# PUP malware detected



## STIG_DH (Jan 25, 2013)

Hi
PC performance took a real downturn recently. I undertook a Malwarebytes full scan and found PUP.Mywebsearch:

HKCU\Software\AppDataLow\Software\MyWebSearch (PUP.MyWebsearch) -> Quarantined and deleted successfully.

I deleted as the above indicates, then checked online about this and found that it is very difficult to remove (Malwarebytes only tool that detects it but won't remove it). It now takes forever to load browsers (firefox won't even load unless I close down and reboot) and the PC performance is worse

Many thanks in advance for your help in restoring life back to my PC! 

HJT, dds and attach logfiles posted below.
ark.txt to follow

*HJT log:*

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:05:14, on 25/01/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Sony\Network Utility\NSUService.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Windows\system32\stacsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Hobbyist Software\Off-Helper\Off-Helper Configuration.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Device Center\itype.exe
C:\Program Files\Microsoft Device Center\ipoint.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Sony\Network Utility\LANUtil.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe
C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
C:\Program Files\PURE Flow Server\twonkymediaserverconfig.exe
C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Program Files\Air Mouse\Air Mouse\Mobile Mouse Service.exe
C:\Program Files\Sony\VAIO Update\VUAgent.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Hobbyist Software\Off-Helper\Off-Helper Service.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe
C:\Program Files\PURE Flow Server\twonkymediaserverwatchdog.exe
C:\Program Files\PURE Flow Server\TwonkyMediaServer.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\David\Downloads\HijackThis.exe

*dds log*

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.11.2
Run by David at 18:09:39 on 2013-01-25
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.2046.595 [GMT 0:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Sony\Network Utility\NSUService.exe
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Windows\system32\stacsv.exe
C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Hobbyist Software\Off-Helper\Off-Helper Configuration.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Device Center\itype.exe
C:\Program Files\Microsoft Device Center\ipoint.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Sony\Network Utility\LANUtil.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe
C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
C:\Program Files\PURE Flow Server\twonkymediaserverconfig.exe
C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Program Files\Air Mouse\Air Mouse\Mobile Mouse Service.exe
C:\Program Files\Sony\VAIO Update\VUAgent.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Hobbyist Software\Off-Helper\Off-Helper Service.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\PURE Flow Server\twonkymediaserverwatchdog.exe
C:\Program Files\PURE Flow Server\TwonkyMediaServer.exe
C:\Windows\system32\conhost.exe
C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\notepad.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://isearch.avg.com/?cid={501DFD45-A49D-42DF-AA9E-94D14FE10DEA}&mid=817714f9acf041b5a6547aa47ab33c10-65e1a4875b02c7609a9be601045b080760c605a4&lang=en&ds=hk011&pr=&d=2013-01-25 15:38:26&v=13.2.0.4&sap=hp
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.club-vaio.com
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\13.2.0.4\AVG Secure Search_toolbar.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\program files\google bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - c:\program files\avg secure search\13.2.0.4\AVG Secure Search_toolbar.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [NSUFloatingUI] "c:\program files\sony\network utility\LANUtil.exe"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [GoogleDriveSync] "c:\program files\google\drive\googledrivesync.exe" /autostart
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop elements 6.0\apdproxy.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [Hobbyist Software On-Off Helper] "c:\program files\hobbyist software\off-helper\Off-Helper Configuration.exe" /startup
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [IntelliType Pro] "c:\program files\microsoft device center\itype.exe"
mRun: [IntelliPoint] "c:\program files\microsoft device center\ipoint.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [ROC_roc_ssl_v12] "c:\program files\avg secure search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
StartupFolder: c:\users\david\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\david\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\david\appdata\roaming\micros~1\windows\startm~1\programs\startup\everno~1.lnk - c:\program files\evernote\evernote\EvernoteClipper.exe
StartupFolder: c:\users\david\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\users\david\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\users\david\appdata\roaming\micros~1\windows\startm~1\programs\startup\purefl~1.lnk - c:\program files\pure flow server\twonkymediaserverconfig.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\airmou~1.lnk - c:\program files\air mouse\air mouse\Air Mouse.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.285\SSScheduler.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\purefl~1.lnk - c:\program files\pure flow server\twonkymediaserverconfig.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Evernote 4.0 - c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\program files\evernote\evernote\EvernoteIE.dll/204
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{B8E8EBE0-C1DD-4A83-86D6-F9C48AD53AA8} : NameServer = 192.168.2.1,89.16.173.11
TCP: Interfaces\{B8E8EBE0-C1DD-4A83-86D6-F9C48AD53AA8} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{B8E8EBE0-C1DD-4A83-86D6-F9C48AD53AA8}\84F6D656 : NameServer = 192.168.2.1,89.16.173.11
TCP: Interfaces\{B8E8EBE0-C1DD-4A83-86D6-F9C48AD53AA8}\84F6D656 : DHCPNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{C2AADC08-9101-4CD2-9A9F-4AEA51038AE5} : DHCPNameServer = 192.168.2.1
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\13.2.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: VESWinlogon - VESWinlogon.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\24.0.1312.56\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\david\appdata\roaming\mozilla\firefox\profiles\wf9gy7j5.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2354614&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://isearch.avg.com/?cid={501DFD45-A49D-42DF-AA9E-94D14FE10DEA}&mid=817714f9acf041b5a6547aa47ab33c10-65e1a4875b02c7609a9be601045b080760c605a4&lang=en&ds=hk011&pr=&d=2013-01-25 15:38:26&v=13.2.0.4&sap=hp
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid={501DFD45-A49D-42DF-AA9E-94D14FE10DEA}&mid=817714f9acf041b5a6547aa47ab33c10-65e1a4875b02c7609a9be601045b080760c605a4&lang=en&ds=hk011&pr=&d=2013-01-25 15:38:26&v=13.2.0.4&sap=ku&q=
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - component: c:\users\david\appdata\roaming\mozilla\firefox\profiles\wf9gy7j5.default\extensions\[email protected]\components\cooliris.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\picasa3\npPicasa2.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPCIG.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nprpplugin.dll
FF - plugin: c:\program files\mozilla plugins\npitunes.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\program files\sony\media go\npmediago.dll
FF - plugin: c:\program files\sony\playstation network downloader\nppsndl.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlchromebrowserrecordext.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlhtml5videoshim.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlpepperflashvideoshim.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\npdlplugin.dll
FF - plugin: c:\users\david\appdata\roaming\mozilla\firefox\profiles\wf9gy7j5.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
FF - plugin: c:\users\david\appdata\roaming\mozilla\plugins\npatgpc.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_146.dll
FF - ExtSQL: 2013-01-16 11:18; {34712C68-7391-4c47-94F3-8F88D49AD632}; c:\programdata\realnetworks\realdownloader\browserplugins\firefox\Ext
FF - ExtSQL: !HIDDEN! 2009-08-21 07:48; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-4-18 217032]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2012-12-23 65848]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-5-2 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-5-2 361032]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 251728]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-1-25 26984]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2009-10-5 65584]
R1 RapportCerberus_43926;RapportCerberus_43926;c:\programdata\trusteer\rapport\store\exts\rapportcerberus\43926\RapportCerberus32_43926.sys [2012-10-29 272216]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2012-12-23 71480]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2012-12-23 166840]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-5-2 21256]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-5-2 58680]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-11-20 44808]
R2 NSUService;NSUService;c:\program files\sony\network utility\NSUService.exe [2008-10-8 299008]
R2 Off-Helper;Off-Helper;c:\program files\hobbyist software\off-helper\Off-Helper Service.exe [2011-3-13 6656]
R2 PURE Flow Server;PURE Flow Server;c:\program files\pure flow server\twonkymediaserverwatchdog.exe -serviceversion 0 --> c:\program files\pure flow server\twonkymediaserverwatchdog.exe -serviceversion 0 [?]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2012-12-23 976728]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2012-11-29 38608]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\drivers\ArcSoftKsUFilter.sys [2008-10-4 17408]
R3 AVerM115S;AVerM115S service;c:\windows\system32\drivers\AVerM115S.sys [2007-12-18 841472]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\drivers\R5U870FLx86.sys [2007-12-18 73472]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\drivers\R5U870FUx86.sys [2007-12-18 43904]
R3 RapportIaso;RapportIaso;c:\programdata\trusteer\rapport\store\exts\rapportms\baseline\RapportIaso.sys [2012-10-29 21520]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2007-12-18 9344]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-12-18 812544]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-7-13 311296]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-11-9 160944]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-11-2 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2012-8-9 12400]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-12-18 30192]
S3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.4.0;c:\windows\system32\drivers\libusb0.sys [2011-10-7 21504]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.285\McCHSvc.exe [2012-9-5 234776]
S3 Sony PC Companion;Sony PC Companion;c:\program files\sony\sony pc companion\PCCService.exe [2012-5-16 155320]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-1-28 52224]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
.
=============== File Associations ===============
.
ShellExec: VCExporterLaunch.exe: open="c:\program files\sony\vaio vp utilities\VCELaunch.exe" "%1"
.
=============== Created Last 30 ================
.
2013-01-25 15:46:40	60872	----a-w-	c:\programdata\microsoft\windows defender\definition updates\{50b6b934-4861-4920-9c23-8d9ba8608c67}\offreg.dll
2013-01-25 15:41:52	--------	d-----w-	c:\users\david\appdata\local\WinZip
2013-01-25 15:38:38	--------	d-----w-	c:\users\david\appdata\local\AVG Secure Search
2013-01-25 15:38:32	--------	d-----w-	c:\programdata\AVG Secure Search
2013-01-25 15:38:20	26984	----a-w-	c:\windows\system32\drivers\avgtpx86.sys
2013-01-25 15:38:13	--------	d-----w-	c:\program files\common files\AVG Secure Search
2013-01-25 15:38:12	--------	d-----w-	c:\program files\AVG Secure Search
2013-01-25 09:23:40	6991832	----a-w-	c:\programdata\microsoft\windows defender\definition updates\{50b6b934-4861-4920-9c23-8d9ba8608c67}\mpengine.dll
2013-01-24 11:09:17	--------	d-----w-	c:\users\david\appdata\local\Programs
2013-01-20 13:42:06	94112	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2013-01-16 11:18:56	--------	d-----w-	c:\users\david\appdata\roaming\RealNetworks
2013-01-16 11:18:04	--------	d-----w-	c:\program files\RealNetworks
2013-01-16 11:17:59	--------	d-----w-	c:\programdata\RealNetworks
2013-01-16 11:17:48	--------	d-----w-	c:\program files\common files\xing shared
2013-01-09 12:39:41	626688	----a-w-	c:\windows\system32\usp10.dll
2013-01-09 12:39:37	2345984	----a-w-	c:\windows\system32\win32k.sys
2013-01-09 12:39:35	492032	----a-w-	c:\windows\system32\win32spl.dll
2013-01-09 12:39:08	1389568	----a-w-	c:\windows\system32\msxml6.dll
2013-01-09 12:37:43	45568	----a-w-	c:\windows\system32\oflc-nz.rs
2013-01-09 12:36:32	220160	----a-w-	c:\windows\system32\ncrypt.dll
2013-01-09 12:36:28	49152	----a-w-	c:\windows\system32\taskhost.exe
2013-01-04 18:26:13	--------	d-----w-	c:\users\david\appdata\local\ElevatedDiagnostics
.
==================== Find3M ====================
.
2013-01-20 13:47:29	74248	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-20 13:47:29	697864	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-01-20 13:47:14	15739912	----a-w-	c:\windows\system32\FlashPlayerInstaller.exe
2013-01-16 11:17:13	499712	----a-w-	c:\windows\system32\msvcp71.dll
2013-01-16 11:17:13	348160	----a-w-	c:\windows\system32\msvcr71.dll
2012-12-23 22:13:34	65848	----a-w-	c:\windows\system32\drivers\RapportKELL.sys
2012-12-16 14:13:28	295424	----a-w-	c:\windows\system32\atmfd.dll
2012-12-16 14:13:20	34304	----a-w-	c:\windows\system32\atmlib.dll
2012-12-14 16:49:28	21104	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-12-07 12:26:17	308736	----a-w-	c:\windows\system32\Wpc.dll
2012-12-07 12:20:43	2576384	----a-w-	c:\windows\system32\gameux.dll
2012-11-30 04:53:34	169984	----a-w-	c:\windows\system32\winsrv.dll
2012-11-30 04:47:45	293376	----a-w-	c:\windows\system32\KernelBase.dll
2012-11-30 02:55:25	271360	----a-w-	c:\windows\system32\conhost.exe
2012-11-30 02:38:59	6144	---ha-w-	c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38:59	4608	---ha-w-	c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:59	3584	---ha-w-	c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:59	3072	---ha-w-	c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-11-20 19:15:19	821736	----a-w-	c:\windows\system32\npdeployJava1.dll
2012-11-20 19:15:19	746984	----a-w-	c:\windows\system32\deployJava1.dll
2012-11-14 02:09:22	1800704	----a-w-	c:\windows\system32\jscript9.dll
2012-11-14 01:58:15	1427968	----a-w-	c:\windows\system32\inetcpl.cpl
2012-11-14 01:57:37	1129472	----a-w-	c:\windows\system32\wininet.dll
2012-11-14 01:49:25	142848	----a-w-	c:\windows\system32\ieUnatt.exe
2012-11-14 01:48:27	420864	----a-w-	c:\windows\system32\vbscript.dll
2012-11-14 01:44:42	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-11-09 04:42:49	2048	----a-w-	c:\windows\system32\tzres.dll
2012-11-02 05:11:31	376832	----a-w-	c:\windows\system32\dpnet.dll
2012-10-30 22:51:58	738504	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51:57	58680	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2012-10-30 22:51:07	41224	----a-w-	c:\windows\avastSS.scr
2012-01-16 17:22:16	293736	----a-w-	c:\program files\iTunesOutlookAddIn.dll
2012-01-16 17:22:12	421736	----a-w-	c:\program files\iTunesHelper.exe
2012-01-16 17:22:12	403304	----a-w-	c:\program files\iTunesAdmin.dll
2012-01-16 17:22:12	156520	----a-w-	c:\program files\iTunesHelper.dll
2012-01-16 17:22:12	124776	----a-w-	c:\program files\iTunesMiniPlayer.dll
2012-01-16 17:22:08	9777000	----a-w-	c:\program files\iTunes.exe
2012-01-16 17:22:04	20868968	----a-w-	c:\program files\iTunes.dll
2012-01-16 17:22:02	803200	----a-w-	c:\program files\gnsdk_sdkmanager.dll
2012-01-16 17:22:02	3035520	----a-w-	c:\program files\gnsdk_dsp.dll
2012-01-16 17:22:02	287104	----a-w-	c:\program files\gnsdk_submit.dll
2012-01-16 17:22:02	246144	----a-w-	c:\program files\gnsdk_musicid.dll
2012-01-16 17:22:02	2010984	----a-w-	c:\program files\iPodUpdaterExt.dll
2011-11-14 20:16:44	112488	----a-w-	c:\program files\ITDetector.ocx
.
============= FINISH: 18:11:43.86 ===============

*attach log*

DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume2
Install Date: 27/01/2012 20:54:30
System Uptime: 25/01/2013 13:46:36 (5 hours ago)
.
Motherboard: Sony Corporation | | VAIO
Processor: Intel(R) Core(TM)2 Duo CPU T8100 @ 2.10GHz | N/A | 2101/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 455 GiB total, 306.685 GiB free.
D: is Removable
E: is Removable
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP152: 08/01/2013 09:15:47 - Windows Update
RP153: 09/01/2013 22:08:07 - Windows Update
RP154: 15/01/2013 14:45:41 - Windows Update
RP155: 20/01/2013 13:39:27 - Installed Java 7 Update 11
RP156: 21/01/2013 19:44:09 - Installed Media Go Video Playback Engine 1.96.112.08260
RP157: 22/01/2013 12:35:10 - Windows Update
RP158: 25/01/2013 15:38:55 - Installed WinZip 17.0
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
.NET Utilities
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop Elements 6.0
Adobe Reader X (10.1.5)
Adobe Shockwave Player 11.5
Age of Empires III
ALDI Print Software
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AppMon Utility
ArcSoft Magic-i Visual Effects
Atlantis - Sky Patrol (remove only)
avast! Free Antivirus
AVG Security Toolbar
Big Fish Games Center
Big Fish Games Sudoku (remove only)
Bonjour
Browser Address Error Redirector
Browser Defender 2.0.6.15
calibre
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Inkjet Printer Driver Add-On Module
Canon Internet Library for ZoomBrowser EX
Canon MOV Decoder
Canon My Printer
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities Digital Photo Professional 3.5
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture DC
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CCleaner
CD-LabelPrint
Cisco WebEx Meetings
Citrix online plug-in - web
Citrix online plug-in (DV)
Citrix online plug-in (HDX)
Citrix online plug-in (USB)
Citrix online plug-in (Web)
Click to Disc
Click to Disc Editor
Corel WinDVD
D3DX10
Disc2Phone
DivX Converter
DivX Plus DirectShow Filters
DivX Setup
DivX Version Checker
Dropbox
DSD Direct
DSD Direct Player
DSD Playback Plug-in
Evernote v. 4.5.10
Garmin BaseCamp
Garmin Communicator Plugin
Garmin POI Loader
Garmin USB Drivers
Garmin WebUpdater
GearDrvs
Google Chrome
Google Desktop
Google Drive
Google Earth
Google Update Helper
Google Updater
HDAUDIO SoftV92 Data Fax Modem with SmartCP
HijackThis 2.0.2
IDT Audio
iTunes
Java 7 Update 11
Java Auto Updater
Java(TM) 6 Update 22
Java(TM) 6 Update 30
Junk Mail filter update
Kobo
Mahjong Towers Eternity (remove only)
Malwarebytes Anti-Malware version 1.70.0.1100
McAfee Security Scan Plus
Media Go
Media Go Video Playback Engine 1.96.112.08260
Mesh Runtime
Messenger Companion
Metalogic Finance Explorer 4.0.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Mouse and Keyboard Center
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual J# 2.0 Redistributable Package
Microsoft Works
Mobile Mouse Server
Mozilla Firefox 18.0.1 (x86 en-GB)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
My Club VAIO
MyPoi Manager
Mystery Case Files - Prime Suspects (remove only)
Norton 360
NVIDIA Drivers
Off-Helper 3.03
OGA Notifier 2.0.0048.0
OpenMG Limited Patch 4.7-07-15-19-01
OpenMG Secure Module 4.7.00
OpenOffice.org 3.3
Picasa 3
PlayStation(R)Network Downloader
PlayStation(R)Store
PrimoPDF -- brought to you by Nitro PDF Software
PS3 Media Server
PURE Flow Server
QuickTime
Quo v2
Rapport
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
RealUpgrade 1.1
Revo Uninstaller 1.92
Roxio Activation Module
Roxio Easy Media Creator Home
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition 
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition 
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition 
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition 
Segoe UI
Setting Utility Series
Shockwave
Sid Meier's Civilization 4 Complete
Sierra Utilities
Skype 6.0
SonicStage Mastering Studio
SonicStage Mastering Studio Audio Filter
SonicStage Mastering Studio Audio Filter Custom Preset
SonicStage Mastering Studio Plugins
Sony Ericsson Update Engine
Sony PC Companion 2.10.115
Sony Video Shared Library
Spelling Dictionaries Support For Adobe Reader 8
Symyx Draw 4.0.100
System Requirements Lab
Uniblue ProcessQuickLink 2
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760586) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VAIO BD Menu Data
VAIO Camera Capture Utility
VAIO Content Folder Setting
VAIO Content Metadata Manager Settings
VAIO Content Metadata XML Interface Library
VAIO Control Center
VAIO Data Restore Tool
VAIO Database Converter 1.0
VAIO Database Converter Ver 1.0
VAIO DVD Menu Data Basic
VAIO Entertainment Platform
VAIO Event Service
Vaio Marketing Tools
VAIO Media
VAIO Media 6.0
VAIO Media AC3 Decoder 1.0
VAIO Media Content Collection 6.0
VAIO Media Integrated Server 6.1
VAIO Media Redistribution 6.0
VAIO Media Registration Tool
VAIO Media Registration Tool 6.0
VAIO Movie Story
VAIO Movie Story 1.3 Upgrade
VAIO Movie Story 1.5 Upgrade
VAIO Movie Story Template Data
VAIO MusicBox
VAIO MusicBox Sample Music
VAIO Original Function Settings
VAIO Power Management
VAIO Smart Network
VAIO Update
VAIO Wallpaper Contents
VC80CRTRedist - 8.0.50727.4053
Virtual Villagers (remove only)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VU5x86
WD SmartWare
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
WinZip 17.0
Yahoo! Detect
.
==== End Of File ===========================


----------



## STIG_DH (Jan 25, 2013)

and the GMER ark.txt logfile.......

NB this was scanned with IAT/EAT unchecked

*ark.txt log file*

GMER 2.0.18444 - http://www.gmer.net
Rootkit scan 2013-01-25 18:28:37
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST350083 rev.3.AA 465.76GB
Running: 3dv0l9nk.exe; Driver: C:\Users\David\AppData\Local\Temp\pgloapod.sys

---- System - GMER 2.0 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8EF264BA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x8E9B5C22]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwAssignProcessToJobObject [0x8E8DC0DA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8EF31FA8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8EF31FF4]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwCreateFile [0x8E8DCCA6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8EF32176]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8EF31F16]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0x89172EEE]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0x891730E0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x8E9B5FA6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8EF31F5E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0x8EF2711C]
SSDT \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus32_43926.sys ZwCreateThreadEx [0x891D56C0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8EF32130]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateUserProcess [0x891732E8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0x8EF2793E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8EF26508]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteFile [0x8E8DCEB8]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteKey [0x8E8E0714]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteValueKey [0x8E8E0756]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x8E9B5CEA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x8E9B43EC]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwLoadKey [0x8E8E08FA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8EF26556]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8EF2B534]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8EF283A6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8EF31FD2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8EF32016]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwOpenFile [0x8E8DCDCA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8EF3219A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8EF31F3C]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwOpenProcess [0x8E8DC282]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8EF320BA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8EF31F86]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwOpenThread [0x8E8DC482]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8EF32154]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x8E9B5E4A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8EF28272]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwQueryValueKey [0x8E8E085E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThreadEx [0x8EF27F86]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwRenameKey [0x8E8E07A8]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwReplaceKey [0x8E8E07EA]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys  ZwRestoreKey [0x8E8E0824]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8EF265A4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8EF265F2]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetContextThread [0x8E8DC068]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetInformationFile [0x8E8DCF6A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8EF261FA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8EF263AA]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetValueKey [0x8E8E069C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8EF26350]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0x8EF27AF8]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSuspendThread [0x8E8DBFE6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8EF2641A]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0x89172B5C]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwTerminateThread [0x8E8DBF46]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwUnloadDriver [0x8E9B441C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8EF26640]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0x8E9B5D96]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 2.0 ----

.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 83042A49 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 8307C4D2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10CB 83083500 4 Bytes [BA, 64, F2, 8E]
.text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 83083528 4 Bytes [22, 5C, 9B, 8E] {AND BL, [EBX+EBX*4-0x72]}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1153 83083588 4 Bytes [DA, C0, 8D, 8E]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11A7 830835DC 16 Bytes [A8, 1F, F3, 8E, F4, 1F, F3, ...]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11CF 83083604 4 Bytes [16, 1F, F3, 8E]
.text ... 
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 83211C88 5 Bytes JMP 8E9CBCF6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject + 27 8322A2B0 5 Bytes JMP 8E9CD828 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 8323F3F7 4 Bytes CALL 8EF28A8D \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 8325920E 4 Bytes CALL 8EF28AA3 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x91211360, 0x35B0A2, 0xE8000020]
? C:\Users\David\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !
.text user32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes [E9, 0A, 5C, 2E, 8A] {JMP 0x8a2e5c0f}
.text user32.dll!UnhookWinEvent 7601B750 5 Bytes [E9, A7, 4C, 2E, 8A] {JMP 0x8a2e4cac}
.text user32.dll!SetWindowsHookExW 7601E30C 5 Bytes [E9, F3, 24, 2E, 8A] {JMP 0x8a2e24f8}
.text user32.dll!SetWinEventHook 760224DC 5 Bytes [E9, 17, DD, 2D, 8A] {JMP 0x8a2ddd1c}
.text user32.dll!SetWindowsHookExA 76046D0C 5 Bytes [E9, EF, 98, 2B, 8A] {JMP 0x8a2b98f4}
.text kernel32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text sechost.dll!SetServiceObjectSecurity 75825181 5 Bytes [E9, 8E, BE, AC, 8A] {JMP 0x8aacbe93}
.text sechost.dll!ChangeServiceConfigA 75825254 5 Bytes [E9, AB, B5, AC, 8A] {JMP 0x8aacb5b0}
.text sechost.dll!ChangeServiceConfigW 758253D5 5 Bytes [E9, 2E, B6, AC, 8A] {JMP 0x8aacb633}
.text sechost.dll!ChangeServiceConfig2A 758254C2 5 Bytes [E9, 45, B7, AC, 8A] {JMP 0x8aacb74a}
.text sechost.dll!ChangeServiceConfig2W 758255E2 5 Bytes [E9, 29, B8, AC, 8A] {JMP 0x8aacb82e}
.text sechost.dll!CreateServiceA 7582567C 5 Bytes [E9, 77, AB, AC, 8A] {JMP 0x8aacab7c}
.text sechost.dll!CreateServiceW 7582589F 5 Bytes [E9, 58, AB, AC, 8A] {JMP 0x8aacab5d}
.text sechost.dll!DeleteService 75825A22 5 Bytes [E9, D9, AB, AC, 8A] {JMP 0x8aacabde}


----------



## STIG_DH (Jan 25, 2013)

....hopefully


---- User code sections - GMER 2.0 ----

.text C:\Windows\system32\svchost.exe[420] kernel32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\Sony\Network Utility\NSUService.exe[444] kernel32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Windows\system32\csrss.exe[468] kernel32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Windows\system32\wininit.exe[540] kernel32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Windows\system32\csrss.exe[552] kernel32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text ... 
.text C:\Program Files\Microsoft Device Center\itype.exe[728] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 000803FC 
.text C:\Program Files\Microsoft Device Center\itype.exe[728] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 000801F8 
.text C:\Program Files\Microsoft Device Center\itype.exe[728] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\Microsoft Device Center\itype.exe[728] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00150A08 
.text C:\Program Files\Microsoft Device Center\itype.exe[728] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 001503FC 
.text C:\Program Files\Microsoft Device Center\itype.exe[728] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00150804 
.text C:\Program Files\Microsoft Device Center\itype.exe[728] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 001501F8 
.text C:\Program Files\Microsoft Device Center\itype.exe[728] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00150600 
.text C:\Windows\system32\svchost.exe[776] kernel32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[848] kernel32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[864] kernel32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[944] ntdll.dll!KiUserApcDispatcher 77176F38 5 Bytes JMP 00414FF0 C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (RapportMgmtService/Trusteer Ltd.)
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[944] kernel32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[944] WS2_32.dll!getaddrinfo 77284296 5 Bytes JMP 71A50022 
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[944] WS2_32.dll!gethostbyname 77297673 5 Bytes JMP 71AE0022 
.text C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[956] kernel32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox.exe[1004] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 001E03FC 
.text C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox.exe[1004] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 001E01F8 
.text C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox.exe[1004] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox.exe[1004] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 001F0A08 
.text C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox.exe[1004] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 001F03FC 
.text C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox.exe[1004] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 001F0804 
.text C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox.exe[1004] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 001F01F8 
.text C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox.exe[1004] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 001F0600 
.text C:\Windows\System32\rundll32.exe[1032] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 000F03FC 
.text C:\Windows\System32\rundll32.exe[1032] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 000F01F8 
.text C:\Windows\System32\rundll32.exe[1032] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Windows\System32\rundll32.exe[1032] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00100A08 
.text C:\Windows\System32\rundll32.exe[1032] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 001003FC 
.text C:\Windows\System32\rundll32.exe[1032] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00100804 
.text C:\Windows\System32\rundll32.exe[1032] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 001001F8 
.text C:\Windows\System32\rundll32.exe[1032] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00100600 
.text C:\Windows\System32\svchost.exe[1080] kernel32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1112] kernel32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1152] kernel32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[1248] ntdll.dll!KiUserApcDispatcher 77176F38 5 Bytes JMP 0043A7C0 C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (RapportService/Trusteer Ltd.)
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[1248] kernel32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[1248] WS2_32.dll!getaddrinfo 77284296 5 Bytes JMP 71A50022 
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[1248] WS2_32.dll!gethostbyname 77297673 5 Bytes JMP 71AE0022 
.text C:\Windows\system32\svchost.exe[1264] kernel32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe[1304] kernel32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1364] kernel32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1452] kernel32.dll!SetUnhandledExceptionFilter 75C2F4FB 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1452] kernel32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[1568] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 001703FC 
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[1568] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 001701F8 
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[1568] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[1568] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00180A08 
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[1568] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 001803FC 
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[1568] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00180804 
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[1568] USER32.dll!SetWinEventHook  760224DC 5 Bytes JMP 001801F8 
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[1568] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00180600 
.text C:\Windows\System32\spoolsv.exe[1596] kernel32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Windows\notepad.exe[1620] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 000703FC 
.text C:\Windows\notepad.exe[1620] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 000701F8 
.text C:\Windows\notepad.exe[1620] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Windows\notepad.exe[1620] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00240A08 
.text C:\Windows\notepad.exe[1620] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 002403FC 
.text C:\Windows\notepad.exe[1620] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00240804 
.text C:\Windows\notepad.exe[1620] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 002401F8 
.text C:\Windows\notepad.exe[1620] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00240600 
.text C:\Windows\system32\svchost.exe[1636] kernel32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe[1752] kernel32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\Microsoft Device Center\ipoint.exe[1792] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 000E03FC 
.text C:\Program Files\Microsoft Device Center\ipoint.exe[1792] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 000E01F8 
.text C:\Program Files\Microsoft Device Center\ipoint.exe[1792] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\Microsoft Device Center\ipoint.exe[1792] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00100A08 
.text C:\Program Files\Microsoft Device Center\ipoint.exe[1792] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 001003FC 
.text C:\Program Files\Microsoft Device Center\ipoint.exe[1792] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00100804 
.text C:\Program Files\Microsoft Device Center\ipoint.exe[1792] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 001001F8 
.text C:\Program Files\Microsoft Device Center\ipoint.exe[1792] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00100600 
.text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1808] kernel32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1844] kernel32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtCreateFile + 6 771755CE 4 Bytes [28, 94, F9, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtCreateFile + B 771755D3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtMapViewOfSection + 6 77175C2E 4 Bytes [28, 97, F9, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtMapViewOfSection + B 77175C33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtOpenFile + 6 77175CDE 4 Bytes [68, 94, F9, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtOpenFile + B 77175CE3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtOpenProcess + 6 77175D8E 4 Bytes [A8, 95, F9, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtOpenProcess + B 77175D93 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtOpenProcessToken + 6 77175D9E 4 Bytes CALL 76185738 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtOpenProcessToken + B 77175DA3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtOpenProcessTokenEx + 6 77175DAE 4 Bytes [A8, 96, F9, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtOpenProcessTokenEx + B 77175DB3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtOpenThread + 6 77175E0E 4 Bytes [68, 95, F9, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtOpenThread + B 77175E13 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtOpenThreadToken + 6 77175E1E 4 Bytes [68, 96, F9, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtOpenThreadToken + B 77175E23 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtOpenThreadTokenEx + 6 77175E2E 4 Bytes CALL 761857C9 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtOpenThreadTokenEx + B 77175E33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtQueryAttributesFile + 6 77175F3E 4 Bytes [A8, 94, F9, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtQueryAttributesFile + B 77175F43 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtQueryFullAttributesFile + 6 77175FEE 4 Bytes CALL 76185987 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtQueryFullAttributesFile + B 77175FF3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtSetInformationFile + 6 7717663E 4 Bytes [28, 95, F9, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtSetInformationFile + B 77176643 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtSetInformationThread + 6 7717669E 4 Bytes [28, 96, F9, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtSetInformationThread + B 771766A3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtUnmapViewOfSection + 6 771769BE 4 Bytes [68, 97, F9, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!NtUnmapViewOfSection + B 771769C3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 010603FC 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 010601F8 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 01180A08 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 011803FC 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 01180804 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 011801F8 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[1852] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 01180600 
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1864] kernel32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Windows\system32\stacsv.exe[1912] kernel32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Windows\system32\taskhost.exe[1944] kernel32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1964] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 000803FC 
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1964] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 000801F8 
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1964] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1964] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00090A08 
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1964] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 000903FC 
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1964] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00090804 
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1964] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 000901F8 
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[1964] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00090600 
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] ntdll.dll!LdrUnloadDll  7718C86E 5 Bytes JMP 002003FC 
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 002001F8 
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00220A08 
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 002203FC 
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00220804 
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 002201F8 
.text C:\Program Files\Bonjour\mDNSResponder.exe[2088] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00220600 
.text C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe[2104] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 000703FC 
.text C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe[2104] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 000701F8 
.text C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe[2104] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe[2104] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 000A0A08 
.text C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe[2104] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 000A03FC 
.text C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe[2104] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 000A0804 
.text C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe[2104] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 000A01F8 
.text C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe[2104] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 000A0600 
.text C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe[2136] kernel32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[2160] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 000E03FC 
.text C:\Windows\system32\taskeng.exe[2160] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 000E01F8 
.text C:\Windows\system32\taskeng.exe[2160] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[2160] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00130A08 
.text C:\Windows\system32\taskeng.exe[2160] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 001303FC 
.text C:\Windows\system32\taskeng.exe[2160] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00130804 
.text C:\Windows\system32\taskeng.exe[2160] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 001301F8 
.text C:\Windows\system32\taskeng.exe[2160] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00130600 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2188] ntdll.dll!NtCreateFile + 6 771755CE 4 Bytes [28, C4, 05, 01]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2188] ntdll.dll!NtCreateFile + B 771755D3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2188] ntdll.dll!NtMapViewOfSection + 6 77175C2E 4 Bytes [28, C7, 05, 01]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2188] ntdll.dll!NtMapViewOfSection + B 77175C33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2188] ntdll.dll!NtOpenFile + 6 77175CDE 4 Bytes [68, C4, 05, 01]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2188] ntdll.dll!NtOpenFile + B 77175CE3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2188] ntdll.dll!NtOpenProcess + 6 77175D8E 4 Bytes [A8, C5, 05, 01]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2188] ntdll.dll!NtOpenProcess + B 77175D93 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2188] ntdll.dll!NtOpenProcessToken + 6 77175D9E 4 Bytes CALL 76186368 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2188] ntdll.dll!NtOpenProcessToken + B 77175DA3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2188] ntdll.dll!NtOpenProcessTokenEx + 6 77175DAE 4 Bytes [A8, C6, 05, 01]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2188] ntdll.dll!NtOpenProcessTokenEx + B 77175DB3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2188] ntdll.dll!NtOpenThread + 6 77175E0E 4 Bytes [68, C5, 05, 01]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2188] ntdll.dll!NtOpenThread + B 77175E13 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2188] ntdll.dll!NtOpenThreadToken + 6 77175E1E 4 Bytes [68, C6, 05, 01]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2188] ntdll.dll!NtOpenThreadToken + B 77175E23 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2188] ntdll.dll!NtOpenThreadTokenEx + 6 77175E2E 4 Bytes CALL 761863F9 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2188] ntdll.dll!NtOpenThreadTokenEx + B 77175E33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2188] ntdll.dll!NtQueryAttributesFile + 6 77175F3E 4 Bytes [A8, C4, 05, 01]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2188] ntdll.dll!NtQueryAttributesFile + B 77175F43 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2188] ntdll.dll!NtQueryFullAttributesFile + 6 77175FEE 4 Bytes CALL 761865B7 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2188] ntdll.dll!NtQueryFullAttributesFile + B 77175FF3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2188] ntdll.dll!NtSetInformationFile + 6 7717663E 4 Bytes [28, C5, 05, 01]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2188] ntdll.dll!NtSetInformationFile + B 77176643 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2188] ntdll.dll!NtSetInformationThread + 6 7717669E 4 Bytes [28, C6, 05, 01]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2188] ntdll.dll!NtSetInformationThread + B 771766A3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2188] ntdll.dll!NtUnmapViewOfSection + 6 771769BE 4 Bytes [68, C7, 05, 01]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2188] ntdll.dll!NtUnmapViewOfSection + B 771769C3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2188] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 010B03FC 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2188] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 010B01F8 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2188] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2188] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 01240A08 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2188] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 012403FC 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2188] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 01240804 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2188] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 012401F8 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2188] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 01240600 
.text C:\Program Files\Sony\VAIO Event Service\VESMgr.exe[2220] kernel32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Windows\system32\Dwm.exe[2296] kernel32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe[2428] kernel32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2452] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 001E03FC 
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2452] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 001E01F8 
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2452] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2452] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00200A08 
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2452] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 002003FC 
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2452] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00200804 
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2452] USER32.dll!SetWinEventHook  760224DC 5 Bytes JMP 002001F8 
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2452] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00200600 
.text C:\Windows\system32\taskeng.exe[2472] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 000E03FC 
.text C:\Windows\system32\taskeng.exe[2472] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 000E01F8 
.text C:\Windows\system32\taskeng.exe[2472] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[2472] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 000F0A08 
.text C:\Windows\system32\taskeng.exe[2472] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 000F03FC 
.text C:\Windows\system32\taskeng.exe[2472] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 000F0804 
.text C:\Windows\system32\taskeng.exe[2472] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 000F01F8 
.text C:\Windows\system32\taskeng.exe[2472] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 000F0600 
.text C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe[2552] kernel32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Windows\system32\DRIVERS\xaudio.exe[2724] kernel32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Windows\Explorer.EXE[2880] kernel32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe[2892] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 000F03FC 
.text C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe[2892] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 000F01F8 
.text C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe[2892] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe[2892] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00100A08 
.text C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe[2892] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 001003FC 
.text C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe[2892] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00100804 
.text C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe[2892] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 001001F8 
.text C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe[2892] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00100600 
.text C:\Program Files\Windows Sidebar\sidebar.exe[2972] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 000703FC 
.text C:\Program Files\Windows Sidebar\sidebar.exe[2972] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 000701F8 
.text C:\Program Files\Windows Sidebar\sidebar.exe[2972] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\Windows Sidebar\sidebar.exe[2972] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00140A08 
.text C:\Program Files\Windows Sidebar\sidebar.exe[2972] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 001403FC 
.text C:\Program Files\Windows Sidebar\sidebar.exe[2972] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00140804 
.text C:\Program Files\Windows Sidebar\sidebar.exe[2972] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 001401F8 
.text C:\Program Files\Windows Sidebar\sidebar.exe[2972] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00140600 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtCreateFile + 6 771755CE 4 Bytes [28, B4, E6, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtCreateFile + B 771755D3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtMapViewOfSection + 6 77175C2E 4 Bytes [28, B7, E6, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtMapViewOfSection + B 77175C33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtOpenFile + 6 77175CDE 4 Bytes [68, B4, E6, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtOpenFile + B 77175CE3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtOpenProcess + 6 77175D8E 4 Bytes [A8, B5, E6, 00] {TEST AL, 0xb5; OUT 0x0, AL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtOpenProcess + B 77175D93 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtOpenProcessToken + 6 77175D9E 4 Bytes CALL 76184458 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtOpenProcessToken + B 77175DA3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtOpenProcessTokenEx + 6 77175DAE 4 Bytes [A8, B6, E6, 00] {TEST AL, 0xb6; OUT 0x0, AL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtOpenProcessTokenEx + B 77175DB3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtOpenThread + 6 77175E0E 4 Bytes [68, B5, E6, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtOpenThread + B 77175E13 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtOpenThreadToken + 6 77175E1E 4 Bytes [68, B6, E6, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtOpenThreadToken + B 77175E23 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtOpenThreadTokenEx + 6 77175E2E 4 Bytes CALL 761844E9 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtOpenThreadTokenEx + B 77175E33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtQueryAttributesFile + 6 77175F3E 4 Bytes [A8, B4, E6, 00] {TEST AL, 0xb4; OUT 0x0, AL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtQueryAttributesFile + B 77175F43 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtQueryFullAttributesFile + 6 77175FEE 4 Bytes CALL 761846A7 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtQueryFullAttributesFile + B 77175FF3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtSetInformationFile + 6 7717663E 4 Bytes [28, B5, E6, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtSetInformationFile + B 77176643 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtSetInformationThread + 6 7717669E 4 Bytes [28, B6, E6, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtSetInformationThread + B 771766A3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtUnmapViewOfSection + 6 771769BE 4 Bytes [68, B7, E6, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!NtUnmapViewOfSection + B 771769C3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 00EB03FC 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 00EB01F8 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00ED0A08 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 00ED03FC 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00ED0804 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 00ED01F8 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2980] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00ED0600 
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3120] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 001F03FC 
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3120] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 001F01F8 
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3120] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3120] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00210A08


----------



## STIG_DH (Jan 25, 2013)

.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3120] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 002103FC 
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3120] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00210804 
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3120] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 002101F8 
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3120] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00210600 
.text C:\Program Files\PURE Flow Server\twonkymediaserverconfig.exe[3240] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 001E03FC 
.text C:\Program Files\PURE Flow Server\twonkymediaserverconfig.exe[3240] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 001E01F8 
.text C:\Program Files\PURE Flow Server\twonkymediaserverconfig.exe[3240] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\PURE Flow Server\twonkymediaserverconfig.exe[3240] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 001F0A08 
.text C:\Program Files\PURE Flow Server\twonkymediaserverconfig.exe[3240] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 001F03FC 
.text C:\Program Files\PURE Flow Server\twonkymediaserverconfig.exe[3240] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 001F0804 
.text C:\Program Files\PURE Flow Server\twonkymediaserverconfig.exe[3240] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 001F01F8 
.text C:\Program Files\PURE Flow Server\twonkymediaserverconfig.exe[3240] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 001F0600 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtCreateFile + 6 771755CE 4 Bytes [28, C4, D6, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtCreateFile + B 771755D3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtMapViewOfSection + 6 77175C2E 4 Bytes [28, C7, D6, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtMapViewOfSection + B 77175C33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtOpenFile + 6 77175CDE 4 Bytes [68, C4, D6, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtOpenFile + B 77175CE3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtOpenProcess + 6 77175D8E 4 Bytes [A8, C5, D6, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtOpenProcess + B 77175D93 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtOpenProcessToken + 6 77175D9E 4 Bytes CALL 76183468 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtOpenProcessToken + B 77175DA3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtOpenProcessTokenEx + 6 77175DAE 4 Bytes [A8, C6, D6, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtOpenProcessTokenEx + B 77175DB3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtOpenThread + 6 77175E0E 4 Bytes [68, C5, D6, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtOpenThread + B 77175E13 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtOpenThreadToken + 6 77175E1E 4 Bytes [68, C6, D6, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtOpenThreadToken + B 77175E23 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtOpenThreadTokenEx + 6 77175E2E 4 Bytes CALL 761834F9 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtOpenThreadTokenEx + B 77175E33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtQueryAttributesFile + 6 77175F3E 4 Bytes [A8, C4, D6, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtQueryAttributesFile + B 77175F43 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtQueryFullAttributesFile + 6 77175FEE 4 Bytes CALL 761836B7 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtQueryFullAttributesFile + B 77175FF3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtSetInformationFile + 6 7717663E 4 Bytes [28, C5, D6, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtSetInformationFile + B 77176643 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtSetInformationThread + 6 7717669E 4 Bytes [28, C6, D6, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtSetInformationThread + B 771766A3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtUnmapViewOfSection + 6 771769BE 4 Bytes [68, C7, D6, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!NtUnmapViewOfSection + B 771769C3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 00E103FC 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 00E101F8 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00E20A08 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 00E203FC 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00E20804 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 00E201F8 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3316] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00E20600 
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3332] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 000D03FC 
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3332] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 000D01F8 
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3332] KERNEL32.dll!SetUnhandledExceptionFilter 75C2F4FB 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3332] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3332] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 000E0A08 
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3332] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 000E03FC 
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3332] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 000E0804 
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3332] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 000E01F8 
.text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3332] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 000E0600 
.text C:\Program Files\Sony\Network Utility\LANUtil.exe[3336] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 001E03FC 
.text C:\Program Files\Sony\Network Utility\LANUtil.exe[3336] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 001E01F8 
.text C:\Program Files\Sony\Network Utility\LANUtil.exe[3336] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\Sony\Network Utility\LANUtil.exe[3336] USER32.dll!UnhookWindowsHookEx  7601ADF9 5 Bytes JMP 00200A08 
.text C:\Program Files\Sony\Network Utility\LANUtil.exe[3336] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 002003FC 
.text C:\Program Files\Sony\Network Utility\LANUtil.exe[3336] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00200804 
.text C:\Program Files\Sony\Network Utility\LANUtil.exe[3336] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 002001F8 
.text C:\Program Files\Sony\Network Utility\LANUtil.exe[3336] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00200600 
.text C:\Windows\system32\svchost.exe[3400] kernel32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3472] kernel32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Windows\System32\rundll32.exe[3480] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 000F03FC 
.text C:\Windows\System32\rundll32.exe[3480] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 000F01F8 
.text C:\Windows\System32\rundll32.exe[3480] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Windows\System32\rundll32.exe[3480] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00100A08 
.text C:\Windows\System32\rundll32.exe[3480] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 001003FC 
.text C:\Windows\System32\rundll32.exe[3480] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00100804 
.text C:\Windows\System32\rundll32.exe[3480] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 001001F8 
.text C:\Windows\System32\rundll32.exe[3480] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00100600 
.text C:\Windows\System32\WUDFHost.exe[3484] kernel32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\Google\Drive\googledrivesync.exe[3520] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 001E03FC 
.text C:\Program Files\Google\Drive\googledrivesync.exe[3520] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 001E01F8 
.text C:\Program Files\Google\Drive\googledrivesync.exe[3520] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\Google\Drive\googledrivesync.exe[3520] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 001F0A08 
.text C:\Program Files\Google\Drive\googledrivesync.exe[3520] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 001F03FC 
.text C:\Program Files\Google\Drive\googledrivesync.exe[3520] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 001F0804 
.text C:\Program Files\Google\Drive\googledrivesync.exe[3520] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 001F01F8 
.text C:\Program Files\Google\Drive\googledrivesync.exe[3520] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 001F0600 
.text C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe[3612] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 000E03FC 
.text C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe[3612] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 000E01F8 
.text C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe[3612] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe[3612] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 000F0A08 
.text C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe[3612] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 000F03FC 
.text C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe[3612] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 000F0804 
.text C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe[3612] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 000F01F8 
.text C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe[3612] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 000F0600 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3692] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 001703FC 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3692] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 001701F8 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3692] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3692] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00300A08 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3692] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 003003FC 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3692] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00300804 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3692] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 003001F8 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3692] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00300600 
.text C:\Program Files\Evernote\Evernote\EvernoteClipper.exe[3936] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 000E03FC 
.text C:\Program Files\Evernote\Evernote\EvernoteClipper.exe[3936] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 000E01F8 
.text C:\Program Files\Evernote\Evernote\EvernoteClipper.exe[3936] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\Evernote\Evernote\EvernoteClipper.exe[3936] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00100A08 
.text C:\Program Files\Evernote\Evernote\EvernoteClipper.exe[3936] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 001003FC 
.text C:\Program Files\Evernote\Evernote\EvernoteClipper.exe[3936] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00100804 
.text C:\Program Files\Evernote\Evernote\EvernoteClipper.exe[3936] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 001001F8 
.text C:\Program Files\Evernote\Evernote\EvernoteClipper.exe[3936] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00100600 
.text C:\Program Files\Hobbyist Software\Off-Helper\Off-Helper Configuration.exe[3944] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 000E03FC 
.text C:\Program Files\Hobbyist Software\Off-Helper\Off-Helper Configuration.exe[3944] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 000E01F8 
.text C:\Program Files\Hobbyist Software\Off-Helper\Off-Helper Configuration.exe[3944] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\Hobbyist Software\Off-Helper\Off-Helper Configuration.exe[3944] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00100A08 
.text C:\Program Files\Hobbyist Software\Off-Helper\Off-Helper Configuration.exe[3944] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 001003FC 
.text C:\Program Files\Hobbyist Software\Off-Helper\Off-Helper Configuration.exe[3944] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00100804 
.text C:\Program Files\Hobbyist Software\Off-Helper\Off-Helper Configuration.exe[3944] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 001001F8 
.text C:\Program Files\Hobbyist Software\Off-Helper\Off-Helper Configuration.exe[3944] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00100600 
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3952] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 001703FC 
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3952] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 001701F8 
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3952] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3952] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00180A08 
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3952] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 001803FC 
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3952] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00180804 
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3952] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 001801F8 
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3952] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00180600 
.text C:\Windows\system32\NOTEPAD.EXE[3996] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 000E03FC 
.text C:\Windows\system32\NOTEPAD.EXE[3996] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 000E01F8 
.text C:\Windows\system32\NOTEPAD.EXE[3996] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Windows\system32\NOTEPAD.EXE[3996] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00100A08 
.text C:\Windows\system32\NOTEPAD.EXE[3996] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 001003FC 
.text C:\Windows\system32\NOTEPAD.EXE[3996] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00100804 
.text C:\Windows\system32\NOTEPAD.EXE[3996] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 001001F8 
.text C:\Windows\system32\NOTEPAD.EXE[3996] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00100600 
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[4148] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 00A703FC 
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[4148] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 00A701F8 
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[4148] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[4148] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00AA0A08 
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[4148] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 00AA03FC 
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[4148] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00AA0804 
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[4148] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 00AA01F8 
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[4148] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00AA0600 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] ntdll.dll!NtCreateFile + 6 771755CE 4 Bytes [28, AC, 64, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] ntdll.dll!NtCreateFile + B 771755D3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] ntdll.dll!NtMapViewOfSection + 6 77175C2E 4 Bytes [28, AF, 64, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] ntdll.dll!NtMapViewOfSection + B 77175C33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] ntdll.dll!NtOpenFile + 6 77175CDE 4 Bytes [68, AC, 64, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] ntdll.dll!NtOpenFile + B 77175CE3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] ntdll.dll!NtOpenProcess + 6 77175D8E 4 Bytes [A8, AD, 64, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] ntdll.dll!NtOpenProcess + B 77175D93 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] ntdll.dll!NtOpenProcessToken + B 77175DA3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] ntdll.dll!NtOpenProcessTokenEx + 6 77175DAE 4 Bytes [A8, AE, 64, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] ntdll.dll!NtOpenProcessTokenEx + B 77175DB3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] ntdll.dll!NtOpenThread + 6 77175E0E 4 Bytes [68, AD, 64, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] ntdll.dll!NtOpenThread + B 77175E13 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] ntdll.dll!NtOpenThreadToken + 6 77175E1E 4 Bytes [68, AE, 64, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] ntdll.dll!NtOpenThreadToken + B 77175E23 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] ntdll.dll!NtOpenThreadTokenEx + B 77175E33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] ntdll.dll!NtQueryAttributesFile + 6 77175F3E 4 Bytes [A8, AC, 64, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] ntdll.dll!NtQueryAttributesFile + B 77175F43 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] ntdll.dll!NtQueryFullAttributesFile + B 77175FF3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] ntdll.dll!NtSetInformationFile + 6 7717663E 4 Bytes [28, AD, 64, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] ntdll.dll!NtSetInformationFile + B 77176643 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] ntdll.dll!NtSetInformationThread + 6 7717669E 4 Bytes [28, AE, 64, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] ntdll.dll!NtSetInformationThread + B 771766A3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] ntdll.dll!NtUnmapViewOfSection + 6 771769BE 4 Bytes [68, AF, 64, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] ntdll.dll!NtUnmapViewOfSection + B 771769C3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 008103FC 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 008101F8 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00830A08 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 008303FC 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00830804 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 008301F8 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4156] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00830600 
.text C:\Program Files\Google\Drive\googledrivesync.exe[4444] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 001703FC 
.text C:\Program Files\Google\Drive\googledrivesync.exe[4444] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 001701F8 
.text C:\Program Files\Google\Drive\googledrivesync.exe[4444] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\Google\Drive\googledrivesync.exe[4444] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00180A08 
.text C:\Program Files\Google\Drive\googledrivesync.exe[4444] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 001803FC 
.text C:\Program Files\Google\Drive\googledrivesync.exe[4444] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00180804 
.text C:\Program Files\Google\Drive\googledrivesync.exe[4444] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 001801F8 
.text C:\Program Files\Google\Drive\googledrivesync.exe[4444] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00180600 
.text C:\Windows\System32\svchost.exe[4668] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 001203FC 
.text C:\Windows\System32\svchost.exe[4668] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 001201F8 
.text C:\Windows\System32\svchost.exe[4668] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Windows\System32\svchost.exe[4668] user32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00140A08 
.text C:\Windows\System32\svchost.exe[4668] user32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 001403FC 
.text C:\Windows\System32\svchost.exe[4668] user32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00140804 
.text C:\Windows\System32\svchost.exe[4668] user32.dll!SetWinEventHook 760224DC 5 Bytes JMP 001401F8 
.text C:\Windows\System32\svchost.exe[4668] user32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00140600 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtCreateFile + 6 771755CE 4 Bytes [28, B4, B2, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtCreateFile + B 771755D3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtMapViewOfSection + 6 77175C2E 4 Bytes [28, B7, B2, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtMapViewOfSection + B 77175C33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtOpenFile + 6 77175CDE 4 Bytes [68, B4, B2, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtOpenFile + B 77175CE3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtOpenProcess + 6 77175D8E 4 Bytes [A8, B5, B2, 00] {TEST AL, 0xb5; MOV DL, 0x0}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtOpenProcess + B 77175D93 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtOpenProcessToken + 6 77175D9E 4 Bytes CALL 76181058 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtOpenProcessToken + B 77175DA3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtOpenProcessTokenEx + 6 77175DAE 4 Bytes [A8, B6, B2, 00] {TEST AL, 0xb6; MOV DL, 0x0}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtOpenProcessTokenEx + B 77175DB3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtOpenThread + 6 77175E0E 4 Bytes [68, B5, B2, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtOpenThread + B 77175E13 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtOpenThreadToken + 6 77175E1E 4 Bytes [68, B6, B2, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtOpenThreadToken + B 77175E23 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtOpenThreadTokenEx + 6 77175E2E 4 Bytes CALL 761810E9 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtOpenThreadTokenEx + B 77175E33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtQueryAttributesFile + 6 77175F3E 4 Bytes [A8, B4, B2, 00] {TEST AL, 0xb4; MOV DL, 0x0}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtQueryAttributesFile + B 77175F43 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtQueryFullAttributesFile + 6 77175FEE 4 Bytes CALL 761812A7 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtQueryFullAttributesFile + B 77175FF3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtSetInformationFile + 6 7717663E 4 Bytes [28, B5, B2, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtSetInformationFile + B 77176643 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtSetInformationThread + 6 7717669E 4 Bytes [28, B6, B2, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtSetInformationThread + B 771766A3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtUnmapViewOfSection + 6 771769BE 4 Bytes [68, B7, B2, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!NtUnmapViewOfSection + B 771769C3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 00CF03FC 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 00CF01F8 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00D50A08 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 00D503FC 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00D50804 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 00D501F8 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4672] USER32.dll!SetWindowsHookExA  76046D0C 5 Bytes JMP 00D50600 
.text C:\Program Files\PURE Flow Server\twonkymediaserverwatchdog.exe[4700] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 001E03FC 
.text C:\Program Files\PURE Flow Server\twonkymediaserverwatchdog.exe[4700] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 001E01F8 
.text C:\Program Files\PURE Flow Server\twonkymediaserverwatchdog.exe[4700] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\PURE Flow Server\twonkymediaserverwatchdog.exe[4700] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 001F0A08 
.text C:\Program Files\PURE Flow Server\twonkymediaserverwatchdog.exe[4700] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 001F03FC 
.text C:\Program Files\PURE Flow Server\twonkymediaserverwatchdog.exe[4700] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 001F0804 
.text C:\Program Files\PURE Flow Server\twonkymediaserverwatchdog.exe[4700] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 001F01F8 
.text C:\Program Files\PURE Flow Server\twonkymediaserverwatchdog.exe[4700] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 001F0600 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtCreateFile + 6 771755CE 4 Bytes [28, 04, A3, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtCreateFile + B 771755D3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtMapViewOfSection + 6 77175C2E 4 Bytes [28, 07, A3, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtMapViewOfSection + B 77175C33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtOpenFile + 6 77175CDE 4 Bytes [68, 04, A3, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtOpenFile + B 77175CE3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtOpenProcess + 6 77175D8E 4 Bytes [A8, 05, A3, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtOpenProcess + B 77175D93 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtOpenProcessToken + 6 77175D9E 4 Bytes CALL 761800A8 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtOpenProcessToken + B 77175DA3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtOpenProcessTokenEx + 6 77175DAE 4 Bytes [A8, 06, A3, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtOpenProcessTokenEx + B 77175DB3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtOpenThread + 6 77175E0E 4 Bytes [68, 05, A3, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtOpenThread + B 77175E13 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtOpenThreadToken + 6 77175E1E 4 Bytes [68, 06, A3, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtOpenThreadToken + B 77175E23 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtOpenThreadTokenEx + 6 77175E2E 4 Bytes CALL 76180139 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtOpenThreadTokenEx + B 77175E33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtQueryAttributesFile + 6 77175F3E 4 Bytes [A8, 04, A3, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtQueryAttributesFile + B 77175F43 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtQueryFullAttributesFile + 6 77175FEE 4 Bytes CALL 761802F7 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtQueryFullAttributesFile + B 77175FF3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtSetInformationFile + 6 7717663E 4 Bytes [28, 05, A3, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtSetInformationFile + B 77176643 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtSetInformationThread + 6 7717669E 4 Bytes [28, 06, A3, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtSetInformationThread + B 771766A3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtUnmapViewOfSection + 6 771769BE 4 Bytes [68, 07, A3, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!NtUnmapViewOfSection + B 771769C3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 00AF03FC 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 00AF01F8 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00B60A08 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 00B603FC 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00B60804 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 00B601F8 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[4704] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00B60600 
.text C:\Program Files\Air Mouse\Air Mouse\Mobile Mouse Service.exe[4732] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 000E03FC 
.text C:\Program Files\Air Mouse\Air Mouse\Mobile Mouse Service.exe[4732] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 000E01F8 
.text C:\Program Files\Air Mouse\Air Mouse\Mobile Mouse Service.exe[4732] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\Air Mouse\Air Mouse\Mobile Mouse Service.exe[4732] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00100A08 
.text C:\Program Files\Air Mouse\Air Mouse\Mobile Mouse Service.exe[4732] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 001003FC 
.text C:\Program Files\Air Mouse\Air Mouse\Mobile Mouse Service.exe[4732] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00100804 
.text C:\Program Files\Air Mouse\Air Mouse\Mobile Mouse Service.exe[4732] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 001001F8 
.text C:\Program Files\Air Mouse\Air Mouse\Mobile Mouse Service.exe[4732] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00100600 
.text C:\Program Files\Sony\VAIO Update\VUAgent.exe[4796] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 000F03FC 
.text C:\Program Files\Sony\VAIO Update\VUAgent.exe[4796] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 000F01F8 
.text C:\Program Files\Sony\VAIO Update\VUAgent.exe[4796] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\Sony\VAIO Update\VUAgent.exe[4796] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00100A08 
.text C:\Program Files\Sony\VAIO Update\VUAgent.exe[4796] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 001003FC 
.text C:\Program Files\Sony\VAIO Update\VUAgent.exe[4796] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00100804 
.text C:\Program Files\Sony\VAIO Update\VUAgent.exe[4796] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 001001F8 
.text C:\Program Files\Sony\VAIO Update\VUAgent.exe[4796] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00100600 
.text C:\Windows\system32\taskhost.exe[4832] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 000A03FC


----------



## STIG_DH (Jan 25, 2013)

.text C:\Windows\system32\taskhost.exe[4832] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 000A01F8 
.text C:\Windows\system32\taskhost.exe[4832] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Windows\system32\taskhost.exe[4832] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00220A08 
.text C:\Windows\system32\taskhost.exe[4832] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 002203FC 
.text C:\Windows\system32\taskhost.exe[4832] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00220804 
.text C:\Windows\system32\taskhost.exe[4832] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 002201F8 
.text C:\Windows\system32\taskhost.exe[4832] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00220600 
.text C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe[4924] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 002E03FC 
.text C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe[4924] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 002E01F8 
.text C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe[4924] KERNEL32.dll!SetUnhandledExceptionFilter 75C2F4FB 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe[4924] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe[4924] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 002F0A08 
.text C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe[4924] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 002F03FC 
.text C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe[4924] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 002F0804 
.text C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe[4924] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 002F01F8 
.text C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe[4924] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 002F0600 
.text C:\Windows\system32\SearchIndexer.exe[5100] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 000703FC 
.text C:\Windows\system32\SearchIndexer.exe[5100] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 000701F8 
.text C:\Windows\system32\SearchIndexer.exe[5100] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Windows\system32\SearchIndexer.exe[5100] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00090A08 
.text C:\Windows\system32\SearchIndexer.exe[5100] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 000903FC 
.text C:\Windows\system32\SearchIndexer.exe[5100] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00090804 
.text C:\Windows\system32\SearchIndexer.exe[5100] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 000901F8 
.text C:\Windows\system32\SearchIndexer.exe[5100] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00090600 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtCreateFile + 6 771755CE 4 Bytes [28, D8, D6, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtCreateFile + B 771755D3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtMapViewOfSection + 6 77175C2E 4 Bytes [28, DB, D6, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtMapViewOfSection + B 77175C33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtOpenFile + 6 77175CDE 4 Bytes [68, D8, D6, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtOpenFile + B 77175CE3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtOpenProcess + 6 77175D8E 4 Bytes [A8, D9, D6, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtOpenProcess + B 77175D93 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtOpenProcessToken + 6 77175D9E 4 Bytes CALL 7618347C C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtOpenProcessToken + B 77175DA3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtOpenProcessTokenEx + 6 77175DAE 4 Bytes [A8, DA, D6, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtOpenProcessTokenEx + B 77175DB3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtOpenThread + 6 77175E0E 4 Bytes [68, D9, D6, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtOpenThread + B 77175E13 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtOpenThreadToken + 6 77175E1E 4 Bytes [68, DA, D6, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtOpenThreadToken + B 77175E23 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtOpenThreadTokenEx + 6 77175E2E 4 Bytes CALL 7618350D C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtOpenThreadTokenEx + B 77175E33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtQueryAttributesFile + 6 77175F3E 4 Bytes [A8, D8, D6, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtQueryAttributesFile + B 77175F43 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtQueryFullAttributesFile + 6 77175FEE 4 Bytes CALL 761836CB C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtQueryFullAttributesFile + B 77175FF3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtSetInformationFile + 6 7717663E 4 Bytes [28, D9, D6, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtSetInformationFile + B 77176643 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtSetInformationThread + 6 7717669E 4 Bytes [28, DA, D6, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtSetInformationThread + B 771766A3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtUnmapViewOfSection + 6 771769BE 4 Bytes [68, DB, D6, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtUnmapViewOfSection + B 771769C3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 00DC03FC 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 00DC01F8 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00DE0A08 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 00DE03FC 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00DE0804 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 00DE01F8 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00DE0600 
.text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[5404] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 001E03FC 
.text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[5404] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 001E01F8 
.text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[5404] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[5404] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 001F0A08 
.text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[5404] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 001F03FC 
.text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[5404] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 001F0804 
.text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[5404] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 001F01F8 
.text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[5404] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 001F0600 
.text C:\Program Files\Hobbyist Software\Off-Helper\Off-Helper Service.exe[5452] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 000D03FC 
.text C:\Program Files\Hobbyist Software\Off-Helper\Off-Helper Service.exe[5452] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 000D01F8 
.text C:\Program Files\Hobbyist Software\Off-Helper\Off-Helper Service.exe[5452] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\Hobbyist Software\Off-Helper\Off-Helper Service.exe[5452] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00100A08 
.text C:\Program Files\Hobbyist Software\Off-Helper\Off-Helper Service.exe[5452] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 001003FC 
.text C:\Program Files\Hobbyist Software\Off-Helper\Off-Helper Service.exe[5452] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00100804 
.text C:\Program Files\Hobbyist Software\Off-Helper\Off-Helper Service.exe[5452] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 001001F8 
.text C:\Program Files\Hobbyist Software\Off-Helper\Off-Helper Service.exe[5452] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00100600 
.text C:\Windows\System32\svchost.exe[5488] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 000E03FC 
.text C:\Windows\System32\svchost.exe[5488] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 000E01F8 
.text C:\Windows\System32\svchost.exe[5488] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Windows\System32\svchost.exe[5488] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00100A08 
.text C:\Windows\System32\svchost.exe[5488] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 001003FC 
.text C:\Windows\System32\svchost.exe[5488] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00100804 
.text C:\Windows\System32\svchost.exe[5488] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 001001F8 
.text C:\Windows\System32\svchost.exe[5488] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00100600 
.text C:\Windows\system32\conhost.exe[5520] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 000B03FC 
.text C:\Windows\system32\conhost.exe[5520] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 000B01F8 
.text C:\Windows\system32\conhost.exe[5520] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Windows\system32\conhost.exe[5520] USER32.dll!UnhookWindowsHookEx  7601ADF9 5 Bytes JMP 000C0A08 
.text C:\Windows\system32\conhost.exe[5520] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 000C03FC 
.text C:\Windows\system32\conhost.exe[5520] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 000C0804 
.text C:\Windows\system32\conhost.exe[5520] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 000C01F8 
.text C:\Windows\system32\conhost.exe[5520] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 000C0600 
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5548] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 000E03FC 
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5548] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 000E01F8 
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5548] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5548] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00140A08 
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5548] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 001403FC 
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5548] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00140804 
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5548] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 001401F8 
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5548] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00140600 
.text C:\Program Files\PURE Flow Server\TwonkyMediaServer.exe[5576] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 001F03FC 
.text C:\Program Files\PURE Flow Server\TwonkyMediaServer.exe[5576] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 001F01F8 
.text C:\Program Files\PURE Flow Server\TwonkyMediaServer.exe[5576] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\PURE Flow Server\TwonkyMediaServer.exe[5576] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00200A08 
.text C:\Program Files\PURE Flow Server\TwonkyMediaServer.exe[5576] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 002003FC 
.text C:\Program Files\PURE Flow Server\TwonkyMediaServer.exe[5576] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00200804 
.text C:\Program Files\PURE Flow Server\TwonkyMediaServer.exe[5576] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 002001F8 
.text C:\Program Files\PURE Flow Server\TwonkyMediaServer.exe[5576] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00200600 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtCreateFile + 6 771755CE 4 Bytes [28, A4, BC, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtCreateFile + B 771755D3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtMapViewOfSection + 6 77175C2E 4 Bytes [28, A7, BC, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtMapViewOfSection + B 77175C33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtOpenFile + 6 77175CDE 4 Bytes [68, A4, BC, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtOpenFile + B 77175CE3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtOpenProcess + 6 77175D8E 4 Bytes [A8, A5, BC, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtOpenProcess + B 77175D93 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtOpenProcessToken + 6 77175D9E 4 Bytes CALL 76181A48 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtOpenProcessToken + B 77175DA3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtOpenProcessTokenEx + 6 77175DAE 4 Bytes [A8, A6, BC, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtOpenProcessTokenEx + B 77175DB3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtOpenThread + 6 77175E0E 4 Bytes [68, A5, BC, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtOpenThread + B 77175E13 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtOpenThreadToken + 6  77175E1E 4 Bytes [68, A6, BC, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtOpenThreadToken + B 77175E23 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtOpenThreadTokenEx + 6 77175E2E 4 Bytes CALL 76181AD9 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtOpenThreadTokenEx + B 77175E33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtQueryAttributesFile + 6 77175F3E 4 Bytes [A8, A4, BC, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtQueryAttributesFile + B 77175F43 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtQueryFullAttributesFile + 6 77175FEE 4 Bytes CALL 76181C97 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtQueryFullAttributesFile + B 77175FF3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtSetInformationFile + 6 7717663E 4 Bytes [28, A5, BC, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtSetInformationFile + B 77176643 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtSetInformationThread + 6 7717669E 4 Bytes [28, A6, BC, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtSetInformationThread + B 771766A3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtUnmapViewOfSection + 6 771769BE 4 Bytes [68, A7, BC, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!NtUnmapViewOfSection + B 771769C3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 00C903FC 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 00C901F8 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00CB0A08 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 00CB03FC 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00CB0804 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 00CB01F8 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5804] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00CB0600 
.text C:\Windows\system32\NOTEPAD.EXE[6496] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 000E03FC 
.text C:\Windows\system32\NOTEPAD.EXE[6496] ntdll.dll!LdrLoadDll  7719223E 5 Bytes JMP 000E01F8 
.text C:\Windows\system32\NOTEPAD.EXE[6496] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Windows\system32\NOTEPAD.EXE[6496] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00100A08 
.text C:\Windows\system32\NOTEPAD.EXE[6496] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 001003FC 
.text C:\Windows\system32\NOTEPAD.EXE[6496] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00100804 
.text C:\Windows\system32\NOTEPAD.EXE[6496] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 001001F8 
.text C:\Windows\system32\NOTEPAD.EXE[6496] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00100600 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6728] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 000E03FC 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6728] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 000E01F8 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6728] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6728] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00100A08 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6728] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 001003FC 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6728] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00100804 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6728] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 001001F8 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6728] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00100600 
.text C:\Users\David\Downloads\3dv0l9nk.exe[6788] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 001E03FC 
.text C:\Users\David\Downloads\3dv0l9nk.exe[6788] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 001E01F8 
.text C:\Users\David\Downloads\3dv0l9nk.exe[6788] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Users\David\Downloads\3dv0l9nk.exe[6788] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00300A08 
.text C:\Users\David\Downloads\3dv0l9nk.exe[6788] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 003003FC 
.text C:\Users\David\Downloads\3dv0l9nk.exe[6788] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00300804 
.text C:\Users\David\Downloads\3dv0l9nk.exe[6788] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 003001F8 
.text C:\Users\David\Downloads\3dv0l9nk.exe[6788] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00300600 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6872] ntdll.dll!NtCreateFile + 6 771755CE 4 Bytes [28, D8, 8B, 00] {SUB AL, BL; MOV EAX, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6872] ntdll.dll!NtCreateFile + B 771755D3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6872] ntdll.dll!NtMapViewOfSection + 6 77175C2E 4 Bytes [28, DB, 8B, 00] {SUB BL, BL; MOV EAX, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6872] ntdll.dll!NtMapViewOfSection + B 77175C33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6872] ntdll.dll!NtOpenFile + 6 77175CDE 4 Bytes [68, D8, 8B, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6872] ntdll.dll!NtOpenFile + B 77175CE3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6872] ntdll.dll!NtOpenProcess + 6 77175D8E 4 Bytes [A8, D9, 8B, 00] {TEST AL, 0xd9; MOV EAX, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6872] ntdll.dll!NtOpenProcess + B 77175D93 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6872] ntdll.dll!NtOpenProcessToken + B 77175DA3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6872] ntdll.dll!NtOpenProcessTokenEx + 6 77175DAE 4 Bytes [A8, DA, 8B, 00] {TEST AL, 0xda; MOV EAX, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6872] ntdll.dll!NtOpenProcessTokenEx + B 77175DB3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6872] ntdll.dll!NtOpenThread + 6 77175E0E 4 Bytes [68, D9, 8B, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6872] ntdll.dll!NtOpenThread + B 77175E13 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6872] ntdll.dll!NtOpenThreadToken + 6 77175E1E 4 Bytes [68, DA, 8B, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6872] ntdll.dll!NtOpenThreadToken + B 77175E23 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6872] ntdll.dll!NtOpenThreadTokenEx + B 77175E33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6872] ntdll.dll!NtQueryAttributesFile + 6 77175F3E 4 Bytes [A8, D8, 8B, 00] {TEST AL, 0xd8; MOV EAX, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6872] ntdll.dll!NtQueryAttributesFile + B 77175F43 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6872] ntdll.dll!NtQueryFullAttributesFile + B 77175FF3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6872] ntdll.dll!NtSetInformationFile + 6 7717663E 4 Bytes [28, D9, 8B, 00] {SUB CL, BL; MOV EAX, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6872] ntdll.dll!NtSetInformationFile + B 77176643 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6872] ntdll.dll!NtSetInformationThread + 6 7717669E 4 Bytes [28, DA, 8B, 00] {SUB DL, BL; MOV EAX, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6872] ntdll.dll!NtSetInformationThread + B 771766A3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6872] ntdll.dll!NtUnmapViewOfSection + 6 771769BE 4 Bytes [68, DB, 8B, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6872] ntdll.dll!NtUnmapViewOfSection + B 771769C3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6872] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 009803FC 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6872] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 009801F8 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6872] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6872] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 009A0A08 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6872] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 009A03FC 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6872] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 009A0804 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6872] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 009A01F8 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[6872] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 009A0600 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7128] ntdll.dll!NtCreateFile + 6 771755CE 4 Bytes [28, 7C, 77, 00] {SUB [EDI+ESI*2+0x0], BH}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7128] ntdll.dll!NtCreateFile + B 771755D3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7128] ntdll.dll!NtMapViewOfSection + 6 77175C2E 4 Bytes [28, 7F, 77, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7128] ntdll.dll!NtMapViewOfSection + B 77175C33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7128] ntdll.dll!NtOpenFile + 6 77175CDE 4 Bytes [68, 7C, 77, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7128] ntdll.dll!NtOpenFile + B 77175CE3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7128] ntdll.dll!NtOpenProcess + 6 77175D8E 4 Bytes [A8, 7D, 77, 00] {TEST AL, 0x7d; JA 0x4}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7128] ntdll.dll!NtOpenProcess + B 77175D93 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7128] ntdll.dll!NtOpenProcessToken + B 77175DA3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7128] ntdll.dll!NtOpenProcessTokenEx + 6 77175DAE 4 Bytes [A8, 7E, 77, 00] {TEST AL, 0x7e; JA 0x4}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7128] ntdll.dll!NtOpenProcessTokenEx + B 77175DB3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7128] ntdll.dll!NtOpenThread + 6 77175E0E 4 Bytes [68, 7D, 77, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7128] ntdll.dll!NtOpenThread + B 77175E13 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7128] ntdll.dll!NtOpenThreadToken + 6 77175E1E 4 Bytes [68, 7E, 77, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7128] ntdll.dll!NtOpenThreadToken + B 77175E23 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7128] ntdll.dll!NtOpenThreadTokenEx + B 77175E33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7128] ntdll.dll!NtQueryAttributesFile + 6 77175F3E 4 Bytes [A8, 7C, 77, 00] {TEST AL, 0x7c; JA 0x4}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7128] ntdll.dll!NtQueryAttributesFile + B 77175F43 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7128] ntdll.dll!NtQueryFullAttributesFile + B 77175FF3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7128] ntdll.dll!NtSetInformationFile + 6 7717663E 4 Bytes [28, 7D, 77, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7128] ntdll.dll!NtSetInformationFile + B 77176643 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7128] ntdll.dll!NtSetInformationThread + 6 7717669E 4 Bytes [28, 7E, 77, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7128] ntdll.dll!NtSetInformationThread + B 771766A3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7128] ntdll.dll!NtUnmapViewOfSection + 6 771769BE 4 Bytes [68, 7F, 77, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7128] ntdll.dll!NtUnmapViewOfSection + B 771769C3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7128] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 008403FC 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7128] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 008401F8 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7128] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7128] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00860A08 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7128] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 008603FC 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7128] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00860804 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7128] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 008601F8 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7128] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00860600 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7440] ntdll.dll!NtCreateFile + 6 771755CE 4 Bytes [28, 98, A7, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7440] ntdll.dll!NtCreateFile + B 771755D3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7440] ntdll.dll!NtMapViewOfSection + 6 77175C2E 4 Bytes [28, 9B, A7, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7440] ntdll.dll!NtMapViewOfSection + B 77175C33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7440] ntdll.dll!NtOpenFile + 6 77175CDE 4 Bytes [68, 98, A7, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7440] ntdll.dll!NtOpenFile + B 77175CE3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7440] ntdll.dll!NtOpenProcess + 6 77175D8E 4 Bytes [A8, 99, A7, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7440] ntdll.dll!NtOpenProcess + B 77175D93 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7440] ntdll.dll!NtOpenProcessToken + 6 77175D9E 4 Bytes CALL 7618053C C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7440] ntdll.dll!NtOpenProcessToken + B 77175DA3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7440] ntdll.dll!NtOpenProcessTokenEx + 6 77175DAE 4 Bytes [A8, 9A, A7, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7440] ntdll.dll!NtOpenProcessTokenEx + B 77175DB3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7440] ntdll.dll!NtOpenThread + 6 77175E0E 4 Bytes [68, 99, A7, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7440] ntdll.dll!NtOpenThread + B 77175E13 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7440] ntdll.dll!NtOpenThreadToken + 6 77175E1E 4 Bytes [68, 9A, A7, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7440] ntdll.dll!NtOpenThreadToken + B 77175E23 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7440] ntdll.dll!NtOpenThreadTokenEx + 6 77175E2E 4 Bytes CALL 761805CD C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7440] ntdll.dll!NtOpenThreadTokenEx + B 77175E33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7440] ntdll.dll!NtQueryAttributesFile + 6 77175F3E 4 Bytes [A8, 98, A7, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7440] ntdll.dll!NtQueryAttributesFile + B 77175F43 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7440] ntdll.dll!NtQueryFullAttributesFile + 6 77175FEE 4 Bytes CALL 7618078B C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7440] ntdll.dll!NtQueryFullAttributesFile + B 77175FF3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7440] ntdll.dll!NtSetInformationFile + 6 7717663E 4 Bytes [28, 99, A7, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7440] ntdll.dll!NtSetInformationFile + B 77176643 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7440] ntdll.dll!NtSetInformationThread + 6 7717669E 4 Bytes [28, 9A, A7, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7440] ntdll.dll!NtSetInformationThread + B 771766A3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7440] ntdll.dll!NtUnmapViewOfSection + 6 771769BE 4 Bytes [68, 9B, A7, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7440] ntdll.dll!NtUnmapViewOfSection + B 771769C3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7440] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 00AD03FC 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7440] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 00AD01F8 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7440] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7440] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00AF0A08 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7440] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 00AF03FC 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7440] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00AF0804 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7440] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 00AF01F8 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7440] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00AF0600 
.text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe[7544] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 001F03FC 
.text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe[7544] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 001F01F8 
.text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe[7544] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe[7544] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00200A08 
.text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe[7544] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 002003FC 
.text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe[7544] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00200804 
.text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe[7544] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 002001F8 
.text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe[7544] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00200600 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] ntdll.dll!NtMapViewOfSection 77175C28 5 Bytes JMP 719F0022 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] ntdll.dll!KiUserApcDispatcher + E 77176F46 5 Bytes JMP 0121E740 c:\program files\trusteer\rapport\bin\rooksdol.dll (Rooks/Dolomite/Trusteer Ltd.)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 000E03FC 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 000E01F8 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] KERNEL32.dll!CreateProcessW 75BE204D 6 Bytes PUSH 71470022; RET 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] KERNEL32.dll!CreateNamedPipeW 75C12D97 6 Bytes PUSH 71530022; RET 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] KERNEL32.dll!GetQueuedCompletionStatus  75C14E90 6 Bytes PUSH 71630022; RET 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] KERNEL32.dll!CreateIoCompletionPort 75C18ED1 6 Bytes PUSH 714F0022; RET 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] KERNEL32.dll!ReadFile 75C29BAE 6 Bytes PUSH 714B0022; RET 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] KERNEL32.dll!CloseHandle 75C2E868 6 Bytes PUSH 715F0022; RET 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] KERNEL32.dll!SetUnhandledExceptionFilter 75C2F4FB 6 Bytes PUSH 71A30022; RET 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] KERNEL32.dll!WriteFile 75C353EE 6 Bytes PUSH 71570022; RET 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] KERNEL32.dll!CancelIo 75C412BE 6 Bytes PUSH 715B0022; RET 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] WS2_32.dll!getaddrinfo 77284296 5 Bytes JMP 716B0022 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] GDI32.dll!BitBlt 75E272C0 6 Bytes PUSH 71890022; RET 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] GDI32.dll!StretchDIBits 75E2A53E 6 Bytes PUSH 71850022; RET 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] USER32.dll!SetParent 76018314 6 Bytes PUSH 717B0022; RET 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00110A08 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 001103FC 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] USER32.dll!CreateWindowExA 7601BF40 6 Bytes JMP 7192000A 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00110804 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] USER32.dll!CreateWindowExW 7601EC7C 6 Bytes JMP 7196000A 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] USER32.dll!RegisterClassW 7601ED4A 6 Bytes PUSH 71A60022; RET 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] USER32.dll!ShowWindow 7601F2A9 6 Bytes PUSH 71730022; RET 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] USER32.dll!RegisterClassExW 76020162 6 Bytes PUSH 71AE0022; RET 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 001101F8 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] USER32.dll!SetWindowLongW 76024449 6 Bytes PUSH 71770022; RET 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] USER32.dll!PeekMessageW 7602634A 6 Bytes PUSH 719B0022; RET 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] USER32.dll!TranslateMessage  760264C7 6 Bytes PUSH 716F0022; RET 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] USER32.dll!GetClipboardData 76032BA7 6 Bytes PUSH 71810022; RET 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00110600 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] CRYPT32.dll!CertVerifyCertificateChainPolicy 7543A74E 6 Bytes PUSH 718D0022; RET 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7716] ADVAPI32.dll!CreateProcessAsUserW 772CC592 6 Bytes PUSH 71430022; RET 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7980] ntdll.dll!NtCreateFile + 6 771755CE 4 Bytes [28, 5C, E4, 00] {SUB [ESP+0x0], BL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7980] ntdll.dll!NtCreateFile + B 771755D3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7980] ntdll.dll!NtMapViewOfSection + 6 77175C2E 4 Bytes [28, 5F, E4, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7980] ntdll.dll!NtMapViewOfSection + B 77175C33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7980] ntdll.dll!NtOpenFile + 6 77175CDE 4 Bytes [68, 5C, E4, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7980] ntdll.dll!NtOpenFile + B 77175CE3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7980] ntdll.dll!NtOpenProcess + 6 77175D8E 4 Bytes [A8, 5D, E4, 00] {TEST AL, 0x5d; IN AL, 0x0}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7980] ntdll.dll!NtOpenProcess + B 77175D93 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7980] ntdll.dll!NtOpenProcessToken + 6 77175D9E 4 Bytes CALL 76184200 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7980] ntdll.dll!NtOpenProcessToken + B 77175DA3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7980] ntdll.dll!NtOpenProcessTokenEx + 6 77175DAE 4 Bytes [A8, 5E, E4, 00] {TEST AL, 0x5e; IN AL, 0x0}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7980] ntdll.dll!NtOpenProcessTokenEx + B 77175DB3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7980] ntdll.dll!NtOpenThread + 6 77175E0E 4 Bytes [68, 5D, E4, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7980] ntdll.dll!NtOpenThread + B 77175E13 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7980] ntdll.dll!NtOpenThreadToken + 6 77175E1E 4 Bytes [68, 5E, E4, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7980] ntdll.dll!NtOpenThreadToken + B 77175E23 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7980] ntdll.dll!NtOpenThreadTokenEx + 6 77175E2E 4 Bytes CALL 76184291 C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7980] ntdll.dll!NtOpenThreadTokenEx + B 77175E33 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7980] ntdll.dll!NtQueryAttributesFile + 6 77175F3E 4 Bytes [A8, 5C, E4, 00] {TEST AL, 0x5c; IN AL, 0x0}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7980] ntdll.dll!NtQueryAttributesFile + B 77175F43 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7980] ntdll.dll!NtQueryFullAttributesFile + 6 77175FEE 4 Bytes CALL 7618444F C:\Windows\system32\SHELL32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7980] ntdll.dll!NtQueryFullAttributesFile + B 77175FF3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7980] ntdll.dll!NtSetInformationFile + 6 7717663E 4 Bytes [28, 5D, E4, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7980] ntdll.dll!NtSetInformationFile + B 77176643 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7980] ntdll.dll!NtSetInformationThread + 6 7717669E 4 Bytes [28, 5E, E4, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7980] ntdll.dll!NtSetInformationThread + B 771766A3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7980] ntdll.dll!NtUnmapViewOfSection + 6 771769BE 4 Bytes [68, 5F, E4, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7980] ntdll.dll!NtUnmapViewOfSection + B 771769C3 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7980] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 00EA03FC 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7980] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 00EA01F8 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7980] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7980] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00EC0A08 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7980] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 00EC03FC 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7980] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00EC0804 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7980] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 00EC01F8 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7980] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00EC0600 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7992] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 000E03FC 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7992] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 000E01F8 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7992] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7992] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00100A08 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7992] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 001003FC 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7992] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00100804 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7992] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 001001F8 
.text C:\Program Files\Google\Chrome\Application\chrome.exe[7992] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00100600 
.text C:\Program Files\AVG Secure Search\vprot.exe[8092] ntdll.dll!LdrUnloadDll 7718C86E 5 Bytes JMP 000F03FC 
.text C:\Program Files\AVG Secure Search\vprot.exe[8092] ntdll.dll!LdrLoadDll 7719223E 5 Bytes JMP 000F01F8 
.text C:\Program Files\AVG Secure Search\vprot.exe[8092] KERNEL32.dll!GetBinaryTypeW + 70 75C469F4 1 Byte [62]
.text C:\Program Files\AVG Secure Search\vprot.exe[8092] USER32.dll!UnhookWindowsHookEx 7601ADF9 5 Bytes JMP 00200A08 
.text C:\Program Files\AVG Secure Search\vprot.exe[8092] USER32.dll!UnhookWinEvent 7601B750 5 Bytes JMP 002003FC 
.text C:\Program Files\AVG Secure Search\vprot.exe[8092] USER32.dll!SetWindowsHookExW 7601E30C 5 Bytes JMP 00200804 
.text C:\Program Files\AVG Secure Search\vprot.exe[8092] USER32.dll!SetWinEventHook 760224DC 5 Bytes JMP 002001F8 
.text C:\Program Files\AVG Secure Search\vprot.exe[8092] USER32.dll!SetWindowsHookExA 76046D0C 5 Bytes JMP 00200600

---- EOF - GMER 2.0 ----

(maybe I should have used an attachment after all......)


----------



## STIG_DH (Jan 25, 2013)

Not sure if computer performance is related to PUP:mywebsearch or other issues, but ability to use browsers has become more frustrating even since first post.

Thanks for any help or advice you can provide


----------



## STIG_DH (Jan 25, 2013)

*Hi
I've not had a response yet - and it may be because of the manner in which I have presented my problem (ie posting all necessary log files across 4 posts)

If my (assumed) problem isn't relevant for this forum, please let me know

Thanks in advance*


----------



## kevinf80 (Mar 21, 2006)

Download http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner by Xplode onto your Desktop.


 Please close all open programs and internet browsers.
 Double click on *Adwcleaner.exe* to run the tool.
 Click on *Delete*.
 Confirm each time with OK.
 Your computer will be rebooted automatically. A text file will open after the restart.
 Please post the content of that logfile in your reply.
 You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

Next,

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from the following link :-

http://download.bleepingcomputer.com/sUBs/ComboFix.exe


 Ensure that Combofix is saved directly to the Desktop * <--- Very important*

 Disable all security programs as they will have a negative effect on Combofix, instructions available here http://www.bleepingcomputer.com/forums/topic114351.html if required. Be aware the list may not have all programs listed, if you need more help please ask.

 Close any open browsers and any other programs you might have running

 Double click the







icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)

 Instructions for running Combofix available here http://www.bleepingcomputer.com/combofix/how-to-use-combofix if required.

 If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.

 When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

*******Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze* ******

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read here http://thespykiller.co.uk/index.php?page=20 why disabling autoruns is recommended.

*EXTRA NOTES*

 If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
 *If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal*
 If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the log in next reply please...

Kevin


----------



## STIG_DH (Jan 25, 2013)

Kevin

I can only provide a partial response for now.
Bleeping computer have suffered from an infected ComboFix (Sality virus) and have pulled the application from their site today.

They also advise users on steps to take if they have used a recent ComboFix (which is likely to be infected):
http://www.bleepingcomputer.com/forums/topic483431.html

Hope this is helpful - i guess you guys will experience some outcomes from this.

Here is my first log

David

# AdwCleaner v2.109 - Logfile created 01/29/2013 at 16:58:19
# Updated 26/01/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
# User : David - DAVID-PC
# Boot Mode : Normal
# Running from : C:\Users\David\Downloads\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

Deleted on reboot : C:\Program Files\Common Files\AVG Secure Search
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\wf9gy7j5.default\searchplugins\Askcom.xml
File Deleted : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\wf9gy7j5.default\searchplugins\Conduit.xml
File Deleted : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\wf9gy7j5.default\searchplugins\mywebsearch.xml
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\Users\David\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\David\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\David\AppData\LocalLow\FunWebProducts
Folder Deleted : C:\Users\David\AppData\LocalLow\MyWebSearch

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Fun Web Products
Key Deleted : HKCU\Software\AppDataLow\Software\FunWebProducts
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0702A2B6-13AA-4090-9E01-BCDC85DD933F}
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [[email protected]]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://isearch.avg.com/?cid={501DFD45-A49D-42DF-AA9E-94D14FE10DEA}&mid=817714f9acf041b5a6547aa47ab33c10-65e1a4875b02c7609a9be601045b080760c605a4&lang=en&ds=hk011&pr=&d=2013-01-25 15:38:26&v=13.2.0.4&sap=hp --> hxxp://www.google.com

-\\ Mozilla Firefox v18.0.1 (en-GB)

File : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\wf9gy7j5.default\prefs.js

C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\wf9gy7j5.default\user.js ... Deleted !

Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.userId", "{9c4ce659-37b7-47a0-8efc-2153ff9218e9}");
Deleted : user_pref("browser.newtabpage.pinned", "[{\"url\":\"hxxp://www.bbc.co.uk/\",\"title\":\"BBC - Homepa[...]
Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Deleted : user_pref("browser.search.defaultthis.engineName", "Free Radio TV Customized Web Search");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2354614&Sea[...]
Deleted : user_pref("browser.startup.homepage", "hxxp://isearch.avg.com/?cid={501DFD45-A49D-42DF-AA9E-94D14FE1[...]
Deleted : user_pref("extensions.mywebsearch.openSearchURL", "hxxp://search.mywebsearch.com/mywebsearch/opensea[...]
Deleted : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
Deleted : user_pref("extensions.mywebsearch.prevKwdURL", "hxxp://uk.yhs.search.yahoo.com/avg/search?fr=yhs-avg[...]
Deleted : user_pref("[email protected]", true);
Deleted : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid={501DFD45-A49D-42DF-AA9E-94D14FE10DEA}&m[...]

-\\ Google Chrome v24.0.1312.56

File : C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [7240 octets] - [29/01/2013 16:58:19]

########## EOF - C:\AdwCleaner[S1].txt - [7300 octets] ##########


----------



## kevinf80 (Mar 21, 2006)

Yep Combofix is on hold until the Developer gives us the all clear. For now run the following and post its log...

Please download RogueKiller from here http://tigzy.geekstogo.com/Tools/RogueKiller.exe or here http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe and save Direct to your Desktop.


 Quit all running programs
 Please disconnect any USB or external drives from the computer before you run this scan!
 For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
 Wait until Prescan has finished...
 The following EULA will appear, please select accept










 Ensure MBR scan, Check faked and AntiRootkit are checked
 Select Scan










 When the scan completes select Report, copy and paste that to your reply.










 The log should be found in RKreport[?].txt on your Desktop
 Exit/Close RogueKiller

Kevin


----------



## STIG_DH (Jan 25, 2013)

Hmmm,
I got as far as running the scan following your instruction precisely.
Then got an error message saying windows stopped running RogueKiller.

Thought I would ask you first before I tried again.....?
D


----------



## kevinf80 (Mar 21, 2006)

Run ESET online AV scan, see what that log turns up...

Run Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page http://www.eset.com/home/products/online-scanner/ to run an online scanner from ESET.


 Turn off the real time scanner of any existing antivirus program while performing the online scan
 click on the Run ESET Online Scanner button
 Tick the box next to YES, I accept the Terms of Use.
*Click Start*
 When asked, allow the add/on to be installed
*Click Start*
 Make sure that the option Remove found threats is unticked
 Click on Advanced Settings, ensure the options
 Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
*Click Scan*
 wait for the virus definitions to be downloaded
 Wait for the scan to finish
*When the scan is complete*


 If no threats were found
 put a checkmark in "Uninstall application on close"
 close program
 report to me that nothing was found
*If threats were found*


 click on "list of threats found"
 click on "export to text file" and save it as ESET SCAN and save to the desktop
 Click on back
 put a checkmark in "Uninstall application on close"
 click on finish
*close program*
*copy and paste the report here*

Kevin...


----------



## STIG_DH (Jan 25, 2013)

Kevin

2 threats found. I think I know the source of both of them.
I used HFS for a while to wireless convey pictures from PC to TV (by way of PS3)
I just downloaded trial version of winzip a couple of days ago (but since the PC slow-down)

I am happy to remove either/both

*ESET SCAN*

C:\Users\David\Downloads\hfs.exe	a variant of Win32/Server-Web.HFS.A application
C:\Users\David\Downloads\WinZip170.exe	a variant of Win32/OpenInstall application

David


----------



## kevinf80 (Mar 21, 2006)

Open Notepad, select "Format" from the menu bar, make sure "Word Wrap" is *not* checked. Copy the text from the code box below to Notepad.


```
@echo off
del /f /s /q "C:\Users\David\Downloads\hfs.exe"
del /f /s /q "C:\Users\David\Downloads\WinZip170.exe"
del %0
```
Save the Notepad file on your desktop...as delfile.bat... save type as "All Files"
It should look like this:







<--XP







<--vista or windows 7
Double click on delfile.bat to execute it.
A black CMD window will flash, then disappear...this is normal.
The files and folders, if found...will have been deleted and the "delfile.bat" file will also be deleted.

Next,

Download *OTL* from any of the following links and save to your desktop.

http://itxassociates.com/OT-Tools/OTL.com
http://oldtimer.geekstogo.com/OTL.exe
http://www.itxassociates.com/OT-Tools/OTL.scr

Double click the icon to start the tool. (Note: If you are running on Vista or Windows 7 accept UAC alert)


 When the window appears, underneath *Output* at the top, make sure *Standard output* is selected.
 Select *Scan all users*
 Under the *Extra Registry* section, check *Use SafeList*
 In the lower right corner, checkmark *"LOP Check"* and checkmark *"Purity Check".*
 Click *Run Scan* and let the program run uninterrupted.
 When the scan is complete, two text files will be created on your Desktop.
 *OTL.Txt* <- this one will be opened
 *Extras.txt* <- this one will be minimized

Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of *OTL.Txt* and the *Extras.txt* in your next reply.

Let me see those logs please, also give an update on current issues or concerns..

Kevin


----------



## STIG_DH (Jan 25, 2013)

Kevin

as requested in your last post this morning. I will try to send in 2 successive files as i continue to experience a problem in previewing or sending this post - it (seems to take too long to submit / accept and then I get timed out. (A symptom of my general problems- if not imposed by a text file limit on your forum).

I will send on Extras log file than reboot PC and report what more fully I see wrt performance etc in ca 30mins.
Thanks

David

*OTL.txt log file*

OTL logfile created on: 30/01/2013 08:30:07 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\David\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 0.77 Gb Available Physical Memory | 38.64% Memory free
4.00 Gb Paging File | 1.79 Gb Available in Paging File | 44.91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 454.80 Gb Total Space | 304.50 Gb Free Space | 66.95% Space Free | Partition Type: NTFS

Computer Name: DAVID-PC | User Name: David | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/30 08:27:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\David\Downloads\OTL.exe
PRC - [2013/01/25 15:37:51 | 000,711,112 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
PRC - [2013/01/18 08:07:04 | 001,248,208 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013/01/16 11:17:16 | 000,295,072 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2013/01/10 15:58:22 | 001,078,624 | ---- | M] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) -- C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
PRC - [2013/01/10 15:48:32 | 000,395,616 | ---- | M] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) -- C:\Program Files\Evernote\Evernote\EvernoteTray.exe
PRC - [2013/01/10 15:48:30 | 011,771,744 | ---- | M] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) -- C:\Program Files\Evernote\Evernote\Evernote.exe
PRC - [2013/01/04 22:29:06 | 028,539,232 | ---- | M] (Dropbox, Inc.) -- C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/12/23 22:13:16 | 001,673,048 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2012/12/23 22:13:16 | 000,976,728 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2012/12/18 14:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/17 19:50:28 | 016,328,976 | ---- | M] (Google) -- C:\Program Files\Google\Drive\googledrivesync.exe
PRC - [2012/11/30 02:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012/11/29 20:33:04 | 000,232,608 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
PRC - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012/11/23 02:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/10/30 22:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/10/30 22:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/10/26 18:16:12 | 000,271,808 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.0.313\SSScheduler.exe
PRC - [2012/10/26 10:33:12 | 001,038,496 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
PRC - [2012/10/26 09:44:42 | 000,957,056 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update\VUAgent.exe
PRC - [2012/09/23 19:44:16 | 001,600,512 | ---- | M] () -- C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe
PRC - [2012/06/26 20:36:58 | 001,629,280 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Device Center\ipoint.exe
PRC - [2012/06/26 20:36:58 | 001,109,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Device Center\itype.exe
PRC - [2011/08/08 11:12:42 | 000,039,080 | ---- | M] (RPA Technology) -- C:\Program Files\Air Mouse\Air Mouse\Mobile Mouse Service.exe
PRC - [2011/03/10 00:50:38 | 000,565,248 | ---- | M] (Microsoft) -- C:\Program Files\Hobbyist Software\Off-Helper\Off-Helper Configuration.exe
PRC - [2011/03/10 00:17:10 | 000,006,656 | ---- | M] (Microsoft) -- C:\Program Files\Hobbyist Software\Off-Helper\Off-Helper Service.exe
PRC - [2011/02/25 05:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/17 17:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 17:37:40 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010/05/20 16:15:00 | 000,110,736 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2010/03/11 14:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2009/10/29 10:11:16 | 000,239,248 | ---- | M] (PacketVideo) -- C:\Program Files\PURE Flow Server\twonkymediaserverwatchdog.exe
PRC - [2009/10/29 10:11:14 | 000,239,248 | ---- | M] (PacketVideo) -- C:\Program Files\PURE Flow Server\twonkymediaserverconfig.exe
PRC - [2009/10/29 10:11:12 | 000,665,232 | ---- | M] () -- C:\Program Files\PURE Flow Server\twonkymediaserver.exe
PRC - [2009/03/05 18:41:58 | 005,189,992 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
PRC - [2008/11/05 07:32:40 | 000,262,144 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Network Utility\LANUtil.exe
PRC - [2008/11/03 15:01:44 | 000,299,008 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Network Utility\NSUService.exe
PRC - [2007/11/09 17:34:28 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe
PRC - [2007/10/27 00:22:47 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/09/10 23:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
PRC - [2007/08/15 04:05:18 | 000,182,392 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2007/08/15 04:05:18 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe

========== Modules (No Company Name) ==========

MOD - [2013/01/29 17:04:49 | 000,086,016 | ---- | M] () -- C:\Users\David\AppData\Local\Temp\_MEI36962\_elementtree.pyd
MOD - [2013/01/29 17:04:49 | 000,040,448 | ---- | M] () -- C:\Users\David\AppData\Local\Temp\_MEI36962\_socket.pyd
MOD - [2013/01/29 17:04:48 | 001,024,616 | ---- | M] () -- C:\Users\David\AppData\Local\Temp\_MEI36962\windows._cacheinvalidation.pyd
MOD - [2013/01/29 17:04:48 | 000,792,576 | ---- | M] () -- C:\Users\David\AppData\Local\Temp\_MEI36962\wx._gdi_.pyd
MOD - [2013/01/29 17:04:48 | 000,571,392 | ---- | M] () -- C:\Users\David\AppData\Local\Temp\_MEI36962\pysqlite2._sqlite.pyd
MOD - [2013/01/29 17:04:48 | 000,263,168 | ---- | M] () -- C:\Users\David\AppData\Local\Temp\_MEI36962\win32com.shell.shell.pyd
MOD - [2013/01/29 17:04:48 | 000,153,088 | ---- | M] () -- C:\Users\David\AppData\Local\Temp\_MEI36962\pyexpat.pyd
MOD - [2013/01/29 17:04:48 | 000,096,256 | ---- | M] () -- C:\Users\David\AppData\Local\Temp\_MEI36962\win32api.pyd
MOD - [2013/01/29 17:04:48 | 000,070,656 | ---- | M] () -- C:\Users\David\AppData\Local\Temp\_MEI36962\wx._html2.pyd
MOD - [2013/01/29 17:04:48 | 000,023,040 | ---- | M] () -- C:\Users\David\AppData\Local\Temp\_MEI36962\win32ts.pyd
MOD - [2013/01/29 17:04:48 | 000,017,920 | ---- | M] () -- C:\Users\David\AppData\Local\Temp\_MEI36962\win32profile.pyd
MOD - [2013/01/29 17:04:48 | 000,011,776 | ---- | M] () -- C:\Users\David\AppData\Local\Temp\_MEI36962\win32crypt.pyd
MOD - [2013/01/29 17:04:47 | 000,731,136 | ---- | M] () -- C:\Users\David\AppData\Local\Temp\_MEI36962\wx._misc_.pyd
MOD - [2013/01/29 17:04:47 | 000,354,304 | ---- | M] () -- C:\Users\David\AppData\Local\Temp\_MEI36962\pythoncom26.dll
MOD - [2013/01/29 17:04:47 | 000,073,728 | ---- | M] () -- C:\Users\David\AppData\Local\Temp\_MEI36962\_ctypes.pyd
MOD - [2013/01/29 17:04:46 | 001,169,408 | ---- | M] () -- C:\Users\David\AppData\Local\Temp\_MEI36962\wx._core_.pyd
MOD - [2013/01/29 17:04:46 | 000,807,424 | ---- | M] () -- C:\Users\David\AppData\Local\Temp\_MEI36962\wx._windows_.pyd
MOD - [2013/01/29 17:04:46 | 000,645,120 | ---- | M] () -- C:\Users\David\AppData\Local\Temp\_MEI36962\_ssl.pyd
MOD - [2013/01/29 17:04:46 | 000,311,808 | ---- | M] () -- C:\Users\David\AppData\Local\Temp\_MEI36962\_hashlib.pyd
MOD - [2013/01/29 17:04:46 | 000,110,592 | ---- | M] () -- C:\Users\David\AppData\Local\Temp\_MEI36962\win32security.pyd
MOD - [2013/01/29 17:04:46 | 000,110,592 | ---- | M] () -- C:\Users\David\AppData\Local\Temp\_MEI36962\PyWinTypes26.dll
MOD - [2013/01/29 17:04:46 | 000,036,352 | ---- | M] () -- C:\Users\David\AppData\Local\Temp\_MEI36962\win32process.pyd
MOD - [2013/01/29 17:04:46 | 000,022,528 | ---- | M] () -- C:\Users\David\AppData\Local\Temp\_MEI36962\win32pdh.pyd
MOD - [2013/01/29 17:04:45 | 000,121,856 | ---- | M] () -- C:\Users\David\AppData\Local\Temp\_MEI36962\wx._wizard.pyd
MOD - [2013/01/29 17:04:45 | 000,111,104 | ---- | M] () -- C:\Users\David\AppData\Local\Temp\_MEI36962\win32file.pyd
MOD - [2013/01/29 17:04:45 | 000,039,424 | ---- | M] () -- C:\Users\David\AppData\Local\Temp\_MEI36962\win32inet.pyd
MOD - [2013/01/29 17:04:44 | 001,056,256 | ---- | M] () -- C:\Users\David\AppData\Local\Temp\_MEI36962\wx._controls_.pyd
MOD - [2013/01/29 17:04:44 | 000,585,728 | ---- | M] () -- C:\Users\David\AppData\Local\Temp\_MEI36962\unicodedata.pyd
MOD - [2013/01/29 17:04:44 | 000,017,920 | ---- | M] () -- C:\Users\David\AppData\Local\Temp\_MEI36962\win32event.pyd
MOD - [2013/01/29 17:04:44 | 000,011,776 | ---- | M] () -- C:\Users\David\AppData\Local\Temp\_MEI36962\select.pyd
MOD - [2013/01/18 08:07:02 | 012,459,472 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.56\PepperFlash\pepflashplayer.dll
MOD - [2013/01/18 08:07:02 | 000,460,240 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.56\ppgooglenaclpluginchrome.dll
MOD - [2013/01/18 08:07:01 | 004,012,496 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.56\pdf.dll
MOD - [2013/01/18 08:06:15 | 000,597,968 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.56\libglesv2.dll
MOD - [2013/01/18 08:06:15 | 000,124,368 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.56\libegl.dll
MOD - [2013/01/18 08:06:13 | 001,552,848 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.56\ffmpegsumo.dll
MOD - [2013/01/11 10:28:47 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\b95e7795ea5951d09521cddfc03b5c4e\Microsoft.VisualBasic.ni.dll
MOD - [2013/01/11 10:18:21 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll
MOD - [2013/01/11 10:17:52 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll
MOD - [2013/01/11 10:17:12 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\68f617caf670fefc0be769a294dc4ffd\System.ServiceProcess.ni.dll
MOD - [2013/01/11 10:16:25 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013/01/11 10:15:20 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll
MOD - [2013/01/11 10:11:41 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll
MOD - [2013/01/11 10:09:32 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/01/11 10:09:04 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll
MOD - [2013/01/11 10:08:45 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013/01/11 10:08:32 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/01/11 10:08:12 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013/01/11 10:05:42 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/11 10:05:17 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012/10/29 11:50:00 | 000,520,464 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
MOD - [2012/09/23 19:44:16 | 001,600,512 | ---- | M] () -- C:\Program Files\Air Mouse\Air Mouse\Air Mouse.exe
MOD - [2012/09/08 12:16:30 | 000,433,664 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libxml2.dll
MOD - [2012/09/08 12:16:20 | 000,315,392 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libtidy.dll
MOD - [2012/08/29 06:50:42 | 021,009,920 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libcef.dll
MOD - [2012/08/29 06:50:28 | 000,133,134 | ---- | M] () -- C:\Program Files\Evernote\Evernote\avutil-51.dll
MOD - [2012/08/29 06:50:26 | 000,189,454 | ---- | M] () -- C:\Program Files\Evernote\Evernote\avformat-54.dll
MOD - [2012/08/29 06:50:24 | 000,983,054 | ---- | M] () -- C:\Program Files\Evernote\Evernote\avcodec-54.dll
MOD - [2012/08/21 17:18:44 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
MOD - [2011/08/27 22:17:09 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2011/06/14 13:19:56 | 000,025,600 | ---- | M] () -- C:\Program Files\Air Mouse\Air Mouse\BonjourService.dll

========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2013/01/25 15:37:51 | 000,711,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe -- (vToolbarUpdater13.2.0)
SRV - [2013/01/20 13:47:32 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/01/19 10:24:32 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/12/23 22:13:16 | 000,976,728 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2012/12/18 14:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2012/11/09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/10/30 22:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/10/26 18:15:26 | 000,234,776 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.313\McCHSvc.exe -- (McComponentHostService)
SRV - [2012/10/26 09:44:42 | 000,957,056 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Update\VUAgent.exe -- (VUAgent)
SRV - [2012/01/28 06:21:35 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012/01/18 13:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2011/03/10 00:17:10 | 000,006,656 | ---- | M] (Microsoft) [Auto | Running] -- C:\Program Files\Hobbyist Software\Off-Helper\Off-Helper Service.exe -- (Off-Helper)
SRV - [2010/05/20 16:15:00 | 000,110,736 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2010/05/10 10:33:42 | 000,110,592 | ---- | M] (WDC) [Disabled | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2010/05/10 10:32:36 | 001,858,048 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME)
SRV - [2010/05/10 10:32:06 | 000,482,304 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC)
SRV - [2010/03/11 14:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009/10/29 10:11:16 | 000,239,248 | ---- | M] (PacketVideo) [Auto | Running] -- C:\Program Files\PURE Flow Server\twonkymediaserverwatchdog.exe -- (PURE Flow Server)
SRV - [2009/09/08 17:09:14 | 000,083,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper)
SRV - [2009/07/14 01:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 01:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/05/30 10:49:55 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/03/05 18:47:40 | 000,313,264 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2009/03/05 18:47:40 | 000,192,512 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2009/03/05 18:47:40 | 000,069,632 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2009/03/05 18:41:58 | 005,189,992 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2008/11/03 15:01:44 | 000,299,008 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\Network Utility\NSUService.exe -- (NSUService)
SRV - [2007/11/09 17:34:28 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe -- (uCamMonitor)
SRV - [2007/10/27 00:22:47 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/09/10 23:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2007/08/15 04:05:18 | 000,182,392 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2007/06/20 22:35:06 | 002,523,136 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2007/06/20 22:34:52 | 000,499,712 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2007/06/20 22:34:50 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-UCLS-UPnP)
SRV - [2007/06/20 22:34:50 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP)
SRV - [2007/06/20 22:34:50 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-UCLS-HTTP)
SRV - [2007/06/20 22:34:50 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP)
SRV - [2007/01/10 23:51:06 | 000,745,472 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe -- (VAIOMediaPlatform-UCLS-AppServer)
SRV - [2006/12/14 09:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 09:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 08:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)

========== Driver Services (SafeList) ==========

DRV - [2013/01/29 19:48:54 | 000,015,616 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\Windows\System32\drivers\TrueSight.sys -- (TrueSight)
DRV - [2013/01/25 15:37:52 | 000,026,984 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012/12/23 22:13:34 | 000,071,480 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2012/12/23 22:13:34 | 000,065,848 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2012/12/23 22:13:32 | 000,166,840 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2012/10/30 22:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/10/30 22:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/10/30 22:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/10/30 22:51:57 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/10/30 22:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/10/29 11:50:33 | 000,272,216 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus32_43926.sys -- (RapportCerberus_43926)
DRV - [2012/10/15 16:59:28 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2012/08/09 13:55:05 | 000,025,200 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2012/08/09 13:55:05 | 000,012,400 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2011/10/07 17:52:18 | 000,021,504 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0)
DRV - [2010/12/08 04:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/11/20 10:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 09:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/09/07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/03/10 10:36:36 | 000,217,032 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/10/05 09:08:42 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2009/07/13 22:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/13 22:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2008/05/06 15:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2007/12/20 15:52:06 | 000,017,408 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV - [2007/11/23 14:59:43 | 000,841,472 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVerM115S.sys -- (AVerM115S)
DRV - [2007/11/08 03:04:27 | 000,073,472 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FLx86.sys -- (R5U870FLx86)
DRV - [2007/11/08 03:04:27 | 000,043,904 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FUx86.sys -- (R5U870FUx86)
DRV - [2007/11/07 00:16:12 | 007,626,400 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/10/27 00:22:55 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/09/20 00:12:57 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/09/19 21:38:18 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
DRV - [2007/08/29 01:58:45 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
DRV - [2007/06/06 00:00:39 | 000,812,544 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2007/05/26 08:03:06 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2007/04/24 08:33:46 | 000,100,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125mgmt.sys -- (s125mgmt)
DRV - [2007/04/24 08:33:46 | 000,098,696 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125obex.sys -- (s125obex)
DRV - [2007/04/24 08:33:44 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125mdm.sys -- (s125mdm)
DRV - [2007/04/24 08:33:42 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125mdfl.sys -- (s125mdfl)
DRV - [2007/04/24 08:33:34 | 000,083,336 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125bus.sys -- (s125bus)
DRV - [2007/04/17 20:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{8D835501-C37D-4043-AD6C-A23EB260A8CD}: "URL" = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}

IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://club.vaio.sony.co.uk/clubva [Binary data over 200 bytes]
IE - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\..\SearchScopes\{0717AC97-BDB4-4CEB-85B7-0CA63B554F35}: "URL" = http://www.cnet.com/4244-5_1-0.html?query={searchTerms}&tag=srch&target=nw
IE - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\..\SearchScopes\{8D835501-C37D-4043-AD6C-A23EB260A8CD}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GPEA_en-GB
IE - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
IE - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\..\SearchScopes\{D8B9925B-7A40-427C-A6EA-191BC3A43307}: "URL" = http://uk.ask.com/web?q={searchTerms}&qsrc=0&o=0&l=dir&dm=all
IE - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: %7B195A3098-0BD5-4e90-AE22-BA1C540AFD1E%7D:4.0.4
FF - prefs.js..extensions.enabledAddons: %7BE0B8C461-F8FB-49b4-8373-FE32E9252800%7D:5.4.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.12.2.44172
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1209
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..extensions.enabledItems: {5c8bfb7c-9a54-11dc-8314-0800200c9a66}:3.6.7
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.313\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/11/20 08:34:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/01/16 11:18:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/01/16 11:18:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/19 10:24:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/01/19 10:24:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/19 10:24:34 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/01/19 10:24:22 | 000,000,000 | ---D | M]

[2012/01/27 19:20:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\David\AppData\Roaming\Mozilla\Extensions
[2013/01/14 18:31:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\wf9gy7j5.default\extensions
[2012/12/01 13:19:35 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\wf9gy7j5.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2012/01/27 19:20:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\wf9gy7j5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/01/27 19:20:20 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\wf9gy7j5.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2013/01/14 17:09:38 | 000,000,000 | ---D | M] (Evernote Web Clipper) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\wf9gy7j5.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
[2012/02/10 15:52:35 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\wf9gy7j5.default\extensions\[email protected]
[2013/01/14 18:31:15 | 000,579,823 | ---- | M] () (No name found) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\wf9gy7j5.default\extensions\{6C4BAFB6-2AC2-4405-A98D-546B55B3AE92}.xpi
[2012/11/26 08:18:58 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\wf9gy7j5.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/01/19 10:24:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/01/19 10:24:33 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/03/10 23:01:02 | 000,124,272 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CCMSDK.dll
[2010/03/10 23:02:52 | 000,070,512 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2010/03/10 23:01:48 | 000,091,504 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
[2010/03/10 23:01:24 | 000,022,384 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
[2008/06/19 09:16:24 | 000,118,784 | ---- | M] (CANON INC.) -- C:\Program Files\mozilla firefox\plugins\MyCamera.dll
[2008/06/19 09:16:24 | 000,053,248 | ---- | M] (CANON INC.) -- C:\Program Files\mozilla firefox\plugins\NPCIG.dll
[2010/03/10 23:40:56 | 000,423,248 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
[2013/01/16 11:17:26 | 000,124,056 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2010/03/10 23:02:48 | 000,023,920 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
[2012/12/05 18:48:18 | 000,001,738 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/10/15 09:10:53 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/12/05 18:48:18 | 000,001,148 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/12/05 18:48:18 | 000,001,379 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/10/15 09:10:53 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/12/05 18:48:18 | 000,001,334 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - homepage: http://www.bbc.co.uk/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.bbc.co.uk/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.56\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.56\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Canon Online Photo Plugin Module (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPCIG.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Users\David\AppData\Roaming\Mozilla\plugins\npatgpc.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll
CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\Mozilla Plugins\npitunes.dll
CHR - plugin: Media Go Detector (Enabled) = C:\Program Files\Sony\Media Go\npmediago.dll
CHR - plugin: PlayStation(R)Network Downloader Check Plug-in (Enabled) = C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Drive = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Kingdom Rush = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckmfhhjalnddapegkbbohfaodgbnocim\1.0.7.3_0\
CHR - Extension: Google Search = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
CHR - Extension: RealDownloader = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0\
CHR - Extension: Wave theme = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgahidbcmoibbodajeakkjpocflpnad\1.32_0\
CHR - Extension: SlideRocket = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\omeengfjefdmhnkojnfmncpfdbhnecea\2.0.2_0\
CHR - Extension: Evernote Web Clipper = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\5.9.5_0\
CHR - Extension: Gmail = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2006/09/18 21:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.313\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Evernote extension) - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google BAE\BAE.dll (Your Company Name)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Hobbyist Software On-Off Helper] C:\Program Files\Hobbyist Software\Off-Helper\Off-Helper Configuration.exe (Microsoft)
O4 - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft Device Center\ipoint.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IntelliType Pro] c:\Program Files\Microsoft Device Center\itype.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [ROC_roc_ssl_v12] "C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 File not found
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" File not found
O4 - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000..\Run: [GoogleDriveSync] C:\Program Files\Google\Drive\googledrivesync.exe (Google)
O4 - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000..\Run: [NSUFloatingUI] C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\David\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O4 - Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PUREFlow Server.lnk = C:\Program Files\PURE Flow Server\twonkymediaserverconfig.exe (PacketVideo)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Evernote 4 - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O8 - Extra context menu item: New Note - C:\Program Files\Evernote\Evernote\\EvernoteIERes\NewNote.html ()
O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.11.2)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.11.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B8E8EBE0-C1DD-4A83-86D6-F9C48AD53AA8}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B8E8EBE0-C1DD-4A83-86D6-F9C48AD53AA8}: NameServer = 192.168.2.1,89.16.173.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C2AADC08-9101-4CD2-9A9F-4AEA51038AE5}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Backgrounds\01931_desertsunlight_1920x1080.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Backgrounds\01931_desertsunlight_1920x1080.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2e791fc1-9c6c-11e1-a029-001a80a16c0c}\Shell - "" = AutoRun
O33 - MountPoints2\{2e791fc1-9c6c-11e1-a029-001a80a16c0c}\Shell\AutoRun\command - "" = G:\Startme.exe
O33 - MountPoints2\{6efccb36-b201-11df-ab86-001a80a16c0c}\Shell - "" = AutoRun
O33 - MountPoints2\{6efccb36-b201-11df-ab86-001a80a16c0c}\Shell\AutoRun\command - "" = G:\unlock.exe autoplay=true
O33 - MountPoints2\{d3ef968c-e66a-11df-8a69-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d3ef968c-e66a-11df-8a69-806e6f6e6963}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\{d3ef968c-e66a-11df-8a69-806e6f6e6963}\Shell\directx\command - "" = F:\DirectX9\dxsetup.exe
O33 - MountPoints2\{d3ef968c-e66a-11df-8a69-806e6f6e6963}\Shell\setup\command - "" = F:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/29 22:19:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2013/01/29 20:15:03 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/01/29 19:48:16 | 000,000,000 | ---D | C] -- C:\Users\David\Desktop\RK_Quarantine
[2013/01/29 18:40:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
[2013/01/26 18:27:40 | 000,000,000 | ---D | C] -- C:\Users\David\Documents\AstraZeneca Employment
[2013/01/25 15:41:52 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\WinZip
[2013/01/25 15:41:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2013/01/25 15:40:52 | 000,000,000 | ---D | C] -- C:\Users\David\Documents\Add-in Express
[2013/01/25 15:40:30 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2013/01/25 15:40:10 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2013/01/25 15:38:20 | 000,026,984 | ---- | C] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2013/01/25 15:38:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2013/01/24 11:09:17 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\Programs
[2013/01/21 19:11:15 | 000,000,000 | ---D | C] -- C:\Users\David\Documents\Sony
[2013/01/20 13:42:06 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/01/20 13:42:06 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/01/20 13:42:06 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/01/19 10:24:08 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/01/16 11:18:56 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\RealNetworks
[2013/01/16 11:18:04 | 000,000,000 | ---D | C] -- C:\Program Files\RealNetworks
[2013/01/16 11:17:59 | 000,000,000 | ---D | C] -- C:\ProgramData\RealNetworks
[2013/01/16 11:17:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2013/01/16 11:17:37 | 000,201,424 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2013/01/16 11:17:20 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2013/01/16 11:17:20 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2013/01/16 11:17:19 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
[2013/01/16 11:17:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
[2013/01/16 11:12:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2013/01/09 12:39:37 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/01/09 12:38:55 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2013/01/09 12:38:55 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013/01/09 12:38:51 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2013/01/09 12:38:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/01/09 12:38:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2013/01/09 12:38:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/01/09 12:38:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2013/01/09 12:38:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2013/01/09 12:38:47 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2013/01/09 12:38:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/01/09 12:38:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2013/01/09 12:38:46 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2013/01/09 12:38:46 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2013/01/09 12:38:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/01/09 12:38:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2013/01/09 12:38:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/09 12:38:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2013/01/09 12:38:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2013/01/09 12:38:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2013/01/09 12:38:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2013/01/09 12:38:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2013/01/09 12:38:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2013/01/09 12:38:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2013/01/09 12:38:42 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2013/01/09 12:38:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2013/01/09 12:38:41 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2013/01/09 12:38:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2013/01/09 12:38:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/01/09 12:38:38 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2013/01/09 12:38:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2013/01/09 12:37:43 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\System32\oflc-nz.rs
[2013/01/09 12:37:43 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\System32\csrr.rs
[2013/01/09 12:37:42 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\System32\fpb.rs
[2013/01/09 12:37:42 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\System32\cob-au.rs
[2013/01/09 12:37:41 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\System32\pegibbfc.rs
[2013/01/09 12:37:41 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\System32\usk.rs
[2013/01/09 12:37:41 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\System32\djctq.rs
[2013/01/09 12:37:40 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\System32\grb.rs
[2013/01/09 12:37:39 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi-pt.rs
[2013/01/09 12:37:39 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi.rs
[2013/01/09 12:37:38 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2013/01/09 12:37:36 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wpc.dll
[2013/01/09 12:37:24 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\System32\esrb.rs
[2013/01/09 12:37:21 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi-fi.rs
[2013/01/09 12:37:20 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\System32\oflc.rs
[2013/01/09 12:37:19 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\System32\cero.rs
[2013/01/09 12:36:32 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2013/01/09 12:36:28 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
[2013/01/04 18:26:13 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\ElevatedDiagnostics
[2012/01/16 17:22:16 | 000,293,736 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesOutlookAddIn.dll
[2012/01/16 17:22:12 | 000,421,736 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesHelper.exe
[2012/01/16 17:22:12 | 000,403,304 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesAdmin.dll
[2012/01/16 17:22:12 | 000,156,520 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesHelper.dll
[2012/01/16 17:22:12 | 000,124,776 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesMiniPlayer.dll
[2012/01/16 17:22:08 | 009,777,000 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunes.exe
[2012/01/16 17:22:04 | 020,868,968 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunes.dll
[2012/01/16 17:22:02 | 003,035,520 | ---- | C] (Gracenote, Inc.) -- C:\Program Files\gnsdk_dsp.dll
[2012/01/16 17:22:02 | 002,010,984 | ---- | C] (Apple Inc.) -- C:\Program Files\iPodUpdaterExt.dll
[2012/01/16 17:22:02 | 000,803,200 | ---- | C] (Gracenote, Inc.) -- C:\Program Files\gnsdk_sdkmanager.dll
[2012/01/16 17:22:02 | 000,287,104 | ---- | C] (Gracenote, Inc.) -- C:\Program Files\gnsdk_submit.dll
[2012/01/16 17:22:02 | 000,246,144 | ---- | C] (Gracenote, Inc.) -- C:\Program Files\gnsdk_musicid.dll
[2011/11/14 20:16:44 | 000,112,488 | ---- | C] (Apple Inc.) -- C:\Program Files\ITDetector.ocx
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/30 08:20:17 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/30 08:20:02 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/30 08:17:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/30 08:15:16 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/29 22:19:12 | 000,002,004 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013/01/29 22:19:12 | 000,002,004 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2013/01/29 19:48:54 | 000,015,616 | ---- | M] () -- C:\Windows\System32\drivers\TrueSight.sys
[2013/01/29 17:17:38 | 000,009,728 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/29 17:17:38 | 000,009,728 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/29 17:04:31 | 000,041,799 | ---- | M] () -- C:\Users\David\AppData\Roaming\nvModes.001
[2013/01/29 17:03:24 | 1609,375,744 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/29 16:59:11 | 000,000,115 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013/01/29 15:36:26 | 000,086,586 | ---- | M] () -- C:\Users\David\Desktop\ideaTraX expanded item.png
[2013/01/29 14:45:56 | 000,063,511 | ---- | M] () -- C:\Users\David\Desktop\ideaTraX TB.png
[2013/01/29 10:52:00 | 000,000,820 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2013/01/28 18:18:30 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2013/01/26 18:18:16 | 000,639,696 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/01/26 18:18:16 | 000,115,078 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/01/25 15:41:22 | 000,002,281 | ---- | M] () -- C:\Users\Public\Desktop\WinZip.lnk
[2013/01/25 15:37:52 | 000,026,984 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2013/01/25 09:10:20 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Scan (weekly scan).job
[2013/01/24 11:44:33 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/20 13:47:29 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/01/20 13:47:29 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/01/20 13:47:14 | 015,739,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe
[2013/01/20 13:30:53 | 000,002,205 | ---- | M] () -- C:\Users\David\Desktop\Google Chrome.lnk
[2013/01/20 13:27:36 | 000,007,605 | ---- | M] () -- C:\Users\David\AppData\Local\Resmon.ResmonCfg
[2013/01/19 11:25:19 | 000,000,963 | ---- | M] () -- C:\Users\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/01/16 11:18:16 | 000,001,016 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2013/01/16 11:17:37 | 000,201,424 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2013/01/16 11:17:20 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2013/01/16 11:17:20 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2013/01/16 11:17:19 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
[2013/01/12 03:30:20 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/01/12 03:26:16 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/01/12 03:24:49 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/01/11 10:12:15 | 000,001,049 | ---- | M] () -- C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/01/11 10:09:46 | 000,001,017 | ---- | M] () -- C:\Users\David\Desktop\Dropbox.lnk
[2013/01/11 09:59:01 | 000,484,480 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/29 22:19:12 | 000,002,004 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2013/01/29 19:48:53 | 000,015,616 | ---- | C] () -- C:\Windows\System32\drivers\TrueSight.sys
[2013/01/29 16:58:45 | 000,000,115 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013/01/29 14:51:52 | 000,086,586 | ---- | C] () -- C:\Users\David\Desktop\ideaTraX expanded item.png
[2013/01/29 14:44:12 | 000,063,511 | ---- | C] () -- C:\Users\David\Desktop\ideaTraX TB.png
[2013/01/25 15:41:22 | 000,002,281 | ---- | C] () -- C:\Users\Public\Desktop\WinZip.lnk
[2013/01/24 11:44:33 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/20 13:38:04 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/20 13:27:36 | 000,007,605 | ---- | C] () -- C:\Users\David\AppData\Local\Resmon.ResmonCfg
[2013/01/16 11:18:16 | 000,001,016 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2013/01/11 10:12:15 | 000,001,049 | ---- | C] () -- C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/01/02 09:14:03 | 000,001,145 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk
[2012/01/27 19:49:01 | 000,021,924 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2011/11/14 20:15:32 | 000,064,083 | ---- | C] () -- C:\Program Files\Acknowledgements.rtf
[2011/04/30 07:27:36 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/04/30 07:27:36 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2010/01/30 10:11:12 | 000,025,773 | ---- | C] () -- C:\Users\David\AppData\Roaming\UserTile.png
[2009/12/08 21:14:18 | 000,000,255 | ---- | C] () -- C:\Users\David\SyncDocs.conf
[2009/03/13 16:51:59 | 000,003,272 | ---- | C] () -- C:\Users\David\TutorialOpen.xba
[2008/10/22 14:33:00 | 000,001,414 | ---- | C] () -- C:\Users\David\AppData\Roaming\wklnhst.dat
[2008/10/04 21:22:58 | 000,041,799 | ---- | C] () -- C:\Users\David\AppData\Roaming\nvModes.dat
[2008/10/04 21:22:58 | 000,041,799 | ---- | C] () -- C:\Users\David\AppData\Roaming\nvModes.001

========== ZeroAccess Check ==========

[2009/07/14 04:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 12:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 01:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/01/27 19:19:54 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\AVG10
[2012/01/27 19:19:54 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\calibre
[2012/01/27 19:19:54 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Canon
[2012/01/27 19:19:54 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\CD-LabelPrint
[2012/01/27 19:19:55 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Chilirec
[2012/01/27 19:19:57 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/01/27 19:19:57 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\DriverCure
[2013/01/29 17:06:13 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Dropbox
[2012/05/12 18:11:29 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\GARMIN
[2012/09/23 15:03:59 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\ICAClient
[2012/01/27 19:19:57 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\InterVideo
[2012/02/05 12:47:10 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\IsolatedStorage
[2012/01/27 19:20:06 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\MessengerGadget
[2012/01/27 19:20:23 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\OpenOffice.org
[2010/01/30 10:11:11 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\PeerNetworking
[2013/01/16 13:53:33 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\PrimoPDF
[2012/02/14 17:34:40 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Quo2
[2012/05/18 17:33:15 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Sony
[2012/02/05 12:44:29 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Symyx
[2012/01/31 18:14:44 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\SystemRequirementsLab
[2012/01/27 19:20:43 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Teleca
[2012/01/27 19:20:43 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Template
[2013/01/29 13:06:13 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\webex
[2012/03/06 11:28:41 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Windows Live Writer
[2012/01/27 19:20:43 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\wsInspector

========== Purity Check ==========

< End of report >


----------



## STIG_DH (Jan 25, 2013)

.....from last message, her is the Extras log file (NB I thought the last file hadn't been sent until I previewed the forum)

David

*Extras log file*

OTL Extras logfile created on: 30/01/2013 08:30:07 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\David\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 0.77 Gb Available Physical Memory | 38.64% Memory free
4.00 Gb Paging File | 1.79 Gb Available in Paging File | 44.91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 454.80 Gb Total Space | 304.50 Gb Free Space | 66.95% Space Free | Partition Type: NTFS

Computer Name: DAVID-PC | User Name: David | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3695665762-3537947497-2156790703-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ALDI Print Software] -- "C:\Program Files\ALDI\ALDI Print Software\ALDI Print Software.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{311365CF-67BF-4D23-8D6C-B1A4CA14EB27}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{398280C6-4487-4408-AE8F-2E90FE0270CB}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{C4693104-1DC7-48EC-ACAC-FF713AACAA38}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{CCB0B16E-0B84-4828-B255-DD575220022B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{CCD57AD8-32DC-403C-8C0D-DCD1DD6060AF}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00E915A2-12EF-4B68-8932-903B490626CE}" = protocol=6 | dir=in | app=c:\program files\avg\avg8\avgui.exe | 
"{05A892CA-25AC-4F9A-A40C-49705CC4B7E1}" = protocol=6 | dir=in | app=c:\program files\hobbyist software\off-helper\off-service.exe | 
"{1459C366-1DE7-4539-9402-6D11A23E41DD}" = protocol=17 | dir=in | app=c:\program files\pure flow server\twonkymediaserver.exe | 
"{149806A8-F15E-4A92-AC83-25430D4732D2}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3.exe | 
"{151831E5-517C-49C1-97D1-9BC8AEF3ECFE}" = protocol=6 | dir=in | app=c:\program files\hobbyist software\off-helper\mdnsresponder.exe | 
"{1B31C503-B58F-405B-81CC-02FFEDB2829F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{1E6C1969-69C7-4F1A-8DCE-330926F648CA}" = protocol=6 | dir=in | app=c:\program files\pure flow server\twonkymediaserverwatchdog.exe | 
"{1EE03891-0A61-4940-9164-8BD6F38013D6}" = protocol=17 | dir=in | app=c:\program files\hobbyist software\off-helper\dnssd-hobbyist.dll | 
"{1F41A23A-31E0-49CA-9C09-E8BD9AF03F96}" = protocol=6 | dir=in | app=c:\program files\mypoi manager\mypoimanager.exe | 
"{1FCA5921-DD70-4F81-B300-964CBE7FFD3C}" = protocol=17 | dir=in | app=c:\program files\hobbyist software\off-helper\off-service.exe | 
"{215CF163-2C7A-4777-BA0B-FB43EDA7AC3F}" = dir=in | app=c:\program files\itunes.exe | 
"{26B5B3F8-6FB2-4A9E-AFF7-42766C20ACC5}" = protocol=6 | dir=in | app=c:\program files\hobbyist software\off-helper\off-service.exe | 
"{28A7C33C-8963-486F-B3E8-8BEACA3C9949}" = protocol=6 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 complete\warlords\civ4warlords.exe | 
"{29C6D6BB-7B12-4024-94DB-253EC49AD41E}" = protocol=17 | dir=in | app=c:\program files\mypoi manager\mypoimanager.exe | 
"{29EAEBC7-D1B5-4D2B-BD1F-A877BF469782}" = protocol=17 | dir=in | app=c:\program files\hobbyist software\off-helper\mdnsresponder.exe | 
"{2BFF40E5-4113-431F-97F3-030354A5B8A0}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{2C1AC17D-7527-42B0-A218-63A444D1E552}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe | 
"{2FAB14B7-4CE3-45B4-9D72-B85ECF41BC4E}" = protocol=17 | dir=in | app=c:\program files\hobbyist software\off-helper\off-helper service.exe | 
"{30884741-33D0-4DBE-A3D4-E62B3EFD37B7}" = protocol=17 | dir=in | app=c:\program files\kontiki\kservice.exe | 
"{309C0AF1-7AC5-4B31-8E7B-347894F9BAED}" = protocol=6 | dir=in | app=c:\program files\sony\vaio media 6.0\vc.exe | 
"{35FABDF1-E1BB-4DF4-A154-E1ADD62E92BC}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3.exe | 
"{362690FC-CF53-4C91-86DD-B9F9F0781156}" = protocol=17 | dir=in | app=c:\program files\hobbyist software\off-helper\off-helper service.exe | 
"{366DAFE5-42C9-482A-A029-DFFF0147A1CB}" = protocol=17 | dir=in | app=c:\program files\avg\avg8\avgui.exe | 
"{36F6BFA1-1C2B-4A9D-81A0-8618A8AFC162}" = protocol=17 | dir=in | app=c:\program files\pure flow server\twonkymediaserverwatchdog.exe | 
"{38DC32F9-C975-49C4-B645-B5A107124D2C}" = protocol=17 | dir=in | app=c:\program files\hobbyist software\off-helper\off-service.exe | 
"{3F3E2937-561A-49AC-B429-32D7DBBB7C3F}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe | 
"{448B343F-C2DC-46A2-9DEB-E71524F862EE}" = protocol=6 | dir=in | app=c:\program files\hobbyist software\off-helper\mdnsresponder.exe | 
"{45B0BA67-D8FC-4083-BECF-4B8AA318D361}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | 
"{4C941601-63F3-4E42-A6B6-F1AC0EE553AD}" = protocol=6 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 complete\civilization4.exe | 
"{5197B009-C863-423C-8988-DBCFD55542E8}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{5722979B-AFBE-463E-B654-B18F00119DE8}" = protocol=17 | dir=in | app=c:\program files\hobbyist software\off-helper\mdnsresponder.exe | 
"{5ACF307F-7312-402E-9CF1-6CA7210E4FD1}" = protocol=17 | dir=in | app=c:\program files\hobbyist software\off-helper\off-helper service.exe | 
"{61694D64-CA91-49BF-8C18-EF82A0564466}" = protocol=6 | dir=in | app=c:\program files\google\google talk\googletalk.exe | 
"{66F63341-8BD2-445E-8A8D-AB7FF29E9552}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{67D9CEC1-DE66-43EC-ADEB-7F3323F63CAD}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{6DD80D18-C108-4CA5-A087-F3E0E707B158}" = protocol=6 | dir=in | app=c:\program files\google\google talk\googletalk.exe | 
"{70EF14E3-06EA-4408-8777-9944219095FC}" = protocol=6 | dir=in | app=c:\program files\hobbyist software\off-helper\dnssd-hobbyist.dll | 
"{71356CE1-616B-4BF7-9CBF-BB0E749E1990}" = protocol=6 | dir=in | app=c:\program files\hobbyist software\off-helper\dnssd-hobbyist.dll | 
"{7412C683-1FBC-4A03-AB4B-663711D7DD1B}" = protocol=6 | dir=in | app=c:\program files\pure flow server\twonkymediaserver.exe | 
"{747CA8DE-DF18-4D8B-9842-88DB892BDEE5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{7F59DF89-C0DA-4D44-A288-7919352D73FE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{87688660-F09F-4E80-97F1-E889E73D843D}" = protocol=6 | dir=in | app=c:\users\david\appdata\roaming\dropbox\bin\dropbox.exe | 
"{9108BD2A-C51D-4A2F-BBAB-6D6E5E605A78}" = protocol=17 | dir=in | app=c:\program files\sony\vaio media 6.0\vc.exe | 
"{9282580D-10F4-4E9B-88A0-810108B4B649}" = protocol=17 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 complete\civilization4.exe | 
"{957946A2-8279-4542-955E-8BD1E16C5ACF}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{9618A8AA-A97A-46C5-9A1A-492625388188}" = protocol=17 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 complete\warlords\civ4warlords.exe | 
"{9643EA54-BA96-4C92-A6DF-C55328605CC1}" = protocol=17 | dir=in | app=c:\program files\google\google talk\googletalk.exe | 
"{9B77A897-43D4-4057-B5FF-9ADF0720EF98}" = protocol=17 | dir=in | app=c:\program files\hobbyist software\off-helper\dnssd-hobbyist.dll | 
"{9D296C15-3639-4EE9-BCAB-60D3F1C7F38A}" = protocol=6 | dir=in | app=c:\program files\hobbyist software\off-helper\mdnsresponder.exe | 
"{9DCF4D93-14E7-4258-84DD-1DB8D4CA9CAC}" = dir=in | app=c:\program files\avg\avg8\avgemc.exe | 
"{9EF67701-E00F-4CB4-9711-4A9E40A19133}" = protocol=17 | dir=in | app=c:\users\david\appdata\roaming\dropbox\bin\dropbox.exe | 
"{9FB96FF6-E7BE-47B4-BFED-E13EB605CB10}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe | 
"{A0B2C033-2704-4A4B-8DA5-CC0F685FBE86}" = protocol=17 | dir=in | app=c:\program files\hobbyist software\off-helper\off-service.exe | 
"{A21305EA-4013-4BB5-9B49-68806A5AFEB1}" = protocol=17 | dir=in | app=c:\program files\hobbyist software\off-helper\mdnsresponder.exe | 
"{A22D1D73-48D3-4F9D-BB9A-FC93203FCDDB}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{A8DE72A5-D43F-44A6-8CA5-E66A13A0BF33}" = protocol=6 | dir=in | app=c:\program files\kontiki\kservice.exe | 
"{A914EB8D-1719-40CB-81B7-DA59D1A4BE48}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{AB8BDFDE-BBEB-4254-94E6-57D4E4708964}" = protocol=6 | dir=in | app=c:\program files\hobbyist software\off-helper\off-helper.exe | 
"{B1F14093-FB9F-4C78-9C98-26189FAC8D26}" = protocol=6 | dir=in | app=c:\program files\hobbyist software\off-helper\off-service.exe | 
"{B5CB8AF1-FE93-4DA1-AB10-364393E1335C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{B72F73E5-D899-4C69-B684-3B6B0CC03B92}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{BC570BF0-F575-43E0-A98D-F069963D92BA}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{C7682AC9-F1DA-4713-BB0D-71B7F6A44F95}" = protocol=17 | dir=in | app=c:\program files\google\google talk\googletalk.exe | 
"{C85DECE7-40B7-423A-AA1B-BC6D01880E8B}" = protocol=6 | dir=in | app=c:\program files\hobbyist software\off-helper\off-helper service.exe | 
"{C8DBF332-C873-4223-8FBE-E45A05466C13}" = protocol=17 | dir=in | app=c:\program files\hobbyist software\off-helper\dnssd-hobbyist.dll | 
"{C91505A9-ADD3-45E7-81B5-AEAE9CD2FD76}" = protocol=17 | dir=in | app=c:\program files\kontiki\kservice.exe | 
"{CB6F00EB-62D4-41E9-B1E1-D7A508AA8A18}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{CC8F4626-98B8-4EC9-85C2-A47BB9F517C2}" = protocol=17 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 complete\beyond the sword\civ4beyondsword.exe | 
"{CE2E4332-1CA4-4931-8BA8-D47DC2050D6E}" = protocol=6 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 complete\beyond the sword\civ4beyondsword.exe | 
"{D5D80D56-80C3-4282-9512-74D62316F500}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{E04ED4BA-5ADB-4448-9785-ACE194F13BD3}" = protocol=17 | dir=in | app=c:\program files\hobbyist software\off-helper\off-helper.exe | 
"{E67FA325-74A5-47AE-9A63-66852F66A967}" = protocol=6 | dir=in | app=c:\program files\hobbyist software\off-helper\off-helper service.exe | 
"{ED88AB7C-6596-4786-A75D-D431065A397F}" = protocol=6 | dir=in | app=c:\program files\kontiki\kservice.exe | 
"{F32B7AC8-9ED0-40D4-BB2D-07473B510249}" = protocol=6 | dir=in | app=c:\program files\hobbyist software\off-helper\off-helper service.exe | 
"{F79CC313-8439-4C5F-8A5C-5DCF93E1B55D}" = protocol=6 | dir=in | app=c:\program files\hobbyist software\off-helper\dnssd-hobbyist.dll | 
"TCP Query User{03939541-A96A-4E75-8DE6-13853A551263}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{06B56D3A-7944-47B2-ABA2-A525C9C70D9D}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{16FBD14B-0AAB-4693-A4A3-A9488D45BBF1}C:\program files\air mouse\air mouse\air mouse.exe" = protocol=6 | dir=in | app=c:\program files\air mouse\air mouse\air mouse.exe | 
"TCP Query User{18D6B6C7-6CEA-45E2-B96C-29586327D088}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"TCP Query User{25783026-D868-4DF4-BDA2-9A6E96077DA8}C:\program files\air mouse\air mouse\mobile mouse service.exe" = protocol=6 | dir=in | app=c:\program files\air mouse\air mouse\mobile mouse service.exe | 
"TCP Query User{36AC178C-4323-4DB9-8E91-BDAB2D204821}C:\program files\air mouse\air mouse\mobile mouse service.exe" = protocol=6 | dir=in | app=c:\program files\air mouse\air mouse\mobile mouse service.exe | 
"TCP Query User{3E93A6C3-A4D0-4DD3-9A7F-B25DD21D462F}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{449C1DE3-43E0-4BDB-9489-6072B6172147}C:\users\david\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\david\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{5122B36D-9417-466B-A934-07E6EA4B09AA}C:\program files\air mouse\air mouse\air mouse.exe" = protocol=6 | dir=in | app=c:\program files\air mouse\air mouse\air mouse.exe | 
"TCP Query User{5EDADD60-D0F9-451A-BCD2-45E7144A936A}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
"TCP Query User{60CCB461-C7B3-40FB-BE3E-26A1B83548CE}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{79C1C661-1CC7-409E-96CF-6A5D0817F4BF}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{8584E797-B6E4-4C6F-A24B-C42CB196D7BF}C:\program files\hobbyist software\off-helper\off-helper.exe" = protocol=6 | dir=in | app=c:\program files\hobbyist software\off-helper\off-helper.exe | 
"TCP Query User{979C5985-4D22-45AC-A934-5F16C8D9E9E4}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{A2AF443F-E761-48FE-BF84-03EB35C44CC4}C:\users\david\downloads\hfs.exe" = protocol=6 | dir=in | app=c:\users\david\downloads\hfs.exe | 
"TCP Query User{B2C90EAA-D328-445F-B44E-06E5A480E591}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{E90CEA1F-8B52-4345-86BD-96635868AADD}C:\users\david\downloads\hfs.exe" = protocol=6 | dir=in | app=c:\users\david\downloads\hfs.exe | 
"TCP Query User{EB59609F-76DE-4DF4-8826-1F40EDBEF8F9}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{EEC0E7AF-16CD-4E5F-810B-A7509EF71F70}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{0EC7FD5C-DFB3-4232-A8F9-467C8EF50D66}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{1C6974CF-E316-4A57-A943-E79DC0C27910}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{1D4DE177-A2D2-46CF-BA2C-45F82C2A858C}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"UDP Query User{38A5A7C8-802E-4F8E-86BD-A8AD632ED35C}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{52DB13BF-0936-49CA-BE43-753D629F5B92}C:\program files\air mouse\air mouse\air mouse.exe" = protocol=17 | dir=in | app=c:\program files\air mouse\air mouse\air mouse.exe | 
"UDP Query User{6CF77519-6C73-4BE0-9871-A8577AC6A271}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
"UDP Query User{92074D48-00D0-4E02-A267-7F5462674A16}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{A104D1BC-7767-46A0-8B49-CC51F2251CF1}C:\users\david\downloads\hfs.exe" = protocol=17 | dir=in | app=c:\users\david\downloads\hfs.exe | 
"UDP Query User{A315184F-B1DF-4AE9-9742-8C64A1247CA5}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{B072756C-09E8-41A6-8456-0E4FAD0E5E51}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"UDP Query User{B911A916-C7C2-4C33-B3E2-26C15F8604C0}C:\program files\air mouse\air mouse\air mouse.exe" = protocol=17 | dir=in | app=c:\program files\air mouse\air mouse\air mouse.exe | 
"UDP Query User{C989F439-D386-4FDF-B9EF-32F571B0A5E3}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"UDP Query User{D4331884-5B50-4EB5-95C2-26D507778D59}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{E1B5B280-6E45-4762-9BC9-119F40942E40}C:\program files\air mouse\air mouse\mobile mouse service.exe" = protocol=17 | dir=in | app=c:\program files\air mouse\air mouse\mobile mouse service.exe | 
"UDP Query User{E562642E-5147-4C3E-A8D6-92F526923C0B}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{EBAB5CBB-3514-4550-AF8F-77A514FE76DF}C:\program files\air mouse\air mouse\mobile mouse service.exe" = protocol=17 | dir=in | app=c:\program files\air mouse\air mouse\mobile mouse service.exe | 
"UDP Query User{F31163B9-4735-4661-80EA-D52339C36428}C:\program files\hobbyist software\off-helper\off-helper.exe" = protocol=17 | dir=in | app=c:\program files\hobbyist software\off-helper\off-helper.exe | 
"UDP Query User{F3DD9B62-3A12-4CC9-812A-75F00EF59500}C:\users\david\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\david\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{FF9D71AF-CA66-4FB6-9278-A74222E0B814}C:\users\david\downloads\hfs.exe" = protocol=17 | dir=in | app=c:\users\david\downloads\hfs.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{009E7FB7-1775-4D89-8956-F5C9A1C019FC}" = DSD Playback Plug-in
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
"{021AD585-5EEE-4B58-83BC-0AC86008EBC8}" = VAIO Media Registration Tool
"{023D64D7-E7B4-47C7-BE6E-B7C2E8960D08}" = Citrix online plug-in (Web)
"{065DBB54-6E55-A609-2E1E-F0617E827D53}" = Media Go Video Playback Engine 1.96.112.08260
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{07D8511D-C9FE-4A93-933F-EAA5C8F20095}" = IDT Audio
"{09A84598-E18A-4E7B-A49A-E19BB8D5C648}" = AppMon Utility
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C6DB6B9-2D17-4AA5-A207-42D28BF9F434}" = MyPoi Manager
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{0FD40A50-38AB-454F-B41E-AC365E13D06D}" = calibre
"{12D0BE8D-538C-4AB1-86DE-C540308F50DA}" = VAIO Content Metadata Manager Settings
"{133F46FF-B547-4462-AEAA-2322CA89CF67}" = VAIO Database Converter Ver 1.0
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{18510937-0146-417B-95D8-14706649C384}" = VAIO Content Metadata Manager Settings
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 30
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 11
"{28549656-3CB3-44B6-9FAB-925A18DAC796}" = VAIO Movie Story
"{28AD24E2-BC9F-49B8-A20C-31C6C2D78428}" = VAIO Database Converter 1.0
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{291FB4BF-EEC7-4CF9-8469-F39ED1DBC4D8}" = VAIO Content Metadata XML Interface Library
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{2AA48AFA-79CA-4043-BFFC-BB5BA23A9FCF}" = WD SmartWare
"{2BF9702B-52EE-4841-83C4-B5E640B6C97A}" = Media Go
"{30D1F3D2-54CF-481D-A005-F94B0E98FEEC}" = Sid Meier's Civilization 4 Complete
"{328019A7-0012-401D-96A2-4CDDD02675A8}" = Garmin POI Loader
"{33017152-D6EA-46DD-93E0-7D2679CCBB51}" = Corel WinDVD
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3B659FAD-E772-44A3-B7E7-560FF084669F}" = VAIO Smart Network
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{44653096-3E44-402E-B68E-37D77240BFA8}" = Symyx Draw 4.0.100
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"{4EA55D20-27FB-45D7-8726-147E8A5F6C62}" = VAIO MusicBox
"{500162A0-4DD5-460A-BAFD-895AAE48C532}" = VAIO Media Content Collection 6.0
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{516EF56A-048B-4AED-9906-1366639ACEEE}" = Garmin BaseCamp
"{533D0A8A-D7E7-4F15-BC9E-FF2916A6BAA7}" = DSD Direct Player
"{560F6B2E-F0DF-44E5-8190-A4A161F0E205}" = VAIO Media 6.0
"{56345504-DE57-4528-A18B-A567D1E52928}" = ArcSoft Magic-i Visual Effects
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}" = VAIO Media Redistribution 6.0
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{6332AFF1-9D9A-429C-AA03-F82749FA4F49}" = SonicStage Mastering Studio
"{63A6E9A9-A190-46D4-9430-2DB28654AFD8}" = Norton 360
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6C1EC809-88C6-4111-A6E0-0C6E203B3818}" = VAIO Movie Story 1.3 Upgrade
"{6D2576EC-A0E9-418A-A09A-409933A3B6F4}" = VAIO Camera Capture Utility
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6F8EAC65-314D-4D86-9557-BC9312AACCB0}" = Citrix online plug-in (USB)
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{785EB1D4-ECEC-4195-99B4-73C47E187721}" = VAIO Media Integrated Server 6.1
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A21C722-F259-4976-B7AA-6658E5FDEDAF}" = Google Drive
"{7B63B2922B174135AFC0E1377DD81EC2}" = 
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7C404084-C5A6-42FF-B731-0BAC79A6E134}" = VAIO Original Function Settings
"{7D82704E-B217-4C6F-97E5-C77F30E81048}" = Quo v2
"{802889F8-6AF5-45A5-9764-CA5B999E50FC}" = VAIO Power Management
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{8144262B-25B4-44F6-8204-FCC8EF50179F}" = Citrix online plug-in (DV)
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{82D5BACA-3619-4D34-99DB-3A65CFB4DA33}" = DSD Direct
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{895FE43E-71C2-4FEA-94EF-B88D111495FC}" = Mobile Mouse Server
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{912B04B3-7C7C-4929-AE68-EC2A4CCB4E73}" = Microsoft Mouse and Keyboard Center
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95229EF6-F4A1-413A-BA50-668311FAFE19}" = VAIO Original Function Settings
"{98FC7A64-774B-49B5-B046-4B4EBC053FA9}" = VAIO MusicBox Sample Music
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD8B556-A69C-486E-92C1-4AA821DE13A0}" = .NET Utilities
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C1C8A04-F8CA-4472-A92D-4288CE32DE86}" = SonicStage Mastering Studio Plugins
"{9D12A8B5-9D41-4465-BF11-70719EB0CD02}" = VU5x86
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9D8BAA74-5B7D-11E2-8273-984BE15F174E}" = Evernote v. 4.6.1
"{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}" = VAIO Update
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3563827-B0DB-44DC-B037-15CC4E5E692F}" = VAIO Content Metadata XML Interface Library
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{ABA5E381-EC46-425C-86C5-5CD15BBFB4BF}" = Garmin USB Drivers
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.5)
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}" = RealDownloader
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 6.0
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story
"{B3668C08-EBB1-40F4-B4F9-4F8E13501A7D}" = VAIO Entertainment Platform
"{B3C9A441-C34D-40F3-9D3B-00EDDDAC74F1}" = Garmin Communicator Plugin
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{B66AD8F4-0951-407E-807F-C300F6970B5A}" = VAIO Media
"{B7FB0C86-41A4-4402-9A33-912C462042A0}" = Roxio Easy Media Creator Home
"{C01408FC-117C-44B7-8B0C-17794E526A01}" = Disc2Phone
"{C0482AA0-9CDF-49B4-9B39-551FD1A7A7E6}" = VAIO Movie Story 1.5 Upgrade
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240D8}" = WinZip 17.0
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF0F8D1B-5FB9-468D-BD88-E6239906D2B7}" = Click to Disc
"{D17111CB-C992-42A9-9D56-C19395102AAA}" = Garmin WebUpdater
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF0415CC-0563-407F-B560-9B7F277122C5}" = VAIO BD Menu Data
"{DF7DB916-90E5-40F2-9010-B8125EB5FD6F}" = SonicStage Mastering Studio Audio Filter
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E66BB7B9-EC7B-45A6-B479-AD43A9B32AA0}" = SonicStage Mastering Studio
"{E7C97E98-4C2D-BEAF-5D2F-CC45A2F95D90}" = Acrobat.com
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype 6.0
"{EA74A293-3FAC-4D1B-AE3A-3BD47FADDC20}" = Citrix online plug-in (HDX)
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EC37A846-53AC-4DA7-98FA-76A4E74AA900}" = SonicStage Mastering Studio Audio Filter Custom Preset
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.115
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" = 
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"{F88A7EB0-90F4-4012-9194-33AF2F1C5BF1}" = VAIO Movie Story 1.5 Upgrade
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"98157A226B40B173301B0F53C8E98C47805D5152" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"ActiveTouchMeetingClient" = Cisco WebEx Meetings
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ALDI Print Software" = ALDI Print Software
"Atlantis - Sky Patrol" = Atlantis - Sky Patrol (remove only)
"avast" = avast! Free Antivirus
"Big Fish Games Center" = Big Fish Games Center
"Big Fish Games Sudoku" = Big Fish Games Sudoku (remove only)
"Browser Defender_is1" = Browser Defender 2.0.6.15
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module
"CanonMyPrinter" = Canon My Printer
"CCleaner" = CCleaner
"CitrixOnlinePluginPackWeb" = Citrix online plug-in - web
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"DPP" = Canon Utilities Digital Photo Professional 3.5
"dt icon module" = 
"ENTERPRISER" = Microsoft Office Enterprise 2007
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"gtfirstboot Setting Request" = 
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"Kobo" = Kobo
"Mahjong Towers Eternity" = Mahjong Towers Eternity (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"MarketingTools" = Vaio Marketing Tools
"McAfee Security Scan" = McAfee Security Scan Plus
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Metalogic Finance Explorer_is1" = Metalogic Finance Explorer 4.0.1
"MFU Module" = 
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Mozilla Firefox 18.0.1 (x86 en-GB)" = Mozilla Firefox 18.0.1 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"Mystery Case Files - Prime Suspects" = Mystery Case Files - Prime Suspects (remove only)
"NVIDIA Drivers" = NVIDIA Drivers
"Off-Helper_is1" = Off-Helper 3.03
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-15-19-01
"PhotoStitch" = Canon Utilities PhotoStitch
"Picasa 3" = Picasa 3
"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
"ProcessQuickLink 2_is1" = Uniblue ProcessQuickLink 2
"PS3 Media Server" = PS3 Media Server
"Rapport_msi" = Rapport
"RealPlayer 16.0" = RealPlayer
"RemoteCaptureDC" = Canon Utilities RemoteCapture DC
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Revo Uninstaller" = Revo Uninstaller 1.92
"Shockwave" = Shockwave
"Sierra Utilities" = Sierra Utilities
"SystemRequirementsLab" = System Requirements Lab
"TwonkyMediaPURE Flow Server" = PURE Flow Server
"Update Engine" = Sony Ericsson Update Engine
"VAIO Help and Support" = 
"VAIO_My Club VAIO" = My Club VAIO
"VAIO_Photoshop" = 
"VAIO_Premiere" = 
"VAIO_Standard" = 
"Virtual Villagers" = Virtual Villagers (remove only)
"WinLiveSuite" = Windows Live Essentials
"YTdetect" = Yahoo! Detect
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3695665762-3537947497-2156790703-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 28/01/2013 06:02:17 | Computer Name = David-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6006

Error - 28/01/2013 06:02:17 | Computer Name = David-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6006

Error - 28/01/2013 06:02:18 | Computer Name = David-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 28/01/2013 06:02:18 | Computer Name = David-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7004

Error - 28/01/2013 06:02:18 | Computer Name = David-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7004

Error - 29/01/2013 15:50:34 | Computer Name = David-PC | Source = Application Error | ID = 1000
Description = Faulting application name: RogueKiller.exe, version: 8.4.3.0, time
stamp: 0x510543c1 Faulting module name: RogueKiller.exe, version: 8.4.3.0, time 
stamp: 0x510543c1 Exception code: 0xc0000417 Fault offset: 0x001162c7 Faulting process
id: 0x16c4 Faulting application start time: 0x01cdfe5994db88b4 Faulting application
path: C:\Users\David\Downloads\RogueKiller.exe Faulting module path: C:\Users\David\Downloads\RogueKiller.exe
Report
Id: 248fa927-6a4d-11e2-a796-001a80a16c0c

Error - 29/01/2013 16:08:21 | Computer Name = David-PC | Source = SignInAssistant | ID = 0
Description =

Error - 29/01/2013 16:08:35 | Computer Name = David-PC | Source = SignInAssistant | ID = 0
Description =

Error - 29/01/2013 16:08:36 | Computer Name = David-PC | Source = SignInAssistant | ID = 0
Description =

Error - 29/01/2013 16:08:37 | Computer Name = David-PC | Source = SignInAssistant | ID = 0
Description =

Error - 29/01/2013 16:08:39 | Computer Name = David-PC | Source = SignInAssistant | ID = 0
Description =

Error - 29/01/2013 16:14:00 | Computer Name = David-PC | Source = SignInAssistant | ID = 0
Description =

[ Media Center Events ]
Error - 21/03/2011 01:31:53 | Computer Name = David-PC | Source = Recording | ID = 19
Description = The recording schedule has been corrupted and was automatically deleted
on 03/21/2011 05:31:53. You may need to reschedule your recordings.

Error - 21/03/2011 01:31:55 | Computer Name = David-PC | Source = Recording | ID = 19
Description = The recording schedule has been corrupted and was automatically deleted
on 03/21/2011 05:31:55. You may need to reschedule your recordings.

Error - 21/03/2011 14:59:47 | Computer Name = David-PC | Source = Recording | ID = 19
Description = The recording schedule has been corrupted and was automatically deleted
on 03/21/2011 18:59:47. You may need to reschedule your recordings.

Error - 31/03/2011 15:13:42 | Computer Name = David-PC | Source = Recording | ID = 19
Description = The recording schedule has been corrupted and was automatically deleted
on 03/31/2011 20:13:42. You may need to reschedule your recordings.

Error - 31/03/2011 15:13:45 | Computer Name = David-PC | Source = Recording | ID = 19
Description = The recording schedule has been corrupted and was automatically deleted
on 03/31/2011 20:13:45. You may need to reschedule your recordings.

Error - 30/04/2011 16:27:19 | Computer Name = David-PC | Source = Recording | ID = 19
Description = The recording schedule has been corrupted and was automatically deleted
on 04/30/2011 21:27:19. You may need to reschedule your recordings.

Error - 05/05/2011 12:24:02 | Computer Name = David-PC | Source = Recording | ID = 19
Description = The recording schedule has been corrupted and was automatically deleted
on 05/05/2011 17:24:02. You may need to reschedule your recordings.

Error - 18/07/2011 16:29:00 | Computer Name = David-PC | Source = Recording | ID = 19
Description = The recording schedule has been corrupted and was automatically deleted
on 07/18/2011 21:29:00. You may need to reschedule your recordings.

Error - 04/08/2011 11:36:35 | Computer Name = David-PC | Source = Recording | ID = 19
Description = The recording schedule has been corrupted and was automatically deleted
on 08/04/2011 16:36:35. You may need to reschedule your recordings.

Error - 06/08/2011 08:27:08 | Computer Name = David-PC | Source = Recording | ID = 19
Description = The recording schedule has been corrupted and was automatically deleted
on 08/06/2011 13:27:08. You may need to reschedule your recordings.

[ OSession Events ]
Error - 09/07/2012 06:45:50 | Computer Name = David-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 98
seconds with 60 seconds of active time. This session ended with a crash.

Error - 17/07/2012 12:01:58 | Computer Name = David-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 15916
seconds with 1260 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 19/03/2009 13:34:08 | Computer Name = David-PC | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 20/03/2009 05:46:37 | Computer Name = David-PC | Source = HTTP | ID = 15016
Description =

Error - 20/03/2009 05:48:02 | Computer Name = David-PC | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 21/03/2009 08:38:52 | Computer Name = David-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 21/03/2009 08:39:00 | Computer Name = David-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 21/03/2009 08:39:03 | Computer Name = David-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 21/03/2009 08:39:06 | Computer Name = David-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 21/03/2009 08:39:09 | Computer Name = David-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 22/03/2009 06:45:43 | Computer Name = David-PC | Source = HTTP | ID = 15016
Description =

Error - 22/03/2009 06:47:04 | Computer Name = David-PC | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

< End of report >


----------



## STIG_DH (Jan 25, 2013)

Kevin

it takes a full 25 mins for the PC to settle down to allow some use from reboot. CPU usage is never above ca 10-16% but physical memory usage remains above 80% for a very long time (it still is). Firefox takes forever to launch (it has just made it).

I know the number of programmes running at start-up is critical to the above, but I have pruned many of these back. I guess there is more I should do here, but is there another underlying issue?

What can you suggest as a next diagnostic?

David


----------



## kevinf80 (Mar 21, 2006)

Re-Run







by double left click, Vista and Widows 7 users accept UAC alert.

Under the







box at the bottom, paste in the following


```
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
IE - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\..\SearchScopes\{0717AC97-BDB4-4CEB-85B7-0CA63B554F35}: "URL" = http://www.cnet.com/4244-5_1-0.html?query={searchTerms}&tag=srch&target=nw
IE - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
FF - prefs.js..extensions.enabledItems: {5c8bfb7c-9a54-11dc-8314-0800200c9a66}:3.6.7
O3 - HKLM\..\Toolbar: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O33 - MountPoints2\{2e791fc1-9c6c-11e1-a029-001a80a16c0c}\Shell - "" = AutoRun
O33 - MountPoints2\{2e791fc1-9c6c-11e1-a029-001a80a16c0c}\Shell\AutoRun\command - "" = G:\Startme.exe
O33 - MountPoints2\{6efccb36-b201-11df-ab86-001a80a16c0c}\Shell - "" = AutoRun
O33 - MountPoints2\{6efccb36-b201-11df-ab86-001a80a16c0c}\Shell\AutoRun\command - "" = G:\unlock.exe autoplay=true
O33 - MountPoints2\{d3ef968c-e66a-11df-8a69-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d3ef968c-e66a-11df-8a69-806e6f6e6963}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\{d3ef968c-e66a-11df-8a69-806e6f6e6963}\Shell\directx\command - "" = F:\DirectX9\dxsetup.exe
O33 - MountPoints2\{d3ef968c-e66a-11df-8a69-806e6f6e6963}\Shell\setup\command - "" = F:\setup.exe
[2013/01/09 12:38:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2013/01/09 12:38:47 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2013/01/09 12:38:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
:Files
ipconfig /flushdns /c
:Commands
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
```

Then click







button at the top
Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
Please post that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
If you are asked to reboot the machine choose *Yes*. In this case, after the reboot, open Notepad (Start > All Programs > Accessories > Notepad), click File > Open, in the File Name box enter **.log* and press the Enter key, navigate to the *C:\_OTL\MovedFiles folder*, and open the newest *.log* file present, and copy/paste the contents of that document back here in your next post.

Next,

1. Download Malwarebytes Anti-Rootkit from this link http://www.malwarebytes.org/products/mbar/
2. Unzip the File to a convenient location. (Recommend the Desktop)
3. Open the folder where the contents were unzipped to run *mbar.exe*










4. Double-click on the mbar.exe file, you may receive a User Account Control prompt asking if you are sure you wish to allow the program to run. Please allow the program to run and MBAR will now start to install any necessary drivers that are required for the program to operate correctly. If a rootkit is interfering with the installation of the drivers you will see a message that states that the DDA driver was not installed and that you should reboot your computer to install it. You will see this image:










5. If you receive this message, please click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer. Once the computer is rebooted and you login, MBAR will automatically start and you will now be at the start screen. (If no Rootkit warning you will go from step 4 to 6.)

6. The following image opens, select Next.










7. The following image opens, select Update










8. When the Update completes, select Next










9. In the following window ensure "Targets" are ticked. Then select "Scan"










10. If an infection/s is found the *"Cleanup Button"* to remove threats will be available. A list of infected files will be listed like the following example:










11. *Do not* select the "Clean up Button" select the "Exit" button, there will be a warning as follows:










12. Select "Yes" to close down the program. If NO infections were found you will see the following image:










13. Select "Exit" to close down.
14. Copy and paste the two following logs from the *mbar* folder:

*System - log*
*Mbar - log* Date and time of scan will also be shown










Also post those two logs in your reply.

Kevin..


----------



## STIG_DH (Jan 25, 2013)

Kevin

I set up the OTL Run Scan as you directed.
Upon completion, PC requested a reboot after I accepted the unverified application. I proceeded.

On rebooting, Notepad opened automatically (rather than me having to follow your instruction) and filed the following report. Before continuing, i just wanted to check that everything was working along the lines you were expecting!

David

All processes killed
Error: Unable to interpret <IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}> in the current context!
Error: Unable to interpret <IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found> in the current context!
Error: Unable to interpret <IE - HKU\.DEFAULT\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-18\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\..\SearchScopes\{0717AC97-BDB4-4CEB-85B7-0CA63B554F35}: "URL" = http://www.cnet.com/4244-5_1-0.html?query={searchTerms}&tag=srch&target=nw> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}> in the current context!
Error: Unable to interpret <FF - prefs.js..extensions.enabledItems: {5c8bfb7c-9a54-11dc-8314-0800200c9a66}:3.6.7> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.> in the current context!
Error: Unable to interpret <O3 - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.> in the current context!
Error: Unable to interpret <O3 - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.> in the current context!
Error: Unable to interpret <O3 - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" File not found> in the current context!
Error: Unable to interpret <O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{2e791fc1-9c6c-11e1-a029-001a80a16c0c}\Shell - "" = AutoRun> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{2e791fc1-9c6c-11e1-a029-001a80a16c0c}\Shell\AutoRun\command - "" = G:\Startme.exe> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{6efccb36-b201-11df-ab86-001a80a16c0c}\Shell - "" = AutoRun> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{6efccb36-b201-11df-ab86-001a80a16c0c}\Shell\AutoRun\command - "" = G:\unlock.exe autoplay=true> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{d3ef968c-e66a-11df-8a69-806e6f6e6963}\Shell - "" = AutoRun> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{d3ef968c-e66a-11df-8a69-806e6f6e6963}\Shell\AutoRun\command - "" = F:\autorun.exe> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{d3ef968c-e66a-11df-8a69-806e6f6e6963}\Shell\directx\command - "" = F:\DirectX9\dxsetup.exe> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{d3ef968c-e66a-11df-8a69-806e6f6e6963}\Shell\setup\command - "" = F:\setup.exe> in the current context!
Error: Unable to interpret <[2013/01/09 12:38:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll> in the current context!
Error: Unable to interpret <[2013/01/09 12:38:47 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll> in the current context!
Error: Unable to interpret <[2013/01/09 12:38:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll> in the current context!
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\David\Documents\Desktop Computer\Malware removal Jan-13\cmd.bat deleted successfully.
C:\Users\David\Documents\Desktop Computer\Malware removal Jan-13\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: David
->Temp folder emptied: 251062705 bytes
->Temporary Internet Files folder emptied: 190636234 bytes
->Java cache emptied: 14589890 bytes
->FireFox cache emptied: 78335896 bytes
->Google Chrome cache emptied: 373650126 bytes
->Flash cache emptied: 27130 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33109 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Mcx1
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 160609531 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,019.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 01302013_102630

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


----------



## STIG_DH (Jan 25, 2013)

Kevin

I carried on with the scans as the OTL MovedFolders file was exactly where you had specified (the Notepad log had oened automatically rather than me having to dig it out).

So I went on with the Malwarebytes scan - no threats identified.

How are we doing??

David

*mbar-log-2013-01-30 (12-00-58)*

Malwarebytes Anti-Rootkit BETA 1.01.0.1017
www.malwarebytes.org

Database version: v2013.01.30.03

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
David :: DAVID-PC [administrator]

30/01/2013 12:00:58
mbar-log-2013-01-30 (12-00-58).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 31874
Time elapsed: 25 minute(s), 52 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

*system-log*

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1017

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x86

Account is Administrative

Internet Explorer version: 9.0.8112.16421

Java version: 1.6.0_30

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.094000 GHz
Memory total: 2145837056, free: 169365504

------------ Kernel report ------------
01/30/2013 11:33:35
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\halmacpi.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\intelide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\DRIVERS\pcmcia.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\drivers\PCTCore.sys
\SystemRoot\System32\Drivers\PxHelp20.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\RapportKELL.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\aswSnx.SYS
\SystemRoot\system32\DRIVERS\avgmfx86.sys
\??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus32_43926.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\??\C:\Windows\system32\drivers\avgtpx86.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\Drivers\aswTdi.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\Drivers\aswrdr2.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
\??\C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\system32\DRIVERS\DMICall.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\ctxusbm.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\avgldx86.sys
\SystemRoot\System32\Drivers\aswSP.SYS
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\usbuhci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\yk62x86.sys
\SystemRoot\system32\DRIVERS\netw5v32.sys
\SystemRoot\system32\drivers\1394ohci.sys
\SystemRoot\system32\drivers\ti21sony.sys
\SystemRoot\system32\DRIVERS\AVerM115S.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\BdaSup.SYS
\SystemRoot\system32\DRIVERS\SFEP.sys
\SystemRoot\System32\Drivers\GEARAspiWDM.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\drivers\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\DRIVERS\circlass.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\stwrt.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\HSXHWAZL.sys
\SystemRoot\system32\DRIVERS\HSX_DPV.sys
\SystemRoot\system32\DRIVERS\HSX_CNXT.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\R5U870FLx86.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\Drivers\R5U870FUx86.sys
\SystemRoot\system32\DRIVERS\ArcSoftKsUFilter.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\drivers\usbcir.sys
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\aswMonFlt.sys
\SystemRoot\System32\Drivers\aswFsBlk.SYS
\SystemRoot\system32\DRIVERS\hidir.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\mdmxsdk.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\system32\drivers\regi.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\drivers\tdtcp.sys
\SystemRoot\System32\DRIVERS\tssecsrv.sys
\SystemRoot\System32\Drivers\RDPWD.SYS
\SystemRoot\system32\DRIVERS\xaudio.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\lpk.dll
\Windows\System32\gdi32.dll
\Windows\System32\user32.dll
\Windows\System32\difxapi.dll
\Windows\System32\setupapi.dll
\Windows\System32\normaliz.dll
\Windows\System32\wininet.dll
\Windows\System32\advapi32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\sechost.dll
\Windows\System32\msvcrt.dll
\Windows\System32\ole32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\oleaut32.dll
\Windows\System32\comdlg32.dll
\Windows\System32\msctf.dll
\Windows\System32\shell32.dll
\Windows\System32\ws2_32.dll
\Windows\System32\psapi.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\nsi.dll
\Windows\System32\kernel32.dll
\Windows\System32\imm32.dll
\Windows\System32\usp10.dll
\Windows\System32\Wldap32.dll
\Windows\System32\urlmon.dll
\Windows\System32\clbcatq.dll
\Windows\System32\iertutil.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\wintrust.dll
\Windows\System32\crypt32.dll
\Windows\System32\comctl32.dll
\Windows\System32\devobj.dll
\Windows\System32\KernelBase.dll
\Windows\System32\msasn1.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xffffffff88b38560
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000006d\
Lower Device Object: 0xffffffff88967048
Lower Device Driver Name: \Driver\ti21sony\
Driver name found: ti21sony
Initialization returned 0x0
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff88b38ac8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000006c\
Lower Device Object: 0xffffffff88965048
Lower Device Driver Name: \Driver\ti21sony\
Driver name found: ti21sony
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff8693fac8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-0\
Lower Device Object: 0xffffffff85be6030
Lower Device Driver Name: \Driver\iaStor\
Driver name found: iaStor
Initialization returned 0x0
Load Function returned 0x0
Downloaded database version: v2013.01.30.03
Downloaded database version: v2013.01.23.01
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff8693fac8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff8693f760, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff8693fac8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff8693e210, DeviceName: Unknown, DriverName: \Driver\PCTCore\
DevicePointer: 0xffffffff85bbef08, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff85be6030, DeviceName: \Device\Ide\IAAStorageDevice-0\, DriverName: \Driver\iaStor\
------------ End ----------
Upper DeviceData: 0xffffffffb63e6a48, 0xffffffff8693fac8, 0xffffffffa94c4540
Lower DeviceData: 0xffffffff8a0688f0, 0xffffffff85be6030, 0xffffffff85bd9048
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 50B0CCC3

Partition information:

Partition 0 type is Other (0x27)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 22988800

Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 22990848 Numsec = 953780272
Partition file system is NTFS
Partition is bootable

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xffffffff88b38ac8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff874bc0f8, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff88b38ac8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff874a5048, DeviceName: Unknown, DriverName: \Driver\PCTCore\
DevicePointer: 0xffffffff88965048, DeviceName: \Device\0000006c\, DriverName: \Driver\ti21sony\
------------ End ----------
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xffffffff88b38560, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff874c50f8, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff88b38560, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff874a80d8, DeviceName: Unknown, DriverName: \Driver\PCTCore\
DevicePointer: 0xffffffff88967048, DeviceName: \Device\0000006d\, DriverName: \Driver\ti21sony\
------------ End ----------
Done!
Performing system, memory and registry scan...
Done!
Scan finished
=======================================


----------



## kevinf80 (Mar 21, 2006)

Need to run OTL one more time...

Re-Run







by double left click, Vista and Widows 7 users accept UAC alert.

Under the







box at the bottom, paste in the following


```
:OTL
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
IE - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\..\SearchScopes\{0717AC97-BDB4-4CEB-85B7-0CA63B554F35}: "URL" = http://www.cnet.com/4244-5_1-0.html?query={searchTerms}&tag=srch&target=nw
IE - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
FF - prefs.js..extensions.enabledItems: {5c8bfb7c-9a54-11dc-8314-0800200c9a66}:3.6.7
O3 - HKLM\..\Toolbar: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O33 - MountPoints2\{2e791fc1-9c6c-11e1-a029-001a80a16c0c}\Shell - "" = AutoRun
O33 - MountPoints2\{2e791fc1-9c6c-11e1-a029-001a80a16c0c}\Shell\AutoRun\command - "" = G:\Startme.exe
O33 - MountPoints2\{6efccb36-b201-11df-ab86-001a80a16c0c}\Shell - "" = AutoRun
O33 - MountPoints2\{6efccb36-b201-11df-ab86-001a80a16c0c}\Shell\AutoRun\command - "" = G:\unlock.exe autoplay=true
O33 - MountPoints2\{d3ef968c-e66a-11df-8a69-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d3ef968c-e66a-11df-8a69-806e6f6e6963}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\{d3ef968c-e66a-11df-8a69-806e6f6e6963}\Shell\directx\command - "" = F:\DirectX9\dxsetup.exe
O33 - MountPoints2\{d3ef968c-e66a-11df-8a69-806e6f6e6963}\Shell\setup\command - "" = F:\setup.exe
[2013/01/09 12:38:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2013/01/09 12:38:47 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2013/01/09 12:38:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
:Commands
[emptytemp]
```

Then click







button at the top
Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
Please post that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
If you are asked to reboot the machine choose *Yes*. In this case, after the reboot, open Notepad (Start > All Programs > Accessories > Notepad), click File > Open, in the File Name box enter **.log* and press the Enter key, navigate to the *C:\_OTL\MovedFiles folder*, and open the newest *.log* file present, and copy/paste the contents of that document back here in your next post.

Post that log, give updates on current issues/concerns...


----------



## STIG_DH (Jan 25, 2013)

Kevin,

re-run of OTL appended. The notepad log file opened automatically again, and the PC required a reboot.

Preliminary observations: start-up time to operational use is reducing slightly. Firefox still slow to fire up and hard-drive works hard for 15mins or so still. But we seem to be improving, and the delay in webpage loading is improving.

How's it looking from your perspective?

David

*OLT 01302013_134935*

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry key HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry key HKEY_USERS\S-1-5-21-3695665762-3537947497-2156790703-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0717AC97-BDB4-4CEB-85B7-0CA63B554F35}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0717AC97-BDB4-4CEB-85B7-0CA63B554F35}\ not found.
Registry key HKEY_USERS\S-1-5-21-3695665762-3537947497-2156790703-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Prefs.js: {5c8bfb7c-9a54-11dc-8314-0800200c9a66}:3.6.7 removed from extensions.enabledItems
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{472734EA-242A-422B-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_USERS\S-1-5-21-3695665762-3537947497-2156790703-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{472734EA-242A-422B-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422B-ADF8-83D1E48CC825}\ not found.
Registry value HKEY_USERS\S-1-5-21-3695665762-3537947497-2156790703-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}\ not found.
Registry value HKEY_USERS\S-1-5-21-3695665762-3537947497-2156790703-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\vProt deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2e791fc1-9c6c-11e1-a029-001a80a16c0c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2e791fc1-9c6c-11e1-a029-001a80a16c0c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2e791fc1-9c6c-11e1-a029-001a80a16c0c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2e791fc1-9c6c-11e1-a029-001a80a16c0c}\ not found.
File G:\Startme.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6efccb36-b201-11df-ab86-001a80a16c0c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6efccb36-b201-11df-ab86-001a80a16c0c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6efccb36-b201-11df-ab86-001a80a16c0c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6efccb36-b201-11df-ab86-001a80a16c0c}\ not found.
File G:\unlock.exe autoplay=true not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d3ef968c-e66a-11df-8a69-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d3ef968c-e66a-11df-8a69-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d3ef968c-e66a-11df-8a69-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d3ef968c-e66a-11df-8a69-806e6f6e6963}\ not found.
File F:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d3ef968c-e66a-11df-8a69-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d3ef968c-e66a-11df-8a69-806e6f6e6963}\ not found.
File F:\DirectX9\dxsetup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d3ef968c-e66a-11df-8a69-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d3ef968c-e66a-11df-8a69-806e6f6e6963}\ not found.
File F:\setup.exe not found.
File move failed. C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll scheduled to be moved on reboot.
File move failed. C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll scheduled to be moved on reboot.
File move failed. C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll scheduled to be moved on reboot.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: David
->Temp folder emptied: 36089067 bytes
->Temporary Internet Files folder emptied: 78772 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 20786120 bytes
->Flash cache emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Mcx1
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4215 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 54.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 01302013_134935

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll scheduled to be moved on reboot.
File move failed. C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll scheduled to be moved on reboot.
File move failed. C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll scheduled to be moved on reboot.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


----------



## kevinf80 (Mar 21, 2006)

Run a clean boot of your system and see how it responds to that, follow the instructions from this link:

http://support.microsoft.com/kb/929135

Let me know if that makes any difference..


----------



## STIG_DH (Jan 25, 2013)

Kevin

just started the clean boot (Step1) according to microsoft instruction in the website link.

Start-up still very slow - even with running MS services only. The hard drive is chugging away some time after. Also, when I clicked to restart, windows wouldn't let me - a programme (unknown) was running in the background. I tried this a couple of times but I had to force restart eventually.

Having got to step 2 (diagnose the problem), I haven't kicked of, as I expect i am meant to conduct an iterative search to determine what is slowing it down. As it is still slow I'm wondering if I will see any difference!

Shall I go ahead anyway? What's your advice?

David


----------



## kevinf80 (Mar 21, 2006)

If the issue is the same with all non MS services off we need to try a different tack, you can return the boot mde to normal...

OK, Combofix is fixed and back to normal, i`d like you to run the new version:

Delete any versions of Combofix that you may have on your Desktop, download a fresh copy from the following link :-

http://download.bleepingcomputer.com/sUBs/ComboFix.exe


 Ensure that Combofix is saved directly to the Desktop * <--- Very important*

 Disable all security programs as they will have a negative effect on Combofix, instructions available here http://www.bleepingcomputer.com/forums/topic114351.html if required. Be aware the list may not have all programs listed, if you need more help please ask.

 Close any open browsers and any other programs you might have running

 Double click the







icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)

 Instructions for running Combofix available here http://www.bleepingcomputer.com/combofix/how-to-use-combofix if required.

 If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.

 When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

*******Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze* ******

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read here http://thespykiller.co.uk/index.php?page=20 why disabling autoruns is recommended.

*EXTRA NOTES*

 If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
 *If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal*
 If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the log in next reply please...

Kevin


----------



## STIG_DH (Jan 25, 2013)

Hmmm

that took longer than the stipulated 10mins for an uninfected computer (it actually around 30mins) 

No automatic reboot though

What next?!

David

*ComboFix logfile*

ComboFix 13-01-30.04 - David 31/01/2013 8:41.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.2046.1141 [GMT 0:00]
Running from: c:\users\David\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-12-28 to 2013-01-31 )))))))))))))))))))))))))))))))
.
.
2013-01-30 10:26 . 2013-01-30 10:26	--------	d-----w-	C:\_OTL
2013-01-29 19:48 . 2013-01-29 19:48	15616	----a-w-	c:\windows\system32\drivers\TrueSight.sys
2013-01-29 18:40 . 2013-01-31 08:13	60872	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{B102BADD-A7E5-41F8-A786-F5D00FE42EAB}\offreg.dll
2013-01-29 16:58 . 2013-01-29 16:59	115	----a-w-	c:\windows\DeleteOnReboot.bat
2013-01-29 08:30 . 2013-01-08 04:57	6991832	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{B102BADD-A7E5-41F8-A786-F5D00FE42EAB}\mpengine.dll
2013-01-25 15:41 . 2013-01-25 15:41	--------	d-----w-	c:\users\David\AppData\Local\WinZip
2013-01-25 15:40 . 2013-01-25 15:41	--------	d-----w-	c:\programdata\WinZip
2013-01-25 15:38 . 2013-01-25 15:37	26984	----a-w-	c:\windows\system32\drivers\avgtpx86.sys
2013-01-25 15:38 . 2013-01-29 16:58	--------	d-----w-	c:\program files\Common Files\AVG Secure Search
2013-01-24 11:09 . 2013-01-24 11:09	--------	d-----w-	c:\users\David\AppData\Local\Programs
2013-01-20 13:42 . 2013-01-12 03:30	94112	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2013-01-16 11:18 . 2013-01-16 11:18	--------	d-----w-	c:\users\David\AppData\Roaming\RealNetworks
2013-01-16 11:18 . 2013-01-16 11:18	--------	d-----w-	c:\program files\RealNetworks
2013-01-16 11:17 . 2013-01-16 11:17	--------	d-----w-	c:\program files\Common Files\xing shared
2013-01-09 12:39 . 2012-11-22 04:45	626688	----a-w-	c:\windows\system32\usp10.dll
2013-01-09 12:39 . 2012-11-23 02:56	2345984	----a-w-	c:\windows\system32\win32k.sys
2013-01-09 12:39 . 2012-11-09 04:43	492032	----a-w-	c:\windows\system32\win32spl.dll
2013-01-09 12:39 . 2012-11-01 04:47	1389568	----a-w-	c:\windows\system32\msxml6.dll
2013-01-09 12:37 . 2012-12-07 10:46	43520	----a-w-	c:\windows\system32\csrr.rs
2013-01-09 12:36 . 2012-11-20 04:51	220160	----a-w-	c:\windows\system32\ncrypt.dll
2013-01-09 12:36 . 2012-11-23 02:48	49152	----a-w-	c:\windows\system32\taskhost.exe
2013-01-04 18:26 . 2013-01-04 18:26	--------	d-----w-	c:\users\David\AppData\Local\ElevatedDiagnostics
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-20 13:47 . 2012-03-31 16:12	697864	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-01-20 13:47 . 2011-05-29 08:35	74248	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-20 13:47 . 2012-05-07 07:30	15739912	----a-w-	c:\windows\system32\FlashPlayerInstaller.exe
2013-01-16 11:17 . 2003-03-19 03:14	499712	----a-w-	c:\windows\system32\msvcp71.dll
2013-01-16 11:17 . 2003-02-21 11:42	348160	----a-w-	c:\windows\system32\msvcr71.dll
2012-12-23 22:13 . 2012-12-23 22:13	65848	----a-w-	c:\windows\system32\drivers\RapportKELL.sys
2012-12-16 14:13 . 2012-12-23 12:21	295424	----a-w-	c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-23 12:21	34304	----a-w-	c:\windows\system32\atmlib.dll
2012-12-14 16:49 . 2008-12-29 18:58	21104	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-11-20 19:15 . 2012-04-08 18:19	821736	----a-w-	c:\windows\system32\npdeployJava1.dll
2012-11-20 19:15 . 2010-04-17 21:13	746984	----a-w-	c:\windows\system32\deployJava1.dll
2012-11-14 02:09 . 2012-12-14 11:54	1800704	----a-w-	c:\windows\system32\jscript9.dll
2012-11-14 01:58 . 2012-12-14 11:54	1427968	----a-w-	c:\windows\system32\inetcpl.cpl
2012-11-14 01:57 . 2012-12-14 11:54	1129472	----a-w-	c:\windows\system32\wininet.dll
2012-11-14 01:49 . 2012-12-14 11:54	142848	----a-w-	c:\windows\system32\ieUnatt.exe
2012-11-14 01:48 . 2012-12-14 11:54	420864	----a-w-	c:\windows\system32\vbscript.dll
2012-11-14 01:44 . 2012-12-14 11:54	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-11-09 04:42 . 2012-12-13 08:37	2048	----a-w-	c:\windows\system32\tzres.dll
2012-01-16 17:22 . 2012-01-16 17:22	293736	----a-w-	c:\program files\iTunesOutlookAddIn.dll
2012-01-16 17:22 . 2012-01-16 17:22	421736	----a-w-	c:\program files\iTunesHelper.exe
2012-01-16 17:22 . 2012-01-16 17:22	403304	----a-w-	c:\program files\iTunesAdmin.dll
2012-01-16 17:22 . 2012-01-16 17:22	156520	----a-w-	c:\program files\iTunesHelper.dll
2012-01-16 17:22 . 2012-01-16 17:22	124776	----a-w-	c:\program files\iTunesMiniPlayer.dll
2012-01-16 17:22 . 2012-01-16 17:22	9777000	----a-w-	c:\program files\iTunes.exe
2012-01-16 17:22 . 2012-01-16 17:22	20868968	----a-w-	c:\program files\iTunes.dll
2012-01-16 17:22 . 2012-01-16 17:22	803200	----a-w-	c:\program files\gnsdk_sdkmanager.dll
2012-01-16 17:22 . 2012-01-16 17:22	3035520	----a-w-	c:\program files\gnsdk_dsp.dll
2012-01-16 17:22 . 2012-01-16 17:22	287104	----a-w-	c:\program files\gnsdk_submit.dll
2012-01-16 17:22 . 2012-01-16 17:22	246144	----a-w-	c:\program files\gnsdk_musicid.dll
2012-01-16 17:22 . 2012-01-16 17:22	2010984	----a-w-	c:\program files\iPodUpdaterExt.dll
2011-11-14 20:16 . 2011-11-14 20:16	112488	----a-w-	c:\program files\ITDetector.ocx
2010-03-10 23:01 . 2013-01-19 10:24	124272	----a-w-	c:\program files\mozilla firefox\plugins\CCMSDK.dll
2010-03-10 23:40 . 2013-01-19 10:24	13168	----a-w-	c:\program files\mozilla firefox\plugins\cgpcfg.dll
2010-03-10 23:02 . 2013-01-19 10:24	70512	----a-w-	c:\program files\mozilla firefox\plugins\CgpCore.dll
2010-03-10 23:01 . 2013-01-19 10:24	91504	----a-w-	c:\program files\mozilla firefox\plugins\confmgr.dll
2010-03-10 23:01 . 2013-01-19 10:24	22384	----a-w-	c:\program files\mozilla firefox\plugins\ctxlogging.dll
2010-03-10 23:00 . 2013-01-19 10:24	255344	----a-w-	c:\program files\mozilla firefox\plugins\ctxmui.dll
2010-03-10 23:01 . 2013-01-19 10:24	31088	----a-w-	c:\program files\mozilla firefox\plugins\icafile.dll
2010-03-10 23:01 . 2013-01-19 10:24	40304	----a-w-	c:\program files\mozilla firefox\plugins\icalogon.dll
2008-06-19 09:16 . 2013-01-19 10:24	118784	----a-w-	c:\program files\mozilla firefox\plugins\MyCamera.dll
2009-10-05 12:49 . 2013-01-19 10:24	652640	----a-w-	c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2010-03-10 23:02 . 2013-01-19 10:24	23920	----a-w-	c:\program files\mozilla firefox\plugins\TcpPServ.dll
2013-01-19 10:24 . 2013-01-19 10:24	262552	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
2010-09-02 16:44 . 2013-01-19 10:24	119808	----a-w-	c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{92EF2EAD-A7CE-4424-B0DB-499CF856608E}]
2013-01-10 15:59	581984	----a-w-	c:\program files\Evernote\Evernote\EvernoteIE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50	121528	----a-w-	c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\David\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\David\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\David\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-12-17 19:50	556648	----a-w-	c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-12-17 19:50	556648	----a-w-	c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-12-17 19:50	556648	----a-w-	c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-12-17 19:50	556648	----a-w-	c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-08-15 04:05	98304	----a-w-	c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Air Mouse.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Air Mouse.lnk
backup=c:\windows\pss\Air Mouse.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PURE Flow Server Tray Control.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\PURE Flow Server Tray Control.lnk
backup=c:\windows\pss\PURE Flow Server Tray Control.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDDMStatus.lnk]
backup=c:\windows\pss\WDDMStatus.lnk.CommonStartup
backupExtension=.CommonStartup
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk
.
[HKLM\~\startupfolder\C:^Users^David^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^David^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EvernoteClipper.lnk]
path=c:\users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
backup=c:\windows\pss\EvernoteClipper.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^David^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^David^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
path=c:\users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^David^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PUREFlow Server.lnk]
path=c:\users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PUREFlow Server.lnk
backup=c:\windows\pss\PUREFlow Server.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35	946352	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-09-10 23:43	67488	----a-w-	c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppMon Utility]
2007-09-20 23:52	542560	----a-w-	c:\program files\Sony\AppMonUtil\AppMonUtility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-11-01 23:25	59240	----a-w-	c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2010-07-26 02:08	2569616	----a-w-	c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ConnectionCenter]
2010-03-10 23:21	300400	----a-w-	c:\program files\Citrix\ICA Client\concentr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-03-21 21:10	1230704	----a-w-	c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2010-11-20 12:17	144384	----a-w-	c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-09-02 16:44	30192	----a-w-	c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoogleDriveSync]
2012-12-17 19:50	16328976	----a-w-	c:\program files\Google\Drive\googledrivesync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 17:36	30040	----a-w-	c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hobbyist Software On-Off Helper]
2011-03-10 00:50	565248	----a-w-	c:\program files\Hobbyist Software\Off-Helper\Off-Helper Configuration.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
2012-06-26 20:36	1629280	----a-w-	c:\program files\Microsoft Device Center\ipoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliType Pro]
2012-06-26 20:36	1109072	----a-w-	c:\program files\Microsoft Device Center\itype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-01-16 17:22	421736	----a-w-	c:\program files\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MarketingTools]
2007-12-18 22:00	36864	----a-w-	c:\program files\Sony\Marketing Tools\MarketingTools.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyPoi Monitor]
2010-03-26 15:10	2114808	----a-w-	c:\program files\Common Files\MyPoiWorld Shared\MyPoiMonitor\MyPoiMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSUFloatingUI]
2008-11-05 07:32	262144	----a-w-	c:\program files\Sony\Network Utility\LANUtil.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2007-11-07 00:13	8497696	----a-w-	c:\windows\System32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2007-11-07 00:13	81920	----a-w-	c:\windows\System32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
2007-11-07 00:16	86016	----a-w-	c:\windows\System32\nvsvc.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 14:28	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2010-11-20 12:17	1174016	----a-w-	c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 08:04	252848	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-12-03 18:43	39408	----a-w-	c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2013-01-16 11:17	295072	----a-w-	c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue ProcessQuickLink 2]
2008-04-02 08:50	655640	----a-w-	c:\program files\Uniblue\ProcessQuickLink 2\ProcessQuickLink2.exe
.
R2 NSUService;NSUService;c:\program files\Sony\Network Utility\NSUService.exe [x]
R2 Off-Helper;Off-Helper;c:\program files\Hobbyist Software\Off-Helper\Off-Helper Service.exe [x]
R2 PURE Flow Server;PURE Flow Server;c:\program files\PURE Flow Server\twonkymediaserverwatchdog.exe [x]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R2 uCamMonitor;CamMonitor;c:\program files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe [x]
R2 VCFw;VAIO Content Folder Watcher;c:\program files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [x]
R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [x]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [x]
R3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.4.0;c:\windows\system32\drivers\libusb0.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.313\McCHSvc.exe [x]
R3 Sony PC Companion;Sony PC Companion;c:\program files\Sony\Sony PC Companion\PCCService.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe [x]
R3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [x]
R3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [x]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [x]
R4 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [x]
R4 WDFME;WD File Management Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [x]
R4 WDSC;WD File Management Shadow Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [x]
S0 RapportKELL;RapportKELL;c:\windows\System32\Drivers\RapportKELL.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x]
S1 RapportCerberus_43926;RapportCerberus_43926;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus32_43926.sys [x]
S1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [x]
S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [x]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [x]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 AVerM115S;AVerM115S service;c:\windows\system32\DRIVERS\AVerM115S.sys [x]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
S3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\Drivers\R5U870FLx86.sys [x]
S3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\Drivers\R5U870FUx86.sys [x]
S3 RapportIaso;RapportIaso;c:\programdata\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [x]
S3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [x]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update\VUAgent.exe [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-24 08:50	1607120	----a-w-	c:\program files\Google\Chrome\Application\24.0.1312.56\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 13:47]
.
2013-01-30 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-12-18 18:28]
.
2013-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-07 16:55]
.
2013-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-07 16:55]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: Add to Evernote 4 - c:\program files\Evernote\Evernote\\EvernoteIERes\Clip.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: New Note - c:\program files\Evernote\Evernote\\EvernoteIERes\NewNote.html
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{B8E8EBE0-C1DD-4A83-86D6-F9C48AD53AA8}: NameServer = 192.168.2.1,89.16.173.11
TCP: Interfaces\{B8E8EBE0-C1DD-4A83-86D6-F9C48AD53AA8}\84F6D656: NameServer = 192.168.2.1,89.16.173.11
FF - ProfilePath - c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\wf9gy7j5.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - ExtSQL: !HIDDEN! 2009-08-21 07:48; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe
MSConfigStartUp-ROC_roc_ssl_v12 - c:\program files\AVG Secure Search\ROC_roc_ssl_v12.exe
MSConfigStartUp-Sony Ericsson PC Suite - c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
AddRemove-Browser Defender_is1 - h:\spyware doctor\BDT\unins000.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3695665762-3537947497-2156790703-1000\¬ î**]
"MachineID"=hex:91,43,4e,d0,7c,90,79,00
DUMPHIVE0.003 (REGF)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-01-31 09:15:19
ComboFix-quarantined-files.txt 2013-01-31 09:15
.
Pre-Run: 326,673,698,816 bytes free
Post-Run: 326,343,274,496 bytes free
.
- - End Of File - - 1AF8CEBC6FDABA04E7E41B6CD4F75C3A


----------



## kevinf80 (Mar 21, 2006)

Did you run Combofix with system in clean boot state? if you look at the services from Combofix it appears that the service is there but the related file is not present, you can see the [x] at the end of each line.

Are those services on your system and still in use??

R2 NSUService;NSUService;c:\program files\Sony\Network Utility\NSUService.exe [x]
R2 Off-Helper;Off-Helper;c:\program files\Hobbyist Software\Off-Helper\Off-Helper Service.exe [x]
R2 PURE Flow Server;PURE Flow Server;c:\program files\PURE Flow Server\twonkymediaserverwatchdog.exe [x]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R2 uCamMonitor;CamMonitor;c:\program files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe [x]
R2 VCFw;VAIO Content Folder Watcher;c:\program files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [x]
R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [x]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [x]
R3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.4.0;c:\windows\system32\drivers\libusb0.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.313\McCHSvc.exe [x]
R3 Sony PC Companion;Sony PC Companion;c:\program files\Sony\Sony PC Companion\PCCService.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe [x]
R3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [x]
R3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [x]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [x]
R4 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [x]
R4 WDFME;WD File Management Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [x]
R4 WDSC;WD File Management Shadow Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [x]
S0 RapportKELL;RapportKELL;c:\windows\System32\Drivers\RapportKELL.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x]
S1 RapportCerberus_43926;RapportCerberus_43926;c:\programdata\Trusteer\Rapport \store\exts\RapportCerberus\43926\RapportCerberus32_43926.sys [x]
S1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [x]
S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [x]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [x]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 AVerM115S;AVerM115S service;c:\windows\system32\DRIVERS\AVerM115S.sys [x]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
S3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\Drivers\R5U870FLx86.sys [x]
S3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\Drivers\R5U870FUx86.sys [x]
S3 RapportIaso;RapportIaso;c:\programdata\trusteer\rapport\store\exts\rapportm s\baseline\rapportiaso.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [x]
S3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [x]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update\VUAgent.exe [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]

Also run the following please:


 Go here: http://sourceforge.net/projects/hjt/ to download HijackThis program
 Save HijackThis to your desktop.
 Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
 Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
 copy and paste hijackthis report into the topic
...

Kevin


----------



## STIG_DH (Jan 25, 2013)

Kevin,

no I didn't scan in clean boot mode - I returned boot to normal mode (I think that was your instruction?)
I recognise many but not all of those services (those I recognise are legit). If related file not resent - have I deleted it??

Would you suggest I run the CombFix scan again but set clean boot mode up as I started to do previously before consulting you?
Or go ahead with the HJT scan instead/ as well as?

David


----------



## kevinf80 (Mar 21, 2006)

Run Combofix one more time please, also tell me if you use PCTools, AVG and McAfee. I do see Avast is installed, just wonder what the others are used for..


----------



## STIG_DH (Jan 25, 2013)

Kevin

I use Avast and Malwarebytes (both disabled for ComboFix log).
I do have MacAfee Security Scan which runs an automated scan every week, but removed it for the purpose of this log (it couldn't be disabled).
I once used SpyDoctor by PCTools for a small problem, but thought I had removed it (usually with Revo Uninstaller, although could just have been add/remove programs)
AVG used to be my anti-virus shield, but one of the versions (was it 8 or 9?) was contra-indicated with Malwarebytes so I removed it and opted for Avast.
BUT,
AVG is a real pest - it keeps re-establishing itself despite my attempts to clean it out, and I noticed it in several of the log files. It started to add itself into my chrome browser for example (that disappeared after one of your clean-up routines).

What's the prognosis now?

Here is the ComboFix log file

David

*
ComboFix log file (2)*

ComboFix 13-01-31.01 - David 31/01/2013 15:00:31.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.2046.845 [GMT 0:00]
Running from: c:\users\David\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-12-28 to 2013-01-31 )))))))))))))))))))))))))))))))
.
.
2013-01-31 15:31 . 2013-01-31 15:31	--------	d-----w-	c:\users\Mcx1\AppData\Local\temp
2013-01-31 15:31 . 2013-01-31 15:31	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-01-31 09:15 . 2013-01-31 15:31	--------	d-----w-	c:\users\David\AppData\Local\temp
2013-01-30 10:26 . 2013-01-30 10:26	--------	d-----w-	C:\_OTL
2013-01-29 19:48 . 2013-01-29 19:48	15616	----a-w-	c:\windows\system32\drivers\TrueSight.sys
2013-01-29 18:40 . 2013-01-31 08:13	60872	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{B102BADD-A7E5-41F8-A786-F5D00FE42EAB}\offreg.dll
2013-01-29 16:58 . 2013-01-29 16:59	115	----a-w-	c:\windows\DeleteOnReboot.bat
2013-01-29 08:30 . 2013-01-08 04:57	6991832	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{B102BADD-A7E5-41F8-A786-F5D00FE42EAB}\mpengine.dll
2013-01-25 15:41 . 2013-01-25 15:41	--------	d-----w-	c:\users\David\AppData\Local\WinZip
2013-01-25 15:40 . 2013-01-25 15:41	--------	d-----w-	c:\programdata\WinZip
2013-01-25 15:38 . 2013-01-25 15:37	26984	----a-w-	c:\windows\system32\drivers\avgtpx86.sys
2013-01-25 15:38 . 2013-01-29 16:58	--------	d-----w-	c:\program files\Common Files\AVG Secure Search
2013-01-24 11:09 . 2013-01-24 11:09	--------	d-----w-	c:\users\David\AppData\Local\Programs
2013-01-20 13:42 . 2013-01-12 03:30	94112	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2013-01-16 11:18 . 2013-01-16 11:18	--------	d-----w-	c:\users\David\AppData\Roaming\RealNetworks
2013-01-16 11:18 . 2013-01-16 11:18	--------	d-----w-	c:\program files\RealNetworks
2013-01-16 11:17 . 2013-01-16 11:17	--------	d-----w-	c:\program files\Common Files\xing shared
2013-01-09 12:39 . 2012-11-22 04:45	626688	----a-w-	c:\windows\system32\usp10.dll
2013-01-09 12:39 . 2012-11-23 02:56	2345984	----a-w-	c:\windows\system32\win32k.sys
2013-01-09 12:39 . 2012-11-09 04:43	492032	----a-w-	c:\windows\system32\win32spl.dll
2013-01-09 12:39 . 2012-11-01 04:47	1389568	----a-w-	c:\windows\system32\msxml6.dll
2013-01-09 12:37 . 2012-12-07 10:46	43520	----a-w-	c:\windows\system32\csrr.rs
2013-01-09 12:36 . 2012-11-20 04:51	220160	----a-w-	c:\windows\system32\ncrypt.dll
2013-01-09 12:36 . 2012-11-23 02:48	49152	----a-w-	c:\windows\system32\taskhost.exe
2013-01-04 18:26 . 2013-01-04 18:26	--------	d-----w-	c:\users\David\AppData\Local\ElevatedDiagnostics
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-20 13:47 . 2012-03-31 16:12	697864	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-01-20 13:47 . 2011-05-29 08:35	74248	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-20 13:47 . 2012-05-07 07:30	15739912	----a-w-	c:\windows\system32\FlashPlayerInstaller.exe
2013-01-16 11:17 . 2003-03-19 03:14	499712	----a-w-	c:\windows\system32\msvcp71.dll
2013-01-16 11:17 . 2003-02-21 11:42	348160	----a-w-	c:\windows\system32\msvcr71.dll
2012-12-23 22:13 . 2012-12-23 22:13	65848	----a-w-	c:\windows\system32\drivers\RapportKELL.sys
2012-12-16 14:13 . 2012-12-23 12:21	295424	----a-w-	c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-23 12:21	34304	----a-w-	c:\windows\system32\atmlib.dll
2012-12-14 16:49 . 2008-12-29 18:58	21104	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-11-20 19:15 . 2012-04-08 18:19	821736	----a-w-	c:\windows\system32\npdeployJava1.dll
2012-11-20 19:15 . 2010-04-17 21:13	746984	----a-w-	c:\windows\system32\deployJava1.dll
2012-11-14 02:09 . 2012-12-14 11:54	1800704	----a-w-	c:\windows\system32\jscript9.dll
2012-11-14 01:58 . 2012-12-14 11:54	1427968	----a-w-	c:\windows\system32\inetcpl.cpl
2012-11-14 01:57 . 2012-12-14 11:54	1129472	----a-w-	c:\windows\system32\wininet.dll
2012-11-14 01:49 . 2012-12-14 11:54	142848	----a-w-	c:\windows\system32\ieUnatt.exe
2012-11-14 01:48 . 2012-12-14 11:54	420864	----a-w-	c:\windows\system32\vbscript.dll
2012-11-14 01:44 . 2012-12-14 11:54	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-11-09 04:42 . 2012-12-13 08:37	2048	----a-w-	c:\windows\system32\tzres.dll
2012-01-16 17:22 . 2012-01-16 17:22	293736	----a-w-	c:\program files\iTunesOutlookAddIn.dll
2012-01-16 17:22 . 2012-01-16 17:22	421736	----a-w-	c:\program files\iTunesHelper.exe
2012-01-16 17:22 . 2012-01-16 17:22	403304	----a-w-	c:\program files\iTunesAdmin.dll
2012-01-16 17:22 . 2012-01-16 17:22	156520	----a-w-	c:\program files\iTunesHelper.dll
2012-01-16 17:22 . 2012-01-16 17:22	124776	----a-w-	c:\program files\iTunesMiniPlayer.dll
2012-01-16 17:22 . 2012-01-16 17:22	9777000	----a-w-	c:\program files\iTunes.exe
2012-01-16 17:22 . 2012-01-16 17:22	20868968	----a-w-	c:\program files\iTunes.dll
2012-01-16 17:22 . 2012-01-16 17:22	803200	----a-w-	c:\program files\gnsdk_sdkmanager.dll
2012-01-16 17:22 . 2012-01-16 17:22	3035520	----a-w-	c:\program files\gnsdk_dsp.dll
2012-01-16 17:22 . 2012-01-16 17:22	287104	----a-w-	c:\program files\gnsdk_submit.dll
2012-01-16 17:22 . 2012-01-16 17:22	246144	----a-w-	c:\program files\gnsdk_musicid.dll
2012-01-16 17:22 . 2012-01-16 17:22	2010984	----a-w-	c:\program files\iPodUpdaterExt.dll
2011-11-14 20:16 . 2011-11-14 20:16	112488	----a-w-	c:\program files\ITDetector.ocx
2010-03-10 23:01 . 2013-01-19 10:24	124272	----a-w-	c:\program files\mozilla firefox\plugins\CCMSDK.dll
2010-03-10 23:40 . 2013-01-19 10:24	13168	----a-w-	c:\program files\mozilla firefox\plugins\cgpcfg.dll
2010-03-10 23:02 . 2013-01-19 10:24	70512	----a-w-	c:\program files\mozilla firefox\plugins\CgpCore.dll
2010-03-10 23:01 . 2013-01-19 10:24	91504	----a-w-	c:\program files\mozilla firefox\plugins\confmgr.dll
2010-03-10 23:01 . 2013-01-19 10:24	22384	----a-w-	c:\program files\mozilla firefox\plugins\ctxlogging.dll
2010-03-10 23:00 . 2013-01-19 10:24	255344	----a-w-	c:\program files\mozilla firefox\plugins\ctxmui.dll
2010-03-10 23:01 . 2013-01-19 10:24	31088	----a-w-	c:\program files\mozilla firefox\plugins\icafile.dll
2010-03-10 23:01 . 2013-01-19 10:24	40304	----a-w-	c:\program files\mozilla firefox\plugins\icalogon.dll
2008-06-19 09:16 . 2013-01-19 10:24	118784	----a-w-	c:\program files\mozilla firefox\plugins\MyCamera.dll
2009-10-05 12:49 . 2013-01-19 10:24	652640	----a-w-	c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2010-03-10 23:02 . 2013-01-19 10:24	23920	----a-w-	c:\program files\mozilla firefox\plugins\TcpPServ.dll
2013-01-19 10:24 . 2013-01-19 10:24	262552	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
2010-09-02 16:44 . 2013-01-19 10:24	119808	----a-w-	c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{92EF2EAD-A7CE-4424-B0DB-499CF856608E}]
2013-01-10 15:59	581984	----a-w-	c:\program files\Evernote\Evernote\EvernoteIE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50	121528	----a-w-	c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\David\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\David\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\David\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-12-17 19:50	556648	----a-w-	c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-12-17 19:50	556648	----a-w-	c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-12-17 19:50	556648	----a-w-	c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-12-17 19:50	556648	----a-w-	c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-08-15 04:05	98304	----a-w-	c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Air Mouse.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Air Mouse.lnk
backup=c:\windows\pss\Air Mouse.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PURE Flow Server Tray Control.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\PURE Flow Server Tray Control.lnk
backup=c:\windows\pss\PURE Flow Server Tray Control.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDDMStatus.lnk]
backup=c:\windows\pss\WDDMStatus.lnk.CommonStartup
backupExtension=.CommonStartup
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk
.
[HKLM\~\startupfolder\C:^Users^David^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^David^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EvernoteClipper.lnk]
path=c:\users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
backup=c:\windows\pss\EvernoteClipper.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^David^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^David^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
path=c:\users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^David^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PUREFlow Server.lnk]
path=c:\users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PUREFlow Server.lnk
backup=c:\windows\pss\PUREFlow Server.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35	946352	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-09-10 23:43	67488	----a-w-	c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppMon Utility]
2007-09-20 23:52	542560	----a-w-	c:\program files\Sony\AppMonUtil\AppMonUtility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-11-01 23:25	59240	----a-w-	c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2010-07-26 02:08	2569616	----a-w-	c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ConnectionCenter]
2010-03-10 23:21	300400	----a-w-	c:\program files\Citrix\ICA Client\concentr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-03-21 21:10	1230704	----a-w-	c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2010-11-20 12:17	144384	----a-w-	c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-09-02 16:44	30192	----a-w-	c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoogleDriveSync]
2012-12-17 19:50	16328976	----a-w-	c:\program files\Google\Drive\googledrivesync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 17:36	30040	----a-w-	c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hobbyist Software On-Off Helper]
2011-03-10 00:50	565248	----a-w-	c:\program files\Hobbyist Software\Off-Helper\Off-Helper Configuration.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
2012-06-26 20:36	1629280	----a-w-	c:\program files\Microsoft Device Center\ipoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliType Pro]
2012-06-26 20:36	1109072	----a-w-	c:\program files\Microsoft Device Center\itype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-01-16 17:22	421736	----a-w-	c:\program files\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MarketingTools]
2007-12-18 22:00	36864	----a-w-	c:\program files\Sony\Marketing Tools\MarketingTools.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyPoi Monitor]
2010-03-26 15:10	2114808	----a-w-	c:\program files\Common Files\MyPoiWorld Shared\MyPoiMonitor\MyPoiMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSUFloatingUI]
2008-11-05 07:32	262144	----a-w-	c:\program files\Sony\Network Utility\LANUtil.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2007-11-07 00:13	8497696	----a-w-	c:\windows\System32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2007-11-07 00:13	81920	----a-w-	c:\windows\System32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
2007-11-07 00:16	86016	----a-w-	c:\windows\System32\nvsvc.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 14:28	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2010-11-20 12:17	1174016	----a-w-	c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 08:04	252848	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-12-03 18:43	39408	----a-w-	c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2013-01-16 11:17	295072	----a-w-	c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue ProcessQuickLink 2]
2008-04-02 08:50	655640	----a-w-	c:\program files\Uniblue\ProcessQuickLink 2\ProcessQuickLink2.exe
.
R2 NSUService;NSUService;c:\program files\Sony\Network Utility\NSUService.exe [x]
R2 Off-Helper;Off-Helper;c:\program files\Hobbyist Software\Off-Helper\Off-Helper Service.exe [x]
R2 PURE Flow Server;PURE Flow Server;c:\program files\PURE Flow Server\twonkymediaserverwatchdog.exe [x]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R2 uCamMonitor;CamMonitor;c:\program files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe [x]
R2 VCFw;VAIO Content Folder Watcher;c:\program files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [x]
R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [x]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [x]
R3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.4.0;c:\windows\system32\drivers\libusb0.sys [x]
R3 Sony PC Companion;Sony PC Companion;c:\program files\Sony\Sony PC Companion\PCCService.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe [x]
R3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [x]
R3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [x]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [x]
R4 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [x]
R4 WDFME;WD File Management Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [x]
R4 WDSC;WD File Management Shadow Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [x]
S0 RapportKELL;RapportKELL;c:\windows\System32\Drivers\RapportKELL.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x]
S1 RapportCerberus_43926;RapportCerberus_43926;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus32_43926.sys [x]
S1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [x]
S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [x]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [x]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 AVerM115S;AVerM115S service;c:\windows\system32\DRIVERS\AVerM115S.sys [x]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
S3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\Drivers\R5U870FLx86.sys [x]
S3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\Drivers\R5U870FUx86.sys [x]
S3 RapportIaso;RapportIaso;c:\programdata\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [x]
S3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [x]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update\VUAgent.exe [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-24 08:50	1607120	----a-w-	c:\program files\Google\Chrome\Application\24.0.1312.56\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 13:47]
.
2013-01-31 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-12-18 18:28]
.
2013-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-07 16:55]
.
2013-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-07 16:55]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: Add to Evernote 4 - c:\program files\Evernote\Evernote\\EvernoteIERes\Clip.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: New Note - c:\program files\Evernote\Evernote\\EvernoteIERes\NewNote.html
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{B8E8EBE0-C1DD-4A83-86D6-F9C48AD53AA8}: NameServer = 192.168.2.1,89.16.173.11
TCP: Interfaces\{B8E8EBE0-C1DD-4A83-86D6-F9C48AD53AA8}\84F6D656: NameServer = 192.168.2.1,89.16.173.11
FF - ProfilePath - c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\wf9gy7j5.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - ExtSQL: !HIDDEN! 2009-08-21 07:48; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3695665762-3537947497-2156790703-1000\¬ î**]
"MachineID"=hex:91,43,4e,d0,7c,90,79,00
DUMPHIVE0.003 (REGF)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(4992)
c:\users\David\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
Completion time: 2013-01-31 15:35:03
ComboFix-quarantined-files.txt 2013-01-31 15:35
ComboFix2.txt 2013-01-31 09:15
.
Pre-Run: 326,111,076,352 bytes free
Post-Run: 326,099,410,944 bytes free
.
- - End Of File - - BC60C58DAE825BC5A9FEA8B3FD5F4615


----------



## kevinf80 (Mar 21, 2006)

Run the following:

1. Close any open browsers.

2. *Close/disable all anti virus and anti malware programs* so they do not interfere with the running of ComboFix.

3. Open *notepad* and copy/paste the text in the Codebox below into it:


```
ClearJavaCache::
Folder::
c:\program files\Common Files\AVG Secure Search
c:\program files\Common Files\PC Tools
File::
c:\windows\system32\drivers\TrueSight.sys
c:\windows\system32\drivers\avgtpx86.sys
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
c:\windows\pss\McAfee Security Scan Plus.lnk.
Driver::
 vToolbarUpdater13.2.0
Avgldx86
avgtp
RegNull::
[HKEY_USERS\S-1-5-21-3695665762-3537947497-2156790703-1000\¬ î**]
"MachineID"=hex:91,43,4e,d0,7c,90,79,00
DUMPHIVE0.003 (REGF)
```
Save this as *CFScript.txt*, and as Type: *All Files* *(*.*)* in the same location as ComboFix.exe



















Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at *C:\ComboFix.txt* which I will require in your next reply.

Next,


 Go here: http://sourceforge.net/projects/hjt/ to download HijackThis program
 Save HijackThis to your desktop.
 Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
 Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
 copy and paste hijackthis report into the topic
...

Post Combofix log and HJT log....

Kevin..


----------



## STIG_DH (Jan 25, 2013)

Kevin

as requested below, the latest ComboFix and HJT scan.

I switched off Avast shields for 1hr, but they started up before the log file was completed (this time there was an automated reboot by ComboFix to execute the deletions).
It didn't seem to compromise anything (!)

Let me know what next to do

Thanks

David

*ComboFix (3)*

ComboFix 13-01-31.03 - David 31/01/2013 18:35:44.3.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.2046.1103 [GMT 0:00]
Running from: c:\users\David\Desktop\ComboFix.exe
Command switches used :: c:\users\David\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk"
"c:\windows\pss\McAfee Security Scan Plus.lnk."
"c:\windows\system32\drivers\avgtpx86.sys"
"c:\windows\system32\drivers\TrueSight.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Common Files\AVG Secure Search
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\UpdaterConfig.ini
c:\program files\Common Files\PC Tools
c:\program files\Common Files\PC Tools\GenTDI\GenericTdiDll.dll
c:\program files\Common Files\PC Tools\GenTDI\unins000.dat
c:\program files\Common Files\PC Tools\GenTDI\unins000.exe
c:\program files\Common Files\PC Tools\GenTDI\unins000.msg
c:\program files\Common Files\PC Tools\KDS\KDSAppEvent.dll
c:\program files\Common Files\PC Tools\KDS\KDSInterface.dll
c:\program files\Common Files\PC Tools\KDS\unins000.dat
c:\program files\Common Files\PC Tools\KDS\unins000.exe
c:\program files\Common Files\PC Tools\KDS\unins000.msg
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
c:\windows\system32\drivers\avgtpx86.sys
c:\windows\system32\drivers\TrueSight.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AVGLDX86
-------\Legacy_AVGTP
-------\Service_Avgldx86
-------\Service_avgtp
-------\Service_vToolbarUpdater13.2.0
-------\Legacy_TrueSight
-------\Service_TrueSight
.
.
((((((((((((((((((((((((( Files Created from 2012-12-28 to 2013-01-31 )))))))))))))))))))))))))))))))
.
.
2013-01-31 19:06 . 2013-01-31 19:10	--------	d-----w-	c:\users\David\AppData\Local\temp
2013-01-31 19:06 . 2013-01-31 19:06	--------	d-----w-	c:\users\Mcx1\AppData\Local\temp
2013-01-30 20:34 . 2013-01-30 20:34	--------	d-----w-	c:\users\Default\AppData\Local\Programs
2013-01-30 10:26 . 2013-01-30 10:26	--------	d-----w-	C:\_OTL
2013-01-29 18:40 . 2013-01-31 08:13	60872	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{B102BADD-A7E5-41F8-A786-F5D00FE42EAB}\offreg.dll
2013-01-29 16:58 . 2013-01-29 16:59	115	----a-w-	c:\windows\DeleteOnReboot.bat
2013-01-29 08:30 . 2013-01-08 04:57	6991832	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{B102BADD-A7E5-41F8-A786-F5D00FE42EAB}\mpengine.dll
2013-01-25 15:41 . 2013-01-25 15:41	--------	d-----w-	c:\users\David\AppData\Local\WinZip
2013-01-25 15:40 . 2013-01-25 15:41	--------	d-----w-	c:\programdata\WinZip
2013-01-24 11:09 . 2013-01-24 11:09	--------	d-----w-	c:\users\David\AppData\Local\Programs
2013-01-20 13:42 . 2013-01-12 03:30	94112	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2013-01-16 11:18 . 2013-01-16 11:18	--------	d-----w-	c:\users\David\AppData\Roaming\RealNetworks
2013-01-16 11:18 . 2013-01-16 11:18	--------	d-----w-	c:\program files\RealNetworks
2013-01-16 11:17 . 2013-01-16 11:17	--------	d-----w-	c:\program files\Common Files\xing shared
2013-01-09 12:39 . 2012-11-22 04:45	626688	----a-w-	c:\windows\system32\usp10.dll
2013-01-09 12:39 . 2012-11-23 02:56	2345984	----a-w-	c:\windows\system32\win32k.sys
2013-01-09 12:39 . 2012-11-09 04:43	492032	----a-w-	c:\windows\system32\win32spl.dll
2013-01-09 12:39 . 2012-11-01 04:47	1389568	----a-w-	c:\windows\system32\msxml6.dll
2013-01-09 12:37 . 2012-12-07 10:46	43520	----a-w-	c:\windows\system32\csrr.rs
2013-01-09 12:36 . 2012-11-20 04:51	220160	----a-w-	c:\windows\system32\ncrypt.dll
2013-01-09 12:36 . 2012-11-23 02:48	49152	----a-w-	c:\windows\system32\taskhost.exe
2013-01-04 18:26 . 2013-01-04 18:26	--------	d-----w-	c:\users\David\AppData\Local\ElevatedDiagnostics
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-20 13:47 . 2012-03-31 16:12	697864	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-01-20 13:47 . 2011-05-29 08:35	74248	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-20 13:47 . 2012-05-07 07:30	15739912	----a-w-	c:\windows\system32\FlashPlayerInstaller.exe
2013-01-16 11:17 . 2003-03-19 03:14	499712	----a-w-	c:\windows\system32\msvcp71.dll
2013-01-16 11:17 . 2003-02-21 11:42	348160	----a-w-	c:\windows\system32\msvcr71.dll
2012-12-23 22:13 . 2012-12-23 22:13	65848	----a-w-	c:\windows\system32\drivers\RapportKELL.sys
2012-12-16 14:13 . 2012-12-23 12:21	295424	----a-w-	c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-23 12:21	34304	----a-w-	c:\windows\system32\atmlib.dll
2012-12-14 16:49 . 2008-12-29 18:58	21104	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-11-20 19:15 . 2012-04-08 18:19	821736	----a-w-	c:\windows\system32\npdeployJava1.dll
2012-11-20 19:15 . 2010-04-17 21:13	746984	----a-w-	c:\windows\system32\deployJava1.dll
2012-11-14 02:09 . 2012-12-14 11:54	1800704	----a-w-	c:\windows\system32\jscript9.dll
2012-11-14 01:58 . 2012-12-14 11:54	1427968	----a-w-	c:\windows\system32\inetcpl.cpl
2012-11-14 01:57 . 2012-12-14 11:54	1129472	----a-w-	c:\windows\system32\wininet.dll
2012-11-14 01:49 . 2012-12-14 11:54	142848	----a-w-	c:\windows\system32\ieUnatt.exe
2012-11-14 01:48 . 2012-12-14 11:54	420864	----a-w-	c:\windows\system32\vbscript.dll
2012-11-14 01:44 . 2012-12-14 11:54	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-11-09 04:42 . 2012-12-13 08:37	2048	----a-w-	c:\windows\system32\tzres.dll
2012-11-08 18:00 . 2013-01-31 19:09	6812136	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{743A99AF-F66F-478F-BBE9-E02D3939A56F}\mpengine.dll
2012-01-16 17:22 . 2012-01-16 17:22	293736	----a-w-	c:\program files\iTunesOutlookAddIn.dll
2012-01-16 17:22 . 2012-01-16 17:22	421736	----a-w-	c:\program files\iTunesHelper.exe
2012-01-16 17:22 . 2012-01-16 17:22	403304	----a-w-	c:\program files\iTunesAdmin.dll
2012-01-16 17:22 . 2012-01-16 17:22	156520	----a-w-	c:\program files\iTunesHelper.dll
2012-01-16 17:22 . 2012-01-16 17:22	124776	----a-w-	c:\program files\iTunesMiniPlayer.dll
2012-01-16 17:22 . 2012-01-16 17:22	9777000	----a-w-	c:\program files\iTunes.exe
2012-01-16 17:22 . 2012-01-16 17:22	20868968	----a-w-	c:\program files\iTunes.dll
2012-01-16 17:22 . 2012-01-16 17:22	803200	----a-w-	c:\program files\gnsdk_sdkmanager.dll
2012-01-16 17:22 . 2012-01-16 17:22	3035520	----a-w-	c:\program files\gnsdk_dsp.dll
2012-01-16 17:22 . 2012-01-16 17:22	287104	----a-w-	c:\program files\gnsdk_submit.dll
2012-01-16 17:22 . 2012-01-16 17:22	246144	----a-w-	c:\program files\gnsdk_musicid.dll
2012-01-16 17:22 . 2012-01-16 17:22	2010984	----a-w-	c:\program files\iPodUpdaterExt.dll
2011-11-14 20:16 . 2011-11-14 20:16	112488	----a-w-	c:\program files\ITDetector.ocx
2010-03-10 23:01 . 2013-01-19 10:24	124272	----a-w-	c:\program files\mozilla firefox\plugins\CCMSDK.dll
2010-03-10 23:40 . 2013-01-19 10:24	13168	----a-w-	c:\program files\mozilla firefox\plugins\cgpcfg.dll
2010-03-10 23:02 . 2013-01-19 10:24	70512	----a-w-	c:\program files\mozilla firefox\plugins\CgpCore.dll
2010-03-10 23:01 . 2013-01-19 10:24	91504	----a-w-	c:\program files\mozilla firefox\plugins\confmgr.dll
2010-03-10 23:01 . 2013-01-19 10:24	22384	----a-w-	c:\program files\mozilla firefox\plugins\ctxlogging.dll
2010-03-10 23:00 . 2013-01-19 10:24	255344	----a-w-	c:\program files\mozilla firefox\plugins\ctxmui.dll
2010-03-10 23:01 . 2013-01-19 10:24	31088	----a-w-	c:\program files\mozilla firefox\plugins\icafile.dll
2010-03-10 23:01 . 2013-01-19 10:24	40304	----a-w-	c:\program files\mozilla firefox\plugins\icalogon.dll
2008-06-19 09:16 . 2013-01-19 10:24	118784	----a-w-	c:\program files\mozilla firefox\plugins\MyCamera.dll
2009-10-05 12:49 . 2013-01-19 10:24	652640	----a-w-	c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2010-03-10 23:02 . 2013-01-19 10:24	23920	----a-w-	c:\program files\mozilla firefox\plugins\TcpPServ.dll
2013-01-19 10:24 . 2013-01-19 10:24	262552	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
2010-09-02 16:44 . 2013-01-19 10:24	119808	----a-w-	c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{92EF2EAD-A7CE-4424-B0DB-499CF856608E}]
2013-01-10 15:59	581984	----a-w-	c:\program files\Evernote\Evernote\EvernoteIE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50	121528	----a-w-	c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\David\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\David\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\David\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-12-17 19:50	556648	----a-w-	c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-12-17 19:50	556648	----a-w-	c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-12-17 19:50	556648	----a-w-	c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-12-17 19:50	556648	----a-w-	c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"Hobbyist Software On-Off Helper"="c:\program files\Hobbyist Software\Off-Helper\Off-Helper Configuration.exe" [2011-03-10 565248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-08-15 04:05	98304	----a-w-	c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Air Mouse.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Air Mouse.lnk
backup=c:\windows\pss\Air Mouse.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PURE Flow Server Tray Control.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\PURE Flow Server Tray Control.lnk
backup=c:\windows\pss\PURE Flow Server Tray Control.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDDMStatus.lnk]
backup=c:\windows\pss\WDDMStatus.lnk.CommonStartup
backupExtension=.CommonStartup
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk
.
[HKLM\~\startupfolder\C:^Users^David^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^David^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^EvernoteClipper.lnk]
path=c:\users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
backup=c:\windows\pss\EvernoteClipper.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^David^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^David^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
path=c:\users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^David^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PUREFlow Server.lnk]
path=c:\users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PUREFlow Server.lnk
backup=c:\windows\pss\PUREFlow Server.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35	946352	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-09-10 23:43	67488	----a-w-	c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppMon Utility]
2007-09-20 23:52	542560	----a-w-	c:\program files\Sony\AppMonUtil\AppMonUtility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-11-01 23:25	59240	----a-w-	c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2010-07-26 02:08	2569616	----a-w-	c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ConnectionCenter]
2010-03-10 23:21	300400	----a-w-	c:\program files\Citrix\ICA Client\concentr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-03-21 21:10	1230704	----a-w-	c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2010-11-20 12:17	144384	----a-w-	c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-09-02 16:44	30192	----a-w-	c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoogleDriveSync]
2012-12-17 19:50	16328976	----a-w-	c:\program files\Google\Drive\googledrivesync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 17:36	30040	----a-w-	c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hobbyist Software On-Off Helper]
2011-03-10 00:50	565248	----a-w-	c:\program files\Hobbyist Software\Off-Helper\Off-Helper Configuration.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
2012-06-26 20:36	1629280	----a-w-	c:\program files\Microsoft Device Center\ipoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliType Pro]
2012-06-26 20:36	1109072	----a-w-	c:\program files\Microsoft Device Center\itype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-01-16 17:22	421736	----a-w-	c:\program files\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MarketingTools]
2007-12-18 22:00	36864	----a-w-	c:\program files\Sony\Marketing Tools\MarketingTools.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyPoi Monitor]
2010-03-26 15:10	2114808	----a-w-	c:\program files\Common Files\MyPoiWorld Shared\MyPoiMonitor\MyPoiMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSUFloatingUI]
2008-11-05 07:32	262144	----a-w-	c:\program files\Sony\Network Utility\LANUtil.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2007-11-07 00:13	8497696	----a-w-	c:\windows\System32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2007-11-07 00:13	81920	----a-w-	c:\windows\System32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
2007-11-07 00:16	86016	----a-w-	c:\windows\System32\nvsvc.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 14:28	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2010-11-20 12:17	1174016	----a-w-	c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 08:04	252848	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-12-03 18:43	39408	----a-w-	c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2013-01-16 11:17	295072	----a-w-	c:\program files\Real\RealPlayer\Update\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue ProcessQuickLink 2]
2008-04-02 08:50	655640	----a-w-	c:\program files\Uniblue\ProcessQuickLink 2\ProcessQuickLink2.exe
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [x]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [x]
R3 libusb0;libusb-win32 - Kernel Driver, Version 1.2.4.0;c:\windows\system32\drivers\libusb0.sys [x]
R3 Sony PC Companion;Sony PC Companion;c:\program files\Sony\Sony PC Companion\PCCService.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe [x]
R3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [x]
R3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [x]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [x]
R4 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [x]
R4 WDFME;WD File Management Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [x]
R4 WDSC;WD File Management Shadow Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [x]
S0 RapportKELL;RapportKELL;c:\windows\System32\Drivers\RapportKELL.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x]
S1 RapportCerberus_43926;RapportCerberus_43926;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus32_43926.sys [x]
S1 RapportEI;RapportEI;c:\program files\Trusteer\Rapport\bin\RapportEI.sys [x]
S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 NSUService;NSUService;c:\program files\Sony\Network Utility\NSUService.exe [x]
S2 Off-Helper;Off-Helper;c:\program files\Hobbyist Software\Off-Helper\Off-Helper Service.exe [x]
S2 PURE Flow Server;PURE Flow Server;c:\program files\PURE Flow Server\twonkymediaserverwatchdog.exe [x]
S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [x]
S2 uCamMonitor;CamMonitor;c:\program files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe [x]
S2 VCFw;VAIO Content Folder Watcher;c:\program files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [x]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 AVerM115S;AVerM115S service;c:\windows\system32\DRIVERS\AVerM115S.sys [x]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
S3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\Drivers\R5U870FLx86.sys [x]
S3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\Drivers\R5U870FUx86.sys [x]
S3 RapportIaso;RapportIaso;c:\programdata\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [x]
S3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [x]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update\VUAgent.exe [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - RAPPORTIASO
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-24 08:50	1607120	----a-w-	c:\program files\Google\Chrome\Application\24.0.1312.56\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 13:47]
.
2013-01-31 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-12-18 18:28]
.
2013-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-07 16:55]
.
2013-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-07 16:55]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
IE: Add to Evernote 4 - c:\program files\Evernote\Evernote\\EvernoteIERes\Clip.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: New Note - c:\program files\Evernote\Evernote\\EvernoteIERes\NewNote.html
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{B8E8EBE0-C1DD-4A83-86D6-F9C48AD53AA8}: NameServer = 192.168.2.1,89.16.173.11
TCP: Interfaces\{B8E8EBE0-C1DD-4A83-86D6-F9C48AD53AA8}\84F6D656: NameServer = 192.168.2.1,89.16.173.11
FF - ProfilePath - c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\wf9gy7j5.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - ExtSQL: !HIDDEN! 2009-08-21 07:48; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3695665762-3537947497-2156790703-1000\¬ î**]
"MachineID"=hex:91,43,4e,d0,7c,90,79,00
DUMPHIVE0.003 (REGF)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3796)
c:\users\David\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\system32\stacsv.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Sony\VAIO Event Service\VESMgrSub.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\program files\Sony\VAIO Update\VAIOUpdt.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\PURE Flow Server\TwonkyMediaServer.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\vssvc.exe
.
**************************************************************************
.
Completion time: 2013-01-31 19:20:04 - machine was rebooted
ComboFix-quarantined-files.txt 2013-01-31 19:20
ComboFix2.txt 2013-01-31 15:35
ComboFix3.txt 2013-01-31 09:15
.
Pre-Run: 326,150,160,384 bytes free
Post-Run: 325,915,168,768 bytes free
.
- - End Of File - - 9939A5E42096810CEF5651667FF1A878

*
HJT scan*

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:23:27, on 31/01/2013
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\taskeng.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Hobbyist Software On-Off Helper] "C:\Program Files\Hobbyist Software\Off-Helper\Off-Helper Configuration.exe" /startup
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O8 - Extra context menu item: Add to Evernote 4 - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: New Note - C:\Program Files\Evernote\Evernote\\EvernoteIERes\NewNote.html
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\\EvernoteIERes\AddNote.html
O9 - Extra 'Tools' menuitem: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\\EvernoteIERes\AddNote.html
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B8E8EBE0-C1DD-4A83-86D6-F9C48AD53AA8}: NameServer = 192.168.2.1,89.16.173.11
O17 - HKLM\System\CS1\Services\Tcpip\..\{B8E8EBE0-C1DD-4A83-86D6-F9C48AD53AA8}: NameServer = 192.168.2.1,89.16.173.11
O17 - HKLM\System\CS2\Services\Tcpip\..\{B8E8EBE0-C1DD-4A83-86D6-F9C48AD53AA8}: NameServer = 192.168.2.1,89.16.173.11
O17 - HKLM\System\CS3\Services\Tcpip\..\{B8E8EBE0-C1DD-4A83-86D6-F9C48AD53AA8}: NameServer = 192.168.2.1,89.16.173.11
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NSUService - Sony Corporation - C:\Program Files\Sony\Network Utility\NSUService.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: PURE Flow Server - PacketVideo - C:\Program Files\PURE Flow Server\twonkymediaserverwatchdog.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files\Sony\Sony PC Companion\PCCService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\stacsv.exe
O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VUAgent - Sony Corporation - C:\Program Files\Sony\VAIO Update\VUAgent.exe
O23 - Service: Windows Presentation Foundation Font Cache 4.0.0.0 (WPFFontCache_v0400) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (file missing)
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12839 bytes


----------



## kevinf80 (Mar 21, 2006)

What is the status of your system at present, any improvement/change??


----------



## STIG_DH (Jan 25, 2013)

Kevin

performance has improved - yes!

It takes about 6-7 mins from switching on to a degree of usability (ie far better than it was).
Physical memory usage doesn't get up to 87-88% any more (rises to above 50%) and CPU usage is as before.
Chrome loads quickly - Firefox still very slow to arrive. But I can just change browser fully (I used Firefox then went over to Chrome in recent weeks).
The hard drive still chugs along like a mad thing, but she is much better and settles down to comparative quiet after 15mins. So not as she was when new, but more accommodating now than in recent weeks.

Are there any other fixes I can make for improvement?

And as we are near to journey's end:-

what did you see that was creating mayhem? Why was PC suffering digital constipation?

what toolkits would you advise going forward (I use Avast free - very happy with that, Malwarebytes free - again happy,and Revo Uninstaller to remove programmes)

any other tips?

David


----------



## kevinf80 (Mar 21, 2006)

I did not seeing anything malicious, quite a lot of unwanted extras, addons and plugins for your browsers. Lots of file remnants and unwanted rubbish. General clutter I guess. Run OTL one more time for a last look, maybe a bit more clean up, see if we can improve.... After that we can remove all tools etc...

Double click the OTL icon to start the tool. (Note: If you are running on Vista or Windows 7 accept UAC alert)


 When the window appears, underneath *Output* at the top, make sure *Standard output* is selected.
 Select *Scan all users*
 Under the *Extra Registry* section, check *Use SafeList*
 In the lower right corner, checkmark *"LOP Check"* and checkmark *"Purity Check".*
 Click *Run Scan* and let the program run uninterrupted.
 When the scan is complete, two text files will be created on your Desktop.
 *OTL.Txt* <- this one will be opened
 *Extras.txt* <- this one will be minimized

Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of *OTL.Txt* and the *Extras.txt* in your next reply.

Kevin


----------



## STIG_DH (Jan 25, 2013)

Kevin

glad to hear nothing malicious found. I like to think I'm careful about this - but maybe not if the browser is populated with too many add-ons and plug-ins that i don't need!.

I guess file remnants are caused by things not fully cleaned upon removal, or incomplete installations?
But no registry errors etc?

Anyhow, back to the matter in hand - log files as requested.

For what it's worth, my Firefox seems to use resources for some time after I think its closed. Its been very odd recently.
I used to get 'unresponsive script' alerts when waking the computer from hibernation, with eg chrome browser open - these used to hang on for 5mins or more (but I'm only seeing them fleetingly now).

The OTL scan spent a very long time scanning Pure Flow Server/db/ entries. This is the server associated my internet radio. I do use it every day for about 10hrs though.....

To the uninitiated, the Extras log file has a lot of worrying Error messages (but I guess you don't need me to tell you that )

I will send the Extras log in the next post

David

*OTL log*

OTL logfile created on: 31/01/2013 22:01:30 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\David\Documents\Desktop Computer\Malware removal Jan-13
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 0.98 Gb Available Physical Memory | 48.93% Memory free
4.00 Gb Paging File | 2.26 Gb Available in Paging File | 56.52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 454.80 Gb Total Space | 303.45 Gb Free Space | 66.72% Space Free | Partition Type: NTFS

Computer Name: DAVID-PC | User Name: David | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/30 08:27:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\David\My Documents\Desktop Computer\Malware removal Jan-13\OTL.exe
PRC - [2013/01/19 10:24:33 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/01/18 08:07:04 | 001,248,208 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2012/12/23 22:13:16 | 001,673,048 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2012/12/23 22:13:16 | 000,976,728 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2012/12/18 14:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/11/30 02:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012/11/29 20:33:04 | 000,232,608 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
PRC - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012/11/23 02:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/10/30 22:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/10/30 22:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/10/26 10:33:12 | 001,038,496 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
PRC - [2012/10/26 09:44:42 | 000,957,056 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update\VUAgent.exe
PRC - [2011/03/10 00:50:38 | 000,565,248 | ---- | M] (Microsoft) -- C:\Program Files\Hobbyist Software\Off-Helper\Off-Helper Configuration.exe
PRC - [2011/03/10 00:17:10 | 000,006,656 | ---- | M] (Microsoft) -- C:\Program Files\Hobbyist Software\Off-Helper\Off-Helper Service.exe
PRC - [2011/02/25 05:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 12:17:28 | 000,157,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\perfmon.exe
PRC - [2010/05/20 16:15:00 | 000,110,736 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2010/03/11 14:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2009/10/29 10:11:16 | 000,239,248 | ---- | M] (PacketVideo) -- C:\Program Files\PURE Flow Server\twonkymediaserverwatchdog.exe
PRC - [2009/10/29 10:11:12 | 000,665,232 | ---- | M] () -- C:\Program Files\PURE Flow Server\twonkymediaserver.exe
PRC - [2009/03/05 18:41:58 | 005,189,992 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
PRC - [2008/11/03 15:01:44 | 000,299,008 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Network Utility\NSUService.exe
PRC - [2007/11/09 17:34:28 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe
PRC - [2007/10/27 00:22:47 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/09/10 23:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
PRC - [2007/08/15 04:05:18 | 000,182,392 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2007/08/15 04:05:18 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe

========== Modules (No Company Name) ==========

MOD - [2013/01/19 10:24:31 | 003,022,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/01/18 08:07:02 | 012,459,472 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.56\PepperFlash\pepflashplayer.dll
MOD - [2013/01/18 08:07:02 | 000,460,240 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.56\ppgooglenaclpluginchrome.dll
MOD - [2013/01/18 08:07:01 | 004,012,496 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.56\pdf.dll
MOD - [2013/01/18 08:06:15 | 000,597,968 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.56\libglesv2.dll
MOD - [2013/01/18 08:06:15 | 000,124,368 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.56\libegl.dll
MOD - [2013/01/18 08:06:13 | 001,552,848 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.56\ffmpegsumo.dll
MOD - [2013/01/11 10:18:21 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll
MOD - [2013/01/11 10:17:52 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll
MOD - [2013/01/11 10:17:12 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\68f617caf670fefc0be769a294dc4ffd\System.ServiceProcess.ni.dll
MOD - [2013/01/11 10:16:25 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013/01/11 10:15:20 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll
MOD - [2013/01/11 10:11:41 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll
MOD - [2013/01/11 10:09:32 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/01/11 10:09:04 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll
MOD - [2013/01/11 10:08:45 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013/01/11 10:08:32 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/01/11 10:08:12 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013/01/11 10:05:42 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/11 10:05:17 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012/10/29 11:50:00 | 000,520,464 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
MOD - [2012/08/21 17:18:44 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll

========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2013/01/20 13:47:32 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/01/19 10:24:32 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/12/23 22:13:16 | 000,976,728 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2012/12/18 14:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2012/11/09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/10/30 22:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/10/26 09:44:42 | 000,957,056 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Update\VUAgent.exe -- (VUAgent)
SRV - [2012/01/28 06:21:35 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012/01/18 13:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2011/03/10 00:17:10 | 000,006,656 | ---- | M] (Microsoft) [Auto | Running] -- C:\Program Files\Hobbyist Software\Off-Helper\Off-Helper Service.exe -- (Off-Helper)
SRV - [2010/05/20 16:15:00 | 000,110,736 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2010/05/10 10:33:42 | 000,110,592 | ---- | M] (WDC) [Disabled | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2010/05/10 10:32:36 | 001,858,048 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME)
SRV - [2010/05/10 10:32:06 | 000,482,304 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC)
SRV - [2010/03/11 14:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009/10/29 10:11:16 | 000,239,248 | ---- | M] (PacketVideo) [Auto | Running] -- C:\Program Files\PURE Flow Server\twonkymediaserverwatchdog.exe -- (PURE Flow Server)
SRV - [2009/09/08 17:09:14 | 000,083,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper)
SRV - [2009/07/14 01:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 01:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/05/30 10:49:55 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/03/05 18:47:40 | 000,313,264 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2009/03/05 18:47:40 | 000,192,512 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2009/03/05 18:47:40 | 000,069,632 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2009/03/05 18:41:58 | 005,189,992 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2008/11/03 15:01:44 | 000,299,008 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\Network Utility\NSUService.exe -- (NSUService)
SRV - [2007/11/09 17:34:28 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe -- (uCamMonitor)
SRV - [2007/10/27 00:22:47 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/09/10 23:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2007/08/15 04:05:18 | 000,182,392 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2007/06/20 22:35:06 | 002,523,136 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2007/06/20 22:34:52 | 000,499,712 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2007/06/20 22:34:50 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-UCLS-UPnP)
SRV - [2007/06/20 22:34:50 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP)
SRV - [2007/06/20 22:34:50 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-UCLS-HTTP)
SRV - [2007/06/20 22:34:50 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP)
SRV - [2007/01/10 23:51:06 | 000,745,472 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe -- (VAIOMediaPlatform-UCLS-AppServer)
SRV - [2006/12/14 09:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 09:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 08:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\David\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/12/23 22:13:34 | 000,071,480 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2012/12/23 22:13:34 | 000,065,848 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2012/12/23 22:13:32 | 000,166,840 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2012/10/30 22:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/10/30 22:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/10/30 22:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/10/30 22:51:57 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/10/30 22:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/10/29 11:50:33 | 000,272,216 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus32_43926.sys -- (RapportCerberus_43926)
DRV - [2012/10/15 16:59:28 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2012/08/09 13:55:05 | 000,025,200 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2012/08/09 13:55:05 | 000,012,400 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2011/10/07 17:52:18 | 000,021,504 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0)
DRV - [2010/11/20 10:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 09:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/09/07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/03/10 10:36:36 | 000,217,032 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/10/05 09:08:42 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2009/07/13 22:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/13 22:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2008/05/06 15:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2007/12/20 15:52:06 | 000,017,408 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV - [2007/11/23 14:59:43 | 000,841,472 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVerM115S.sys -- (AVerM115S)
DRV - [2007/11/08 03:04:27 | 000,073,472 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FLx86.sys -- (R5U870FLx86)
DRV - [2007/11/08 03:04:27 | 000,043,904 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FUx86.sys -- (R5U870FUx86)
DRV - [2007/11/07 00:16:12 | 007,626,400 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/10/27 00:22:55 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/09/20 00:12:57 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/09/19 21:38:18 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
DRV - [2007/08/29 01:58:45 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
DRV - [2007/06/06 00:00:39 | 000,812,544 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2007/05/26 08:03:06 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2007/04/24 08:33:46 | 000,100,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125mgmt.sys -- (s125mgmt)
DRV - [2007/04/24 08:33:46 | 000,098,696 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125obex.sys -- (s125obex)
DRV - [2007/04/24 08:33:44 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125mdm.sys -- (s125mdm)
DRV - [2007/04/24 08:33:42 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125mdfl.sys -- (s125mdfl)
DRV - [2007/04/24 08:33:34 | 000,083,336 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125bus.sys -- (s125bus)
DRV - [2007/04/17 20:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{8D835501-C37D-4043-AD6C-A23EB260A8CD}: "URL" = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\..\SearchScopes\{8D835501-C37D-4043-AD6C-A23EB260A8CD}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GPEA_en-GB
IE - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\..\SearchScopes\{D8B9925B-7A40-427C-A6EA-191BC3A43307}: "URL" = http://uk.ask.com/web?q={searchTerms}&qsrc=0&o=0&l=dir&dm=all
IE - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: %7B195A3098-0BD5-4e90-AE22-BA1C540AFD1E%7D:4.0.4
FF - prefs.js..extensions.enabledAddons: %7BE0B8C461-F8FB-49b4-8373-FE32E9252800%7D:5.4.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/11/20 08:34:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/01/16 11:18:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/01/16 11:18:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/19 10:24:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/01/19 10:24:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/19 10:24:34 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/01/19 10:24:22 | 000,000,000 | ---D | M]

[2012/01/27 19:20:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\David\AppData\Roaming\Mozilla\Extensions
[2013/01/31 20:50:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\wf9gy7j5.default\extensions
[2012/12/01 13:19:35 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\wf9gy7j5.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2012/01/27 19:20:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\wf9gy7j5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/01/27 19:20:20 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\wf9gy7j5.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2013/01/14 17:09:38 | 000,000,000 | ---D | M] (Evernote Web Clipper) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\wf9gy7j5.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
[2012/02/10 15:52:35 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\wf9gy7j5.default\extensions\pi[email protected]
[2013/01/14 18:31:15 | 000,579,823 | ---- | M] () (No name found) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\wf9gy7j5.default\extensions\{6C4BAFB6-2AC2-4405-A98D-546B55B3AE92}.xpi
[2013/01/31 20:50:33 | 000,817,973 | ---- | M] () (No name found) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\wf9gy7j5.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/01/19 10:24:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/01/19 10:24:33 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/03/10 23:01:02 | 000,124,272 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CCMSDK.dll
[2010/03/10 23:02:52 | 000,070,512 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2010/03/10 23:01:48 | 000,091,504 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
[2010/03/10 23:01:24 | 000,022,384 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
[2008/06/19 09:16:24 | 000,118,784 | ---- | M] (CANON INC.) -- C:\Program Files\mozilla firefox\plugins\MyCamera.dll
[2008/06/19 09:16:24 | 000,053,248 | ---- | M] (CANON INC.) -- C:\Program Files\mozilla firefox\plugins\NPCIG.dll
[2010/03/10 23:40:56 | 000,423,248 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
[2013/01/16 11:17:26 | 000,124,056 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2010/03/10 23:02:48 | 000,023,920 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll
[2012/12/05 18:48:18 | 000,001,738 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/10/15 09:10:53 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/12/05 18:48:18 | 000,001,148 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/12/05 18:48:18 | 000,001,379 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/10/15 09:10:53 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/12/05 18:48:18 | 000,001,334 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - homepage: http://www.bbc.co.uk/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.bbc.co.uk/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.56\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.56\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Canon Online Photo Plugin Module (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPCIG.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Users\David\AppData\Roaming\Mozilla\plugins\npatgpc.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll
CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\Mozilla Plugins\npitunes.dll
CHR - plugin: Media Go Detector (Enabled) = C:\Program Files\Sony\Media Go\npmediago.dll
CHR - plugin: PlayStation(R)Network Downloader Check Plug-in (Enabled) = C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Drive = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Kingdom Rush = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckmfhhjalnddapegkbbohfaodgbnocim\1.0.7.3_0\
CHR - Extension: Google Search = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
CHR - Extension: RealDownloader = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0\
CHR - Extension: Wave theme = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgahidbcmoibbodajeakkjpocflpnad\1.32_0\
CHR - Extension: SlideRocket = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\omeengfjefdmhnkojnfmncpfdbhnecea\2.0.2_0\
CHR - Extension: Evernote Web Clipper = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\5.9.5_0\
CHR - Extension: Gmail = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/01/31 19:09:59 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Evernote extension) - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google BAE\BAE.dll (Your Company Name)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Hobbyist Software On-Off Helper] C:\Program Files\Hobbyist Software\Off-Helper\Off-Helper Configuration.exe (Microsoft)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Evernote 4 - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: New Note - C:\Program Files\Evernote\Evernote\\EvernoteIERes\NewNote.html ()
O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.11.2)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.11.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B8E8EBE0-C1DD-4A83-86D6-F9C48AD53AA8}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B8E8EBE0-C1DD-4A83-86D6-F9C48AD53AA8}: NameServer = 192.168.2.1,89.16.173.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C2AADC08-9101-4CD2-9A9F-4AEA51038AE5}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Backgrounds\01931_desertsunlight_1920x1080.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Backgrounds\01931_desertsunlight_1920x1080.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\...com [@ = ComFile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/31 20:24:55 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZipEC
[2013/01/31 20:24:47 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\assembly
[2013/01/31 19:10:21 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/01/31 19:06:23 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/01/31 19:06:23 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\temp
[2013/01/31 08:38:45 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/01/31 08:38:45 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/01/31 08:38:45 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/01/31 08:38:33 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/01/31 08:37:56 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/01/31 07:52:27 | 005,029,270 | R--- | C] (Swearware) -- C:\Users\David\Desktop\ComboFix.exe
[2013/01/30 11:30:44 | 000,000,000 | ---D | C] -- C:\Users\David\Documents\mbar-1.01.0.1017
[2013/01/30 10:26:30 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/01/29 19:48:16 | 000,000,000 | ---D | C] -- C:\Users\David\Desktop\RK_Quarantine
[2013/01/29 18:40:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
[2013/01/26 18:27:40 | 000,000,000 | ---D | C] -- C:\Users\David\Documents\AstraZeneca Employment
[2013/01/25 15:41:52 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\WinZip
[2013/01/25 15:41:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2013/01/25 15:40:52 | 000,000,000 | ---D | C] -- C:\Users\David\Documents\Add-in Express
[2013/01/25 15:40:30 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2013/01/25 15:40:10 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2013/01/24 11:09:17 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\Programs
[2013/01/21 19:11:15 | 000,000,000 | ---D | C] -- C:\Users\David\Documents\Sony
[2013/01/20 13:42:06 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/01/20 13:42:06 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/01/20 13:42:06 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/01/19 10:24:08 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/01/16 11:18:56 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\RealNetworks
[2013/01/16 11:18:04 | 000,000,000 | ---D | C] -- C:\Program Files\RealNetworks
[2013/01/16 11:17:59 | 000,000,000 | ---D | C] -- C:\ProgramData\RealNetworks
[2013/01/16 11:17:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2013/01/16 11:17:37 | 000,201,424 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2013/01/16 11:17:20 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2013/01/16 11:17:20 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2013/01/16 11:17:19 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
[2013/01/16 11:17:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
[2013/01/16 11:12:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2013/01/09 12:39:37 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/01/09 12:38:55 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2013/01/09 12:38:55 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013/01/09 12:38:51 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2013/01/09 12:38:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/01/09 12:38:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2013/01/09 12:38:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/01/09 12:38:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2013/01/09 12:38:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2013/01/09 12:38:47 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2013/01/09 12:38:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/01/09 12:38:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2013/01/09 12:38:46 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2013/01/09 12:38:46 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2013/01/09 12:38:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/01/09 12:38:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2013/01/09 12:38:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/09 12:38:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2013/01/09 12:38:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2013/01/09 12:38:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2013/01/09 12:38:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2013/01/09 12:38:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2013/01/09 12:38:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2013/01/09 12:38:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2013/01/09 12:38:42 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2013/01/09 12:38:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2013/01/09 12:38:41 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2013/01/09 12:38:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2013/01/09 12:38:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/01/09 12:38:38 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2013/01/09 12:38:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2013/01/09 12:37:43 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\System32\oflc-nz.rs
[2013/01/09 12:37:43 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\System32\csrr.rs
[2013/01/09 12:37:42 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\System32\fpb.rs
[2013/01/09 12:37:42 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\System32\cob-au.rs
[2013/01/09 12:37:41 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\System32\pegibbfc.rs
[2013/01/09 12:37:41 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\System32\usk.rs
[2013/01/09 12:37:41 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\System32\djctq.rs
[2013/01/09 12:37:40 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\System32\grb.rs
[2013/01/09 12:37:39 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi-pt.rs
[2013/01/09 12:37:39 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi.rs
[2013/01/09 12:37:38 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2013/01/09 12:37:36 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wpc.dll
[2013/01/09 12:37:24 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\System32\esrb.rs
[2013/01/09 12:37:21 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi-fi.rs
[2013/01/09 12:37:20 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\System32\oflc.rs
[2013/01/09 12:37:19 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\System32\cero.rs
[2013/01/09 12:36:32 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2013/01/09 12:36:28 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
[2013/01/04 18:26:13 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\ElevatedDiagnostics
[2012/01/16 17:22:16 | 000,293,736 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesOutlookAddIn.dll
[2012/01/16 17:22:12 | 000,421,736 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesHelper.exe
[2012/01/16 17:22:12 | 000,403,304 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesAdmin.dll
[2012/01/16 17:22:12 | 000,156,520 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesHelper.dll
[2012/01/16 17:22:12 | 000,124,776 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesMiniPlayer.dll
[2012/01/16 17:22:08 | 009,777,000 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunes.exe
[2012/01/16 17:22:04 | 020,868,968 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunes.dll
[2012/01/16 17:22:02 | 003,035,520 | ---- | C] (Gracenote, Inc.) -- C:\Program Files\gnsdk_dsp.dll
[2012/01/16 17:22:02 | 002,010,984 | ---- | C] (Apple Inc.) -- C:\Program Files\iPodUpdaterExt.dll
[2012/01/16 17:22:02 | 000,803,200 | ---- | C] (Gracenote, Inc.) -- C:\Program Files\gnsdk_sdkmanager.dll
[2012/01/16 17:22:02 | 000,287,104 | ---- | C] (Gracenote, Inc.) -- C:\Program Files\gnsdk_submit.dll
[2012/01/16 17:22:02 | 000,246,144 | ---- | C] (Gracenote, Inc.) -- C:\Program Files\gnsdk_musicid.dll
[2011/11/14 20:16:44 | 000,112,488 | ---- | C] (Apple Inc.) -- C:\Program Files\ITDetector.ocx

========== Files - Modified Within 30 Days ==========

[2013/01/31 21:59:20 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/31 21:59:19 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/31 21:59:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/31 20:50:19 | 000,009,728 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/31 20:50:19 | 000,009,728 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/31 20:34:07 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/31 20:33:47 | 1609,375,744 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/31 19:09:59 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/01/31 18:32:46 | 005,029,270 | R--- | M] (Swearware) -- C:\Users\David\Desktop\ComboFix.exe
[2013/01/31 10:52:00 | 000,000,820 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2013/01/30 20:38:19 | 000,041,799 | ---- | M] () -- C:\Users\David\AppData\Roaming\nvModes.dat
[2013/01/30 20:38:17 | 000,041,799 | ---- | M] () -- C:\Users\David\AppData\Roaming\nvModes.001
[2013/01/29 16:59:11 | 000,000,115 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013/01/29 15:36:26 | 000,086,586 | ---- | M] () -- C:\Users\David\Desktop\ideaTraX expanded item.png
[2013/01/29 14:45:56 | 000,063,511 | ---- | M] () -- C:\Users\David\Desktop\ideaTraX TB.png
[2013/01/26 18:18:16 | 000,639,696 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/01/26 18:18:16 | 000,115,078 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/01/25 15:41:22 | 000,002,281 | ---- | M] () -- C:\Users\Public\Desktop\WinZip.lnk
[2013/01/24 11:44:33 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/24 11:43:43 | 000,010,298 | ---- | M] () -- C:\Users\David\Desktop\Backup of Profile.wbk
[2013/01/20 13:47:29 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/01/20 13:47:29 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/01/20 13:47:14 | 015,739,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe
[2013/01/20 13:30:53 | 000,002,205 | ---- | M] () -- C:\Users\David\Desktop\Google Chrome.lnk
[2013/01/20 13:27:36 | 000,007,605 | ---- | M] () -- C:\Users\David\AppData\Local\Resmon.ResmonCfg
[2013/01/19 11:25:19 | 000,000,963 | ---- | M] () -- C:\Users\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/01/16 11:18:16 | 000,001,016 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2013/01/16 11:17:37 | 000,201,424 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2013/01/16 11:17:20 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2013/01/16 11:17:20 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2013/01/16 11:17:19 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
[2013/01/12 03:30:20 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/01/12 03:26:16 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/01/12 03:24:49 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/01/11 10:09:46 | 000,001,017 | ---- | M] () -- C:\Users\David\Desktop\Dropbox.lnk
[2013/01/11 09:59:01 | 000,484,480 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2013/01/31 08:38:45 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/01/31 08:38:45 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/01/31 08:38:45 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/01/31 08:38:45 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/01/31 08:38:45 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/01/29 16:58:45 | 000,000,115 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013/01/29 14:51:52 | 000,086,586 | ---- | C] () -- C:\Users\David\Desktop\ideaTraX expanded item.png
[2013/01/29 14:44:12 | 000,063,511 | ---- | C] () -- C:\Users\David\Desktop\ideaTraX TB.png
[2013/01/25 15:41:22 | 000,002,281 | ---- | C] () -- C:\Users\Public\Desktop\WinZip.lnk
[2013/01/24 11:44:33 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/24 11:43:38 | 000,010,298 | ---- | C] () -- C:\Users\David\Desktop\Backup of Profile.wbk
[2013/01/20 13:38:04 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/20 13:27:36 | 000,007,605 | ---- | C] () -- C:\Users\David\AppData\Local\Resmon.ResmonCfg
[2013/01/16 11:18:16 | 000,001,016 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2013/01/02 09:14:03 | 000,001,145 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk
[2012/01/27 19:49:01 | 000,021,924 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2011/11/14 20:15:32 | 000,064,083 | ---- | C] () -- C:\Program Files\Acknowledgements.rtf
[2011/04/30 07:27:36 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/04/30 07:27:36 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2010/01/30 10:11:12 | 000,025,773 | ---- | C] () -- C:\Users\David\AppData\Roaming\UserTile.png
[2009/12/08 21:14:18 | 000,000,255 | ---- | C] () -- C:\Users\David\SyncDocs.conf
[2009/03/13 16:51:59 | 000,003,272 | ---- | C] () -- C:\Users\David\TutorialOpen.xba
[2008/10/22 14:33:00 | 000,001,414 | ---- | C] () -- C:\Users\David\AppData\Roaming\wklnhst.dat
[2008/10/04 21:22:58 | 000,041,799 | ---- | C] () -- C:\Users\David\AppData\Roaming\nvModes.dat
[2008/10/04 21:22:58 | 000,041,799 | ---- | C] () -- C:\Users\David\AppData\Roaming\nvModes.001

========== ZeroAccess Check ==========

[2009/07/14 04:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 12:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 01:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/01/27 19:19:54 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\AVG10
[2012/01/27 19:19:54 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\calibre
[2012/01/27 19:19:54 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Canon
[2012/01/27 19:19:54 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\CD-LabelPrint
[2012/01/27 19:19:55 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Chilirec
[2012/01/27 19:19:57 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/01/27 19:19:57 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\DriverCure
[2013/01/30 13:55:29 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Dropbox
[2012/05/12 18:11:29 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\GARMIN
[2012/09/23 15:03:59 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\ICAClient
[2012/01/27 19:19:57 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\InterVideo
[2012/02/05 12:47:10 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\IsolatedStorage
[2012/01/27 19:20:06 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\MessengerGadget
[2012/01/27 19:20:23 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\OpenOffice.org
[2010/01/30 10:11:11 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\PeerNetworking
[2013/01/16 13:53:33 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\PrimoPDF
[2012/02/14 17:34:40 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Quo2
[2012/05/18 17:33:15 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Sony
[2012/02/05 12:44:29 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Symyx
[2012/01/31 18:14:44 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\SystemRequirementsLab
[2012/01/27 19:20:43 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Teleca
[2012/01/27 19:20:43 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Template
[2013/01/31 11:39:41 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\webex
[2012/03/06 11:28:41 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Windows Live Writer
[2012/01/27 19:20:43 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\wsInspector

========== Purity Check ==========

< End of report >


----------



## STIG_DH (Jan 25, 2013)

*Extras.txt*

OTL Extras logfile created on: 31/01/2013 22:01:30 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\David\Documents\Desktop Computer\Malware removal Jan-13
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 0.98 Gb Available Physical Memory | 48.93% Memory free
4.00 Gb Paging File | 2.26 Gb Available in Paging File | 56.52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 454.80 Gb Total Space | 303.45 Gb Free Space | 66.72% Space Free | Partition Type: NTFS

Computer Name: DAVID-PC | User Name: David | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3695665762-3537947497-2156790703-1000\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = ComFile] -- Reg Error: Key error. File not found
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
.pif [@ = piffile] -- Reg Error: Key error. File not found
.vbs [@ = VBSFile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ALDI Print Software] -- "C:\Program Files\ALDI\ALDI Print Software\ALDI Print Software.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{311365CF-67BF-4D23-8D6C-B1A4CA14EB27}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{398280C6-4487-4408-AE8F-2E90FE0270CB}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{C4693104-1DC7-48EC-ACAC-FF713AACAA38}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{CCB0B16E-0B84-4828-B255-DD575220022B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{CCD57AD8-32DC-403C-8C0D-DCD1DD6060AF}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00E915A2-12EF-4B68-8932-903B490626CE}" = protocol=6 | dir=in | app=c:\program files\avg\avg8\avgui.exe | 
"{05A892CA-25AC-4F9A-A40C-49705CC4B7E1}" = protocol=6 | dir=in | app=c:\program files\hobbyist software\off-helper\off-service.exe | 
"{0E6879C4-9B1F-4B9B-9367-69059F20B301}" = protocol=6 | dir=in | app=c:\program files\hobbyist software\off-helper\mdnsresponder.exe | 
"{1459C366-1DE7-4539-9402-6D11A23E41DD}" = protocol=17 | dir=in | app=c:\program files\pure flow server\twonkymediaserver.exe | 
"{149806A8-F15E-4A92-AC83-25430D4732D2}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3.exe | 
"{151831E5-517C-49C1-97D1-9BC8AEF3ECFE}" = protocol=6 | dir=in | app=c:\program files\hobbyist software\off-helper\mdnsresponder.exe | 
"{1B31C503-B58F-405B-81CC-02FFEDB2829F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{1E6C1969-69C7-4F1A-8DCE-330926F648CA}" = protocol=6 | dir=in | app=c:\program files\pure flow server\twonkymediaserverwatchdog.exe | 
"{1EE03891-0A61-4940-9164-8BD6F38013D6}" = protocol=17 | dir=in | app=c:\program files\hobbyist software\off-helper\dnssd-hobbyist.dll | 
"{1F41A23A-31E0-49CA-9C09-E8BD9AF03F96}" = protocol=6 | dir=in | app=c:\program files\mypoi manager\mypoimanager.exe | 
"{1FCA5921-DD70-4F81-B300-964CBE7FFD3C}" = protocol=17 | dir=in | app=c:\program files\hobbyist software\off-helper\off-service.exe | 
"{215CF163-2C7A-4777-BA0B-FB43EDA7AC3F}" = dir=in | app=c:\program files\itunes.exe | 
"{26B5B3F8-6FB2-4A9E-AFF7-42766C20ACC5}" = protocol=6 | dir=in | app=c:\program files\hobbyist software\off-helper\off-service.exe | 
"{28A7C33C-8963-486F-B3E8-8BEACA3C9949}" = protocol=6 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 complete\warlords\civ4warlords.exe | 
"{29C6D6BB-7B12-4024-94DB-253EC49AD41E}" = protocol=17 | dir=in | app=c:\program files\mypoi manager\mypoimanager.exe | 
"{2BFF40E5-4113-431F-97F3-030354A5B8A0}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{2C1AC17D-7527-42B0-A218-63A444D1E552}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe | 
"{2FAB14B7-4CE3-45B4-9D72-B85ECF41BC4E}" = protocol=17 | dir=in | app=c:\program files\hobbyist software\off-helper\off-helper service.exe | 
"{30884741-33D0-4DBE-A3D4-E62B3EFD37B7}" = protocol=17 | dir=in | app=c:\program files\kontiki\kservice.exe | 
"{309C0AF1-7AC5-4B31-8E7B-347894F9BAED}" = protocol=6 | dir=in | app=c:\program files\sony\vaio media 6.0\vc.exe | 
"{35FABDF1-E1BB-4DF4-A154-E1ADD62E92BC}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3.exe | 
"{362690FC-CF53-4C91-86DD-B9F9F0781156}" = protocol=17 | dir=in | app=c:\program files\hobbyist software\off-helper\off-helper service.exe | 
"{366DAFE5-42C9-482A-A029-DFFF0147A1CB}" = protocol=17 | dir=in | app=c:\program files\avg\avg8\avgui.exe | 
"{36F6BFA1-1C2B-4A9D-81A0-8618A8AFC162}" = protocol=17 | dir=in | app=c:\program files\pure flow server\twonkymediaserverwatchdog.exe | 
"{38DC32F9-C975-49C4-B645-B5A107124D2C}" = protocol=17 | dir=in | app=c:\program files\hobbyist software\off-helper\off-service.exe | 
"{3B3EAF1F-7A68-4C84-961C-53B5B5AFB999}" = protocol=17 | dir=in | app=c:\program files\hobbyist software\off-helper\mdnsresponder.exe | 
"{3F3E2937-561A-49AC-B429-32D7DBBB7C3F}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe | 
"{448B343F-C2DC-46A2-9DEB-E71524F862EE}" = protocol=6 | dir=in | app=c:\program files\hobbyist software\off-helper\mdnsresponder.exe | 
"{45B0BA67-D8FC-4083-BECF-4B8AA318D361}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | 
"{4C941601-63F3-4E42-A6B6-F1AC0EE553AD}" = protocol=6 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 complete\civilization4.exe | 
"{5197B009-C863-423C-8988-DBCFD55542E8}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{5722979B-AFBE-463E-B654-B18F00119DE8}" = protocol=17 | dir=in | app=c:\program files\hobbyist software\off-helper\mdnsresponder.exe | 
"{5ACF307F-7312-402E-9CF1-6CA7210E4FD1}" = protocol=17 | dir=in | app=c:\program files\hobbyist software\off-helper\off-helper service.exe | 
"{61694D64-CA91-49BF-8C18-EF82A0564466}" = protocol=6 | dir=in | app=c:\program files\google\google talk\googletalk.exe | 
"{66F63341-8BD2-445E-8A8D-AB7FF29E9552}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{67D9CEC1-DE66-43EC-ADEB-7F3323F63CAD}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{6DD80D18-C108-4CA5-A087-F3E0E707B158}" = protocol=6 | dir=in | app=c:\program files\google\google talk\googletalk.exe | 
"{70EF14E3-06EA-4408-8777-9944219095FC}" = protocol=6 | dir=in | app=c:\program files\hobbyist software\off-helper\dnssd-hobbyist.dll | 
"{71356CE1-616B-4BF7-9CBF-BB0E749E1990}" = protocol=6 | dir=in | app=c:\program files\hobbyist software\off-helper\dnssd-hobbyist.dll | 
"{7412C683-1FBC-4A03-AB4B-663711D7DD1B}" = protocol=6 | dir=in | app=c:\program files\pure flow server\twonkymediaserver.exe | 
"{747CA8DE-DF18-4D8B-9842-88DB892BDEE5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{7F59DF89-C0DA-4D44-A288-7919352D73FE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{87688660-F09F-4E80-97F1-E889E73D843D}" = protocol=6 | dir=in | app=c:\users\david\appdata\roaming\dropbox\bin\dropbox.exe | 
"{9108BD2A-C51D-4A2F-BBAB-6D6E5E605A78}" = protocol=17 | dir=in | app=c:\program files\sony\vaio media 6.0\vc.exe | 
"{9282580D-10F4-4E9B-88A0-810108B4B649}" = protocol=17 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 complete\civilization4.exe | 
"{957946A2-8279-4542-955E-8BD1E16C5ACF}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{9618A8AA-A97A-46C5-9A1A-492625388188}" = protocol=17 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 complete\warlords\civ4warlords.exe | 
"{9643EA54-BA96-4C92-A6DF-C55328605CC1}" = protocol=17 | dir=in | app=c:\program files\google\google talk\googletalk.exe | 
"{9B77A897-43D4-4057-B5FF-9ADF0720EF98}" = protocol=17 | dir=in | app=c:\program files\hobbyist software\off-helper\dnssd-hobbyist.dll | 
"{9DCF4D93-14E7-4258-84DD-1DB8D4CA9CAC}" = dir=in | app=c:\program files\avg\avg8\avgemc.exe | 
"{9EF67701-E00F-4CB4-9711-4A9E40A19133}" = protocol=17 | dir=in | app=c:\users\david\appdata\roaming\dropbox\bin\dropbox.exe | 
"{9FB96FF6-E7BE-47B4-BFED-E13EB605CB10}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe | 
"{A0B2C033-2704-4A4B-8DA5-CC0F685FBE86}" = protocol=17 | dir=in | app=c:\program files\hobbyist software\off-helper\off-service.exe | 
"{A21305EA-4013-4BB5-9B49-68806A5AFEB1}" = protocol=17 | dir=in | app=c:\program files\hobbyist software\off-helper\mdnsresponder.exe | 
"{A22D1D73-48D3-4F9D-BB9A-FC93203FCDDB}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{A8DE72A5-D43F-44A6-8CA5-E66A13A0BF33}" = protocol=6 | dir=in | app=c:\program files\kontiki\kservice.exe | 
"{A914EB8D-1719-40CB-81B7-DA59D1A4BE48}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{AB8BDFDE-BBEB-4254-94E6-57D4E4708964}" = protocol=6 | dir=in | app=c:\program files\hobbyist software\off-helper\off-helper.exe | 
"{B1F14093-FB9F-4C78-9C98-26189FAC8D26}" = protocol=6 | dir=in | app=c:\program files\hobbyist software\off-helper\off-service.exe | 
"{B5CB8AF1-FE93-4DA1-AB10-364393E1335C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{B72F73E5-D899-4C69-B684-3B6B0CC03B92}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{BC570BF0-F575-43E0-A98D-F069963D92BA}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{C7682AC9-F1DA-4713-BB0D-71B7F6A44F95}" = protocol=17 | dir=in | app=c:\program files\google\google talk\googletalk.exe | 
"{C85DECE7-40B7-423A-AA1B-BC6D01880E8B}" = protocol=6 | dir=in | app=c:\program files\hobbyist software\off-helper\off-helper service.exe | 
"{C8DBF332-C873-4223-8FBE-E45A05466C13}" = protocol=17 | dir=in | app=c:\program files\hobbyist software\off-helper\dnssd-hobbyist.dll | 
"{C91505A9-ADD3-45E7-81B5-AEAE9CD2FD76}" = protocol=17 | dir=in | app=c:\program files\kontiki\kservice.exe | 
"{CB6F00EB-62D4-41E9-B1E1-D7A508AA8A18}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{CC8F4626-98B8-4EC9-85C2-A47BB9F517C2}" = protocol=17 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 complete\beyond the sword\civ4beyondsword.exe | 
"{CE2E4332-1CA4-4931-8BA8-D47DC2050D6E}" = protocol=6 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 complete\beyond the sword\civ4beyondsword.exe | 
"{D5D80D56-80C3-4282-9512-74D62316F500}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{E04ED4BA-5ADB-4448-9785-ACE194F13BD3}" = protocol=17 | dir=in | app=c:\program files\hobbyist software\off-helper\off-helper.exe | 
"{E67FA325-74A5-47AE-9A63-66852F66A967}" = protocol=6 | dir=in | app=c:\program files\hobbyist software\off-helper\off-helper service.exe | 
"{ED88AB7C-6596-4786-A75D-D431065A397F}" = protocol=6 | dir=in | app=c:\program files\kontiki\kservice.exe | 
"{F32B7AC8-9ED0-40D4-BB2D-07473B510249}" = protocol=6 | dir=in | app=c:\program files\hobbyist software\off-helper\off-helper service.exe | 
"{F79CC313-8439-4C5F-8A5C-5DCF93E1B55D}" = protocol=6 | dir=in | app=c:\program files\hobbyist software\off-helper\dnssd-hobbyist.dll | 
"TCP Query User{03939541-A96A-4E75-8DE6-13853A551263}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{06B56D3A-7944-47B2-ABA2-A525C9C70D9D}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{16FBD14B-0AAB-4693-A4A3-A9488D45BBF1}C:\program files\air mouse\air mouse\air mouse.exe" = protocol=6 | dir=in | app=c:\program files\air mouse\air mouse\air mouse.exe | 
"TCP Query User{18D6B6C7-6CEA-45E2-B96C-29586327D088}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"TCP Query User{25783026-D868-4DF4-BDA2-9A6E96077DA8}C:\program files\air mouse\air mouse\mobile mouse service.exe" = protocol=6 | dir=in | app=c:\program files\air mouse\air mouse\mobile mouse service.exe | 
"TCP Query User{36AC178C-4323-4DB9-8E91-BDAB2D204821}C:\program files\air mouse\air mouse\mobile mouse service.exe" = protocol=6 | dir=in | app=c:\program files\air mouse\air mouse\mobile mouse service.exe | 
"TCP Query User{3E93A6C3-A4D0-4DD3-9A7F-B25DD21D462F}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{449C1DE3-43E0-4BDB-9489-6072B6172147}C:\users\david\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\david\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{5122B36D-9417-466B-A934-07E6EA4B09AA}C:\program files\air mouse\air mouse\air mouse.exe" = protocol=6 | dir=in | app=c:\program files\air mouse\air mouse\air mouse.exe | 
"TCP Query User{5EDADD60-D0F9-451A-BCD2-45E7144A936A}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
"TCP Query User{60CCB461-C7B3-40FB-BE3E-26A1B83548CE}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{79C1C661-1CC7-409E-96CF-6A5D0817F4BF}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{8584E797-B6E4-4C6F-A24B-C42CB196D7BF}C:\program files\hobbyist software\off-helper\off-helper.exe" = protocol=6 | dir=in | app=c:\program files\hobbyist software\off-helper\off-helper.exe | 
"TCP Query User{979C5985-4D22-45AC-A934-5F16C8D9E9E4}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{A2AF443F-E761-48FE-BF84-03EB35C44CC4}C:\users\david\downloads\hfs.exe" = protocol=6 | dir=in | app=c:\users\david\downloads\hfs.exe | 
"TCP Query User{B2C90EAA-D328-445F-B44E-06E5A480E591}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{E90CEA1F-8B52-4345-86BD-96635868AADD}C:\users\david\downloads\hfs.exe" = protocol=6 | dir=in | app=c:\users\david\downloads\hfs.exe | 
"TCP Query User{EB59609F-76DE-4DF4-8826-1F40EDBEF8F9}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{EEC0E7AF-16CD-4E5F-810B-A7509EF71F70}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{0EC7FD5C-DFB3-4232-A8F9-467C8EF50D66}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{1C6974CF-E316-4A57-A943-E79DC0C27910}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{1D4DE177-A2D2-46CF-BA2C-45F82C2A858C}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"UDP Query User{38A5A7C8-802E-4F8E-86BD-A8AD632ED35C}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{52DB13BF-0936-49CA-BE43-753D629F5B92}C:\program files\air mouse\air mouse\air mouse.exe" = protocol=17 | dir=in | app=c:\program files\air mouse\air mouse\air mouse.exe | 
"UDP Query User{6CF77519-6C73-4BE0-9871-A8577AC6A271}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
"UDP Query User{92074D48-00D0-4E02-A267-7F5462674A16}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{A104D1BC-7767-46A0-8B49-CC51F2251CF1}C:\users\david\downloads\hfs.exe" = protocol=17 | dir=in | app=c:\users\david\downloads\hfs.exe | 
"UDP Query User{A315184F-B1DF-4AE9-9742-8C64A1247CA5}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{B072756C-09E8-41A6-8456-0E4FAD0E5E51}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"UDP Query User{B911A916-C7C2-4C33-B3E2-26C15F8604C0}C:\program files\air mouse\air mouse\air mouse.exe" = protocol=17 | dir=in | app=c:\program files\air mouse\air mouse\air mouse.exe | 
"UDP Query User{C989F439-D386-4FDF-B9EF-32F571B0A5E3}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"UDP Query User{D4331884-5B50-4EB5-95C2-26D507778D59}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{E1B5B280-6E45-4762-9BC9-119F40942E40}C:\program files\air mouse\air mouse\mobile mouse service.exe" = protocol=17 | dir=in | app=c:\program files\air mouse\air mouse\mobile mouse service.exe | 
"UDP Query User{E562642E-5147-4C3E-A8D6-92F526923C0B}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{EBAB5CBB-3514-4550-AF8F-77A514FE76DF}C:\program files\air mouse\air mouse\mobile mouse service.exe" = protocol=17 | dir=in | app=c:\program files\air mouse\air mouse\mobile mouse service.exe | 
"UDP Query User{F31163B9-4735-4661-80EA-D52339C36428}C:\program files\hobbyist software\off-helper\off-helper.exe" = protocol=17 | dir=in | app=c:\program files\hobbyist software\off-helper\off-helper.exe | 
"UDP Query User{F3DD9B62-3A12-4CC9-812A-75F00EF59500}C:\users\david\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\david\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{FF9D71AF-CA66-4FB6-9278-A74222E0B814}C:\users\david\downloads\hfs.exe" = protocol=17 | dir=in | app=c:\users\david\downloads\hfs.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{009E7FB7-1775-4D89-8956-F5C9A1C019FC}" = DSD Playback Plug-in
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
"{021AD585-5EEE-4B58-83BC-0AC86008EBC8}" = VAIO Media Registration Tool
"{023D64D7-E7B4-47C7-BE6E-B7C2E8960D08}" = Citrix online plug-in (Web)
"{065DBB54-6E55-A609-2E1E-F0617E827D53}" = Media Go Video Playback Engine 1.96.112.08260
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{07D8511D-C9FE-4A93-933F-EAA5C8F20095}" = IDT Audio
"{09A84598-E18A-4E7B-A49A-E19BB8D5C648}" = AppMon Utility
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C6DB6B9-2D17-4AA5-A207-42D28BF9F434}" = MyPoi Manager
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{0FD40A50-38AB-454F-B41E-AC365E13D06D}" = calibre
"{12D0BE8D-538C-4AB1-86DE-C540308F50DA}" = VAIO Content Metadata Manager Settings
"{133F46FF-B547-4462-AEAA-2322CA89CF67}" = VAIO Database Converter Ver 1.0
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{18510937-0146-417B-95D8-14706649C384}" = VAIO Content Metadata Manager Settings
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 30
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 11
"{28549656-3CB3-44B6-9FAB-925A18DAC796}" = VAIO Movie Story
"{28AD24E2-BC9F-49B8-A20C-31C6C2D78428}" = VAIO Database Converter 1.0
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{291FB4BF-EEC7-4CF9-8469-F39ED1DBC4D8}" = VAIO Content Metadata XML Interface Library
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{2AA48AFA-79CA-4043-BFFC-BB5BA23A9FCF}" = WD SmartWare
"{2BF9702B-52EE-4841-83C4-B5E640B6C97A}" = Media Go
"{30D1F3D2-54CF-481D-A005-F94B0E98FEEC}" = Sid Meier's Civilization 4 Complete
"{328019A7-0012-401D-96A2-4CDDD02675A8}" = Garmin POI Loader
"{33017152-D6EA-46DD-93E0-7D2679CCBB51}" = Corel WinDVD
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3B659FAD-E772-44A3-B7E7-560FF084669F}" = VAIO Smart Network
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{44653096-3E44-402E-B68E-37D77240BFA8}" = Symyx Draw 4.0.100
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"{4EA55D20-27FB-45D7-8726-147E8A5F6C62}" = VAIO MusicBox
"{500162A0-4DD5-460A-BAFD-895AAE48C532}" = VAIO Media Content Collection 6.0
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{516EF56A-048B-4AED-9906-1366639ACEEE}" = Garmin BaseCamp
"{533D0A8A-D7E7-4F15-BC9E-FF2916A6BAA7}" = DSD Direct Player
"{560F6B2E-F0DF-44E5-8190-A4A161F0E205}" = VAIO Media 6.0
"{56345504-DE57-4528-A18B-A567D1E52928}" = ArcSoft Magic-i Visual Effects
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}" = VAIO Media Redistribution 6.0
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{6332AFF1-9D9A-429C-AA03-F82749FA4F49}" = SonicStage Mastering Studio
"{63A6E9A9-A190-46D4-9430-2DB28654AFD8}" = Norton 360
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6C1EC809-88C6-4111-A6E0-0C6E203B3818}" = VAIO Movie Story 1.3 Upgrade
"{6D2576EC-A0E9-418A-A09A-409933A3B6F4}" = VAIO Camera Capture Utility
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6F8EAC65-314D-4D86-9557-BC9312AACCB0}" = Citrix online plug-in (USB)
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{785EB1D4-ECEC-4195-99B4-73C47E187721}" = VAIO Media Integrated Server 6.1
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A21C722-F259-4976-B7AA-6658E5FDEDAF}" = Google Drive
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7C404084-C5A6-42FF-B731-0BAC79A6E134}" = VAIO Original Function Settings
"{7D82704E-B217-4C6F-97E5-C77F30E81048}" = Quo v2
"{802889F8-6AF5-45A5-9764-CA5B999E50FC}" = VAIO Power Management
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{8144262B-25B4-44F6-8204-FCC8EF50179F}" = Citrix online plug-in (DV)
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{82D5BACA-3619-4D34-99DB-3A65CFB4DA33}" = DSD Direct
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{895FE43E-71C2-4FEA-94EF-B88D111495FC}" = Mobile Mouse Server
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{912B04B3-7C7C-4929-AE68-EC2A4CCB4E73}" = Microsoft Mouse and Keyboard Center
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95229EF6-F4A1-413A-BA50-668311FAFE19}" = VAIO Original Function Settings
"{98FC7A64-774B-49B5-B046-4B4EBC053FA9}" = VAIO MusicBox Sample Music
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD8B556-A69C-486E-92C1-4AA821DE13A0}" = .NET Utilities
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C1C8A04-F8CA-4472-A92D-4288CE32DE86}" = SonicStage Mastering Studio Plugins
"{9D12A8B5-9D41-4465-BF11-70719EB0CD02}" = VU5x86
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9D8BAA74-5B7D-11E2-8273-984BE15F174E}" = Evernote v. 4.6.1
"{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}" = VAIO Update
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3563827-B0DB-44DC-B037-15CC4E5E692F}" = VAIO Content Metadata XML Interface Library
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{ABA5E381-EC46-425C-86C5-5CD15BBFB4BF}" = Garmin USB Drivers
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.5)
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}" = RealDownloader
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 6.0
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story
"{B3668C08-EBB1-40F4-B4F9-4F8E13501A7D}" = VAIO Entertainment Platform
"{B3C9A441-C34D-40F3-9D3B-00EDDDAC74F1}" = Garmin Communicator Plugin
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{B66AD8F4-0951-407E-807F-C300F6970B5A}" = VAIO Media
"{B7FB0C86-41A4-4402-9A33-912C462042A0}" = Roxio Easy Media Creator Home
"{C01408FC-117C-44B7-8B0C-17794E526A01}" = Disc2Phone
"{C0482AA0-9CDF-49B4-9B39-551FD1A7A7E6}" = VAIO Movie Story 1.5 Upgrade
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240D8}" = WinZip 17.0
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF0F8D1B-5FB9-468D-BD88-E6239906D2B7}" = Click to Disc
"{D17111CB-C992-42A9-9D56-C19395102AAA}" = Garmin WebUpdater
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF0415CC-0563-407F-B560-9B7F277122C5}" = VAIO BD Menu Data
"{DF7DB916-90E5-40F2-9010-B8125EB5FD6F}" = SonicStage Mastering Studio Audio Filter
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E66BB7B9-EC7B-45A6-B479-AD43A9B32AA0}" = SonicStage Mastering Studio
"{E7C97E98-4C2D-BEAF-5D2F-CC45A2F95D90}" = Acrobat.com
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype 6.0
"{EA74A293-3FAC-4D1B-AE3A-3BD47FADDC20}" = Citrix online plug-in (HDX)
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EC37A846-53AC-4DA7-98FA-76A4E74AA900}" = SonicStage Mastering Studio Audio Filter Custom Preset
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.115
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" = 
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"{F88A7EB0-90F4-4012-9194-33AF2F1C5BF1}" = VAIO Movie Story 1.5 Upgrade
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"98157A226B40B173301B0F53C8E98C47805D5152" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"ActiveTouchMeetingClient" = Cisco WebEx Meetings
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ALDI Print Software" = ALDI Print Software
"Atlantis - Sky Patrol" = Atlantis - Sky Patrol (remove only)
"avast" = avast! Free Antivirus
"Big Fish Games Center" = Big Fish Games Center
"Big Fish Games Sudoku" = Big Fish Games Sudoku (remove only)
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module
"CanonMyPrinter" = Canon My Printer
"CCleaner" = CCleaner
"CitrixOnlinePluginPackWeb" = Citrix online plug-in - web
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"DPP" = Canon Utilities Digital Photo Professional 3.5
"dt icon module" = 
"ENTERPRISER" = Microsoft Office Enterprise 2007
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"gtfirstboot Setting Request" = 
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"Kobo" = Kobo
"Mahjong Towers Eternity" = Mahjong Towers Eternity (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"MarketingTools" = Vaio Marketing Tools
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Metalogic Finance Explorer_is1" = Metalogic Finance Explorer 4.0.1
"MFU Module" = 
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Mozilla Firefox 18.0.1 (x86 en-GB)" = Mozilla Firefox 18.0.1 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"Mystery Case Files - Prime Suspects" = Mystery Case Files - Prime Suspects (remove only)
"NVIDIA Drivers" = NVIDIA Drivers
"Off-Helper_is1" = Off-Helper 3.03
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-15-19-01
"PhotoStitch" = Canon Utilities PhotoStitch
"Picasa 3" = Picasa 3
"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
"ProcessQuickLink 2_is1" = Uniblue ProcessQuickLink 2
"PS3 Media Server" = PS3 Media Server
"Rapport_msi" = Rapport
"RealPlayer 16.0" = RealPlayer
"RemoteCaptureDC" = Canon Utilities RemoteCapture DC
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Revo Uninstaller" = Revo Uninstaller 1.92
"Shockwave" = Shockwave
"Sierra Utilities" = Sierra Utilities
"SystemRequirementsLab" = System Requirements Lab
"TwonkyMediaPURE Flow Server" = PURE Flow Server
"Update Engine" = Sony Ericsson Update Engine
"VAIO Help and Support" = 
"VAIO_My Club VAIO" = My Club VAIO
"VAIO_Photoshop" = 
"VAIO_Premiere" = 
"VAIO_Standard" = 
"Virtual Villagers" = Virtual Villagers (remove only)
"WinLiveSuite" = Windows Live Essentials
"YTdetect" = Yahoo! Detect
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3695665762-3537947497-2156790703-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 29/01/2013 16:08:36 | Computer Name = David-PC | Source = SignInAssistant | ID = 0
Description =

Error - 29/01/2013 16:08:37 | Computer Name = David-PC | Source = SignInAssistant | ID = 0
Description =

Error - 29/01/2013 16:08:39 | Computer Name = David-PC | Source = SignInAssistant | ID = 0
Description =

Error - 29/01/2013 16:14:00 | Computer Name = David-PC | Source = SignInAssistant | ID = 0
Description =

Error - 30/01/2013 13:29:48 | Computer Name = David-PC | Source = SideBySide | ID = 16842761
Description = Activation context generation failed for "C:\Program Files\WinZip\adxloader.dll.Manifest".Error
in manifest or policy file "C:\Program Files\WinZip\adxloader.dll.Manifest" on 
line 2. The manifest file root element must be assembly.

Error - 30/01/2013 13:34:45 | Computer Name = David-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files\MyPoi Manager\DelZip179.dll".Error
in manifest or policy file "C:\Program Files\MyPoi Manager\DelZip179.dll" on line
8. The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error - 31/01/2013 04:14:15 | Computer Name = David-PC | Source = SideBySide | ID = 16842761
Description = Activation context generation failed for "C:\Program Files\WinZip\adxloader.dll.Manifest".Error
in manifest or policy file "C:\Program Files\WinZip\adxloader.dll.Manifest" on 
line 2. The manifest file root element must be assembly.

Error - 31/01/2013 12:04:31 | Computer Name = David-PC | Source = SideBySide | ID = 16842761
Description = Activation context generation failed for "C:\Program Files\WinZip\adxloader.dll.Manifest".Error
 in manifest or policy file "C:\Program Files\WinZip\adxloader.dll.Manifest" on 
line 2. The manifest file root element must be assembly.

Error - 31/01/2013 12:08:26 | Computer Name = David-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files\MyPoi Manager\DelZip179.dll".Error
in manifest or policy file "C:\Program Files\MyPoi Manager\DelZip179.dll" on line
8. The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error - 31/01/2013 14:10:26 | Computer Name = David-PC | Source = SideBySide | ID = 16842761
Description = Activation context generation failed for "C:\Program Files\WinZip\adxloader.dll.Manifest".Error
in manifest or policy file "C:\Program Files\WinZip\adxloader.dll.Manifest" on 
line 2. The manifest file root element must be assembly.

Error - 31/01/2013 14:14:13 | Computer Name = David-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files\MyPoi Manager\DelZip179.dll".Error
in manifest or policy file "C:\Program Files\MyPoi Manager\DelZip179.dll" on line
8. The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error - 31/01/2013 14:17:46 | Computer Name = David-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files\Common 
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
of attribute "version" in element "assemblyIdentity" is invalid.

[ Media Center Events ]
Error - 21/03/2011 01:31:53 | Computer Name = David-PC | Source = Recording | ID = 19
Description = The recording schedule has been corrupted and was automatically deleted
on 03/21/2011 05:31:53. You may need to reschedule your recordings.

Error - 21/03/2011 01:31:55 | Computer Name = David-PC | Source = Recording | ID = 19
Description = The recording schedule has been corrupted and was automatically deleted
on 03/21/2011 05:31:55. You may need to reschedule your recordings.

Error - 21/03/2011 14:59:47 | Computer Name = David-PC | Source = Recording | ID = 19
Description = The recording schedule has been corrupted and was automatically deleted
on 03/21/2011 18:59:47. You may need to reschedule your recordings.

Error - 31/03/2011 15:13:42 | Computer Name = David-PC | Source = Recording | ID = 19
Description = The recording schedule has been corrupted and was automatically deleted
on 03/31/2011 20:13:42. You may need to reschedule your recordings.

Error - 31/03/2011 15:13:45 | Computer Name = David-PC | Source = Recording | ID = 19
Description = The recording schedule has been corrupted and was automatically deleted
on 03/31/2011 20:13:45. You may need to reschedule your recordings.

Error - 30/04/2011 16:27:19 | Computer Name = David-PC | Source = Recording | ID = 19
Description = The recording schedule has been corrupted and was automatically deleted
on 04/30/2011 21:27:19. You may need to reschedule your recordings.

Error - 05/05/2011 12:24:02 | Computer Name = David-PC | Source = Recording | ID = 19
Description = The recording schedule has been corrupted and was automatically deleted
on 05/05/2011 17:24:02. You may need to reschedule your recordings.

Error - 18/07/2011 16:29:00 | Computer Name = David-PC | Source = Recording | ID = 19
Description = The recording schedule has been corrupted and was automatically deleted
on 07/18/2011 21:29:00. You may need to reschedule your recordings.

Error - 04/08/2011 11:36:35 | Computer Name = David-PC | Source = Recording | ID = 19
Description = The recording schedule has been corrupted and was automatically deleted
on 08/04/2011 16:36:35. You may need to reschedule your recordings.

Error - 06/08/2011 08:27:08 | Computer Name = David-PC | Source = Recording | ID = 19
Description = The recording schedule has been corrupted and was automatically deleted
on 08/06/2011 13:27:08. You may need to reschedule your recordings.

[ OSession Events ]
Error - 09/07/2012 06:45:50 | Computer Name = David-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 98
seconds with 60 seconds of active time. This session ended with a crash.

Error - 17/07/2012 12:01:58 | Computer Name = David-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 15916
seconds with 1260 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 19/03/2009 13:34:08 | Computer Name = David-PC | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 20/03/2009 05:46:37 | Computer Name = David-PC | Source = HTTP | ID = 15016
Description =

Error - 20/03/2009 05:48:02 | Computer Name = David-PC | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 21/03/2009 08:38:52 | Computer Name = David-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 21/03/2009 08:39:00 | Computer Name = David-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 21/03/2009 08:39:03 | Computer Name = David-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 21/03/2009 08:39:06 | Computer Name = David-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 21/03/2009 08:39:09 | Computer Name = David-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 22/03/2009 06:45:43 | Computer Name = David-PC | Source = HTTP | ID = 15016
Description =

Error - 22/03/2009 06:47:04 | Computer Name = David-PC | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

< End of report >


----------



## kevinf80 (Mar 21, 2006)

Re-Run







by double left click, Vista and Widows 7 users accept UAC alert.

Under the







box at the bottom, paste in the following


```
:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\FirewallRules]
"{00E915A2-12EF-4B68-8932-903B490626CE}"=-
"{9FB96FF6-E7BE-47B4-BFED-E13EB605CB10}"=-
:OTL
DRV - [2010/03/10 10:36:36 | 000,217,032 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\PCTCore.sys -- (PCTCore)
IE - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\..\SearchScopes\{D8B9925B-7A40-427C-A6EA-191BC3A43307}: "URL" = http://uk.ask.com/web?q={searchTerms}&qsrc=0&o=0&l=dir&dm=all
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
[2013/01/14 18:31:15 | 000,579,823 | ---- | M] () (No name found) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\wf9gy7j5.default\ex tensions\{6C4BAFB6-2AC2-4405-A98D-546B55B3AE92}.xpi
[2013/01/31 20:50:33 | 000,817,973 | ---- | M] () (No name found) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\wf9gy7j5.default\ex tensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/12/05 18:48:18 | 000,001,738 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/10/15 09:10:53 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/12/05 18:48:18 | 000,001,148 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/12/05 18:48:18 | 000,001,379 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/10/15 09:10:53 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/12/05 18:48:18 | 000,001,334 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
:Files
C:\Users\David\AppData\Roaming\AVG10
:Commands
[emptytemp]
```

Then click







button at the top
Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
Please post that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
If you are asked to reboot the machine choose *Yes*. In this case, after the reboot, open Notepad (Start > All Programs > Accessories > Notepad), click File > Open, in the File Name box enter **.log* and press the Enter key, navigate to the *C:\_OTL\MovedFiles folder*, and open the newest *.log* file present, and copy/paste the contents of that document back here in your next post.

Next,

Select Start > Control Panel > Uninstall a Program. Remove the following outdated versions of Java:

*Java(TM) 6 Update 30
Java(TM) 6 Update 22*

Next,

Go here and set Internet Explorer back to default settings: http://support.microsoft.com/kb/923737#method2
Go here and set FireFox back to default settings: http://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-most-problems

Post the OTL fix log, let me know if there is an improvement, also if any remaining issues/concerns...

Kevin


----------



## STIG_DH (Jan 25, 2013)

Kevin

I ran into a couple of problems I need to alert you to.

I ran OTL, and the application rebooted the PC. In the reboot, I witnessed briefly the blue screen of death 

The computer reported that it was unable to start, and recommended I chose Startup Repair Mode.

I accepted this and was eventually told that it will to restore to an earlier time point - I duly accepted.

The system rebooted once (no sign of the blue screen of death ) and seems to be operational again with the previous caveats (but of course no OTL log file)


What else to add?

Last night I removed a couple of redundant programmes using Revo Uninstaller. They were Kobo and a Sony application (Disc 2 Phone). I think I should have checked with you first but assumed this action would be benign.

Upon switching on this morning, everything was working much as I last reported. PC went into hibernation for the morning, and when I came back this afternoon, problems came about in coming out of hibernation - again affecting the browsers. Chrome said it didn't close properly, and Firefox wouldn't load at all.

I can't think of any other details to impart. Sounds like we may have to do some more scanning and see where we are?

Awaiting further instruction.......

David


----------



## kevinf80 (Mar 21, 2006)

OK, I gues we have to go back a couple of steps... Lets try this;

Download http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner by Xplode onto your Desktop.


 Please close all open programs and internet browsers.
 Double click on *Adwcleaner.exe* to run the tool.
 Click on *Delete*.
 Confirm each time with OK.
 Your computer will be rebooted automatically. A text file will open after the restart.
 Please post the content of that logfile in your reply.
 You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

Next,

Download *OTL* from any of the following links and save to your desktop.

http://itxassociates.com/OT-Tools/OTL.com
http://oldtimer.geekstogo.com/OTL.exe
http://www.itxassociates.com/OT-Tools/OTL.scr

Double click the OTL icon to start the tool. (Note: If you are running on Vista or Windows 7 accept UAC alert)


 When the window appears, underneath *Output* at the top, make sure *Standard output* is selected.
 Select *Scan all users*
 Under the *Extra Registry* section, check *Use SafeList*
 In the lower right corner, checkmark *"LOP Check"* and checkmark *"Purity Check".*
 Click *Run Scan* and let the program run uninterrupted.
 When the scan is complete, two text files will be created on your Desktop.
 *OTL.Txt* <- this one will be opened
 *Extras.txt* <- this one will be minimized

Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of *OTL.Txt* and the *Extras.txt* in your next reply.

Kevin...


----------



## STIG_DH (Jan 25, 2013)

Kevin
here we go again.......

*AdwCleaner(S2)*

# AdwCleaner v2.109 - Logfile created 02/01/2013 at 18:42:47
# Updated 26/01/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
# User : David - DAVID-PC
# Boot Mode : Normal
# Running from : C:\Users\David\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

***** [Registry] *****

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v18.0.1 (en-GB)

File : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\wf9gy7j5.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v24.0.1312.57

File : C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [7369 octets] - [29/01/2013 16:58:19]
AdwCleaner[S2].txt - [1138 octets] - [01/02/2013 18:42:47]

########## EOF - C:\AdwCleaner[S2].txt - [1198 octets] ##########

*OTL*

OTL logfile created on: 01/02/2013 18:55:31 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\David\Documents\Desktop Computer\Malware removal Jan-13
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 0.91 Gb Available Physical Memory | 45.70% Memory free
4.00 Gb Paging File | 2.86 Gb Available in Paging File | 71.47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 454.80 Gb Total Space | 306.34 Gb Free Space | 67.36% Space Free | Partition Type: NTFS

Computer Name: DAVID-PC | User Name: David | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/30 08:27:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\David\My Documents\Desktop Computer\Malware removal Jan-13\OTL.exe
PRC - [2012/12/23 22:13:16 | 001,673,048 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2012/12/23 22:13:16 | 000,976,728 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2012/12/18 14:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/11/30 02:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012/11/29 20:33:04 | 000,232,608 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
PRC - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012/11/23 02:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/10/30 22:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/10/30 22:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/10/26 10:33:12 | 001,038,496 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
PRC - [2012/10/26 09:44:42 | 000,957,056 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update\VUAgent.exe
PRC - [2011/03/10 00:50:38 | 000,565,248 | ---- | M] (Microsoft) -- C:\Program Files\Hobbyist Software\Off-Helper\Off-Helper Configuration.exe
PRC - [2011/03/10 00:17:10 | 000,006,656 | ---- | M] (Microsoft) -- C:\Program Files\Hobbyist Software\Off-Helper\Off-Helper Service.exe
PRC - [2011/02/25 05:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/05/20 16:15:00 | 000,110,736 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2010/03/11 14:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2009/10/29 10:11:16 | 000,239,248 | ---- | M] (PacketVideo) -- C:\Program Files\PURE Flow Server\twonkymediaserverwatchdog.exe
PRC - [2009/10/29 10:11:12 | 000,665,232 | ---- | M] () -- C:\Program Files\PURE Flow Server\twonkymediaserver.exe
PRC - [2008/11/03 15:01:44 | 000,299,008 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Network Utility\NSUService.exe
PRC - [2007/11/09 17:34:28 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe
PRC - [2007/10/27 00:22:47 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/09/10 23:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
PRC - [2007/08/15 04:05:18 | 000,182,392 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2007/08/15 04:05:18 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe

========== Modules (No Company Name) ==========

MOD - [2013/01/11 10:18:21 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll
MOD - [2013/01/11 10:17:52 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll
MOD - [2013/01/11 10:17:12 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\68f617caf670fefc0be769a294dc4ffd\System.ServiceProcess.ni.dll
MOD - [2013/01/11 10:16:25 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013/01/11 10:15:20 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll
MOD - [2013/01/11 10:11:41 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll
MOD - [2013/01/11 10:09:32 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/01/11 10:09:04 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll
MOD - [2013/01/11 10:08:45 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013/01/11 10:08:32 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/01/11 10:08:12 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013/01/11 10:05:42 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/11 10:05:17 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012/10/29 11:50:00 | 000,520,464 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
MOD - [2012/08/21 17:18:44 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll

========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2013/01/20 13:47:32 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/01/19 10:24:32 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/12/23 22:13:16 | 000,976,728 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2012/12/18 14:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2012/11/09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/10/30 22:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/10/26 09:44:42 | 000,957,056 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Update\VUAgent.exe -- (VUAgent)
SRV - [2012/01/28 06:21:35 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012/01/18 13:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2011/03/10 00:17:10 | 000,006,656 | ---- | M] (Microsoft) [Auto | Running] -- C:\Program Files\Hobbyist Software\Off-Helper\Off-Helper Service.exe -- (Off-Helper)
SRV - [2010/05/20 16:15:00 | 000,110,736 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2010/05/10 10:33:42 | 000,110,592 | ---- | M] (WDC) [Disabled | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2010/05/10 10:32:36 | 001,858,048 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME)
SRV - [2010/05/10 10:32:06 | 000,482,304 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC)
SRV - [2010/03/11 14:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009/10/29 10:11:16 | 000,239,248 | ---- | M] (PacketVideo) [Auto | Running] -- C:\Program Files\PURE Flow Server\twonkymediaserverwatchdog.exe -- (PURE Flow Server)
SRV - [2009/09/08 17:09:14 | 000,083,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper)
SRV - [2009/07/14 01:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 01:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/05/30 10:49:55 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/03/05 18:47:40 | 000,313,264 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2009/03/05 18:47:40 | 000,192,512 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2009/03/05 18:47:40 | 000,069,632 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2009/03/05 18:41:58 | 005,189,992 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2008/11/03 15:01:44 | 000,299,008 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\Network Utility\NSUService.exe -- (NSUService)
SRV - [2007/11/09 17:34:28 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe -- (uCamMonitor)
SRV - [2007/10/27 00:22:47 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/09/10 23:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2007/08/15 04:05:18 | 000,182,392 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2007/06/20 22:35:06 | 002,523,136 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2007/06/20 22:34:52 | 000,499,712 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2007/06/20 22:34:50 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-UCLS-UPnP)
SRV - [2007/06/20 22:34:50 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP)
SRV - [2007/06/20 22:34:50 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-UCLS-HTTP)
SRV - [2007/06/20 22:34:50 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP)
SRV - [2007/01/10 23:51:06 | 000,745,472 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe -- (VAIOMediaPlatform-UCLS-AppServer)
SRV - [2006/12/14 09:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 09:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 08:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\David\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/12/23 22:13:34 | 000,071,480 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2012/12/23 22:13:34 | 000,065,848 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2012/12/23 22:13:32 | 000,166,840 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2012/10/30 22:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/10/30 22:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/10/30 22:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/10/30 22:51:57 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/10/30 22:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/10/29 11:50:33 | 000,272,216 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus32_43926.sys -- (RapportCerberus_43926)
DRV - [2012/10/15 16:59:28 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2012/08/09 13:55:05 | 000,025,200 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2012/08/09 13:55:05 | 000,012,400 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2011/10/07 17:52:18 | 000,021,504 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0)
DRV - [2010/11/20 10:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 09:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/09/07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/03/10 10:36:36 | 000,217,032 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/10/05 09:08:42 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2009/07/13 22:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/13 22:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2008/05/06 15:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2007/12/20 15:52:06 | 000,017,408 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV - [2007/11/23 14:59:43 | 000,841,472 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVerM115S.sys -- (AVerM115S)
DRV - [2007/11/08 03:04:27 | 000,073,472 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FLx86.sys -- (R5U870FLx86)
DRV - [2007/11/08 03:04:27 | 000,043,904 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FUx86.sys -- (R5U870FUx86)
DRV - [2007/11/07 00:16:12 | 007,626,400 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/10/27 00:22:55 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/09/20 00:12:57 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/09/19 21:38:18 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
DRV - [2007/08/29 01:58:45 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
DRV - [2007/06/06 00:00:39 | 000,812,544 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2007/05/26 08:03:06 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2007/04/24 08:33:46 | 000,100,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125mgmt.sys -- (s125mgmt)
DRV - [2007/04/24 08:33:46 | 000,098,696 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125obex.sys -- (s125obex)
DRV - [2007/04/24 08:33:44 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125mdm.sys -- (s125mdm)
DRV - [2007/04/24 08:33:42 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125mdfl.sys -- (s125mdfl)
DRV - [2007/04/24 08:33:34 | 000,083,336 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125bus.sys -- (s125bus)
DRV - [2007/04/17 20:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{8D835501-C37D-4043-AD6C-A23EB260A8CD}: "URL" = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\..\SearchScopes\{8D835501-C37D-4043-AD6C-A23EB260A8CD}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GPEA_en-GB
IE - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\..\SearchScopes\{D8B9925B-7A40-427C-A6EA-191BC3A43307}: "URL" = http://uk.ask.com/web?q={searchTerms}&qsrc=0&o=0&l=dir&dm=all
IE - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: %7B195A3098-0BD5-4e90-AE22-BA1C540AFD1E%7D:4.0.4
FF - prefs.js..extensions.enabledAddons: %7BE0B8C461-F8FB-49b4-8373-FE32E9252800%7D:5.4.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/11/20 08:34:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/01/16 11:18:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/01/16 11:18:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/19 10:24:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/01/19 10:24:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/19 10:24:34 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/01/19 10:24:22 | 000,000,000 | ---D | M]

[2012/01/27 19:20:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\David\AppData\Roaming\Mozilla\Extensions
[2013/01/31 20:50:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\wf9gy7j5.default\extensions
[2012/12/01 13:19:35 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\wf9gy7j5.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2012/01/27 19:20:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\wf9gy7j5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/01/27 19:20:20 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\wf9gy7j5.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2013/01/14 17:09:38 | 000,000,000 | ---D | M] (Evernote Web Clipper) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\wf9gy7j5.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
[2012/02/10 15:52:35 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\wf9gy7j5.default\extensions\[email protected]
[2013/01/14 18:31:15 | 000,579,823 | ---- | M] () (No name found) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\wf9gy7j5.default\extensions\{6C4BAFB6-2AC2-4405-A98D-546B55B3AE92}.xpi
[2013/01/31 20:50:33 | 000,817,973 | ---- | M] () (No name found) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\wf9gy7j5.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/01/19 10:24:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/01/19 10:24:33 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/03/10 23:01:02 | 000,124,272 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CCMSDK.dll
[2010/03/10 23:02:52 | 000,070,512 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2010/03/10 23:01:48 | 000,091,504 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
[2010/03/10 23:01:24 | 000,022,384 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
[2008/06/19 09:16:24 | 000,118,784 | ---- | M] (CANON INC.) -- C:\Program Files\mozilla firefox\plugins\MyCamera.dll
[2008/06/19 09:16:24 | 000,053,248 | ---- | M] (CANON INC.) -- C:\Program Files\mozilla firefox\plugins\NPCIG.dll
[2010/03/10 23:40:56 | 000,423,248 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
[2013/01/16 11:17:26 | 000,124,056 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2010/03/10 23:02:48 | 000,023,920 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll

========== Chrome ==========

CHR - homepage: http://www.bbc.co.uk/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.bbc.co.uk/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Canon Online Photo Plugin Module (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPCIG.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Users\David\AppData\Roaming\Mozilla\plugins\npatgpc.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll
CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\Mozilla Plugins\npitunes.dll
CHR - plugin: Media Go Detector (Enabled) = C:\Program Files\Sony\Media Go\npmediago.dll
CHR - plugin: PlayStation(R)Network Downloader Check Plug-in (Enabled) = C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Drive = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Kingdom Rush = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckmfhhjalnddapegkbbohfaodgbnocim\1.0.7.3_0\
CHR - Extension: Google Search = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
CHR - Extension: RealDownloader = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0\
CHR - Extension: Wave theme = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgahidbcmoibbodajeakkjpocflpnad\1.32_0\
CHR - Extension: SlideRocket = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\omeengfjefdmhnkojnfmncpfdbhnecea\2.0.2_0\
CHR - Extension: Evernote Web Clipper = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\5.9.5_0\
CHR - Extension: Gmail = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/01/31 19:09:59 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Evernote extension) - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google BAE\BAE.dll (Your Company Name)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Hobbyist Software On-Off Helper] C:\Program Files\Hobbyist Software\Off-Helper\Off-Helper Configuration.exe (Microsoft)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Evernote 4 - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: New Note - C:\Program Files\Evernote\Evernote\\EvernoteIERes\NewNote.html ()
O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.11.2)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.11.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B8E8EBE0-C1DD-4A83-86D6-F9C48AD53AA8}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B8E8EBE0-C1DD-4A83-86D6-F9C48AD53AA8}: NameServer = 192.168.2.1,89.16.173.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C2AADC08-9101-4CD2-9A9F-4AEA51038AE5}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Backgrounds\01931_desertsunlight_1920x1080.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Backgrounds\01931_desertsunlight_1920x1080.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\...com [@ = ComFile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/31 20:24:55 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZipEC
[2013/01/31 20:24:47 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\assembly
[2013/01/31 19:10:21 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/01/31 19:06:23 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/01/31 19:06:23 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\temp
[2013/01/31 08:38:45 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/01/31 08:38:45 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/01/31 08:38:45 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/01/31 08:38:33 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/01/31 08:37:56 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/01/31 07:52:27 | 005,029,270 | R--- | C] (Swearware) -- C:\Users\David\Desktop\ComboFix.exe
[2013/01/30 11:30:44 | 000,000,000 | ---D | C] -- C:\Users\David\Documents\mbar-1.01.0.1017
[2013/01/30 10:26:30 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/01/29 19:48:16 | 000,000,000 | ---D | C] -- C:\Users\David\Desktop\RK_Quarantine
[2013/01/29 18:40:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
[2013/01/26 18:27:40 | 000,000,000 | ---D | C] -- C:\Users\David\Documents\AstraZeneca Employment
[2013/01/25 15:41:52 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\WinZip
[2013/01/25 15:41:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2013/01/25 15:40:52 | 000,000,000 | ---D | C] -- C:\Users\David\Documents\Add-in Express
[2013/01/25 15:40:30 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2013/01/25 15:40:10 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2013/01/24 11:09:17 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\Programs
[2013/01/21 19:11:15 | 000,000,000 | ---D | C] -- C:\Users\David\Documents\Sony
[2013/01/20 13:42:06 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/01/20 13:42:06 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/01/20 13:42:06 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/01/19 10:24:08 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/01/16 11:18:56 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\RealNetworks
[2013/01/16 11:18:04 | 000,000,000 | ---D | C] -- C:\Program Files\RealNetworks
[2013/01/16 11:17:59 | 000,000,000 | ---D | C] -- C:\ProgramData\RealNetworks
[2013/01/16 11:17:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2013/01/16 11:17:37 | 000,201,424 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2013/01/16 11:17:20 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2013/01/16 11:17:20 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2013/01/16 11:17:19 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
[2013/01/16 11:17:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
[2013/01/16 11:12:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2013/01/09 12:39:37 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/01/09 12:38:55 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2013/01/09 12:38:55 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013/01/09 12:38:51 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2013/01/09 12:38:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/01/09 12:38:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2013/01/09 12:38:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/01/09 12:38:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2013/01/09 12:38:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2013/01/09 12:38:47 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2013/01/09 12:38:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/01/09 12:38:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2013/01/09 12:38:46 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2013/01/09 12:38:46 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2013/01/09 12:38:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/01/09 12:38:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2013/01/09 12:38:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/09 12:38:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2013/01/09 12:38:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2013/01/09 12:38:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2013/01/09 12:38:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2013/01/09 12:38:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2013/01/09 12:38:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2013/01/09 12:38:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2013/01/09 12:38:42 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2013/01/09 12:38:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2013/01/09 12:38:41 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2013/01/09 12:38:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2013/01/09 12:38:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/01/09 12:38:38 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2013/01/09 12:38:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2013/01/09 12:37:43 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\System32\oflc-nz.rs
[2013/01/09 12:37:43 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\System32\csrr.rs
[2013/01/09 12:37:42 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\System32\fpb.rs
[2013/01/09 12:37:42 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\System32\cob-au.rs
[2013/01/09 12:37:41 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\System32\pegibbfc.rs
[2013/01/09 12:37:41 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\System32\usk.rs
[2013/01/09 12:37:41 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\System32\djctq.rs
[2013/01/09 12:37:40 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\System32\grb.rs
[2013/01/09 12:37:39 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi-pt.rs
[2013/01/09 12:37:39 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi.rs
[2013/01/09 12:37:38 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2013/01/09 12:37:36 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wpc.dll
[2013/01/09 12:37:24 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\System32\esrb.rs
[2013/01/09 12:37:21 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi-fi.rs
[2013/01/09 12:37:20 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\System32\oflc.rs
[2013/01/09 12:37:19 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\System32\cero.rs
[2013/01/09 12:36:32 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2013/01/09 12:36:28 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
[2013/01/04 18:26:13 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\ElevatedDiagnostics
[2012/01/16 17:22:16 | 000,293,736 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesOutlookAddIn.dll
[2012/01/16 17:22:12 | 000,421,736 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesHelper.exe
[2012/01/16 17:22:12 | 000,403,304 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesAdmin.dll
[2012/01/16 17:22:12 | 000,156,520 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesHelper.dll
[2012/01/16 17:22:12 | 000,124,776 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesMiniPlayer.dll
[2012/01/16 17:22:08 | 009,777,000 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunes.exe
[2012/01/16 17:22:04 | 020,868,968 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunes.dll
[2012/01/16 17:22:02 | 003,035,520 | ---- | C] (Gracenote, Inc.) -- C:\Program Files\gnsdk_dsp.dll
[2012/01/16 17:22:02 | 002,010,984 | ---- | C] (Apple Inc.) -- C:\Program Files\iPodUpdaterExt.dll
[2012/01/16 17:22:02 | 000,803,200 | ---- | C] (Gracenote, Inc.) -- C:\Program Files\gnsdk_sdkmanager.dll
[2012/01/16 17:22:02 | 000,287,104 | ---- | C] (Gracenote, Inc.) -- C:\Program Files\gnsdk_submit.dll
[2012/01/16 17:22:02 | 000,246,144 | ---- | C] (Gracenote, Inc.) -- C:\Program Files\gnsdk_musicid.dll
[2011/11/14 20:16:44 | 000,112,488 | ---- | C] (Apple Inc.) -- C:\Program Files\ITDetector.ocx

========== Files - Modified Within 30 Days ==========

[2013/02/01 18:58:24 | 000,009,728 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/01 18:58:24 | 000,009,728 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/01 18:48:13 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/02/01 18:45:42 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/01 18:45:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/01 18:45:22 | 1609,375,744 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/01 18:31:30 | 000,580,235 | ---- | M] () -- C:\Users\David\Desktop\adwcleaner.exe
[2013/02/01 18:20:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/01 13:53:26 | 000,002,039 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/02/01 13:53:23 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013/01/31 22:57:04 | 000,007,607 | ---- | M] () -- C:\Users\David\AppData\Local\Resmon.ResmonCfg
[2013/01/31 19:09:59 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/01/31 18:32:46 | 005,029,270 | R--- | M] (Swearware) -- C:\Users\David\Desktop\ComboFix.exe
[2013/01/31 10:52:00 | 000,000,820 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2013/01/30 20:38:19 | 000,041,799 | ---- | M] () -- C:\Users\David\AppData\Roaming\nvModes.dat
[2013/01/30 20:38:17 | 000,041,799 | ---- | M] () -- C:\Users\David\AppData\Roaming\nvModes.001
[2013/01/29 16:59:11 | 000,000,115 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013/01/29 15:36:26 | 000,086,586 | ---- | M] () -- C:\Users\David\Desktop\ideaTraX expanded item.png
[2013/01/29 14:45:56 | 000,063,511 | ---- | M] () -- C:\Users\David\Desktop\ideaTraX TB.png
[2013/01/26 18:18:16 | 000,639,696 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/01/26 18:18:16 | 000,115,078 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/01/25 15:41:22 | 000,002,281 | ---- | M] () -- C:\Users\Public\Desktop\WinZip.lnk
[2013/01/24 11:44:33 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/24 11:43:43 | 000,010,298 | ---- | M] () -- C:\Users\David\Desktop\Backup of Profile.wbk
[2013/01/20 13:47:29 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/01/20 13:47:29 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/01/20 13:47:14 | 015,739,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe
[2013/01/20 13:30:53 | 000,002,205 | ---- | M] () -- C:\Users\David\Desktop\Google Chrome.lnk
[2013/01/19 11:25:19 | 000,000,963 | ---- | M] () -- C:\Users\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/01/17 01:28:58 | 000,232,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2013/01/16 11:18:16 | 000,001,016 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2013/01/16 11:17:37 | 000,201,424 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2013/01/16 11:17:20 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2013/01/16 11:17:20 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2013/01/16 11:17:19 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
[2013/01/12 03:30:20 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/01/12 03:26:16 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/01/12 03:24:49 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/01/11 10:09:46 | 000,001,017 | ---- | M] () -- C:\Users\David\Desktop\Dropbox.lnk
[2013/01/11 09:59:01 | 000,484,480 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2013/02/01 18:31:27 | 000,580,235 | ---- | C] () -- C:\Users\David\Desktop\adwcleaner.exe
[2013/01/31 08:38:45 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/01/31 08:38:45 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/01/31 08:38:45 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/01/31 08:38:45 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/01/31 08:38:45 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/01/29 16:58:45 | 000,000,115 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013/01/29 14:51:52 | 000,086,586 | ---- | C] () -- C:\Users\David\Desktop\ideaTraX expanded item.png
[2013/01/29 14:44:12 | 000,063,511 | ---- | C] () -- C:\Users\David\Desktop\ideaTraX TB.png
[2013/01/25 15:41:22 | 000,002,281 | ---- | C] () -- C:\Users\Public\Desktop\WinZip.lnk
[2013/01/24 11:44:33 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/24 11:43:38 | 000,010,298 | ---- | C] () -- C:\Users\David\Desktop\Backup of Profile.wbk
[2013/01/20 13:38:04 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/20 13:27:36 | 000,007,607 | ---- | C] () -- C:\Users\David\AppData\Local\Resmon.ResmonCfg
[2013/01/16 11:18:16 | 000,001,016 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2012/01/27 19:49:01 | 000,021,924 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2011/11/14 20:15:32 | 000,064,083 | ---- | C] () -- C:\Program Files\Acknowledgements.rtf
[2011/04/30 07:27:36 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/04/30 07:27:36 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2010/01/30 10:11:12 | 000,025,773 | ---- | C] () -- C:\Users\David\AppData\Roaming\UserTile.png
[2009/12/08 21:14:18 | 000,000,255 | ---- | C] () -- C:\Users\David\SyncDocs.conf
[2009/03/13 16:51:59 | 000,003,272 | ---- | C] () -- C:\Users\David\TutorialOpen.xba
[2008/10/22 14:33:00 | 000,001,414 | ---- | C] () -- C:\Users\David\AppData\Roaming\wklnhst.dat
[2008/10/04 21:22:58 | 000,041,799 | ---- | C] () -- C:\Users\David\AppData\Roaming\nvModes.dat
[2008/10/04 21:22:58 | 000,041,799 | ---- | C] () -- C:\Users\David\AppData\Roaming\nvModes.001

========== ZeroAccess Check ==========

[2009/07/14 04:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 12:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 01:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/02/01 21:49:51 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\AVG10
[2012/01/27 19:19:54 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\calibre
[2012/01/27 19:19:54 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Canon
[2012/01/27 19:19:54 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\CD-LabelPrint
[2012/01/27 19:19:55 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Chilirec
[2012/01/27 19:19:57 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/01/27 19:19:57 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\DriverCure
[2013/01/30 13:55:29 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Dropbox
[2012/05/12 18:11:29 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\GARMIN
[2012/09/23 15:03:59 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\ICAClient
[2012/01/27 19:19:57 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\InterVideo
[2012/02/05 12:47:10 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\IsolatedStorage
[2012/01/27 19:20:06 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\MessengerGadget
[2012/01/27 19:20:23 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\OpenOffice.org
[2010/01/30 10:11:11 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\PeerNetworking
[2013/01/16 13:53:33 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\PrimoPDF
[2012/02/14 17:34:40 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Quo2
[2012/05/18 17:33:15 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Sony
[2012/02/05 12:44:29 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Symyx
[2012/01/31 18:14:44 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\SystemRequirementsLab
[2012/01/27 19:20:43 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Teleca
[2012/01/27 19:20:43 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Template
[2013/01/31 11:39:41 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\webex
[2012/03/06 11:28:41 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Windows Live Writer
[2012/01/27 19:20:43 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\wsInspector

========== Purity Check ==========

< End of report >

*Extras.txt*

OTL Extras logfile created on: 01/02/2013 18:55:31 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\David\Documents\Desktop Computer\Malware removal Jan-13
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 0.91 Gb Available Physical Memory | 45.70% Memory free
4.00 Gb Paging File | 2.86 Gb Available in Paging File | 71.47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 454.80 Gb Total Space | 306.34 Gb Free Space | 67.36% Space Free | Partition Type: NTFS

Computer Name: DAVID-PC | User Name: David | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3695665762-3537947497-2156790703-1000\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = ComFile] -- Reg Error: Key error. File not found
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
.pif [@ = piffile] -- Reg Error: Key error. File not found
.vbs [@ = VBSFile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ALDI Print Software] -- "C:\Program Files\ALDI\ALDI Print Software\ALDI Print Software.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{311365CF-67BF-4D23-8D6C-B1A4CA14EB27}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{398280C6-4487-4408-AE8F-2E90FE0270CB}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{C4693104-1DC7-48EC-ACAC-FF713AACAA38}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{CCB0B16E-0B84-4828-B255-DD575220022B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{CCD57AD8-32DC-403C-8C0D-DCD1DD6060AF}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00E915A2-12EF-4B68-8932-903B490626CE}" = protocol=6 | dir=in | app=c:\program files\avg\avg8\avgui.exe | 
"{05A892CA-25AC-4F9A-A40C-49705CC4B7E1}" = protocol=6 | dir=in | app=c:\program files\hobbyist software\off-helper\off-service.exe | 
"{1459C366-1DE7-4539-9402-6D11A23E41DD}" = protocol=17 | dir=in | app=c:\program files\pure flow server\twonkymediaserver.exe | 
"{149806A8-F15E-4A92-AC83-25430D4732D2}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3.exe | 
"{151831E5-517C-49C1-97D1-9BC8AEF3ECFE}" = protocol=6 | dir=in | app=c:\program files\hobbyist software\off-helper\mdnsresponder.exe | 
"{1B31C503-B58F-405B-81CC-02FFEDB2829F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{1E6C1969-69C7-4F1A-8DCE-330926F648CA}" = protocol=6 | dir=in | app=c:\program files\pure flow server\twonkymediaserverwatchdog.exe | 
"{1EE03891-0A61-4940-9164-8BD6F38013D6}" = protocol=17 | dir=in | app=c:\program files\hobbyist software\off-helper\dnssd-hobbyist.dll | 
"{1F41A23A-31E0-49CA-9C09-E8BD9AF03F96}" = protocol=6 | dir=in | app=c:\program files\mypoi manager\mypoimanager.exe | 
"{1FCA5921-DD70-4F81-B300-964CBE7FFD3C}" = protocol=17 | dir=in | app=c:\program files\hobbyist software\off-helper\off-service.exe | 
"{215CF163-2C7A-4777-BA0B-FB43EDA7AC3F}" = dir=in | app=c:\program files\itunes.exe | 
"{26B5B3F8-6FB2-4A9E-AFF7-42766C20ACC5}" = protocol=6 | dir=in | app=c:\program files\hobbyist software\off-helper\off-service.exe | 
"{28A7C33C-8963-486F-B3E8-8BEACA3C9949}" = protocol=6 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 complete\warlords\civ4warlords.exe | 
"{29C6D6BB-7B12-4024-94DB-253EC49AD41E}" = protocol=17 | dir=in | app=c:\program files\mypoi manager\mypoimanager.exe | 
"{2BFF40E5-4113-431F-97F3-030354A5B8A0}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{2C1AC17D-7527-42B0-A218-63A444D1E552}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe | 
"{2FAB14B7-4CE3-45B4-9D72-B85ECF41BC4E}" = protocol=17 | dir=in | app=c:\program files\hobbyist software\off-helper\off-helper service.exe | 
"{30884741-33D0-4DBE-A3D4-E62B3EFD37B7}" = protocol=17 | dir=in | app=c:\program files\kontiki\kservice.exe | 
"{309C0AF1-7AC5-4B31-8E7B-347894F9BAED}" = protocol=6 | dir=in | app=c:\program files\sony\vaio media 6.0\vc.exe | 
"{35FABDF1-E1BB-4DF4-A154-E1ADD62E92BC}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3.exe | 
"{362690FC-CF53-4C91-86DD-B9F9F0781156}" = protocol=17 | dir=in | app=c:\program files\hobbyist software\off-helper\off-helper service.exe | 
"{366DAFE5-42C9-482A-A029-DFFF0147A1CB}" = protocol=17 | dir=in | app=c:\program files\avg\avg8\avgui.exe | 
"{36F6BFA1-1C2B-4A9D-81A0-8618A8AFC162}" = protocol=17 | dir=in | app=c:\program files\pure flow server\twonkymediaserverwatchdog.exe | 
"{38DC32F9-C975-49C4-B645-B5A107124D2C}" = protocol=17 | dir=in | app=c:\program files\hobbyist software\off-helper\off-service.exe | 
"{3F3E2937-561A-49AC-B429-32D7DBBB7C3F}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe | 
"{448B343F-C2DC-46A2-9DEB-E71524F862EE}" = protocol=6 | dir=in | app=c:\program files\hobbyist software\off-helper\mdnsresponder.exe | 
"{45B0BA67-D8FC-4083-BECF-4B8AA318D361}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | 
"{4C941601-63F3-4E42-A6B6-F1AC0EE553AD}" = protocol=6 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 complete\civilization4.exe | 
"{5197B009-C863-423C-8988-DBCFD55542E8}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{5722979B-AFBE-463E-B654-B18F00119DE8}" = protocol=17 | dir=in | app=c:\program files\hobbyist software\off-helper\mdnsresponder.exe | 
"{5ACF307F-7312-402E-9CF1-6CA7210E4FD1}" = protocol=17 | dir=in | app=c:\program files\hobbyist software\off-helper\off-helper service.exe | 
"{61694D64-CA91-49BF-8C18-EF82A0564466}" = protocol=6 | dir=in | app=c:\program files\google\google talk\googletalk.exe | 
"{66F63341-8BD2-445E-8A8D-AB7FF29E9552}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{67D9CEC1-DE66-43EC-ADEB-7F3323F63CAD}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{6DD80D18-C108-4CA5-A087-F3E0E707B158}" = protocol=6 | dir=in | app=c:\program files\google\google talk\googletalk.exe | 
"{70EF14E3-06EA-4408-8777-9944219095FC}" = protocol=6 | dir=in | app=c:\program files\hobbyist software\off-helper\dnssd-hobbyist.dll | 
"{71356CE1-616B-4BF7-9CBF-BB0E749E1990}" = protocol=6 | dir=in | app=c:\program files\hobbyist software\off-helper\dnssd-hobbyist.dll | 
"{7412C683-1FBC-4A03-AB4B-663711D7DD1B}" = protocol=6 | dir=in | app=c:\program files\pure flow server\twonkymediaserver.exe | 
"{747CA8DE-DF18-4D8B-9842-88DB892BDEE5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{760BE3D1-1402-4C97-9215-65E71D04F538}" = protocol=6 | dir=in | app=c:\program files\hobbyist software\off-helper\mdnsresponder.exe | 
"{7F59DF89-C0DA-4D44-A288-7919352D73FE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{87688660-F09F-4E80-97F1-E889E73D843D}" = protocol=6 | dir=in | app=c:\users\david\appdata\roaming\dropbox\bin\dropbox.exe | 
"{9108BD2A-C51D-4A2F-BBAB-6D6E5E605A78}" = protocol=17 | dir=in | app=c:\program files\sony\vaio media 6.0\vc.exe | 
"{9282580D-10F4-4E9B-88A0-810108B4B649}" = protocol=17 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 complete\civilization4.exe | 
"{957946A2-8279-4542-955E-8BD1E16C5ACF}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{9618A8AA-A97A-46C5-9A1A-492625388188}" = protocol=17 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 complete\warlords\civ4warlords.exe | 
"{9643EA54-BA96-4C92-A6DF-C55328605CC1}" = protocol=17 | dir=in | app=c:\program files\google\google talk\googletalk.exe | 
"{9B77A897-43D4-4057-B5FF-9ADF0720EF98}" = protocol=17 | dir=in | app=c:\program files\hobbyist software\off-helper\dnssd-hobbyist.dll | 
"{9DCF4D93-14E7-4258-84DD-1DB8D4CA9CAC}" = dir=in | app=c:\program files\avg\avg8\avgemc.exe | 
"{9EF67701-E00F-4CB4-9711-4A9E40A19133}" = protocol=17 | dir=in | app=c:\users\david\appdata\roaming\dropbox\bin\dropbox.exe | 
"{9FB96FF6-E7BE-47B4-BFED-E13EB605CB10}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe | 
"{A0B2C033-2704-4A4B-8DA5-CC0F685FBE86}" = protocol=17 | dir=in | app=c:\program files\hobbyist software\off-helper\off-service.exe | 
"{A21305EA-4013-4BB5-9B49-68806A5AFEB1}" = protocol=17 | dir=in | app=c:\program files\hobbyist software\off-helper\mdnsresponder.exe | 
"{A22D1D73-48D3-4F9D-BB9A-FC93203FCDDB}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{A8DE72A5-D43F-44A6-8CA5-E66A13A0BF33}" = protocol=6 | dir=in | app=c:\program files\kontiki\kservice.exe | 
"{A914EB8D-1719-40CB-81B7-DA59D1A4BE48}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{AB8BDFDE-BBEB-4254-94E6-57D4E4708964}" = protocol=6 | dir=in | app=c:\program files\hobbyist software\off-helper\off-helper.exe | 
"{B1F14093-FB9F-4C78-9C98-26189FAC8D26}" = protocol=6 | dir=in | app=c:\program files\hobbyist software\off-helper\off-service.exe | 
"{B5CB8AF1-FE93-4DA1-AB10-364393E1335C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{B72F73E5-D899-4C69-B684-3B6B0CC03B92}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{BC570BF0-F575-43E0-A98D-F069963D92BA}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{C7682AC9-F1DA-4713-BB0D-71B7F6A44F95}" = protocol=17 | dir=in | app=c:\program files\google\google talk\googletalk.exe | 
"{C85DECE7-40B7-423A-AA1B-BC6D01880E8B}" = protocol=6 | dir=in | app=c:\program files\hobbyist software\off-helper\off-helper service.exe | 
"{C8DBF332-C873-4223-8FBE-E45A05466C13}" = protocol=17 | dir=in | app=c:\program files\hobbyist software\off-helper\dnssd-hobbyist.dll | 
"{C91505A9-ADD3-45E7-81B5-AEAE9CD2FD76}" = protocol=17 | dir=in | app=c:\program files\kontiki\kservice.exe | 
"{CB6F00EB-62D4-41E9-B1E1-D7A508AA8A18}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{CC8F4626-98B8-4EC9-85C2-A47BB9F517C2}" = protocol=17 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 complete\beyond the sword\civ4beyondsword.exe | 
"{CE2E4332-1CA4-4931-8BA8-D47DC2050D6E}" = protocol=6 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 complete\beyond the sword\civ4beyondsword.exe | 
"{D5D80D56-80C3-4282-9512-74D62316F500}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{E04ED4BA-5ADB-4448-9785-ACE194F13BD3}" = protocol=17 | dir=in | app=c:\program files\hobbyist software\off-helper\off-helper.exe | 
"{E67FA325-74A5-47AE-9A63-66852F66A967}" = protocol=6 | dir=in | app=c:\program files\hobbyist software\off-helper\off-helper service.exe | 
"{ED88AB7C-6596-4786-A75D-D431065A397F}" = protocol=6 | dir=in | app=c:\program files\kontiki\kservice.exe | 
"{F32B7AC8-9ED0-40D4-BB2D-07473B510249}" = protocol=6 | dir=in | app=c:\program files\hobbyist software\off-helper\off-helper service.exe | 
"{F79CC313-8439-4C5F-8A5C-5DCF93E1B55D}" = protocol=6 | dir=in | app=c:\program files\hobbyist software\off-helper\dnssd-hobbyist.dll | 
"{FBD4B38C-0D77-4AC8-A30A-31E08079963E}" = protocol=17 | dir=in | app=c:\program files\hobbyist software\off-helper\mdnsresponder.exe | 
"TCP Query User{03939541-A96A-4E75-8DE6-13853A551263}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{06B56D3A-7944-47B2-ABA2-A525C9C70D9D}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{16FBD14B-0AAB-4693-A4A3-A9488D45BBF1}C:\program files\air mouse\air mouse\air mouse.exe" = protocol=6 | dir=in | app=c:\program files\air mouse\air mouse\air mouse.exe | 
"TCP Query User{18D6B6C7-6CEA-45E2-B96C-29586327D088}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"TCP Query User{25783026-D868-4DF4-BDA2-9A6E96077DA8}C:\program files\air mouse\air mouse\mobile mouse service.exe" = protocol=6 | dir=in | app=c:\program files\air mouse\air mouse\mobile mouse service.exe | 
"TCP Query User{36AC178C-4323-4DB9-8E91-BDAB2D204821}C:\program files\air mouse\air mouse\mobile mouse service.exe" = protocol=6 | dir=in | app=c:\program files\air mouse\air mouse\mobile mouse service.exe | 
"TCP Query User{3E93A6C3-A4D0-4DD3-9A7F-B25DD21D462F}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{449C1DE3-43E0-4BDB-9489-6072B6172147}C:\users\david\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\david\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{5122B36D-9417-466B-A934-07E6EA4B09AA}C:\program files\air mouse\air mouse\air mouse.exe" = protocol=6 | dir=in | app=c:\program files\air mouse\air mouse\air mouse.exe | 
"TCP Query User{5EDADD60-D0F9-451A-BCD2-45E7144A936A}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
"TCP Query User{60CCB461-C7B3-40FB-BE3E-26A1B83548CE}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{79C1C661-1CC7-409E-96CF-6A5D0817F4BF}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{8584E797-B6E4-4C6F-A24B-C42CB196D7BF}C:\program files\hobbyist software\off-helper\off-helper.exe" = protocol=6 | dir=in | app=c:\program files\hobbyist software\off-helper\off-helper.exe | 
"TCP Query User{979C5985-4D22-45AC-A934-5F16C8D9E9E4}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{A2AF443F-E761-48FE-BF84-03EB35C44CC4}C:\users\david\downloads\hfs.exe" = protocol=6 | dir=in | app=c:\users\david\downloads\hfs.exe | 
"TCP Query User{B2C90EAA-D328-445F-B44E-06E5A480E591}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{E90CEA1F-8B52-4345-86BD-96635868AADD}C:\users\david\downloads\hfs.exe" = protocol=6 | dir=in | app=c:\users\david\downloads\hfs.exe | 
"TCP Query User{EB59609F-76DE-4DF4-8826-1F40EDBEF8F9}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{EEC0E7AF-16CD-4E5F-810B-A7509EF71F70}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{0EC7FD5C-DFB3-4232-A8F9-467C8EF50D66}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{1C6974CF-E316-4A57-A943-E79DC0C27910}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{1D4DE177-A2D2-46CF-BA2C-45F82C2A858C}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"UDP Query User{38A5A7C8-802E-4F8E-86BD-A8AD632ED35C}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{52DB13BF-0936-49CA-BE43-753D629F5B92}C:\program files\air mouse\air mouse\air mouse.exe" = protocol=17 | dir=in | app=c:\program files\air mouse\air mouse\air mouse.exe | 
"UDP Query User{6CF77519-6C73-4BE0-9871-A8577AC6A271}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
"UDP Query User{92074D48-00D0-4E02-A267-7F5462674A16}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{A104D1BC-7767-46A0-8B49-CC51F2251CF1}C:\users\david\downloads\hfs.exe" = protocol=17 | dir=in | app=c:\users\david\downloads\hfs.exe | 
"UDP Query User{A315184F-B1DF-4AE9-9742-8C64A1247CA5}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{B072756C-09E8-41A6-8456-0E4FAD0E5E51}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"UDP Query User{B911A916-C7C2-4C33-B3E2-26C15F8604C0}C:\program files\air mouse\air mouse\air mouse.exe" = protocol=17 | dir=in | app=c:\program files\air mouse\air mouse\air mouse.exe | 
"UDP Query User{C989F439-D386-4FDF-B9EF-32F571B0A5E3}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"UDP Query User{D4331884-5B50-4EB5-95C2-26D507778D59}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{E1B5B280-6E45-4762-9BC9-119F40942E40}C:\program files\air mouse\air mouse\mobile mouse service.exe" = protocol=17 | dir=in | app=c:\program files\air mouse\air mouse\mobile mouse service.exe | 
"UDP Query User{E562642E-5147-4C3E-A8D6-92F526923C0B}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{EBAB5CBB-3514-4550-AF8F-77A514FE76DF}C:\program files\air mouse\air mouse\mobile mouse service.exe" = protocol=17 | dir=in | app=c:\program files\air mouse\air mouse\mobile mouse service.exe | 
"UDP Query User{F31163B9-4735-4661-80EA-D52339C36428}C:\program files\hobbyist software\off-helper\off-helper.exe" = protocol=17 | dir=in | app=c:\program files\hobbyist software\off-helper\off-helper.exe | 
"UDP Query User{F3DD9B62-3A12-4CC9-812A-75F00EF59500}C:\users\david\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\david\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{FF9D71AF-CA66-4FB6-9278-A74222E0B814}C:\users\david\downloads\hfs.exe" = protocol=17 | dir=in | app=c:\users\david\downloads\hfs.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{009E7FB7-1775-4D89-8956-F5C9A1C019FC}" = DSD Playback Plug-in
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
"{021AD585-5EEE-4B58-83BC-0AC86008EBC8}" = VAIO Media Registration Tool
"{023D64D7-E7B4-47C7-BE6E-B7C2E8960D08}" = Citrix online plug-in (Web)
"{065DBB54-6E55-A609-2E1E-F0617E827D53}" = Media Go Video Playback Engine 1.96.112.08260
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{07D8511D-C9FE-4A93-933F-EAA5C8F20095}" = IDT Audio
"{09A84598-E18A-4E7B-A49A-E19BB8D5C648}" = AppMon Utility
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C6DB6B9-2D17-4AA5-A207-42D28BF9F434}" = MyPoi Manager
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{0FD40A50-38AB-454F-B41E-AC365E13D06D}" = calibre
"{12D0BE8D-538C-4AB1-86DE-C540308F50DA}" = VAIO Content Metadata Manager Settings
"{133F46FF-B547-4462-AEAA-2322CA89CF67}" = VAIO Database Converter Ver 1.0
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{18510937-0146-417B-95D8-14706649C384}" = VAIO Content Metadata Manager Settings
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 30
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 11
"{28549656-3CB3-44B6-9FAB-925A18DAC796}" = VAIO Movie Story
"{28AD24E2-BC9F-49B8-A20C-31C6C2D78428}" = VAIO Database Converter 1.0
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{291FB4BF-EEC7-4CF9-8469-F39ED1DBC4D8}" = VAIO Content Metadata XML Interface Library
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{2AA48AFA-79CA-4043-BFFC-BB5BA23A9FCF}" = WD SmartWare
"{2BF9702B-52EE-4841-83C4-B5E640B6C97A}" = Media Go
"{30D1F3D2-54CF-481D-A005-F94B0E98FEEC}" = Sid Meier's Civilization 4 Complete
"{328019A7-0012-401D-96A2-4CDDD02675A8}" = Garmin POI Loader
"{33017152-D6EA-46DD-93E0-7D2679CCBB51}" = Corel WinDVD
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3B659FAD-E772-44A3-B7E7-560FF084669F}" = VAIO Smart Network
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{44653096-3E44-402E-B68E-37D77240BFA8}" = Symyx Draw 4.0.100
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"{4EA55D20-27FB-45D7-8726-147E8A5F6C62}" = VAIO MusicBox
"{500162A0-4DD5-460A-BAFD-895AAE48C532}" = VAIO Media Content Collection 6.0
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{516EF56A-048B-4AED-9906-1366639ACEEE}" = Garmin BaseCamp
"{533D0A8A-D7E7-4F15-BC9E-FF2916A6BAA7}" = DSD Direct Player
"{560F6B2E-F0DF-44E5-8190-A4A161F0E205}" = VAIO Media 6.0
"{56345504-DE57-4528-A18B-A567D1E52928}" = ArcSoft Magic-i Visual Effects
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}" = VAIO Media Redistribution 6.0
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{6332AFF1-9D9A-429C-AA03-F82749FA4F49}" = SonicStage Mastering Studio
"{63A6E9A9-A190-46D4-9430-2DB28654AFD8}" = Norton 360
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6C1EC809-88C6-4111-A6E0-0C6E203B3818}" = VAIO Movie Story 1.3 Upgrade
"{6D2576EC-A0E9-418A-A09A-409933A3B6F4}" = VAIO Camera Capture Utility
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6F8EAC65-314D-4D86-9557-BC9312AACCB0}" = Citrix online plug-in (USB)
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{785EB1D4-ECEC-4195-99B4-73C47E187721}" = VAIO Media Integrated Server 6.1
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A21C722-F259-4976-B7AA-6658E5FDEDAF}" = Google Drive
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7C404084-C5A6-42FF-B731-0BAC79A6E134}" = VAIO Original Function Settings
"{7D82704E-B217-4C6F-97E5-C77F30E81048}" = Quo v2
"{802889F8-6AF5-45A5-9764-CA5B999E50FC}" = VAIO Power Management
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{8144262B-25B4-44F6-8204-FCC8EF50179F}" = Citrix online plug-in (DV)
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{82D5BACA-3619-4D34-99DB-3A65CFB4DA33}" = DSD Direct
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{895FE43E-71C2-4FEA-94EF-B88D111495FC}" = Mobile Mouse Server
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{912B04B3-7C7C-4929-AE68-EC2A4CCB4E73}" = Microsoft Mouse and Keyboard Center
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95229EF6-F4A1-413A-BA50-668311FAFE19}" = VAIO Original Function Settings
"{98FC7A64-774B-49B5-B046-4B4EBC053FA9}" = VAIO MusicBox Sample Music
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD8B556-A69C-486E-92C1-4AA821DE13A0}" = .NET Utilities
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C1C8A04-F8CA-4472-A92D-4288CE32DE86}" = SonicStage Mastering Studio Plugins
"{9D12A8B5-9D41-4465-BF11-70719EB0CD02}" = VU5x86
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9D8BAA74-5B7D-11E2-8273-984BE15F174E}" = Evernote v. 4.6.1
"{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}" = VAIO Update
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3563827-B0DB-44DC-B037-15CC4E5E692F}" = VAIO Content Metadata XML Interface Library
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{ABA5E381-EC46-425C-86C5-5CD15BBFB4BF}" = Garmin USB Drivers
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.5)
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}" = RealDownloader
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 6.0
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story
"{B3668C08-EBB1-40F4-B4F9-4F8E13501A7D}" = VAIO Entertainment Platform
"{B3C9A441-C34D-40F3-9D3B-00EDDDAC74F1}" = Garmin Communicator Plugin
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{B66AD8F4-0951-407E-807F-C300F6970B5A}" = VAIO Media
"{B7FB0C86-41A4-4402-9A33-912C462042A0}" = Roxio Easy Media Creator Home
"{C01408FC-117C-44B7-8B0C-17794E526A01}" = Disc2Phone
"{C0482AA0-9CDF-49B4-9B39-551FD1A7A7E6}" = VAIO Movie Story 1.5 Upgrade
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240D8}" = WinZip 17.0
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF0F8D1B-5FB9-468D-BD88-E6239906D2B7}" = Click to Disc
"{D17111CB-C992-42A9-9D56-C19395102AAA}" = Garmin WebUpdater
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF0415CC-0563-407F-B560-9B7F277122C5}" = VAIO BD Menu Data
"{DF7DB916-90E5-40F2-9010-B8125EB5FD6F}" = SonicStage Mastering Studio Audio Filter
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E66BB7B9-EC7B-45A6-B479-AD43A9B32AA0}" = SonicStage Mastering Studio
"{E7C97E98-4C2D-BEAF-5D2F-CC45A2F95D90}" = Acrobat.com
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype 6.0
"{EA74A293-3FAC-4D1B-AE3A-3BD47FADDC20}" = Citrix online plug-in (HDX)
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EC37A846-53AC-4DA7-98FA-76A4E74AA900}" = SonicStage Mastering Studio Audio Filter Custom Preset
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.115
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" = 
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"{F88A7EB0-90F4-4012-9194-33AF2F1C5BF1}" = VAIO Movie Story 1.5 Upgrade
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"98157A226B40B173301B0F53C8E98C47805D5152" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"ActiveTouchMeetingClient" = Cisco WebEx Meetings
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ALDI Print Software" = ALDI Print Software
"Atlantis - Sky Patrol" = Atlantis - Sky Patrol (remove only)
"avast" = avast! Free Antivirus
"Big Fish Games Center" = Big Fish Games Center
"Big Fish Games Sudoku" = Big Fish Games Sudoku (remove only)
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module
"CanonMyPrinter" = Canon My Printer
"CCleaner" = CCleaner
"CitrixOnlinePluginPackWeb" = Citrix online plug-in - web
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"DPP" = Canon Utilities Digital Photo Professional 3.5
"dt icon module" = 
"ENTERPRISER" = Microsoft Office Enterprise 2007
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"gtfirstboot Setting Request" = 
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"Mahjong Towers Eternity" = Mahjong Towers Eternity (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"MarketingTools" = Vaio Marketing Tools
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Metalogic Finance Explorer_is1" = Metalogic Finance Explorer 4.0.1
"MFU Module" = 
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Mozilla Firefox 18.0.1 (x86 en-GB)" = Mozilla Firefox 18.0.1 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"Mystery Case Files - Prime Suspects" = Mystery Case Files - Prime Suspects (remove only)
"NVIDIA Drivers" = NVIDIA Drivers
"Off-Helper_is1" = Off-Helper 3.03
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-15-19-01
"PhotoStitch" = Canon Utilities PhotoStitch
"Picasa 3" = Picasa 3
"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
"ProcessQuickLink 2_is1" = Uniblue ProcessQuickLink 2
"PS3 Media Server" = PS3 Media Server
"Rapport_msi" = Rapport
"RealPlayer 16.0" = RealPlayer
"RemoteCaptureDC" = Canon Utilities RemoteCapture DC
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Revo Uninstaller" = Revo Uninstaller 1.92
"Shockwave" = Shockwave
"Sierra Utilities" = Sierra Utilities
"SystemRequirementsLab" = System Requirements Lab
"TwonkyMediaPURE Flow Server" = PURE Flow Server
"Update Engine" = Sony Ericsson Update Engine
"VAIO Help and Support" = 
"VAIO_My Club VAIO" = My Club VAIO
"VAIO_Photoshop" = 
"VAIO_Premiere" = 
"VAIO_Standard" = 
"Virtual Villagers" = Virtual Villagers (remove only)
"WinLiveSuite" = Windows Live Essentials
"YTdetect" = Yahoo! Detect
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3695665762-3537947497-2156790703-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 31/01/2013 04:14:15 | Computer Name = David-PC | Source = SideBySide | ID = 16842761
Description = Activation context generation failed for "C:\Program Files\WinZip\adxloader.dll.Manifest".Error
in manifest or policy file "C:\Program Files\WinZip\adxloader.dll.Manifest" on 
line 2. The manifest file root element must be assembly.

Error - 31/01/2013 12:04:31 | Computer Name = David-PC | Source = SideBySide | ID = 16842761
Description = Activation context generation failed for "C:\Program Files\WinZip\adxloader.dll.Manifest".Error
in manifest or policy file "C:\Program Files\WinZip\adxloader.dll.Manifest" on 
line 2. The manifest file root element must be assembly.

Error - 31/01/2013 12:08:26 | Computer Name = David-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files\MyPoi Manager\DelZip179.dll".Error
in manifest or policy file "C:\Program Files\MyPoi Manager\DelZip179.dll" on line
8. The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error - 31/01/2013 14:10:26 | Computer Name = David-PC | Source = SideBySide | ID = 16842761
Description = Activation context generation failed for "C:\Program Files\WinZip\adxloader.dll.Manifest".Error
in manifest or policy file "C:\Program Files\WinZip\adxloader.dll.Manifest" on 
line 2. The manifest file root element must be assembly.

Error - 31/01/2013 14:14:13 | Computer Name = David-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files\MyPoi Manager\DelZip179.dll".Error
in manifest or policy file "C:\Program Files\MyPoi Manager\DelZip179.dll" on line
8. The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error - 31/01/2013 14:17:46 | Computer Name = David-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files\Common 
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
of attribute "version" in element "assemblyIdentity" is invalid.

Error - 31/01/2013 18:58:57 | Computer Name = David-PC | Source = VSS | ID = 8194
Description =

Error - 01/02/2013 04:51:46 | Computer Name = David-PC | Source = SideBySide | ID = 16842761
Description = Activation context generation failed for "C:\Program Files\WinZip\adxloader.dll.Manifest".Error
in manifest or policy file "C:\Program Files\WinZip\adxloader.dll.Manifest" on 
line 2. The manifest file root element must be assembly.

Error - 01/02/2013 04:55:31 | Computer Name = David-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files\MyPoi Manager\DelZip179.dll".Error
in manifest or policy file "C:\Program Files\MyPoi Manager\DelZip179.dll" on line
8. The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error - 01/02/2013 09:18:58 | Computer Name = David-PC | Source = SideBySide | ID = 16842761
Description = Activation context generation failed for "C:\Program Files\WinZip\adxloader.dll.Manifest".Error
in manifest or policy file "C:\Program Files\WinZip\adxloader.dll.Manifest" on 
line 2. The manifest file root element must be assembly.

Error - 01/02/2013 09:22:18 | Computer Name = David-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files\MyPoi Manager\DelZip179.dll".Error
in manifest or policy file "C:\Program Files\MyPoi Manager\DelZip179.dll" on line
8. The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error - 01/02/2013 09:24:54 | Computer Name = David-PC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 18.0.1.4764 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 13c4 Start
Time: 01ce007b452a162c Termination Time: 31 Application Path: C:\Program Files\Mozilla
Firefox\firefox.exe Report Id: bbd6d53a-6c72-11e2-b4e6-001a80a16c0c

[ Media Center Events ]
Error - 21/03/2011 01:31:53 | Computer Name = David-PC | Source = Recording | ID = 19
Description = The recording schedule has been corrupted and was automatically deleted
on 03/21/2011 05:31:53. You may need to reschedule your recordings.

Error - 21/03/2011 01:31:55 | Computer Name = David-PC | Source = Recording | ID = 19
Description = The recording schedule has been corrupted and was automatically deleted
on 03/21/2011 05:31:55. You may need to reschedule your recordings.

Error - 21/03/2011 14:59:47 | Computer Name = David-PC | Source = Recording | ID = 19
Description = The recording schedule has been corrupted and was automatically deleted
on 03/21/2011 18:59:47. You may need to reschedule your recordings.

Error - 31/03/2011 15:13:42 | Computer Name = David-PC | Source = Recording | ID = 19
Description = The recording schedule has been corrupted and was automatically deleted
on 03/31/2011 20:13:42. You may need to reschedule your recordings.

Error - 31/03/2011 15:13:45 | Computer Name = David-PC | Source = Recording | ID = 19
Description = The recording schedule has been corrupted and was automatically deleted
on 03/31/2011 20:13:45. You may need to reschedule your recordings.

Error - 30/04/2011 16:27:19 | Computer Name = David-PC | Source = Recording | ID = 19
Description = The recording schedule has been corrupted and was automatically deleted
on 04/30/2011 21:27:19. You may need to reschedule your recordings.

Error - 05/05/2011 12:24:02 | Computer Name = David-PC | Source = Recording | ID = 19
Description = The recording schedule has been corrupted and was automatically deleted
on 05/05/2011 17:24:02. You may need to reschedule your recordings.

Error - 18/07/2011 16:29:00 | Computer Name = David-PC | Source = Recording | ID = 19
Description = The recording schedule has been corrupted and was automatically deleted
on 07/18/2011 21:29:00. You may need to reschedule your recordings.

Error - 04/08/2011 11:36:35 | Computer Name = David-PC | Source = Recording | ID = 19
Description = The recording schedule has been corrupted and was automatically deleted
on 08/04/2011 16:36:35. You may need to reschedule your recordings.

Error - 06/08/2011 08:27:08 | Computer Name = David-PC | Source = Recording | ID = 19
Description = The recording schedule has been corrupted and was automatically deleted
on 08/06/2011 13:27:08. You may need to reschedule your recordings.

[ OSession Events ]
Error - 09/07/2012 06:45:50 | Computer Name = David-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 98
seconds with 60 seconds of active time. This session ended with a crash.

Error - 17/07/2012 12:01:58 | Computer Name = David-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 15916
seconds with 1260 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 19/03/2009 13:34:08 | Computer Name = David-PC | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 20/03/2009 05:46:37 | Computer Name = David-PC | Source = HTTP | ID = 15016
Description =

Error - 20/03/2009 05:48:02 | Computer Name = David-PC | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 21/03/2009 08:38:52 | Computer Name = David-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 21/03/2009 08:39:00 | Computer Name = David-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 21/03/2009 08:39:03 | Computer Name = David-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 21/03/2009 08:39:06 | Computer Name = David-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 21/03/2009 08:39:09 | Computer Name = David-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 22/03/2009 06:45:43 | Computer Name = David-PC | Source = HTTP | ID = 15016
Description =

Error - 22/03/2009 06:47:04 | Computer Name = David-PC | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

< End of report >


----------



## STIG_DH (Jan 25, 2013)

Kevin

in posting log files on your forum, I am having some problems 0 could again be browser related. I believe there is a limit of the # characters, but nearly 50% of posts look like they don't get delivered (get a message saying redirecting, and it has the appearance of a 'timed out'). In some cases the post doesn't get sent. In others, when I think it isn't sent - it is.

Previous post was a case in question - it did get sent. But I'm not sure it was captured fully (ie you are still indicated as the last poster). 

Let me know if I'm doing anything wrong (or equally if it is symptomatic of my browser issues)

Thanks for your help

David


----------



## kevinf80 (Mar 21, 2006)

Re-Run







by double left click, Vista and Widows 7 users accept UAC alert.

Under the







box at the bottom, paste in the following


```
:OTL
DRV - [2010/09/07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/03/10 10:36:36 | 000,217,032 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\PCTCore.sys -- (PCTCore)
[2013/02/01 21:49:51 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\AVG10
:Commands
[emptytemp]
```

Then click







button at the top
Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
Please post that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
If you are asked to reboot the machine choose *Yes*. In this case, after the reboot, open Notepad (Start > All Programs > Accessories > Notepad), click File > Open, in the File Name box enter **.log* and press the Enter key, navigate to the *C:\_OTL\MovedFiles folder*, and open the newest *.log* file present, and copy/paste the contents of that document back here in your next post.

Regarding browser issues, reset them all back to default settings. Let me know if that helps in any way, also exactly what problems/issues remain???

Go here and reset Firefox to default: http://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-most-problems 
Go here reset Internet Explorer to default: http://support.microsoft.com/kb/923737
Go here to reset Chrome to default: http://techstrick.blogspot.co.uk/2012/06/reset-settings-of-google-chrome-in.html

Kevin...


----------



## STIG_DH (Jan 25, 2013)

Kevin

I ran the OTL run fix to remove the abherrent remnants as instructed. This is what I observed and did:

Scan completed (was unresponsive for a couple of mins owing to PC working overtime in the background as I only fired it up ca 15mins before) then resumed. Nothing else observed.

PC starts to reboot, as expected.

During reboot, the blue screen of death transiently observed again 

Start up commences as last time with "Your computer was unable to start" and request to launch Start up Repair - which i accept. 

As before Start up requests me to use a System restore point (accepted), then runs for some minutes as it goes through the motions.

It ends with a final screen but this time before hitting [Finish], I looked at the linked diagnostic report which indicates that the myriad of tests were completed successfully, and a message at the report end "Unspecified changes to system configuration may have caused the problem" .

PC reboots, and performance is close to where we started. It takes an age to fire up, hard disk is noisily working overtime, with no evidence of what is causing the digital constipation (by that i mean that little else can be done until the hard disk completes whatever it is doing after 15mins or so). After this incubation time, then relatively normal working is resumed albeit not completely as one would expect wrt browser performance and hard disk is nice and quiet again​
To demonstrate what I'm experiencing, I fired up Chrome and Windows Task Mgr 10mins after rebooting (with hard disk still churning away). I didn't launch Firefox - i would not expect it to load at all. I then took a screen shot of Chrome and WTM nearly 5mins minutes later. WTM processes have hardly changed and you can see from the tabs in Google Chrome, that some (even BBC Home page) are still loading........

Eventually I kill anything not working wait a bit more and reach a usable end point 

I hope the above provides some additional input into the problem.

What next?! I suspect malware isn't the source of my problem 

David


----------



## kevinf80 (Mar 21, 2006)

I don`t believe there are any malware issues causing the current problems that you have. The last twice we`ve run OTL fix and experienced the BSOD etc on re-boot maybe down to these two entries:

DRV - [2010/09/07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/03/10 10:36:36 | 000,217,032 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\PCTCore.sys -- (PCTCore)

Both the above were restored after the you ran the repair option, these are remnants from previous installs, even though the main applications were removed these remnants are very much active. The PCTools remnant is also running during the boot procedure.

I`m not sure that those are the only contibuting factor, but am sure they will not help and should be removed...

Reboot your system into Safemode with Networking, re-boot and continuously tap the F8 key until you see the Advanced option menu, from there choose Safe mode with Networking.

Next,

Download OTM from either of the following links and save to your Desktop:

http://oldtimer.geekstogo.com/OTM.exe.
http://www.itxassociates.com/OT-Tools/OTM.com
http://www.itxassociates.com/OT-Tools/OTM.exe

Double click *OTM.exe* to start the tool. Vista or Windows 7 users accepy UAC alert. Be aware all processes will be stopped during run, also Desktop will disappear, this will be put back on completion....


*Copy* the text from the code box belowbelow to the clipboard by highlighting *ALL* of them and *pressing CTRL + C* (or, after highlighting, right-click and choose *Copy*):


```
:Services
Avgmfx86
PCTCore
:Files
C:\Windows\System32\drivers\avgmfx86.sys
C:\Windows\System32\drivers\PCTCore.sys
:Commands
[EmptyTemp]
[CreateRestorePoint]
```

 Return to OTMoveIt3, right click in the *"Paste Instructions for Items to be Moved"* window (under the yellow bar) and choose *Paste*.
Click the red







button.
*Copy* everything in the Results window (under the green bar) to the clipboard by highlighting *ALL* of them and *pressing CTRL + C* (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close *OTM*
*Note:* If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose *Yes.*

If the machine reboots, the Results log can be found here:

*c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log*

Where mmddyyyy_hhmmss is the date of the tool run.

Let me see that log. I`d also like you to run BSOD viewer to see if there is any information to show the main cause of that recurring problem:

Please download this program *Blue Screen Viewer* and unzip "Bluescreen View.exe" to your desktop.
Next, Select Start > Right click on "Computer" and select "Properties" select "Advanced System Settings" then "Advanced" tab. From the "Start up and Recovery" section select "settings" make sure the default folder is "%SystemRoot%\Minidump".
Go back to your desktop and double click on Bluescreen Viewer to run it, if there is any info available the program will grab the most recent. Choose save from the Toolbar and copy paste to your next reply. If there is no information available try and re-create the BSOD and try again with the tool to collect the information.

One other point, Trusteer or Trusteer rapport, what is that used for?

Kevin


----------



## STIG_DH (Jan 25, 2013)

Kevin

I can only report partial success.........

In Safe Mode with Networking, downloaded OTM and performed a MoveIt.

Results immediately indicated success with avgmfx86.sys  
then thought about it, churned out results and elected for reboot. (I couldn't copy results log)

I accepted, then we went again into reboot and unable to start computer again, into Startup repair again, set restore point, and one reboot later we were back to where we started again.

I did look for the OTM Moved file - not expecting to see one, but lo and behold

*OTM results log*

All processes killed
========== SERVICES/DRIVERS ==========
Service Avgmfx86 stopped successfully!
Service Avgmfx86 deleted successfully!
Error: Unable to stop service PCTCore!
Unable to delete service\driver key PCTCore.
========== FILES ==========
C:\Windows\System32\drivers\avgmfx86.sys moved successfully.
C:\Windows\System32\drivers\PCTCore.sys moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: David
->Temp folder emptied: 144344 bytes
->Temporary Internet Files folder emptied: 77089 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 1633 bytes
->Google Chrome cache emptied: 17959840 bytes
->Flash cache emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Mcx1
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 608 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 26448520 bytes
RecycleBin emptied: 672337 bytes

Total Files Cleaned = 43.00 mb

Error creating restore point.

OTM by OldTimer - Version 3.1.21.0 log created on 02022013_172652

*
BTW*

on Jan 29 (7:48pm), an outcome from earlier activity deposited a folder on my desktop (RK_Quarantine) containing a Eula file. Probably not relevant and I'm sure you are aware of this but thought I'd tag it into my report back.

Trusteer Rapport was something installed by virtue of my online banking with a large (reputable) UK bank
http://www.trusteer.com/Products/Trusteer-Rapport-for-Online-Banking
It was a security enhancement they strongly suggested to safeguard identity/keystrokes etc and it was launched from the ban home page in answer to a routine login for online banking. It periodically throws things out for the user to say whether they are happy to proceed when a possible threat is observed.
Make sense?

What do you advise next for this pesky PCTools remnant (I guess this has to be the remaining first step!)

Can I go ahead and apply BSOD, or wait until we have achieved the 'first step'. And can i uninstall the unwanted Java 6 Updates (22 and 23)? Might make me feel useful? (But I guess not if the system keeps restoring itself.....)

David


----------



## kevinf80 (Mar 21, 2006)

Yes to the Java outdated versions, remove when you`re ready... OTM was also successful with PCTools as the driver was removed.
The folder RK_Quarantine is created when RogueKiller is run, initially the EULA file is created. If a successful run is completed it would also contain a backup of the MBR and logs etc...
Yes please run Blue Screen Viewer, it will be beneficial to know exactly what is causing the BSOD`s

Regarding Trusteer, it maybe benficial to uninstall that to see if we see any change...


----------



## STIG_DH (Jan 25, 2013)

I removed the outdated Java files which made me feel more useful

Downloaded BSOD, changed Startup and Recovery destination file fromMEMORY.DMP to Minidump.

Ran BSOD but nothing reported. Checked the bluescreenreview folder and found a BlueScreenreview.cfg (not present first time of looking) which my computer doesn't recognise how to open and so gives me web or programme association options to open it.

I've not tried another BSOD (from your initial instruction if no report found at first)

David


----------



## kevinf80 (Mar 21, 2006)

If the settings had to be altered for the dump file location it will need another BSOD for Blue Screen Viewer to post a log...

Can you Navigate *C:\Windows\MiniDump*. open the Minidump folder, are there any files inside listed similar to the following:

*010413-23509-01* The first 6 digits relate to the date of the crash. In this case 4th January 2013

If so right click on each file > Select > Send to > Compressed (zipped) Folder. That would be save in the same place as the file. Attach the latest zipped file to your reply


----------



## STIG_DH (Jan 25, 2013)

Kevin

I have a folder (Minidump) where you said it was.
On opening I was originally told I didn't have access permssions but it opened. There were no files to view.

What next?

David


----------



## STIG_DH (Jan 25, 2013)

Kevin
I recall when I did a BSOD 'overwrite previous files' was checked I'm not sure if that is of any help
David


----------



## kevinf80 (Mar 21, 2006)

What is the status of your system now, how does it respond, what issues remain?


----------



## STIG_DH (Jan 25, 2013)

Kevin

there is no doubt that things have improved - many,many thanks.

Here are my observations following a restart.

Time 1:50 - Windows 'jingle' sounded up and desktop observed - much faster!
Time 2:00 - tried to open Google Chrome
Time 3:20 - Chrome opens and within 10-15 secs the tabs stabilise and I can do things
Tried to open Firefox at this point; Firefox takes longer but does get there.

In ca 5 and half mins I'm running with both browsers.
You will appreciate that we started with 15+ mins, so I'm well chuffed 

Issues?
There was one reportable 'incident' during start up - a 'bong' noise from the computer that I have never heard before, accompanied by an icon in the tray resembling an oblong with extra lines on 2 of the corners. I guess it is reminiscent of a computer screen. I rolled the mouse over it, but as the computer was still a bit over-worked owing to start up, no detail was observed. The icon disappeared within 10-15 secs

What was it?

Next, 
the hard drive still sounds as if it having to work overtime, but settles down after 15 mins and normal service is resumed. Again - this is a big improvement on where we started 

What's your opinion - can I do anything to rectify an over-worked hard drive? 


Concluding, 
I have yet to reset IE9, Firefox and Chrome browsers aas you previously suggested. I wanted to ask - if I do this, will passwords 'remembered' by the system be lost? I'd like to avoid this if I can.... I assume that bookmarks will be retained? I noticed on the reports you asked for that the chrome (and firefox0 cache that was emptied/removed always looked very large. Was this typical given what we been doing?

I haven't taken off the Trusteer Rapport (yet) - and am happy to do this.


Again - many thanks. I'm much happier than I was, and even more so knowing that i didn't saddle the PC with anything malicious

David


----------



## kevinf80 (Mar 21, 2006)

Can you uninstall Trusteer, then re-run OTL and post fresh logs....


----------



## STIG_DH (Jan 25, 2013)

I uninstalled Rapport from the Control Panel.

Here are the log files

David

*OTL 3*

OTL logfile created on: 03/02/2013 21:46:44 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\David\Documents\Desktop Computer\Malware removal Jan-13
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 0.82 Gb Available Physical Memory | 40.92% Memory free
4.00 Gb Paging File | 2.42 Gb Available in Paging File | 60.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 454.80 Gb Total Space | 305.50 Gb Free Space | 67.17% Space Free | Partition Type: NTFS

Computer Name: DAVID-PC | User Name: David | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/30 08:27:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\David\My Documents\Desktop Computer\Malware removal Jan-13\OTL.exe
PRC - [2013/01/26 02:35:08 | 001,248,208 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2012/12/18 14:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/11/30 02:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012/11/29 20:33:04 | 000,232,608 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
PRC - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012/11/23 02:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/10/30 22:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/10/30 22:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/10/26 10:33:12 | 001,038,496 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
PRC - [2012/10/26 09:44:42 | 000,957,056 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update\VUAgent.exe
PRC - [2011/03/10 00:50:38 | 000,565,248 | ---- | M] (Microsoft) -- C:\Program Files\Hobbyist Software\Off-Helper\Off-Helper Configuration.exe
PRC - [2011/03/10 00:17:10 | 000,006,656 | ---- | M] (Microsoft) -- C:\Program Files\Hobbyist Software\Off-Helper\Off-Helper Service.exe
PRC - [2011/02/25 05:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/05/20 16:15:00 | 000,110,736 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2010/03/11 14:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2009/10/29 10:11:16 | 000,239,248 | ---- | M] (PacketVideo) -- C:\Program Files\PURE Flow Server\twonkymediaserverwatchdog.exe
PRC - [2009/10/29 10:11:12 | 000,665,232 | ---- | M] () -- C:\Program Files\PURE Flow Server\twonkymediaserver.exe
PRC - [2008/11/03 15:01:44 | 000,299,008 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Network Utility\NSUService.exe
PRC - [2007/11/09 17:34:28 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe
PRC - [2007/10/27 00:22:47 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/09/10 23:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
PRC - [2007/08/15 04:05:18 | 000,182,392 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2007/08/15 04:05:18 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe

========== Modules (No Company Name) ==========

MOD - [2013/01/26 02:35:06 | 000,460,240 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.57\ppgooglenaclpluginchrome.dll
MOD - [2013/01/26 02:35:05 | 012,459,472 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll
MOD - [2013/01/26 02:35:04 | 004,012,496 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.57\pdf.dll
MOD - [2013/01/26 02:34:19 | 000,597,968 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.57\libglesv2.dll
MOD - [2013/01/26 02:34:18 | 000,124,368 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.57\libegl.dll
MOD - [2013/01/26 02:34:16 | 001,552,848 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.57\ffmpegsumo.dll
MOD - [2013/01/11 10:18:21 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll
MOD - [2013/01/11 10:17:52 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll
MOD - [2013/01/11 10:17:12 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\68f617caf670fefc0be769a294dc4ffd\System.ServiceProcess.ni.dll
MOD - [2013/01/11 10:16:25 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013/01/11 10:15:20 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll
MOD - [2013/01/11 10:11:41 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll
MOD - [2013/01/11 10:09:32 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/01/11 10:09:04 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll
MOD - [2013/01/11 10:08:45 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013/01/11 10:08:32 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/01/11 10:08:12 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013/01/11 10:05:42 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/11 10:05:17 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012/11/29 20:36:06 | 000,060,928 | ---- | M] () -- C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Hook\rndlpepperbrowserrecordhelper.dll

========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2013/01/20 13:47:32 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/01/19 10:24:32 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/12/18 14:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2012/11/09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/10/30 22:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/10/26 09:44:42 | 000,957,056 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Update\VUAgent.exe -- (VUAgent)
SRV - [2012/01/28 06:21:35 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012/01/18 13:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2011/03/10 00:17:10 | 000,006,656 | ---- | M] (Microsoft) [Auto | Running] -- C:\Program Files\Hobbyist Software\Off-Helper\Off-Helper Service.exe -- (Off-Helper)
SRV - [2010/05/20 16:15:00 | 000,110,736 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2010/05/10 10:33:42 | 000,110,592 | ---- | M] (WDC) [Disabled | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2010/05/10 10:32:36 | 001,858,048 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME)
SRV - [2010/05/10 10:32:06 | 000,482,304 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC)
SRV - [2010/03/11 14:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009/10/29 10:11:16 | 000,239,248 | ---- | M] (PacketVideo) [Auto | Running] -- C:\Program Files\PURE Flow Server\twonkymediaserverwatchdog.exe -- (PURE Flow Server)
SRV - [2009/09/08 17:09:14 | 000,083,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper)
SRV - [2009/07/14 01:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 01:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/05/30 10:49:55 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/03/05 18:47:40 | 000,313,264 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2009/03/05 18:47:40 | 000,192,512 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2009/03/05 18:47:40 | 000,069,632 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2009/03/05 18:41:58 | 005,189,992 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2008/11/03 15:01:44 | 000,299,008 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\Network Utility\NSUService.exe -- (NSUService)
SRV - [2007/11/09 17:34:28 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe -- (uCamMonitor)
SRV - [2007/10/27 00:22:47 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/09/10 23:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2007/08/15 04:05:18 | 000,182,392 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2007/06/20 22:35:06 | 002,523,136 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2007/06/20 22:34:52 | 000,499,712 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2007/06/20 22:34:50 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-UCLS-UPnP)
SRV - [2007/06/20 22:34:50 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP)
SRV - [2007/06/20 22:34:50 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-UCLS-HTTP)
SRV - [2007/06/20 22:34:50 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP)
SRV - [2007/01/10 23:51:06 | 000,745,472 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe -- (VAIOMediaPlatform-UCLS-AppServer)
SRV - [2006/12/14 09:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 09:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 08:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Disabled | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - File not found [Kernel | Disabled | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\David\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/10/30 22:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/10/30 22:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/10/30 22:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/10/30 22:51:57 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/10/30 22:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/10/29 11:50:33 | 000,272,216 | ---- | M] () [Kernel | Disabled | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus32_43926.sys -- (RapportCerberus_43926)
DRV - [2012/10/15 16:59:28 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2012/08/09 13:55:05 | 000,025,200 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2012/08/09 13:55:05 | 000,012,400 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2011/10/07 17:52:18 | 000,021,504 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0)
DRV - [2010/11/20 10:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 09:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/09/07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/03/10 10:36:36 | 000,217,032 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/10/05 09:08:42 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2009/07/13 22:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/13 22:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2008/05/06 15:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2007/12/20 15:52:06 | 000,017,408 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV - [2007/11/23 14:59:43 | 000,841,472 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVerM115S.sys -- (AVerM115S)
DRV - [2007/11/08 03:04:27 | 000,073,472 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FLx86.sys -- (R5U870FLx86)
DRV - [2007/11/08 03:04:27 | 000,043,904 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FUx86.sys -- (R5U870FUx86)
DRV - [2007/11/07 00:16:12 | 007,626,400 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/10/27 00:22:55 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/09/20 00:12:57 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/09/19 21:38:18 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
DRV - [2007/08/29 01:58:45 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
DRV - [2007/06/06 00:00:39 | 000,812,544 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2007/05/26 08:03:06 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2007/04/24 08:33:46 | 000,100,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125mgmt.sys -- (s125mgmt)
DRV - [2007/04/24 08:33:46 | 000,098,696 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125obex.sys -- (s125obex)
DRV - [2007/04/24 08:33:44 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125mdm.sys -- (s125mdm)
DRV - [2007/04/24 08:33:42 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125mdfl.sys -- (s125mdfl)
DRV - [2007/04/24 08:33:34 | 000,083,336 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125bus.sys -- (s125bus)
DRV - [2007/04/17 20:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{8D835501-C37D-4043-AD6C-A23EB260A8CD}: "URL" = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\..\SearchScopes\{8D835501-C37D-4043-AD6C-A23EB260A8CD}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GPEA_en-GB
IE - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\..\SearchScopes\{D8B9925B-7A40-427C-A6EA-191BC3A43307}: "URL" = http://uk.ask.com/web?q={searchTerms}&qsrc=0&o=0&l=dir&dm=all
IE - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: %7B195A3098-0BD5-4e90-AE22-BA1C540AFD1E%7D:4.0.4
FF - prefs.js..extensions.enabledAddons: %7BE0B8C461-F8FB-49b4-8373-FE32E9252800%7D:5.4.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/11/20 08:34:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/01/16 11:18:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/01/16 11:18:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/19 10:24:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/01/19 10:24:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/19 10:24:34 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/01/19 10:24:22 | 000,000,000 | ---D | M]

[2012/01/27 19:20:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\David\AppData\Roaming\Mozilla\Extensions
[2013/01/31 20:50:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\wf9gy7j5.default\extensions
[2012/12/01 13:19:35 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\wf9gy7j5.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2012/01/27 19:20:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\wf9gy7j5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/01/27 19:20:20 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\wf9gy7j5.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2013/01/14 17:09:38 | 000,000,000 | ---D | M] (Evernote Web Clipper) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\wf9gy7j5.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
[2012/02/10 15:52:35 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\wf9gy7j5.default\extensions\[email protected]
[2013/01/14 18:31:15 | 000,579,823 | ---- | M] () (No name found) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\wf9gy7j5.default\extensions\{6C4BAFB6-2AC2-4405-A98D-546B55B3AE92}.xpi
[2013/01/31 20:50:33 | 000,817,973 | ---- | M] () (No name found) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\wf9gy7j5.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/01/19 10:24:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/01/19 10:24:33 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/03/10 23:01:02 | 000,124,272 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CCMSDK.dll
[2010/03/10 23:02:52 | 000,070,512 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2010/03/10 23:01:48 | 000,091,504 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
[2010/03/10 23:01:24 | 000,022,384 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
[2008/06/19 09:16:24 | 000,118,784 | ---- | M] (CANON INC.) -- C:\Program Files\mozilla firefox\plugins\MyCamera.dll
[2008/06/19 09:16:24 | 000,053,248 | ---- | M] (CANON INC.) -- C:\Program Files\mozilla firefox\plugins\NPCIG.dll
[2010/03/10 23:40:56 | 000,423,248 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
[2013/01/16 11:17:26 | 000,124,056 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2010/03/10 23:02:48 | 000,023,920 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll

========== Chrome ==========

CHR - homepage: http://www.bbc.co.uk/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.bbc.co.uk/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Canon Online Photo Plugin Module (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPCIG.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Users\David\AppData\Roaming\Mozilla\plugins\npatgpc.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll
CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\Mozilla Plugins\npitunes.dll
CHR - plugin: Media Go Detector (Enabled) = C:\Program Files\Sony\Media Go\npmediago.dll
CHR - plugin: PlayStation(R)Network Downloader Check Plug-in (Enabled) = C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Drive = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Kingdom Rush = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckmfhhjalnddapegkbbohfaodgbnocim\1.0.7.3_0\
CHR - Extension: Google Search = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
CHR - Extension: RealDownloader = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0\
CHR - Extension: Wave theme = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgahidbcmoibbodajeakkjpocflpnad\1.32_0\
CHR - Extension: SlideRocket = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\omeengfjefdmhnkojnfmncpfdbhnecea\2.0.2_0\
CHR - Extension: Evernote Web Clipper = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\5.9.5_0\
CHR - Extension: Gmail = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/01/31 19:09:59 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Evernote extension) - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google BAE\BAE.dll (Your Company Name)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Hobbyist Software On-Off Helper] C:\Program Files\Hobbyist Software\Off-Helper\Off-Helper Configuration.exe (Microsoft)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Evernote 4 - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: New Note - C:\Program Files\Evernote\Evernote\\EvernoteIERes\NewNote.html ()
O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Java Plug-in 10.11.2)
O16 - DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Java Plug-in 1.7.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Java Plug-in 1.7.0_11)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B8E8EBE0-C1DD-4A83-86D6-F9C48AD53AA8}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B8E8EBE0-C1DD-4A83-86D6-F9C48AD53AA8}: NameServer = 192.168.2.1,89.16.173.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C2AADC08-9101-4CD2-9A9F-4AEA51038AE5}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Backgrounds\01931_desertsunlight_1920x1080.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Backgrounds\01931_desertsunlight_1920x1080.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\...com [@ = ComFile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/03 21:41:10 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/02/03 09:32:34 | 000,261,024 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/02/02 17:26:52 | 000,000,000 | ---D | C] -- C:\_OTM
[2013/01/31 20:24:55 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZipEC
[2013/01/31 20:24:47 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\assembly
[2013/01/31 19:10:21 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/01/31 19:06:23 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/01/31 19:06:23 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\temp
[2013/01/31 08:38:45 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/01/31 08:38:45 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/01/31 08:38:45 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/01/31 08:38:33 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/01/31 08:37:56 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/01/31 07:52:27 | 005,029,270 | R--- | C] (Swearware) -- C:\Users\David\Desktop\ComboFix.exe
[2013/01/30 11:30:44 | 000,000,000 | ---D | C] -- C:\Users\David\Documents\mbar-1.01.0.1017
[2013/01/30 10:26:30 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/01/29 19:48:16 | 000,000,000 | ---D | C] -- C:\Users\David\Desktop\RK_Quarantine
[2013/01/29 18:40:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
[2013/01/26 18:27:40 | 000,000,000 | ---D | C] -- C:\Users\David\Documents\AstraZeneca Employment
[2013/01/25 15:41:52 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\WinZip
[2013/01/25 15:41:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2013/01/25 15:40:52 | 000,000,000 | ---D | C] -- C:\Users\David\Documents\Add-in Express
[2013/01/25 15:40:30 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2013/01/25 15:40:10 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2013/01/24 11:09:17 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\Programs
[2013/01/21 19:11:15 | 000,000,000 | ---D | C] -- C:\Users\David\Documents\Sony
[2013/01/20 13:42:06 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/01/20 13:42:06 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/01/20 13:42:06 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/01/19 10:24:08 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/01/16 11:18:56 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\RealNetworks
[2013/01/16 11:18:04 | 000,000,000 | ---D | C] -- C:\Program Files\RealNetworks
[2013/01/16 11:17:59 | 000,000,000 | ---D | C] -- C:\ProgramData\RealNetworks
[2013/01/16 11:17:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2013/01/16 11:17:37 | 000,201,424 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2013/01/16 11:17:20 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2013/01/16 11:17:20 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2013/01/16 11:17:19 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
[2013/01/16 11:17:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
[2013/01/16 11:12:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2013/01/09 12:39:37 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/01/09 12:38:55 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2013/01/09 12:38:55 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013/01/09 12:38:51 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2013/01/09 12:38:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/01/09 12:38:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2013/01/09 12:38:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/01/09 12:38:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2013/01/09 12:38:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2013/01/09 12:38:47 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2013/01/09 12:38:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/01/09 12:38:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2013/01/09 12:38:46 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2013/01/09 12:38:46 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2013/01/09 12:38:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/01/09 12:38:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2013/01/09 12:38:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/09 12:38:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2013/01/09 12:38:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2013/01/09 12:38:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2013/01/09 12:38:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2013/01/09 12:38:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2013/01/09 12:38:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2013/01/09 12:38:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2013/01/09 12:38:42 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2013/01/09 12:38:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2013/01/09 12:38:41 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2013/01/09 12:38:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2013/01/09 12:38:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/01/09 12:38:38 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2013/01/09 12:38:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2013/01/09 12:37:43 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\System32\oflc-nz.rs
[2013/01/09 12:37:43 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\System32\csrr.rs
[2013/01/09 12:37:42 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\System32\fpb.rs
[2013/01/09 12:37:42 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\System32\cob-au.rs
[2013/01/09 12:37:41 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\System32\pegibbfc.rs
[2013/01/09 12:37:41 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\System32\usk.rs
[2013/01/09 12:37:41 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\System32\djctq.rs
[2013/01/09 12:37:40 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\System32\grb.rs
[2013/01/09 12:37:39 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi-pt.rs
[2013/01/09 12:37:39 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi.rs
[2013/01/09 12:37:38 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2013/01/09 12:37:36 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wpc.dll
[2013/01/09 12:37:24 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\System32\esrb.rs
[2013/01/09 12:37:21 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi-fi.rs
[2013/01/09 12:37:20 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\System32\oflc.rs
[2013/01/09 12:37:19 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\System32\cero.rs
[2013/01/09 12:36:32 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2013/01/09 12:36:28 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
[2012/01/16 17:22:16 | 000,293,736 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesOutlookAddIn.dll
[2012/01/16 17:22:12 | 000,421,736 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesHelper.exe
[2012/01/16 17:22:12 | 000,403,304 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesAdmin.dll
[2012/01/16 17:22:12 | 000,156,520 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesHelper.dll
[2012/01/16 17:22:12 | 000,124,776 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesMiniPlayer.dll
[2012/01/16 17:22:08 | 009,777,000 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunes.exe
[2012/01/16 17:22:04 | 020,868,968 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunes.dll
[2012/01/16 17:22:02 | 003,035,520 | ---- | C] (Gracenote, Inc.) -- C:\Program Files\gnsdk_dsp.dll
[2012/01/16 17:22:02 | 002,010,984 | ---- | C] (Apple Inc.) -- C:\Program Files\iPodUpdaterExt.dll
[2012/01/16 17:22:02 | 000,803,200 | ---- | C] (Gracenote, Inc.) -- C:\Program Files\gnsdk_sdkmanager.dll
[2012/01/16 17:22:02 | 000,287,104 | ---- | C] (Gracenote, Inc.) -- C:\Program Files\gnsdk_submit.dll
[2012/01/16 17:22:02 | 000,246,144 | ---- | C] (Gracenote, Inc.) -- C:\Program Files\gnsdk_musicid.dll
[2011/11/14 20:16:44 | 000,112,488 | ---- | C] (Apple Inc.) -- C:\Program Files\ITDetector.ocx

========== Files - Modified Within 30 Days ==========

[2013/02/03 21:47:05 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/02/03 21:33:22 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/03 21:31:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/03 16:50:32 | 000,009,728 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/03 16:50:32 | 000,009,728 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/03 16:40:52 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/03 16:40:28 | 1609,375,744 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/03 12:44:28 | 000,000,820 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2013/02/02 17:47:14 | 000,002,039 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/02/02 17:47:11 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013/02/02 06:34:23 | 000,185,564 | ---- | M] () -- C:\Users\David\Desktop\Chrome - WTM several minutes later.png
[2013/01/31 22:57:04 | 000,007,607 | ---- | M] () -- C:\Users\David\AppData\Local\Resmon.ResmonCfg
[2013/01/31 19:09:59 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/01/31 18:32:46 | 005,029,270 | R--- | M] (Swearware) -- C:\Users\David\Desktop\ComboFix.exe
[2013/01/30 20:38:19 | 000,041,799 | ---- | M] () -- C:\Users\David\AppData\Roaming\nvModes.dat
[2013/01/30 20:38:17 | 000,041,799 | ---- | M] () -- C:\Users\David\AppData\Roaming\nvModes.001
[2013/01/29 16:59:11 | 000,000,115 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013/01/26 18:18:16 | 000,639,696 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/01/26 18:18:16 | 000,115,078 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/01/25 15:41:22 | 000,002,281 | ---- | M] () -- C:\Users\Public\Desktop\WinZip.lnk
[2013/01/24 11:44:33 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/20 13:47:29 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/01/20 13:47:29 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/01/20 13:47:14 | 015,739,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe
[2013/01/20 13:30:53 | 000,002,205 | ---- | M] () -- C:\Users\David\Desktop\Google Chrome.lnk
[2013/01/19 11:25:19 | 000,000,963 | ---- | M] () -- C:\Users\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/01/17 01:28:58 | 000,232,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2013/01/16 11:18:16 | 000,001,016 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2013/01/16 11:17:37 | 000,201,424 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2013/01/16 11:17:20 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2013/01/16 11:17:20 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2013/01/16 11:17:19 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
[2013/01/12 03:30:20 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/01/12 03:26:19 | 000,261,024 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/01/12 03:26:16 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/01/12 03:24:49 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/01/11 10:09:46 | 000,001,017 | ---- | M] () -- C:\Users\David\Desktop\Dropbox.lnk
[2013/01/11 09:59:01 | 000,484,480 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2013/02/02 06:34:23 | 000,185,564 | ---- | C] () -- C:\Users\David\Desktop\Chrome - WTM several minutes later.png
[2013/01/31 08:38:45 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/01/31 08:38:45 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/01/31 08:38:45 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/01/31 08:38:45 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/01/31 08:38:45 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/01/29 16:58:45 | 000,000,115 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013/01/25 15:41:22 | 000,002,281 | ---- | C] () -- C:\Users\Public\Desktop\WinZip.lnk
[2013/01/24 11:44:33 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/20 13:38:04 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/20 13:27:36 | 000,007,607 | ---- | C] () -- C:\Users\David\AppData\Local\Resmon.ResmonCfg
[2013/01/16 11:18:16 | 000,001,016 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2012/01/27 19:49:01 | 000,021,924 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2011/11/14 20:15:32 | 000,064,083 | ---- | C] () -- C:\Program Files\Acknowledgements.rtf
[2011/04/30 07:27:36 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/04/30 07:27:36 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2010/01/30 10:11:12 | 000,025,773 | ---- | C] () -- C:\Users\David\AppData\Roaming\UserTile.png
[2009/12/08 21:14:18 | 000,000,255 | ---- | C] () -- C:\Users\David\SyncDocs.conf
[2009/03/13 16:51:59 | 000,003,272 | ---- | C] () -- C:\Users\David\TutorialOpen.xba
[2008/10/22 14:33:00 | 000,001,414 | ---- | C] () -- C:\Users\David\AppData\Roaming\wklnhst.dat
[2008/10/04 21:22:58 | 000,041,799 | ---- | C] () -- C:\Users\David\AppData\Roaming\nvModes.dat
[2008/10/04 21:22:58 | 000,041,799 | ---- | C] () -- C:\Users\David\AppData\Roaming\nvModes.001

========== ZeroAccess Check ==========

[2009/07/14 04:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 12:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 01:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/02/03 01:39:39 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\AVG10
[2012/01/27 19:19:54 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\calibre
[2012/01/27 19:19:54 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Canon
[2012/01/27 19:19:54 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\CD-LabelPrint
[2012/01/27 19:19:55 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Chilirec
[2012/01/27 19:19:57 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/01/27 19:19:57 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\DriverCure
[2013/01/30 13:55:29 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Dropbox
[2012/05/12 18:11:29 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\GARMIN
[2012/09/23 15:03:59 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\ICAClient
[2012/01/27 19:19:57 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\InterVideo
[2012/02/05 12:47:10 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\IsolatedStorage
[2012/01/27 19:20:06 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\MessengerGadget
[2012/01/27 19:20:23 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\OpenOffice.org
[2010/01/30 10:11:11 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\PeerNetworking
[2013/01/16 13:53:33 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\PrimoPDF
[2012/02/14 17:34:40 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Quo2
[2012/05/18 17:33:15 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Sony
[2012/02/05 12:44:29 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Symyx
[2012/01/31 18:14:44 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\SystemRequirementsLab
[2012/01/27 19:20:43 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Teleca
[2012/01/27 19:20:43 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Template
[2013/01/31 11:39:41 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\webex
[2012/03/06 11:28:41 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Windows Live Writer
[2012/01/27 19:20:43 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\wsInspector

========== Purity Check ==========

< End of report >

*Extras 3*

OTL Extras logfile created on: 03/02/2013 21:46:44 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\David\Documents\Desktop Computer\Malware removal Jan-13
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 0.82 Gb Available Physical Memory | 40.92% Memory free
4.00 Gb Paging File | 2.42 Gb Available in Paging File | 60.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 454.80 Gb Total Space | 305.50 Gb Free Space | 67.17% Space Free | Partition Type: NTFS

Computer Name: DAVID-PC | User Name: David | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3695665762-3537947497-2156790703-1000\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = ComFile] -- Reg Error: Key error. File not found
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
.pif [@ = piffile] -- Reg Error: Key error. File not found
.vbs [@ = VBSFile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ALDI Print Software] -- "C:\Program Files\ALDI\ALDI Print Software\ALDI Print Software.exe" "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{311365CF-67BF-4D23-8D6C-B1A4CA14EB27}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{398280C6-4487-4408-AE8F-2E90FE0270CB}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{C4693104-1DC7-48EC-ACAC-FF713AACAA38}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{CCB0B16E-0B84-4828-B255-DD575220022B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{CCD57AD8-32DC-403C-8C0D-DCD1DD6060AF}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00E915A2-12EF-4B68-8932-903B490626CE}" = protocol=6 | dir=in | app=c:\program files\avg\avg8\avgui.exe | 
"{05A892CA-25AC-4F9A-A40C-49705CC4B7E1}" = protocol=6 | dir=in | app=c:\program files\hobbyist software\off-helper\off-service.exe | 
"{1459C366-1DE7-4539-9402-6D11A23E41DD}" = protocol=17 | dir=in | app=c:\program files\pure flow server\twonkymediaserver.exe | 
"{149806A8-F15E-4A92-AC83-25430D4732D2}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3.exe | 
"{151831E5-517C-49C1-97D1-9BC8AEF3ECFE}" = protocol=6 | dir=in | app=c:\program files\hobbyist software\off-helper\mdnsresponder.exe | 
"{1B31C503-B58F-405B-81CC-02FFEDB2829F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{1E6C1969-69C7-4F1A-8DCE-330926F648CA}" = protocol=6 | dir=in | app=c:\program files\pure flow server\twonkymediaserverwatchdog.exe | 
"{1EE03891-0A61-4940-9164-8BD6F38013D6}" = protocol=17 | dir=in | app=c:\program files\hobbyist software\off-helper\dnssd-hobbyist.dll | 
"{1F41A23A-31E0-49CA-9C09-E8BD9AF03F96}" = protocol=6 | dir=in | app=c:\program files\mypoi manager\mypoimanager.exe | 
"{1FCA5921-DD70-4F81-B300-964CBE7FFD3C}" = protocol=17 | dir=in | app=c:\program files\hobbyist software\off-helper\off-service.exe | 
"{215CF163-2C7A-4777-BA0B-FB43EDA7AC3F}" = dir=in | app=c:\program files\itunes.exe | 
"{26B5B3F8-6FB2-4A9E-AFF7-42766C20ACC5}" = protocol=6 | dir=in | app=c:\program files\hobbyist software\off-helper\off-service.exe | 
"{28A7C33C-8963-486F-B3E8-8BEACA3C9949}" = protocol=6 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 complete\warlords\civ4warlords.exe | 
"{29C6D6BB-7B12-4024-94DB-253EC49AD41E}" = protocol=17 | dir=in | app=c:\program files\mypoi manager\mypoimanager.exe | 
"{2BFF40E5-4113-431F-97F3-030354A5B8A0}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{2C1AC17D-7527-42B0-A218-63A444D1E552}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe | 
"{2FAB14B7-4CE3-45B4-9D72-B85ECF41BC4E}" = protocol=17 | dir=in | app=c:\program files\hobbyist software\off-helper\off-helper service.exe | 
"{30884741-33D0-4DBE-A3D4-E62B3EFD37B7}" = protocol=17 | dir=in | app=c:\program files\kontiki\kservice.exe | 
"{309C0AF1-7AC5-4B31-8E7B-347894F9BAED}" = protocol=6 | dir=in | app=c:\program files\sony\vaio media 6.0\vc.exe | 
"{35FABDF1-E1BB-4DF4-A154-E1ADD62E92BC}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3.exe | 
"{362690FC-CF53-4C91-86DD-B9F9F0781156}" = protocol=17 | dir=in | app=c:\program files\hobbyist software\off-helper\off-helper service.exe | 
"{366DAFE5-42C9-482A-A029-DFFF0147A1CB}" = protocol=17 | dir=in | app=c:\program files\avg\avg8\avgui.exe | 
"{36F6BFA1-1C2B-4A9D-81A0-8618A8AFC162}" = protocol=17 | dir=in | app=c:\program files\pure flow server\twonkymediaserverwatchdog.exe | 
"{38DC32F9-C975-49C4-B645-B5A107124D2C}" = protocol=17 | dir=in | app=c:\program files\hobbyist software\off-helper\off-service.exe | 
"{3F3E2937-561A-49AC-B429-32D7DBBB7C3F}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe | 
"{448B343F-C2DC-46A2-9DEB-E71524F862EE}" = protocol=6 | dir=in | app=c:\program files\hobbyist software\off-helper\mdnsresponder.exe | 
"{45B0BA67-D8FC-4083-BECF-4B8AA318D361}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | 
"{4C941601-63F3-4E42-A6B6-F1AC0EE553AD}" = protocol=6 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 complete\civilization4.exe | 
"{5197B009-C863-423C-8988-DBCFD55542E8}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{5722979B-AFBE-463E-B654-B18F00119DE8}" = protocol=17 | dir=in | app=c:\program files\hobbyist software\off-helper\mdnsresponder.exe | 
"{5ACF307F-7312-402E-9CF1-6CA7210E4FD1}" = protocol=17 | dir=in | app=c:\program files\hobbyist software\off-helper\off-helper service.exe | 
"{61694D64-CA91-49BF-8C18-EF82A0564466}" = protocol=6 | dir=in | app=c:\program files\google\google talk\googletalk.exe | 
"{66F63341-8BD2-445E-8A8D-AB7FF29E9552}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{67D9CEC1-DE66-43EC-ADEB-7F3323F63CAD}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{6DD80D18-C108-4CA5-A087-F3E0E707B158}" = protocol=6 | dir=in | app=c:\program files\google\google talk\googletalk.exe | 
"{70EF14E3-06EA-4408-8777-9944219095FC}" = protocol=6 | dir=in | app=c:\program files\hobbyist software\off-helper\dnssd-hobbyist.dll | 
"{71356CE1-616B-4BF7-9CBF-BB0E749E1990}" = protocol=6 | dir=in | app=c:\program files\hobbyist software\off-helper\dnssd-hobbyist.dll | 
"{7412C683-1FBC-4A03-AB4B-663711D7DD1B}" = protocol=6 | dir=in | app=c:\program files\pure flow server\twonkymediaserver.exe | 
"{747CA8DE-DF18-4D8B-9842-88DB892BDEE5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{7F59DF89-C0DA-4D44-A288-7919352D73FE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{87688660-F09F-4E80-97F1-E889E73D843D}" = protocol=6 | dir=in | app=c:\users\david\appdata\roaming\dropbox\bin\dropbox.exe | 
"{9108BD2A-C51D-4A2F-BBAB-6D6E5E605A78}" = protocol=17 | dir=in | app=c:\program files\sony\vaio media 6.0\vc.exe | 
"{9282580D-10F4-4E9B-88A0-810108B4B649}" = protocol=17 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 complete\civilization4.exe | 
"{957946A2-8279-4542-955E-8BD1E16C5ACF}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{9618A8AA-A97A-46C5-9A1A-492625388188}" = protocol=17 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 complete\warlords\civ4warlords.exe | 
"{9643EA54-BA96-4C92-A6DF-C55328605CC1}" = protocol=17 | dir=in | app=c:\program files\google\google talk\googletalk.exe | 
"{9B77A897-43D4-4057-B5FF-9ADF0720EF98}" = protocol=17 | dir=in | app=c:\program files\hobbyist software\off-helper\dnssd-hobbyist.dll | 
"{9DCF4D93-14E7-4258-84DD-1DB8D4CA9CAC}" = dir=in | app=c:\program files\avg\avg8\avgemc.exe | 
"{9EF67701-E00F-4CB4-9711-4A9E40A19133}" = protocol=17 | dir=in | app=c:\users\david\appdata\roaming\dropbox\bin\dropbox.exe | 
"{9FB96FF6-E7BE-47B4-BFED-E13EB605CB10}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe | 
"{A0B2C033-2704-4A4B-8DA5-CC0F685FBE86}" = protocol=17 | dir=in | app=c:\program files\hobbyist software\off-helper\off-service.exe | 
"{A21305EA-4013-4BB5-9B49-68806A5AFEB1}" = protocol=17 | dir=in | app=c:\program files\hobbyist software\off-helper\mdnsresponder.exe | 
"{A22D1D73-48D3-4F9D-BB9A-FC93203FCDDB}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{A8DE72A5-D43F-44A6-8CA5-E66A13A0BF33}" = protocol=6 | dir=in | app=c:\program files\kontiki\kservice.exe | 
"{A914EB8D-1719-40CB-81B7-DA59D1A4BE48}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{AB8BDFDE-BBEB-4254-94E6-57D4E4708964}" = protocol=6 | dir=in | app=c:\program files\hobbyist software\off-helper\off-helper.exe | 
"{B1F14093-FB9F-4C78-9C98-26189FAC8D26}" = protocol=6 | dir=in | app=c:\program files\hobbyist software\off-helper\off-service.exe | 
"{B5CB8AF1-FE93-4DA1-AB10-364393E1335C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{B72F73E5-D899-4C69-B684-3B6B0CC03B92}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{BC570BF0-F575-43E0-A98D-F069963D92BA}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{C7682AC9-F1DA-4713-BB0D-71B7F6A44F95}" = protocol=17 | dir=in | app=c:\program files\google\google talk\googletalk.exe | 
"{C85DECE7-40B7-423A-AA1B-BC6D01880E8B}" = protocol=6 | dir=in | app=c:\program files\hobbyist software\off-helper\off-helper service.exe | 
"{C8DBF332-C873-4223-8FBE-E45A05466C13}" = protocol=17 | dir=in | app=c:\program files\hobbyist software\off-helper\dnssd-hobbyist.dll | 
"{C91505A9-ADD3-45E7-81B5-AEAE9CD2FD76}" = protocol=17 | dir=in | app=c:\program files\kontiki\kservice.exe | 
"{CB6F00EB-62D4-41E9-B1E1-D7A508AA8A18}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{CC8F4626-98B8-4EC9-85C2-A47BB9F517C2}" = protocol=17 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 complete\beyond the sword\civ4beyondsword.exe | 
"{CE2E4332-1CA4-4931-8BA8-D47DC2050D6E}" = protocol=6 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 complete\beyond the sword\civ4beyondsword.exe | 
"{D5D80D56-80C3-4282-9512-74D62316F500}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{E04ED4BA-5ADB-4448-9785-ACE194F13BD3}" = protocol=17 | dir=in | app=c:\program files\hobbyist software\off-helper\off-helper.exe | 
"{E67FA325-74A5-47AE-9A63-66852F66A967}" = protocol=6 | dir=in | app=c:\program files\hobbyist software\off-helper\off-helper service.exe | 
"{E7BC0394-B720-40A7-9747-47E2532857D4}" = protocol=17 | dir=in | app=c:\program files\hobbyist software\off-helper\mdnsresponder.exe | 
"{ED88AB7C-6596-4786-A75D-D431065A397F}" = protocol=6 | dir=in | app=c:\program files\kontiki\kservice.exe | 
"{F32B7AC8-9ED0-40D4-BB2D-07473B510249}" = protocol=6 | dir=in | app=c:\program files\hobbyist software\off-helper\off-helper service.exe | 
"{F79CC313-8439-4C5F-8A5C-5DCF93E1B55D}" = protocol=6 | dir=in | app=c:\program files\hobbyist software\off-helper\dnssd-hobbyist.dll | 
"{FB786D80-E515-45C2-AA85-34D11AADA676}" = protocol=6 | dir=in | app=c:\program files\hobbyist software\off-helper\mdnsresponder.exe | 
"TCP Query User{03939541-A96A-4E75-8DE6-13853A551263}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{06B56D3A-7944-47B2-ABA2-A525C9C70D9D}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{16FBD14B-0AAB-4693-A4A3-A9488D45BBF1}C:\program files\air mouse\air mouse\air mouse.exe" = protocol=6 | dir=in | app=c:\program files\air mouse\air mouse\air mouse.exe | 
"TCP Query User{18D6B6C7-6CEA-45E2-B96C-29586327D088}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"TCP Query User{25783026-D868-4DF4-BDA2-9A6E96077DA8}C:\program files\air mouse\air mouse\mobile mouse service.exe" = protocol=6 | dir=in | app=c:\program files\air mouse\air mouse\mobile mouse service.exe | 
"TCP Query User{36AC178C-4323-4DB9-8E91-BDAB2D204821}C:\program files\air mouse\air mouse\mobile mouse service.exe" = protocol=6 | dir=in | app=c:\program files\air mouse\air mouse\mobile mouse service.exe | 
"TCP Query User{3E93A6C3-A4D0-4DD3-9A7F-B25DD21D462F}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{449C1DE3-43E0-4BDB-9489-6072B6172147}C:\users\david\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\david\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{5122B36D-9417-466B-A934-07E6EA4B09AA}C:\program files\air mouse\air mouse\air mouse.exe" = protocol=6 | dir=in | app=c:\program files\air mouse\air mouse\air mouse.exe | 
"TCP Query User{5EDADD60-D0F9-451A-BCD2-45E7144A936A}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
"TCP Query User{60CCB461-C7B3-40FB-BE3E-26A1B83548CE}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{79C1C661-1CC7-409E-96CF-6A5D0817F4BF}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{8584E797-B6E4-4C6F-A24B-C42CB196D7BF}C:\program files\hobbyist software\off-helper\off-helper.exe" = protocol=6 | dir=in | app=c:\program files\hobbyist software\off-helper\off-helper.exe | 
"TCP Query User{979C5985-4D22-45AC-A934-5F16C8D9E9E4}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"TCP Query User{A2AF443F-E761-48FE-BF84-03EB35C44CC4}C:\users\david\downloads\hfs.exe" = protocol=6 | dir=in | app=c:\users\david\downloads\hfs.exe | 
"TCP Query User{B2C90EAA-D328-445F-B44E-06E5A480E591}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{E90CEA1F-8B52-4345-86BD-96635868AADD}C:\users\david\downloads\hfs.exe" = protocol=6 | dir=in | app=c:\users\david\downloads\hfs.exe | 
"TCP Query User{EB59609F-76DE-4DF4-8826-1F40EDBEF8F9}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{EEC0E7AF-16CD-4E5F-810B-A7509EF71F70}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{0EC7FD5C-DFB3-4232-A8F9-467C8EF50D66}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{1C6974CF-E316-4A57-A943-E79DC0C27910}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{1D4DE177-A2D2-46CF-BA2C-45F82C2A858C}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"UDP Query User{38A5A7C8-802E-4F8E-86BD-A8AD632ED35C}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{52DB13BF-0936-49CA-BE43-753D629F5B92}C:\program files\air mouse\air mouse\air mouse.exe" = protocol=17 | dir=in | app=c:\program files\air mouse\air mouse\air mouse.exe | 
"UDP Query User{6CF77519-6C73-4BE0-9871-A8577AC6A271}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
"UDP Query User{92074D48-00D0-4E02-A267-7F5462674A16}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{A104D1BC-7767-46A0-8B49-CC51F2251CF1}C:\users\david\downloads\hfs.exe" = protocol=17 | dir=in | app=c:\users\david\downloads\hfs.exe | 
"UDP Query User{A315184F-B1DF-4AE9-9742-8C64A1247CA5}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{B072756C-09E8-41A6-8456-0E4FAD0E5E51}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"UDP Query User{B911A916-C7C2-4C33-B3E2-26C15F8604C0}C:\program files\air mouse\air mouse\air mouse.exe" = protocol=17 | dir=in | app=c:\program files\air mouse\air mouse\air mouse.exe | 
"UDP Query User{C989F439-D386-4FDF-B9EF-32F571B0A5E3}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"UDP Query User{D4331884-5B50-4EB5-95C2-26D507778D59}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{E1B5B280-6E45-4762-9BC9-119F40942E40}C:\program files\air mouse\air mouse\mobile mouse service.exe" = protocol=17 | dir=in | app=c:\program files\air mouse\air mouse\mobile mouse service.exe | 
"UDP Query User{E562642E-5147-4C3E-A8D6-92F526923C0B}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{EBAB5CBB-3514-4550-AF8F-77A514FE76DF}C:\program files\air mouse\air mouse\mobile mouse service.exe" = protocol=17 | dir=in | app=c:\program files\air mouse\air mouse\mobile mouse service.exe | 
"UDP Query User{F31163B9-4735-4661-80EA-D52339C36428}C:\program files\hobbyist software\off-helper\off-helper.exe" = protocol=17 | dir=in | app=c:\program files\hobbyist software\off-helper\off-helper.exe | 
"UDP Query User{F3DD9B62-3A12-4CC9-812A-75F00EF59500}C:\users\david\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\david\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{FF9D71AF-CA66-4FB6-9278-A74222E0B814}C:\users\david\downloads\hfs.exe" = protocol=17 | dir=in | app=c:\users\david\downloads\hfs.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{009E7FB7-1775-4D89-8956-F5C9A1C019FC}" = DSD Playback Plug-in
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
"{021AD585-5EEE-4B58-83BC-0AC86008EBC8}" = VAIO Media Registration Tool
"{023D64D7-E7B4-47C7-BE6E-B7C2E8960D08}" = Citrix online plug-in (Web)
"{065DBB54-6E55-A609-2E1E-F0617E827D53}" = Media Go Video Playback Engine 1.96.112.08260
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{07D8511D-C9FE-4A93-933F-EAA5C8F20095}" = IDT Audio
"{09A84598-E18A-4E7B-A49A-E19BB8D5C648}" = AppMon Utility
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C6DB6B9-2D17-4AA5-A207-42D28BF9F434}" = MyPoi Manager
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{0FD40A50-38AB-454F-B41E-AC365E13D06D}" = calibre
"{12D0BE8D-538C-4AB1-86DE-C540308F50DA}" = VAIO Content Metadata Manager Settings
"{133F46FF-B547-4462-AEAA-2322CA89CF67}" = VAIO Database Converter Ver 1.0
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{18510937-0146-417B-95D8-14706649C384}" = VAIO Content Metadata Manager Settings
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 11
"{28549656-3CB3-44B6-9FAB-925A18DAC796}" = VAIO Movie Story
"{28AD24E2-BC9F-49B8-A20C-31C6C2D78428}" = VAIO Database Converter 1.0
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{291FB4BF-EEC7-4CF9-8469-F39ED1DBC4D8}" = VAIO Content Metadata XML Interface Library
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{2AA48AFA-79CA-4043-BFFC-BB5BA23A9FCF}" = WD SmartWare
"{2BF9702B-52EE-4841-83C4-B5E640B6C97A}" = Media Go
"{30D1F3D2-54CF-481D-A005-F94B0E98FEEC}" = Sid Meier's Civilization 4 Complete
"{328019A7-0012-401D-96A2-4CDDD02675A8}" = Garmin POI Loader
"{33017152-D6EA-46DD-93E0-7D2679CCBB51}" = Corel WinDVD
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3B659FAD-E772-44A3-B7E7-560FF084669F}" = VAIO Smart Network
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{44653096-3E44-402E-B68E-37D77240BFA8}" = Symyx Draw 4.0.100
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"{4EA55D20-27FB-45D7-8726-147E8A5F6C62}" = VAIO MusicBox
"{500162A0-4DD5-460A-BAFD-895AAE48C532}" = VAIO Media Content Collection 6.0
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{516EF56A-048B-4AED-9906-1366639ACEEE}" = Garmin BaseCamp
"{533D0A8A-D7E7-4F15-BC9E-FF2916A6BAA7}" = DSD Direct Player
"{560F6B2E-F0DF-44E5-8190-A4A161F0E205}" = VAIO Media 6.0
"{56345504-DE57-4528-A18B-A567D1E52928}" = ArcSoft Magic-i Visual Effects
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}" = VAIO Media Redistribution 6.0
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{6332AFF1-9D9A-429C-AA03-F82749FA4F49}" = SonicStage Mastering Studio
"{63A6E9A9-A190-46D4-9430-2DB28654AFD8}" = Norton 360
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6C1EC809-88C6-4111-A6E0-0C6E203B3818}" = VAIO Movie Story 1.3 Upgrade
"{6D2576EC-A0E9-418A-A09A-409933A3B6F4}" = VAIO Camera Capture Utility
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6F8EAC65-314D-4D86-9557-BC9312AACCB0}" = Citrix online plug-in (USB)
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{785EB1D4-ECEC-4195-99B4-73C47E187721}" = VAIO Media Integrated Server 6.1
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A21C722-F259-4976-B7AA-6658E5FDEDAF}" = Google Drive
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7C404084-C5A6-42FF-B731-0BAC79A6E134}" = VAIO Original Function Settings
"{7D82704E-B217-4C6F-97E5-C77F30E81048}" = Quo v2
"{802889F8-6AF5-45A5-9764-CA5B999E50FC}" = VAIO Power Management
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{8144262B-25B4-44F6-8204-FCC8EF50179F}" = Citrix online plug-in (DV)
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{82D5BACA-3619-4D34-99DB-3A65CFB4DA33}" = DSD Direct
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{895FE43E-71C2-4FEA-94EF-B88D111495FC}" = Mobile Mouse Server
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{912B04B3-7C7C-4929-AE68-EC2A4CCB4E73}" = Microsoft Mouse and Keyboard Center
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95229EF6-F4A1-413A-BA50-668311FAFE19}" = VAIO Original Function Settings
"{98FC7A64-774B-49B5-B046-4B4EBC053FA9}" = VAIO MusicBox Sample Music
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD8B556-A69C-486E-92C1-4AA821DE13A0}" = .NET Utilities
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C1C8A04-F8CA-4472-A92D-4288CE32DE86}" = SonicStage Mastering Studio Plugins
"{9D12A8B5-9D41-4465-BF11-70719EB0CD02}" = VU5x86
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9D8BAA74-5B7D-11E2-8273-984BE15F174E}" = Evernote v. 4.6.1
"{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}" = VAIO Update
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3563827-B0DB-44DC-B037-15CC4E5E692F}" = VAIO Content Metadata XML Interface Library
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{ABA5E381-EC46-425C-86C5-5CD15BBFB4BF}" = Garmin USB Drivers
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.5)
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}" = RealDownloader
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 6.0
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story
"{B3668C08-EBB1-40F4-B4F9-4F8E13501A7D}" = VAIO Entertainment Platform
"{B3C9A441-C34D-40F3-9D3B-00EDDDAC74F1}" = Garmin Communicator Plugin
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{B66AD8F4-0951-407E-807F-C300F6970B5A}" = VAIO Media
"{B7FB0C86-41A4-4402-9A33-912C462042A0}" = Roxio Easy Media Creator Home
"{C01408FC-117C-44B7-8B0C-17794E526A01}" = Disc2Phone
"{C0482AA0-9CDF-49B4-9B39-551FD1A7A7E6}" = VAIO Movie Story 1.5 Upgrade
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240D8}" = WinZip 17.0
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF0F8D1B-5FB9-468D-BD88-E6239906D2B7}" = Click to Disc
"{D17111CB-C992-42A9-9D56-C19395102AAA}" = Garmin WebUpdater
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF0415CC-0563-407F-B560-9B7F277122C5}" = VAIO BD Menu Data
"{DF7DB916-90E5-40F2-9010-B8125EB5FD6F}" = SonicStage Mastering Studio Audio Filter
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E66BB7B9-EC7B-45A6-B479-AD43A9B32AA0}" = SonicStage Mastering Studio
"{E7C97E98-4C2D-BEAF-5D2F-CC45A2F95D90}" = Acrobat.com
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype 6.0
"{EA74A293-3FAC-4D1B-AE3A-3BD47FADDC20}" = Citrix online plug-in (HDX)
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EC37A846-53AC-4DA7-98FA-76A4E74AA900}" = SonicStage Mastering Studio Audio Filter Custom Preset
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.115
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" = 
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"{F88A7EB0-90F4-4012-9194-33AF2F1C5BF1}" = VAIO Movie Story 1.5 Upgrade
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"98157A226B40B173301B0F53C8E98C47805D5152" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"ActiveTouchMeetingClient" = Cisco WebEx Meetings
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ALDI Print Software" = ALDI Print Software
"Atlantis - Sky Patrol" = Atlantis - Sky Patrol (remove only)
"avast" = avast! Free Antivirus
"Big Fish Games Center" = Big Fish Games Center
"Big Fish Games Sudoku" = Big Fish Games Sudoku (remove only)
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module
"CanonMyPrinter" = Canon My Printer
"CCleaner" = CCleaner
"CitrixOnlinePluginPackWeb" = Citrix online plug-in - web
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"DPP" = Canon Utilities Digital Photo Professional 3.5
"dt icon module" = 
"ENTERPRISER" = Microsoft Office Enterprise 2007
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"gtfirstboot Setting Request" = 
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"Mahjong Towers Eternity" = Mahjong Towers Eternity (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"MarketingTools" = Vaio Marketing Tools
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Metalogic Finance Explorer_is1" = Metalogic Finance Explorer 4.0.1
"MFU Module" = 
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Mozilla Firefox 18.0.1 (x86 en-GB)" = Mozilla Firefox 18.0.1 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"Mystery Case Files - Prime Suspects" = Mystery Case Files - Prime Suspects (remove only)
"NVIDIA Drivers" = NVIDIA Drivers
"Off-Helper_is1" = Off-Helper 3.03
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-15-19-01
"PhotoStitch" = Canon Utilities PhotoStitch
"Picasa 3" = Picasa 3
"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
"ProcessQuickLink 2_is1" = Uniblue ProcessQuickLink 2
"PS3 Media Server" = PS3 Media Server
"RealPlayer 16.0" = RealPlayer
"RemoteCaptureDC" = Canon Utilities RemoteCapture DC
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Revo Uninstaller" = Revo Uninstaller 1.92
"Shockwave" = Shockwave
"Sierra Utilities" = Sierra Utilities
"SystemRequirementsLab" = System Requirements Lab
"TwonkyMediaPURE Flow Server" = PURE Flow Server
"Update Engine" = Sony Ericsson Update Engine
"VAIO Help and Support" = 
"VAIO_My Club VAIO" = My Club VAIO
"VAIO_Photoshop" = 
"VAIO_Premiere" = 
"VAIO_Standard" = 
"Virtual Villagers" = Virtual Villagers (remove only)
"WinLiveSuite" = Windows Live Essentials
"YTdetect" = Yahoo! Detect
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3695665762-3537947497-2156790703-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 03/02/2013 10:10:16 | Computer Name = David-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 999

Error - 03/02/2013 10:10:17 | Computer Name = David-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 03/02/2013 10:10:17 | Computer Name = David-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2044

Error - 03/02/2013 10:10:17 | Computer Name = David-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2044

Error - 03/02/2013 10:10:18 | Computer Name = David-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 03/02/2013 10:10:18 | Computer Name = David-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3042

Error - 03/02/2013 10:10:18 | Computer Name = David-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3042

Error - 03/02/2013 13:34:22 | Computer Name = David-PC | Source = SideBySide | ID = 16842761
Description = Activation context generation failed for "C:\Program Files\WinZip\adxloader.dll.Manifest".Error
in manifest or policy file "C:\Program Files\WinZip\adxloader.dll.Manifest" on 
line 2. The manifest file root element must be assembly.

Error - 03/02/2013 13:37:54 | Computer Name = David-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files\MyPoi Manager\DelZip179.dll".Error
in manifest or policy file "C:\Program Files\MyPoi Manager\DelZip179.dll" on line
8. The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error - 03/02/2013 13:42:52 | Computer Name = David-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files\Common 
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
of attribute "version" in element "assemblyIdentity" is invalid.

Error - 03/02/2013 17:33:52 | Computer Name = David-PC | Source = Windows Backup | ID = 4103
Description =

Error - 03/02/2013 17:38:47 | Computer Name = David-PC | Source = VSS | ID = 12344
Description =

[ Media Center Events ]
Error - 21/03/2011 01:31:53 | Computer Name = David-PC | Source = Recording | ID = 19
Description = The recording schedule has been corrupted and was automatically deleted
on 03/21/2011 05:31:53. You may need to reschedule your recordings.

Error - 21/03/2011 01:31:55 | Computer Name = David-PC | Source = Recording | ID = 19
Description = The recording schedule has been corrupted and was automatically deleted
on 03/21/2011 05:31:55. You may need to reschedule your recordings.

Error - 21/03/2011 14:59:47 | Computer Name = David-PC | Source = Recording | ID = 19
Description = The recording schedule has been corrupted and was automatically deleted
on 03/21/2011 18:59:47. You may need to reschedule your recordings.

Error - 31/03/2011 15:13:42 | Computer Name = David-PC | Source = Recording | ID = 19
Description = The recording schedule has been corrupted and was automatically deleted
on 03/31/2011 20:13:42. You may need to reschedule your recordings.

Error - 31/03/2011 15:13:45 | Computer Name = David-PC | Source = Recording | ID = 19
Description = The recording schedule has been corrupted and was automatically deleted
on 03/31/2011 20:13:45. You may need to reschedule your recordings.

Error - 30/04/2011 16:27:19 | Computer Name = David-PC | Source = Recording | ID = 19
Description = The recording schedule has been corrupted and was automatically deleted
on 04/30/2011 21:27:19. You may need to reschedule your recordings.

Error - 05/05/2011 12:24:02 | Computer Name = David-PC | Source = Recording | ID = 19
Description = The recording schedule has been corrupted and was automatically deleted
on 05/05/2011 17:24:02. You may need to reschedule your recordings.

Error - 18/07/2011 16:29:00 | Computer Name = David-PC | Source = Recording | ID = 19
Description = The recording schedule has been corrupted and was automatically deleted
on 07/18/2011 21:29:00. You may need to reschedule your recordings.

Error - 04/08/2011 11:36:35 | Computer Name = David-PC | Source = Recording | ID = 19
Description = The recording schedule has been corrupted and was automatically deleted
on 08/04/2011 16:36:35. You may need to reschedule your recordings.

Error - 06/08/2011 08:27:08 | Computer Name = David-PC | Source = Recording | ID = 19
Description = The recording schedule has been corrupted and was automatically deleted
on 08/06/2011 13:27:08. You may need to reschedule your recordings.

[ OSession Events ]
Error - 09/07/2012 06:45:50 | Computer Name = David-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 98
seconds with 60 seconds of active time. This session ended with a crash.

Error - 17/07/2012 12:01:58 | Computer Name = David-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6661.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 15916
seconds with 1260 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 19/03/2009 13:34:08 | Computer Name = David-PC | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 20/03/2009 05:46:37 | Computer Name = David-PC | Source = HTTP | ID = 15016
Description =

Error - 20/03/2009 05:48:02 | Computer Name = David-PC | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 21/03/2009 08:38:52 | Computer Name = David-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 21/03/2009 08:39:00 | Computer Name = David-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 21/03/2009 08:39:03 | Computer Name = David-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 21/03/2009 08:39:06 | Computer Name = David-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 21/03/2009 08:39:09 | Computer Name = David-PC | Source = cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 22/03/2009 06:45:43 | Computer Name = David-PC | Source = HTTP | ID = 15016
Description =

Error - 22/03/2009 06:47:04 | Computer Name = David-PC | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

< End of report >


----------



## STIG_DH (Jan 25, 2013)

Here is the OTL log file (Extras to follow)

David

*OTL (3)*

OTL logfile created on: 03/02/2013 21:46:44 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\David\Documents\Desktop Computer\Malware removal Jan-13
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 0.82 Gb Available Physical Memory | 40.92% Memory free
4.00 Gb Paging File | 2.42 Gb Available in Paging File | 60.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 454.80 Gb Total Space | 305.50 Gb Free Space | 67.17% Space Free | Partition Type: NTFS

Computer Name: DAVID-PC | User Name: David | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/30 08:27:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\David\My Documents\Desktop Computer\Malware removal Jan-13\OTL.exe
PRC - [2013/01/26 02:35:08 | 001,248,208 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2012/12/18 14:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/11/30 02:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012/11/29 20:33:04 | 000,232,608 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
PRC - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012/11/23 02:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/10/30 22:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/10/30 22:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/10/26 10:33:12 | 001,038,496 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
PRC - [2012/10/26 09:44:42 | 000,957,056 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update\VUAgent.exe
PRC - [2011/03/10 00:50:38 | 000,565,248 | ---- | M] (Microsoft) -- C:\Program Files\Hobbyist Software\Off-Helper\Off-Helper Configuration.exe
PRC - [2011/03/10 00:17:10 | 000,006,656 | ---- | M] (Microsoft) -- C:\Program Files\Hobbyist Software\Off-Helper\Off-Helper Service.exe
PRC - [2011/02/25 05:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/05/20 16:15:00 | 000,110,736 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2010/03/11 14:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2009/10/29 10:11:16 | 000,239,248 | ---- | M] (PacketVideo) -- C:\Program Files\PURE Flow Server\twonkymediaserverwatchdog.exe
PRC - [2009/10/29 10:11:12 | 000,665,232 | ---- | M] () -- C:\Program Files\PURE Flow Server\twonkymediaserver.exe
PRC - [2008/11/03 15:01:44 | 000,299,008 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Network Utility\NSUService.exe
PRC - [2007/11/09 17:34:28 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe
PRC - [2007/10/27 00:22:47 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/09/10 23:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
PRC - [2007/08/15 04:05:18 | 000,182,392 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2007/08/15 04:05:18 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe

========== Modules (No Company Name) ==========

MOD - [2013/01/26 02:35:06 | 000,460,240 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.57\ppgooglenaclpluginchrome.dll
MOD - [2013/01/26 02:35:05 | 012,459,472 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll
MOD - [2013/01/26 02:35:04 | 004,012,496 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.57\pdf.dll
MOD - [2013/01/26 02:34:19 | 000,597,968 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.57\libglesv2.dll
MOD - [2013/01/26 02:34:18 | 000,124,368 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.57\libegl.dll
MOD - [2013/01/26 02:34:16 | 001,552,848 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.57\ffmpegsumo.dll
MOD - [2013/01/11 10:18:21 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll
MOD - [2013/01/11 10:17:52 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll
MOD - [2013/01/11 10:17:12 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\68f617caf670fefc0be769a294dc4ffd\System.ServiceProcess.ni.dll
MOD - [2013/01/11 10:16:25 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013/01/11 10:15:20 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll
MOD - [2013/01/11 10:11:41 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll
MOD - [2013/01/11 10:09:32 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/01/11 10:09:04 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll
MOD - [2013/01/11 10:08:45 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013/01/11 10:08:32 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/01/11 10:08:12 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013/01/11 10:05:42 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/11 10:05:17 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012/11/29 20:36:06 | 000,060,928 | ---- | M] () -- C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Hook\rndlpepperbrowserrecordhelper.dll

========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2013/01/20 13:47:32 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/01/19 10:24:32 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/12/18 14:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2012/11/09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/10/30 22:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/10/26 09:44:42 | 000,957,056 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Update\VUAgent.exe -- (VUAgent)
SRV - [2012/01/28 06:21:35 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012/01/18 13:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2011/03/10 00:17:10 | 000,006,656 | ---- | M] (Microsoft) [Auto | Running] -- C:\Program Files\Hobbyist Software\Off-Helper\Off-Helper Service.exe -- (Off-Helper)
SRV - [2010/05/20 16:15:00 | 000,110,736 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2010/05/10 10:33:42 | 000,110,592 | ---- | M] (WDC) [Disabled | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2010/05/10 10:32:36 | 001,858,048 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME)
SRV - [2010/05/10 10:32:06 | 000,482,304 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC)
SRV - [2010/03/11 14:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009/10/29 10:11:16 | 000,239,248 | ---- | M] (PacketVideo) [Auto | Running] -- C:\Program Files\PURE Flow Server\twonkymediaserverwatchdog.exe -- (PURE Flow Server)
SRV - [2009/09/08 17:09:14 | 000,083,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper)
SRV - [2009/07/14 01:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 01:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/05/30 10:49:55 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/03/05 18:47:40 | 000,313,264 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2009/03/05 18:47:40 | 000,192,512 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2009/03/05 18:47:40 | 000,069,632 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2009/03/05 18:41:58 | 005,189,992 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2008/11/03 15:01:44 | 000,299,008 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\Network Utility\NSUService.exe -- (NSUService)
SRV - [2007/11/09 17:34:28 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe -- (uCamMonitor)
SRV - [2007/10/27 00:22:47 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/09/10 23:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2007/08/15 04:05:18 | 000,182,392 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2007/06/20 22:35:06 | 002,523,136 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2007/06/20 22:34:52 | 000,499,712 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2007/06/20 22:34:50 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-UCLS-UPnP)
SRV - [2007/06/20 22:34:50 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP)
SRV - [2007/06/20 22:34:50 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-UCLS-HTTP)
SRV - [2007/06/20 22:34:50 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP)
SRV - [2007/01/10 23:51:06 | 000,745,472 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe -- (VAIOMediaPlatform-UCLS-AppServer)
SRV - [2006/12/14 09:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 09:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 08:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Disabled | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - File not found [Kernel | Disabled | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\David\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/10/30 22:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/10/30 22:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/10/30 22:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/10/30 22:51:57 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/10/30 22:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/10/29 11:50:33 | 000,272,216 | ---- | M] () [Kernel | Disabled | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus32_43926.sys -- (RapportCerberus_43926)
DRV - [2012/10/15 16:59:28 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2012/08/09 13:55:05 | 000,025,200 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2012/08/09 13:55:05 | 000,012,400 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2011/10/07 17:52:18 | 000,021,504 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0)
DRV - [2010/11/20 10:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 09:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/09/07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/03/10 10:36:36 | 000,217,032 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/10/05 09:08:42 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2009/07/13 22:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/13 22:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2008/05/06 15:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2007/12/20 15:52:06 | 000,017,408 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV - [2007/11/23 14:59:43 | 000,841,472 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVerM115S.sys -- (AVerM115S)
DRV - [2007/11/08 03:04:27 | 000,073,472 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FLx86.sys -- (R5U870FLx86)
DRV - [2007/11/08 03:04:27 | 000,043,904 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FUx86.sys -- (R5U870FUx86)
DRV - [2007/11/07 00:16:12 | 007,626,400 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/10/27 00:22:55 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/09/20 00:12:57 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/09/19 21:38:18 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
DRV - [2007/08/29 01:58:45 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
DRV - [2007/06/06 00:00:39 | 000,812,544 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2007/05/26 08:03:06 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2007/04/24 08:33:46 | 000,100,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125mgmt.sys -- (s125mgmt)
DRV - [2007/04/24 08:33:46 | 000,098,696 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125obex.sys -- (s125obex)
DRV - [2007/04/24 08:33:44 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125mdm.sys -- (s125mdm)
DRV - [2007/04/24 08:33:42 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125mdfl.sys -- (s125mdfl)
DRV - [2007/04/24 08:33:34 | 000,083,336 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125bus.sys -- (s125bus)
DRV - [2007/04/17 20:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{8D835501-C37D-4043-AD6C-A23EB260A8CD}: "URL" = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\..\SearchScopes\{8D835501-C37D-4043-AD6C-A23EB260A8CD}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GPEA_en-GB
IE - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\..\SearchScopes\{D8B9925B-7A40-427C-A6EA-191BC3A43307}: "URL" = http://uk.ask.com/web?q={searchTerms}&qsrc=0&o=0&l=dir&dm=all
IE - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: %7B195A3098-0BD5-4e90-AE22-BA1C540AFD1E%7D:4.0.4
FF - prefs.js..extensions.enabledAddons: %7BE0B8C461-F8FB-49b4-8373-FE32E9252800%7D:5.4.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/11/20 08:34:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/01/16 11:18:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/01/16 11:18:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/19 10:24:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/01/19 10:24:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/19 10:24:34 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/01/19 10:24:22 | 000,000,000 | ---D | M]

[2012/01/27 19:20:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\David\AppData\Roaming\Mozilla\Extensions
[2013/01/31 20:50:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\wf9gy7j5.default\extensions
[2012/12/01 13:19:35 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\wf9gy7j5.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2012/01/27 19:20:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\wf9gy7j5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/01/27 19:20:20 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\wf9gy7j5.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2013/01/14 17:09:38 | 000,000,000 | ---D | M] (Evernote Web Clipper) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\wf9gy7j5.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
[2012/02/10 15:52:35 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\wf9gy7j5.default\extensions\[email protected]
[2013/01/14 18:31:15 | 000,579,823 | ---- | M] () (No name found) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\wf9gy7j5.default\extensions\{6C4BAFB6-2AC2-4405-A98D-546B55B3AE92}.xpi
[2013/01/31 20:50:33 | 000,817,973 | ---- | M] () (No name found) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\wf9gy7j5.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/01/19 10:24:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/01/19 10:24:33 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/03/10 23:01:02 | 000,124,272 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CCMSDK.dll
[2010/03/10 23:02:52 | 000,070,512 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2010/03/10 23:01:48 | 000,091,504 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
[2010/03/10 23:01:24 | 000,022,384 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
[2008/06/19 09:16:24 | 000,118,784 | ---- | M] (CANON INC.) -- C:\Program Files\mozilla firefox\plugins\MyCamera.dll
[2008/06/19 09:16:24 | 000,053,248 | ---- | M] (CANON INC.) -- C:\Program Files\mozilla firefox\plugins\NPCIG.dll
[2010/03/10 23:40:56 | 000,423,248 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
[2013/01/16 11:17:26 | 000,124,056 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2010/03/10 23:02:48 | 000,023,920 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll

========== Chrome ==========

CHR - homepage: http://www.bbc.co.uk/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.bbc.co.uk/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Canon Online Photo Plugin Module (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPCIG.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Users\David\AppData\Roaming\Mozilla\plugins\npatgpc.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll
CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\Mozilla Plugins\npitunes.dll
CHR - plugin: Media Go Detector (Enabled) = C:\Program Files\Sony\Media Go\npmediago.dll
CHR - plugin: PlayStation(R)Network Downloader Check Plug-in (Enabled) = C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Drive = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Kingdom Rush = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckmfhhjalnddapegkbbohfaodgbnocim\1.0.7.3_0\
CHR - Extension: Google Search = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
CHR - Extension: RealDownloader = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0\
CHR - Extension: Wave theme = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgahidbcmoibbodajeakkjpocflpnad\1.32_0\
CHR - Extension: SlideRocket = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\omeengfjefdmhnkojnfmncpfdbhnecea\2.0.2_0\
CHR - Extension: Evernote Web Clipper = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\5.9.5_0\
CHR - Extension: Gmail = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/01/31 19:09:59 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Evernote extension) - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google BAE\BAE.dll (Your Company Name)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Hobbyist Software On-Off Helper] C:\Program Files\Hobbyist Software\Off-Helper\Off-Helper Configuration.exe (Microsoft)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Evernote 4 - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: New Note - C:\Program Files\Evernote\Evernote\\EvernoteIERes\NewNote.html ()
O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Java Plug-in 10.11.2)
O16 - DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Java Plug-in 1.7.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Java Plug-in 1.7.0_11)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B8E8EBE0-C1DD-4A83-86D6-F9C48AD53AA8}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B8E8EBE0-C1DD-4A83-86D6-F9C48AD53AA8}: NameServer = 192.168.2.1,89.16.173.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C2AADC08-9101-4CD2-9A9F-4AEA51038AE5}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Backgrounds\01931_desertsunlight_1920x1080.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Backgrounds\01931_desertsunlight_1920x1080.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\...com [@ = ComFile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/03 21:41:10 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/02/03 09:32:34 | 000,261,024 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/02/02 17:26:52 | 000,000,000 | ---D | C] -- C:\_OTM
[2013/01/31 20:24:55 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZipEC
[2013/01/31 20:24:47 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\assembly
[2013/01/31 19:10:21 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/01/31 19:06:23 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/01/31 19:06:23 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\temp
[2013/01/31 08:38:45 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/01/31 08:38:45 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/01/31 08:38:45 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/01/31 08:38:33 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/01/31 08:37:56 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/01/31 07:52:27 | 005,029,270 | R--- | C] (Swearware) -- C:\Users\David\Desktop\ComboFix.exe
[2013/01/30 11:30:44 | 000,000,000 | ---D | C] -- C:\Users\David\Documents\mbar-1.01.0.1017
[2013/01/30 10:26:30 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/01/29 19:48:16 | 000,000,000 | ---D | C] -- C:\Users\David\Desktop\RK_Quarantine
[2013/01/29 18:40:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
[2013/01/26 18:27:40 | 000,000,000 | ---D | C] -- C:\Users\David\Documents\AstraZeneca Employment
[2013/01/25 15:41:52 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\WinZip
[2013/01/25 15:41:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2013/01/25 15:40:52 | 000,000,000 | ---D | C] -- C:\Users\David\Documents\Add-in Express
[2013/01/25 15:40:30 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2013/01/25 15:40:10 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2013/01/24 11:09:17 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\Programs
[2013/01/21 19:11:15 | 000,000,000 | ---D | C] -- C:\Users\David\Documents\Sony
[2013/01/20 13:42:06 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/01/20 13:42:06 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/01/20 13:42:06 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/01/19 10:24:08 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/01/16 11:18:56 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\RealNetworks
[2013/01/16 11:18:04 | 000,000,000 | ---D | C] -- C:\Program Files\RealNetworks
[2013/01/16 11:17:59 | 000,000,000 | ---D | C] -- C:\ProgramData\RealNetworks
[2013/01/16 11:17:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2013/01/16 11:17:37 | 000,201,424 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2013/01/16 11:17:20 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2013/01/16 11:17:20 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2013/01/16 11:17:19 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
[2013/01/16 11:17:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
[2013/01/16 11:12:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2013/01/09 12:39:37 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/01/09 12:38:55 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2013/01/09 12:38:55 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013/01/09 12:38:51 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2013/01/09 12:38:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/01/09 12:38:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2013/01/09 12:38:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/01/09 12:38:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2013/01/09 12:38:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2013/01/09 12:38:47 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2013/01/09 12:38:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/01/09 12:38:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2013/01/09 12:38:46 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2013/01/09 12:38:46 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2013/01/09 12:38:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/01/09 12:38:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2013/01/09 12:38:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/09 12:38:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2013/01/09 12:38:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2013/01/09 12:38:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2013/01/09 12:38:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2013/01/09 12:38:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2013/01/09 12:38:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2013/01/09 12:38:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2013/01/09 12:38:42 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2013/01/09 12:38:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2013/01/09 12:38:41 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2013/01/09 12:38:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2013/01/09 12:38:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/01/09 12:38:38 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2013/01/09 12:38:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2013/01/09 12:37:43 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\System32\oflc-nz.rs
[2013/01/09 12:37:43 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\System32\csrr.rs
[2013/01/09 12:37:42 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\System32\fpb.rs
[2013/01/09 12:37:42 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\System32\cob-au.rs
[2013/01/09 12:37:41 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\System32\pegibbfc.rs
[2013/01/09 12:37:41 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\System32\usk.rs
[2013/01/09 12:37:41 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\System32\djctq.rs
[2013/01/09 12:37:40 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\System32\grb.rs
[2013/01/09 12:37:39 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi-pt.rs
[2013/01/09 12:37:39 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi.rs
[2013/01/09 12:37:38 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2013/01/09 12:37:36 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wpc.dll
[2013/01/09 12:37:24 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\System32\esrb.rs
[2013/01/09 12:37:21 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi-fi.rs
[2013/01/09 12:37:20 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\System32\oflc.rs
[2013/01/09 12:37:19 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\System32\cero.rs
[2013/01/09 12:36:32 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2013/01/09 12:36:28 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
[2012/01/16 17:22:16 | 000,293,736 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesOutlookAddIn.dll
[2012/01/16 17:22:12 | 000,421,736 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesHelper.exe
[2012/01/16 17:22:12 | 000,403,304 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesAdmin.dll
[2012/01/16 17:22:12 | 000,156,520 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesHelper.dll
[2012/01/16 17:22:12 | 000,124,776 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesMiniPlayer.dll
[2012/01/16 17:22:08 | 009,777,000 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunes.exe
[2012/01/16 17:22:04 | 020,868,968 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunes.dll
[2012/01/16 17:22:02 | 003,035,520 | ---- | C] (Gracenote, Inc.) -- C:\Program Files\gnsdk_dsp.dll
[2012/01/16 17:22:02 | 002,010,984 | ---- | C] (Apple Inc.) -- C:\Program Files\iPodUpdaterExt.dll
[2012/01/16 17:22:02 | 000,803,200 | ---- | C] (Gracenote, Inc.) -- C:\Program Files\gnsdk_sdkmanager.dll
[2012/01/16 17:22:02 | 000,287,104 | ---- | C] (Gracenote, Inc.) -- C:\Program Files\gnsdk_submit.dll
[2012/01/16 17:22:02 | 000,246,144 | ---- | C] (Gracenote, Inc.) -- C:\Program Files\gnsdk_musicid.dll
[2011/11/14 20:16:44 | 000,112,488 | ---- | C] (Apple Inc.) -- C:\Program Files\ITDetector.ocx

========== Files - Modified Within 30 Days ==========

[2013/02/03 21:47:05 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/02/03 21:33:22 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/03 21:31:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/03 16:50:32 | 000,009,728 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/03 16:50:32 | 000,009,728 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/03 16:40:52 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/03 16:40:28 | 1609,375,744 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/03 12:44:28 | 000,000,820 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2013/02/02 17:47:14 | 000,002,039 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/02/02 17:47:11 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013/02/02 06:34:23 | 000,185,564 | ---- | M] () -- C:\Users\David\Desktop\Chrome - WTM several minutes later.png
[2013/01/31 22:57:04 | 000,007,607 | ---- | M] () -- C:\Users\David\AppData\Local\Resmon.ResmonCfg
[2013/01/31 19:09:59 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/01/31 18:32:46 | 005,029,270 | R--- | M] (Swearware) -- C:\Users\David\Desktop\ComboFix.exe
[2013/01/30 20:38:19 | 000,041,799 | ---- | M] () -- C:\Users\David\AppData\Roaming\nvModes.dat
[2013/01/30 20:38:17 | 000,041,799 | ---- | M] () -- C:\Users\David\AppData\Roaming\nvModes.001
[2013/01/29 16:59:11 | 000,000,115 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013/01/26 18:18:16 | 000,639,696 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/01/26 18:18:16 | 000,115,078 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/01/25 15:41:22 | 000,002,281 | ---- | M] () -- C:\Users\Public\Desktop\WinZip.lnk
[2013/01/24 11:44:33 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/20 13:47:29 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/01/20 13:47:29 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/01/20 13:47:14 | 015,739,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe
[2013/01/20 13:30:53 | 000,002,205 | ---- | M] () -- C:\Users\David\Desktop\Google Chrome.lnk
[2013/01/19 11:25:19 | 000,000,963 | ---- | M] () -- C:\Users\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/01/17 01:28:58 | 000,232,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2013/01/16 11:18:16 | 000,001,016 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2013/01/16 11:17:37 | 000,201,424 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2013/01/16 11:17:20 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2013/01/16 11:17:20 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2013/01/16 11:17:19 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
[2013/01/12 03:30:20 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/01/12 03:26:19 | 000,261,024 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/01/12 03:26:16 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/01/12 03:24:49 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/01/11 10:09:46 | 000,001,017 | ---- | M] () -- C:\Users\David\Desktop\Dropbox.lnk
[2013/01/11 09:59:01 | 000,484,480 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2013/02/02 06:34:23 | 000,185,564 | ---- | C] () -- C:\Users\David\Desktop\Chrome - WTM several minutes later.png
[2013/01/31 08:38:45 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/01/31 08:38:45 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/01/31 08:38:45 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/01/31 08:38:45 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/01/31 08:38:45 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/01/29 16:58:45 | 000,000,115 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013/01/25 15:41:22 | 000,002,281 | ---- | C] () -- C:\Users\Public\Desktop\WinZip.lnk
[2013/01/24 11:44:33 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/20 13:38:04 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/20 13:27:36 | 000,007,607 | ---- | C] () -- C:\Users\David\AppData\Local\Resmon.ResmonCfg
[2013/01/16 11:18:16 | 000,001,016 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2012/01/27 19:49:01 | 000,021,924 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2011/11/14 20:15:32 | 000,064,083 | ---- | C] () -- C:\Program Files\Acknowledgements.rtf
[2011/04/30 07:27:36 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/04/30 07:27:36 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2010/01/30 10:11:12 | 000,025,773 | ---- | C] () -- C:\Users\David\AppData\Roaming\UserTile.png
[2009/12/08 21:14:18 | 000,000,255 | ---- | C] () -- C:\Users\David\SyncDocs.conf
[2009/03/13 16:51:59 | 000,003,272 | ---- | C] () -- C:\Users\David\TutorialOpen.xba
[2008/10/22 14:33:00 | 000,001,414 | ---- | C] () -- C:\Users\David\AppData\Roaming\wklnhst.dat
[2008/10/04 21:22:58 | 000,041,799 | ---- | C] () -- C:\Users\David\AppData\Roaming\nvModes.dat
[2008/10/04 21:22:58 | 000,041,799 | ---- | C] () -- C:\Users\David\AppData\Roaming\nvModes.001

========== ZeroAccess Check ==========

[2009/07/14 04:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 12:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 01:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/02/03 01:39:39 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\AVG10
[2012/01/27 19:19:54 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\calibre
[2012/01/27 19:19:54 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Canon
[2012/01/27 19:19:54 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\CD-LabelPrint
[2012/01/27 19:19:55 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Chilirec
[2012/01/27 19:19:57 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/01/27 19:19:57 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\DriverCure
[2013/01/30 13:55:29 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Dropbox
[2012/05/12 18:11:29 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\GARMIN
[2012/09/23 15:03:59 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\ICAClient
[2012/01/27 19:19:57 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\InterVideo
[2012/02/05 12:47:10 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\IsolatedStorage
[2012/01/27 19:20:06 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\MessengerGadget
[2012/01/27 19:20:23 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\OpenOffice.org
[2010/01/30 10:11:11 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\PeerNetworking
[2013/01/16 13:53:33 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\PrimoPDF
[2012/02/14 17:34:40 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Quo2
[2012/05/18 17:33:15 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Sony
[2012/02/05 12:44:29 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Symyx
[2012/01/31 18:14:44 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\SystemRequirementsLab
[2012/01/27 19:20:43 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Teleca
[2012/01/27 19:20:43 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Template
[2013/01/31 11:39:41 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\webex
[2012/03/06 11:28:41 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Windows Live Writer
[2012/01/27 19:20:43 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\wsInspector

========== Purity Check ==========

< End of report >


----------



## STIG_DH (Jan 25, 2013)

Kevin

I had managed to post OTL and Extras file first time. Ignore last post for OTL - its the same as on the first.

I have great difficulty in posting log files - it always appears that hitting submit then goes into a tinking session at the end of which it looks like the files haven't been sent. I then have to shut things down and pen again to test if send has been successful or not. It looked like my last effort had failed initially

David


----------



## kevinf80 (Mar 21, 2006)

OK, run this otl fix, make sure that all security is turned off first....

Re-Run







by double left click, Vista and Widows 7 users accept UAC alert.

Under the







box at the bottom, paste in the following, start with and include the colon plus OTL . *:OTL*


```
:OTL
DRV - File not found [Kernel | Disabled | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - File not found [Kernel | Disabled | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2012/10/29 11:50:33 | 000,272,216 | ---- | M] () [Kernel | Disabled | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCer berus32_43926.sys -- (RapportCerberus_43926)
DRV - [2010/09/07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/03/10 10:36:36 | 000,217,032 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\PCTCore.sys -- (PCTCore)
[2013/01/31 20:50:33 | 000,817,973 | ---- | M] () (No name found) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\wf9gy7j5.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
[2013/02/03 01:39:39 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\AVG10
:Commands
[emptytemp]
[createrestorepoint]
```

Then click







button at the top
Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
Please post that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
If you are asked to reboot the machine choose *Yes*. In this case, after the reboot, open Notepad (Start > All Programs > Accessories > Notepad), click File > Open, in the File Name box enter **.log* and press the Enter key, navigate to the *C:\_OTL\MovedFiles folder*, and open the newest *.log* file present, and copy/paste the contents of that document back here in your next post.

Kevin


----------



## STIG_DH (Jan 25, 2013)

Kevin

set up OTL as instructeded. Made a faux pas of clicking Scan first, rather than Run Fix - but performed Run Fix when scan was completed).

Had a heart stopping moment (we ca 5-10mins) when OTL was [Not Responding] - it looked on the Rapport part of the fix process. I hadn't done anything to interrupt the process.
Before I penned you a very concerned plea for help, the system picked up again, rebooted, say the transient BSOD, went into launch Start Up Repair, used a system restore point and booted up as normal (could have been shorter boot up time though).

I checked the system for any log files and found the attached under C://_OTL/MovedFiles

*02042013_083158.log*

All processes killed
========== OTL ==========
Error: Unable to stop service RapportPG!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RapportPG deleted successfully.
File C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys not found.
Error: Unable to stop service RapportEI!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RapportEI deleted successfully.
File C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys not found.
Error: Unable to stop service RapportCerberus_43926!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RapportCerberus_43926 deleted successfully.
File C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCer berus32_43926.sys not found.
Service Avgmfx86 stopped successfully!
Service Avgmfx86 deleted successfully!
C:\Windows\System32\drivers\avgmfx86.sys moved successfully.
Error: Unable to stop service PCTCore!
Unable to delete service\driver key PCTCore.
C:\Windows\System32\drivers\PCTCore.sys moved successfully.
C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\wf9gy7j5.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
C:\Users\David\AppData\Roaming\AVG10\cfgall folder moved successfully.
C:\Users\David\AppData\Roaming\AVG10 folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: David
->Temp folder emptied: 80343 bytes
->Temporary Internet Files folder emptied: 406545 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 7802185 bytes
->Google Chrome cache emptied: 58034559 bytes
->Flash cache emptied: 492 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Mcx1
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1216 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 580235 bytes

Total Files Cleaned = 64.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 02042013_083158

What have we found out? What's next?

David


----------



## kevinf80 (Mar 21, 2006)

If you experienced another BSOD can you now run BlueScreenViewer and post a log?


----------



## STIG_DH (Jan 25, 2013)

Kevin,
I'm a bit perplexed. I do see the BSOD (transiently - not long enough to pick any info of it).

I've run the BlueScreen Viewer as reported, but don't get any info back. I've attached a screen shot. 
(NB one thing I am doing different to instruction is holding all the exe files and outputs in a folder, rather than directly on desktop. Except ComboFix which is on desktop. I guessed you wanted everything on desktop as it helps in the cleanup and removal of tools. But maybe kicking off applications from within a folder rather than on desktop has more significance than I thought).

David


----------



## kevinf80 (Mar 21, 2006)

Can you navigate to this folder *C:\Windows\Minidump* open the minidump folder, are there any files inside? There should be if you experienced a BSOD. If so will be listed similar to this:

*010413-23509-01* The fist 6 digits relate to the date, can you attach the most recent dated file, you will have to zip it up first.

The file above is dated 4th January 2013. To zip up, Right click on the file > Select > send to > Compressed (zipped) folder. That will save in the same location. Attach the file to your reply...


----------



## STIG_DH (Jan 25, 2013)

I did navigate to there as well.
There was nothing in it (which is why I put the thumbnail into the last post because my observations appear to contradict what you are expecting.


----------



## kevinf80 (Mar 21, 2006)

We are trying to remove file and driver remnants with OTL, as that is done and a re-boot carried out you suffer a BSOD, that crash information information is saved either to the "Kernel memory dump" or "Small memory dump" I did give you instructions to make sure that the saved option would be "Small memory dump" When that is done BlueScreen Viewer will analyze that crash data.

If as you tell me a BSOD does happen the .dump file should show where it was instructed to be saved. As there is nothing showing in the "Minidump" folder only two reasons can be given for that. Either no BSOD happened or "Small memory dump" was not chosen and applied....

Ive attached a screen shot of the setting for the above instruction.


----------



## STIG_DH (Jan 25, 2013)

Kevin

I have copied previous instruction:

"Please download this program Blue Screen Viewer and unzip "Bluescreen View.exe" to your desktop.
Next, Select Start > Right click on "Computer" and select "Properties" select "Advanced System Settings" then "Advanced" tab. From the "Start up and Recovery" section select "settings" make sure the default folder is "%SystemRoot%\Minidump".
Go back to your desktop and double click on Bluescreen Viewer to run it, if there is any info available the program will grab the most recent. Choose save from the Toolbar and copy paste to your next reply. If there is no information available try and re-create the BSOD and try again with the tool to collect the information".

I did select %SystemRoot%\Minidump as you see from the attached, but default Start Up and Recovery highlights Kernel memory dump. I didn't know to select Small Memory Dum .

Shall I change this and rerun Bluescreen Viewer after applying Small memory dump? Or search somewhere else for a log file?

David


----------



## STIG_DH (Jan 25, 2013)

Kevin

I took the initiative of setting startup to select Small Memory Dump (128kB). Not always a good idea (me taking initiative). I then reran BlueScreen viewer.

Nothing emerged on the desktop, and when I looked in C://Windows/Minidump, I again don't find anything in there.

Hope this helps

David


----------



## STIG_DH (Jan 25, 2013)

Can you advise what I was doing to create the BSOD in the first instance? From my side it always happened after a system reboot demanded by OTL.
(I've only just figured out that if the PC is not configured correctly, then the BSOD info is not captured)

David


----------



## kevinf80 (Mar 21, 2006)

The problem creating the BSOD is the re-boot action taken by OTL to remove certain files. When we go with the OTL fix we end up with a BSOD, you continue and do a system restore, hence the file/drivers removed by OTL are back. A vicious circle...
I`d like to know exactly what what file/driver etc is causing the BSOD. If I can see a log from BlueScreen Viewer, also the zipped files from the minidump folder I may be able to find out...


----------



## STIG_DH (Jan 25, 2013)

Kevin

I have a C://Windows/MiniDump folder dated 22/01/2013 (strange - shouldn't this have been created when we used BlueScreen View a few days ago?)
It is an empty folder.

There is no log shown on the BlueScreen Viewer when I use it, but clearly there was one part of my instruction omitted.

Is BlueSreen Viewer producing any logs at all? Where can I find them?

I appreciate the (vicious) cycle we have been going through with the 'event' followed by reset. If I used code from you in OTL to trigger the 'event' again, and ran a BlueScreen Viewer with the additional setting change for Small Memory Dump (128kB) selected instead of Kernel Memory Dump, will this provide the log file we desperately need?

What do you advise I do next?

David


----------



## STIG_DH (Jan 25, 2013)

Kevin

I've done a bit of exploring on my PC for 'stuff that could be related' to what we are doing / trying to improve. As you already know, hacking around a PC probably isn't my forte.......

I have found a BCDLOG updated earlier today presumably through the boot process
I have a folder in C: drive called $AVG which has some old files in prefixed by $ again.
I also have 2 other folders in C: drive 
5e3902373cd3ca4ab4e058b014604d
3094bfb329dd152141​which both contain MRT.exe - (a malicious file I think??) - the folders have the naming structure reminiscent of something that AVG might produce?

Anything I can look for and to help your diagnostics?

David


----------



## kevinf80 (Mar 21, 2006)

BSV does not create any files, when the system suffers a crash or BSOD a .Dump file is created by Windows. To enable BlueScreen Viewer to work (Look at the .dump file) and analyze the contents it has to be saved to the minidump folder. I gave the instructions for that to happen.
Up to now you`ve reported several BSOD, unfotunately no files have been saved where we want them to go.... We make no progress with the BSOD until we find the reason...


----------



## STIG_DH (Jan 25, 2013)

OK

so I've not found not any BSOD diagnostics.
I assume you are saying that it's because Windows wasn't properly configured to save them where we want them to go, rather than that they weren't produced in the first instance? You know that I am having BSOD evens for certain?

So

if we trigger a BSOD event again through OTL (we seem to have achieved that much with ease), and with Small Memory Dump selected etc, will that achieve what you need? In which case what do i do next?

Thanks

David


----------



## kevinf80 (Mar 21, 2006)

Run OTL one more time and post fresh set of logs, i`ll see if PCTools etc are back. If so we do a fix, probably will result in BSOD.
If we do get a ne BSOD i`d like a BSV log and also zip and attach the file from C:\Windows\Minidump folder...


----------



## STIG_DH (Jan 25, 2013)

Kevin

log files for OTL and Extras appended below.

In preparation for an OTL fix, (presumably followed by a BSOD event), I've included a thumbnail for my Start and Recovery control panel. Please check it's ok to apply for BSV to run successfully (I have 'automatic start' checked which is different to the thumbnail you provided).

Backl early Tues evening now

Thanks again

David

*OTL (4) log file*

OTL logfile created on: 04/02/2013 22:06:29 - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\David\Documents\Desktop Computer\Malware removal Jan-13
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.07 Gb Available Physical Memory | 53.29% Memory free
4.00 Gb Paging File | 2.13 Gb Available in Paging File | 53.30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 454.80 Gb Total Space | 304.79 Gb Free Space | 67.02% Space Free | Partition Type: NTFS

Computer Name: DAVID-PC | User Name: David | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/30 08:27:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\David\My Documents\Desktop Computer\Malware removal Jan-13\OTL.exe
PRC - [2013/01/26 02:35:08 | 001,248,208 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2012/12/18 14:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/11/30 02:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012/11/29 20:33:04 | 000,232,608 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
PRC - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012/11/23 02:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/10/30 22:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/10/30 22:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/10/26 10:33:12 | 001,038,496 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
PRC - [2012/10/26 09:44:42 | 000,957,056 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update\VUAgent.exe
PRC - [2011/03/10 00:50:38 | 000,565,248 | ---- | M] (Microsoft) -- C:\Program Files\Hobbyist Software\Off-Helper\Off-Helper Configuration.exe
PRC - [2011/03/10 00:17:10 | 000,006,656 | ---- | M] (Microsoft) -- C:\Program Files\Hobbyist Software\Off-Helper\Off-Helper Service.exe
PRC - [2011/02/25 05:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/05/20 16:15:00 | 000,110,736 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2010/03/11 14:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2009/10/29 10:11:16 | 000,239,248 | ---- | M] (PacketVideo) -- C:\Program Files\PURE Flow Server\twonkymediaserverwatchdog.exe
PRC - [2009/10/29 10:11:12 | 000,665,232 | ---- | M] () -- C:\Program Files\PURE Flow Server\twonkymediaserver.exe
PRC - [2009/03/05 18:41:58 | 005,189,992 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
PRC - [2008/11/03 15:01:44 | 000,299,008 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Network Utility\NSUService.exe
PRC - [2007/11/09 17:34:28 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe
PRC - [2007/10/27 00:22:47 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/09/10 23:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
PRC - [2007/08/15 04:05:18 | 000,182,392 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2007/08/15 04:05:18 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe

========== Modules (No Company Name) ==========

MOD - [2013/01/26 02:35:06 | 000,460,240 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.57\ppgooglenaclpluginchrome.dll
MOD - [2013/01/26 02:35:05 | 012,459,472 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll
MOD - [2013/01/26 02:35:04 | 004,012,496 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.57\pdf.dll
MOD - [2013/01/26 02:34:19 | 000,597,968 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.57\libglesv2.dll
MOD - [2013/01/26 02:34:18 | 000,124,368 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.57\libegl.dll
MOD - [2013/01/26 02:34:16 | 001,552,848 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.57\ffmpegsumo.dll
MOD - [2013/01/11 10:18:21 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll
MOD - [2013/01/11 10:17:52 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll
MOD - [2013/01/11 10:17:12 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\68f617caf670fefc0be769a294dc4ffd\System.ServiceProcess.ni.dll
MOD - [2013/01/11 10:16:25 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013/01/11 10:15:20 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll
MOD - [2013/01/11 10:11:41 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll
MOD - [2013/01/11 10:09:32 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/01/11 10:09:04 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll
MOD - [2013/01/11 10:08:45 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013/01/11 10:08:32 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/01/11 10:08:12 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013/01/11 10:05:42 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/11 10:05:17 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll

========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2013/01/20 13:47:32 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/01/19 10:24:32 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/12/18 14:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2012/11/09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/10/30 22:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/10/26 09:44:42 | 000,957,056 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Update\VUAgent.exe -- (VUAgent)
SRV - [2012/01/28 06:21:35 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012/01/18 13:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2011/03/10 00:17:10 | 000,006,656 | ---- | M] (Microsoft) [Auto | Running] -- C:\Program Files\Hobbyist Software\Off-Helper\Off-Helper Service.exe -- (Off-Helper)
SRV - [2010/05/20 16:15:00 | 000,110,736 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2010/05/10 10:33:42 | 000,110,592 | ---- | M] (WDC) [Disabled | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2010/05/10 10:32:36 | 001,858,048 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME)
SRV - [2010/05/10 10:32:06 | 000,482,304 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC)
SRV - [2010/03/11 14:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009/10/29 10:11:16 | 000,239,248 | ---- | M] (PacketVideo) [Auto | Running] -- C:\Program Files\PURE Flow Server\twonkymediaserverwatchdog.exe -- (PURE Flow Server)
SRV - [2009/09/08 17:09:14 | 000,083,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper)
SRV - [2009/07/14 01:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 01:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/05/30 10:49:55 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/03/05 18:47:40 | 000,313,264 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2009/03/05 18:47:40 | 000,192,512 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2009/03/05 18:47:40 | 000,069,632 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2009/03/05 18:41:58 | 005,189,992 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2008/11/03 15:01:44 | 000,299,008 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\Network Utility\NSUService.exe -- (NSUService)
SRV - [2007/11/09 17:34:28 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe -- (uCamMonitor)
SRV - [2007/10/27 00:22:47 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/09/10 23:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2007/08/15 04:05:18 | 000,182,392 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2007/06/20 22:35:06 | 002,523,136 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2007/06/20 22:34:52 | 000,499,712 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2007/06/20 22:34:50 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-UCLS-UPnP)
SRV - [2007/06/20 22:34:50 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP)
SRV - [2007/06/20 22:34:50 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-UCLS-HTTP)
SRV - [2007/06/20 22:34:50 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP)
SRV - [2007/01/10 23:51:06 | 000,745,472 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe -- (VAIOMediaPlatform-UCLS-AppServer)
SRV - [2006/12/14 09:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 09:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 08:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\David\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/10/30 22:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/10/30 22:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/10/30 22:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/10/30 22:51:57 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/10/30 22:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/10/15 16:59:28 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2012/08/09 13:55:05 | 000,025,200 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2012/08/09 13:55:05 | 000,012,400 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2011/10/07 17:52:18 | 000,021,504 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0)
DRV - [2010/11/20 10:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 09:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/09/07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/03/10 10:36:36 | 000,217,032 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/10/05 09:08:42 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2009/07/13 22:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/13 22:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2008/05/06 15:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2007/12/20 15:52:06 | 000,017,408 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV - [2007/11/23 14:59:43 | 000,841,472 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVerM115S.sys -- (AVerM115S)
DRV - [2007/11/08 03:04:27 | 000,073,472 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FLx86.sys -- (R5U870FLx86)
DRV - [2007/11/08 03:04:27 | 000,043,904 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FUx86.sys -- (R5U870FUx86)
DRV - [2007/11/07 00:16:12 | 007,626,400 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/10/27 00:22:55 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/09/20 00:12:57 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/09/19 21:38:18 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
DRV - [2007/08/29 01:58:45 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
DRV - [2007/06/06 00:00:39 | 000,812,544 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2007/05/26 08:03:06 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2007/04/24 08:33:46 | 000,100,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125mgmt.sys -- (s125mgmt)
DRV - [2007/04/24 08:33:46 | 000,098,696 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125obex.sys -- (s125obex)
DRV - [2007/04/24 08:33:44 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125mdm.sys -- (s125mdm)
DRV - [2007/04/24 08:33:42 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125mdfl.sys -- (s125mdfl)
DRV - [2007/04/24 08:33:34 | 000,083,336 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125bus.sys -- (s125bus)
DRV - [2007/04/17 20:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{8D835501-C37D-4043-AD6C-A23EB260A8CD}: "URL" = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\..\SearchScopes\{8D835501-C37D-4043-AD6C-A23EB260A8CD}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GPEA_en-GB
IE - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\..\SearchScopes\{D8B9925B-7A40-427C-A6EA-191BC3A43307}: "URL" = http://uk.ask.com/web?q={searchTerms}&qsrc=0&o=0&l=dir&dm=all
IE - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: %7B195A3098-0BD5-4e90-AE22-BA1C540AFD1E%7D:4.0.4
FF - prefs.js..extensions.enabledAddons: %7BE0B8C461-F8FB-49b4-8373-FE32E9252800%7D:5.4.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/11/20 08:34:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/01/16 11:18:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/01/16 11:18:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/19 10:24:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/01/19 10:24:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/19 10:24:34 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/01/19 10:24:22 | 000,000,000 | ---D | M]

[2012/01/27 19:20:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\David\AppData\Roaming\Mozilla\Extensions
[2013/01/31 20:50:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\wf9gy7j5.default\extensions
[2012/12/01 13:19:35 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\wf9gy7j5.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2012/01/27 19:20:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\wf9gy7j5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/01/27 19:20:20 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\wf9gy7j5.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2013/01/14 17:09:38 | 000,000,000 | ---D | M] (Evernote Web Clipper) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\wf9gy7j5.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
[2012/02/10 15:52:35 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\wf9gy7j5.default\extensions\[email protected]
[2013/01/14 18:31:15 | 000,579,823 | ---- | M] () (No name found) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\wf9gy7j5.default\extensions\{6C4BAFB6-2AC2-4405-A98D-546B55B3AE92}.xpi
[2013/01/19 10:24:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/01/19 10:24:33 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/03/10 23:01:02 | 000,124,272 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CCMSDK.dll
[2010/03/10 23:02:52 | 000,070,512 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2010/03/10 23:01:48 | 000,091,504 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
[2010/03/10 23:01:24 | 000,022,384 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
[2008/06/19 09:16:24 | 000,118,784 | ---- | M] (CANON INC.) -- C:\Program Files\mozilla firefox\plugins\MyCamera.dll
[2008/06/19 09:16:24 | 000,053,248 | ---- | M] (CANON INC.) -- C:\Program Files\mozilla firefox\plugins\NPCIG.dll
[2010/03/10 23:40:56 | 000,423,248 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
[2013/01/16 11:17:26 | 000,124,056 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2010/03/10 23:02:48 | 000,023,920 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll

========== Chrome ==========

CHR - homepage: http://www.bbc.co.uk/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.bbc.co.uk/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Canon Online Photo Plugin Module (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPCIG.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Users\David\AppData\Roaming\Mozilla\plugins\npatgpc.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll
CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\Mozilla Plugins\npitunes.dll
CHR - plugin: Media Go Detector (Enabled) = C:\Program Files\Sony\Media Go\npmediago.dll
CHR - plugin: PlayStation(R)Network Downloader Check Plug-in (Enabled) = C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Drive = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Kingdom Rush = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckmfhhjalnddapegkbbohfaodgbnocim\1.0.7.3_0\
CHR - Extension: Google Search = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
CHR - Extension: RealDownloader = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0\
CHR - Extension: Wave theme = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgahidbcmoibbodajeakkjpocflpnad\1.32_0\
CHR - Extension: SlideRocket = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\omeengfjefdmhnkojnfmncpfdbhnecea\2.0.2_0\
CHR - Extension: Evernote Web Clipper = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\5.9.5_0\
CHR - Extension: Gmail = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/01/31 19:09:59 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Evernote extension) - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google BAE\BAE.dll (Your Company Name)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Hobbyist Software On-Off Helper] C:\Program Files\Hobbyist Software\Off-Helper\Off-Helper Configuration.exe (Microsoft)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Evernote 4 - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: New Note - C:\Program Files\Evernote\Evernote\\EvernoteIERes\NewNote.html ()
O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Java Plug-in 10.11.2)
O16 - DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Java Plug-in 1.7.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Java Plug-in 1.7.0_11)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B8E8EBE0-C1DD-4A83-86D6-F9C48AD53AA8}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B8E8EBE0-C1DD-4A83-86D6-F9C48AD53AA8}: NameServer = 192.168.2.1,89.16.173.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C2AADC08-9101-4CD2-9A9F-4AEA51038AE5}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Backgrounds\01931_desertsunlight_1920x1080.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Backgrounds\01931_desertsunlight_1920x1080.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\...com [@ = ComFile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/04 10:17:20 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\WinZip Courier
[2013/02/03 21:41:10 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/02/03 09:32:34 | 000,261,024 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/02/02 17:26:52 | 000,000,000 | ---D | C] -- C:\_OTM
[2013/01/31 20:24:55 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZipEC
[2013/01/31 20:24:47 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\assembly
[2013/01/31 19:10:21 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/01/31 19:06:23 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/01/31 19:06:23 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\temp
[2013/01/31 08:38:45 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/01/31 08:38:45 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/01/31 08:38:45 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/01/31 08:38:33 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/01/31 08:37:56 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/01/31 07:52:27 | 005,029,270 | R--- | C] (Swearware) -- C:\Users\David\Desktop\ComboFix.exe
[2013/01/30 11:30:44 | 000,000,000 | ---D | C] -- C:\Users\David\Documents\mbar-1.01.0.1017
[2013/01/30 10:26:30 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/01/29 19:48:16 | 000,000,000 | ---D | C] -- C:\Users\David\Desktop\RK_Quarantine
[2013/01/29 18:40:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
[2013/01/26 18:27:40 | 000,000,000 | ---D | C] -- C:\Users\David\Documents\AstraZeneca Employment
[2013/01/25 15:41:52 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\WinZip
[2013/01/25 15:41:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2013/01/25 15:40:52 | 000,000,000 | ---D | C] -- C:\Users\David\Documents\Add-in Express
[2013/01/25 15:40:30 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2013/01/25 15:40:10 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2013/01/24 11:09:17 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\Programs
[2013/01/21 19:11:15 | 000,000,000 | ---D | C] -- C:\Users\David\Documents\Sony
[2013/01/20 13:42:06 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/01/20 13:42:06 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/01/20 13:42:06 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/01/19 10:24:08 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/01/16 11:18:56 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\RealNetworks
[2013/01/16 11:18:04 | 000,000,000 | ---D | C] -- C:\Program Files\RealNetworks
[2013/01/16 11:17:59 | 000,000,000 | ---D | C] -- C:\ProgramData\RealNetworks
[2013/01/16 11:17:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2013/01/16 11:17:37 | 000,201,424 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2013/01/16 11:17:20 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2013/01/16 11:17:20 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2013/01/16 11:17:19 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
[2013/01/16 11:17:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
[2013/01/16 11:12:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2013/01/09 12:39:37 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/01/09 12:38:55 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2013/01/09 12:38:55 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013/01/09 12:38:51 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2013/01/09 12:38:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/01/09 12:38:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2013/01/09 12:38:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/01/09 12:38:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2013/01/09 12:38:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2013/01/09 12:38:47 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2013/01/09 12:38:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/01/09 12:38:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2013/01/09 12:38:46 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2013/01/09 12:38:46 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2013/01/09 12:38:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/01/09 12:38:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2013/01/09 12:38:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/09 12:38:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2013/01/09 12:38:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2013/01/09 12:38:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2013/01/09 12:38:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2013/01/09 12:38:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2013/01/09 12:38:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2013/01/09 12:38:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2013/01/09 12:38:42 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2013/01/09 12:38:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2013/01/09 12:38:41 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2013/01/09 12:38:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2013/01/09 12:38:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/01/09 12:38:38 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2013/01/09 12:38:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2013/01/09 12:37:43 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\System32\oflc-nz.rs
[2013/01/09 12:37:43 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\System32\csrr.rs
[2013/01/09 12:37:42 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\System32\fpb.rs
[2013/01/09 12:37:42 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\System32\cob-au.rs
[2013/01/09 12:37:41 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\System32\pegibbfc.rs
[2013/01/09 12:37:41 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\System32\usk.rs
[2013/01/09 12:37:41 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\System32\djctq.rs
[2013/01/09 12:37:40 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\System32\grb.rs
[2013/01/09 12:37:39 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi-pt.rs
[2013/01/09 12:37:39 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi.rs
[2013/01/09 12:37:38 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2013/01/09 12:37:36 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wpc.dll
[2013/01/09 12:37:24 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\System32\esrb.rs
[2013/01/09 12:37:21 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi-fi.rs
[2013/01/09 12:37:20 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\System32\oflc.rs
[2013/01/09 12:37:19 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\System32\cero.rs
[2013/01/09 12:36:32 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2013/01/09 12:36:28 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
[2012/01/16 17:22:16 | 000,293,736 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesOutlookAddIn.dll
[2012/01/16 17:22:12 | 000,421,736 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesHelper.exe
[2012/01/16 17:22:12 | 000,403,304 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesAdmin.dll
[2012/01/16 17:22:12 | 000,156,520 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesHelper.dll
[2012/01/16 17:22:12 | 000,124,776 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesMiniPlayer.dll
[2012/01/16 17:22:08 | 009,777,000 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunes.exe
[2012/01/16 17:22:04 | 020,868,968 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunes.dll
[2012/01/16 17:22:02 | 003,035,520 | ---- | C] (Gracenote, Inc.) -- C:\Program Files\gnsdk_dsp.dll
[2012/01/16 17:22:02 | 002,010,984 | ---- | C] (Apple Inc.) -- C:\Program Files\iPodUpdaterExt.dll
[2012/01/16 17:22:02 | 000,803,200 | ---- | C] (Gracenote, Inc.) -- C:\Program Files\gnsdk_sdkmanager.dll
[2012/01/16 17:22:02 | 000,287,104 | ---- | C] (Gracenote, Inc.) -- C:\Program Files\gnsdk_submit.dll
[2012/01/16 17:22:02 | 000,246,144 | ---- | C] (Gracenote, Inc.) -- C:\Program Files\gnsdk_musicid.dll
[2011/11/14 20:16:44 | 000,112,488 | ---- | C] (Apple Inc.) -- C:\Program Files\ITDetector.ocx

========== Files - Modified Within 30 Days ==========

[2013/02/04 22:03:05 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/04 22:02:57 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/02/04 22:02:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/04 12:07:38 | 000,009,728 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/04 12:07:38 | 000,009,728 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/04 11:25:05 | 000,056,992 | ---- | M] () -- C:\Users\David\Desktop\Startup and Recovery.png
[2013/02/04 10:52:00 | 000,000,820 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2013/02/04 09:46:39 | 000,236,118 | ---- | M] () -- C:\Users\David\Desktop\BlueScreenViewer.png
[2013/02/04 08:52:40 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/04 08:52:06 | 1609,375,744 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/02 17:47:14 | 000,002,039 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/02/02 17:47:11 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013/02/02 06:34:23 | 000,185,564 | ---- | M] () -- C:\Users\David\Desktop\Chrome - WTM several minutes later.png
[2013/01/31 22:57:04 | 000,007,607 | ---- | M] () -- C:\Users\David\AppData\Local\Resmon.ResmonCfg
[2013/01/31 19:09:59 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/01/31 18:32:46 | 005,029,270 | R--- | M] (Swearware) -- C:\Users\David\Desktop\ComboFix.exe
[2013/01/30 20:38:19 | 000,041,799 | ---- | M] () -- C:\Users\David\AppData\Roaming\nvModes.dat
[2013/01/30 20:38:17 | 000,041,799 | ---- | M] () -- C:\Users\David\AppData\Roaming\nvModes.001
[2013/01/29 16:59:11 | 000,000,115 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013/01/26 18:18:16 | 000,639,696 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/01/26 18:18:16 | 000,115,078 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/01/25 15:41:22 | 000,002,281 | ---- | M] () -- C:\Users\Public\Desktop\WinZip.lnk
[2013/01/24 11:44:33 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/20 13:47:29 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/01/20 13:47:29 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/01/20 13:47:14 | 015,739,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe
[2013/01/20 13:30:53 | 000,002,205 | ---- | M] () -- C:\Users\David\Desktop\Google Chrome.lnk
[2013/01/19 11:25:19 | 000,000,963 | ---- | M] () -- C:\Users\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/01/17 01:28:58 | 000,232,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2013/01/16 11:18:16 | 000,001,016 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2013/01/16 11:17:37 | 000,201,424 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2013/01/16 11:17:20 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2013/01/16 11:17:20 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2013/01/16 11:17:19 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
[2013/01/12 03:30:20 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/01/12 03:26:19 | 000,261,024 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/01/12 03:26:16 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/01/12 03:24:49 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/01/11 10:09:46 | 000,001,017 | ---- | M] () -- C:\Users\David\Desktop\Dropbox.lnk
[2013/01/11 09:59:01 | 000,484,480 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2013/02/04 11:25:05 | 000,056,992 | ---- | C] () -- C:\Users\David\Desktop\Startup and Recovery.png
[2013/02/04 09:46:39 | 000,236,118 | ---- | C] () -- C:\Users\David\Desktop\BlueScreenViewer.png
[2013/02/02 06:34:23 | 000,185,564 | ---- | C] () -- C:\Users\David\Desktop\Chrome - WTM several minutes later.png
[2013/01/31 08:38:45 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/01/31 08:38:45 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/01/31 08:38:45 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/01/31 08:38:45 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/01/31 08:38:45 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/01/29 16:58:45 | 000,000,115 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013/01/25 15:41:22 | 000,002,281 | ---- | C] () -- C:\Users\Public\Desktop\WinZip.lnk
[2013/01/24 11:44:33 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/20 13:38:04 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/20 13:27:36 | 000,007,607 | ---- | C] () -- C:\Users\David\AppData\Local\Resmon.ResmonCfg
[2013/01/16 11:18:16 | 000,001,016 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2012/01/27 19:49:01 | 000,021,924 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2011/11/14 20:15:32 | 000,064,083 | ---- | C] () -- C:\Program Files\Acknowledgements.rtf
[2011/04/30 07:27:36 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/04/30 07:27:36 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2010/01/30 10:11:12 | 000,025,773 | ---- | C] () -- C:\Users\David\AppData\Roaming\UserTile.png
[2009/12/08 21:14:18 | 000,000,255 | ---- | C] () -- C:\Users\David\SyncDocs.conf
[2009/03/13 16:51:59 | 000,003,272 | ---- | C] () -- C:\Users\David\TutorialOpen.xba
[2008/10/22 14:33:00 | 000,001,414 | ---- | C] () -- C:\Users\David\AppData\Roaming\wklnhst.dat
[2008/10/04 21:22:58 | 000,041,799 | ---- | C] () -- C:\Users\David\AppData\Roaming\nvModes.dat
[2008/10/04 21:22:58 | 000,041,799 | ---- | C] () -- C:\Users\David\AppData\Roaming\nvModes.001

========== ZeroAccess Check ==========

[2009/07/14 04:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 12:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 01:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/02/04 16:50:39 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\AVG10
[2012/01/27 19:19:54 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\calibre
[2012/01/27 19:19:54 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Canon
[2012/01/27 19:19:54 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\CD-LabelPrint
[2012/01/27 19:19:55 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Chilirec
[2012/01/27 19:19:57 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/01/27 19:19:57 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\DriverCure
[2013/01/30 13:55:29 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Dropbox
[2012/05/12 18:11:29 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\GARMIN
[2012/09/23 15:03:59 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\ICAClient
[2012/01/27 19:19:57 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\InterVideo
[2012/02/05 12:47:10 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\IsolatedStorage
[2012/01/27 19:20:06 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\MessengerGadget
[2012/01/27 19:20:23 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\OpenOffice.org
[2010/01/30 10:11:11 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\PeerNetworking
[2013/01/16 13:53:33 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\PrimoPDF
[2012/02/14 17:34:40 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Quo2
[2012/05/18 17:33:15 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Sony
[2012/02/05 12:44:29 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Symyx
[2012/01/31 18:14:44 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\SystemRequirementsLab
[2012/01/27 19:20:43 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Teleca
[2012/01/27 19:20:43 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Template
[2013/01/31 11:39:41 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\webex
[2012/03/06 11:28:41 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Windows Live Writer
[2012/01/27 19:20:43 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\wsInspector

========== Purity Check ==========

< End of report >

*Extras (4) log file*

OTL logfile created on: 04/02/2013 22:06:29 - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\David\Documents\Desktop Computer\Malware removal Jan-13
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.07 Gb Available Physical Memory | 53.29% Memory free
4.00 Gb Paging File | 2.13 Gb Available in Paging File | 53.30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 454.80 Gb Total Space | 304.79 Gb Free Space | 67.02% Space Free | Partition Type: NTFS

Computer Name: DAVID-PC | User Name: David | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/30 08:27:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\David\My Documents\Desktop Computer\Malware removal Jan-13\OTL.exe
PRC - [2013/01/26 02:35:08 | 001,248,208 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2012/12/18 14:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/11/30 02:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012/11/29 20:33:04 | 000,232,608 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
PRC - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012/11/23 02:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/10/30 22:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/10/30 22:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/10/26 10:33:12 | 001,038,496 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
PRC - [2012/10/26 09:44:42 | 000,957,056 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update\VUAgent.exe
PRC - [2011/03/10 00:50:38 | 000,565,248 | ---- | M] (Microsoft) -- C:\Program Files\Hobbyist Software\Off-Helper\Off-Helper Configuration.exe
PRC - [2011/03/10 00:17:10 | 000,006,656 | ---- | M] (Microsoft) -- C:\Program Files\Hobbyist Software\Off-Helper\Off-Helper Service.exe
PRC - [2011/02/25 05:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/05/20 16:15:00 | 000,110,736 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2010/03/11 14:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2009/10/29 10:11:16 | 000,239,248 | ---- | M] (PacketVideo) -- C:\Program Files\PURE Flow Server\twonkymediaserverwatchdog.exe
PRC - [2009/10/29 10:11:12 | 000,665,232 | ---- | M] () -- C:\Program Files\PURE Flow Server\twonkymediaserver.exe
PRC - [2009/03/05 18:41:58 | 005,189,992 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
PRC - [2008/11/03 15:01:44 | 000,299,008 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Network Utility\NSUService.exe
PRC - [2007/11/09 17:34:28 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe
PRC - [2007/10/27 00:22:47 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/09/10 23:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
PRC - [2007/08/15 04:05:18 | 000,182,392 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2007/08/15 04:05:18 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe

========== Modules (No Company Name) ==========

MOD - [2013/01/26 02:35:06 | 000,460,240 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.57\ppgooglenaclpluginchrome.dll
MOD - [2013/01/26 02:35:05 | 012,459,472 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll
MOD - [2013/01/26 02:35:04 | 004,012,496 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.57\pdf.dll
MOD - [2013/01/26 02:34:19 | 000,597,968 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.57\libglesv2.dll
MOD - [2013/01/26 02:34:18 | 000,124,368 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.57\libegl.dll
MOD - [2013/01/26 02:34:16 | 001,552,848 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\24.0.1312.57\ffmpegsumo.dll
MOD - [2013/01/11 10:18:21 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll
MOD - [2013/01/11 10:17:52 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll
MOD - [2013/01/11 10:17:12 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\68f617caf670fefc0be769a294dc4ffd\System.ServiceProcess.ni.dll
MOD - [2013/01/11 10:16:25 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013/01/11 10:15:20 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll
MOD - [2013/01/11 10:11:41 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll
MOD - [2013/01/11 10:09:32 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/01/11 10:09:04 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll
MOD - [2013/01/11 10:08:45 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013/01/11 10:08:32 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/01/11 10:08:12 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013/01/11 10:05:42 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/11 10:05:17 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll

========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2013/01/20 13:47:32 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/01/19 10:24:32 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/12/18 14:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/11/29 20:31:04 | 000,038,608 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2012/11/09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/10/30 22:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/10/26 09:44:42 | 000,957,056 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Update\VUAgent.exe -- (VUAgent)
SRV - [2012/01/28 06:21:35 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012/01/18 13:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2011/03/10 00:17:10 | 000,006,656 | ---- | M] (Microsoft) [Auto | Running] -- C:\Program Files\Hobbyist Software\Off-Helper\Off-Helper Service.exe -- (Off-Helper)
SRV - [2010/05/20 16:15:00 | 000,110,736 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2010/05/10 10:33:42 | 000,110,592 | ---- | M] (WDC) [Disabled | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2010/05/10 10:32:36 | 001,858,048 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME)
SRV - [2010/05/10 10:32:06 | 000,482,304 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC)
SRV - [2010/03/11 14:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009/10/29 10:11:16 | 000,239,248 | ---- | M] (PacketVideo) [Auto | Running] -- C:\Program Files\PURE Flow Server\twonkymediaserverwatchdog.exe -- (PURE Flow Server)
SRV - [2009/09/08 17:09:14 | 000,083,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper)
SRV - [2009/07/14 01:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 01:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/05/30 10:49:55 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/03/05 18:47:40 | 000,313,264 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2009/03/05 18:47:40 | 000,192,512 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2009/03/05 18:47:40 | 000,069,632 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2009/03/05 18:41:58 | 005,189,992 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2008/11/03 15:01:44 | 000,299,008 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\Network Utility\NSUService.exe -- (NSUService)
SRV - [2007/11/09 17:34:28 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe -- (uCamMonitor)
SRV - [2007/10/27 00:22:47 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/09/10 23:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2007/08/15 04:05:18 | 000,182,392 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2007/06/20 22:35:06 | 002,523,136 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2007/06/20 22:34:52 | 000,499,712 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2007/06/20 22:34:50 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-UCLS-UPnP)
SRV - [2007/06/20 22:34:50 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP)
SRV - [2007/06/20 22:34:50 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-UCLS-HTTP)
SRV - [2007/06/20 22:34:50 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP)
SRV - [2007/01/10 23:51:06 | 000,745,472 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe -- (VAIOMediaPlatform-UCLS-AppServer)
SRV - [2006/12/14 09:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 09:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 08:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\David\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/10/30 22:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/10/30 22:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/10/30 22:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/10/30 22:51:57 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/10/30 22:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/10/15 16:59:28 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2012/08/09 13:55:05 | 000,025,200 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2012/08/09 13:55:05 | 000,012,400 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt)
DRV - [2011/10/07 17:52:18 | 000,021,504 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0)
DRV - [2010/11/20 10:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 09:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/09/07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/03/10 10:36:36 | 000,217,032 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/10/05 09:08:42 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2009/07/13 22:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/13 22:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2008/05/06 15:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2007/12/20 15:52:06 | 000,017,408 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV - [2007/11/23 14:59:43 | 000,841,472 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVerM115S.sys -- (AVerM115S)
DRV - [2007/11/08 03:04:27 | 000,073,472 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FLx86.sys -- (R5U870FLx86)
DRV - [2007/11/08 03:04:27 | 000,043,904 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FUx86.sys -- (R5U870FUx86)
DRV - [2007/11/07 00:16:12 | 007,626,400 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/10/27 00:22:55 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/09/20 00:12:57 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/09/19 21:38:18 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
DRV - [2007/08/29 01:58:45 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
DRV - [2007/06/06 00:00:39 | 000,812,544 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2007/05/26 08:03:06 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2007/04/24 08:33:46 | 000,100,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125mgmt.sys -- (s125mgmt)
DRV - [2007/04/24 08:33:46 | 000,098,696 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125obex.sys -- (s125obex)
DRV - [2007/04/24 08:33:44 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125mdm.sys -- (s125mdm)
DRV - [2007/04/24 08:33:42 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125mdfl.sys -- (s125mdfl)
DRV - [2007/04/24 08:33:34 | 000,083,336 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s125bus.sys -- (s125bus)
DRV - [2007/04/17 20:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{8D835501-C37D-4043-AD6C-A23EB260A8CD}: "URL" = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\..\SearchScopes\{8D835501-C37D-4043-AD6C-A23EB260A8CD}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GPEA_en-GB
IE - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\..\SearchScopes\{D8B9925B-7A40-427C-A6EA-191BC3A43307}: "URL" = http://uk.ask.com/web?q={searchTerms}&qsrc=0&o=0&l=dir&dm=all
IE - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: %7B195A3098-0BD5-4e90-AE22-BA1C540AFD1E%7D:4.0.4
FF - prefs.js..extensions.enabledAddons: %7BE0B8C461-F8FB-49b4-8373-FE32E9252800%7D:5.4.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/11/20 08:34:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/01/16 11:18:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/01/16 11:18:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/19 10:24:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/01/19 10:24:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/19 10:24:34 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/01/19 10:24:22 | 000,000,000 | ---D | M]

[2012/01/27 19:20:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\David\AppData\Roaming\Mozilla\Extensions
[2013/01/31 20:50:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\wf9gy7j5.default\extensions
[2012/12/01 13:19:35 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\wf9gy7j5.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2012/01/27 19:20:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\wf9gy7j5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/01/27 19:20:20 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\wf9gy7j5.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2013/01/14 17:09:38 | 000,000,000 | ---D | M] (Evernote Web Clipper) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\wf9gy7j5.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
[2012/02/10 15:52:35 | 000,000,000 | ---D | M] (Cooliris) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\wf9gy7j5.default\extensions\[email protected]
[2013/01/14 18:31:15 | 000,579,823 | ---- | M] () (No name found) -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\wf9gy7j5.default\extensions\{6C4BAFB6-2AC2-4405-A98D-546B55B3AE92}.xpi
[2013/01/19 10:24:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/01/19 10:24:33 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/03/10 23:01:02 | 000,124,272 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CCMSDK.dll
[2010/03/10 23:02:52 | 000,070,512 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll
[2010/03/10 23:01:48 | 000,091,504 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\confmgr.dll
[2010/03/10 23:01:24 | 000,022,384 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll
[2008/06/19 09:16:24 | 000,118,784 | ---- | M] (CANON INC.) -- C:\Program Files\mozilla firefox\plugins\MyCamera.dll
[2008/06/19 09:16:24 | 000,053,248 | ---- | M] (CANON INC.) -- C:\Program Files\mozilla firefox\plugins\NPCIG.dll
[2010/03/10 23:40:56 | 000,423,248 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll
[2013/01/16 11:17:26 | 000,124,056 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2010/03/10 23:02:48 | 000,023,920 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll

========== Chrome ==========

CHR - homepage: http://www.bbc.co.uk/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.bbc.co.uk/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Canon Online Photo Plugin Module (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPCIG.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Users\David\AppData\Roaming\Mozilla\plugins\npatgpc.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll
CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\Mozilla Plugins\npitunes.dll
CHR - plugin: Media Go Detector (Enabled) = C:\Program Files\Sony\Media Go\npmediago.dll
CHR - plugin: PlayStation(R)Network Downloader Check Plug-in (Enabled) = C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Google Drive = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Kingdom Rush = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckmfhhjalnddapegkbbohfaodgbnocim\1.0.7.3_0\
CHR - Extension: Google Search = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
CHR - Extension: RealDownloader = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0\
CHR - Extension: Wave theme = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgahidbcmoibbodajeakkjpocflpnad\1.32_0\
CHR - Extension: SlideRocket = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\omeengfjefdmhnkojnfmncpfdbhnecea\2.0.2_0\
CHR - Extension: Evernote Web Clipper = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\5.9.5_0\
CHR - Extension: Gmail = C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/01/31 19:09:59 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Evernote extension) - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google BAE\BAE.dll (Your Company Name)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Hobbyist Software On-Off Helper] C:\Program Files\Hobbyist Software\Off-Helper\Off-Helper Configuration.exe (Microsoft)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Evernote 4 - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: New Note - C:\Program Files\Evernote\Evernote\\EvernoteIERes\NewNote.html ()
O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Java Plug-in 10.11.2)
O16 - DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Java Plug-in 1.7.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Java Plug-in 1.7.0_11)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B8E8EBE0-C1DD-4A83-86D6-F9C48AD53AA8}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B8E8EBE0-C1DD-4A83-86D6-F9C48AD53AA8}: NameServer = 192.168.2.1,89.16.173.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C2AADC08-9101-4CD2-9A9F-4AEA51038AE5}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Backgrounds\01931_desertsunlight_1920x1080.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Backgrounds\01931_desertsunlight_1920x1080.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-3695665762-3537947497-2156790703-1000\...com [@ = ComFile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/04 10:17:20 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\WinZip Courier
[2013/02/03 21:41:10 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/02/03 09:32:34 | 000,261,024 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/02/02 17:26:52 | 000,000,000 | ---D | C] -- C:\_OTM
[2013/01/31 20:24:55 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZipEC
[2013/01/31 20:24:47 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\assembly
[2013/01/31 19:10:21 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/01/31 19:06:23 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/01/31 19:06:23 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\temp
[2013/01/31 08:38:45 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/01/31 08:38:45 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/01/31 08:38:45 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/01/31 08:38:33 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/01/31 08:37:56 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/01/31 07:52:27 | 005,029,270 | R--- | C] (Swearware) -- C:\Users\David\Desktop\ComboFix.exe
[2013/01/30 11:30:44 | 000,000,000 | ---D | C] -- C:\Users\David\Documents\mbar-1.01.0.1017
[2013/01/30 10:26:30 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/01/29 19:48:16 | 000,000,000 | ---D | C] -- C:\Users\David\Desktop\RK_Quarantine
[2013/01/29 18:40:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
[2013/01/26 18:27:40 | 000,000,000 | ---D | C] -- C:\Users\David\Documents\AstraZeneca Employment
[2013/01/25 15:41:52 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\WinZip
[2013/01/25 15:41:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2013/01/25 15:40:52 | 000,000,000 | ---D | C] -- C:\Users\David\Documents\Add-in Express
[2013/01/25 15:40:30 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2013/01/25 15:40:10 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2013/01/24 11:09:17 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\Programs
[2013/01/21 19:11:15 | 000,000,000 | ---D | C] -- C:\Users\David\Documents\Sony
[2013/01/20 13:42:06 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/01/20 13:42:06 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/01/20 13:42:06 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/01/19 10:24:08 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/01/16 11:18:56 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\RealNetworks
[2013/01/16 11:18:04 | 000,000,000 | ---D | C] -- C:\Program Files\RealNetworks
[2013/01/16 11:17:59 | 000,000,000 | ---D | C] -- C:\ProgramData\RealNetworks
[2013/01/16 11:17:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2013/01/16 11:17:37 | 000,201,424 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2013/01/16 11:17:20 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2013/01/16 11:17:20 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2013/01/16 11:17:19 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
[2013/01/16 11:17:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
[2013/01/16 11:12:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2013/01/09 12:39:37 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/01/09 12:38:55 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2013/01/09 12:38:55 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013/01/09 12:38:51 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2013/01/09 12:38:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/01/09 12:38:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2013/01/09 12:38:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/01/09 12:38:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2013/01/09 12:38:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2013/01/09 12:38:47 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2013/01/09 12:38:47 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/01/09 12:38:47 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2013/01/09 12:38:46 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2013/01/09 12:38:46 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2013/01/09 12:38:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/01/09 12:38:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2013/01/09 12:38:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/09 12:38:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2013/01/09 12:38:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2013/01/09 12:38:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2013/01/09 12:38:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2013/01/09 12:38:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2013/01/09 12:38:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2013/01/09 12:38:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2013/01/09 12:38:42 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2013/01/09 12:38:42 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2013/01/09 12:38:41 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2013/01/09 12:38:41 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2013/01/09 12:38:40 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/01/09 12:38:38 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2013/01/09 12:38:38 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2013/01/09 12:37:43 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\System32\oflc-nz.rs
[2013/01/09 12:37:43 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\System32\csrr.rs
[2013/01/09 12:37:42 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\System32\fpb.rs
[2013/01/09 12:37:42 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\System32\cob-au.rs
[2013/01/09 12:37:41 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\System32\pegibbfc.rs
[2013/01/09 12:37:41 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\System32\usk.rs
[2013/01/09 12:37:41 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\System32\djctq.rs
[2013/01/09 12:37:40 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\System32\grb.rs
[2013/01/09 12:37:39 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi-pt.rs
[2013/01/09 12:37:39 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi.rs
[2013/01/09 12:37:38 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2013/01/09 12:37:36 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wpc.dll
[2013/01/09 12:37:24 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\System32\esrb.rs
[2013/01/09 12:37:21 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi-fi.rs
[2013/01/09 12:37:20 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\System32\oflc.rs
[2013/01/09 12:37:19 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\System32\cero.rs
[2013/01/09 12:36:32 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2013/01/09 12:36:28 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
[2012/01/16 17:22:16 | 000,293,736 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesOutlookAddIn.dll
[2012/01/16 17:22:12 | 000,421,736 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesHelper.exe
[2012/01/16 17:22:12 | 000,403,304 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesAdmin.dll
[2012/01/16 17:22:12 | 000,156,520 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesHelper.dll
[2012/01/16 17:22:12 | 000,124,776 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunesMiniPlayer.dll
[2012/01/16 17:22:08 | 009,777,000 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunes.exe
[2012/01/16 17:22:04 | 020,868,968 | ---- | C] (Apple Inc.) -- C:\Program Files\iTunes.dll
[2012/01/16 17:22:02 | 003,035,520 | ---- | C] (Gracenote, Inc.) -- C:\Program Files\gnsdk_dsp.dll
[2012/01/16 17:22:02 | 002,010,984 | ---- | C] (Apple Inc.) -- C:\Program Files\iPodUpdaterExt.dll
[2012/01/16 17:22:02 | 000,803,200 | ---- | C] (Gracenote, Inc.) -- C:\Program Files\gnsdk_sdkmanager.dll
[2012/01/16 17:22:02 | 000,287,104 | ---- | C] (Gracenote, Inc.) -- C:\Program Files\gnsdk_submit.dll
[2012/01/16 17:22:02 | 000,246,144 | ---- | C] (Gracenote, Inc.) -- C:\Program Files\gnsdk_musicid.dll
[2011/11/14 20:16:44 | 000,112,488 | ---- | C] (Apple Inc.) -- C:\Program Files\ITDetector.ocx

========== Files - Modified Within 30 Days ==========

[2013/02/04 22:03:05 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/04 22:02:57 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/02/04 22:02:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/04 12:07:38 | 000,009,728 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/04 12:07:38 | 000,009,728 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/04 11:25:05 | 000,056,992 | ---- | M] () -- C:\Users\David\Desktop\Startup and Recovery.png
[2013/02/04 10:52:00 | 000,000,820 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2013/02/04 09:46:39 | 000,236,118 | ---- | M] () -- C:\Users\David\Desktop\BlueScreenViewer.png
[2013/02/04 08:52:40 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/04 08:52:06 | 1609,375,744 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/02 17:47:14 | 000,002,039 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/02/02 17:47:11 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013/02/02 06:34:23 | 000,185,564 | ---- | M] () -- C:\Users\David\Desktop\Chrome - WTM several minutes later.png
[2013/01/31 22:57:04 | 000,007,607 | ---- | M] () -- C:\Users\David\AppData\Local\Resmon.ResmonCfg
[2013/01/31 19:09:59 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/01/31 18:32:46 | 005,029,270 | R--- | M] (Swearware) -- C:\Users\David\Desktop\ComboFix.exe
[2013/01/30 20:38:19 | 000,041,799 | ---- | M] () -- C:\Users\David\AppData\Roaming\nvModes.dat
[2013/01/30 20:38:17 | 000,041,799 | ---- | M] () -- C:\Users\David\AppData\Roaming\nvModes.001
[2013/01/29 16:59:11 | 000,000,115 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013/01/26 18:18:16 | 000,639,696 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/01/26 18:18:16 | 000,115,078 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/01/25 15:41:22 | 000,002,281 | ---- | M] () -- C:\Users\Public\Desktop\WinZip.lnk
[2013/01/24 11:44:33 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/20 13:47:29 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/01/20 13:47:29 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/01/20 13:47:14 | 015,739,912 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe
[2013/01/20 13:30:53 | 000,002,205 | ---- | M] () -- C:\Users\David\Desktop\Google Chrome.lnk
[2013/01/19 11:25:19 | 000,000,963 | ---- | M] () -- C:\Users\David\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/01/17 01:28:58 | 000,232,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2013/01/16 11:18:16 | 000,001,016 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2013/01/16 11:17:37 | 000,201,424 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2013/01/16 11:17:20 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2013/01/16 11:17:20 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2013/01/16 11:17:19 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
[2013/01/12 03:30:20 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013/01/12 03:26:19 | 000,261,024 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2013/01/12 03:26:16 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013/01/12 03:24:49 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013/01/11 10:09:46 | 000,001,017 | ---- | M] () -- C:\Users\David\Desktop\Dropbox.lnk
[2013/01/11 09:59:01 | 000,484,480 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2013/02/04 11:25:05 | 000,056,992 | ---- | C] () -- C:\Users\David\Desktop\Startup and Recovery.png
[2013/02/04 09:46:39 | 000,236,118 | ---- | C] () -- C:\Users\David\Desktop\BlueScreenViewer.png
[2013/02/02 06:34:23 | 000,185,564 | ---- | C] () -- C:\Users\David\Desktop\Chrome - WTM several minutes later.png
[2013/01/31 08:38:45 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/01/31 08:38:45 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/01/31 08:38:45 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/01/31 08:38:45 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/01/31 08:38:45 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/01/29 16:58:45 | 000,000,115 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013/01/25 15:41:22 | 000,002,281 | ---- | C] () -- C:\Users\Public\Desktop\WinZip.lnk
[2013/01/24 11:44:33 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/20 13:38:04 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/20 13:27:36 | 000,007,607 | ---- | C] () -- C:\Users\David\AppData\Local\Resmon.ResmonCfg
[2013/01/16 11:18:16 | 000,001,016 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2012/01/27 19:49:01 | 000,021,924 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2011/11/14 20:15:32 | 000,064,083 | ---- | C] () -- C:\Program Files\Acknowledgements.rtf
[2011/04/30 07:27:36 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011/04/30 07:27:36 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2010/01/30 10:11:12 | 000,025,773 | ---- | C] () -- C:\Users\David\AppData\Roaming\UserTile.png
[2009/12/08 21:14:18 | 000,000,255 | ---- | C] () -- C:\Users\David\SyncDocs.conf
[2009/03/13 16:51:59 | 000,003,272 | ---- | C] () -- C:\Users\David\TutorialOpen.xba
[2008/10/22 14:33:00 | 000,001,414 | ---- | C] () -- C:\Users\David\AppData\Roaming\wklnhst.dat
[2008/10/04 21:22:58 | 000,041,799 | ---- | C] () -- C:\Users\David\AppData\Roaming\nvModes.dat
[2008/10/04 21:22:58 | 000,041,799 | ---- | C] () -- C:\Users\David\AppData\Roaming\nvModes.001

========== ZeroAccess Check ==========

[2009/07/14 04:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 12:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 01:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/02/04 16:50:39 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\AVG10
[2012/01/27 19:19:54 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\calibre
[2012/01/27 19:19:54 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Canon
[2012/01/27 19:19:54 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\CD-LabelPrint
[2012/01/27 19:19:55 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Chilirec
[2012/01/27 19:19:57 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/01/27 19:19:57 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\DriverCure
[2013/01/30 13:55:29 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Dropbox
[2012/05/12 18:11:29 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\GARMIN
[2012/09/23 15:03:59 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\ICAClient
[2012/01/27 19:19:57 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\InterVideo
[2012/02/05 12:47:10 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\IsolatedStorage
[2012/01/27 19:20:06 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\MessengerGadget
[2012/01/27 19:20:23 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\OpenOffice.org
[2010/01/30 10:11:11 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\PeerNetworking
[2013/01/16 13:53:33 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\PrimoPDF
[2012/02/14 17:34:40 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Quo2
[2012/05/18 17:33:15 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Sony
[2012/02/05 12:44:29 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Symyx
[2012/01/31 18:14:44 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\SystemRequirementsLab
[2012/01/27 19:20:43 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Teleca
[2012/01/27 19:20:43 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Template
[2013/01/31 11:39:41 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\webex
[2012/03/06 11:28:41 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Windows Live Writer
[2012/01/27 19:20:43 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\wsInspector

========== Purity Check ==========

< End of report >


----------



## kevinf80 (Mar 21, 2006)

Do not check the box for the Automatic restart, with that unchecked you`ll see the blue screen and be able to make a note of the displayed information, specifically whatever follows this "Technical Information" after that will be ***Stop: then a code of digits
If we do get another BSOD post the BSV log, also zip up and attach the file from minidump folder. plus whatever is displayed on the BSOD....

OK run otl fix as follows:

Re-Run







by double left click, Vista and Widows 7 users accept UAC alert.

Under the







box at the bottom, paste in the following, start with and include the colon plus OTL . *:OTL*


```
:OTL
DRV - [2010/09/07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/03/10 10:36:36 | 000,217,032 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\PCTCore.sys -- (PCTCore)
:Files
ipconfig /flushdns /c
:Commands
[emptytemp]
[CREATERESTOREPOINT]
```

Then click







button at the top
Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
Please post that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
If you are asked to reboot the machine choose *Yes*. In this case, after the reboot, open Notepad (Start > All Programs > Accessories > Notepad), click File > Open, in the File Name box enter **.log* and press the Enter key, navigate to the *C:\_OTL\MovedFiles folder*, and open the newest *.log* file present, and copy/paste the contents of that document back here in your next post.


----------



## STIG_DH (Jan 25, 2013)

Kevin
I've unchecked the auto restart box on Start Up and Recovery, performed an OTL fix using your code.
OTL completed, and requested a reboot to finish the moves.

AS before, a BSOD event resulted but this time was able to abstract the technical information. (The PC is currently going through startup repair, and will pull off any log files I can find).

In the meantime, here is the Technical Information from the BSOD:

xxx STOP: 0x0000007B (0x80786B50, 0xC0000034, 0x00000000, 0x00000000)

There are other instructions re what to do (eg remove newly installed hard drives or hard drive controllers, check hard drive is properly configured and terminated etc etc)

I hope the technical information is more illuminating this time! Will let you know whether I can recover any MiniDump log files

David


----------



## STIG_DH (Jan 25, 2013)

Kevin
the PC has gone through 2 reboots for a Startup Repair. Previously only 1 was required.
I'm afraid that I get a report to say Startup Repair cannot repair this computer automatically.

I get some problem details and the option to send information about problem to microsoft.

Problem signature:
Problem Event Name: StartupRepairOffline
Problem Signature 01: 6.1.7600.16385
Problem Signature 02: 6.1.7600.16385
Problem Signature 03: unknown
Problem Signature 04: 21200257
Problem Signature 05: AutoFailover
Problem Signature 06: 2
Problem Signature 07: NoRootCause
OS Version: 6.1.7600.2.0.0.256.1
Locale ID: 1033

I've left PC on at present on this screen.

What should I do now? Is it possible to force a restore point?

David


----------



## kevinf80 (Mar 21, 2006)

Re-boot the PC one more time, continuously tap the F8 key until you see the Windows Advanced Option Menu, from there select "Last Known Good configuration" hit the enter key then follow the prompts....


----------



## STIG_DH (Jan 25, 2013)

I've got advanced boot options - not sure which to select but suspect it is one of these....

Repair Your Computer

Safe Mode

Start Windows Normally

Thanks


----------



## STIG_DH (Jan 25, 2013)

Sorry - what I should have said is that the option was there and I needed to either
Start Normally or Startup Repair. As it happens, the Startup Repair has kicked in so lets see where it takes us this time.....


----------



## STIG_DH (Jan 25, 2013)

Kevin

I'm back to where I was - ie Startup Repair saying that "windows cannot repair this computer automatically"
I have the identical screen to before.

David


----------



## STIG_DH (Jan 25, 2013)

There is a View diagnostic and repair details link in Startup Repair.

It says 

Number of repair attempts: 3

Number of root causes = 1

All tests specified were completed successfully,
then
Root Cause found:
Unspecified changes to system configuration might have caused the problem.

Repair action: System Restore
Result: Completed successfully. Error code - 0x0
Time taken = 516878 ms

Repair action: System files integrity check and repair
Result: Failed. Error code - 0x490
Time taken = 926225 ms

I also have a link to
View advanced options for system recovery and support

Do you want me to report back what is in this?

David


----------



## kevinf80 (Mar 21, 2006)

Are you able to boot successfully, can you run Bluescreen viewer and also zip up and attach minidump file?


----------



## STIG_DH (Jan 25, 2013)

Kevin
I can't reboot.at all.
1) If I start up the BSOD appears - this is the Technical Information from the BSOD:

xxx STOP: 0x0000007B (0x80786B50, 0xC0000034, 0x00000000, 0x00000000)

2) If I interrupt startup with repeated F8 and go to "Last Known Good configuration"
It attempts Startup Repair which fails

What can I do??? How can I force a restore point?


----------



## kevinf80 (Mar 21, 2006)

Do the following with the Installation CD inserted:

*To enter System Recovery Options by using Windows installation disc:*

Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click *Repair your computer*.
Select *Your Country* as the keyboard language settings, and then click *Next*.
Select the operating system you want to repair, and then click *Next*.
Select your user account and click *Next*.

*On the System Recovery Options menu you will get the following options:*
*Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt*

Select *System Restore* then follow the onscreen prompts....

Kevin


----------



## STIG_DH (Jan 25, 2013)

Kevin

I have an all-in-one PC was originally had Vista installed. I upgraded this to Windows 7. Is the Windows 7 upgrade installation disc the one I require? I don't think I have / had an installation disk for Vista when I purchased the PC

David


----------



## STIG_DH (Jan 25, 2013)

A little more info:
The All-in-one had a partitioned drive and I'm sure that I didn't have a Windows Vista install disc pre-supplied. It looks like I should have made one from the partitioned drive.
I purchased a Windows 7 Home Premium Upgrade disc. I've done a little searching and it may be that I can do a reinstall from an upgrade DVD. 
Is that your view?

David


----------



## kevinf80 (Mar 21, 2006)

I believe a re-install is the best option, the crash code is more generic than specific so does not give us any idea of a fix. Tell me how you get on...


----------



## STIG_DH (Jan 25, 2013)

Kevin - I understand the need for reinstall.
Can you set my mind at rest on a couple of things:
I should be able to do reinstall using my Windows 7 upgrade DVD (it did after all upgrade Windows Vista to my current operating platform) and using your previous instructions
Reinstall should leave all files / folders / bookmarks / passwords in place (I have a back-up of all my files and folders in any case)
Thanks David


----------



## kevinf80 (Mar 21, 2006)

We are not dealing with a malware issue, the problem is system damage. I believe this is down to remnant drivers we try to remove, specifically related to PCTools that was tied into system kernel and boot option.
You already did the upgrade once successfully, to do that again with the upgrade CD would mean a factory reset to Vista from the recovery partition, then an upgrade to Windows 7 again from the upgrade CD. All files data etc etc would be lost.

Read the reply to the initial question Here:

http://answers.microsoft.com/en-us/...indows-7/aeccf274-90ef-4c0f-b6e7-2da17d6ea7cf


----------



## STIG_DH (Jan 25, 2013)

Kevin

long time no hear (from me)
I'm back to the Board again after having the PC recovered (but not using a full reinstall) so I can access the systems again. I had to leave the PC in PCWorld for a week, and was then in the Lakes for some welcome rest and relaxation.

Are you still up for some fixing of residual PC system damage?

I can start up the computer (it works quite smoothly).
I can access desktop and internet. 
However the PC is still unstable - just trying to fire up word results in a BSOD, and Windows has to undertake a Recovery.

Now I have a Minidump file from earlier today (022113-30700-01.dmp), but cannot send this to a compressed folder for you to view. When I attempt this, I am given an error saying 'files not found or no read permission'. I haven't downloaded a Microsoft debugging tool to read minidump files, as I'm a bit concerned about the system stability and would prefer to hear your opinion on how to send this to you.

I have attached the accompanying Windows Recovery Screen as confirmation of the above.

Thanks

Problem signature:
Problem Event Name:	BlueScreen
OS Version:	6.1.7601.2.1.0.768.3
Locale ID:	2057

Additional information about the problem:
BCCode:	44
BCP1:	887925B8
BCP2:	00000EAE
BCP3:	00000000
BCP4:	00000000
OS Version:	6_1_7601
Service Pack:	1_0
Product:	768_1

Files that help describe the problem:
C:\Windows\Minidump\022113-30700-01.dmp
C:\Users\David\AppData\Local\temp\WER-138482-0.sysdata.xml

Read our privacy statement online:
http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409

If the online privacy statement is not available, please read our privacy statement offline:
C:\Windows\system32\en-US\erofflps.txt


----------



## kevinf80 (Mar 21, 2006)

You loss me off, we are not dealing with a malware issue. The PC has been back to PC World for repairs, still issues with BSOD. What exactly did PCWorld do??
I need to see the mini dump file so a reason for the BSOD can be found, or maybe run Blue Screen Viewer and post that log. 
If you are logged in with Admin status I do not see why the mini dump file cannot be zipped up and attached to your reply. Are you able to navigate to the file, right click and select "Copy" navigate back to Desktop, right click in open space and select "Paste" then zip up that copied file and attach it


----------



## STIG_DH (Jan 25, 2013)

Kevin

I'm sorry that you have gotten so exasperated with me. I am technically inept, but your frustrations also come from the fact that what you ask for logfiles etc don't play out as expected. eg: minidump files following the BSOD events we were triggering. By the time we had reset minidump settings, the PC had become unstable and I couldn't boot up at all.

I know there isn't/wasn't a malware issue - i asked you this early on.
I know that we were dealing with remnants and fragments that impaired performance - you had told me this. And that two fragments in particular had been removed several times, but system restore following BSOD kept reinstating them.
I can confirm that your fixes were improving performance, but in parallel the PC stability was reducing and BSOD events appearing.

When I became unable to boot up, you instructed me to do a clean install from the windows installation disc. I realised that although I had a recovery partition, I needed to have made recovery discs. I had no option but to go to PCWorld (where i bought the PC from several years ago) asking for a clean install and updating to windows 7 using my upgrade discs.

PCWorld phoned me to ask if I wanted to clean install, or recover what i had, as they could do the latter. I opted for the latter. By and large things are working, but the system is still unstable ( I can only say is their diagnostics may have made some repairs but they otherwise expected things to be ok and I haven't gone back to them).

If you prefer me to go away, then so be it. I would like you to sit it out if you can - you have been helping me and have an understanding of the problems. Thanks.

*Update and bsv file*

I haven't had a further BSOD since I first booted up after PCWorld, though do think I could easily trigger one.

I can't open the mindump file as you expect I should, even though I have administrator rights. I can navigate to the file, copy and try to paste to desktop (but again have an issue as it says I have no administrator rights). I have got the .dmp file on my desktop (size 142kB) but can't zip it up. I can post as an attachment if requested. (I recently had a free trial version of winzip now terminated - don't know if this may be partially responsible)

I have run bluescreenviewer and now have an output. I've appended this below. It is what you would expect?

David

*bsv 21st Feb*

==================================================
Filename : iaStor.sys
Address In Stack : iaStor.sys+29c7
From Address : 0x89032000
To Address : 0x890f0000
Size : 0x000be000
Time Stamp : 0x45d0d237
Time String : 12/02/2007 20:46:47
Product Name : Intel Matrix Storage Manager driver
File Description : Intel Matrix Storage Manager driver - ia32
File Version : 7.0.0.1020
Company : Intel Corporation
Full Path : C:\Windows\system32\drivers\iaStor.sys
==================================================

==================================================
Filename : ntoskrnl.exe
Address In Stack : ntoskrnl.exe+128ac8
From Address : 0x83003000
To Address : 0x83416000
Size : 0x00413000
Time Stamp : 0x503f7f43
Time String : 30/08/2012 14:57:07
Product Name : Microsoft® Windows® Operating System
File Description : NT Kernel & System
File Version : 6.1.7601.18044 (win7sp1_gdr.130104-1431)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\ntoskrnl.exe
==================================================

==================================================
Filename : hal.dll
Address In Stack : 
From Address : 0x83416000
To Address : 0x8344d000
Size : 0x00037000
Time Stamp : 0x4ce788d2
Time String : 20/11/2010 08:37:38
Product Name : Microsoft® Windows® Operating System
File Description : Hardware Abstraction Layer DLL
File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\hal.dll
==================================================

==================================================
Filename : kdcom.dll
Address In Stack : 
From Address : 0x80bbf000
To Address : 0x80bc7000
Size : 0x00008000
Time Stamp : 0x4a5bdaaa
Time String : 14/07/2009 01:08:58
Product Name : Microsoft® Windows® Operating System
File Description : Serial Kernel Debugger
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\kdcom.dll
==================================================

==================================================
Filename : mcupdate.dll
Address In Stack : 
From Address : 0x83601000
To Address : 0x83686000
Size : 0x00085000
Time Stamp : 0x4ce7b876
Time String : 20/11/2010 12:00:54
Product Name : 
File Description : 
File Version : 
Company : 
Full Path : 
==================================================

==================================================
Filename : PSHED.dll
Address In Stack : 
From Address : 0x83686000
To Address : 0x83697000
Size : 0x00011000
Time Stamp : 0x4a5bdad0
Time String : 14/07/2009 01:09:36
Product Name : Microsoft® Windows® Operating System
File Description : Platform Specific Hardware Error Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\PSHED.dll
==================================================

==================================================
Filename : BOOTVID.dll
Address In Stack : 
From Address : 0x83697000
To Address : 0x8369f000
Size : 0x00008000
Time Stamp : 0x4a5bd9a2
Time String : 14/07/2009 01:04:34
Product Name : Microsoft® Windows® Operating System
File Description : VGA Boot Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\BOOTVID.dll
==================================================

==================================================
Filename : CLFS.SYS
Address In Stack : 
From Address : 0x8369f000
To Address : 0x836e1000
Size : 0x00042000
Time Stamp : 0x4a5bbf0e
Time String : 13/07/2009 23:11:10
Product Name : Microsoft® Windows® Operating System
File Description : Common Log File System Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\CLFS.SYS
==================================================

==================================================
Filename : CI.dll
Address In Stack : 
From Address : 0x836e1000
To Address : 0x8378c000
Size : 0x000ab000
Time Stamp : 0x4ce7b97d
Time String : 20/11/2010 12:05:17
Product Name : Microsoft® Windows® Operating System
File Description : Code Integrity Module
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\CI.dll
==================================================

==================================================
Filename : Wdf01000.sys
Address In Stack : 
From Address : 0x88e12000
To Address : 0x88e93000
Size : 0x00081000
Time Stamp : 0x5010ac41
Time String : 26/07/2012 02:32:33
Product Name : Microsoft® Windows® Operating System
File Description : Kernel Mode Driver Framework Runtime
File Version : 1.11.9200.16384 (win8_rtm.120725-1247)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\Wdf01000.sys
==================================================

==================================================
Filename : WDFLDR.SYS
Address In Stack : 
From Address : 0x88e93000
To Address : 0x88ea1000
Size : 0x0000e000
Time Stamp : 0x5010ad36
Time String : 26/07/2012 02:36:38
Product Name : Microsoft® Windows® Operating System
File Description : Kernel Mode Driver Framework Loader
File Version : 1.11.9200.16384 (win8_rtm.120725-1247)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\WDFLDR.SYS
==================================================

==================================================
Filename : ACPI.sys
Address In Stack : 
From Address : 0x88ea1000
To Address : 0x88ee9000
Size : 0x00048000
Time Stamp : 0x4ce788e0
Time String : 20/11/2010 08:37:52
Product Name : Microsoft® Windows® Operating System
File Description : ACPI Driver for NT
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\ACPI.sys
==================================================

==================================================
Filename : WMILIB.SYS
Address In Stack : 
From Address : 0x88ee9000
To Address : 0x88ef2000
Size : 0x00009000
Time Stamp : 0x4a5bbf1a
Time String : 13/07/2009 23:11:22
Product Name : Microsoft® Windows® Operating System
File Description : WMILIB WMI support library Dll
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\WMILIB.SYS
==================================================

==================================================
Filename : msisadrv.sys
Address In Stack : 
From Address : 0x88ef2000
To Address : 0x88efa000
Size : 0x00008000
Time Stamp : 0x4a5bbf0d
Time String : 13/07/2009 23:11:09
Product Name : Microsoft® Windows® Operating System
File Description : ISA Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\msisadrv.sys
==================================================

==================================================
Filename : pci.sys
Address In Stack : 
From Address : 0x88efa000
To Address : 0x88f24000
Size : 0x0002a000
Time Stamp : 0x4ce788e5
Time String : 20/11/2010 08:37:57
Product Name : Microsoft® Windows® Operating System
File Description : NT Plug and Play PCI Enumerator
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\pci.sys
==================================================

==================================================
Filename : vdrvroot.sys
Address In Stack : 
From Address : 0x88f24000
To Address : 0x88f2f000
Size : 0x0000b000
Time Stamp : 0x4a5bc74b
Time String : 13/07/2009 23:46:19
Product Name : Microsoft® Windows® Operating System
File Description : Virtual Drive Root Enumerator
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\vdrvroot.sys
==================================================

==================================================
Filename : partmgr.sys
Address In Stack : 
From Address : 0x88f2f000
To Address : 0x88f40000
Size : 0x00011000
Time Stamp : 0x4f641b0c
Time String : 17/03/2012 05:03:08
Product Name : Microsoft® Windows® Operating System
File Description : Partition Management Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\partmgr.sys
==================================================

==================================================
Filename : volmgr.sys
Address In Stack : 
From Address : 0x88f40000
To Address : 0x88f50000
Size : 0x00010000
Time Stamp : 0x4ce788ee
Time String : 20/11/2010 08:38:06
Product Name : Microsoft® Windows® Operating System
File Description : Volume Manager Driver
File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\volmgr.sys
==================================================

==================================================
Filename : volmgrx.sys
Address In Stack : 
From Address : 0x88f50000
To Address : 0x88f9b000
Size : 0x0004b000
Time Stamp : 0x4a5bbf2d
Time String : 13/07/2009 23:11:41
Product Name : Microsoft® Windows® Operating System
File Description : Volume Manager Extension Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\volmgrx.sys
==================================================

==================================================
Filename : intelide.sys
Address In Stack : 
From Address : 0x88f9b000
To Address : 0x88fa2000
Size : 0x00007000
Time Stamp : 0x4a5bbf17
Time String : 13/07/2009 23:11:19
Product Name : Microsoft® Windows® Operating System
File Description : Intel PCI IDE Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\intelide.sys
==================================================

==================================================
Filename : PCIIDEX.SYS
Address In Stack : 
From Address : 0x88fa2000
To Address : 0x88fb0000
Size : 0x0000e000
Time Stamp : 0x4a5bbf13
Time String : 13/07/2009 23:11:15
Product Name : Microsoft® Windows® Operating System
File Description : PCI IDE Bus Driver Extension
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\PCIIDEX.SYS
==================================================

==================================================
Filename : pcmcia.sys
Address In Stack : 
From Address : 0x88fb0000
To Address : 0x88fde000
Size : 0x0002e000
Time Stamp : 0x4a5bc101
Time String : 13/07/2009 23:19:29
Product Name : Microsoft® Windows® Operating System
File Description : PCMCIA Bus Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\pcmcia.sys
==================================================

==================================================
Filename : mountmgr.sys
Address In Stack : 
From Address : 0x88fde000
To Address : 0x88ff4000
Size : 0x00016000
Time Stamp : 0x4ce788f1
Time String : 20/11/2010 08:38:09
Product Name : Microsoft® Windows® Operating System
File Description : Mount Point Manager
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\mountmgr.sys
==================================================

==================================================
Filename : atapi.sys
Address In Stack : 
From Address : 0x890f0000
To Address : 0x890f9000
Size : 0x00009000
Time Stamp : 0x4a5bbf13
Time String : 13/07/2009 23:11:15
Product Name : Microsoft® Windows® Operating System
File Description : ATAPI IDE Miniport Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\atapi.sys
==================================================

==================================================
Filename : ataport.SYS
Address In Stack : 
From Address : 0x890f9000
To Address : 0x8911c000
Size : 0x00023000
Time Stamp : 0x4ce788e8
Time String : 20/11/2010 08:38:00
Product Name : Microsoft® Windows® Operating System
File Description : ATAPI Driver Extension
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\ataport.SYS
==================================================

==================================================
Filename : amdxata.sys
Address In Stack : 
From Address : 0x8911c000
To Address : 0x89125000
Size : 0x00009000
Time Stamp : 0x4ba3a3f5
Time String : 19/03/2010 16:19:01
Product Name : Storage Filter Driver
File Description : Storage Filter Driver
File Version : 1.1.2.5 (NT.091202-1711)
Company : Advanced Micro Devices
Full Path : C:\Windows\system32\drivers\amdxata.sys
==================================================

==================================================
Filename : fltmgr.sys
Address In Stack : 
From Address : 0x89125000
To Address : 0x89159000
Size : 0x00034000
Time Stamp : 0x4a5bbf11
Time String : 13/07/2009 23:11:13
Product Name : Microsoft® Windows® Operating System
File Description : Microsoft Filesystem Filter Manager
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\fltmgr.sys
==================================================

==================================================
Filename : fileinfo.sys
Address In Stack : 
From Address : 0x89159000
To Address : 0x8916a000
Size : 0x00011000
Time Stamp : 0x4a5bc18f
Time String : 13/07/2009 23:21:51
Product Name : Microsoft® Windows® Operating System
File Description : FileInfo Filter Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\fileinfo.sys
==================================================

==================================================
Filename : PCTCore.sys
Address In Stack : 
From Address : 0x8916a000
To Address : 0x891a2000
Size : 0x00038000
Time Stamp : 0x4b96e6f7
Time String : 10/03/2010 00:25:27
Product Name : Kernel Driver Suite
File Description : PC Tools KDS Core Driver
File Version : 2.0.0.35 built by: WinDDK
Company : PC Tools
Full Path : C:\Windows\system32\drivers\PCTCore.sys
==================================================

==================================================
Filename : PxHelp20.sys
Address In Stack : 
From Address : 0x891a2000
To Address : 0x891ab4c0
Size : 0x000094c0
Time Stamp : 0x4addfa1e
Time String : 20/10/2009 17:57:50
Product Name : PxHelp20
File Description : Px Engine Device Driver for Windows 2000/XP
File Version : 3.00.93.0
Company : Sonic Solutions
Full Path : C:\Windows\system32\drivers\PxHelp20.sys
==================================================

==================================================
Filename : Ntfs.sys
Address In Stack : 
From Address : 0x89215000
To Address : 0x89344000
Size : 0x0012f000
Time Stamp : 0x5040cf60
Time String : 31/08/2012 14:51:12
Product Name : Microsoft® Windows® Operating System
File Description : NT File System Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\Ntfs.sys
==================================================

==================================================
Filename : msrpc.sys
Address In Stack : 
From Address : 0x89344000
To Address : 0x8936f000
Size : 0x0002b000
Time Stamp : 0x4a5bbf3f
Time String : 13/07/2009 23:11:59
Product Name : Microsoft® Windows® Operating System
File Description : Kernel Remote Procedure Call Provider
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\msrpc.sys
==================================================

==================================================
Filename : ksecdd.sys
Address In Stack : 
From Address : 0x8936f000
To Address : 0x89382000
Size : 0x00013000
Time Stamp : 0x4fc9799f
Time String : 02/06/2012 02:25:35
Product Name : Microsoft® Windows® Operating System
File Description : Kernel Security Support Provider Interface
File Version : 6.1.7601.17856 (win7sp1_gdr.120601-1505)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\ksecdd.sys
==================================================

==================================================
Filename : cng.sys
Address In Stack : 
From Address : 0x89382000
To Address : 0x893df000
Size : 0x0005d000
Time Stamp : 0x4fc97e8e
Time String : 02/06/2012 02:46:38
Product Name : Microsoft® Windows® Operating System
File Description : Kernel Cryptography, Next Generation
File Version : 6.1.7601.17856 (win7sp1_gdr.120601-1505)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\cng.sys
==================================================

==================================================
Filename : pcw.sys
Address In Stack : 
From Address : 0x893df000
To Address : 0x893ed000
Size : 0x0000e000
Time Stamp : 0x4a5bbf0e
Time String : 13/07/2009 23:11:10
Product Name : Microsoft® Windows® Operating System
File Description : Performance Counters for Windows Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\pcw.sys
==================================================

==================================================
Filename : Fs_Rec.sys
Address In Stack : 
From Address : 0x893ed000
To Address : 0x893f6000
Size : 0x00009000
Time Stamp : 0x4f4eeb36
Time String : 01/03/2012 03:21:26
Product Name : Microsoft® Windows® Operating System
File Description : File System Recognizer Driver
File Version : 6.1.7601.17787 (win7sp1_gdr.120229-1502)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\Fs_Rec.sys
==================================================

==================================================
Filename : ndis.sys
Address In Stack : 
From Address : 0x89415000
To Address : 0x894cc000
Size : 0x000b7000
Time Stamp : 0x5034f1da
Time String : 22/08/2012 14:51:06
Product Name : Microsoft® Windows® Operating System
File Description : NDIS 6.20 driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\ndis.sys
==================================================

==================================================
Filename : NETIO.SYS
Address In Stack : 
From Address : 0x894cc000
To Address : 0x8950a000
Size : 0x0003e000
Time Stamp : 0x5034f1ea
Time String : 22/08/2012 14:51:22
Product Name : Microsoft® Windows® Operating System
File Description : Network I/O Subsystem
File Version : 6.1.7601.17939 (win7sp1_gdr.120822-0331)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\NETIO.SYS
==================================================

==================================================
Filename : ksecpkg.sys
Address In Stack : 
From Address : 0x8950a000
To Address : 0x8952f000
Size : 0x00025000
Time Stamp : 0x4fc97ecc
Time String : 02/06/2012 02:47:40
Product Name : Microsoft® Windows® Operating System
File Description : Kernel Security Support Provider Interface Packages
File Version : 6.1.7601.17856 (win7sp1_gdr.120601-1505)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\ksecpkg.sys
==================================================

==================================================
Filename : tcpip.sys
Address In Stack : 
From Address : 0x8963d000
To Address : 0x89789000
Size : 0x0014c000
Time Stamp : 0x506c4ddf
Time String : 03/10/2012 14:38:23
Product Name : Microsoft® Windows® Operating System
File Description : TCP/IP Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\tcpip.sys
==================================================

==================================================
Filename : fwpkclnt.sys
Address In Stack : 
From Address : 0x89789000
To Address : 0x897ba000
Size : 0x00031000
Time Stamp : 0x5034f1ca
Time String : 22/08/2012 14:50:50
Product Name : Microsoft® Windows® Operating System
File Description : FWP/IPsec Kernel-Mode API
File Version : 6.1.7601.18042 (win7sp1_gdr.130102-1436)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\fwpkclnt.sys
==================================================

==================================================
Filename : volsnap.sys
Address In Stack : 
From Address : 0x897ba000
To Address : 0x897f9000
Size : 0x0003f000
Time Stamp : 0x4ce788f5
Time String : 20/11/2010 08:38:13
Product Name : Microsoft® Windows® Operating System
File Description : Volume Shadow Copy Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\volsnap.sys
==================================================

==================================================
Filename : spldr.sys
Address In Stack : 
From Address : 0x89600000
To Address : 0x89608000
Size : 0x00008000
Time Stamp : 0x4a084ebb
Time String : 11/05/2009 16:13:47
Product Name : Microsoft® Windows® Operating System
File Description : loader for security processor
File Version : 6.1.7127.0 (fbl_security_bugfix(sepbld-s).090511-0900)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\spldr.sys
==================================================

==================================================
Filename  : rdyboost.sys
Address In Stack : 
From Address : 0x89608000
To Address : 0x89635000
Size : 0x0002d000
Time Stamp : 0x4ce78e17
Time String : 20/11/2010 09:00:07
Product Name : Microsoft® Windows® Operating System
File Description : ReadyBoost Driver
File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\rdyboost.sys
==================================================

==================================================
Filename : mup.sys
Address In Stack : 
From Address : 0x8952f000
To Address : 0x8953f000
Size : 0x00010000
Time Stamp : 0x4a5bbfc6
Time String : 13/07/2009 23:14:14
Product Name : Microsoft® Windows® Operating System
File Description : Multiple UNC Provider Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\mup.sys
==================================================

==================================================
Filename : hwpolicy.sys
Address In Stack : 
From Address : 0x89635000
To Address : 0x8963d000
Size : 0x00008000
Time Stamp : 0x4ce788cf
Time String : 20/11/2010 08:37:35
Product Name : Microsoft® Windows® Operating System
File Description : Hardware Policy Driver
File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\hwpolicy.sys
==================================================

==================================================
Filename : fvevol.sys
Address In Stack : 
From Address : 0x8953f000
To Address : 0x89571000
Size : 0x00032000
Time Stamp : 0x4ce78976
Time String : 20/11/2010 08:40:22
Product Name : Microsoft® Windows® Operating System
File Description : BitLocker Drive Encryption Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\fvevol.sys
==================================================

==================================================
Filename : disk.sys
Address In Stack : 
From Address : 0x89571000
To Address : 0x89582000
Size : 0x00011000
Time Stamp : 0x4a5bbf20
Time String : 13/07/2009 23:11:28
Product Name : Microsoft® Windows® Operating System
File Description : PnP Disk Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\disk.sys
==================================================

==================================================
Filename : CLASSPNP.SYS
Address In Stack : 
From Address : 0x89582000
To Address : 0x895a7000
Size : 0x00025000
Time Stamp : 0x4a5bbf18
Time String : 13/07/2009 23:11:20
Product Name : Microsoft® Windows® Operating System
File Description : SCSI Class System Dll
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\CLASSPNP.SYS
==================================================

==================================================
Filename : cdrom.sys
Address In Stack : 
From Address : 0x8eae9000
To Address : 0x8eb08000
Size : 0x0001f000
Time Stamp : 0x4ce788f1
Time String : 20/11/2010 08:38:09
Product Name : Microsoft® Windows® Operating System
File Description : SCSI CD-ROM Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\cdrom.sys
==================================================

==================================================
Filename : aswSnx.SYS
Address In Stack : 
From Address : 0x8eb08000
To Address : 0x8ebc0000
Size : 0x000b8000
Time Stamp : 0x5090582a
Time String : 30/10/2012 22:43:54
Product Name : avast! Antivirus
File Description : avast! Virtualization Driver
File Version : 7.0.1474.765
Company : AVAST Software
Full Path : C:\Windows\system32\drivers\aswSnx.SYS
==================================================

==================================================
Filename : avgmfx86.sys
Address In Stack : 
From Address : 0x8ebc0000
To Address : 0x8ebcc000
Size : 0x0000c000
Time Stamp : 0x4c858bc1
Time String : 07/09/2010 00:48:01
Product Name : AVG Internet Security
File Description : AVG Resident Shield Minifilter Driver
File Version : 10.0.0.1105
Company : AVG Technologies CZ, s.r.o.
Full Path : C:\Windows\system32\drivers\avgmfx86.sys
==================================================

==================================================
Filename : Null.SYS
Address In Stack : 
From Address : 0x8ebcc000
To Address : 0x8ebd3000
Size : 0x00007000
Time Stamp : 0x4a5bbf10
Time String : 13/07/2009 23:11:12
Product Name : Microsoft® Windows® Operating System
File Description : NULL Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\Null.SYS
==================================================

==================================================
Filename : Beep.SYS
Address In Stack : 
From Address : 0x8ebd3000
To Address : 0x8ebda000
Size : 0x00007000
Time Stamp : 0x4a5bc6fc
Time String : 13/07/2009 23:45:00
Product Name : Microsoft® Windows® Operating System
File Description : BEEP Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\Beep.SYS
==================================================

==================================================
Filename : vga.sys
Address In Stack : 
From Address : 0x8ebda000
To Address : 0x8ebe6000
Size : 0x0000c000
Time Stamp : 0x4a5bc27e
Time String : 13/07/2009 23:25:50
Product Name : Microsoft® Windows® Operating System
File Description : VGA/Super VGA Video Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\vga.sys
==================================================

==================================================
Filename : VIDEOPRT.SYS
Address In Stack : 
From Address : 0x895b4000
To Address : 0x895d5000
Size : 0x00021000
Time Stamp : 0x4a5bc27d
Time String : 13/07/2009 23:25:49
Product Name : Microsoft® Windows® Operating System
File Description : Video Port Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\VIDEOPRT.SYS
==================================================

==================================================
Filename : watchdog.sys
Address In Stack : 
From Address : 0x8ebe6000
To Address : 0x8ebf3000
Size : 0x0000d000
Time Stamp : 0x4a5bc21a
Time String : 13/07/2009 23:24:10
Product Name : Microsoft® Windows® Operating System
File Description : Watchdog Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\watchdog.sys
==================================================

==================================================
Filename : RDPCDD.sys
Address In Stack : 
From Address : 0x8ebf3000
To Address : 0x8ebfb000
Size : 0x00008000
Time Stamp : 0x4ce7a15b
Time String : 20/11/2010 10:22:19
Product Name : Microsoft® Windows® Operating System
File Description : RDP Miniport
File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\RDPCDD.sys
==================================================

==================================================
Filename : rdpencdd.sys
Address In Stack : 
From Address : 0x8ea00000
To Address : 0x8ea08000
Size : 0x00008000
Time Stamp : 0x4a5bcae3
Time String : 14/07/2009 00:01:39
Product Name : Microsoft® Windows® Operating System
File Description : RDP Encoder Miniport
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\rdpencdd.sys
==================================================

==================================================
Filename : rdprefmp.sys
Address In Stack : 
From Address : 0x8ea08000
To Address : 0x8ea10000
Size : 0x00008000
Time Stamp : 0x4a5bcae5
Time String : 14/07/2009 00:01:41
Product Name : Microsoft® Windows® Operating System
File Description : RDP Reflector Driver Miniport
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\rdprefmp.sys
==================================================

==================================================
Filename : Msfs.SYS
Address In Stack : 
From Address : 0x895d5000
To Address : 0x895e0000
Size : 0x0000b000
Time Stamp : 0x4a5bbf1e
Time String : 13/07/2009 23:11:26
Product Name : Microsoft® Windows® Operating System
File Description : Mailslot driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\Msfs.SYS
==================================================

==================================================
Filename : Npfs.SYS
Address In Stack : 
From Address : 0x895e0000
To Address : 0x895ee000
Size : 0x0000e000
Time Stamp : 0x4a5bbf23
Time String : 13/07/2009 23:11:31
Product Name : Microsoft® Windows® Operating System
File Description  : NPFS Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\Npfs.SYS
==================================================

==================================================
Filename : tdx.sys
Address In Stack : 
From Address : 0x891ac000
To Address : 0x891c3000
Size : 0x00017000
Time Stamp : 0x4ce78935
Time String : 20/11/2010 08:39:17
Product Name : Microsoft® Windows® Operating System
File Description : TDI Translation Driver
File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\tdx.sys
==================================================

==================================================
Filename : TDI.SYS
Address In Stack : 
From Address : 0x895ee000
To Address : 0x895fa000
Size : 0x0000c000
Time Stamp : 0x4ce78936
Time String : 20/11/2010 08:39:18
Product Name : Microsoft® Windows® Operating System
File Description : TDI Wrapper
File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\TDI.SYS
==================================================

==================================================
Filename : aswTdi.SYS
Address In Stack : 
From Address : 0x89400000
To Address : 0x8940b100
Size : 0x0000b100
Time Stamp : 0x50905802
Time String : 30/10/2012 22:43:14
Product Name : avast! Antivirus
File Description : avast! TDI Filter Driver
File Version : 7.0.1474.765 built by: WinDDK
Company : AVAST Software
Full Path : C:\Windows\system32\drivers\aswTdi.SYS
==================================================

==================================================
Filename : afd.sys
Address In Stack : 
From Address : 0x8378c000
To Address : 0x837e6000
Size : 0x0005a000
Time Stamp : 0x4db4d9d8
Time String : 25/04/2011 02:18:00
Product Name : Microsoft® Windows® Operating System
File Description : Ancillary Function Driver for WinSock
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\afd.sys
==================================================

==================================================
Filename : aswrdr2.sys
Address In Stack : 
From Address : 0x89200000
To Address : 0x8920d000
Size : 0x0000d000
Time Stamp : 0x50757546
Time String : 10/10/2012 13:16:54
Product Name : avast! Antivirus
File Description : avast! WFP Redirect Driver
File Version : 7.0.1469.714 built by: WinDDK
Company : AVAST Software
Full Path : C:\Windows\system32\drivers\aswrdr2.sys
==================================================

==================================================
Filename : netbt.sys
Address In Stack : 
From Address : 0x891c3000
To Address : 0x891f5000
Size : 0x00032000
Time Stamp : 0x4ce7893a
Time String : 20/11/2010 08:39:22
Product Name : Microsoft® Windows® Operating System
File Description : MBT Transport driver
File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\netbt.sys
==================================================

==================================================
Filename : ws2ifsl.sys
Address In Stack : 
From Address : 0x8ea10000
To Address : 0x8ea19000
Size : 0x00009000
Time Stamp : 0x4a5bc955
Time String : 13/07/2009 23:55:01
Product Name : Microsoft® Windows® Operating System
File Description : Winsock2 IFS Layer
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\ws2ifsl.sys
==================================================

==================================================
Filename : wfplwf.sys
Address In Stack : 
From Address : 0x897f9000
To Address : 0x89800000
Size : 0x00007000
Time Stamp : 0x4a5bc90f
Time String : 13/07/2009 23:53:51
Product Name : Microsoft® Windows® Operating System
File Description : WFP NDIS 6.20 Lightweight Filter Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\wfplwf.sys
==================================================

==================================================
Filename : pacer.sys
Address In Stack : 
From Address : 0x89000000
To Address : 0x8901f000
Size : 0x0001f000
Time Stamp : 0x4a5bc916
Time String : 13/07/2009 23:53:58
Product Name : Microsoft® Windows® Operating System
File Description : QoS Packet Scheduler
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\pacer.sys
==================================================

==================================================
Filename : netbios.sys
Address In Stack : 
From Address : 0x8901f000
To Address : 0x8902d000
Size : 0x0000e000
Time Stamp : 0x4a5bc912
Time String : 13/07/2009 23:53:54
Product Name : Microsoft® Windows® Operating System
File Description : NetBIOS interface driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\netbios.sys
==================================================

==================================================
Filename : wanarp.sys
Address In Stack : 
From Address : 0x837e6000
To Address : 0x837f9000
Size : 0x00013000
Time Stamp : 0x4ce79df1
Time String : 20/11/2010 10:07:45
Product Name : Microsoft® Windows® Operating System
File Description : MS Remote Access and Routing ARP Driver
File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\wanarp.sys
==================================================

==================================================
Filename : termdd.sys
Address In Stack : 
From Address : 0x88e00000
To Address : 0x88e11000
Size : 0x00011000
Time Stamp : 0x4ce7a116
Time String : 20/11/2010 10:21:10
Product Name : Microsoft® Windows® Operating System
File Description : Remote Desktop Server Driver
File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\termdd.sys
==================================================

==================================================
Filename : rdbss.sys
Address In Stack : 
From Address : 0x8f603000
To Address : 0x8f644000
Size : 0x00041000
Time Stamp : 0x4ce78a04
Time String : 20/11/2010 08:42:44
Product Name : Microsoft® Windows® Operating System
File Description : Redirected Drive Buffering SubSystem Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\rdbss.sys
==================================================

==================================================
Filename : nsiproxy.sys
Address In Stack : 
From Address : 0x8f644000
To Address : 0x8f64e000
Size : 0x0000a000
Time Stamp : 0x4a5bbf48
Time String : 13/07/2009 23:12:08
Product Name : Microsoft® Windows® Operating System
File Description : NSI Proxy
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\nsiproxy.sys
==================================================

==================================================
Filename : mssmbios.sys
Address In Stack : 
From Address : 0x8f64e000
To Address : 0x8f658000
Size : 0x0000a000
Time Stamp : 0x4a5bc0fd
Time String : 13/07/2009 23:19:25
Product Name : Microsoft® Windows® Operating System
File Description : System Management BIOS Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\mssmbios.sys
==================================================

==================================================
Filename : DMICall.sys
Address In Stack : 
From Address : 0x8f658000
To Address : 0x8f658de0
Size : 0x00000de0
Time Stamp : 0x3a2c95cf
Time String : 05/12/2000 07:14:23
Product Name : Windows 2000 DMI Call Kernel Driver
File Description : Windows 2000 DMI Call Kernel Driver
File Version : 1.0.01.12050
Company : Sony Corporation
Full Path : C:\Windows\system32\drivers\DMICall.sys
==================================================

==================================================
Filename : discache.sys
Address In Stack : 
From Address : 0x8f659000
To Address : 0x8f665000
Size : 0x0000c000
Time Stamp : 0x4a5bc214
Time String : 13/07/2009 23:24:04
Product Name : Microsoft® Windows® Operating System
File Description : System Indexer/Cache Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\discache.sys
==================================================

==================================================
Filename : dfsc.sys
Address In Stack : 
From Address : 0x8f665000
To Address : 0x8f67d000
Size : 0x00018000
Time Stamp : 0x4ce789f8
Time String : 20/11/2010 08:42:32
Product Name : Microsoft® Windows® Operating System
File Description : DFS Namespace Client Driver
File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\dfsc.sys
==================================================

==================================================
Filename : ctxusbm.sys
Address In Stack : 
From Address : 0x8f67d000
To Address : 0x8f691000
Size : 0x00014000
Time Stamp : 0x4aa549ee
Time String : 07/09/2009 17:59:10
Product Name : Citrix ICA Client
File Description : Citrix USB Filter Driver
File Version : 11.2.0.31337
Company : Citrix Systems, Inc.
Full Path : C:\Windows\system32\drivers\ctxusbm.sys
==================================================

==================================================
Filename : blbdrive.sys
Address In Stack : 
From Address : 0x8f691000
To Address : 0x8f69f000
Size : 0x0000e000
Time Stamp : 0x4a5bc1d8
Time String : 13/07/2009 23:23:04
Product Name : Microsoft® Windows® Operating System
File Description : BLB Drive Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\blbdrive.sys
==================================================

==================================================
Filename : aswSP.SYS
Address In Stack : 
From Address : 0x8f69f000
To Address : 0x8f6f4880
Size : 0x00055880
Time Stamp : 0x50905821
Time String : 30/10/2012 22:43:45
Product Name : avast! Antivirus
File Description : avast! self protection module
File Version : 7.0.1474.765
Company : AVAST Software
Full Path : C:\Windows\system32\drivers\aswSP.SYS
==================================================

==================================================
Filename : tunnel.sys
Address In Stack : 
From Address : 0x8f6f5000
To Address : 0x8f716000
Size : 0x00021000
Time Stamp : 0x4ce79db0
Time String : 20/11/2010 10:06:40
Product Name : Microsoft® Windows® Operating System
File Description : Microsoft Tunnel Interface Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\tunnel.sys
==================================================

==================================================
Filename : intelppm.sys
Address In Stack : 
From Address : 0x8f716000
To Address : 0x8f728000
Size : 0x00012000
Time Stamp : 0x4a5bbf07
Time String : 13/07/2009 23:11:03
Product Name : Microsoft® Windows® Operating System
File Description : Processor Device Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\intelppm.sys
==================================================

==================================================
Filename : nvlddmkm.sys
Address In Stack : 
From Address : 0x9042c000
To Address : 0x90b71ea0
Size : 0x00745ea0
Time Stamp : 0x46f1ebb3
Time String : 20/09/2007 03:40:35
Product Name : NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 156.65
File Description : NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 156.65
File Version : 7.15.11.5665
Company : NVIDIA Corporation
Full Path : C:\Windows\system32\drivers\nvlddmkm.sys
==================================================

==================================================
Filename : dxgkrnl.sys
Address In Stack : 
From Address : 0x8f728000
To Address : 0x8f7df000
Size : 0x000b7000
Time Stamp : 0x4ce78ffe
Time String : 20/11/2010 09:08:14
Product Name : Microsoft® Windows® Operating System
File Description : DirectX Graphics Kernel
File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\dxgkrnl.sys
==================================================

==================================================
Filename : dxgmms1.sys
Address In Stack : 
From Address : 0x90b72000
To Address : 0x90bab000
Size : 0x00039000
Time Stamp : 0x4d4a24c1
Time String : 03/02/2011 03:45:05
Product Name : Microsoft® Windows® Operating System
File Description : DirectX Graphics MMS
File Version : 6.1.7601.17554 (win7sp1_gdr.110202-1504)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\dxgmms1.sys
==================================================

==================================================
Filename : usbuhci.sys
Address In Stack : 
From Address : 0x90bab000
To Address : 0x90bb6000
Size : 0x0000b000
Time Stamp : 0x4d8c04b4
Time String : 25/03/2011 02:57:56
Product Name : Microsoft® Windows® Operating System
File Description : UHCI USB Miniport Driver
File Version : 6.1.7601.17586 (win7sp1_gdr.110324-1501)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\usbuhci.sys
==================================================

==================================================
Filename : USBPORT.SYS
Address In Stack : 
From Address : 0x95c39000
To Address : 0x95c84000
Size : 0x0004b000
Time Stamp : 0x4d8c04bd
Time String : 25/03/2011 02:58:05
Product Name : Microsoft® Windows® Operating System
File Description : USB 1.1 & 2.0 Port Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\USBPORT.SYS
==================================================

==================================================
Filename : usbehci.sys
Address In Stack : 
From Address : 0x95c84000
To Address : 0x95c93000
Size : 0x0000f000
Time Stamp : 0x4d8c04b6
Time String : 25/03/2011 02:57:58
Product Name : Microsoft® Windows® Operating System
File Description : EHCI eUSB Miniport Driver
File Version : 6.1.7601.17586 (win7sp1_gdr.110324-1501)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\usbehci.sys
==================================================

==================================================
Filename : HDAudBus.sys
Address In Stack : 
From Address : 0x95c93000
To Address : 0x95cb2000
Size : 0x0001f000
Time Stamp : 0x4ce79c00
Time String : 20/11/2010 09:59:28
Product Name : Microsoft® Windows® Operating System
File Description : High Definition Audio Bus Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\HDAudBus.sys
==================================================

==================================================
Filename : yk62x86.sys
Address In Stack : 
From Address : 0x95cb2000
To Address : 0x95d02000
Size : 0x00050000
Time Stamp : 0x49a2b642
Time String : 23/02/2009 14:44:18
Product Name : Marvell Yukon Ethernet Controller.
File Description : Miniport Driver for Marvell Yukon Ethernet Controller.
File Version : 11.0.5.3 built by: WinDDK
Company : Marvell
Full Path : C:\Windows\system32\drivers\yk62x86.sys
==================================================

==================================================
Filename : netw5v32.sys
Address In Stack : 
From Address : 0x9663e000
To Address : 0x96a51000
Size : 0x00413000
Time Stamp : 0x49cba8fd
Time String : 26/03/2009 16:10:37
Product Name : Intel® Wireless WiFi Link Adapter
File Description : Intel® Wireless WiFi Link Driver
File Version : 12.4.1.4
Company : Intel Corporation
Full Path : C:\Windows\system32\drivers\netw5v32.sys
==================================================

==================================================
Filename : 1394ohci.sys
Address In Stack : 
From Address : 0x96a51000
To Address : 0x96a7e000
Size : 0x0002d000
Time Stamp : 0x4ce79c67
Time String : 20/11/2010 10:01:11
Product Name : Microsoft® Windows® Operating System
File Description : 1394 OpenHCI Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\1394ohci.sys
==================================================

==================================================
Filename : ti21sony.sys
Address In Stack : 
From Address : 0x96a7e000
To Address : 0x96b4a000
Size : 0x000cc000
Time Stamp : 0x462cfaa4
Time String : 23/04/2007 18:27:48
Product Name : Texas Instruments PCIxx21 PCIxx12 Integrated FlashMedia Controller
File Description : ti21sony.sys
File Version : 2.0.0.18
Company : Texas Instruments
Full Path : C:\Windows\system32\drivers\ti21sony.sys
==================================================

==================================================
Filename : AVerM115S.sys
Address In Stack : 
From Address : 0x95d02000
To Address : 0x95dcf700
Size : 0x000cd700
Time Stamp : 0x46b16482
Time String : 02/08/2007 04:58:42
Product Name : M115/M115S/A16E/M10D/M11H
File Description : AVerMedia Hybrid H/W MPEG Encoder driver
File Version : 3, 3, 23, 103
Company : AVerMedia TECHNOLOGIES, Inc.
Full Path : C:\Windows\system32\drivers\AVerM115S.sys
==================================================

==================================================
Filename : ks.sys
Address In Stack : 
From Address : 0x96b4a000
To Address : 0x96b7e000
Size : 0x00034000
Time Stamp : 0x4ce799d9
Time String : 20/11/2010 09:50:17
Product Name : Microsoft® Windows® Operating System
File Description : Kernel CSA Library
File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\ks.sys
==================================================

==================================================
Filename : BdaSup.SYS
Address In Stack : 
From Address : 0x96b7e000
To Address : 0x96b81000
Size : 0x00003000
Time Stamp : 0x4a5bc87b
Time String : 13/07/2009 23:51:23
Product Name : Microsoft® Windows® Operating System
File Description : Microsoft BDA Driver Support Library
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\BdaSup.SYS
==================================================

==================================================
Filename : SFEP.sys
Address In Stack : 
From Address : 0x96b81000
To Address : 0x96b83480
Size : 0x00002480
Time Stamp : 0x46b2bec8
Time String : 03/08/2007 05:36:08
Product Name : Sony Firmware Extension Parser driver for VAIO Series
File Description : Sony Firmware Extension Parser driver
File Version : 8.0.1.6087
Company : Sony Corporation
Full Path : C:\Windows\system32\drivers\SFEP.sys
==================================================

==================================================
Filename : GEARAspiWDM.sys
Address In Stack : 
From Address : 0x96b84000
To Address : 0x96b89280
Size : 0x00005280
Time Stamp : 0x4a1151b5
Time String : 18/05/2009 12:16:53
Product Name : CD DVD Filter
File Description : CD DVD Filter
File Version : 2.02.00.01
Company : GEAR Software Inc.
Full Path : C:\Windows\system32\drivers\GEARAspiWDM.sys
==================================================

==================================================
Filename : CompositeBus.sys
Address In Stack : 
From Address : 0x96b8a000
To Address : 0x96b97000
Size : 0x0000d000
Time Stamp : 0x4ce799dd
Time String : 20/11/2010 09:50:21
Product Name : Microsoft® Windows® Operating System
File Description : Multi-Transport Composite Bus Enumerator
File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\CompositeBus.sys
==================================================

==================================================
Filename : AgileVpn.sys
Address In Stack : 
From Address : 0x96b97000
To Address : 0x96ba9000
Size : 0x00012000
Time Stamp : 0x4a5bc954
Time String : 13/07/2009 23:55:00
Product Name : Microsoft® Windows® Operating System
File Description : RAS Agile Vpn Miniport Call Manager
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\AgileVpn.sys
==================================================

==================================================
Filename : rasl2tp.sys
Address In Stack : 
From Address : 0x96ba9000
To Address : 0x96bc1000
Size : 0x00018000
Time Stamp : 0x4a5bc939
Time String : 13/07/2009 23:54:33
Product Name : Microsoft® Windows® Operating System
File Description : RAS L2TP mini-port/call-manager driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\rasl2tp.sys
==================================================

==================================================
Filename : ndistapi.sys
Address In Stack : 
From Address : 0x96bc1000
To Address : 0x96bcc000
Size : 0x0000b000
Time Stamp : 0x4a5bc930
Time String : 13/07/2009 23:54:24
Product Name : Microsoft® Windows® Operating System
File Description : NDIS 3.0 connection wrapper driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\ndistapi.sys
==================================================

==================================================
Filename : ndiswan.sys
Address In Stack : 
From Address : 0x96bcc000
To Address : 0x96bee000
Size : 0x00022000
Time Stamp : 0x4ce79df4
Time String : 20/11/2010 10:07:48
Product Name : Microsoft® Windows® Operating System
File Description : MS PPP Framing Driver (Strong Encryption)
File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\ndiswan.sys
==================================================

==================================================
Filename : raspppoe.sys
Address In Stack : 
From Address : 0x96600000
To Address : 0x96618000
Size : 0x00018000
Time Stamp : 0x4a5bc94d
Time String : 13/07/2009 23:54:53
Product Name : Microsoft® Windows® Operating System
File Description : RAS PPPoE mini-port/call-manager driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\raspppoe.sys
==================================================

==================================================
Filename : raspptp.sys
Address In Stack : 
From Address : 0x96618000
To Address : 0x9662f000
Size : 0x00017000
Time Stamp : 0x4a5bc947
Time String : 13/07/2009 23:54:47
Product Name : Microsoft® Windows® Operating System
File Description : Peer-to-Peer Tunneling Protocol
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\raspptp.sys
==================================================

==================================================
Filename : rassstp.sys
Address In Stack : 
From Address : 0x95dd0000
To Address : 0x95de7000
Size : 0x00017000
Time Stamp : 0x4a5bc951
Time String : 13/07/2009 23:54:57
Product Name : Microsoft® Windows® Operating System
File Description : RAS SSTP Miniport Call Manager
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\rassstp.sys
==================================================

==================================================
Filename : kbdclass.sys
Address In Stack : 
From Address : 0x9662f000
To Address : 0x9663c000
Size : 0x0000d000
Time Stamp : 0x4a5bbf13
Time String : 13/07/2009 23:11:15
Product Name : Microsoft® Windows® Operating System
File Description : Keyboard Class Driver
File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\kbdclass.sys
==================================================

==================================================
Filename : mouclass.sys
Address In Stack : 
From Address : 0x96bee000
To Address : 0x96bfb000
Size : 0x0000d000
Time Stamp : 0x4a5bbf13
Time String : 13/07/2009 23:11:15
Product Name : Microsoft® Windows® Operating System
File Description : Mouse Class Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\mouclass.sys
==================================================

==================================================
Filename : swenum.sys
Address In Stack : 
From Address : 0x96bfb000
To Address : 0x96bfc380
Size : 0x00001380
Time Stamp : 0x4a5bc704
Time String : 13/07/2009 23:45:08
Product Name : Microsoft® Windows® Operating System
File Description : Plug and Play Software Device Enumerator
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\swenum.sys
==================================================

==================================================
Filename : circlass.sys
Address In Stack : 
From Address : 0x95de7000
To Address : 0x95df5000
Size : 0x0000e000
Time Stamp : 0x4a5bc875
Time String : 13/07/2009 23:51:17
Product Name : Microsoft® Windows® Operating System
File Description : Consumer IR Class Driver for eHome
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\circlass.sys
==================================================

==================================================
Filename : umbus.sys
Address In Stack : 
From Address : 0x95c00000
To Address : 0x95c0e000
Size : 0x0000e000
Time Stamp : 0x4ce79c37
Time String : 20/11/2010 10:00:23
Product Name : Microsoft® Windows® Operating System
File Description : User-Mode Bus Enumerator
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\umbus.sys
==================================================

==================================================
Filename : usbhub.sys
Address In Stack : 
From Address : 0x90bb6000
To Address : 0x90bfa000
Size : 0x00044000
Time Stamp : 0x4d8c04da
Time String : 25/03/2011 02:58:34
Product Name : Microsoft® Windows® Operating System
File Description : Default Hub Driver for USB
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\usbhub.sys
==================================================

==================================================
Filename : NDProxy.SYS
Address In Stack : 
From Address : 0x95c0e000
To Address : 0x95c1f000
Size : 0x00011000
Time Stamp : 0x4ce79deb
Time String : 20/11/2010 10:07:39
Product Name : Microsoft® Windows® Operating System
File Description : NDIS Proxy
File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\NDProxy.SYS
==================================================

==================================================
Filename : stwrt.sys
Address In Stack : 
From Address : 0x8223f000
To Address : 0x82294000
Size : 0x00055000
Time Stamp : 0x46e95767
Time String : 13/09/2007 15:29:43
Product Name : IDT Audio
File Description : NDHF
File Version : 6.10.5614.0 nd654 cp1 built by: WinDDK
Company : IDT, Inc.
Full Path : C:\Windows\system32\drivers\stwrt.sys
==================================================

==================================================
Filename : portcls.sys
Address In Stack : 
From Address : 0x82294000
To Address : 0x822c3000
Size : 0x0002f000
Time Stamp : 0x4a5bc864
Time String : 13/07/2009 23:51:00
Product Name : Microsoft® Windows® Operating System
File Description : Port Class (Class Driver for Port/Miniport Devices)
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\portcls.sys
==================================================

==================================================
Filename : drmk.sys
Address In Stack : 
From Address : 0x822c3000
To Address : 0x822dc000
Size : 0x00019000
Time Stamp : 0x4a5bd2f5
Time String : 14/07/2009 00:36:05
Product Name : Microsoft® Windows® Operating System
File Description : Microsoft Trusted Audio Drivers
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\drmk.sys
==================================================

==================================================
Filename : HSXHWAZL.sys
Address In Stack : 
From Address : 0x822dc000
To Address : 0x82319000
Size : 0x0003d000
Time Stamp : 0x458c36ae
Time String : 22/12/2006 19:49:02
Product Name : SoftK56 Modem Driver
File Description : HSF_HWAZL WDM driver
File Version : 7.62.00 built by: WinDDK
Company : Conexant Systems, Inc.
Full Path : C:\Windows\system32\drivers\HSXHWAZL.sys
==================================================

==================================================
Filename : HSX_DPV.sys
Address In Stack : 
From Address : 0x82008000
To Address : 0x8210b000
Size : 0x00103000
Time Stamp : 0x458c36fd
Time String : 22/12/2006 19:50:21
Product Name : SoftK56 Modem Driver
File Description : HSF_DP driver
File Version : 7.62.00 built by: WinDDK
Company : Conexant Systems, Inc.
Full Path : C:\Windows\system32\drivers\HSX_DPV.sys
==================================================

==================================================
Filename : HSX_CNXT.sys
Address In Stack : 
From Address : 0x8210b000
To Address : 0x821bf000
Size : 0x000b4000
Time Stamp : 0x458c36a4
Time String : 22/12/2006 19:48:52
Product Name : SoftK56 Modem Driver
File Description : HSF_CNXT driver
File Version : 7.62.00 built by: WinDDK
Company : Conexant Systems, Inc.
Full Path : C:\Windows\system32\drivers\HSX_CNXT.sys
==================================================

==================================================
Filename : modem.sys
Address In Stack : 
From Address : 0x821bf000
To Address : 0x821cc000
Size : 0x0000d000
Time Stamp : 0x4a5bc96c
Time String : 13/07/2009 23:55:24
Product Name : Microsoft® Windows® Operating System
File Description : Modem Device Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\modem.sys
==================================================

==================================================
Filename : win32k.sys
Address In Stack : 
From Address : 0x994d0000
To Address : 0x99721000
Size : 0x00251000
Time Stamp : 0x50aee5c0
Time String : 23/11/2012 02:56:00
Product Name : Microsoft® Windows® Operating System
File Description : Multi-User Win32 Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\win32k.sys
==================================================

==================================================
Filename : Dxapi.sys
Address In Stack : 
From Address : 0x821cc000
To Address : 0x821d6000
Size : 0x0000a000
Time Stamp : 0x4a5bc265
Time String : 13/07/2009 23:25:25
Product Name : Microsoft® Windows® Operating System
File Description : DirectX API Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\Dxapi.sys
==================================================

==================================================
Filename : crashdmp.sys
Address In Stack : 
From Address : 0x821d6000
To Address : 0x821e3000
Size : 0x0000d000
Time Stamp : 0x4a5bc72e
Time String : 13/07/2009 23:45:50
Product Name : Microsoft® Windows® Operating System
File Description : Crash Dump Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\crashdmp.sys
==================================================

==================================================
Filename : dump_iaStor.sys
Address In Stack : 
From Address : 0x82319000
To Address : 0x823d7000
Size : 0x000be000
Time Stamp : 0x45d0d237
Time String : 12/02/2007 20:46:47
Product Name : 
File Description : 
File Version : 
Company : 
Full Path : 
==================================================

==================================================
Filename : dump_dumpfve.sys
Address In Stack : 
From Address : 0x821e3000
To Address : 0x821f4000
Size : 0x00011000
Time Stamp : 0x4a5bbf6f
Time String : 13/07/2009 23:12:47
Product Name : 
File Description : 
File Version : 
Company : 
Full Path : 
==================================================

==================================================
Filename : usbccgp.sys
Address In Stack : 
From Address : 0x823d7000
To Address : 0x823ee000
Size : 0x00017000
Time Stamp : 0x4d8c04be
Time String : 25/03/2011 02:58:06
Product Name : Microsoft® Windows® Operating System
File Description : USB Common Class Generic Parent Driver
File Version : 6.1.7601.17586 (win7sp1_gdr.110324-1501)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\usbccgp.sys
==================================================

==================================================
Filename : USBD.SYS
Address In Stack : 
From Address : 0x821f4000
To Address : 0x821f5700
Size : 0x00001700
Time Stamp : 0x4d8c04b1
Time String : 25/03/2011 02:57:53
Product Name : Microsoft® Windows® Operating System
File Description : Universal Serial Bus Driver
File Version : 6.1.7601.17586 (win7sp1_gdr.110324-1501)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\USBD.SYS
==================================================

==================================================
Filename : R5U870FLx86.sys
Address In Stack : 
From Address : 0x823ee000
To Address : 0x823fff00
Size : 0x00011f00
Time Stamp : 0x46e2255d
Time String : 08/09/2007 04:30:21
Product Name : R5U870
File Description : Description string for UvcFilter driver
File Version : 6, 1006, 209, 0
Company : Ricoh
Full Path : C:\Windows\system32\drivers\R5U870FLx86.sys
==================================================

==================================================
Filename : usbvideo.sys
Address In Stack : 
From Address : 0x82200000
To Address : 0x82223c00
Size : 0x00023c00
Time Stamp : 0x4ce79c34
Time String : 20/11/2010 10:00:20
Product Name : Microsoft® Windows® Operating System
File Description : USB Video Class Driver
File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\usbvideo.sys
==================================================

==================================================
Filename : R5U870FUx86.sys
Address In Stack : 
From Address : 0x82224000
To Address : 0x8222eb80
Size : 0x0000ab80
Time Stamp : 0x46e22558
Time String : 08/09/2007 04:30:16
Product Name : R5U870
File Description : Description string for UvcUpperFilter driver
File Version : 6, 1006, 209, 0
Company : Ricoh
Full Path : C:\Windows\system32\drivers\R5U870FUx86.sys
==================================================

==================================================
Filename : ArcSoftKsUFilter.sys
Address In Stack : 
From Address : 0x821f6000
To Address : 0x821ff000
Size : 0x00009000
Time Stamp : 0x476a1e8d
Time String : 20/12/2007 07:49:33
Product Name : ArcSoft Magic-i Visual Effect
File Description : 
File Version : 3.5.0.17
Company : ArcSoft, Inc.
Full Path : C:\Windows\system32\drivers\ArcSoftKsUFilter.sys
==================================================

==================================================
Filename : monitor.sys
Address In Stack : 
From Address : 0x8222f000
To Address : 0x8223a000
Size : 0x0000b000
Time Stamp : 0x4a5bc286
Time String : 13/07/2009 23:25:58
Product Name : Microsoft® Windows® Operating System
File Description : Monitor Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\monitor.sys
==================================================

==================================================
Filename : TSDDD.dll
Address In Stack : 
From Address : 0x99740000
To Address : 0x99749000
Size : 0x00009000
Time Stamp : 0x4a5bcae4
Time String : 14/07/2009 00:01:40
Product Name : Microsoft® Windows® Operating System
File Description : Framebuffer Display Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\TSDDD.dll
==================================================

==================================================
Filename : cdd.dll
Address In Stack : 
From Address : 0x99770000
To Address : 0x9978e000
Size : 0x0001e000
Time Stamp : 0x4ce7b773
Time String : 20/11/2010 11:56:35
Product Name : Microsoft® Windows® Operating System
File Description : Canonical Display Driver
File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\cdd.dll
==================================================

==================================================
Filename : ATMFD.DLL
Address In Stack : 
From Address : 0x99790000
To Address : 0x997dd000
Size : 0x0004d000
Time Stamp : 0x50cdd707
Time String : 16/12/2012 14:13:27
Product Name : Adobe Type Manager
File Description : Windows NT OpenType/Type 1 Font Driver
File Version : 5.1 Build 237
Company : Adobe Systems Incorporated
Full Path : C:\Windows\system32\ATMFD.DLL
==================================================

==================================================
Filename : hidusb.sys
Address In Stack : 
From Address : 0x95c1f000
To Address : 0x95c2a000
Size : 0x0000b000
Time Stamp : 0x4ce79c0a
Time String : 20/11/2010 09:59:38
Product Name : Microsoft® Windows® Operating System
File Description : USB Miniport Driver for Input Devices
File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\hidusb.sys
==================================================

==================================================
Filename : HIDCLASS.SYS
Address In Stack : 
From Address : 0x90400000
To Address : 0x90413000
Size : 0x00013000
Time Stamp : 0x4ce79c09
Time String : 20/11/2010 09:59:37
Product Name : Microsoft® Windows® Operating System
File Description : Hid Class Library
File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\HIDCLASS.SYS
==================================================

==================================================
Filename : HIDPARSE.SYS
Address In Stack : 
From Address : 0x82000000
To Address : 0x82006480
Size : 0x00006480
Time Stamp : 0x4a5bc863
Time String : 13/07/2009 23:50:59
Product Name : Microsoft® Windows® Operating System
File Description : Hid Parsing Library
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\HIDPARSE.SYS
==================================================

==================================================
Filename : kbdhid.sys
Address In Stack : 
From Address : 0x95c2a000
To Address : 0x95c36000
Size : 0x0000c000
Time Stamp : 0x4ce799d2
Time String : 20/11/2010 09:50:10
Product Name : Microsoft® Windows® Operating System
File Description : HID Keyboard Filter Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\kbdhid.sys
==================================================

==================================================
Filename : mouhid.sys
Address In Stack : 
From Address : 0x95df5000
To Address : 0x95e00000
Size : 0x0000b000
Time Stamp : 0x4a5bc704
Time String : 13/07/2009 23:45:08
Product Name : Microsoft® Windows® Operating System
File Description : HID Mouse Filter Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\mouhid.sys
==================================================

==================================================
Filename : usbcir.sys
Address In Stack : 
From Address : 0x8f7df000
To Address : 0x8f7fa000
Size : 0x0001b000
Time Stamp : 0x4a5bc876
Time String : 13/07/2009 23:51:18
Product Name : Microsoft® Windows® Operating System
File Description : USB Consumer IR Driver for eHome
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\usbcir.sys
==================================================

==================================================
Filename : luafv.sys
Address In Stack : 
From Address : 0x8ea19000
To Address : 0x8ea34000
Size : 0x0001b000
Time Stamp : 0x4a5bc020
Time String : 13/07/2009 23:15:44
Product Name : Microsoft® Windows® Operating System
File Description : LUA File Virtualization Filter Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\luafv.sys
==================================================

==================================================
Filename : aswMonFlt.sys
Address In Stack : 
From Address : 0x8ea34000
To Address : 0x8ea51000
Size : 0x0001d000
Time Stamp : 0x509057fb
Time String : 30/10/2012 22:43:07
Product Name : avast! Antivirus
File Description : avast! File System Minifilter for Windows 2003/Vista
File Version : 7.0.1474.765
Company : AVAST Software
Full Path : C:\Windows\system32\drivers\aswMonFlt.sys
==================================================

==================================================
Filename : aswFsBlk.SYS
Address In Stack : 
From Address : 0x8223a000
To Address : 0x8223d100
Size : 0x00003100
Time Stamp : 0x509057f7
Time String : 30/10/2012 22:43:03
Product Name : avast! Antivirus
File Description : avast! File System Access Blocking Driver
File Version : 7.0.1474.765
Company : AVAST Software
Full Path : C:\Windows\system32\drivers\aswFsBlk.SYS
==================================================

==================================================
Filename : hidir.sys
Address In Stack : 
From Address : 0x90413000
To Address : 0x90422000
Size : 0x0000f000
Time Stamp : 0x4a5bc868
Time String : 13/07/2009 23:51:04
Product Name : Microsoft® Windows® Operating System
File Description : Infrared Miniport Driver for Input Devices
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\hidir.sys
==================================================

==================================================
Filename : lltdio.sys
Address In Stack : 
From Address : 0x8ea51000
To Address : 0x8ea61000
Size : 0x00010000
Time Stamp : 0x4a5bc8ee
Time String : 13/07/2009 23:53:18
Product Name : Microsoft® Windows® Operating System
File Description : Link-Layer Topology Mapper I/O Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\lltdio.sys
==================================================

==================================================
Filename : nwifi.sys
Address In Stack : 
From Address : 0x8ea61000
To Address : 0x8eaa7000
Size : 0x00046000
Time Stamp : 0x4a5bc89f
Time String : 13/07/2009 23:51:59
Product Name : Microsoft® Windows® Operating System
File Description : NativeWiFi Miniport Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\nwifi.sys
==================================================

==================================================
Filename : ndisuio.sys
Address In Stack : 
From Address : 0x8eaa7000
To Address : 0x8eab7000
Size : 0x00010000
Time Stamp : 0x4ce79dac
Time String : 20/11/2010 10:06:36
Product Name : Microsoft® Windows® Operating System
File Description : NDIS User mode I/O driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\ndisuio.sys
==================================================

==================================================
Filename : rspndr.sys
Address In Stack : 
From Address : 0x8eab7000
To Address : 0x8eaca000
Size : 0x00013000
Time Stamp : 0x4a5bc8f0
Time String : 13/07/2009 23:53:20
Product Name : Microsoft® Windows® Operating System
File Description : Link-Layer Topology Responder Driver for NDIS 6
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\rspndr.sys
==================================================

==================================================
Filename : HTTP.sys
Address In Stack : 
From Address : 0x9f80e000
To Address : 0x9f893000
Size : 0x00085000
Time Stamp : 0x4ce78971
Time String : 20/11/2010 08:40:17
Product Name : Microsoft® Windows® Operating System
File Description : HTTP Protocol Stack
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\HTTP.sys
==================================================

==================================================
Filename : bowser.sys
Address In Stack : 
From Address : 0x9f893000
To Address : 0x9f8ac000
Size : 0x00019000
Time Stamp : 0x4d649164
Time String : 23/02/2011 04:47:32
Product Name : Microsoft® Windows® Operating System
File Description : NT Lan Manager Datagram Receiver Driver
File Version : 6.1.7601.17565 (win7sp1_gdr.110222-1630)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\bowser.sys
==================================================

==================================================
Filename : mpsdrv.sys
Address In Stack : 
From Address : 0x9f8ac000
To Address : 0x9f8be000
Size : 0x00012000
Time Stamp : 0x4a5bc8d4
Time String : 13/07/2009 23:52:52
Product Name : Microsoft® Windows® Operating System
File Description : Microsoft Protection Service Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\mpsdrv.sys
==================================================

==================================================
Filename : mrxsmb.sys
Address In Stack : 
From Address : 0x9f8be000
To Address : 0x9f8e1000
Size : 0x00023000
Time Stamp : 0x4db77cb0
Time String : 27/04/2011 02:17:20
Product Name : Microsoft® Windows® Operating System
File Description : Windows NT SMB Minirdr
File Version : 6.1.7601.17605 (win7sp1_gdr.110426-1503)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\mrxsmb.sys
==================================================

==================================================
Filename : mrxsmb10.sys
Address In Stack : 
From Address : 0x9f8e1000
To Address : 0x9f91c000
Size : 0x0003b000
Time Stamp : 0x4e17bd25
Time String : 09/07/2011 02:29:57
Product Name : Microsoft® Windows® Operating System
File Description : Longhorn SMB Downlevel SubRdr
File Version : 6.1.7601.17647 (win7sp1_gdr.110708-1503)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\mrxsmb10.sys
==================================================

==================================================
Filename : mrxsmb20.sys
Address In Stack : 
From Address : 0x9f91c000
To Address : 0x9f937000
Size : 0x0001b000
Time Stamp : 0x4db77cb6
Time String : 27/04/2011 02:17:26
Product Name : Microsoft® Windows® Operating System
File Description : Longhorn SMB 2.0 Redirector
File Version : 6.1.7601.17605 (win7sp1_gdr.110426-1503)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\mrxsmb20.sys
==================================================

==================================================
Filename : mdmxsdk.sys
Address In Stack : 
From Address : 0x9f94f000
To Address : 0x9f952180
Size : 0x00003180
Time Stamp : 0x449716a3
Time String : 19/06/2006 21:26:59
Product Name : Diagnostic Interface x86 Driver
File Description : Diagnostic Interface x86 Driver
File Version : 1.0.2.012
Company : Conexant
Full Path : C:\Windows\system32\drivers\mdmxsdk.sys
==================================================

==================================================
Filename : peauth.sys
Address In Stack : 
From Address : 0x9f953000
To Address : 0x9f9ea000
Size : 0x00097000
Time Stamp : 0x4a5bd2e0
Time String : 14/07/2009 00:35:44
Product Name : Microsoft® Windows® Operating System
File Description : Protected Environment Authentication and Authorization Export Driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\peauth.sys
==================================================

==================================================
Filename : regi.sys
Address In Stack : 
From Address : 0x9f9ea000
To Address : 0x9f9eb500
Size : 0x00001500
Time Stamp : 0x462393e9
Time String : 16/04/2007 15:19:05
Product Name : InterVideo regi.sys
File Description : regi driver
File Version : 1.0.0.2
Company : InterVideo
Full Path : C:\Windows\system32\drivers\regi.sys
==================================================

==================================================
Filename : secdrv.SYS
Address In Stack : 
From Address : 0x9f9ec000
To Address : 0x9f9f6000
Size : 0x0000a000
Time Stamp : 0x45080528
Time String : 13/09/2006 13:18:32
Product Name : Macrovision SECURITY Driver
File Description : Macrovision SECURITY Driver
File Version : 4.03.086
Company : Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.
Full Path : C:\Windows\system32\drivers\secdrv.SYS
==================================================

==================================================
Filename : srvnet.sys
Address In Stack : 
From Address : 0xa1230000
To Address : 0xa1251000
Size : 0x00021000
Time Stamp : 0x4dba2670
Time String : 29/04/2011 02:46:08
Product Name : Microsoft® Windows® Operating System
File Description : Server Network driver
File Version : 6.1.7601.17608 (win7sp1_gdr.110428-1525)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\srvnet.sys
==================================================

==================================================
Filename : tcpipreg.sys
Address In Stack : 
From Address : 0xa1251000
To Address : 0xa125e000
Size : 0x0000d000
Time Stamp : 0x506c5801
Time String : 03/10/2012 15:21:37
Product Name : Microsoft® Windows® Operating System
File Description : TCP/IP Registry Compatibility Driver
File Version : 6.1.7601.17964 (win7sp1_gdr.121003-0333)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\tcpipreg.sys
==================================================

==================================================
Filename : tdtcp.sys
Address In Stack : 
From Address : 0xa125e000
To Address : 0xa1269000
Size : 0x0000b000
Time Stamp : 0x4f3dd3e1
Time String : 17/02/2012 04:13:21
Product Name : Microsoft® Windows® Operating System
File Description : TCP Transport Driver
File Version : 6.1.7601.17779 (win7sp1_gdr.120216-1503)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\tdtcp.sys
==================================================

==================================================
Filename : tssecsrv.sys
Address In Stack : 
From Address : 0xa1269000
To Address : 0xa1276000
Size : 0x0000d000
Time Stamp : 0x4ce7a15c
Time String : 20/11/2010 10:22:20
Product Name : Microsoft® Windows® Operating System
File Description : TS Security Filter Driver
File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\tssecsrv.sys
==================================================

==================================================
Filename : RDPWD.SYS
Address In Stack : 
From Address : 0xa1276000
To Address : 0xa12a8000
Size : 0x00032000
Time Stamp : 0x4f9b612c
Time String : 28/04/2012 03:17:00
Product Name : Microsoft® Windows® Operating System
File Description : RDP Terminal Stack Driver
File Version : 6.1.7601.17514 (win7sp1_rtm.101119-1850)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\RDPWD.SYS
==================================================

==================================================
Filename : xaudio.sys
Address In Stack : 
From Address : 0xa12a8000
To Address : 0xa12b0000
Size : 0x00008000
Time Stamp : 0x456cd802
Time String : 29/11/2006 00:44:50
Product Name : SoftK56 Modem Driver
File Description : Modem Audio Device Driver
File Version : 1.02 built by: WinDDK
Company : Conexant Systems, Inc.
Full Path : C:\Windows\system32\drivers\xaudio.sys
==================================================

==================================================
Filename : srv2.sys
Address In Stack : 
From Address : 0xa12b0000
To Address : 0xa1300000
Size : 0x00050000
Time Stamp : 0x4dba2675
Time String : 29/04/2011 02:46:13
Product Name : Microsoft® Windows® Operating System
File Description : Smb 2.0 Server driver
File Version : 6.1.7601.17608 (win7sp1_gdr.110428-1525)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\srv2.sys
==================================================

==================================================
Filename : srv.sys
Address In Stack : 
From Address : 0xa1300000
To Address : 0xa1352000
Size : 0x00052000
Time Stamp : 0x4dba2686
Time String : 29/04/2011 02:46:30
Product Name : Microsoft® Windows® Operating System
File Description : Server driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\srv.sys
==================================================

==================================================
Filename : WudfPf.sys
Address In Stack : 
From Address : 0xa137d000
To Address : 0xa1391000
Size : 0x00014000
Time Stamp : 0x5010ac87
Time String : 26/07/2012 02:33:43
Product Name : Microsoft® Windows® Operating System
File Description : Windows Driver Foundation - User-mode Driver Framework Platform Driver
File Version : 6.2.9200.16384 (win8_rtm.120725-1247)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\WudfPf.sys
==================================================

==================================================
Filename : WUDFRd.sys
Address In Stack : 
From Address : 0xa1391000
To Address : 0xa13bc000
Size : 0x0002b000
Time Stamp : 0x5010ac53
Time String : 26/07/2012 02:32:51
Product Name : Microsoft® Windows® Operating System
File Description : Windows Driver Foundation - User-mode Driver Framework Reflector
File Version : 6.2.9200.16384 (win8_rtm.120725-1247)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\WUDFRd.sys
==================================================

==================================================
Filename : spsys.sys
Address In Stack : 
From Address : 0xc6213000
To Address : 0xc627d000
Size : 0x0006a000
Time Stamp : 0x4a085436
Time String : 11/05/2009 16:37:10
Product Name : Microsoft® Windows® Operating System
File Description : security processor
File Version : 6.1.7127.0 (fbl_security_bugfix(sepbld-s).090511-0900)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\spsys.sys
==================================================

==================================================
Filename : asyncmac.sys
Address In Stack : 
From Address : 0xc627d000
To Address : 0xc6286000
Size : 0x00009000
Time Stamp : 0x4a5bc946
Time String : 13/07/2009 23:54:46
Product Name : Microsoft® Windows® Operating System
File Description : MS Remote Access serial network driver
File Version : 6.1.7600.16385 (win7_rtm.090713-1255)
Company : Microsoft Corporation
Full Path : C:\Windows\system32\drivers\asyncmac.sys
==================================================


----------



## kevinf80 (Mar 21, 2006)

The logs you post from BSV do not look like what I expect, usually they appear as such:

==================================================
Dump File : 020513-22230-01.dmp
Crash Time : 05/02/2013 09:47:42
Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x100000d1
Parameter 1 : 0x00000004
Parameter 2 : 0x00000002
Parameter 3 : 0x00000001
Parameter 4 : 0x8b450596
Caused By Driver : iaStor.sys
Caused By Address : iaStor.sys+3a628
File Description : Intel Matrix Storage Manager driver - ia32
Product Name : Intel Matrix Storage Manager driver
Company : Intel Corporation
File Version : 8.0.0.1039
Processor : 32-bit
Crash Address : iaStor.sys+3a596
Stack Address 1 : iaStor.sys+3b3e2
Stack Address 2 : ntoskrnl.exe+20a07a
Stack Address 3 : 
Computer Name : 
Full Path : C:\Windows\Minidump\020513-22230-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7601
Dump File Size : 163,608
==================================================

Your logs do not show the date and time of the crash, that is crucial to see what caused the crash at the necessary date/time interval.

I did advise a different action to what you chose to take at PCWorld, I do not see how I can help you...

Kevin..


----------



## STIG_DH (Jan 25, 2013)

OK Kevin - I understand
thanks for your assistance and help in any case. I hope your experience at my hands doesn't stop you continuing to provide this invaluable service for others.
Best wishes
David 

BTW - the bsv minidump did provide the info in the format you wanted

==================================================
Dump File : 022113-30700-01.dmp
Crash Time : 21/02/2013 12:18:26
Bug Check String : MULTIPLE_IRP_COMPLETE_REQUESTS
Bug Check Code : 0x00000044
Parameter 1 : 0x887925b8
Parameter 2 : 0x00000eae
Parameter 3 : 0x00000000
Parameter 4 : 0x00000000
Caused By Driver : iaStor.sys
Caused By Address : iaStor.sys+29c7
File Description : Intel Matrix Storage Manager driver - ia32
Product Name : Intel Matrix Storage Manager driver
Company : Intel Corporation
File Version : 7.0.0.1020
Processor : 32-bit
Crash Address : ntoskrnl.exe+7841d
Stack Address 1 : iaStor.sys+a5ec
Stack Address 2 : iaStor.sys+adbd
Stack Address 3 : iaStor.sys+5480
Computer Name : 
Full Path : C:\Windows\Minidump\022113-30700-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7601
Dump File Size : 146,288
==================================================

The logs I provided were taken from the panel below the .dmp file (which appear when the.dmp is highlighted)


----------

