
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"Version"=dword:00000067
"UniqueID"="65-E780-E62F"
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
"Currency"=dword:0000001c
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b4
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(756)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\program files\Protector Suite QL\infra.dll
.
Completion time: 2012-05-27 11:47:23
ComboFix-quarantined-files.txt 2012-05-27 10:47
.
Pre-Run: 18,239,995,904 bytes free
Post-Run: 18,777,104,384 bytes free
.
- - End Of File - - 394955FBDC2315D80C4587C2C1D9389B
 
Looks good.

Any current issues?

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\tasks\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /I " " /c
dir /b "%systemroot%\*.exe" | find /I " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Thanks for all the help.

Only issue I have at the moment is a rundll32 error I get whenever I try to change screensaver/display settings/theme saying "Windows host process (Rundll32) has stopped working". Not sure if this is related to any malware/viruses or just an error with windows?

OTL logfile created on: 28/05/2012 20:22:56 - Run 1
OTL by OldTimer - Version 3.2.43.2 Folder = C:\Users\David\Downloads
Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

2.97 Gb Total Physical Memory | 1.67 Gb Available Physical Memory | 56.20% Memory free
6.14 Gb Paging File | 4.93 Gb Available in Paging File | 80.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 106.96 Gb Total Space | 16.94 Gb Free Space | 15.83% Space Free | Partition Type: NTFS
Drive D: | 465.75 Gb Total Space | 363.95 Gb Free Space | 78.14% Space Free | Partition Type: NTFS

Computer Name: SONY-LAPTOP | User Name: David | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/28 20:17:00 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\David\Downloads\OTL.exe
PRC - [2011/11/28 19:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/11/28 19:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2009/01/02 13:05:42 | 003,098,152 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe
PRC - [2008/10/29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/14 22:38:56 | 000,623,992 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
PRC - [2008/08/20 22:42:52 | 000,024,576 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
PRC - [2008/07/31 23:27:48 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2008/07/16 02:04:08 | 000,182,112 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2008/07/16 02:04:08 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2008/07/11 12:45:49 | 000,098,304 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RTKAUDIOSERVICE.EXE
PRC - [2008/07/01 16:56:38 | 002,247,208 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2008/07/01 16:56:38 | 000,768,552 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2008/06/28 05:01:36 | 000,299,008 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Network Utility\NSUService.exe
PRC - [2008/06/28 05:01:34 | 000,262,144 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Network Utility\LANUtil.exe
PRC - [2008/06/20 16:56:44 | 000,415,744 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
PRC - [2008/06/20 03:53:20 | 001,771,360 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
PRC - [2008/06/20 03:53:20 | 000,411,488 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe
PRC - [2008/06/19 19:52:28 | 000,045,056 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\upeksvr.exe
PRC - [2008/06/19 19:35:52 | 000,053,512 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\psqltray.exe
PRC - [2008/06/19 16:55:48 | 000,279,848 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2008/06/17 17:00:34 | 001,249,280 | ---- | M] (Time Information Services Ltd.) -- C:\Program Files\Nokia\Nokia PC Suite 7\PcSync2.exe
PRC - [2008/06/12 03:46:10 | 000,866,144 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
PRC - [2008/05/22 22:23:10 | 000,192,512 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2008/05/22 16:05:06 | 000,474,624 | ---- | M] (Nokia Corporation) -- C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
PRC - [2008/05/01 03:41:12 | 000,815,104 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2008/05/01 03:10:10 | 000,466,944 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008/04/16 01:54:42 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/04/16 01:54:40 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/04/04 04:03:38 | 000,317,280 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\ISB Utility\ISBMgr.exe
PRC - [2007/09/11 08:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
PRC - [2007/01/05 03:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2000/05/20 18:23:48 | 000,086,016 | ---- | M] () -- C:\Windows\StartupMonitor.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/20 19:45:11 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\bf3b757c821a36e6a9c7c1988b39a15d\System.IdentityModel.Selectors.ni.dll
MOD - [2012/02/20 19:45:09 | 001,070,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\3fb6b9b320c78fa02be3fa8ce26b7559\System.IdentityModel.ni.dll
MOD - [2012/02/20 19:45:07 | 002,345,472 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\0393b1448497e28ae9bbfed9be19bd3e\System.Runtime.Serialization.ni.dll
MOD - [2012/02/20 19:45:06 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\06bb41fe681650a017fa2c99e197edf0\SMDiagnostics.ni.dll
MOD - [2012/02/20 19:45:05 | 017,403,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\0dd1924dbe8ac43b923a28409d351619\System.ServiceModel.ni.dll
MOD - [2012/02/20 19:44:46 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\c933fd5d1d27f268331890d7ddba8fec\System.ServiceProcess.ni.dll
MOD - [2012/02/20 19:44:39 | 011,800,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0a1195c6b5fab213527364c9e8b26ef0\System.Web.ni.dll
MOD - [2012/02/20 19:44:04 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\aa3e053d433c48e1e8c3f436b4de1ed3\System.Configuration.ni.dll
MOD - [2012/02/20 08:35:18 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll
MOD - [2012/02/20 08:35:07 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll
MOD - [2012/02/20 08:35:00 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll
MOD - [2012/02/20 08:34:13 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll
MOD - [2012/02/20 08:34:08 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2010/08/11 22:36:03 | 000,034,816 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\gzlib.dll
MOD - [2008/07/31 23:30:04 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\SPMDam\3.1.0.6020__1b3c579b6925895f\SPMDam.dll
MOD - [2008/07/31 23:30:02 | 000,086,016 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\SPMCommon\3.1.0.6020__e3c7096ba83f9295\SPMCommon.dll
MOD - [2008/07/01 16:43:28 | 000,126,976 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2000/05/20 18:23:48 | 000,086,016 | ---- | M] () -- C:\Windows\StartupMonitor.exe


========== Win32 Services (SafeList) ==========

SRV - [2012/05/06 14:26:14 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/28 00:34:32 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/11/28 19:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/06/29 15:59:18 | 000,155,344 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
SRV - [2010/01/25 11:00:54 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper)
SRV - [2009/11/14 20:31:23 | 000,320,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/01/02 13:05:42 | 003,098,152 | ---- | M] (Kontiki Inc.) [Auto | Running] -- C:\Program Files\Kontiki\KService.exe -- (KService)
SRV - [2008/08/07 12:17:30 | 000,575,488 | ---- | M] (Nokia.) [Disabled | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/07/31 23:27:48 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/07/16 02:04:08 | 000,182,112 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2008/07/11 12:45:49 | 000,098,304 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Windows\RTKAUDIOSERVICE.EXE -- (RtkAudioService)
SRV - [2008/06/28 05:01:36 | 000,299,008 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\Network Utility\NSUService.exe -- (NSUService)
SRV - [2008/06/20 16:56:44 | 000,415,744 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2008/06/20 03:53:20 | 000,411,488 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV - [2008/06/19 16:55:48 | 000,279,848 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2008/06/12 07:13:24 | 000,337,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2008/06/12 07:10:48 | 000,083,232 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper)
SRV - [2008/05/22 22:23:10 | 000,192,512 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2008/05/22 22:21:44 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2008/05/21 03:05:40 | 000,353,568 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHDms.exe -- (SOHDms)
SRV - [2008/05/21 03:05:40 | 000,103,712 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe -- (SOHCImp)
SRV - [2008/05/21 03:05:40 | 000,062,752 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHDs.exe -- (SOHDs)
SRV - [2008/05/20 09:51:34 | 000,077,824 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2008/05/20 09:49:04 | 000,053,248 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2008/05/20 09:29:06 | 000,053,248 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2008/05/01 03:41:12 | 000,815,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008/05/01 03:10:10 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008/04/16 01:54:42 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008/01/21 03:21:41 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/11 08:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2007/01/05 03:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\Drivers\PROCEXP151.SYS -- (PROCEXP151)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\David\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2011/11/28 18:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/11/28 18:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/11/28 18:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/11/28 18:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/11/28 18:52:07 | 000,055,128 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/11/28 18:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/18 16:14:52 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri)
DRV - [2009/07/30 21:10:06 | 000,114,672 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\keyscrambler.sys -- (KeyScrambler)
DRV - [2009/04/06 08:13:52 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2009/04/06 08:13:52 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2008/07/23 01:01:44 | 007,541,248 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/07/23 01:01:41 | 000,044,064 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008/07/12 00:42:58 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
DRV - [2008/07/11 15:04:57 | 000,979,584 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVerAVF2.sys -- (AVerAVF2)
DRV - [2008/07/02 05:10:56 | 000,052,752 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr_cfs.sys -- (JMCR_CFS)
DRV - [2008/06/28 01:33:45 | 000,068,608 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008/06/21 01:03:04 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\risdptsk.sys -- (risdptsk)
DRV - [2008/06/07 01:02:55 | 000,131,000 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2008/06/06 10:24:44 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2008/05/07 08:38:36 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2008/05/07 08:38:20 | 000,020,864 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2008/05/07 08:38:20 | 000,017,536 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2008/04/28 14:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008/03/26 15:56:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008/03/26 15:55:00 | 000,019,840 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008/03/26 15:55:00 | 000,012,800 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2008/03/10 12:01:26 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
DRV - [2008/01/25 03:14:25 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2008/01/21 03:21:34 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2007/09/17 16:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/04/18 04:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {7FF8B97B-5383-4B1C-B78C-E3328B75B3B7}
IE - HKLM\..\SearchScopes\{7FF8B97B-5383-4B1C-B78C-E3328B75B3B7}: "URL" = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1606192458-1090443840-3868715709-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-1606192458-1090443840-3868715709-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
IE - HKU\S-1-5-21-1606192458-1090443840-3868715709-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1606192458-1090443840-3868715709-1000\..\URLSearchHook: {1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48} - C:\Program Files\Celebrity Toolbar\tbhelper.dll ()
IE - HKU\S-1-5-21-1606192458-1090443840-3868715709-1000\..\SearchScopes,DefaultScope = {7FF8B97B-5383-4B1C-B78C-E3328B75B3B7}
IE - HKU\S-1-5-21-1606192458-1090443840-3868715709-1000\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=SWOyhj-j6XiqDliathmeJ-FsTPo?q={searchTerms}
IE - HKU\S-1-5-21-1606192458-1090443840-3868715709-1000\..\SearchScopes\{7FF8B97B-5383-4B1C-B78C-E3328B75B3B7}: "URL" = http://www.google.com/search?q={sea...&oe={outputEncoding}&sourceid=ie7&rlz=1I7SNYK
IE - HKU\S-1-5-21-1606192458-1090443840-3868715709-1000\..\SearchScopes\{CDB4725A-6192-44E4-942B-37FF7C9066C4}: "URL" = http://uk.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
IE - HKU\S-1-5-21-1606192458-1090443840-3868715709-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1606192458-1090443840-3868715709-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.ie/ig"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..extensions.enabledItems: anycolor.pavlos256@gmail.com:0.3.3
FF - prefs.js..extensions.enabledItems: {D9A7CBEC-DE1A-444f-A092-844461596C4D}:4.5
FF - prefs.js..extensions.enabledItems: FasterFox_Lite@BigRedBrent:3.9.1Lite
FF - prefs.js..extensions.enabledItems: {d33c2f7c-b1e6-4d46-ab0e-be1f6d05c904}:2.0.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: ferronf3@gmail.com:1.9
FF - prefs.js..extensions.enabledItems: {4ED1F68A-5463-4931-9384-8FFF5ED91D92}:3.4.0
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=3.0: C:\Program Files\Virtual Earth 3D\ [2009/04/10 16:57:57 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2009/04/10 16:57:57 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=0.8.1: "C:\Program Files\VideoLAN\VLC\mozilla\npvlc.dll" File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\David\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\David\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/11/05 21:35:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/07/05 20:11:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/12/25 21:23:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/02/18 15:44:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/04/28 00:34:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/25 21:23:53 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/07/05 20:11:41 | 000,000,000 | ---D | M]

[2008/11/05 19:13:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\David\AppData\Roaming\Mozilla\Extensions
[2012/05/17 16:44:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\knnxaer7.default\extensions
[2010/04/27 22:55:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\knnxaer7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/05/09 16:01:54 | 000,000,000 | ---D | M] (FT DeepDark) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\knnxaer7.default\extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66}
[2012/05/17 16:44:01 | 000,000,000 | ---D | M] (WOT) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\knnxaer7.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/07/09 01:24:33 | 000,000,000 | ---D | M] (Tiny Menu) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\knnxaer7.default\extensions\{d33c2f7c-b1e6-4d46-ab0e-be1f6d05c904}
[2011/10/29 14:47:51 | 000,000,000 | ---D | M] ("Default Full Zoom Level") -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\knnxaer7.default\extensions\{D9A7CBEC-DE1A-444f-A092-844461596C4D}
[2010/08/22 10:38:35 | 000,000,000 | ---D | M] (AnyColor) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\knnxaer7.default\extensions\anycolor.pavlos256@gmail.com
[2008/11/20 21:47:08 | 000,000,000 | ---D | M] (PC Sync 2 Synchronisation Extension) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\knnxaer7.default\extensions\bkmrksync@nokia.com
[2010/06/04 19:17:08 | 000,000,000 | ---D | M] ("MultiMediaWebRecorder") -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\knnxaer7.default\extensions\CarCastWebRecorder@inrete.it
[2012/04/29 22:19:46 | 000,000,000 | ---D | M] (Fasterfox Lite) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\knnxaer7.default\extensions\FasterFox_Lite@BigRedBrent
[2011/08/14 15:09:55 | 000,000,000 | ---D | M] (Get Back Old Facebook Chat) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\knnxaer7.default\extensions\ferronf3@gmail.com
[2009/12/25 17:58:17 | 000,000,000 | ---D | M] (KeyScrambler) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\knnxaer7.default\extensions\keyscrambler@qfx.software.corporation
[2012/05/22 17:50:52 | 000,002,103 | ---- | M] () -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\knnxaer7.default\searchplugins\wot-safe-search.xml
[2012/03/19 18:53:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/18 15:44:37 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011/12/25 21:23:54 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012/02/12 12:43:20 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KNNXAER7.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/04/28 00:34:35 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/10/13 23:28:54 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2009/11/06 16:37:19 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2012/02/26 02:07:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/11/06 16:37:20 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/04/28 00:34:27 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/04/28 00:34:27 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/04/28 00:34:27 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/04/28 00:34:27 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2010/06/08 22:44:35 | 000,002,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2012/04/28 00:34:27 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/04/28 00:34:27 | 000,001,121 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\David\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\David\AppData\Local\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\David\AppData\Local\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\David\AppData\Local\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.8 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: getPlusPlus for Adobe 16260 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa2.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa3.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle Broadcaster Plugin (Enabled) = C:\Program Files\Veetle\VLCBroadcast\npvbp.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Splendid = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdfkbdkkfmmckaadapdipihjfaacnkgd\3_0\
CHR - Extension: Adblock Plus (Beta) = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: avast! WebRep = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1374_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
 
O1 HOSTS File: ([2012/05/27 11:45:17 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (MHTBPos00 Class) - {0C37B053-FD68-456a-82E1-D788EE342E6F} - C:\Program Files\Celebrity Toolbar\tbcore3.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google BAE\BAE.dll (Your Company Name)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Celebrity Toolbar) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Celebrity Toolbar\tbcore3.dll ()
O3 - HKU\S-1-5-21-1606192458-1090443840-3868715709-1000\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-21-1606192458-1090443840-3868715709-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1606192458-1090443840-3868715709-1000\..\Toolbar\WebBrowser: (Celebrity Toolbar) - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Celebrity Toolbar\tbcore3.dll ()
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AML] C:\Program Files\Sony\VAIO Launcher\AML.exe (Sony)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [MarketingTools] C:\Program Files\Sony\Marketing Tools\MarketingTools.exe (Sony Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Run StartupMonitor] C:\Windows\StartupMonitor.exe ()
O4 - HKU\S-1-5-21-1606192458-1090443840-3868715709-1000..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe (Time Information Services Ltd.)
O4 - HKU\S-1-5-21-1606192458-1090443840-3868715709-1000..\Run: [NSUFloatingUI] C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-1606192458-1090443840-3868715709-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1606192458-1090443840-3868715709-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-1606192458-1090443840-3868715709-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1606192458-1090443840-3868715709-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8A6E4EFB-BE48-4C95-B171-A5176696F996}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A575AA6B-D6D6-4D3C-BEAD-63611D847F94}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\dssrequest - No CLSID value found
O18 - Protocol\Handler\sacore - No CLSID value found
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\System32\vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\psfus: DllName - (C:\Windows\system32\psqlpwd.dll) - C:\Windows\System32\psqlpwd.dll (UPEK Inc.)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.avis - C:\Windows\System32\ff_acm.acm ()
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\Windows\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.dvsd - C:\Program Files\Common Files\Sony Shared\VideoLib\sonydv.dll (Sony Corporation)
Drivers32: vidc.ffds - C:\Windows\System32\ff_vfw.dll ()
Drivers32: vidc.X264 - C:\Windows\System32\x264vfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/05/27 11:51:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/05/27 11:51:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/05/27 11:51:26 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/05/27 11:51:26 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/05/27 11:47:28 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/05/27 11:36:55 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/05/27 11:36:55 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/05/27 11:36:55 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/05/27 11:36:47 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/05/27 11:36:45 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/05/27 11:07:27 | 004,529,532 | R--- | C] (Swearware) -- C:\Users\David\Desktop\ComboFix.exe
[2012/05/27 03:03:34 | 002,126,936 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\David\Desktop\TDSSKiller.exe
[2012/05/27 00:16:03 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\ImgBurn
[2012/05/26 23:40:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
[2012/05/26 23:40:38 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2012/05/22 23:06:50 | 000,083,968 | ---- | C] (Esage Lab) -- C:\Users\David\Desktop\boot_cleaner.exe
[2012/05/16 19:34:45 | 000,000,000 | ---D | C] -- C:\Config.Msi

========== Files - Modified Within 30 Days ==========

[2012/05/28 20:26:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/28 19:54:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1606192458-1090443840-3868715709-1000UA.job
[2012/05/28 19:46:43 | 000,219,731 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012/05/28 19:46:43 | 000,219,731 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012/05/28 19:46:18 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/28 19:42:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/28 19:25:22 | 000,648,292 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/05/28 19:25:22 | 000,126,266 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/05/28 19:17:31 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/28 19:17:31 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/28 19:17:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/27 15:03:29 | 000,002,140 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/05/27 11:45:17 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/05/27 11:07:35 | 004,529,532 | R--- | M] (Swearware) -- C:\Users\David\Desktop\ComboFix.exe
[2012/05/27 03:01:02 | 000,418,704 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/05/26 23:54:01 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1606192458-1090443840-3868715709-1000Core.job
[2012/05/23 08:16:44 | 002,126,936 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\David\Desktop\TDSSKiller.exe
[2012/05/20 11:23:01 | 000,000,820 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012/05/16 17:13:18 | 000,121,344 | ---- | M] () -- C:\Users\David\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== Files Created - No Company Name ==========

[2012/05/27 11:36:55 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/05/27 11:36:55 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/05/27 11:36:55 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/05/27 11:36:55 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/05/27 11:36:55 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/05/26 23:40:39 | 000,001,662 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
[2011/07/12 17:31:36 | 000,000,000 | ---- | C] () -- C:\Users\David\AppData\Local\{E99CA243-FC3D-4368-A680-35C8D645E6C5}
[2011/07/05 20:05:12 | 000,208,151 | ---- | C] () -- C:\Windows\hpoins43.dat
[2011/07/05 20:05:12 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl43.dat
[2010/12/17 00:09:28 | 000,000,056 | ---- | C] () -- C:\Windows\System32\ezsidmv.dat

========== LOP Check ==========

[2008/11/30 18:44:51 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\.BitTornado
[2010/03/14 21:05:46 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\COWON
[2012/05/27 00:26:20 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\ImgBurn
[2008/11/10 20:26:04 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\InterVideo
[2012/02/13 21:55:55 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\IObit
[2009/05/12 20:59:46 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\LG Electronics
[2008/11/20 21:48:20 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Nokia
[2008/11/20 21:48:33 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\PC Suite
[2011/10/29 18:49:42 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Sports Interactive
[2009/01/28 00:57:13 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Template
[2011/12/11 03:00:01 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\UseNeXT
[2012/02/16 01:05:48 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\IObit
[2012/02/16 01:05:48 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\IObit
[2012/05/27 15:03:29 | 000,032,652 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2006/09/18 22:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2008/01/21 03:22:49 | 000,333,203 | RHS- | M] () -- C:\bootmgr
[2008/07/31 21:32:16 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2012/05/27 11:47:23 | 000,019,470 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 22:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2008/08/20 22:37:03 | 000,000,188 | ---- | M] () -- C:\Installer_Setup.log
[2012/02/19 19:34:15 | 000,048,683 | ---- | M] () -- C:\JavaRa.log
[2008/11/09 17:57:17 | 000,024,058 | ---- | M] () -- C:\output.log
[2012/05/28 19:17:21 | 3500,290,048 | -HS- | M] () -- C:\pagefile.sys
[2012/05/27 03:11:19 | 000,139,474 | ---- | M] () -- C:\TDSSKiller.2.7.37.0_27.05.2012_03.03.54_log.txt
[2008/08/20 22:27:11 | 000,386,282 | ---- | M] () -- C:\vcredist_x86.log
[2010/04/18 21:06:02 | 000,005,474 | ---- | M] () -- C:\WirelessDiagLog.csv

< %systemroot%\Fonts\*.com >
[2006/11/02 13:35:26 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 13:35:26 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 13:35:26 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 13:35:26 | 000,030,808 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 22:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2009/04/16 14:08:20 | 000,312,832 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\hpfpp70v.dll
[2006/11/02 13:34:09 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/26 20:58:12 | 000,030,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\mdippr.dll
[2006/10/27 03:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2011/11/28 19:01:25 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2009/07/10 13:15:46 | 000,306,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/21 03:41:56 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008/07/31 21:32:04 | 013,733,888 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/07/31 21:31:59 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/07/31 21:32:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2008/07/31 21:32:13 | 017,604,608 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2008/07/31 21:32:14 | 006,713,344 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >

< %USERPROFILE%\Desktop\*.exe >
[2011/09/20 03:02:40 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Users\David\Desktop\boot_cleaner.exe
[2012/05/27 11:07:35 | 004,529,532 | R--- | M] (Swearware) -- C:\Users\David\Desktop\ComboFix.exe
[2012/05/23 08:16:44 | 002,126,936 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\David\Desktop\TDSSKiller.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\tasks\*.* >
[2012/05/28 20:26:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/20 11:23:01 | 000,000,820 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012/05/28 19:46:18 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/28 19:42:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/26 23:54:01 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1606192458-1090443840-3868715709-1000Core.job
[2012/05/28 19:54:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1606192458-1090443840-3868715709-1000UA.job
[2012/05/28 19:17:42 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2012/05/27 15:03:29 | 000,032,652 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >
[2010/09/21 20:40:19 | 000,083,968 | ---- | M] (eSage Lab) -- C:\Users\David\remover.exe

< %systemroot%\ADDINS\*.* >
[2006/11/02 13:33:56 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2012/02/20 08:31:36 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
[2012/02/20 08:31:06 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
[2008/10/29 03:20:07 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
[2008/10/29 03:20:07 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2008/10/28 20:30:13 | 000,000,402 | -HS- | M] () -- C:\Users\David\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2011/07/05 20:14:37 | 000,007,743 | ---- | M] () -- C:\ProgramData\hpzinstall.log
[2012/05/28 19:46:43 | 000,219,731 | ---- | M] () -- C:\ProgramData\nvModes.001

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /I " " /c >

< dir /b "%systemroot%\*.exe" | find /I " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-05-16 18:56:06

< End of report >
 
OTL Extras logfile created on: 28/05/2012 20:22:56 - Run 1
OTL by OldTimer - Version 3.2.43.2 Folder = C:\Users\David\Downloads
Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

2.97 Gb Total Physical Memory | 1.67 Gb Available Physical Memory | 56.20% Memory free
6.14 Gb Paging File | 4.93 Gb Available in Paging File | 80.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 106.96 Gb Total Space | 16.94 Gb Free Space | 15.83% Space Free | Partition Type: NTFS
Drive D: | 465.75 Gb Total Space | 363.95 Gb Free Space | 78.14% Space Free | Partition Type: NTFS

Computer Name: SONY-LAPTOP | User Name: David | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1606192458-1090443840-3868715709-1000\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1E0575B5-10A9-4401-BAE6-8A5DA810A66F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{1E454BA2-A142-4D7F-823B-24397C64CC48}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{48428F88-1117-46BB-BF97-EB01E3295DFD}" = rport=137 | protocol=17 | dir=out | app=system |
"{5A46240A-15C5-467A-AD4A-286517304850}" = lport=138 | protocol=17 | dir=in | app=system |
"{5D377E9E-ABAA-49F0-AE7F-74F9056B4E8C}" = rport=139 | protocol=6 | dir=out | app=system |
"{61A93897-741B-41B4-A0AC-444770817FAF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6A26A0A8-65C2-4675-8B95-26DCA616AD84}" = rport=445 | protocol=6 | dir=out | app=system |
"{6DA89D64-9348-49D6-8400-37C5919A5CD7}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{7FA6253C-B3D6-4D58-B3D1-0ABA1D92D2E1}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{84B27C55-8D01-454A-BFE1-1D46D2B4FB52}" = lport=445 | protocol=6 | dir=in | app=system |
"{A06B1860-0F63-4A17-81CD-B7154EF81956}" = lport=139 | protocol=6 | dir=in | app=system |
"{A21F4630-F435-40DE-B60C-1072874AE464}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{AED28ADA-E509-4BCB-A084-F3A62404DECD}" = rport=138 | protocol=17 | dir=out | app=system |
"{C9E6C4DB-6415-4A06-94C3-F718052A58C9}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{F05445CF-305A-4211-B814-16B18125F6F4}" = lport=137 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{042DEF76-2FFC-41F4-A92F-ED68C7F346FB}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{093C5B72-FE17-4C2E-9F33-E825623E7B57}" = protocol=17 | dir=in | app=c:\program files\google\google talk\googletalk.exe |
"{0D4EF8DB-36D5-4CE9-8E82-2CC0CB14E39A}" = protocol=6 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{0D67D80D-B427-4910-98FC-F2044E5819DF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{0E6FBE4D-D390-4941-9AE6-74B38D5337C9}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{0F837844-F4B6-4B44-8BCB-FCEAAC175170}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0F91A068-E6BA-4C58-B2E5-66D568DC946B}" = protocol=6 | dir=in | app=c:\program files\google\google talk\googletalk.exe |
"{1A3554FD-94A4-49D7-91A8-8C421678AD49}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe |
"{2CAE3043-789E-413E-8BEE-E832664E4782}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{2DF9995B-4A2E-4CB6-A1CD-9A32D126EC25}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{2EB423B6-9FF4-4906-980A-AAD76B15787D}" = dir=in | app=h:\setup\hpznui01.exe |
"{36286C3D-B4B5-4070-92A1-A8C66ECEBA04}" = protocol=17 | dir=in | app=c:\program files\sports interactive\football manager 2010 demo\fm.exe |
"{3BB51444-CF7A-421D-BC72-A21946B057AF}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\football manager 2012\fm.exe |
"{4275A20C-24AD-4EC8-93AF-C4A4AABE7328}" = protocol=17 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{4A7FCE23-C6EB-4F9F-8B65-FA398EAFAF6C}" = protocol=6 | dir=in | app=c:\program files\relevantknowledge\rlvknlg.exe |
"{4AE15CC6-FC8B-4084-A675-63BE12C04004}" = protocol=17 | dir=in | app=c:\program files\relevantknowledge\rlvknlg.exe |
"{4DE3D666-C295-4C85-AEE4-FC9A75CDA1D7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{4EDA0DD6-EAA6-43F0-8CB0-CCCD2D8687DB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{53720762-BB03-46FA-AB9B-BFA297581F82}" = protocol=17 | dir=in | app=c:\program files\relevantknowledge\rlvknlg.exe |
"{5448E0A0-2426-4D9B-9991-2EFCFEA2DA04}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\football manager 2011\fm.exe |
"{55EF83D3-1A96-4F36-894E-330EA4630751}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\football manager 2009\fm.exe |
"{5742AA7E-A03B-44FB-BD29-30035DEA2426}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{597622B7-5096-4326-8B53-29B0CB7321B0}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{5A2DA032-AB59-4F53-BAE3-D6B14BAB5954}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{5C76DC68-83AA-430C-9B9F-9B72F82EC82E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{5DFC91C9-C523-4166-B204-B609FBA6DC52}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{63A68F53-F22D-4DC2-8F1B-80B06867D156}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{693750BD-03BE-4BC7-A64A-FCC711DEA9C2}" = protocol=17 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{69A94648-D400-43E0-B583-D05AC734866F}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{6FDBB561-522F-4BC0-A800-F9254650DCAA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{6FE39BDC-6971-4999-90FF-81E432E19699}" = protocol=6 | dir=in | app=c:\program files\sports interactive\football manager 2010 demo\fm.exe |
"{77A04939-8D2E-4479-88A7-A8AF9C4CEF33}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\football manager 2009\fm.exe |
"{7B929F53-0983-4ADF-98D6-A77DC4A6CDF7}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{7C0F528B-5A62-4069-9146-425CBFAE0D24}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{7FC9269A-2CD3-4993-A159-B5A6A144D34F}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe |
"{843A0584-FC69-478A-BE60-B4D765309F72}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{851EFF59-9817-4720-BC1E-0753F558B0C6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9B71A613-B8D1-4A05-9742-BF6E9F87B6BB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{A48FD3F8-D5CF-4C46-AEB1-DAF7A7A51A46}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\football manager 2009\fm.exe |
"{A65E2B1F-F411-4F1E-B9F5-D4035293A98C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{A8407509-86CB-48EB-8811-BDDC67D2EA1B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{ACA36DA8-C68B-4EF8-940B-27084389B057}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{B0293F75-7114-4E21-91E2-4A27D9D11D64}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{B2978732-6309-4C58-BF98-912C0223C9B6}" = protocol=6 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{C49B8222-118C-4F2B-B64C-E1CA41658077}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\football manager 2011\fm.exe |
"{C5F46FE1-364B-439F-A6AF-3C3DF1896D79}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\football manager 2009\fm.exe |
"{C916606A-0319-41E6-8FFD-C73BC7EB6AB6}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C9661140-E95B-496D-A1A0-D3882A7FC7C0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{D5E0D6D4-3612-42F8-AEF5-BFE3B479A1B5}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{D705FE2F-92BB-4FAA-BFD8-E4EC087E4ED2}" = protocol=6 | dir=in | app=c:\users\david\appdata\local\temp\~osaafe.tmp\rlvknlg.exe |
"{DBF52046-721A-4DD2-A5B1-7EFFFF244DA7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{E0311F77-41D2-4E49-B1ED-D88FF7BBBC49}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe |
"{E5FF41F6-8448-4564-8679-515A25FBCA9B}" = protocol=6 | dir=in | app=c:\program files\relevantknowledge\rlvknlg.exe |
"{ECFC76A5-91D9-4D0A-B634-7EA9E43106B8}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\football manager 2012\fm.exe |
"{EDC4F63A-D86A-44E2-AF8A-D0A49BECDCE0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{EE808A1B-FEB0-4252-BAA5-4664DE97AD50}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe |
"{FCDB7974-8FE3-47B5-A3AE-18210DFDA8DE}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{009E7FB7-1775-4D89-8956-F5C9A1C019FC}" = DSD Playback Plug-in
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0D67FBBE-3F68-4B0B-9647-8F3DE93593AE}" = FMRTE
"{1316AEF2-E086-46C7-B1FB-8C9A39A2ABF9}" = VAIO Media plus
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{14DCD95A-EBA3-4BF0-B7EF-533852E99BE6}" = LG PC Suite II
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{151CB4B7-FC63-4C72-8A21-5E87EB419DBB}" = Protector Suite QL 5.6
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}" = VAIO Launcher
"{1A524CFE-DF85-4555-8BC2-0C89DBD8BC2C}" = PC Connectivity Solution
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{2018C019-30D9-4240-8C01-0865C10DCF5A}" = VAIO Presentation Support
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD BD for VAIO
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22C29E59-2EF5-4B64-9B7F-9F7A69BC7D1A}" = FMRTE
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting
"{26921B2E-3E62-47F9-A514-1FC4A83BD738}" = Intel(R) PROSet/Wireless WiFi Software
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Virtual Earth 3D (Beta)
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{326DC400-1FC4-4D7D-946D-06D1EAB93200}" = VAIO Guide 
"{359FCAA7-B544-4147-AE3B-8C8A526E2427}" = Sony Image Data Suite
"{363611D9-1106-41F2-B74E-BD8481C41219}" = Click to Disc
"{3B659FAD-E772-44A3-B7E7-560FF084669F}" = VAIO Smart Network
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3E2C691B-B7E6-4053-B5C3-94B8BC407E7A}" = Adobe Premiere Elements 4.0
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{472080B7-D6E7-49E8-9383-FF136B8A8C34}" = JMicron JMB368 ExpressCard CF Adapter
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B41AE13-BA0E-4328-8E83-AD2A0BEB33EB}" = Sky Player
"{4DA77E56-5B67-4A9D-A79D-2157A08FA84A}" = IPTV
"{4DB64298-5934-4E27-812D-15FC5A79EE6E}" = ThemeEditor
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"{533D0A8A-D7E7-4F15-BC9E-FF2916A6BAA7}" = DSD Direct Player
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy Media Creator 10 LJ
"{537DB9D6-1AB1-4CE9-8DE7-312256B49A98}" = PS_AIO_06_C4700_SW_Min
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5C5EE8F2-0B38-4C13-AE4E-A87A237FE718}" =
"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
"{5F5867F0-2D23-4338-A206-01A76C823924}" = VAIO Power Management
"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
"{6332AFF1-9D9A-429C-AA03-F82749FA4F49}" = SonicStage Mastering Studio
"{63486834-B10B-4DD4-8216-C8D66A157D7E}_is1" = FMRTE 5.2.3
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{68550918-63B5-4762-85CB-3C160AA4B213}" = HP Photosmart C4700 All-in-One Driver Software 14.0 Rel. 6
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6C50525A-2D77-4C22-B058-9AA2F27ACFF2}" = VAIO Content Metadata Intelligent Analyzing Manager
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{76EFAC4F-1712-401F-B2AE-590B170C9BCE}" = StartupMonitor
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E823DA5-43A2-46E8-A75E-5A2A0FDE81A1}" = VAIO Content Metadata Manager Setting
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{82D5BACA-3619-4D34-99DB-3A65CFB4DA33}" = DSD Direct
"{83CDA18E-0BF3-4ACA-872C-B4CDABF2360E}" = VAIO Update 4
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BD60AEF-3F9D-47AE-B80A-FB7FFCE335A0}" = VAIO Movie Story
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" =
"{98F96FD4-B867-448B-82A0-8F5F5202E28F}" = IPTV
"{98FC7A64-774B-49B5-B046-4B4EBC053FA9}" = VAIO MusicBox Sample Music
"{9973498D-EA29-4A68-BE0B-C88D6E03E928}" = ArcSoft WebCam Companion 2
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C1C8A04-F8CA-4472-A92D-4288CE32DE86}" = SonicStage Mastering Studio Plugins
"{A3A1A5F0-0B94-4E69-B3E1-92F25E31BEE9}" = H264 Codecs
"{A552C4EA-D41E-4C61-A0FB-C0E05440F7D7}" = VAIO Entertainment Platform
"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Function Setting
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-1033-F400-BA7E-000000000003}" = Adobe Acrobat 8 Standard - English, Français, Deutsch
"{AF145F8997B44EE9B106D018EF1DB58B}" = DivX Converter Mobile
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story
"{B3164E9E-BE08-4F3B-94BC-C6D09C0205E1}" = Nokia Connectivity Cable Driver
"{B513C7B0-024A-498F-B0F5-00C67E2440A9}" = VAIO Content Metadata Intelligent Analyzing Manager
"{B5978DF3-8A04-4F22-AF67-8CCE52E04B13}" = C4700
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B7C03E84-AF46-42F4-809D-D4127D9086D0}" = VAIO Edit Components 6.4
"{BACD22AE-5B6B-4F23-B506-3FCFF13AC137}" = VAIO Media plus
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C1083DBC-C541-4E8C-91EA-D92397AB9A2C}" = OpenMG Secure Module 5.1.00
"{C3618839-0E38-4B2F-AD49-3DEAC31D1FFC}" = LG PC Suite II
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB8A8696-93EC-414E-A752-850AB133F68A}" = VAIO Content Metadata XML Interface Library
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Music Transfer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D035FBF6-FDEF-487D-89CA-6F9DD07B783F}" = Dolby Control Center
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D5577624-0626-4C4B-87AA-D966DA1739D6}" = Nokia PC Suite
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{DF0415CC-0563-407F-B560-9B7F277122C5}" = VAIO BD Menu Data
"{DF7DB916-90E5-40F2-9010-B8125EB5FD6F}" = SonicStage Mastering Studio Audio Filter
"{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = COWON Media Center - jetAudio Basic VX
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E464702F-5433-46EC-8F65-159276C0A54F}" = WIDCOMM Bluetooth Software 6.2.0.4100
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{E6A3770D-C87A-4505-B8C6-A4CF96AC395C}" = SonicStage Mastering Studio
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EB52A893-E159-4B6C-B184-895EC889F03A}" = eircom broadband usage meter
"{EC37A846-53AC-4DA7-98FA-76A4E74AA900}" = SonicStage Mastering Studio Audio Filter Custom Preset
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{EE59BBF9-415C-45DB-8C4B-EE43CF635FEA}" = VAIO Content Metadata XML Interface Library
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.01.217
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F41D847E-D635-4A60-B3CB-E08CFB24F1F9}" = COWON S9 User's Guide
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" =
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F85C7118-F3DC-4ED9-AB27-3E7931EA3D88}" = Adobe Premiere Elements 4.0 Templates
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FAE36873-1941-4076-A9A5-48812B5EA0B7}" = iTunes
"{FD72E69E-CF34-4071-BFD6-FD081A365E2C}" = VAIO Content Metadata Intelligent Analyzing Manager
"{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Easy Media Creator Home
"{FE697886-F392-4E0D-A0C0-47587BF60992}" = VAIO Content Metadata Manager Setting
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"7-Zip" = 7-Zip 4.57
"9CD348AE9C64C4B939B624E8E24F3903EFDFC82B" = Windows Driver Package - Nokia Modem (05/22/2008 7.00.0.1)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Acrobat 8 Standard - English, Français, Deutsch" = Adobe Acrobat 8.1.3 Standard
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"AudibleManager" = AudibleManager
"avast" = avast! Free Antivirus
"BFG-Big Fish Games Game Suite" = Big Fish Games Game Suite
"BitTornado" = BitTornado 0.3.17
"C5A76DC11BABDA0A881E7BE8DDEB641365A77FFD" = Windows Driver Package - Nokia Modem (05/22/2008 3.8)
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup" = DivX Setup
"dt icon module" =
"ESET Online Scanner" = ESET Online Scanner v3
"ffdshow" = ffdshow
"FLFooty TV 2.2" = FLFooty TV 2.2
"FM Genie Scout 11_is1" = FM Genie Scout 11 version 1.00
"FootyOnline.tv" = FootyOnline.tv
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"Gordon's Gate Flash Driver" = Gordon's Gate Flash Driver 2.2.0.8
"gtfirstboot Setting Request" =
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Photo Creations" = HP Photo Creations
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"ImgBurn" = ImgBurn
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD BD for VAIO
"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"InstallShield_{C1083DBC-C541-4E8C-91EA-D92397AB9A2C}" = OpenMG Secure Module 5.1.00
"KeyScrambler" = KeyScrambler
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"MarketingTools" = VAIO Marketing Tools
"MFU Module" =
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"MKV Player_is1" = MKV Player 2.0.1
"Mozilla Firefox 12.0 (x86 en-GB)" = Mozilla Firefox 12.0 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa 3" = Picasa 3
"PremElem40" = Adobe Premiere Elements 4.0
"PremElem40Templates" = Adobe Premiere Elements 4.0 Templates
"ProInst" = Intel PROSet Wireless
"PROR" = Microsoft Office Professional 2007 Trial
"RealPlayer 6.0" = RealPlayer
"Revo Uninstaller" = Revo Uninstaller 1.85
"Shop for HP Supplies" = Shop for HP Supplies
"Steam App 34220" = Football Manager 2011
"Steam App 71270" = Football Manager 2012
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Update Engine" = Sony Ericsson Update Engine
"Update Service" = Update Service
"UseNeXT_is1" = UseNeXT
"VAIO Help and Support" =
"Veetle TV" = Veetle TV 0.9.18
"VLC media player" = VideoLAN VLC media player 0.8.1
"Winamp" = Winamp (remove only)
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"x264 Revision 534 x264.nl" = x264 Revision 534 x264.nl (remove only)

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1606192458-1090443840-3868715709-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 27/05/2012 09:57:07 | Computer Name = Sony-Laptop | Source = Windows Search Service | ID = 3013
Description =

Error - 27/05/2012 09:57:08 | Computer Name = Sony-Laptop | Source = Windows Search Service | ID = 3013
Description =

Error - 27/05/2012 09:57:08 | Computer Name = Sony-Laptop | Source = Windows Search Service | ID = 3013
Description =

Error - 27/05/2012 09:57:08 | Computer Name = Sony-Laptop | Source = Windows Search Service | ID = 3013
Description =

Error - 27/05/2012 09:57:08 | Computer Name = Sony-Laptop | Source = Windows Search Service | ID = 3013
Description =

Error - 27/05/2012 09:57:08 | Computer Name = Sony-Laptop | Source = Windows Search Service | ID = 3013
Description =

Error - 27/05/2012 09:57:08 | Computer Name = Sony-Laptop | Source = Windows Search Service | ID = 3013
Description =

Error - 28/05/2012 14:17:47 | Computer Name = Sony-Laptop | Source = WinMgmt | ID = 10
Description =

Error - 28/05/2012 14:17:49 | Computer Name = Sony-Laptop | Source = VzCdbSvc | ID = 7
Description = Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error
code = 0x80042019)

Error - 28/05/2012 14:46:31 | Computer Name = Sony-Laptop | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

[ OSession Events ]
Error - 27/01/2009 20:46:02 | Computer Name = Sony-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 2, Application Name: Microsoft Office Access, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.6215.1000. This session lasted 108
seconds with 60 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 27/05/2012 06:31:39 | Computer Name = Sony-Laptop | Source = HTTP | ID = 15016
Description =

Error - 27/05/2012 06:31:48 | Computer Name = Sony-Laptop | Source = Service Control Manager | ID = 7000
Description =

Error - 27/05/2012 06:37:46 | Computer Name = Sony-Laptop | Source = Service Control Manager | ID = 7034
Description =

Error - 27/05/2012 06:38:34 | Computer Name = Sony-Laptop | Source = Service Control Manager | ID = 7030
Description =

Error - 27/05/2012 06:41:53 | Computer Name = Sony-Laptop | Source = Service Control Manager | ID = 7030
Description =

Error - 27/05/2012 06:45:19 | Computer Name = Sony-Laptop | Source = Service Control Manager | ID = 7030
Description =

Error - 28/05/2012 14:17:09 | Computer Name = Sony-Laptop | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 28/05/2012 14:17:23 | Computer Name = Sony-Laptop | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 28/05/2012 14:17:42 | Computer Name = Sony-Laptop | Source = HTTP | ID = 15016
Description =

Error - 28/05/2012 14:17:48 | Computer Name = Sony-Laptop | Source = Service Control Manager | ID = 7000
Description =


< End of report >
 
Good news :)

whenever I try to change screensaver/display settings/theme saying "Windows host process (Rundll32) has stopped working".
Click to expand...
That may be a subject to a different forum.
Let's see how it goes when we're done.

OTL logs are perfectly clean.

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Do NOT post JavaRa log.

=========================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


3. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


4. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
Eset scan was clean.

Results of screen317's Security Check version 0.99.24
Windows Vista Service Pack 1 x86 (UAC is disabled!)
Out of date service pack!!
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
avast! Free Antivirus
ESET Online Scanner v3
SonicStage Mastering Studio Audio Filter Custom Preset
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
JavaFX 2.1.0
Java(TM) 6 Update 31
Java(TM) 7 Update 4
Java(TM) 6 Update 7
Out of date Java installed!
Adobe Flash Player 11.2.202.235
````````````````````````````````
Process Check:
objlist.exe by Laurent
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
``````````End of Log````````````
 
You must log in or register to reply here.

Similar threads

W
Solved HackTool:Wind32/Mailpassview found
Replies
10
Views
5K
Broni
Broni
C
Solved Malware \ProductData + possibly more, on two devices
Replies
4
Views
7K
Broni
Broni
N
Solved The specified service does not exist as an installed service
2
Replies
43
Views
13K
Broni
Broni

Latest posts

Back