# Vista Home Security malware removal



## compr (Mar 13, 2011)

Hi! I'm running windows 7 and I have the same problem as this guy has:

http://forums.techguy.org/virus-other-malware-removal/983966-wpn-exe-file-posing-vista.html

It's malware masquerading as some kind of anti virus software that jumps up and starts doing a false scan and then tries to make me buy it. It pops up whenever I open an IE/Chrome window and attempts to hijack my browsing. I think it's also somehow hijack spybot search and destroy because I can't get that to scan at the moment. Nor can I get hijack this to produce a log (it just produces a blank notepad file and then 'vista home security' pops up and starts scanning again).

I can only use IE/Chrome when I terminate the process in the task manager (bal.exe - description is 'steam'.)

Being that it has pretty much crippled every possible form of defence my computer has I really would appreciate some help getting rid of this awful thing!

Thank you!


----------



## kevinf80 (Mar 21, 2006)

Hiya compr,

Re-boot to Safe Mode with Networking :-

Re-boot system and continuously tap the F8 key until you see the Windows Advanced Menu, from the options select Safe Mode with Networking










Next,

Please download *Rkill* and save to your Desktop.

 Double-click on the Rkill desktop icon to run the tool.
 If using Vista or Windows 7 right-click on it and Run As Administrator.
 A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
 If you get an alert from the Rogue that RKill is a threat, leave that alert open and re-run RKill again.

Next,








Please download *Malwarebytes* Anti-Malware and save it to your desktop.
*Alernative D/L mirror*
*Alternative D/L mirror*

Double Click mbam-setup.exe to install the application.

 Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
 If an update is found, it will download and install the latest version.
 Once the program has loaded, select "Perform Quick Scan", then click Scan.
 The scan may take some time to finish,so please be patient.
 When the scan is complete, click OK, then Show Results to view the results.
 Make sure that everything is checked, and click Remove Selected.
 When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
 Please save the log to a location you will remember.
 The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
 Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Post the Malwarebytes log in your reply..

Kevin


----------



## compr (Mar 13, 2011)

Nice one kevin! Here's the log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6044
Windows 6.0.6001 Service Pack 1 (Safe Mode)
Internet Explorer 8.0.6001.18999
13/03/2011 18:17:22
mbam-log-2011-03-13 (18-17-22).txt
Scan type: Quick scan
Objects scanned: 144412
Time elapsed: 6 minute(s), 0 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\Users\Peter\local settings\bal.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\Peter\local settings\application data\bal.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.


----------



## kevinf80 (Mar 21, 2006)

Boot into Normal Mode, Re- run Malwarebytes, check for updates and do another quick scan as before. If it comes back clean run the following.

*Step 1*

Download







TFC to your desktop, from either of the following links
*Link 1*
*Link 2*

 Make sure any open work is saved. TFC will close all open application windows.
 Double-click TFC.exe to run the program.
 If prompted, click "Yes" to reboot.
TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

*Step 2*

Download







from any of the following links and save to your Desktop:

*Link 1*
*Link 2*
*Link 3*


 Double click on the icon to run it. Vista and Windows 7 users right click and select Run as Administrator. Make sure all other windows are closed and to let it run uninterrupted.
 In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
 Under the Custom Scan box paste this in

```
netsvcs
      drivers32
      %SYSTEMDRIVE%\*.*
      %systemroot%\*. /mp /s
      CREATERESTOREPOINT
      %systemroot%\System32\config\*.sav
      HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
```

 Click the *Run Scan* button. Do not change any settings unless otherwise told to do so. The scan wont take long.
 When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
 Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them in your reply
Copy and paste OTL Txt and ExtrasTxt in your reply.

Kevin


----------



## compr (Mar 13, 2011)

Here goes...

OTL logfile created on: 13/03/2011 18:53:15 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Peter\Desktop\Virus removal tools
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 42.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 176.24 Gb Total Space | 77.34 Gb Free Space | 43.88% Space Free | Partition Type: NTFS

Computer Name: PETER-PC | User Name: Peter | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/13 18:36:54 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Peter\Desktop\Virus removal tools\OTL.exe
PRC - [2011/02/15 01:32:52 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/11/21 20:30:33 | 000,233,936 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10l_ActiveX.exe
PRC - [2010/01/15 12:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/10/29 06:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/08/24 11:59:12 | 000,870,240 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
PRC - [2008/03/13 18:08:58 | 000,024,576 | ---- | M] (Vodafone) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
PRC - [2008/01/19 07:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/19 07:33:39 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2007/08/28 16:27:12 | 000,131,072 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
PRC - [2007/08/28 16:27:10 | 000,192,512 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2007/07/12 15:33:54 | 000,182,392 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2007/07/12 15:33:54 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2007/06/28 15:52:48 | 000,274,432 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2007/06/22 17:55:32 | 000,739,880 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2007/06/15 19:45:20 | 000,469,112 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
PRC - [2007/06/14 15:40:46 | 000,921,600 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
PRC - [2007/06/13 00:08:01 | 000,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/06/12 01:27:14 | 000,317,560 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\ISB Utility\ISBMgr.exe
PRC - [2007/06/10 00:12:18 | 000,118,784 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2007/06/10 00:12:18 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2007/06/10 00:12:16 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApMsgFwd.exe
PRC - [2007/01/05 02:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

========== Modules (SafeList) ==========

MOD - [2011/03/13 18:36:54 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Peter\Desktop\Virus removal tools\OTL.exe
MOD - [2010/08/31 15:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll
MOD - [2007/06/26 16:53:28 | 000,161,032 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\scrchpg.dll
MOD - [2007/06/26 16:53:28 | 000,070,920 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\r3hook.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService)
SRV - [2010/01/15 12:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/03/13 18:08:58 | 000,024,576 | ---- | M] (Vodafone) [Auto | Running] -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
SRV - [2008/01/19 07:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/20 18:52:32 | 000,079,136 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper)
SRV - [2007/08/28 16:27:12 | 000,131,072 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2007/08/28 16:27:10 | 000,192,512 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2007/07/12 15:33:54 | 000,182,392 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2007/07/06 02:12:52 | 000,292,152 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2007/06/28 15:53:04 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2007/06/28 15:52:48 | 000,274,432 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2007/06/26 16:53:12 | 000,218,376 | ---- | M] (Kaspersky Lab) [Auto | Stopped] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe -- (AVP)
SRV - [2007/06/20 22:35:06 | 002,523,136 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2007/06/20 22:34:52 | 000,499,712 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2007/06/20 22:34:50 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-UCLS-UPnP) VAIO Media Content Collection (UPnP)
SRV - [2007/06/20 22:34:50 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP)
SRV - [2007/06/20 22:34:50 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-UCLS-HTTP) VAIO Media Content Collection (HTTP)
SRV - [2007/06/20 22:34:50 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP)
SRV - [2007/06/13 00:08:01 | 000,094,208 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/03/19 14:14:06 | 000,031,584 | ---- | M] (NetSupport Ltd) [On_Demand | Stopped] -- C:\Program Files\NetSupport Manager\client32.exe -- (Client32)
SRV - [2007/01/10 23:51:06 | 000,745,472 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe -- (VAIOMediaPlatform-UCLS-AppServer)
SRV - [2007/01/05 02:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/12/14 09:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 09:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 08:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)

========== Driver Services (SafeList) ==========

DRV - [2009/02/05 19:57:42 | 000,112,144 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\kl1.sys -- (kl1)
DRV - [2009/02/05 19:31:21 | 000,127,768 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2008/03/07 12:46:32 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007/06/30 11:04:34 | 002,222,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007/06/28 02:29:58 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
DRV - [2007/06/28 00:04:20 | 007,115,072 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/06/28 00:01:22 | 000,075,008 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FLx86.sys -- (R5U870FLx86)
DRV - [2007/06/28 00:01:22 | 000,043,904 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FUx86.sys -- (R5U870FUx86)
DRV - [2007/06/13 00:08:08 | 000,326,656 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/06/10 00:12:18 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/06/06 00:00:39 | 000,812,544 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2007/06/05 03:20:28 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/04/18 03:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2007/04/04 14:59:16 | 000,020,760 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV - [2007/03/19 14:11:44 | 000,039,768 | ---- | M] (NetSupport Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\pcisys.sys -- (PCISys)
DRV - [2007/03/19 14:11:42 | 000,031,584 | ---- | M] (NetSupport Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\gdihook5.sys -- (gdihook5)
DRV - [2007/02/14 02:06:36 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2006/11/08 07:02:38 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)
DRV - [2006/11/06 08:29:32 | 000,027,520 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SonyNC.sys -- (SNC)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/webhp?rlz=1W1SNYW&ie=UTF-8&oe=UTF-8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/01/07 20:25:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/03/06 16:24:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/03/06 16:24:09 | 000,000,000 | ---D | M]

[2010/10/07 20:06:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2007/12/23 19:29:45 | 000,221,616 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 www.1001-search.info
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 7778 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 ) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google BAE\BAE.dll (Your Company Name)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll (Kaspersky Lab)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebook.com/controls/FacebookPhotoUploader3.cab (Facebook Photo Uploader 4 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A1F35586-A5A8-4D37-947A-81875350B11F} http://webalbum.bonusprint.com/ukipc01/downloads//ImageUploader4.cab (Bonusprint Image Uploader Version 4.5 Control)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1.0\R3HOOK.DLL) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\r3hook.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1.0\ADIALHK.DLL) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\adialhk.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\VAIO Cozy Orange Wallpaper 1280x800.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\VAIO Cozy Orange Wallpaper 1280x800.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{73d6a779-44f8-11e0-b112-001a80214cec}\Shell\AutoRun\command - "" = "G:\ShellExe.exe " BLB_Start.exe
O33 - MountPoints2\{79c9e113-977f-11dd-abd8-001bfb8c2d30}\Shell - "" = AutoRun
O33 - MountPoints2\{79c9e113-977f-11dd-abd8-001bfb8c2d30}\Shell\AutoRun\command - "" = G:\laucher.exe
O33 - MountPoints2\{ab1f1b01-3991-11de-8789-001a80214cec}\Shell - "" = AutoRun
O33 - MountPoints2\{ab1f1b01-3991-11de-8789-001a80214cec}\Shell\AutoRun\command - "" = G:\setup.exe
O33 - MountPoints2\{ac5a0ef2-445b-11de-989a-001a80214cec}\Shell - "" = AutoRun
O33 - MountPoints2\{ac5a0ef2-445b-11de-989a-001a80214cec}\Shell\AutoRun\command - "" = G:\setup.exe
O33 - MountPoints2\{d2428dce-36fb-11de-96b7-001a80214cec}\Shell - "" = AutoRun
O33 - MountPoints2\{d2428dce-36fb-11de-96b7-001a80214cec}\Shell\AutoRun\command - "" = G:\setup.exe
O33 - MountPoints2\{d24290a3-36fb-11de-96b7-001a80214cec}\Shell - "" = AutoRun
O33 - MountPoints2\{d24290a3-36fb-11de-96b7-001a80214cec}\Shell\AutoRun\command - "" = G:\setup.exe
O33 - MountPoints2\{e44dfdee-1ed7-11df-80b5-d050515b8278}\Shell\AutoRun\command - "" = y.exe
O33 - MountPoints2\{e44dfdee-1ed7-11df-80b5-d050515b8278}\Shell\open\Command - "" = y.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.dvsd - C:\Program Files\Common Files\Sony Shared\VideoLib\sonydv.dll (Sony Corporation)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/03/13 18:31:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/03/13 18:24:04 | 000,000,000 | ---D | C] -- C:\Users\Peter\Desktop\Virus removal tools
[2011/03/13 18:08:53 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Roaming\Malwarebytes
[2011/03/13 18:08:47 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/03/13 18:08:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/03/13 18:08:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/03/13 18:08:44 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/03/13 18:08:44 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/03/13 17:21:03 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/03/13 17:21:03 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/03/13 16:39:36 | 004,738,880 | ---- | C] (AVG Technologies) -- C:\Users\Peter\Desktop\avg_free_stb_all_2011_1204_cnet.exe
[2011/03/06 16:26:12 | 000,000,000 | ---D | C] -- C:\Users\Peter\AppData\Local\DDMSettings
[2011/03/06 16:20:36 | 000,000,000 | ---D | C] -- C:\Program Files\DivX

========== Files - Modified Within 30 Days ==========

[2011/03/13 18:53:45 | 043,975,712 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox.dat
[2011/03/13 18:53:40 | 000,612,100 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/03/13 18:53:40 | 000,109,516 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/03/13 18:48:48 | 000,195,741 | ---- | M] () -- C:\Users\Peter\AppData\Roaming\nvModes.001
[2011/03/13 18:48:10 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/13 18:48:01 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/13 18:48:01 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/13 18:47:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/03/13 18:47:44 | 2145,837,056 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/13 18:47:41 | 000,000,008 | ---- | M] () -- C:\Windows\System32\pcisys.ntk
[2011/03/13 18:47:04 | 000,590,864 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox.idx
[2011/03/13 18:46:45 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/03/13 18:31:25 | 000,001,079 | ---- | M] () -- C:\Users\Peter\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/03/13 18:03:17 | 000,009,878 | -HS- | M] () -- C:\Users\Peter\AppData\Local\3977749831
[2011/03/13 18:03:17 | 000,009,878 | -HS- | M] () -- C:\ProgramData\3977749831
[2011/03/13 18:02:13 | 001,006,747 | ---- | M] () -- C:\Users\Peter\Desktop\iExplore.exe
[2011/03/13 17:12:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3205504509-1290654158-850489818-1000UA.job
[2011/03/13 17:07:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/13 16:39:36 | 004,738,880 | ---- | M] (AVG Technologies) -- C:\Users\Peter\Desktop\avg_free_stb_all_2011_1204_cnet.exe
[2011/03/13 09:12:01 | 000,000,854 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3205504509-1290654158-850489818-1000Core.job
[2011/03/12 21:38:41 | 000,002,004 | ---- | M] () -- C:\Users\Peter\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/03/09 11:59:26 | 000,002,627 | ---- | M] () -- C:\Users\Peter\Desktop\Microsoft Office Word 2007.lnk
[2011/02/13 14:23:40 | 001,124,664 | ---- | M] () -- C:\Users\Peter\Desktop\953.05.d Proposed Ground Floor Plan.pdf
[2011/02/13 14:23:34 | 000,021,367 | ---- | M] () -- C:\Users\Peter\Desktop\Abor Vitae B Regs 21.01.11.pdf
[2011/02/13 14:23:28 | 000,767,235 | ---- | M] () -- C:\Users\Peter\Desktop\953.09.b Proposed Site.pdf
[2011/02/13 14:23:22 | 000,660,733 | ---- | M] () -- C:\Users\Peter\Desktop\953.08.d Proposed Sections B-B, C-C, D-D & E-E.pdf
[2011/02/13 14:23:14 | 000,231,119 | ---- | M] () -- C:\Users\Peter\Desktop\953.07.c Proposed Elevations & Section A-A.pdf
[2011/02/13 14:23:08 | 000,764,225 | ---- | M] () -- C:\Users\Peter\Desktop\953.06.d Proposed First Floor Plan & Roof Plan.pdf

========== Files Created - No Company Name ==========

[2011/03/13 18:31:25 | 000,001,079 | ---- | C] () -- C:\Users\Peter\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/03/13 18:19:52 | 2145,837,056 | -HS- | C] () -- C:\hiberfil.sys
[2011/03/13 18:02:12 | 001,006,747 | ---- | C] () -- C:\Users\Peter\Desktop\iExplore.exe
[2011/03/13 16:06:44 | 000,009,878 | -HS- | C] () -- C:\Users\Peter\AppData\Local\3977749831
[2011/03/13 16:06:44 | 000,009,878 | -HS- | C] () -- C:\ProgramData\3977749831
[2011/02/13 14:36:51 | 001,124,664 | ---- | C] () -- C:\Users\Peter\Desktop\953.05.d Proposed Ground Floor Plan.pdf
[2011/02/13 14:36:39 | 000,764,225 | ---- | C] () -- C:\Users\Peter\Desktop\953.06.d Proposed First Floor Plan & Roof Plan.pdf
[2011/02/13 14:36:29 | 000,231,119 | ---- | C] () -- C:\Users\Peter\Desktop\953.07.c Proposed Elevations & Section A-A.pdf
[2011/02/13 14:36:24 | 000,660,733 | ---- | C] () -- C:\Users\Peter\Desktop\953.08.d Proposed Sections B-B, C-C, D-D & E-E.pdf
[2011/02/13 14:36:20 | 000,767,235 | ---- | C] () -- C:\Users\Peter\Desktop\953.09.b Proposed Site.pdf
[2011/02/13 14:36:14 | 000,021,367 | ---- | C] () -- C:\Users\Peter\Desktop\Abor Vitae B Regs 21.01.11.pdf
[2010/02/27 17:12:48 | 000,025,773 | ---- | C] () -- C:\Users\Peter\AppData\Roaming\UserTile.png
[2009/10/18 20:13:50 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/08/25 13:16:25 | 000,038,409 | ---- | C] () -- C:\Users\Peter\AppData\Roaming\Comma Separated Values (Windows).ADR
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/23 20:27:44 | 000,105,304 | ---- | C] () -- C:\Windows\System32\pcimon.dll
[2009/07/23 20:27:44 | 000,080,736 | ---- | C] () -- C:\Windows\System32\clhook4.dll
[2009/07/23 20:27:44 | 000,036,912 | ---- | C] () -- C:\Windows\System32\pcimsg.dll
[2009/07/23 20:27:44 | 000,035,680 | ---- | C] () -- C:\Windows\System32\pcigina.dll
[2009/07/23 20:27:44 | 000,027,480 | ---- | C] () -- C:\Windows\System32\pcivdd.dll
[2009/06/13 05:35:22 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/06/13 05:35:22 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/02/05 19:35:45 | 000,108,059 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2009/02/05 19:35:45 | 000,095,259 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2009/02/05 19:31:51 | 043,975,712 | -HS- | C] () -- C:\Windows\System32\drivers\fidbox.dat
[2008/03/07 15:43:56 | 000,084,734 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2008/03/07 12:47:30 | 000,020,270 | ---- | C] () -- C:\ProgramData\DeviceInstaller.xml
[2008/02/21 02:05:44 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2007/12/17 17:03:42 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2007/12/15 15:45:04 | 000,104,448 | ---- | C] () -- C:\Users\Peter\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/12/15 15:45:03 | 000,001,356 | ---- | C] () -- C:\Users\Peter\AppData\Local\d3d9caps.dat
[2007/12/15 15:44:47 | 000,195,741 | ---- | C] () -- C:\Users\Peter\AppData\Roaming\nvModes.dat
[2007/12/15 15:44:47 | 000,195,741 | ---- | C] () -- C:\Users\Peter\AppData\Roaming\nvModes.001
[2007/08/11 22:34:01 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2007/08/11 22:23:02 | 000,019,968 | ---- | C] () -- C:\Windows\System32\Cpuinf32.dll
[2007/08/11 22:15:15 | 000,344,064 | ---- | C] () -- C:\Windows\System32\SSMSIppCustom.dll
[2007/07/20 23:02:11 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2007/07/20 22:26:29 | 000,000,033 | ---- | C] () -- C:\Windows\System32\elcric.dat
[2007/06/26 16:52:48 | 000,022,457 | ---- | C] () -- C:\Windows\System32\drivers\klop.dat
[2007/06/22 17:34:44 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2007/06/11 11:09:39 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2007/06/11 11:09:38 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2007/06/11 11:08:57 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2007/04/16 10:24:16 | 000,023,752 | ---- | C] () -- C:\Windows\System32\providers.bin
[2006/11/02 12:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 12:47:37 | 000,332,352 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 12:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 10:33:01 | 000,612,100 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 10:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 10:33:01 | 000,109,516 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 10:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 10:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 08:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 08:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 07:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001/11/14 20:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== LOP Check ==========

[2009/08/08 08:24:58 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2007/12/16 21:01:50 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\InterVideo
[2010/02/27 17:12:48 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\PeerNetworking
[2009/05/02 12:11:24 | 000,000,000 | ---D | M] -- C:\Users\Peter\AppData\Roaming\Vodafone
[2011/03/13 18:46:48 | 000,032,602 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2006/09/18 21:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2008/01/19 07:45:45 | 000,333,203 | RHS- | M] () -- C:\bootmgr
[2007/07/20 23:13:35 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006/09/18 21:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2011/03/13 18:47:44 | 2145,837,056 | -HS- | M] () -- C:\hiberfil.sys
[2008/12/18 10:04:43 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/12/18 10:04:43 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/03/13 18:47:43 | 2459,635,712 | -HS- | M] () -- C:\pagefile.sys
[2011/03/13 18:04:30 | 000,000,488 | ---- | M] () -- C:\rkill.log
[2007/08/11 22:38:01 | 000,389,758 | ---- | M] () -- C:\vcredist_x86.log

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2006/11/02 10:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 10:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 10:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 10:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 10:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-12-20 09:06:38
< End of report >

OTL Extras logfile created on: 13/03/2011 18:53:15 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Peter\Desktop\Virus removal tools
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 42.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 176.24 Gb Total Space | 77.34 Gb Free Space | 43.88% Space Free | Partition Type: NTFS

Computer Name: PETER-PC | User Name: Peter | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{35212BF4-F44B-4B23-BC08-6C4FCF295671}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{77FD8554-59A8-494C-8F04-C724BA3F7EE8}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{79D35FEB-4B6B-4DDD-A1A8-4052095AA4FA}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F0A8446-086F-4057-8D55-029E87EF78CB}" = protocol=17 | dir=in | app=c:\program files\netsupport manager\client32.exe | 
"{1C0EA9C8-F40A-4316-AE8B-074DB7442A97}" = protocol=6 | dir=in | app=c:\program files\google\google talk\googletalk.exe | 
"{1E3A7CC1-5A4C-4EBE-808E-FE4FA0DB1C26}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{26F052B4-0AFD-48BF-BCF3-5908863C2725}" = protocol=6 | dir=in | app=c:\program files\netsupport manager\client32.exe | 
"{2BFC7F68-B79A-41EE-9291-F362CA95C86F}" = protocol=6 | dir=in | app=c:\program files\netsupport manager\client32.exe | 
"{387497D1-5A58-4F58-AC7C-4B65EB188E75}" = protocol=6 | dir=in | app=c:\program files\kontiki\kservice.exe | 
"{3C29FE02-53CD-4E78-9DA2-13A87ECFED58}" = protocol=17 | dir=in | app=c:\program files\netsupport manager\client32.exe | 
"{933AB9DE-DE1D-42BE-B77B-8B0DF43D55E8}" = protocol=17 | dir=in | app=c:\program files\kontiki\kservice.exe | 
"{F4F15440-9D6E-4164-B884-DBE0D51F4153}" = protocol=17 | dir=in | app=c:\program files\google\google talk\googletalk.exe | 
"TCP Query User{246F4AAE-1BF3-48BC-BC74-0B0AFC12187D}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"TCP Query User{30963FEF-96A2-46E0-9ECE-9D08A69491FD}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{3D72D20C-7CB4-4F45-9266-19E89FC4FAE3}C:\program files\kontiki\khost.exe" = protocol=6 | dir=in | app=c:\program files\kontiki\khost.exe | 
"TCP Query User{6876F27F-1270-40C0-8C71-DBFBDFA3C82D}C:\program files\soulseek\slsk.exe" = protocol=6 | dir=in | app=c:\program files\soulseek\slsk.exe | 
"TCP Query User{92946A38-4AE9-48E9-91E4-8E84C0E3D471}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | 
"TCP Query User{ACFAE89C-25E9-480E-B537-028CAD6ABCB4}C:\program files\real\realplayer\recordingmanager.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\recordingmanager.exe | 
"TCP Query User{E609C40D-D71C-4A49-8190-44153C501DA6}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"UDP Query User{06BCEB47-EFF3-4FBB-B62F-B8B2527B93DB}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 
"UDP Query User{26080A42-4F49-42C3-BA67-6848AA5481A8}C:\program files\kontiki\khost.exe" = protocol=17 | dir=in | app=c:\program files\kontiki\khost.exe | 
"UDP Query User{371CEE1D-3DC2-4A1D-BBF7-E3BF16CBB05A}C:\program files\soulseek\slsk.exe" = protocol=17 | dir=in | app=c:\program files\soulseek\slsk.exe | 
"UDP Query User{5307D946-68B6-445E-A8AC-073862E261B8}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{5DEB1430-7CEB-41BA-8841-515478B96C9C}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"UDP Query User{A597A193-510B-4411-8CFF-3735127788CB}C:\program files\real\realplayer\recordingmanager.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\recordingmanager.exe | 
"UDP Query User{F8C6011B-F64E-4FAB-8435-1E28F603C3D0}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{009E7FB7-1775-4D89-8956-F5C9A1C019FC}" = DSD Playback Plug-in
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
"{021AD585-5EEE-4B58-83BC-0AC86008EBC8}" = VAIO Media Registration Tool
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.1.0.1203
"{0E4BC542-9CFD-4E97-B586-9F1E5516E7B9}" = Microsoft IntelliPoint 6.1
"{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}" = VAIO Launcher
"{1BEF9285-5530-426B-A5F1-5836B95C7EB1}" = VAIO Original Screen Saver
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD BD for VAIO
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{29262C96-A8B9-467B-ADA9-592974677D6E}" = VAIO Content Metadata XML Interface Library
"{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}" = Wireless Switch Setting Utility
"{2A2FF7F5-6F0E-4A5D-A881-39365E718BD6}" = VAIO Cozy Orange Wallpaper
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{374F03BB-9C09-4DB3-9C9B-C71E63292950}" = Google Earth
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}" = Skype Plugin Manager
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{41888B21-922B-4241-4594-EF1E6828A72B}" = BBC iPlayer Desktop
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4EA55D20-27FB-45D7-8726-147E8A5F6C62}" = VAIO MusicBox
"{500162A0-4DD5-460A-BAFD-895AAE48C532}" = VAIO Media Content Collection 6.0
"{533D0A8A-D7E7-4F15-BC9E-FF2916A6BAA7}" = DSD Direct Player
"{560F6B2E-F0DF-44E5-8190-A4A161F0E205}" = VAIO Media 6.0
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}" = VAIO Media Redistribution 6.0
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6110F38A-5BE6-4199-AC96-D2DD6B4A3ADE}" = VAIO Content Metadata Intelligent Analyzing Manager
"{6332AFF1-9D9A-429C-AA03-F82749FA4F49}" = SonicStage Mastering Studio
"{63A6E9A9-A190-46D4-9430-2DB28654AFD8}" = Norton 360
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = VAIO Content Importer / VAIO Content Exporter
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" = 
"{69351E9E-23ED-41D5-B146-EDBF83C63B66}" = VAIO Content Metadata Manager Setting
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6D2576EC-A0E9-418A-A09A-409933A3B6F4}" = VAIO Camera Capture Utility
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{785EB1D4-ECEC-4195-99B4-73C47E187721}" = VAIO Media Integrated Server 6.1
"{7B63B2922B174135AFC0E1377DD81EC2}" = 
"{802889F8-6AF5-45A5-9764-CA5B999E50FC}" = VAIO Power Management
"{82D5BACA-3619-4D34-99DB-3A65CFB4DA33}" = DSD Direct
"{83CDA18E-0BF3-4ACA-872C-B4CDABF2360E}" = VAIO Update 4
"{8FC56444-161D-43B4-A662-F18F2E4A2A32}" = VAIO Content Metadata Manager Setting
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_STANDARDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_STANDARDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_STANDARDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{934A3213-1CB6-4264-84A2-EE080C017BCA}" = VAIO Tender Green Wallpaper
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97BCD719-6ECB-458F-97D6-F38D2E07375E}" = VAIO Aqua Breeze Wallpaper
"{98FC7A64-774B-49B5-B046-4B4EBC053FA9}" = VAIO MusicBox Sample Music
"{9AB83A3C-604D-4B4F-AA25-A23A3FC39844}" = ArcSoft Magic-i Visual Effects Installer
"{9C1C8A04-F8CA-4472-A92D-4288CE32DE86}" = SonicStage Mastering Studio Plugins
"{9E407618-D9CD-4F39-9490-9ED45294073D}" = Click to DVD 2.0.05 Menu Data
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Function Setting
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 6.0
"{AFBA0609-EB70-43CB-B11C-294EDADFA101}" = 
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B5A1D6E5-4466-480C-BEA3-5E922CBBC8C0}" = VAIO Content Importer VAIO Content Exporter
"{B5E2DF30-1061-4DB4-AF28-08996C8E5680}" = VAIO Content Metadata XML Interface Library
"{B66AD8F4-0951-407E-807F-C300F6970B5A}" = VAIO Media
"{B7FB0C86-41A4-4402-9A33-912C462042A0}" = Roxio Easy Media Creator Home
"{C73A3AB4-99A4-45E5-B77F-09A3065E0D6A}" = Microsoft IntelliType Pro 6.1
"{C774410D-3EF9-4DE7-AC01-332613163ECF}" = Kaspersky Internet Security 7.0
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{DF7DB916-90E5-40F2-9010-B8125EB5FD6F}" = SonicStage Mastering Studio Audio Filter
"{E4D96ABB-E0D8-4CA4-856E-A2703F5490F0}" = VAIO Content Metadata Intelligent Analyzing Manager
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E66BB7B9-EC7B-45A6-B479-AD43A9B32AA0}" = SonicStage Mastering Studio
"{E809063C-51A3-4269-8984-D1EB742F2151}" = Click to DVD 2.6.00
"{EBE55E74-AF94-47BB-849B-C79F236C65F4}" = VAIO Movie Story
"{EC37A846-53AC-4DA7-98FA-76A4E74AA900}" = SonicStage Mastering Studio Audio Filter Custom Preset
"{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}" = VAIO Event Service
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" = 
"{F7C0163D-9CD8-4F5F-BAC8-3E45A0000AFF}" = Vodafone Mobile Connect Lite Huawei
"{FAA6B94E-78A7-489C-B2DB-050D9FEBFADA}" = VAIO Content Metadata Intelligent Analyzing Manager
"7-Zip" = 7-Zip 4.57
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1" = BBC iPlayer Desktop
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"DivX Setup.divx.com" = DivX Setup
"dt icon module" = 
"eBay HTML" = 
"gtfirstboot Setting Request" = 
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD BD for VAIO
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"InstallWIX_{C774410D-3EF9-4DE7-AC01-332613163ECF}" = Kaspersky Internet Security 7.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NetSupport Manager" = NetSupport Manager
"NVIDIA Drivers" = NVIDIA Drivers
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-15-19-01
"Picasa2" = Picasa 2
"RealPlayer 6.0" = RealPlayer
"Skype_is1" = Skype 3.2
"SopCast" = SopCast 3.0.3
"Soulseek" = SoulSeek Client 156c
"STANDARDR" = Microsoft Office Standard 2007
"VAIO Help and Support" = 
"VAIO MFU Module" = 
"VAIO Xblack Contents" = VAIO Xblack Contents
"VLC media player" = VideoLAN VLC media player 0.8.6d
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/09/2008 15:35:03 | Computer Name = Peter-PC | Source = VzCdbSvc | ID = 7
Description = Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error
code = 0x80042019)

Error - 10/09/2008 15:40:57 | Computer Name = Peter-PC | Source = WerSvc | ID = 5007
Description =

Error - 10/09/2008 22:10:50 | Computer Name = Peter-PC | Source = VzCdbSvc | ID = 7
Description = Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error
code = 0x80042019)

Error - 11/09/2008 00:49:02 | Computer Name = Peter-PC | Source = WerSvc | ID = 5007
Description =

Error - 11/09/2008 15:45:52 | Computer Name = Peter-PC | Source = VzCdbSvc | ID = 7
Description = Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error
code = 0x80042019)

Error - 11/09/2008 16:12:49 | Computer Name = Peter-PC | Source = Application Error | ID = 1000
Description = Faulting application VCSW.exe, version 2.0.0.8230, time stamp 0x44ebdcdb,
faulting module sonyuppc.dll, version 7.0.0.35270, time stamp 0x456aabb2, exception
code 0xc0000005, fault offset 0x00018d05, process id 0x884, application start time
0x01c91446fe116c4b.

Error - 11/09/2008 16:49:19 | Computer Name = Peter-PC | Source = WerSvc | ID = 5007
Description =

Error - 11/09/2008 17:00:07 | Computer Name = Peter-PC | Source = Application Hang | ID = 1002
Description = The program WinDVD.exe version 8.0.8.425 stopped interacting with 
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1350 Start Time: 01c914513ff2e030 Termination Time: 55

Error - 14/09/2008 13:01:08 | Computer Name = Peter-PC | Source = VzCdbSvc | ID = 7
Description = Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error
code = 0x80042019)

Error - 14/09/2008 14:00:56 | Computer Name = Peter-PC | Source = WerSvc | ID = 5007
Description =

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >


----------



## kevinf80 (Mar 21, 2006)

Hiya compr,

Did you previously have Norton installed, if so run the removal tool:

Download and install the Norton removal tool from *Here*

*Alternative link*

Install and run the tool, follow any prompts that are given.

Next,

Download Security Check by screen317 from *HERE* or *HERE*.
Save it to your Desktop.
Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me see the log from Security Check, also give update on any remaining issues...

Kevin


----------



## compr (Mar 13, 2011)

Results of screen317's Security Check version 0.99.9 
Windows Vista Service Pack 1 (UAC is enabled) 
*Out of date service pack!!* 
Internet Explorer 8 
*`````````````````````````````` 
Antivirus/Firewall Check:* 
Windows Firewall Enabled! 
AVG 2011 
SonicStage Mastering Studio Audio Filter Custom Preset 
McAfee Security Scan Plus 
WMI entry may not exist for antivirus; attempting automatic update. 
*``````````````````````````````` 
Anti-malware/Other Utilities Check:* 
Malwarebytes' Anti-Malware 
Java(TM) 6 Update 13 
Java(TM) SE Runtime Environment 6 Update 1 
*Out of date Java installed!* 
Adobe Flash Player 9.0.124.0 
Adobe Reader 8.1.3 
*Out of date Adobe Reader installed!* 
*```````````````````````````````` 
Process Check: 
objlist.exe by Laurent* 
Windows Defender MSASCui.exe 
AVG avgwdsvc.exe 
AVG avgtray.exe 
AVG avgrsx.exe 
AVG avgnsx.exe 
AVG avgemc.exe 
Windows Defender MSASCui.exe 
*``````````End of Log````````````*

Everything seems to be resolved. I haven't got any annoying warnings from vista home security at least. I have removed kapersky because it was out of date/license and installed AVG instead, is this the best option for malware protection?

Thanks a lot for your help!


----------



## kevinf80 (Mar 21, 2006)

Hiya copr,

Continue as follows :-

*Step 1*


Download *OTC* by OldTimer and save it to your *desktop.* *Alternative mirror*
Double click







icon to start the program. 
If you are using Vista or Windows 7, please right-click and choose run as administrator
Then Click the big







button.
You will get a prompt saying "_Begining Cleanup Process_". Please select *Yes*.
Restart your computer when prompted.

*Step 2*

Uninstall the following via Start > Control Panel > Uninstall a Program :-

*Java(TM) SE Runtime Environment 6 Update 1 *

*Step 3*

You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. 
For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system. 
The most current version of Sun Java is: Java Runtime Environment Version 6 Update 24.


 Go to *Sun Java*
 Select *Windows 7/XP/Vista/2000/2003/2008* If using 64 bit OS Select *Information about the 64-bit Java plug-in* and follow prompts
 Install the new version by running the newly-downloaded file with the java icon which will be at your desktop, and follow the on-screen instructions.
 Reboot your computer

*Step 4*

Your Adobe Acrobat Reader is out of date. Older versions are vulnerable to attack and exploitation.

Please go to the link below to update.

*Adobe Reader* Untick the Free McAfee® Security Scan Plus, not required.

*Step 5*

Your Adobe Flash Player is out of date. Older versions are vulnerable to attack and exploitation
Please go to the link below to update.
*Adobe Flash Player* Untick the Free McAfee® Security Scan Plus (optional) not required.

*Step 6*

We need to reset System Restore,

1. Click Start
2. Right click Computer > Properties > Choose Advanced System Settings option in left menu listing.
3. If UAC enabled you will get a UAC prompt at this click Continue
4. Click System Protection tab
5. Then Untick any Drive Listed ( see pic below ) and in the popup window click Turn Off System Restore
6. Click Apply > OK










Turn ON System Restore-Vista

1. Click the Vista/Start icon
2. Right Click >> Computer
3. Click Properties.
4. Click the System Protection tab.
5. Checkmark All drives that were selected previously then click Apply.
6. Use the create button to create a new Restore Point, follow the prompts.

*Step 7*

You need to update to SP2 at your earliest convenience, a stand alone installer is available *Here* you can also get via your windows updates...

Let me know if the above steps complete OK, also any remaining issues....

Kevin


----------

