# Applications won't open, computer very slow



## Grubbs (Nov 17, 2003)

In the last couple of days, my system is almost completely unresponsive unless started in "safe" mode. Apps either take forever to open or don't open at all, it is impossible to shut the system down without a hard reboot. I ran a complete system scan with Avast! but it reported no infections. Don't believe I've intentionally downloaded anything that would have caused this unless I got a bad update from Windows update, as those are the only recent downloads my system is showing. "HiJack This" and other logs follow. Did not get any kind of rootkit warning form GMES, so there is no "ark.txt" log. At bottom of post is my system info. Thanks in advance for any assistance.

Regards,
Randy Grove

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:56:11 PM, on 8/25/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16660)
Boot mode: Safe mode with network support

Running processes:
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
C:\Users\Dee\Desktop\HijackThis(1).exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://sony.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=119943&tt=gc_&babsrc=HP_ss_din2g&mntrId=2214B2004ED9BAE9
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
O4 - HKLM\..\Run: [FUFAXRCV] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe"
O4 - HKLM\..\Run: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
O4 - HKLM\..\Run: [ContentTransferWMDetector.exe] C:\Program Files (x86)\Sony\Walkman Content Transfer\ContentTransferWMDetector.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe\KeePass.exe" --preload
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Launch Utility Application.lnk = Dee\AppData\Roaming\Verizon\UA_ar\UtilityApplication.exe
O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
O4 - Global Startup: [email protected] = ?
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
O8 - Extra context menu item: Add to Evernote 4.0 - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: ABBYY FineReader 9.0 Sprint Licensing Service (ABBYY.Licensing.FineReader.Sprint.9.0) - ABBYY - C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DCDhcpService - Atheros Communication Inc. - C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EpsonCustomerParticipation - SEIKO EPSON CORPORATION - C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
O23 - Service: EPSON V5 Service4(04) (EPSON_EB_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
O23 - Service: EPSON V3 Service4(04) (EPSON_PM_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
O23 - Service: Intuit Update Service v4 (IntuitUpdateServiceV4) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NitroPDFReaderDriverCreatorReadSpool3 (NitroReaderDriverReadSpool3) - Nitro PDF Software - C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
O23 - Service: Oasis2Service - Digital Delivery Networks, Inc. - C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe
O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: VAIO Care Performance Service (SampleCollector) - Sony Corporation - C:\Program Files\Sony\VAIO Care\VCPerfService.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: VAIO Content Importer (SOHCImp) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
O23 - Service: VAIO Device Searcher (SOHDs) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
O23 - Service: VAIO Entertainment Common Service (SpfService) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata Intelligent Network Service Manager (VcmINSMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
O23 - Service: VCService - Sony Corporation - C:\Program Files\Sony\VAIO Care\VCService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VSNService - Sony Corporation - C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: VUAgent - Sony Corporation - C:\Program Files\Sony\VAIO Update\VUAgent.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 15800 bytes

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 10.0.9200.16660 BrowserJavaVersion: 10.25.2
Run by Dee at 14:58:06 on 2013-08-25
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4044.2966 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
C:\Program Files (x86)\KeePass Password Safe\KeePass.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Users\Dee\Desktop\HijackThis(1).exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.babylon.com/?affID=119943&tt=gc_&babsrc=HP_ss_din2g&mntrId=2214B2004ED9BAE9
uDefault_Page_URL = hxxp://sony.msn.com
mWinlogon: Userinit = userinit.exe
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun: [FUFAXRCV] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe"
mRun: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
mRun: [ContentTransferWMDetector.exe] C:\Program Files (x86)\Sony\Walkman Content Transfer\ContentTransferWMDetector.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe\KeePass.exe" --preload
StartupFolder: C:\Users\Dee\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LAUNCH~1.LNK - C:\Users\Dee\AppData\Roaming\Verizon\UA_ar\UtilityApplication.exe
StartupFolder: C:\Users\Dee\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\[email protected]~1.LNK - C:\Program Files (x86)\Apple Computer\[email protected]\DVDAccess.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{4F89A0A7-8023-4E5B-A549-B9565F48266A} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{4F89A0A7-8023-4E5B-A549-B9565F48266A}\144545034383 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{4F89A0A7-8023-4E5B-A549-B9565F48266A}\660736F52656562656F5368657273686 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{4F89A0A7-8023-4E5B-A549-B9565F48266A}\75169707F62747F5143636563737 : DHCPNameServer = 192.168.5.1 64.134.255.2 64.134.255.10
TCP: Interfaces\{4F89A0A7-8023-4E5B-A549-B9565F48266A}\758696475634F657E6479775946494 : DHCPNameServer = 170.94.248.16 170.94.249.16
TCP: Interfaces\{BACE280B-4541-4B90-954C-94382AE27089} : DHCPNameServer = 62.25.0.10 62.25.0.66
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
x64-Run: [Apoint] C:\Program Files (x86)\Apoint\Apoint.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Dee\AppData\Roaming\Mozilla\Firefox\Profiles\b9xjr16w.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMSS.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Nitro\Reader 3\npdf.dll
FF - plugin: C:\Program Files (x86)\Nitro\Reader 3\npnitroie.dll
FF - plugin: C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-07-07 16:54; [email protected]son; C:\Users\Dee\AppData\Roaming\Mozilla\Firefox\Profiles\b9xjr16w.default\extensions\[email protected]
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.delta.tlbrSrchUrl - 
FF - user.js: extensions.delta.id - 221481f2000000000000b2004ed9bae9
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15855
FF - user.js: extensions.delta.vrsn - 1.8.21.5
FF - user.js: extensions.delta.vrsni - 1.8.21.5
FF - user.js: extensions.delta.vrsnTs - 1.8.21.514:39:34
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=119943&tt=gc_
FF - user.js: extensions.delta_i.babExt - 
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
============= SERVICES / DRIVERS ===============
.
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-3-29 425064]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2010-6-1 12032]
S0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-25 65336]
S0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-3-25 189936]
S1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-10-4 1030952]
S1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2011-10-4 378944]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-5-14 759048]
S2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2011-10-4 33400]
S2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2011-10-4 80816]
S2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-5-20 46808]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-9 123856]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2012-1-28 168448]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2012-1-28 131072]
S2 EpsonCustomerParticipation;EpsonCustomerParticipation;C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [2011-6-9 555392]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-5-4 13336]
S2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-9-25 2429544]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-8-23 13672]
S2 NitroReaderDriverReadSpool3;NitroPDFReaderDriverCreatorReadSpool3;C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [2013-6-18 230416]
S2 Oasis2Service;Oasis2Service;C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [2013-7-2 61440]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-27 398176]
S2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2012-2-20 259192]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S2 SSPORT;SSPORT;C:\Windows\System32\drivers\SSPORT.SYS [2011-10-23 11576]
S2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2011-5-4 105024]
S2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-5-4 2656280]
S2 VSNService;VSNService;C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [2011-10-5 971704]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\System32\drivers\ArcSoftKsUFilter.sys [2011-5-4 19968]
S3 DCDhcpService;DCDhcpService;C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [2011-10-5 104096]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y60x64.sys [2009-6-10 281088]
S3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-3-29 317440]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-2-5 235216]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2012-9-25 340072]
S3 SOHCImp;VAIO Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2011-2-21 113824]
S3 SOHDs;VAIO Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2011-2-21 67232]
S3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-1-20 286936]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-1-20 887000]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-2-19 652016]
S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-2-19 385336]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-2-19 99104]
S3 VCService;VCService;C:\Program Files\Sony\VAIO Care\VCService.exe [2012-2-20 44736]
S3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update\VUAgent.exe [2013-1-26 1286784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-10-5 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-08-23 14:40:02	9515512	----a-w-	C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E67A36E6-746E-41C7-BC5F-27006F723483}\mpengine.dll
2013-08-17 13:39:17	--------	d-----w-	C:\Users\Dee\AppData\Local\{A970FB2D-2732-47D6-8726-FC52F81B5075}
2013-08-17 13:38:38	663552	----a-w-	C:\Windows\SysWow64\rpcrt4.dll
2013-08-17 13:38:38	1217024	----a-w-	C:\Windows\System32\rpcrt4.dll
2013-08-17 13:37:11	1472512	----a-w-	C:\Windows\System32\crypt32.dll
2013-08-17 13:37:10	1166848	----a-w-	C:\Windows\SysWow64\crypt32.dll
2013-08-17 13:37:08	224256	----a-w-	C:\Windows\System32\wintrust.dll
2013-08-17 13:37:08	175104	----a-w-	C:\Windows\SysWow64\wintrust.dll
2013-08-17 13:37:07	184320	----a-w-	C:\Windows\System32\cryptsvc.dll
2013-08-17 13:37:07	140288	----a-w-	C:\Windows\SysWow64\cryptsvc.dll
2013-08-17 13:37:06	139776	----a-w-	C:\Windows\System32\cryptnet.dll
2013-08-17 13:37:05	103936	----a-w-	C:\Windows\SysWow64\cryptnet.dll
2013-08-17 13:36:32	2048	----a-w-	C:\Windows\SysWow64\tzres.dll
2013-08-17 13:36:32	2048	----a-w-	C:\Windows\System32\tzres.dll
2013-08-17 13:35:56	1888768	----a-w-	C:\Windows\System32\WMVDECOD.DLL
2013-08-17 13:35:55	1620992	----a-w-	C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-28 03:17:51	--------	d-----w-	C:\Users\Dee\AppData\Roaming\Nitro
2013-07-28 03:17:50	--------	d-----w-	C:\Users\Dee\AppData\Roaming\FileOpen
2013-07-28 03:17:50	--------	d-----w-	C:\ProgramData\FileOpen
2013-07-28 03:17:34	29712	----a-w-	C:\Windows\System32\nitrolocalmon2.dll
2013-07-28 03:17:34	17936	----a-w-	C:\Windows\System32\nitrolocalui2.dll
2013-07-28 03:17:20	--------	d-----w-	C:\Program Files\Common Files\Nitro
2013-07-28 03:17:18	--------	d-----w-	C:\ProgramData\Nitro
2013-07-28 03:17:18	--------	d-----w-	C:\Program Files (x86)\Nitro
2013-07-28 03:17:18	--------	d-----w-	C:\Program Files (x86)\Common Files\Nitro
2013-07-28 02:59:01	--------	d-----w-	C:\Users\Dee\AppData\Roaming\Downloaded Installations
.
==================== Find3M ====================
.
2013-08-03 12:30:47	71048	----a-w-	C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-03 12:30:47	692104	----a-w-	C:\Windows\SysWow64\FlashPlayerApp.exe
2013-07-26 05:13:37	2241024	----a-w-	C:\Windows\System32\wininet.dll
2013-07-26 05:12:08	3958784	----a-w-	C:\Windows\System32\jscript9.dll
2013-07-26 05:12:04	136704	----a-w-	C:\Windows\System32\iesysprep.dll
2013-07-26 05:12:03	67072	----a-w-	C:\Windows\System32\iesetup.dll
2013-07-26 03:35:08	2706432	----a-w-	C:\Windows\System32\mshtml.tlb
2013-07-26 03:13:24	1767936	----a-w-	C:\Windows\SysWow64\wininet.dll
2013-07-26 03:12:04	2877440	----a-w-	C:\Windows\SysWow64\jscript9.dll
2013-07-26 03:12:00	61440	----a-w-	C:\Windows\SysWow64\iesetup.dll
2013-07-26 03:12:00	109056	----a-w-	C:\Windows\SysWow64\iesysprep.dll
2013-07-26 02:49:14	2706432	----a-w-	C:\Windows\SysWow64\mshtml.tlb
2013-07-26 02:39:38	89600	----a-w-	C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-26 01:59:38	71680	----a-w-	C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-07-09 06:03:30	5550528	----a-w-	C:\Windows\System32\ntoskrnl.exe
2013-07-09 05:54:22	1732032	----a-w-	C:\Windows\System32\ntdll.dll
2013-07-09 05:53:12	243712	----a-w-	C:\Windows\System32\wow64.dll
2013-07-09 05:03:34	3968960	----a-w-	C:\Windows\SysWow64\ntkrnlpa.exe
2013-07-09 05:03:34	3913664	----a-w-	C:\Windows\SysWow64\ntoskrnl.exe
2013-07-09 04:53:47	1292192	----a-w-	C:\Windows\SysWow64\ntdll.dll
2013-07-09 04:52:33	5120	----a-w-	C:\Windows\SysWow64\wow32.dll
2013-07-09 04:45:07	44032	----a-w-	C:\Windows\apppatch\acwow64.dll
2013-07-09 02:49:42	25600	----a-w-	C:\Windows\SysWow64\setup16.exe
2013-07-09 02:49:41	7680	----a-w-	C:\Windows\SysWow64\instnm.exe
2013-07-09 02:49:39	14336	----a-w-	C:\Windows\SysWow64\ntvdm64.dll
2013-07-09 02:49:38	2048	----a-w-	C:\Windows\SysWow64\user.exe
2013-07-06 06:03:53	1910208	----a-w-	C:\Windows\System32\drivers\tcpip.sys
2013-06-29 18:51:16	189936	----a-w-	C:\Windows\System32\drivers\aswVmm.sys
2013-06-29 18:51:13	1030952	----a-w-	C:\Windows\System32\drivers\aswSnx.sys
2013-06-23 02:10:57	96168	----a-w-	C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-23 02:10:45	867240	----a-w-	C:\Windows\SysWow64\npDeployJava1.dll
2013-06-23 02:10:45	789416	----a-w-	C:\Windows\SysWow64\deployJava1.dll
2013-06-15 04:32:16	39936	----a-w-	C:\Windows\System32\drivers\tssecsrv.sys
2013-06-05 03:34:27	3153920	----a-w-	C:\Windows\System32\win32k.sys
2013-06-04 06:00:13	624128	----a-w-	C:\Windows\System32\qedit.dll
2013-06-04 04:53:07	509440	----a-w-	C:\Windows\SysWow64\qedit.dll
.
============= FINISH: 14:59:23.61 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume2
Install Date: 10/4/2011 6:39:16 PM
System Uptime: 8/25/2013 2:50:39 PM (0 hours ago)
.
Motherboard: Sony Corporation | | VAIO
Processor: Intel(R) Pentium(R) CPU B940 @ 2.00GHz | N/A | 1995/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 455 GiB total, 377.224 GiB free.
D: is Removable
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: avast! Network Shield Support
Device ID: ROOT\LEGACY_ASWTDI\0000
Manufacturer: 
Name: avast! Network Shield Support
PNP Device ID: ROOT\LEGACY_ASWTDI\0000
Service: aswTdi
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: aswVmm
Device ID: ROOT\LEGACY_ASWVMM\0000
Manufacturer: 
Name: aswVmm
PNP Device ID: ROOT\LEGACY_ASWVMM\0000
Service: aswVmm
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer: 
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: aswRvrt
Device ID: ROOT\LEGACY_ASWRVRT\0000
Manufacturer: 
Name: aswRvrt
PNP Device ID: ROOT\LEGACY_ASWRVRT\0000
Service: aswRvrt
.
==== System Restore Points ===================
.
RP251: 7/9/2013 9:27:00 PM - Windows Update
RP253: 7/11/2013 9:09:36 PM - Windows Modules Installer
RP254: 7/16/2013 9:30:01 AM - Windows Update
RP255: 7/19/2013 4:33:48 PM - Windows Update
RP256: 7/25/2013 9:55:00 AM - Windows Update
RP257: 7/27/2013 10:16:19 PM - Installed Nitro Reader 3
RP258: 7/31/2013 10:28:37 AM - Windows Update
RP259: 8/6/2013 7:29:13 PM - Windows Update
RP260: 8/11/2013 9:05:28 PM - Windows Update
RP261: 8/17/2013 8:47:47 AM - Windows Update
RP262: 8/18/2013 11:45:10 AM - Windows Update
RP263: 8/23/2013 9:38:32 AM - Windows Update
RP264: 8/25/2013 2:35:50 PM - Removed Google Drive
.
==== Installed Programs ======================
.
ABBYY FineReader 9.0 Sprint
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.7) MUI
Alps Pointing-device for VAIO
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Application Manager for VAIO
ArcSoft Magic-i Visual Effects 2
ArcSoft WebCam Companion 4
Atheros WiFi Driver Installation
avast! Free Antivirus
Bonjour
ChurchTrac 9
Conexant HD Audio
Content Transfer
Crimson Editor SVN286M
D3DX10
Deer Hunt Challenge SE
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
[email protected] 2.0.3
EA Network Play System
Entity Framework Designer for Visual Studio 2012 - enu
EPSON Artisan 837 Series Printer Uninstall
Epson Connect
Epson Connect Printer Setup
Epson Customer Participation
Epson Download Navigator
Epson Event Manager
Epson FAX Utility
Epson PC-FAX Driver
Epson Print CD
EPSON Scan
EpsonNet Print
Evernote v. 4.5.10
FileZilla Client 3.5.3
Google Chrome
Google Update Helper
iCloud
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
iTunes
Java 7 Update 25
Java Auto Updater
Java(TM) 6 Update 22
Java(TM) 6 Update 22 (64-bit)
Jing
Junk Mail filter update
KeePass Password Safe 2.22
McAfee Security Scan Plus
Media Gallery
Mesh Runtime
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft .NET Framework 4.5
Microsoft .NET Framework 4.5 Multi-Targeting Pack
Microsoft .NET Framework 4.5 SDK
Microsoft Access 2010 Runtime Service Pack 1 (SP1)
Microsoft Access Runtime 2010
Microsoft Application Error Reporting
Microsoft Help Viewer 2.0
Microsoft NuGet - Visual Studio Express 2012 for Windows Desktop
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Runtime 2010
Microsoft Office Access Runtime MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Business 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2012 Command Line Utilities 
Microsoft SQL Server 2012 Data-Tier App Framework 
Microsoft SQL Server 2012 Express LocalDB 
Microsoft SQL Server 2012 Management Objects 
Microsoft SQL Server 2012 Management Objects (x64)
Microsoft SQL Server 2012 Native Client 
Microsoft SQL Server 2012 T-SQL Language Service 
Microsoft SQL Server 2012 Transact-SQL Compiler Service 
Microsoft SQL Server 2012 Transact-SQL ScriptDom 
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Compact 4.0 SP1 x64 ENU
Microsoft SQL Server Data Tools - enu (11.1.20828.01)
Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20828.01)
Microsoft System CLR Types for SQL Server 2012
Microsoft System CLR Types for SQL Server 2012 (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2012 32bit Compilers - ENU Resources
Microsoft Visual C++ 2012 Core Libraries
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x64 Debug Runtime - 11.0.50727
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86-x64 Compilers
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Debug Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
Microsoft Visual Studio 2012 Express Prerequisites x64 - ENU
Microsoft Visual Studio 2012 Preparation
Microsoft Visual Studio 2012 Shell (Minimum)
Microsoft Visual Studio 2012 Shell (Minimum) Interop Assemblies
Microsoft Visual Studio 2012 Shell (Minimum) Resources
Microsoft Visual Studio 2012 Tools for SQL Server Compact 4.0 SP1 ENU
Microsoft Visual Studio Express 2012 for Windows Desktop
Microsoft Visual Studio Express 2012 for Windows Desktop - ENU
Microsoft Visual Studio Team Foundation Server 2012 Object Model
Microsoft Visual Studio Team Foundation Server 2012 Object Model Language Pack - ENU
Microsoft Visual Studio Team Foundation Server 2012 Team Explorer
Microsoft Visual Studio Team Foundation Server 2012 Team Explorer Language Pack - ENU
Microsoft Visual Studio Ultimate 2012 XAML UI Designer Core
Microsoft Visual Studio Ultimate 2012 XAML UI Designer enu Resources
Microsoft Web Platform Installer 4.0
Mozilla Firefox 23.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
MSXML 4.0 SP3 Parser (KB973685)
Nitro Reader 3
Oasis2Service
OOBE
PlayReady PC Runtime amd64
PMB
PMB VAIO Edition Guide
PMB VAIO Edition Plug-in
Prerequisites for SSDT 
Qualcomm Atheros Direct Connect
QuickTime
Realtek PCIE Card Reader
Remote Keyboard
Remote Play with PlayStation 3
Samsung ML-1200 Series
SAMSUNG USB Driver for Mobile Phones
Security Update for Microsoft .NET Framework 4.5 (KB2729460)
Security Update for Microsoft .NET Framework 4.5 (KB2737083)
Security Update for Microsoft .NET Framework 4.5 (KB2742613)
Security Update for Microsoft .NET Framework 4.5 (KB2789648)
Security Update for Microsoft .NET Framework 4.5 (KB2804582)
Security Update for Microsoft .NET Framework 4.5 (KB2833957)
Security Update for Microsoft .NET Framework 4.5 (KB2840642)
Security Update for Microsoft .NET Framework 4.5 (KB2840642v2)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687276) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
Should I Remove It
Skype 5.10
Sony Corporation
SSLx64
SSLx86
SUABnR
Swis-Sys
Thief 1.25
TurboTax 2011
TurboTax 2011 wariper
TurboTax 2011 WinPerFedFormset
TurboTax 2011 WinPerReleaseEngine
TurboTax 2011 WinPerTaxSupport
TurboTax 2011 wrapper
TurboTax 2012
TurboTax 2012 wariper
TurboTax 2012 WinPerFedFormset
TurboTax 2012 WinPerReleaseEngine
TurboTax 2012 WinPerTaxSupport
TurboTax 2012 wrapper
Update for (KB2504637)
Update for Microsoft .NET Framework 4.5 (KB2750147)
Update for Microsoft .NET Framework 4.5 (KB2805221)
Update for Microsoft .NET Framework 4.5 (KB2805226)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Update for Microsoft Visual Studio 2012 (KB2781514)
VAIO - Media Gallery
VAIO - PMB VAIO Edition Guide
VAIO - PMB VAIO Edition Plug-in
VAIO - Remote Keyboard
VAIO - Remote Play with PlayStation®3
VAIO Care
VAIO Control Center
VAIO Data Restore Tool
VAIO Easy Connect
VAIO Event Service
VAIO Gate
VAIO Gate Default
VAIO Hardware Diagnostics
VAIO Help and Support
VAIO Improvement
VAIO Manual
VAIO Messenger
VAIO Quick Web Access
VAIO Sample Contents
VAIO Satisfaction Survey.
VAIO Smart Network
VAIO Transfer Support
VAIO Update
VCCx86
Verizon Wireless Software Upgrade Assistant - Samsung(ar)
Verizon Wireless Software Utility Application for Android - Samsung
VESx64
VESx86
VGClientX64
VGClientX86
VIx64
VIx86
VSNx64
VSNx86
VU5x64
VU5x86
VWSTx86
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Software Development Kit
Windows Software Development Kit DirectX x64 Remote
Windows Software Development Kit DirectX x86 Remote
Windows Software Development Kit for Windows Store Apps
Windows Software Development Kit for Windows Store Apps DirectX x64 Remote
Windows Software Development Kit for Windows Store Apps DirectX x86 Remote
.
==== Event Viewer Messages From Past Week ========
.
8/25/2013 2:58:58 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
8/25/2013 2:53:18 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
8/25/2013 2:51:42 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
8/25/2013 2:51:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
8/25/2013 2:51:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
8/25/2013 2:51:34 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Program Files (x86)\Atheros WiFi Driver Installation\AthIhvWlanExt.dll Error Code: 21
8/25/2013 2:51:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/25/2013 2:51:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
8/25/2013 2:51:18 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswRvrt aswSnx aswSP aswTdi aswVmm discache spldr Wanarpv6
8/25/2013 2:50:47 PM, Error: Application Popup [1060] - \SystemRoot\SysWow64\drivers\pfc.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
8/25/2013 2:44:38 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wbengine service.
8/25/2013 2:28:55 PM, Error: Service Control Manager [7000] - The DgiVecp service failed to start due to the following error: The system cannot find the device specified.
8/25/2013 2:28:54 PM, Error: Service Control Manager [7000] - The DVDAccss service failed to start due to the following error: This driver has been blocked from loading
8/25/2013 2:28:54 PM, Error: Application Popup [1060] - \SystemRoot\SysWow64\drivers\DVDAccss.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
8/25/2013 11:24:31 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
8/25/2013 11:22:18 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
8/25/2013 11:22:18 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
8/25/2013 11:21:51 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswRvrt aswSnx aswSP aswTdi aswVmm DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
8/25/2013 11:21:46 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/25/2013 11:21:46 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
8/25/2013 11:21:46 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
8/25/2013 11:21:46 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
8/25/2013 11:21:46 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
8/25/2013 11:21:46 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
8/25/2013 11:21:46 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/25/2013 11:21:46 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/25/2013 11:21:46 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/25/2013 11:21:46 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
8/24/2013 9:36:19 PM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
8/24/2013 9:26:11 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intel(R) Management and Security Application User Notification Service service to connect.
8/24/2013 9:26:11 PM, Error: Service Control Manager [7000] - The Intel(R) Management and Security Application User Notification Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/24/2013 9:25:35 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
8/24/2013 9:22:40 PM, Error: Service Control Manager [7022] - The Windows Defender service hung on starting.
8/24/2013 9:20:04 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.
8/24/2013 9:20:04 PM, Error: Service Control Manager [7000] - The Software Protection service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/24/2013 9:19:21 PM, Error: Service Control Manager [7022] - The VAIO Care Performance Service service hung on starting.
8/24/2013 9:08:41 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Modules Installer service to connect.
8/24/2013 9:08:41 PM, Error: Service Control Manager [7000] - The Windows Modules Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/24/2013 9:08:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service TrustedInstaller with arguments "" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
8/24/2013 9:08:26 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
8/24/2013 9:07:31 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
8/24/2013 8:53:06 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WerSvc service.
8/24/2013 8:49:33 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.
8/24/2013 8:45:56 PM, Error: Service Control Manager [7022] - The Windows Search service hung on starting.
8/24/2013 8:37:00 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Oasis2Service service to connect.
8/24/2013 8:37:00 PM, Error: Service Control Manager [7000] - The Oasis2Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/24/2013 8:36:28 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.
8/24/2013 8:27:57 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intuit Update Service v4 service to connect.
8/24/2013 8:27:57 PM, Error: Service Control Manager [7000] - The Intuit Update Service v4 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/24/2013 8:24:30 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intel(R) Rapid Storage Technology service to connect.
8/24/2013 8:24:30 PM, Error: Service Control Manager [7000] - The Intel(R) Rapid Storage Technology service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/24/2013 8:23:55 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
8/24/2013 8:23:55 PM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/24/2013 8:23:25 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X64 service to connect.
8/24/2013 8:21:58 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
.
==== End Of File ===========================

System Information from "TSG SysInfo":
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Intel(R) Pentium(R) CPU B940 @ 2.00GHz, Intel64 Family 6 Model 42 Stepping 7
Processor Count: 2
RAM: 4043 Mb
Graphics Card: Intel(R) HD Graphics Family, 1797 Mb
Hard Drives: C: Total - 466265 MB, Free - 386653 MB;
Motherboard: Sony Corporation, VAIO
Antivirus: avast! Antivirus, Updated and Enabled


----------



## wannabeageek (Nov 12, 2009)

Hello Grubbs, and Welcome to the forum!

My name is *wannabeageek* and I'll be helping you with any malware problems.

*Before we begin, please read and follow these important guidelines*, so things will proceed smoothly.


 *The instructions being given are for YOUR computer and system only!*
Using these instructions on a different computer *can cause damage *to that computer and possibly *render it inoperable*!
 You *must* have *Administrator* rights, permissions for this computer.
 *DO NOT run any other fix or removal tools unless instructed to do so!*
 *DO NOT install any* other software (or hardware) during the cleaning process. This adds more items to be researched.
 *Only *post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
 *Print each set of instructions *if possible - your Internet connection will not be available during some fix processes.
 Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
 *Only *reply to this thread, do not start another one. Please, continue responding, until I give you the "*All Clean!*" :cheers:

*Absence of symptoms does not mean that everything is clear.*

Please take time to read *TSG Forum Guidelines and Rules* where the conditions for receiving help here are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
*lf you have any questions or problems executing these instructions, <<STOP>>  do not proceed, post back with the question or problem.*



> _Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop._


*Because of this, I advise you to backup any personal files and folders before you start*

*There is an issue with the following programs:*


> ChurchTrac 9
> TurboTax 2011
> TurboTax 2011 wariper
> TurboTax 2011 WinPerFedFormset
> ...


These programs contain personal data that may fall under the privacy act. The scanning programs we use may expose this information revealing it to the public since we require all logs to be posted. 
IF it is discovered that your machine has been exposed to a Remote Access Infection/Trojan, it is very likely that this information is already compromised.

You need to back up these programs and the related information to CD's/DVD's, etc.... and remove them before we continue.

As painful as it may be, I will need you to re-post all scans in NORMAL mode after REMOVING the above listed programs.

Also, do understand that I recognize that this is a business machine. The programs we use may change policies or remove files related to business applications.

Thank you
wbg


----------



## Grubbs (Nov 17, 2003)

Thanks for the assistance. Not sure why you think my system is a business machine, but I can assure you it is a personal machine, not belonging to any business. I have removed the three applications and rescanned in normal mode as instructed. Some things that might be noteworthy occurred during this process:

1). While attempting to uninstall TurboTax 2012, the system was taking very long, so I just went to bed to let it continue. Upon checking the machine first thing this morning, I had a black screen with no messages of any kind. Nothing could restore the screen, so I hard rebooted. After that reboot, the system seems much more responsive. However, previous hard reboots have never had this affect.

2) When running the HiJack This scan, I got an error message about my system denying write access to the Hosts file.

Logs follow:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:56:38 AM, on 8/26/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16660)
Boot mode: Normal

Running processes:
C:\Users\Dee\AppData\Roaming\Verizon\UA_ar\UtilityApplication.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
C:\Program Files (x86)\Sony\Walkman Content Transfer\ContentTransferWMDetector.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Dee\Desktop\HijackThis(1).exe
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://sony.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=119943&tt=gc_&babsrc=HP_ss_din2g&mntrId=2214B2004ED9BAE9
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
O4 - HKLM\..\Run: [FUFAXRCV] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe"
O4 - HKLM\..\Run: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
O4 - HKLM\..\Run: [ContentTransferWMDetector.exe] C:\Program Files (x86)\Sony\Walkman Content Transfer\ContentTransferWMDetector.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe\KeePass.exe" --preload
O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - Startup: Launch Utility Application.lnk = Dee\AppData\Roaming\Verizon\UA_ar\UtilityApplication.exe
O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
O4 - Global Startup: [email protected] = ?
O8 - Extra context menu item: Add to Evernote 4.0 - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: ABBYY FineReader 9.0 Sprint Licensing Service (ABBYY.Licensing.FineReader.Sprint.9.0) - ABBYY - C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DCDhcpService - Atheros Communication Inc. - C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EpsonCustomerParticipation - SEIKO EPSON CORPORATION - C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
O23 - Service: EPSON V5 Service4(04) (EPSON_EB_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
O23 - Service: EPSON V3 Service4(04) (EPSON_PM_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
O23 - Service: Intuit Update Service v4 (IntuitUpdateServiceV4) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NitroPDFReaderDriverCreatorReadSpool3 (NitroReaderDriverReadSpool3) - Nitro PDF Software - C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
O23 - Service: Oasis2Service - Digital Delivery Networks, Inc. - C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe
O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: VAIO Care Performance Service (SampleCollector) - Sony Corporation - C:\Program Files\Sony\VAIO Care\VCPerfService.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: VAIO Content Importer (SOHCImp) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
O23 - Service: VAIO Device Searcher (SOHDs) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
O23 - Service: VAIO Entertainment Common Service (SpfService) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata Intelligent Network Service Manager (VcmINSMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
O23 - Service: VCService - Sony Corporation - C:\Program Files\Sony\VAIO Care\VCService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VSNService - Sony Corporation - C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: VUAgent - Sony Corporation - C:\Program Files\Sony\VAIO Update\VUAgent.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 15270 bytes

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16660 BrowserJavaVersion: 10.25.2
Run by Dee at 7:57:21 on 2013-08-26
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4044.2159 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\msiexec.exe
C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Apoint\Apoint.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe
C:\Users\Dee\AppData\Roaming\Verizon\UA_ar\UtilityApplication.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Sony\Walkman Content Transfer\ContentTransferWMDetector.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\Apvfb.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Sony\VAIO Update\VUAgent.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe
C:\Program Files\Sony\VAIO Care\VCPerfService.exe
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Sony\VAIO Care\VCsystray.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Sony\VAIO Care\VCService.exe
C:\Program Files\Sony\VAIO Care\VCAgent.exe
C:\Windows\System32\vds.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\KeePass Password Safe\KeePass.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Dee\Desktop\HijackThis(1).exe
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\splwow64.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.babylon.com/?affID=119943&tt=gc_&babsrc=HP_ss_din2g&mntrId=2214B2004ED9BAE9
uDefault_Page_URL = hxxp://sony.msn.com
mWinlogon: Userinit = userinit.exe
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun: [FUFAXRCV] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe"
mRun: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
mRun: [ContentTransferWMDetector.exe] C:\Program Files (x86)\Sony\Walkman Content Transfer\ContentTransferWMDetector.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe\KeePass.exe" --preload
StartupFolder: C:\Users\Dee\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LAUNCH~1.LNK - C:\Users\Dee\AppData\Roaming\Verizon\UA_ar\UtilityApplication.exe
StartupFolder: C:\Users\Dee\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\[email protected]~1.LNK - C:\Program Files (x86)\Apple Computer\[email protected]\DVDAccess.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: Interfaces\{4F89A0A7-8023-4E5B-A549-B9565F48266A} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{4F89A0A7-8023-4E5B-A549-B9565F48266A}\144545034383 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{4F89A0A7-8023-4E5B-A549-B9565F48266A}\660736F52656562656F5368657273686 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{4F89A0A7-8023-4E5B-A549-B9565F48266A}\75169707F62747F5143636563737 : DHCPNameServer = 192.168.5.1 64.134.255.2 64.134.255.10
TCP: Interfaces\{4F89A0A7-8023-4E5B-A549-B9565F48266A}\758696475634F657E6479775946494 : DHCPNameServer = 170.94.248.16 170.94.249.16
TCP: Interfaces\{BACE280B-4541-4B90-954C-94382AE27089} : DHCPNameServer = 62.25.0.10 62.25.0.66
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
x64-Run: [Apoint] C:\Program Files (x86)\Apoint\Apoint.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Dee\AppData\Roaming\Mozilla\Firefox\Profiles\b9xjr16w.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Nitro\Reader 3\npdf.dll
FF - plugin: C:\Program Files (x86)\Nitro\Reader 3\npnitroie.dll
FF - plugin: C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-07-07 16:54; [email protected]son; C:\Users\Dee\AppData\Roaming\Mozilla\Firefox\Profiles\b9xjr16w.default\extensions\[email protected]
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.delta.tlbrSrchUrl - 
FF - user.js: extensions.delta.id - 221481f2000000000000b2004ed9bae9
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15855
FF - user.js: extensions.delta.vrsn - 1.8.21.5
FF - user.js: extensions.delta.vrsni - 1.8.21.5
FF - user.js: extensions.delta.vrsnTs - 1.8.21.514:39:34
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=119943&tt=gc_
FF - user.js: extensions.delta_i.babExt - 
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-25 65336]
R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-3-25 189936]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-10-4 1030952]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2011-10-4 378944]
R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-5-14 759048]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2011-10-4 33400]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2011-10-4 80816]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-5-20 46808]
R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2012-1-28 168448]
R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2012-1-28 131072]
R2 EpsonCustomerParticipation;EpsonCustomerParticipation;C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [2011-6-9 555392]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-5-4 13336]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-8-23 13672]
R2 NitroReaderDriverReadSpool3;NitroPDFReaderDriverCreatorReadSpool3;C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [2013-6-18 230416]
R2 Oasis2Service;Oasis2Service;C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [2013-7-2 61440]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-27 398176]
R2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2012-2-20 259192]
R2 SSPORT;SSPORT;C:\Windows\System32\drivers\SSPORT.SYS [2011-10-23 11576]
R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2011-5-4 105024]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-5-4 2656280]
R2 VSNService;VSNService;C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [2011-10-5 971704]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\System32\drivers\ArcSoftKsUFilter.sys [2011-5-4 19968]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-3-29 317440]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2012-9-25 340072]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-3-29 425064]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2010-6-1 12032]
R3 VCService;VCService;C:\Program Files\Sony\VAIO Care\VCService.exe [2012-2-20 44736]
R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update\VUAgent.exe [2013-1-26 1286784]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-9 123856]
S2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-9-25 2429544]
S3 DCDhcpService;DCDhcpService;C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [2011-10-5 104096]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y60x64.sys [2009-6-10 281088]
S3 SOHCImp;VAIO Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2011-2-21 113824]
S3 SOHDs;VAIO Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2011-2-21 67232]
S3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-1-20 286936]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-1-20 887000]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-2-19 652016]
S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-2-19 385336]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-2-19 99104]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-10-5 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-08-26 03:53:16	--------	d-----w-	C:\Users\Dee\AppData\Local\Intuit
2013-08-23 14:40:02	9515512	----a-w-	C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E67A36E6-746E-41C7-BC5F-27006F723483}\mpengine.dll
2013-08-17 13:39:17	--------	d-----w-	C:\Users\Dee\AppData\Local\{A970FB2D-2732-47D6-8726-FC52F81B5075}
2013-08-17 13:38:38	663552	----a-w-	C:\Windows\SysWow64\rpcrt4.dll
2013-08-17 13:38:38	1217024	----a-w-	C:\Windows\System32\rpcrt4.dll
2013-08-17 13:37:11	1472512	----a-w-	C:\Windows\System32\crypt32.dll
2013-08-17 13:37:10	1166848	----a-w-	C:\Windows\SysWow64\crypt32.dll
2013-08-17 13:37:08	224256	----a-w-	C:\Windows\System32\wintrust.dll
2013-08-17 13:37:08	175104	----a-w-	C:\Windows\SysWow64\wintrust.dll
2013-08-17 13:37:07	184320	----a-w-	C:\Windows\System32\cryptsvc.dll
2013-08-17 13:37:07	140288	----a-w-	C:\Windows\SysWow64\cryptsvc.dll
2013-08-17 13:37:06	139776	----a-w-	C:\Windows\System32\cryptnet.dll
2013-08-17 13:37:05	103936	----a-w-	C:\Windows\SysWow64\cryptnet.dll
2013-08-17 13:36:32	2048	----a-w-	C:\Windows\SysWow64\tzres.dll
2013-08-17 13:36:32	2048	----a-w-	C:\Windows\System32\tzres.dll
2013-08-17 13:35:56	1888768	----a-w-	C:\Windows\System32\WMVDECOD.DLL
2013-08-17 13:35:55	1620992	----a-w-	C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-28 03:17:51	--------	d-----w-	C:\Users\Dee\AppData\Roaming\Nitro
2013-07-28 03:17:50	--------	d-----w-	C:\Users\Dee\AppData\Roaming\FileOpen
2013-07-28 03:17:50	--------	d-----w-	C:\ProgramData\FileOpen
2013-07-28 03:17:34	29712	----a-w-	C:\Windows\System32\nitrolocalmon2.dll
2013-07-28 03:17:34	17936	----a-w-	C:\Windows\System32\nitrolocalui2.dll
2013-07-28 03:17:20	--------	d-----w-	C:\Program Files\Common Files\Nitro
2013-07-28 03:17:18	--------	d-----w-	C:\ProgramData\Nitro
2013-07-28 03:17:18	--------	d-----w-	C:\Program Files (x86)\Nitro
2013-07-28 03:17:18	--------	d-----w-	C:\Program Files (x86)\Common Files\Nitro
2013-07-28 02:59:01	--------	d-----w-	C:\Users\Dee\AppData\Roaming\Downloaded Installations
.
==================== Find3M ====================
.
2013-08-03 12:30:47	71048	----a-w-	C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-03 12:30:47	692104	----a-w-	C:\Windows\SysWow64\FlashPlayerApp.exe
2013-07-26 05:13:37	2241024	----a-w-	C:\Windows\System32\wininet.dll
2013-07-26 05:12:08	3958784	----a-w-	C:\Windows\System32\jscript9.dll
2013-07-26 05:12:04	136704	----a-w-	C:\Windows\System32\iesysprep.dll
2013-07-26 05:12:03	67072	----a-w-	C:\Windows\System32\iesetup.dll
2013-07-26 03:35:08	2706432	----a-w-	C:\Windows\System32\mshtml.tlb
2013-07-26 03:13:24	1767936	----a-w-	C:\Windows\SysWow64\wininet.dll
2013-07-26 03:12:04	2877440	----a-w-	C:\Windows\SysWow64\jscript9.dll
2013-07-26 03:12:00	61440	----a-w-	C:\Windows\SysWow64\iesetup.dll
2013-07-26 03:12:00	109056	----a-w-	C:\Windows\SysWow64\iesysprep.dll
2013-07-26 02:49:14	2706432	----a-w-	C:\Windows\SysWow64\mshtml.tlb
2013-07-26 02:39:38	89600	----a-w-	C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-26 01:59:38	71680	----a-w-	C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-07-09 06:03:30	5550528	----a-w-	C:\Windows\System32\ntoskrnl.exe
2013-07-09 05:54:22	1732032	----a-w-	C:\Windows\System32\ntdll.dll
2013-07-09 05:53:12	243712	----a-w-	C:\Windows\System32\wow64.dll
2013-07-09 05:03:34	3968960	----a-w-	C:\Windows\SysWow64\ntkrnlpa.exe
2013-07-09 05:03:34	3913664	----a-w-	C:\Windows\SysWow64\ntoskrnl.exe
2013-07-09 04:53:47	1292192	----a-w-	C:\Windows\SysWow64\ntdll.dll
2013-07-09 04:52:33	5120	----a-w-	C:\Windows\SysWow64\wow32.dll
2013-07-09 04:45:07	44032	----a-w-	C:\Windows\apppatch\acwow64.dll
2013-07-09 02:49:42	25600	----a-w-	C:\Windows\SysWow64\setup16.exe
2013-07-09 02:49:41	7680	----a-w-	C:\Windows\SysWow64\instnm.exe
2013-07-09 02:49:39	14336	----a-w-	C:\Windows\SysWow64\ntvdm64.dll
2013-07-09 02:49:38	2048	----a-w-	C:\Windows\SysWow64\user.exe
2013-07-06 06:03:53	1910208	----a-w-	C:\Windows\System32\drivers\tcpip.sys
2013-06-29 18:51:16	189936	----a-w-	C:\Windows\System32\drivers\aswVmm.sys
2013-06-29 18:51:13	1030952	----a-w-	C:\Windows\System32\drivers\aswSnx.sys
2013-06-23 02:10:57	96168	----a-w-	C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-23 02:10:45	867240	----a-w-	C:\Windows\SysWow64\npDeployJava1.dll
2013-06-23 02:10:45	789416	----a-w-	C:\Windows\SysWow64\deployJava1.dll
2013-06-15 04:32:16	39936	----a-w-	C:\Windows\System32\drivers\tssecsrv.sys
2013-06-05 03:34:27	3153920	----a-w-	C:\Windows\System32\win32k.sys
2013-06-04 06:00:13	624128	----a-w-	C:\Windows\System32\qedit.dll
2013-06-04 04:53:07	509440	----a-w-	C:\Windows\SysWow64\qedit.dll
.
============= FINISH: 7:58:15.62 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume2
Install Date: 10/4/2011 6:39:16 PM
System Uptime: 8/26/2013 7:39:52 AM (0 hours ago)
.
Motherboard: Sony Corporation | | VAIO
Processor: Intel(R) Pentium(R) CPU B940 @ 2.00GHz | N/A | 800/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 455 GiB total, 378.268 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP251: 7/9/2013 9:27:00 PM - Windows Update
RP253: 7/11/2013 9:09:36 PM - Windows Modules Installer
RP254: 7/16/2013 9:30:01 AM - Windows Update
RP255: 7/19/2013 4:33:48 PM - Windows Update
RP256: 7/25/2013 9:55:00 AM - Windows Update
RP257: 7/27/2013 10:16:19 PM - Installed Nitro Reader 3
RP258: 7/31/2013 10:28:37 AM - Windows Update
RP259: 8/6/2013 7:29:13 PM - Windows Update
RP260: 8/11/2013 9:05:28 PM - Windows Update
RP261: 8/17/2013 8:47:47 AM - Windows Update
RP262: 8/18/2013 11:45:10 AM - Windows Update
RP263: 8/23/2013 9:38:32 AM - Windows Update
RP264: 8/25/2013 2:35:50 PM - Removed Google Drive
.
==== Installed Programs ======================
.
ABBYY FineReader 9.0 Sprint
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.7) MUI
Alps Pointing-device for VAIO
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Application Manager for VAIO
ArcSoft Magic-i Visual Effects 2
ArcSoft WebCam Companion 4
Atheros WiFi Driver Installation
avast! Free Antivirus
Bonjour
Conexant HD Audio
Content Transfer
Crimson Editor SVN286M
D3DX10
Deer Hunt Challenge SE
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
[email protected] 2.0.3
EA Network Play System
Entity Framework Designer for Visual Studio 2012 - enu
EPSON Artisan 837 Series Printer Uninstall
Epson Connect
Epson Connect Printer Setup
Epson Customer Participation
Epson Download Navigator
Epson Event Manager
Epson FAX Utility
Epson PC-FAX Driver
Epson Print CD
EPSON Scan
EpsonNet Print
Evernote v. 4.5.10
FileZilla Client 3.5.3
Google Chrome
Google Update Helper
iCloud
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
iTunes
Java 7 Update 25
Java Auto Updater
Java(TM) 6 Update 22
Java(TM) 6 Update 22 (64-bit)
Jing
Junk Mail filter update
KeePass Password Safe 2.22
Media Gallery
Mesh Runtime
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft .NET Framework 4.5
Microsoft .NET Framework 4.5 Multi-Targeting Pack
Microsoft .NET Framework 4.5 SDK
Microsoft Access 2010 Runtime Service Pack 1 (SP1)
Microsoft Access Runtime 2010
Microsoft Application Error Reporting
Microsoft Help Viewer 2.0
Microsoft NuGet - Visual Studio Express 2012 for Windows Desktop
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Runtime 2010
Microsoft Office Access Runtime MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Business 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2012 Command Line Utilities 
Microsoft SQL Server 2012 Data-Tier App Framework 
Microsoft SQL Server 2012 Express LocalDB 
Microsoft SQL Server 2012 Management Objects 
Microsoft SQL Server 2012 Management Objects (x64)
Microsoft SQL Server 2012 Native Client 
Microsoft SQL Server 2012 T-SQL Language Service 
Microsoft SQL Server 2012 Transact-SQL Compiler Service 
Microsoft SQL Server 2012 Transact-SQL ScriptDom 
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Compact 4.0 SP1 x64 ENU
Microsoft SQL Server Data Tools - enu (11.1.20828.01)
Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20828.01)
Microsoft System CLR Types for SQL Server 2012
Microsoft System CLR Types for SQL Server 2012 (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2012 32bit Compilers - ENU Resources
Microsoft Visual C++ 2012 Core Libraries
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x64 Debug Runtime - 11.0.50727
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86-x64 Compilers
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Debug Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
Microsoft Visual Studio 2012 Express Prerequisites x64 - ENU
Microsoft Visual Studio 2012 Preparation
Microsoft Visual Studio 2012 Shell (Minimum)
Microsoft Visual Studio 2012 Shell (Minimum) Interop Assemblies
Microsoft Visual Studio 2012 Shell (Minimum) Resources
Microsoft Visual Studio 2012 Tools for SQL Server Compact 4.0 SP1 ENU
Microsoft Visual Studio Express 2012 for Windows Desktop
Microsoft Visual Studio Express 2012 for Windows Desktop - ENU
Microsoft Visual Studio Team Foundation Server 2012 Object Model
Microsoft Visual Studio Team Foundation Server 2012 Object Model Language Pack - ENU
Microsoft Visual Studio Team Foundation Server 2012 Team Explorer
Microsoft Visual Studio Team Foundation Server 2012 Team Explorer Language Pack - ENU
Microsoft Visual Studio Ultimate 2012 XAML UI Designer Core
Microsoft Visual Studio Ultimate 2012 XAML UI Designer enu Resources
Microsoft Web Platform Installer 4.0
Mozilla Firefox 23.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
MSXML 4.0 SP3 Parser (KB973685)
Nitro Reader 3
Oasis2Service
OOBE
PlayReady PC Runtime amd64
PMB
PMB VAIO Edition Guide
PMB VAIO Edition Plug-in
Prerequisites for SSDT 
Qualcomm Atheros Direct Connect
QuickTime
Realtek PCIE Card Reader
Remote Keyboard
Remote Play with PlayStation 3
Samsung ML-1200 Series
SAMSUNG USB Driver for Mobile Phones
Security Update for Microsoft .NET Framework 4.5 (KB2729460)
Security Update for Microsoft .NET Framework 4.5 (KB2737083)
Security Update for Microsoft .NET Framework 4.5 (KB2742613)
Security Update for Microsoft .NET Framework 4.5 (KB2789648)
Security Update for Microsoft .NET Framework 4.5 (KB2804582)
Security Update for Microsoft .NET Framework 4.5 (KB2833957)
Security Update for Microsoft .NET Framework 4.5 (KB2840642)
Security Update for Microsoft .NET Framework 4.5 (KB2840642v2)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687276) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
Should I Remove It
Sony Corporation
SSLx64
SSLx86
SUABnR
Swis-Sys
Thief 1.25
TurboTax 2011 wariper
TurboTax 2012 WinPerReleaseEngine
Update for (KB2504637)
Update for Microsoft .NET Framework 4.5 (KB2750147)
Update for Microsoft .NET Framework 4.5 (KB2805221)
Update for Microsoft .NET Framework 4.5 (KB2805226)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Update for Microsoft Visual Studio 2012 (KB2781514)
VAIO - Media Gallery
VAIO - PMB VAIO Edition Guide
VAIO - PMB VAIO Edition Plug-in
VAIO - Remote Keyboard
VAIO - Remote Play with PlayStation®3
VAIO Care
VAIO Control Center
VAIO Data Restore Tool
VAIO Easy Connect
VAIO Event Service
VAIO Gate
VAIO Gate Default
VAIO Hardware Diagnostics
VAIO Help and Support
VAIO Improvement
VAIO Manual
VAIO Messenger
VAIO Quick Web Access
VAIO Sample Contents
VAIO Satisfaction Survey.
VAIO Smart Network
VAIO Transfer Support
VAIO Update
VCCx86
Verizon Wireless Software Upgrade Assistant - Samsung(ar)
Verizon Wireless Software Utility Application for Android - Samsung
VESx64
VESx86
VGClientX64
VGClientX86
VIx64
VIx86
VSNx64
VSNx86
VU5x64
VU5x86
VWSTx86
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Software Development Kit
Windows Software Development Kit DirectX x64 Remote
Windows Software Development Kit DirectX x86 Remote
Windows Software Development Kit for Windows Store Apps
Windows Software Development Kit for Windows Store Apps DirectX x64 Remote
Windows Software Development Kit for Windows Store Apps DirectX x86 Remote
.
==== Event Viewer Messages From Past Week ========
.
8/26/2013 7:40:27 AM, Error: Service Control Manager [7000] - The DgiVecp service failed to start due to the following error: The system cannot find the device specified.
8/26/2013 7:40:25 AM, Error: Service Control Manager [7000] - The DVDAccss service failed to start due to the following error: This driver has been blocked from loading
8/26/2013 7:40:25 AM, Error: Application Popup [1060] - \SystemRoot\SysWow64\drivers\DVDAccss.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
8/26/2013 7:40:02 AM, Error: Application Popup [1060] - \SystemRoot\SysWow64\drivers\pfc.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
8/25/2013 3:31:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
8/25/2013 2:53:18 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
8/25/2013 2:51:42 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
8/25/2013 2:51:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
8/25/2013 2:51:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
8/25/2013 2:51:34 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Program Files (x86)\Atheros WiFi Driver Installation\AthIhvWlanExt.dll Error Code: 21
8/25/2013 2:51:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/25/2013 2:51:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
8/25/2013 2:51:18 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswRvrt aswSnx aswSP aswTdi aswVmm discache spldr Wanarpv6
8/25/2013 2:44:38 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wbengine service.
8/25/2013 11:26:10 PM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
8/25/2013 11:24:31 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
8/25/2013 11:24:29 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intel(R) Management and Security Application User Notification Service service to connect.
8/25/2013 11:24:29 PM, Error: Service Control Manager [7000] - The Intel(R) Management and Security Application User Notification Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/25/2013 11:23:57 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
8/25/2013 11:22:18 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
8/25/2013 11:22:18 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
8/25/2013 11:21:51 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswRvrt aswSnx aswSP aswTdi aswVmm DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
8/25/2013 11:21:46 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/25/2013 11:21:46 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
8/25/2013 11:21:46 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
8/25/2013 11:21:46 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
8/25/2013 11:21:46 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
8/25/2013 11:21:46 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
8/25/2013 11:21:46 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/25/2013 11:21:46 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/25/2013 11:21:46 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/25/2013 11:21:46 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 
8/25/2013 11:21:40 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.
8/25/2013 11:21:02 PM, Error: Service Control Manager [7022] - The Windows Defender service hung on starting.
8/25/2013 11:19:12 PM, Error: Service Control Manager [7034] - The VSNService service terminated unexpectedly. It has done this 1 time(s).
8/25/2013 11:18:36 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.
8/25/2013 11:18:36 PM, Error: Service Control Manager [7000] - The Software Protection service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/25/2013 11:16:27 PM, Error: Service Control Manager [7022] - The VAIO Care Performance Service service hung on starting.
8/25/2013 11:14:53 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WinHttpAutoProxySvc service.
8/25/2013 11:14:53 PM, Error: Service Control Manager [7000] - The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/25/2013 11:13:58 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Oasis2Service service to connect.
8/25/2013 11:13:58 PM, Error: Service Control Manager [7000] - The Oasis2Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/25/2013 11:12:17 PM, Error: Service Control Manager [7022] - The Windows Search service hung on starting.
8/25/2013 11:11:42 PM, Error: Service Control Manager [7022] - The Function Discovery Provider Host service hung on starting.
8/25/2013 11:10:22 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intuit Update Service v4 service to connect.
8/25/2013 11:10:22 PM, Error: Service Control Manager [7000] - The Intuit Update Service v4 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/25/2013 11:06:57 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intel(R) Rapid Storage Technology service to connect.
8/25/2013 11:06:57 PM, Error: Service Control Manager [7000] - The Intel(R) Rapid Storage Technology service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/25/2013 11:06:06 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X64 service to connect.
8/25/2013 11:00:15 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
8/25/2013 10:52:30 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
8/24/2013 9:08:41 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Modules Installer service to connect.
8/24/2013 9:08:41 PM, Error: Service Control Manager [7000] - The Windows Modules Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/24/2013 9:08:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service TrustedInstaller with arguments "" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
8/24/2013 9:08:26 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
8/24/2013 9:07:31 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
8/24/2013 8:53:06 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WerSvc service.
8/24/2013 8:36:28 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.
8/24/2013 8:23:55 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
8/24/2013 8:23:55 PM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-08-26 08:17:59
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950032 rev.0006 465.76GB
Running: 9zh82s59.exe; Driver: C:\Users\Dee\AppData\Local\Temp\pwldapow.sys

---- Threads - GMER 2.1 ----

Thread C:\Windows\SysWOW64\DllHost.exe [3480:3616] 000000006f6928f0

---- EOF - GMER 2.1 ----


----------



## wannabeageek (Nov 12, 2009)

Hi Grubbs,

Please run the following:

*Step 1.*
*Download and run MGA Diagnostic Tool*
This tool will aid us in determining what additional steps will need to be performed.


*Click* *here* to download the *MGA Diagnostics Tool* from Microsoft and *save* it to your *Desktop*. The *MGADiag.exe* icon will appear on your Desktop.
*Right-click* the *MGADiag.exe* icon on your Desktop and then *select* *Run As Administrator* from the popup menu.. The tools' window will be displayed.
*Click* the *Continue* button. The scan will be performed. Once the scan is complete the report information will be displayed and a *Copy* button will be provided.
*Click* the *Copy* button.
*Open* *Notepad* and *paste* the contents of the report into the Notepad window.
*Save* the report and *paste* the contents into your reply.
 Irregardless of any error messages, copy and paste the results.

*Step 2.*
*Run CKScanner*


Please download *CKScanner* from *Here*
*Important:* - Save it to your* desktop.*
Right-click *CKScanner.exe* > select * " Run as administrator " *then click *Search For Files*.
After a very short time, when the cursor hourglass disappears, click *Save List To File*.
A message box will verify the file saved.
Double-click the *CKFiles.txt* icon on your desktop and copy/paste the contents in your next reply.

*Please include in your next reply:*


Contents of MGA log.
Contents of CKFiles.txt
*Any problem executing the instructions?*

Thanks, 
wbg


----------



## Grubbs (Nov 17, 2003)

No problem with the instructions, although the "CKSkanner" ran for what I would consider a bit longer than a "very short time" (probably a little more than a minute, if that is significant).

Results of MGA Diagnostic Tool scan:

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-VGV87-C7XPK-CGKHQ
Windows Product Key Hash: sdEjrEJjW0FuXAhegYxl8GAkBYg=
Windows Product ID: 00359-OEM-8992687-00016
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010300.1.0.003
ID: {16C0E093-BEB0-4E5E-8229-DC12A7989344}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Home Premium
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.130708-1532
TTS Error: 
Validation Diagnostic: 
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 109 N/A
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{16C0E093-BEB0-4E5E-8229-DC12A7989344}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.003</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-CGKHQ</PKey><PID>00359-OEM-8992687-00016</PID><PIDType>2</PIDType><SID>S-1-5-21-3761110793-264239725-660992700</SID><SYSTEM><Manufacturer>Sony Corporation</Manufacturer><Model>VPCEH1AFX</Model></SYSTEM><BIOS><Manufacturer>INSYDE</Manufacturer><Version>R0200Z9</Version><SMBIOSVersion major="2" minor="7"/><Date>20120419000000.000000+000</Date></BIOS><HWID>FFD53107018400FE</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>Sony</OEMID><OEMTableID>VAIO</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>109</Result><Products/><Applications/></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows(R) 7, HomePremium edition
Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
Activation ID: d2c04e90-c3dd-4260-b0f3-f845f5d27d64
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00359-00178-926-800016-02-1033-7601.0000-1232011
Installation ID: 007306061882935882319092263361598116354623151673270575
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: CGKHQ
License Status: Licensed
Remaining Windows rearm count: 2
Trusted time: 8/26/2013 9:37:22 PM

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 7:31:2013 20:55
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:

HWID Data-->
HWID Hash Current: LgAAAAEAAQABAAEAAAABAAAAAwABAAEA6GESHTIyBgpcHUqjwmsKWuawjAsucw==

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information: 
ACPI Table Name	OEMID Value	OEMTableID Value
APIC Sony VAIO
FACP Sony VAIO
HPET Sony VAIO
BOOT Sony VAIO
MCFG Sony VAIO
WDAT Sony VAIO
ASF! Sony VAIO
SLIC Sony VAIO
SSDT Sony VAIO
ASPT Sony VAIO
SSDT Sony VAIO
SSDT Sony VAIO

*************************
Result of CKSkanner:

CKScanner 2.4 - Additional Security Risks - These are not necessarily bad
c:\users\dee\favorites\crackle.url
scanner sequence 3.AP.11.IBNAQZ
----- EOF -----


----------



## wannabeageek (Nov 12, 2009)

Hi Grubbs,

Please run the following programs. You may wish to post after each scan as some are quite long.

*Step 1.*
*AdwCleaner - Scan Only*
Please download *AdwCleaner* by Xplode, save it to your desktop.


Close ALL open programs, including your Internet browsers.
Right click on *adwcleaner.exe* and select "Run as administrator" to run it.
Click on *Scan*.
When the scan finishes, you'll see a message on the product window: _"Pending. Please uncheck elements you don't want to remove."_
Press the *Report* button to produce the scan report.
A logfile *C:\AdwCleaner[Rn].txt* will automatically open. ([Rn] n = number of run)
Please post the content of the *C:\AdwCleaner[Rn].txt* logfile in your next reply.

*Step 2.*
*AdwCleaner - Scan/Clean*
You should still have *AdwCleaner* on your desktop.


Close ALL open programs, including your Internet browsers.
Right click on *adwcleaner.exe* and select "Run as administrator" to run it.
Click on *Scan*.
When the scan finishes, the "Clean" button will become active...
Click on *Clean*.
Select *OK* at each prompt... to reboot the computer.
A logfile *C:\AdwCleaner[Sn].txt* will open after you log back on the computer. ([Sn] n = number of run)
Please post the content of the *C:\AdwCleaner[Sn].txt* logfile in your next reply.

*Step 3.*
*OTL*
Please download *OTL* ... by Old Timer . *Save it to your Desktop*.


Right click on *OTL.exe* select "*Run As Administrator*" to run it. If prompted by UAC, please allow it.
Click the *Scan All Users* checkbox.
Check the Extra Registry block to make sure the "Use SafeList" button is highlighted.
_Leave the remaining selections to the default settings._
Click on *Run Scan* at the top left hand corner.
When done, two Notepad files will open.
*OTL.txt* <-- _Will be opened, maximized_
*Extras.txt* <-- _Will be minimized on task bar._

Please post the contents of both *OTL.txt* and *Extras.txt* files in your next reply.

*Please include in your next reply:*


Contents of C:\AdwCleaner[Rn].txt
Contents of C:\AdwCleaner[Sn].txt
Contents of OTL.txt
Contents of Extras.txt
*Any problem executing the instructions?*

Thanks, 
wbg


----------



## Grubbs (Nov 17, 2003)

No problems executing any of your latest instructions. Logfiles follow in this and subsequent posts as you recommended.

AdwCleaner [R0]:

# AdwCleaner v3.001 - Report created 27/08/2013 at 18:24:04
# Updated 24/08/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Dee - DEE-VAIO
# Running from : C:\Users\Dee\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

File Found : C:\Users\Dee\AppData\Roaming\Mozilla\Firefox\Profiles\b9xjr16w.default\\invalidprefs.js
File Found : C:\Users\Dee\AppData\Roaming\Mozilla\Firefox\Profiles\b9xjr16w.default\searchplugins\Babylon.xml
File Found : C:\Users\Dee\AppData\Roaming\Mozilla\Firefox\Profiles\b9xjr16w.default\searchplugins\delta.xml
File Found : C:\Users\Dee\AppData\Roaming\Mozilla\Firefox\Profiles\b9xjr16w.default\user.js
Folder Found : C:\Users\Dee\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgjkhjdcljddbedokogakmmdjgnbeanf
Folder Found : C:\Users\Dee\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Folder Found : C:\Users\Dee\AppData\Roaming\Mozilla\Firefox\Profiles\b9xjr16w.default\Extensions\[email protected]
Folder Found C:\ProgramData\Babylon
Folder Found C:\Save
Folder Found C:\Users\Dee\AppData\Roaming\Babylon
Folder Found C:\Users\Dee\AppData\Roaming\file scout
Folder Found C:\Users\Dee\AppData\Roaming\PerformerSoft
Folder Found C:\Users\Dee\AppData\Roaming\SpecialSavings
Folder Found C:\Users\Dee\AppData\Roaming\SpeedAnalysis2

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\BabSolution
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\DataMngr_Toolbar
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : [x64] HKCU\Software\BabSolution
Key Found : [x64] HKCU\Software\DataMngr
Key Found : [x64] HKCU\Software\DataMngr_Toolbar
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKLM\SOFTWARE\594dfddbc3dba43
Key Found : HKLM\Software\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\Software\DeviceVM
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dgjkhjdcljddbedokogakmmdjgnbeanf
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpecialSavings
Key Found : [x64] HKLM\SOFTWARE\DeviceVM

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://search.babylon.com/?affID=119943&tt=gc_&babsrc=HP_ss_din2g&mntrId=2214B2004ED9BAE9

-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Users\Dee\AppData\Roaming\Mozilla\Firefox\Profiles\b9xjr16w.default\prefs.js ]

Line Found : user_pref("extensions.delta.admin", false);
Line Found : user_pref("extensions.delta.aflt", "babsst");
Line Found : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Line Found : user_pref("extensions.delta.autoRvrt", "false");
Line Found : user_pref("extensions.delta.dfltLng", "en");
Line Found : user_pref("extensions.delta.excTlbr", false);
Line Found : user_pref("extensions.delta.ffxUnstlRst", true);
Line Found : user_pref("extensions.delta.id", "221481f2000000000000b2004ed9bae9");
Line Found : user_pref("extensions.delta.instlDay", "15855");
Line Found : user_pref("extensions.delta.instlRef", "sst");
Line Found : user_pref("extensions.delta.newTab", false);
Line Found : user_pref("extensions.delta.prdct", "delta");
Line Found : user_pref("extensions.delta.prtnrId", "delta");
Line Found : user_pref("extensions.delta.rvrt", "false");
Line Found : user_pref("extensions.delta.smplGrp", "none");
Line Found : user_pref("extensions.delta.tlbrId", "base");
Line Found : user_pref("extensions.delta.tlbrSrchUrl", "");
Line Found : user_pref("extensions.delta.vrsn", "1.8.21.5");
Line Found : user_pref("extensions.delta.vrsnTs", "1.8.21.514:39:34");
Line Found : user_pref("extensions.delta.vrsni", "1.8.21.5");
Line Found : user_pref("extensions.delta_i.babExt", "");
Line Found : user_pref("extensions.delta_i.babTrack", "affID=119943&tt=gc_");
Line Found : user_pref("extensions.delta_i.srcExt", "ss");

-\\ Google Chrome v29.0.1547.57

[ File : C:\Users\Dee\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found : homepage
Found : urls_to_restore_on_startup
Found : urls_to_restore_on_startup
Found : homepage
Found : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [4772 octets] - [27/08/2013 18:24:04]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4832 octets] ##########


----------



## Grubbs (Nov 17, 2003)

AdwCleaner[S0]:

# AdwCleaner v3.001 - Report created 27/08/2013 at 18:26:50
# Updated 24/08/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Dee - DEE-VAIO
# Running from : C:\Users\Dee\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Save
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\Users\Dee\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Dee\AppData\Roaming\file scout
Folder Deleted : C:\Users\Dee\AppData\Roaming\PerformerSoft
Folder Deleted : C:\Users\Dee\AppData\Roaming\SpecialSavings
Folder Deleted : C:\Users\Dee\AppData\Roaming\SpeedAnalysis2
Folder Deleted : C:\Users\Dee\AppData\Roaming\Mozilla\Firefox\Profiles\b9xjr16w.default\Extensions\[email protected]
Folder Deleted : C:\Users\Dee\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgjkhjdcljddbedokogakmmdjgnbeanf
Folder Deleted : C:\Users\Dee\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
File Deleted : C:\Users\Dee\AppData\Roaming\Mozilla\Firefox\Profiles\b9xjr16w.default\searchplugins\Babylon.xml
File Deleted : C:\Users\Dee\AppData\Roaming\Mozilla\Firefox\Profiles\b9xjr16w.default\searchplugins\delta.xml
File Deleted : C:\Users\Dee\AppData\Roaming\Mozilla\Firefox\Profiles\b9xjr16w.default\\invalidprefs.js
File Deleted : C:\Users\Dee\AppData\Roaming\Mozilla\Firefox\Profiles\b9xjr16w.default\user.js

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dgjkhjdcljddbedokogakmmdjgnbeanf
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\594dfddbc3dba43
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\DataMngr
[#] Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\DeviceVM
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpecialSavings
Key Deleted : [x64] HKLM\SOFTWARE\DeviceVM

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Users\Dee\AppData\Roaming\Mozilla\Firefox\Profiles\b9xjr16w.default\prefs.js ]

Line Deleted : user_pref("extensions.delta.admin", false);
Line Deleted : user_pref("extensions.delta.aflt", "babsst");
Line Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Line Deleted : user_pref("extensions.delta.autoRvrt", "false");
Line Deleted : user_pref("extensions.delta.dfltLng", "en");
Line Deleted : user_pref("extensions.delta.excTlbr", false);
Line Deleted : user_pref("extensions.delta.ffxUnstlRst", true);
Line Deleted : user_pref("extensions.delta.id", "221481f2000000000000b2004ed9bae9");
Line Deleted : user_pref("extensions.delta.instlDay", "15855");
Line Deleted : user_pref("extensions.delta.instlRef", "sst");
Line Deleted : user_pref("extensions.delta.newTab", false);
Line Deleted : user_pref("extensions.delta.prdct", "delta");
Line Deleted : user_pref("extensions.delta.prtnrId", "delta");
Line Deleted : user_pref("extensions.delta.rvrt", "false");
Line Deleted : user_pref("extensions.delta.smplGrp", "none");
Line Deleted : user_pref("extensions.delta.tlbrId", "base");
Line Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");
Line Deleted : user_pref("extensions.delta.vrsn", "1.8.21.5");
Line Deleted : user_pref("extensions.delta.vrsnTs", "1.8.21.514:39:34");
Line Deleted : user_pref("extensions.delta.vrsni", "1.8.21.5");
Line Deleted : user_pref("extensions.delta_i.babExt", "");
Line Deleted : user_pref("extensions.delta_i.babTrack", "affID=119943&tt=gc_");
Line Deleted : user_pref("extensions.delta_i.srcExt", "ss");

-\\ Google Chrome v29.0.1547.57

[ File : C:\Users\Dee\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage
Deleted : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [4932 octets] - [27/08/2013 18:24:04]
AdwCleaner[R1].txt - [4992 octets] - [27/08/2013 18:26:13]
AdwCleaner[S0].txt - [4524 octets] - [27/08/2013 18:26:50]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4584 octets] ##########


----------



## Grubbs (Nov 17, 2003)

OTL:

OTL logfile created on: 8/27/2013 6:31:07 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dee\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.95 Gb Total Physical Memory | 2.63 Gb Available Physical Memory | 66.72% Memory free
7.90 Gb Paging File | 6.49 Gb Available in Paging File | 82.15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 455.34 Gb Total Space | 378.26 Gb Free Space | 83.07% Space Free | Partition Type: NTFS
Drive D: | 3.73 Gb Total Space | 3.66 Gb Free Space | 98.27% Space Free | Partition Type: FAT32

Computer Name: DEE-VAIO | User Name: Dee | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/08/27 18:16:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dee\Desktop\OTL.exe
PRC - [2013/07/02 23:06:06 | 000,061,440 | ---- | M] (Digital Delivery Networks, Inc.) -- C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe
PRC - [2013/05/14 12:28:54 | 000,932,208 | ---- | M] (Samsung Electronics Co. Ltd.) -- C:\Users\Dee\AppData\Roaming\Verizon\UA_ar\UtilityApplication.exe
PRC - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/05/09 03:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/05/09 03:58:30 | 000,251,784 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
PRC - [2013/05/09 03:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/08/23 13:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2011/03/09 01:00:00 | 000,856,064 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
PRC - [2011/03/09 01:00:00 | 000,495,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
PRC - [2011/03/05 18:42:36 | 000,180,928 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2011/03/05 18:42:36 | 000,064,704 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
PRC - [2011/02/23 16:05:04 | 000,105,024 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
PRC - [2011/02/15 13:47:02 | 002,757,312 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
PRC - [2011/02/01 15:20:48 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011/02/01 15:20:46 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2011/01/29 06:36:18 | 000,081,016 | ---- | M] (Sony of America Corporation) -- C:\Program Files\Sony\VAIO Care\listener.exe
PRC - [2010/11/27 02:55:42 | 000,648,032 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2010/11/27 02:55:42 | 000,398,176 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2010/10/12 14:56:40 | 000,979,328 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2010/09/13 20:32:32 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/09/13 20:32:30 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/05/14 18:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
PRC - [2008/07/11 17:51:32 | 000,423,200 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\Walkman Content Transfer\ContentTransferWMDetector.exe
PRC - [2006/12/19 19:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe

========== Modules (No Company Name) ==========

MOD - [2013/08/18 22:25:02 | 000,475,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\ebdb3050959d9be47d33d2c77d6cc291\IAStorUtil.ni.dll
MOD - [2013/08/18 12:43:14 | 011,914,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\23907034ac7e278c4baa50ab597dcdd2\System.Web.ni.dll
MOD - [2013/08/18 12:43:07 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\e06dbdafb38c38517aef61ac41e2fd9d\System.Runtime.Remoting.ni.dll
MOD - [2013/08/18 12:42:39 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\28ea347a952d20959ac6ae02d7457d39\System.Windows.Forms.ni.dll
MOD - [2013/08/18 12:42:32 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/08/18 12:42:27 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/08/18 12:42:23 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\8f7d83126a3cf283e5ac97f2d6d99f12\System.Configuration.ni.dll
MOD - [2013/08/18 12:42:10 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1f6f220f9efe936d1158c79b9d4b451f\WindowsBase.ni.dll
MOD - [2013/08/18 12:42:06 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/07/12 12:11:36 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\34002b75cd0faab68bf8079299c1aa46\IAStorCommon.ni.dll
MOD - [2013/07/11 21:52:35 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/07/13 20:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll

========== Services (SafeList) ==========

SRV:*64bit:* - [2013/06/18 15:03:16 | 000,230,416 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe -- (NitroReaderDriverReadSpool3)
SRV:*64bit:* - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:*64bit:* - [2013/05/09 03:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:*64bit:* - [2012/10/26 10:44:28 | 001,286,784 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Update\VUAgent.exe -- (VUAgent)
SRV:*64bit:* - [2011/08/12 16:35:30 | 000,971,704 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Smart Network\VSNService.exe -- (VSNService)
SRV:*64bit:* - [2011/07/19 04:45:52 | 000,104,096 | ---- | M] (Atheros Communication Inc.) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe -- (DCDhcpService)
SRV:*64bit:* - [2011/06/09 14:01:00 | 000,555,392 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe -- (EpsonCustomerParticipation)
SRV:*64bit:* - [2011/05/24 08:00:00 | 000,652,016 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV:*64bit:* - [2011/02/19 00:15:06 | 000,099,104 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
SRV:*64bit:* - [2011/02/19 00:02:08 | 000,385,336 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr)
SRV:*64bit:* - [2011/02/14 14:23:50 | 000,044,736 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Care\VCService.exe -- (VCService)
SRV:*64bit:* - [2011/01/29 06:36:18 | 000,259,192 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe -- (SampleCollector)
SRV:*64bit:* - [2011/01/20 14:27:18 | 000,286,936 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe -- (SpfService)
SRV:*64bit:* - [2011/01/11 19:00:00 | 000,168,448 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE -- (EPSON_EB_RPCV4_04)
SRV:*64bit:* - [2011/01/11 19:00:00 | 000,131,072 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE -- (EPSON_PM_RPCV4_04)
SRV:*64bit:* - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2013/08/17 16:40:16 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/08/03 07:30:48 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/07/02 23:06:06 | 000,061,440 | ---- | M] (Digital Delivery Networks, Inc.) [Auto | Running] -- C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe -- (Oasis2Service)
SRV - [2013/05/10 00:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/08/23 13:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2012/07/09 01:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/03/11 23:07:58 | 002,429,544 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2011/03/05 18:42:36 | 000,064,704 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2011/02/23 16:05:04 | 000,105,024 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2011/02/21 14:55:08 | 000,113,824 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2011/02/21 14:55:08 | 000,067,232 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2011/02/01 15:20:48 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/02/01 15:20:46 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011/01/20 14:16:26 | 000,887,000 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2010/11/27 02:55:42 | 000,398,176 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2010/09/13 20:32:32 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/03/18 13:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/14 18:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
SRV - [2006/12/19 19:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)

========== Driver Services (SafeList) ==========

DRV:*64bit:* - [2013/06/29 13:51:16 | 000,378,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:*64bit:* - [2013/06/29 13:51:16 | 000,189,936 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:*64bit:* - [2013/06/29 13:51:13 | 001,030,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:*64bit:* - [2013/05/09 03:59:07 | 000,072,016 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:*64bit:* - [2013/05/09 03:59:07 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:*64bit:* - [2013/05/09 03:59:07 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:*64bit:* - [2013/05/09 03:59:06 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:*64bit:* - [2013/05/09 03:59:06 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:*64bit:* - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:*64bit:* - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:*64bit:* - [2012/03/11 23:08:08 | 000,340,072 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:*64bit:* - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:*64bit:* - [2011/09/20 10:23:40 | 000,317,776 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:*64bit:* - [2011/08/08 04:30:08 | 001,591,936 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:*64bit:* - [2011/07/19 01:39:56 | 012,287,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:*64bit:* - [2011/06/21 01:03:42 | 002,753,536 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:*64bit:* - [2011/03/29 04:00:53 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:*64bit:* - [2011/03/29 01:51:30 | 000,425,064 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:*64bit:* - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:*64bit:* - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:*64bit:* - [2011/02/22 10:27:05 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:*64bit:* - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:*64bit:* - [2010/11/20 22:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:*64bit:* - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:*64bit:* - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:*64bit:* - [2010/10/19 18:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:*64bit:* - [2010/04/26 15:20:29 | 000,012,032 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV:*64bit:* - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:*64bit:* - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:*64bit:* - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:*64bit:* - [2009/06/10 15:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress)
DRV:*64bit:* - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:*64bit:* - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:*64bit:* - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:*64bit:* - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:*64bit:* - [2009/05/26 16:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV:*64bit:* - [2009/03/02 14:12:18 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.SYS -- (SSPORT)
DRV:*64bit:* - [2009/03/02 14:12:14 | 000,053,816 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2003/11/21 16:15:14 | 000,029,156 | ---- | M] (Apple Computer, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\DVDAccss.sys -- (DVDAccss)
DRV - [2002/02/11 14:15:50 | 000,014,572 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\PFC.SYS -- (pfc)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:*64bit:* - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:*64bit:* - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SNYVDF&pc=MASA&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3761110793-264239725-660992700-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://sony.msn.com
IE - HKU\S-1-5-21-3761110793-264239725-660992700-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-3761110793-264239725-660992700-1006\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3761110793-264239725-660992700-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3761110793-264239725-660992700-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: SpecialSavings%40SpecialSavings.com:2.0.0.1
FF - prefs.js..extensions.enabledAddons: speedanalysis02%40SpeedAnalysis.com:1.0.0.3
FF - prefs.js..extensions.enabledAddons: keefox%40chris.tomlinson:1.2.3
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.17
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
FF - user.js - File not found

FF:*64bit:* - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll File not found
FF:*64bit:* - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:*64bit:* - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:*64bit:* - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF:*64bit:* - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/05/20 00:15:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/08/17 16:40:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/08/17 16:40:10 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/10/04 22:24:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dee\AppData\Roaming\Mozilla\Extensions
[2013/07/21 07:50:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dee\AppData\Roaming\Mozilla\Firefox\Profiles\b9xjr16w.default\extensions
[2013/07/21 07:50:29 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Dee\AppData\Roaming\Mozilla\Firefox\Profiles\b9xjr16w.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013/07/07 16:54:38 | 000,000,000 | ---D | M] (KeeFox) -- C:\Users\Dee\AppData\Roaming\Mozilla\Firefox\Profiles\b9xjr16w.default\extensions\[email protected]
[2013/06/08 21:35:36 | 000,094,667 | ---- | M] () (No name found) -- C:\Users\Dee\AppData\Roaming\Mozilla\Firefox\Profiles\b9xjr16w.default\extensions\[email protected]
[2013/08/17 16:40:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/08/17 16:40:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/08/17 16:40:17 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) -- C:\USERS\DEE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\B9XJR16W.DEFAULT\EXTENSIONS\[email protected]

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - homepage: http://www.google.com
CHR - Extension: No name found = C:\Users\Dee\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfcpnihmbfoaeoakalclfalkdepgiaje\2.0.0.1_0\

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:*64bit:* - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:*64bit:* - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-3761110793-264239725-660992700-1006\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:*64bit:* - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4:*64bit:* - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe File not found
O4:*64bit:* - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:*64bit:* - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:*64bit:* - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ContentTransferWMDetector.exe] C:\Program Files (x86)\Sony\Walkman Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXRCV] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files (x86)\KeePass Password Safe\KeePass.exe (Dominik Reichl)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3761110793-264239725-660992700-1006..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Dee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Launch Utility Application.lnk = C:\Users\Dee\AppData\Roaming\Verizon\UA_ar\UtilityApplication.exe (Samsung Electronics Co. Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-3761110793-264239725-660992700-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3761110793-264239725-660992700-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-3761110793-264239725-660992700-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:*64bit:* - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10:*64bit:* - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13*64bit:* - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:*64bit:* - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16:*64bit:* - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16:*64bit:* - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.25.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4F89A0A7-8023-4E5B-A549-B9565F48266A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BACE280B-4541-4B90-954C-94382AE27089}: DhcpNameServer = 62.25.0.10 62.25.0.66
O18:*64bit:* - Protocol\Handler\livecall - No CLSID value found
O18:*64bit:* - Protocol\Handler\ms-help - No CLSID value found
O18:*64bit:* - Protocol\Handler\msnim - No CLSID value found
O18:*64bit:* - Protocol\Handler\wlmailhtml - No CLSID value found
O18:*64bit:* - Protocol\Handler\wlpg - No CLSID value found
O20:*64bit:* - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:*64bit:* - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:*64bit:* - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:*64bit:* - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/08/04 18:13:52 | 000,000,110 | -H-- | M] () - D:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:*64bit:* - HKLM\..comfile [open] -- "%1" %*
O35:*64bit:* - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:*64bit:* - HKLM\...com [@ = comfile] -- "%1" %*
O37:*64bit:* - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/08/27 18:23:47 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/08/27 18:22:17 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Dee\Desktop\OTL.exe
[2013/08/26 21:37:29 | 000,000,000 | ---D | C] -- C:\MGADiagToolOutput
[2013/08/26 21:37:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2013/08/26 21:34:52 | 002,031,992 | ---- | C] (Microsoft Corporation) -- C:\Users\Dee\Desktop\MGADiag.exe
[2013/08/26 07:43:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboTax 2012
[2013/08/25 22:53:16 | 000,000,000 | ---D | C] -- C:\Users\Dee\AppData\Local\Intuit
[2013/08/25 14:57:50 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Dee\Desktop\dds.scr
[2013/08/25 14:55:47 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Dee\Desktop\HijackThis(1).exe
[2013/08/19 10:05:16 | 000,000,000 | ---D | C] -- C:\Users\Dee\Desktop\Penzeys Spices Order Receipt Page_files
[2013/08/18 12:01:21 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/08/18 12:01:20 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/08/18 12:01:19 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/08/18 12:01:19 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/08/18 12:01:18 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/08/18 12:01:18 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/08/18 12:01:18 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/08/18 12:01:17 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/08/18 12:01:17 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/08/18 12:01:17 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/08/18 12:01:16 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/08/18 12:01:11 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/08/18 12:01:10 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/08/18 12:01:10 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/08/18 12:01:09 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/08/17 16:40:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/08/17 08:39:17 | 000,000,000 | ---D | C] -- C:\Users\Dee\AppData\Local\{A970FB2D-2732-47D6-8726-FC52F81B5075}
[2013/08/17 08:38:38 | 001,217,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll
[2013/08/17 08:37:11 | 001,472,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013/08/17 08:37:08 | 000,224,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2013/08/17 08:37:06 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2013/08/17 08:35:56 | 001,888,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2013/08/17 08:35:55 | 001,620,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2013/08/15 10:21:25 | 003,913,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/08/15 10:21:23 | 005,550,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/08/15 10:21:23 | 003,968,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/08/15 10:21:22 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2013/08/15 10:21:20 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/08/15 10:21:19 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/08/15 10:21:14 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/08/15 10:21:13 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/08/15 10:21:13 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/08/15 10:21:13 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe

========== Files - Modified Within 30 Days ==========

[2013/08/27 18:35:51 | 000,028,576 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/27 18:35:51 | 000,028,576 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/27 18:32:11 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/08/27 18:28:17 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/08/27 18:28:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/27 18:27:58 | 3180,220,416 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/27 18:23:17 | 000,782,470 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/08/27 18:23:17 | 000,662,634 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/08/27 18:23:17 | 000,122,470 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/08/27 18:16:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dee\Desktop\OTL.exe
[2013/08/27 18:15:18 | 000,994,642 | ---- | M] () -- C:\Users\Dee\Desktop\AdwCleaner.exe
[2013/08/27 13:13:34 | 000,000,040 | ---- | M] () -- C:\Windows\SysNative\sstate_prev.sdt
[2013/08/27 13:11:33 | 000,000,102 | ---- | M] () -- C:\Windows\SysNative\sstates.sdt
[2013/08/27 13:09:08 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/08/26 21:21:26 | 000,468,480 | ---- | M] () -- C:\Users\Dee\Desktop\CKScanner.exe
[2013/08/26 21:19:36 | 002,031,992 | ---- | M] (Microsoft Corporation) -- C:\Users\Dee\Desktop\MGADiag.exe
[2013/08/25 22:54:43 | 000,380,832 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/08/25 15:36:36 | 000,002,062 | ---- | M] () -- C:\Users\Public\Desktop\ChurchTrac 9.lnk
[2013/08/25 14:57:50 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Dee\Desktop\dds.scr
[2013/08/25 14:55:05 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Dee\Desktop\HijackThis(1).exe
[2013/08/24 20:55:42 | 000,007,605 | ---- | M] () -- C:\Users\Dee\AppData\Local\Resmon.ResmonCfg
[2013/08/21 08:35:12 | 000,002,143 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/08/19 10:05:18 | 000,021,237 | ---- | M] () -- C:\Users\Dee\Desktop\Penzeys Spices Order Receipt Page.htm
[2013/08/13 08:52:31 | 000,027,784 | ---- | M] () -- C:\test.xml
[2013/08/03 07:30:47 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/08/03 07:30:47 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/07/31 21:37:34 | 001,296,071 | ---- | M] () -- C:\Users\Dee\Desktop\On Calling a Pastor.pdf

========== Files Created - No Company Name ==========

[2013/08/27 18:22:13 | 000,994,642 | ---- | C] () -- C:\Users\Dee\Desktop\AdwCleaner.exe
[2013/08/26 21:34:47 | 000,468,480 | ---- | C] () -- C:\Users\Dee\Desktop\CKScanner.exe
[2013/08/24 20:55:42 | 000,007,605 | ---- | C] () -- C:\Users\Dee\AppData\Local\Resmon.ResmonCfg
[2013/08/19 10:05:16 | 000,021,237 | ---- | C] () -- C:\Users\Dee\Desktop\Penzeys Spices Order Receipt Page.htm
[2013/07/31 21:37:34 | 001,296,071 | ---- | C] () -- C:\Users\Dee\Desktop\On Calling a Pastor.pdf
[2013/03/07 16:24:10 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2013/03/07 16:24:10 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2013/03/07 16:24:10 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2013/03/07 16:24:10 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012/09/14 08:18:44 | 000,000,288 | ---- | C] () -- C:\Users\Dee\AppData\Roaming\.backup.dm
[2012/09/09 13:17:36 | 000,000,632 | RHS- | C] () -- C:\Users\Dee\ntuser.pol
[2012/02/21 22:50:51 | 000,000,168 | ---- | C] () -- C:\Windows\cedt.INI
[2012/02/08 18:53:15 | 000,000,325 | ---- | C] () -- C:\Windows\Swiss8.ini
[2012/01/28 16:03:11 | 000,000,104 | ---- | C] () -- C:\Windows\EART837.ini
[2012/01/28 15:25:13 | 000,000,629 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2011/10/24 15:49:39 | 000,000,129 | ---- | C] () -- C:\Users\Dee\jagex_runescape_preferences2.dat
[2011/10/24 15:47:50 | 000,000,035 | ---- | C] () -- C:\Users\Dee\jagex_runescape_preferences.dat
[2011/10/08 00:13:50 | 000,000,188 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011/05/04 01:14:52 | 000,000,226 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 00:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 23:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

Extras:

OTL Extras logfile created on: 8/27/2013 6:31:07 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dee\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.95 Gb Total Physical Memory | 2.63 Gb Available Physical Memory | 66.72% Memory free
7.90 Gb Paging File | 6.49 Gb Available in Paging File | 82.15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 455.34 Gb Total Space | 378.26 Gb Free Space | 83.07% Space Free | Partition Type: NTFS
Drive D: | 3.73 Gb Total Space | 3.66 Gb Free Space | 98.27% Space Free | Partition Type: FAT32

Computer Name: DEE-VAIO | User Name: Dee | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-3761110793-264239725-660992700-1006\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Users\Dee\AppData\Roaming\File Scout\filescout.exe" /open "%1"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Users\Dee\AppData\Roaming\File Scout\filescout.exe" /open "%1"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

*64bit:* [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03E0F912-9DEE-4B67-B5F4-B5871C0A252D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{041F6F3F-DE96-4102-9442-9EA98BD31AD4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{080BB52E-7C43-42AC-8CB7-457AF15169CD}" = rport=445 | protocol=6 | dir=out | app=system | 
"{12C01E2B-0217-48BD-81DB-15B4910E19BC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1A23870F-86F7-42E7-A2D9-FF80263A4A6E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1CEB5A11-813D-4FF2-9DBB-F7C71C14A095}" = lport=445 | protocol=6 | dir=in | app=system | 
"{251E6E7F-D2D7-4166-B6B5-FA81A9C3154F}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{279466CD-342A-4022-ADE5-C7A3FD13D327}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{2EEAAE20-0887-4E3E-9ECB-4F6CFCDBD55D}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{31C7333B-B077-457D-A5FE-9E39C53A4A4D}" = lport=137 | protocol=17 | dir=in | app=system | 
"{3EFC22DA-8F30-47E4-B716-44DBB700209F}" = lport=138 | protocol=17 | dir=in | app=system | 
"{3F9DA7F5-52C8-4F9D-8ADB-6346B89F46A0}" = lport=3702 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft visual studio 11.0\common7\ide\wdexpress.exe | 
"{56DD8C07-C077-4993-9B2F-00A28C5B1893}" = rport=138 | protocol=17 | dir=out | app=system | 
"{5C8B1D3B-2FF0-4D31-9EF6-16B25FF342CE}" = lport=80 | protocol=6 | dir=in | app=c:\program files\sony\vaio smart network\wfda\wifidirectapplication.exe | 
"{7ECB31D2-3399-4BF4-8FB4-99F49AB73B52}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8B89C720-22F4-411C-916C-93E8C94858EA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8B914304-AA3A-4081-AC22-82E8DB69BFFF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 
"{982B5995-5E47-4175-AA67-8D06ED97779A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9A91E9EC-4655-483C-A723-B7D111AD5D0A}" = rport=139 | protocol=6 | dir=out | app=system | 
"{9B14E5E6-E9D7-42E4-BF72-0B92D9833880}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{A6BDAF14-4E4A-43A1-8D83-30B041F1E1B4}" = lport=139 | protocol=6 | dir=in | app=system | 
"{A80D8F16-5706-447B-AFA8-0A82477F880A}" = rport=137 | protocol=17 | dir=out | app=system | 
"{ABD420F9-243A-432C-BF85-BCD32544A760}" = lport=53 | protocol=17 | dir=in | app=c:\program files\sony\vaio smart network\wfda\dcdhcpservice.exe | 
"{B5732411-9A87-4A9A-A17A-E5080BFE83F7}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{B913A649-144E-4FEC-A1BC-334969E8BA32}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{BBC8F905-835C-448F-881F-63569FE42B1E}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{DAD7697E-2594-4A08-BBFC-9879DE84B67D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{DB9D8F0A-D882-40A6-AADB-632EBF2D381E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{DF9516B6-831E-424B-80BE-1212B718BD7A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F66EADAE-553B-4570-825F-80EA3526C7B6}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C804439-1915-4970-B7C9-9B1297D18FB5}" = protocol=6 | dir=in | app=c:\program files\sony\vaio smart network\wfda\wifidirectapplication.exe | 
"{0C85E661-D371-407F-B97E-0E8983141BC6}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{12357FBE-1099-44F1-9297-C957571F904F}" = protocol=1 | dir=out | [email protected],-28544 | 
"{24FB7311-41BC-431A-B5EA-3AD1D042873B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{31982DFA-2D8E-4AB3-A90D-DE9C6077AD14}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{320D92F8-523D-41B1-97B7-725D5CEA002E}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{355E9E4E-D627-40A0-A127-D0F56F153491}" = protocol=58 | dir=in | [email protected],-28545 | 
"{3633EF01-B655-4F80-B224-8731395F8E79}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{3E4E3698-9E9B-414A-9E3D-49143B57489D}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{3FBFD400-7004-4AC0-910E-3E552D58BAA7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4AC0E1B3-287E-4947-A1B6-DB36169DCAD4}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{52B6DA36-5707-447C-A341-CF259263261B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{5B38F098-4B29-40C9-8D37-FF7C82267987}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{7525205E-600C-4C7B-8F19-FD143E990DF0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{759857BE-CF46-4AAB-9679-900E7B3AE9EE}" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\ecprintersetup\enpapp.exe | 
"{7E8B4CD5-2EC2-4B1C-A1FA-E1A69E739F0A}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{8464421F-B5E6-4DA7-9773-BAE554E956EE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{84A22A74-9979-4CB8-90EA-CDE8F1E0E787}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{904F913E-28E0-4641-A95F-B7A7FAA31028}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{97691BFB-AFC4-4FF3-AB5D-FCABC08E7FA2}" = protocol=6 | dir=in | app=e:\common\epsonnet setup\eneasyapp.exe | 
"{9AE38394-B59C-4CAF-9770-D99DD994F00C}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{A5345C12-B3EB-40E9-BF0B-6DC68FFB31A1}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{AA48C679-002B-478C-9CEE-832729DE9E56}" = protocol=17 | dir=in | app=c:\program files\sony\vaio smart network\wfda\wifidirectapplication.exe | 
"{B6AC92F4-9E29-4BFF-825B-F9F2EE71B63C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{B905143F-A402-46D7-9D64-8500119983F3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{DAA4FB25-C87B-4356-9D18-6B15013C20D2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{DE0DE108-77C1-4856-B2AD-38BEB5F942CB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DE5D9FBE-61D6-4E2B-A86F-1A5692BBB768}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{E4B1CA86-12C1-4111-B483-9937A3D3DE89}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{E5C16F5D-CE96-43F5-90BF-D7CE5D8F4E02}" = protocol=17 | dir=in | app=e:\common\epsonnet setup\eneasyapp.exe | 
"{EA50E07C-9DE1-4247-BB68-134601C83DDB}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{F12FFC88-EF4F-4D8C-B409-7074E6A1A5B8}" = protocol=1 | dir=in | [email protected],-28543 | 
"{F4BC3CE5-52EA-4680-B783-E8151560F9E3}" = protocol=58 | dir=out | [email protected],-28546 | 
"{FA3B603B-456A-4BF6-BAF8-1DE5816A4048}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{FD5D3A5A-F645-483B-BEAF-09A8FDB7993F}" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\ecprintersetup\enpapp.exe | 
"{FF14D98B-0099-4571-9B3A-A810A9B0F96A}" = protocol=6 | dir=out | app=system | 
"TCP Query User{4B41BA5B-2A81-40CC-8785-BE1C547AD8E0}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | 
"TCP Query User{88ADB153-C51D-448E-80E7-87CB04CD0D15}C:\users\dee\appdata\local\microsoft\windows\temporary internet files\content.ie5\qdq3pun8\lastd-ndlm.exe" = protocol=6 | dir=in | app=c:\users\dee\appdata\local\microsoft\windows\temporary internet files\content.ie5\qdq3pun8\lastd-ndlm.exe | 
"TCP Query User{D7F68018-C9D9-4BAF-9EF3-DEA5B10C5F3C}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | 
"UDP Query User{3330D444-3926-4F11-98FE-3C5FE0D23D92}C:\users\dee\appdata\local\microsoft\windows\temporary internet files\content.ie5\qdq3pun8\lastd-ndlm.exe" = protocol=17 | dir=in | app=c:\users\dee\appdata\local\microsoft\windows\temporary internet files\content.ie5\qdq3pun8\lastd-ndlm.exe | 
"UDP Query User{715CE91A-A90F-46C8-88AE-6B956E604D0B}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe | 
"UDP Query User{C9139FEE-E488-4BAE-A4BA-28A7EC4F2FAE}C:\program files (x86)\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\epson software\event manager\eeventmanager.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0E8670B8-3965-4930-ADA6-570348B67153}" = Microsoft SQL Server 2012 Transact-SQL ScriptDom 
"{115B60D5-BBDB-490E-AF2E-064D37A3CE01}" = Media Gallery
"{133D3F07-D558-46CE-80E8-F4D75DBBAD63}" = PMB VAIO Edition Plug-in
"{13D558FE-A863-402C-B115-160007277033}" = Microsoft SQL Server 2012 Express LocalDB 
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
"{26A24AE4-039D-4CA4-87B4-2F86416022FF}" = Java(TM) 6 Update 22 (64-bit)
"{27EF252D-800C-ED42-9904-459FE0046225}" = Windows Software Development Kit for Windows Store Apps DirectX x64 Remote
"{2B997E80-3BEC-3222-9114-98DBE1182B2E}" = Microsoft Visual C++ 2012 x64 Debug Runtime - 11.0.50727
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{30B7A7A6-D519-3332-BEB3-D105EFC7389A}" = Microsoft Visual Studio 2012 Express Prerequisites x64 - ENU
"{312395BC-7CC2-434C-A660-30250276A926}" = SSLx64
"{36E619BC-A234-4EC3-849B-779A7C865A45}" = Microsoft SQL Server 2012 Data-Tier App Framework 
"{49D665A2-4C2A-476E-9AB8-FCC425F526FC}" = Microsoft SQL Server 2012 Native Client 
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4F31AC31-0A28-4F5A-8416-513972DA1F79}" = Sony Corporation
"{5FB4C443-6BD6-1514-2717-3827D65AE6FB}" = Windows Software Development Kit DirectX x64 Remote
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{68A48EF1-DF03-394F-AF40-1E4FE42BB8DD}" = Microsoft Visual Studio Team Foundation Server 2012 Object Model Language Pack - ENU
"{6B7DE186-374B-4873-AEC1-7464DA337DD6}" = VU5x64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6F07A6C2-9068-3673-A120-DC10012468C6}" = Microsoft Visual Studio Team Foundation Server 2012 Object Model
"{704C0303-D20C-45AF-BD2B-556EAF31BE09}" = iCloud
"{76FF0F03-B707-4332-B5D1-A56C8303514E}" = iTunes
"{78909610-D229-459C-A936-25D92283D3FD}" = Microsoft SQL Server Compact 4.0 SP1 x64 ENU
"{814FA673-A085-403C-9545-747FC1495069}" = Epson Customer Participation
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{99E6C2F3-59B2-4308-B1CD-4928B55B7E30}" = VGClientX64
"{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}" = Microsoft SQL Server 2012 Command Line Utilities 
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
"{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{BEB0F91E-F2EA-48A1-B938-7857ABF2A93D}" = Microsoft SQL Server 2012 Transact-SQL Compiler Service 
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D55EAC07-7207-44BD-B524-0F063F327743}" = VIx64
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E2B8249D-895C-4685-8C83-00F3B1A13028}" = Microsoft Web Platform Installer 4.0
"{F1949145-EB64-4DE7-9D81-E6D27937146C}" = Microsoft System CLR Types for SQL Server 2012 (x64)
"{F1DC5C16-9B1F-467B-85E3-CB48C27AC50D}" = VESx64
"{F2611404-06BF-4E67-A5B7-8DB2FFC1CBF6}" = VSNx64
"{F6478CC2-B1B3-497E-9BEA-94C1676637DF}" = Nitro Reader 3
"{FA0A244E-F3C2-4589-B42A-3D522DE79A42}" = Microsoft SQL Server 2012 Management Objects (x64)
"CNXT_AUDIO_HDA" = Conexant HD Audio
"EPSON Artisan 837 Series" = EPSON Artisan 837 Series Printer Uninstall

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00B03993-F5A1-47B1-9C54-EC8FBDDDE17E}" = VAIO Care
"{07441A52-E208-478A-92B7-5C337CA8C131}" = VAIO - Remote Play with PlayStation®3
"{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}" = VAIO Smart Network
"{09412B73-6159-40D6-B0B9-C11B30A7531E}" = Microsoft Visual Studio 2012 Preparation
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
"{0F3C9093-6C13-484D-8385-93AA21BEC025}" = Microsoft Visual C++ 2012 32bit Compilers - ENU Resources
"{10F63395-157F-4B93-AB4D-702A2FF11942}" = Epson Download Navigator
"{18894D16-5448-4BF9-A128-F7E937322F91}" = OOBE
"{1948E039-EC79-4591-951D-9867A8C14C90}" = Microsoft .NET Framework 4.5 SDK
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1B2035BA-BFB0-4F1F-A702-80CF1377285D}" = Verizon Wireless Software Upgrade Assistant - Samsung(ar)
"{1B9BBB23-65CB-3AEE-BFC6-633E7CA299FD}" = Microsoft Visual Studio Team Foundation Server 2012 Team Explorer Language Pack - ENU
"{1BE2AFE6-209E-3862-AE45-DA9D3D21BD65}" = Microsoft Visual Studio Express 2012 for Windows Desktop
"{1C163D33-33B3-33EB-A617-0D4D852BE8E1}" = Microsoft Visual C++ 2012 x86 Debug Runtime - 11.0.50727
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21DD6041-7251-40FA-9D06-C5EB30268E0F}" = Qualcomm Atheros Direct Connect
"{222C5507-AC43-388F-808E-2266EC57E043}" = Microsoft Visual Studio Express 2012 for Windows Desktop - ENU
"{22800204-9E53-45C7-B6F3-5BB0F1C1A147}" = Jing
"{23176E97-26CB-C72A-19EB-BFB21AC1D15A}" = Windows Software Development Kit DirectX x86 Remote
"{2485354C-6B65-4978-BB91-CCE61442377B}" = SUABnR
"{25AF1025-095C-4AA9-A3FD-29710D3C3AE5}" = Remote Keyboard
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{270380EB-8812-42E1-8289-53700DB840D2}" = PMB VAIO Edition Plug-in
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2B34414C-14FB-11D6-A329-0050045C24B2}" = [email protected] 2.0.3
"{2C0CC01A-DDBC-3AED-AF18-E741242FD727}" = Microsoft Visual Studio Ultimate 2012 XAML UI Designer enu Resources
"{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
"{32136776-FE3F-453D-80DA-CDD993BDB2A3}" = Entity Framework Designer for Visual Studio 2012 - enu
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{339F9B4D-00CB-4C1C-BED8-EC86A9AB602A}" = PMB VAIO Edition Guide
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}" = VAIO Care
"{38FC6E9A-F719-431A-A83D-4C86D5FD6555}" = Microsoft Visual Studio 2012 Shell (Minimum) Resources
"{3A26D9BD-0F73-432D-B522-2BA18138F7EF}" = VAIO Improvement
"{3A94F54D-A8A4-4B82-B346-92B4D56A2708}" = VESx86
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{42F61556-29ED-8122-F39E-6F04EA5FF279}" = Windows Software Development Kit for Windows Store Apps DirectX x86 Remote
"{49402ED1-A795-4435-A745-1B781BE621A6}" = Microsoft NuGet - Visual Studio Express 2012 for Windows Desktop
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E00EC3D-F349-4FA2-829C-CD55E67F7D92}" = TurboTax 2011 wariper
"{4E62123C-4C0D-4123-A8A2-C0103B92D7EA}" = Should I Remove It
"{4F2B8233-35EE-4197-8C3B-EACCBF712029}" = Microsoft SQL Server Data Tools - enu (11.1.20828.01)
"{547C9EB4-4CA6-402F-9D1B-8BD30DC71E44}" = VAIO Sample Contents
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{5A92468F-3ED8-4F96-A9E1-4F176C80EC29}" = VAIO Quick Web Access
"{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}" = Microsoft .NET Framework 4.5 Multi-Targeting Pack
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = VAIO Transfer Support
"{5FA51AAF-23FE-42F4-A724-D79F85F41D4B}" = Remote Play with PlayStation 3
"{60D5EF2A-4E0C-2C30-38F6-59C26E134F4A}" = Windows Software Development Kit
"{61438020-DDD4-42FA-99A2-50225441980A}" = ArcSoft Magic-i Visual Effects 2
"{63C43435-F428-42BA-8E7B-5848749D9262}" = SSLx86
"{64BA551C-9AF6-495C-93F3-D1270E0045FC}" = Epson Connect
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6D6D43E5-218C-4B05-92D3-2240810F4760}" = Microsoft SQL Server 2012 T-SQL Language Service 
"{6DAB46E3-D017-3E2B-85D8-F57A230384C0}" = Microsoft Visual Studio Team Foundation Server 2012 Team Explorer
"{70991E0A-1108-437E-BA7D-085702C670C0}" = 
"{70EED410-697B-4193-A2CB-2F790F82B420}" = VAIO Data Restore Tool
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{7396FB15-9AB4-4B78-BDD8-24A9C15D2C65}" = VAIO - Remote Keyboard
"{73D8886A-D416-4687-B609-0D3836BA410C}" = VAIO Event Service
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7C80D30A-AC02-4E3F-B95D-29F0E4FF937B}" = VAIO Easy Connect
"{7D916FA5-DAE9-4A25-B089-655C70EAF607}" = Atheros WiFi Driver Installation
"{800F484E-9D69-492D-B656-7BAA32586142}" = Microsoft Visual Studio 2012 Shell (Minimum)
"{820C677A-41B2-48C3-8136-FEE35A052E73}" = Microsoft Visual Studio 2012 Shell (Minimum) Interop Assemblies
"{82F09B1C-F602-4552-9C40-5BD5F8EAF750}" = 
"{8356CB97-A48F-44CB-837A-A12838DC4669}" = PMB VAIO Edition Plug-in
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{855DDD3C-131E-42A8-BCBD-F9581F80CACB}" = 
"{8B583EF5-FA7B-4AE2-9008-51B7FD505886}" = VGClientX86
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}" = Epson Event Manager
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001C-0000-0000-0000000FF1CE}" = Microsoft Office Access Runtime 2010
"{90140000-001C-0000-0000-0000000FF1CE}_Office14.AccessRT_{FA978F90-F7AB-4CF6-BCF5-885CF559DE7C}" = Microsoft Access 2010 Runtime Service Pack 1 (SP1)
"{90140000-001C-0409-0000-0000000FF1CE}" = Microsoft Office Access Runtime MUI (English) 2010
"{90140000-001C-0409-0000-0000000FF1CE}_Office14.AccessRT_{FF0EF2BE-3400-4E0C-BE30-6D04441CE0ED}" = Microsoft Access 2010 Runtime Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.AccessRT_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.AccessRT_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.AccessRT_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.AccessRT_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.AccessRT_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9169C939-ED01-446A-BD0C-29873BAF4E48}" = Prerequisites for SSDT 
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B088046-8A01-4355-99DD-8530C022F682}" = VCCx86
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D12A8B5-9D41-4465-BF11-70719EB0CD02}" = VU5x86
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}" = VAIO Update
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A1785BD4-3486-4E7E-8074-E3FC61B8F315}" = Microsoft Visual C++ 2012 x86-x64 Compilers
"{A49A517F-5332-4665-922C-6D9AD31ADD4F}" = VSNx86
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7C30414-2382-4086-B0D6-01A88ABA21C3}" = VAIO Gate
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.7) MUI
"{B362A397-B38A-3A23-A190-611F9C7EB4F9}" = Microsoft Visual C++ 2012 Core Libraries
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B7546697-2A80-4256-A24B-1C33163F535B}" = VAIO Gate Default
"{B8991D99-88FD-41F2-8C32-DB70278D5C30}" = VWSTx86
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C1BE4600-7D15-3D1E-8AA2-B3241DB1D063}" = Microsoft Visual Studio Ultimate 2012 XAML UI Designer Core
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}" = VAIO Manual
"{C72E35E5-C5C6-4328-AD9A-BBCCC816A2E6}" = VAIO Hardware Diagnostics
"{C793AD32-2BB8-4CC4-ABD3-A1469C21593C}" = ArcSoft WebCam Companion 4
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFADE4AF-C0CF-4A04-A776-741318F1658F}" = Content Transfer
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D11F66FF-82B3-DDB8-1146-525370552BE1}" = Windows Software Development Kit for Windows Store Apps
"{D16A31F9-276D-4968-A753-FFEAC56995D0}" = Epson Print CD
"{D17C2A58-E0EA-4DD7-A2D6-C448FD25B6F6}" = VIx86
"{D2D23D08-D10E-43D6-883C-78E0B2AC9CC6}" = VU5x86
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}" = Epson Connect Printer Setup
"{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}" = Microsoft SQL Server 2012 Management Objects 
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{e0efdce9-a486-4676-8aa5-65bb08cbf34c}" = Microsoft Visual Studio Express 2012 for Windows Desktop - ENU
"{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}" = Microsoft System CLR Types for SQL Server 2012
"{E459A8EA-1981-4D99-8D1E-5AABE1535AF8}" = Verizon Wireless Software Utility Application for Android - Samsung
"{E50FC5DB-7CBD-407D-A46E-0C13E45BC386}" = Oasis2Service
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E818AE7C-244B-4A50-9C86-C0E4A8B69159}" = Microsoft Visual Studio 2012 Tools for SQL Server Compact 4.0 SP1 ENU
"{EF7E46B8-1FB7-11E2-B6B3-984BE15F174E}" = Evernote v. 4.5.10
"{F014B696-28C5-4554-802F-A15380418F53}" = TurboTax 2012 WinPerReleaseEngine
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F5248E24-F52C-4FD1-B76F-102460BAFD6B}" = VAIO Help and Support
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"{FA870BF1-44A1-4B7D-93E1-C101369AF0C1}" = VAIO - Media Gallery
"{FAE0523E-08A4-4717-8E8E-6EC6F32CBE88}" = Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20828.01)
"{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}" = Microsoft SQL Server 2012 Data-Tier App Framework 
"{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FEB375AB-6EEC-3929-8FAF-188ED81DD8B5}" = Microsoft Help Viewer 2.0
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Application Manager for VAIO" = Application Manager for VAIO
"avast" = avast! Free Antivirus
"Crimson Editor SVN286M" = Crimson Editor SVN286M
"Deer Hunt Challenge SE" = Deer Hunt Challenge SE
"EPSON PC-FAX Driver 2" = Epson PC-FAX Driver
"EPSON Scanner" = EPSON Scan
"FileZilla Client" = FileZilla Client 3.5.3
"Google Chrome" = Google Chrome
"InstallShield_{2485354C-6B65-4978-BB91-CCE61442377B}" = SUABnR
"InstallShield_{270380EB-8812-42E1-8289-53700DB840D2}" = VAIO - PMB VAIO Edition Plug-in
"InstallShield_{339F9B4D-00CB-4C1C-BED8-EC86A9AB602A}" = VAIO - PMB VAIO Edition Guide
"InstallShield_{7C80D30A-AC02-4E3F-B95D-29F0E4FF937B}" = VAIO Easy Connect
"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.22
"Microsoft Help Viewer 2.0" = Microsoft Help Viewer 2.0
"Mozilla Firefox 23.0.1 (x86 en-US)" = Mozilla Firefox 23.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Network Play System" = EA Network Play System
"Office14.AccessRT" = Microsoft Access Runtime 2010
"Office14.SingleImage" = Microsoft Office Home and Business 2010
"Samsung ML-1200 Series" = Samsung ML-1200 Series
"splashtop" = VAIO Quick Web Access
"Swis-Sys" = Swis-Sys
"Thief" = Thief 1.25
"VAIO Messenger" = VAIO Messenger
"VAIO Satisfaction Survey.3.0" = VAIO Satisfaction Survey.
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3761110793-264239725-660992700-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Should I Remove It 1.0.4" = Should I Remove It

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/27/2013 2:13:56 PM | Computer Name = Dee-VAIO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 8/27/2013 2:13:56 PM | Computer Name = Dee-VAIO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 143084

Error - 8/27/2013 2:13:56 PM | Computer Name = Dee-VAIO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 143084

Error - 8/27/2013 2:14:12 PM | Computer Name = Dee-VAIO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 8/27/2013 2:14:12 PM | Computer Name = Dee-VAIO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 158778

Error - 8/27/2013 2:14:12 PM | Computer Name = Dee-VAIO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 158778

Error - 8/27/2013 2:14:27 PM | Computer Name = Dee-VAIO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 8/27/2013 2:14:27 PM | Computer Name = Dee-VAIO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 174378

Error - 8/27/2013 2:14:27 PM | Computer Name = Dee-VAIO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 174378

Error - 8/27/2013 7:14:34 PM | Computer Name = Dee-VAIO | Source = WinMgmt | ID = 10
Description =

Error - 8/27/2013 7:29:49 PM | Computer Name = Dee-VAIO | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 8/27/2013 2:14:09 PM | Computer Name = Dee-VAIO | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 8/27/2013 7:13:02 PM | Computer Name = Dee-VAIO | Source = EventLog | ID = 6008
Description = The previous system shutdown at 6:08:57 PM on ?8/?27/?2013 was unexpected.

Error - 8/27/2013 7:12:44 PM | Computer Name = Dee-VAIO | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\drivers\pfc.sys has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 8/27/2013 7:13:04 PM | Computer Name = Dee-VAIO | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\drivers\DVDAccss.sys has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 8/27/2013 7:13:04 PM | Computer Name = Dee-VAIO | Source = Service Control Manager | ID = 7000
Description = The DVDAccss service failed to start due to the following error: %%1275

Error - 8/27/2013 7:13:06 PM | Computer Name = Dee-VAIO | Source = Service Control Manager | ID = 7000
Description = The DgiVecp service failed to start due to the following error: %%20

Error - 8/27/2013 7:27:56 PM | Computer Name = Dee-VAIO | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\drivers\pfc.sys has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 8/27/2013 7:28:13 PM | Computer Name = Dee-VAIO | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\drivers\DVDAccss.sys has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 8/27/2013 7:28:13 PM | Computer Name = Dee-VAIO | Source = Service Control Manager | ID = 7000
Description = The DVDAccss service failed to start due to the following error: %%1275

Error - 8/27/2013 7:28:15 PM | Computer Name = Dee-VAIO | Source = Service Control Manager | ID = 7000
Description = The DgiVecp service failed to start due to the following error: %%20

< End of report >


----------



## wannabeageek (Nov 12, 2009)

Hi Grubbs,

Please run the following:

*RSIT (Random's System Information Tool) *
Please download *RSITx64* by random/random... save it to your desktop.


Right click on *RSIT.exe* and select *"Run As Administrator"* to run it. If Windows *UAC* prompts you, please allow it.
Please read the disclaimer... click on *Continue*.
*RSIT* will start running. When done... *2 logs files*...will be produced. 
The first one, *"log.txt"*, <<will be maximized... the second one, *"info.txt"*, <<will be minimized.
Please post both... *"log.txt"* and *"info.txt"*, file contents in your next reply.

(These logs can be lengthy, so a separate post may be needed.)


----------



## Grubbs (Nov 17, 2003)

Results posted below from RSIT scan (this post log.txt, next post info.txt). Just wanted to report what might be a possible clue: If I leave wireless switched off, laptop seems to perform fairly close to normal. Turn wireless on, or boot with wireless switch on, and the issues with programs not loading, being unable to shut down properly, etc. resurface. I don't know if that might mean I have some kind of virus that lies in wait until an internet connection is available or if it means that I have some kind of driver or hardware issue I should be trying to investigate.

log.txt from RSIT scan:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Dee at 2013-08-28 19:54:45
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 387 GB (83%) free of 466 GB
Total RAM: 4044 MB (65% free)

HijackThis download failed

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\Windows\system32\WLANExt.exe 33770704
\??\C:\Windows\system32\conhost.exe "-105123025813844561441463349041-20423600061188198999-344641195-573176724-1355923466
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe"
"C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe" -service
"taskhost.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
taskeng.exe {3E06BB76-A6DF-4261-A477-241CDD44B75C}
"C:\Program Files\Bonjour\mDNSResponder.exe"
"C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe"
"C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe" /AutoStart
"C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE"
"C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe"
"C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe"
"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe"
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
"C:\Program Files\Apoint\Apoint.exe" 
"C:\Windows\System32\hkcmd.exe" 
"C:\Windows\System32\igfxpers.exe" 
C:\Windows\system32\DllHost.exe /Processid:{B32DAC50-97B2-4BF7-A8DB-418294621529}
"C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Users\Dee\AppData\Roaming\Verizon\UA_ar\UtilityApplication.exe" /boot
WLIDSvcM.exe 2700
C:\Windows\SysWOW64\DllHost.exe /Processid:{CB45D4CA-8A34-4EF1-9957-6134E5270E83}
C:\Windows\SysWOW64\DllHost.exe /Processid:{78FD0120-D39C-45D8-A9BE-2B802B3C23E5}
"C:\Program Files\Apoint\ApMsgFwd.exe" -s{05FA8492-C047-4207-BE65-780D8591C113}
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 
"C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe" 
"C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe" 
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
"C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" 
"C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE" /tsr
"C:\Program Files\Apoint\Apvfb.exe" 
"Apntex.exe"
\??\C:\Windows\system32\conhost.exe "-1623773602-196334861633817487-1928849276-1060354888-100714119511377556391772868431
"C:\Program Files (x86)\Sony\Walkman Content Transfer\ContentTransferWMDetector.exe" 
"C:\Program Files\Sony\VAIO Smart Network\VSNService.exe"
/Device:00000ca0
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" 
"C:\Program Files (x86)\iTunes\iTunesHelper.exe" 
"C:\Program Files\iPod\bin\iPodService.exe"
taskeng.exe {23784147-9DF9-4E02-84BD-F8AAE93EA607}
"C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe" /Stationary
"C:\Program Files\Sony\VAIO Update\VUAgent.exe"
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
"C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe"
"C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\Program Files\Sony\VAIO Care\VCsystray.exe" 
C:\Windows\system32\svchost.exe -k SDRSVC
"C:\Program Files\Sony\VAIO Care\VCService.exe"
"C:\Program Files\Sony\VAIO Care\VCAgent.exe"
C:\Windows\System32\vds.exe
"C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe" -S
C:\Windows\system32\wbem\wmiprvse.exe
StartVC*SelfHeal*silence+US\en-US
"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
"C:\Program Files\Sony\VAIO Care\VCPerfService.exe" "/service" "/sstates" "/sampleinterval=5000" "/procinterval=5" "/dllinterval=120" "/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1" "/counter=\Network Interface(*)\Bytes Total/sec:1" "/expandcounter=\Processor Information(*)\Processor Frequency:1" "/expandcounter=\Processor(*)\% Idle Time:1" "/expandcounter=\Processor(*)\% C1 Time:1" "/expandcounter=\Processor(*)\% C2 Time:1" "/expandcounter=\Processor(*)\% C3 Time:1" "/expandcounter=\Processor(*)\% Processor Time:1" "/directory=C:\ProgramData\Sony Corporation\VAIO Care\inteldata"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe7_ Global\UsGthrCtrlFltPipeMssGthrPipe7 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" 
"C:\Windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524 
C:\Program Files\Sony\VAIO Care/listener.exe /silent /slot=0
taskeng.exe {3C5254A1-B80F-4176-AD86-C102C68FE82A}
"C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe" 
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-f2b5d5d4-cdd1-486c-aaf4-8c93e2a37acb -SystemEventPortName:HostProcess-16e9e4cc-2131-4c82-80f3-7c353d7d1816 -IoCancelEventPortName:HostProcess-97001a31-7c4f-4432-8a33-2230c2740465 -NonStateChangingEventPortName:HostProcess-d8448b9b-7a34-4ee3-a4c0-a43586b1753d -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:bf2dcf57-2b05-455d-b2f8-ab212d2eb5fe -DeviceGroupId:WpdFsGroup
C:\Windows\System32\svchost.exe -k WerSvcGroup
"C:\Users\Dee\Desktop\RSITx64.exe" 
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Dee\AppData\Roaming\Mozilla\Firefox\Profiles\b9xjr16w.default

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.8.800.94 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.25.2]
"Description"=Java Deployment Toolkit
"Path"=C:\Windows\SysWOW64\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2]
"Description"=Oracle® Next Generation Java Plug-In
"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nitropdf.com/NitroPDF]
"Description"=NitroPDF Web Browser Plugin
"Path"=C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.8.800.94 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL

C:\Program Files (x86)\Mozilla Firefox\components\
nsIQTScriptablePlugin.xpt

C:\Users\Dee\AppData\Roaming\Mozilla\Firefox\Profiles\b9xjr16w.default\extensions\
[email protected]son
{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2013-05-09 242496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-12-21 689040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-05-04 49440]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-06-22 463272]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-05-09 198688]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2010-12-21 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-06-22 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2013-05-09 242496]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-05-09 198688]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"cAudioFilterAgent"=C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe []
"Apoint"=C:\Program Files\Apoint\Apoint.exe [2011-02-16 226672]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2011-08-08 167704]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2011-08-08 392472]
"Persistence"=C:\Windows\system32\igfxpers.exe [2011-08-08 416024]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ApplePhotoStreams"=C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [2013-04-05 59720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [2013-05-10 37960]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"=C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [2010-09-13 283160]
"ISBMgr.exe"=C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [2011-02-15 2757312]
"PMBVolumeWatcher"=C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [2010-11-27 648032]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2013-05-09 4858968]
"APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2013-04-21 59720]
"EEventManager"=C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [2010-10-12 979328]
"FUFAXRCV"=C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [2011-03-09 495616]
"FUFAXSTM"=C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [2011-03-09 856064]
"ContentTransferWMDetector.exe"=C:\Program Files (x86)\Sony\Walkman Content Transfer\ContentTransferWMDetector.exe [2008-07-11 423200]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2013-05-01 421888]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-03-12 253816]
"iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2013-05-31 152392]
"KeePass 2 PreLoad"=C:\Program Files (x86)\KeePass Password Safe\KeePass.exe [2013-04-05 1960448]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[email protected] - C:\Program Files (x86)\Apple Computer\[email protected]\DVDAccess.exe

C:\Users\Dee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Launch Utility Application.lnk - C:\Users\Dee\AppData\Roaming\Verizon\UA_ar\UtilityApplication.exe
OneNote 2010 Screen Clipper and Launcher.lnk - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2011-07-19 390144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2013-08-28 19:54:46 ----D---- C:\Program Files\trend micro
2013-08-28 19:54:45 ----D---- C:\rsit
2013-08-27 18:23:47 ----D---- C:\AdwCleaner
2013-08-26 21:37:29 ----D---- C:\MGADiagToolOutput
2013-08-26 21:37:09 ----D---- C:\ProgramData\Office Genuine Advantage
2013-08-25 11:21:34 ----A---- C:\Windows\ntbtlog.txt
2013-08-18 12:01:21 ----A---- C:\Windows\SYSWOW64\ieui.dll
2013-08-18 12:01:20 ----A---- C:\Windows\system32\ieui.dll
2013-08-18 12:01:19 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2013-08-18 12:01:19 ----A---- C:\Windows\system32\iesetup.dll
2013-08-18 12:01:18 ----A---- C:\Windows\SYSWOW64\RegisterIEPKEYs.exe
2013-08-18 12:01:18 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2013-08-18 12:01:18 ----A---- C:\Windows\system32\iernonce.dll
2013-08-18 12:01:17 ----A---- C:\Windows\SYSWOW64\iesysprep.dll
2013-08-18 12:01:17 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-18 12:01:17 ----A---- C:\Windows\system32\ie4uinit.exe
2013-08-18 12:01:16 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2013-08-18 12:01:16 ----A---- C:\Windows\system32\iesysprep.dll
2013-08-18 12:01:15 ----A---- C:\Windows\system32\iertutil.dll
2013-08-18 12:01:11 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2013-08-18 12:01:11 ----A---- C:\Windows\system32\msfeeds.dll
2013-08-18 12:01:10 ----A---- C:\Windows\SYSWOW64\jscript.dll
2013-08-18 12:01:10 ----A---- C:\Windows\system32\jscript.dll
2013-08-18 12:01:09 ----A---- C:\Windows\system32\jscript9.dll
2013-08-18 12:01:08 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2013-08-18 12:01:07 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2013-08-18 12:01:07 ----A---- C:\Windows\system32\urlmon.dll
2013-08-18 12:01:05 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2013-08-18 12:01:05 ----A---- C:\Windows\system32\jsproxy.dll
2013-08-18 12:01:04 ----A---- C:\Windows\SYSWOW64\wininet.dll
2013-08-18 12:01:04 ----A---- C:\Windows\system32\wininet.dll
2013-08-18 12:01:02 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2013-08-18 12:01:00 ----A---- C:\Windows\system32\ieframe.dll
2013-08-18 12:00:59 ----A---- C:\Windows\system32\mshtml.dll
2013-08-18 12:00:55 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2013-08-17 16:40:10 ----D---- C:\Program Files (x86)\Mozilla Firefox
2013-08-17 08:38:38 ----A---- C:\Windows\SYSWOW64\rpcrt4.dll
2013-08-17 08:38:38 ----A---- C:\Windows\system32\rpcrt4.dll
2013-08-17 08:37:11 ----A---- C:\Windows\system32\crypt32.dll
2013-08-17 08:37:10 ----A---- C:\Windows\SYSWOW64\crypt32.dll
2013-08-17 08:37:08 ----A---- C:\Windows\SYSWOW64\wintrust.dll
2013-08-17 08:37:08 ----A---- C:\Windows\system32\wintrust.dll
2013-08-17 08:37:07 ----A---- C:\Windows\SYSWOW64\cryptsvc.dll
2013-08-17 08:37:07 ----A---- C:\Windows\system32\cryptsvc.dll
2013-08-17 08:37:06 ----A---- C:\Windows\system32\cryptnet.dll
2013-08-17 08:37:05 ----A---- C:\Windows\SYSWOW64\cryptnet.dll
2013-08-17 08:36:32 ----A---- C:\Windows\SYSWOW64\tzres.dll
2013-08-17 08:36:32 ----A---- C:\Windows\system32\tzres.dll
2013-08-17 08:35:56 ----A---- C:\Windows\system32\WMVDECOD.DLL
2013-08-17 08:35:55 ----A---- C:\Windows\SYSWOW64\WMVDECOD.DLL
2013-08-15 10:21:25 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2013-08-15 10:21:23 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2013-08-15 10:21:23 ----A---- C:\Windows\system32\ntoskrnl.exe
2013-08-15 10:21:22 ----A---- C:\Windows\system32\ntdll.dll
2013-08-15 10:21:21 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2013-08-15 10:21:20 ----A---- C:\Windows\system32\wow64.dll
2013-08-15 10:21:19 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2013-08-15 10:21:14 ----A---- C:\Windows\SYSWOW64\wow32.dll
2013-08-15 10:21:13 ----A---- C:\Windows\SYSWOW64\user.exe
2013-08-15 10:21:13 ----A---- C:\Windows\SYSWOW64\setup16.exe
2013-08-15 10:21:13 ----A---- C:\Windows\SYSWOW64\instnm.exe
2013-08-15 10:21:08 ----A---- C:\Windows\system32\drivers\tssecsrv.sys
2013-08-15 10:21:04 ----A---- C:\Windows\system32\drivers\tcpip.sys

======List of files/folders modified in the last 1 month======

2013-08-28 19:54:46 ----RD---- C:\Program Files
2013-08-28 19:54:28 ----D---- C:\Windows\Temp
2013-08-27 18:30:36 ----A---- C:\Windows\SYSWOW64\log.txt
2013-08-27 18:27:28 ----D---- C:\Windows\system32\config
2013-08-27 18:26:50 ----HD---- C:\ProgramData
2013-08-27 18:23:17 ----D---- C:\Windows\System32
2013-08-27 18:23:17 ----D---- C:\Windows\inf
2013-08-27 18:23:17 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-08-26 08:02:59 ----D---- C:\Users\Dee\AppData\Roaming\KeePass
2013-08-26 07:47:57 ----SHD---- C:\Windows\Installer
2013-08-26 07:47:57 ----D---- C:\ProgramData\Skype
2013-08-26 07:47:56 ----D---- C:\Program Files (x86)\Common Files
2013-08-26 07:47:56 ----D---- C:\Program Files (x86)
2013-08-26 07:47:52 ----D---- C:\Users\Dee\AppData\Roaming\Skype
2013-08-26 07:47:16 ----RSD---- C:\Windows\assembly
2013-08-25 22:52:50 ----D---- C:\ProgramData\ChurchTrac
2013-08-25 22:52:46 ----D---- C:\Windows\SysWOW64
2013-08-25 22:52:25 ----D---- C:\Users\Dee\AppData\Roaming\ChurchTrac
2013-08-25 15:36:35 ----D---- C:\ChurchTrac
2013-08-25 15:11:42 ----SHD---- C:\System Volume Information
2013-08-25 14:37:42 ----D---- C:\Program Files (x86)\Google
2013-08-25 14:29:53 ----D---- C:\Windows\system32\LogFiles
2013-08-25 11:21:34 ----D---- C:\Windows
2013-08-24 20:19:24 ----D---- C:\Windows\system32\catroot2
2013-08-23 13:42:04 ----D---- C:\Windows\system32\FxsTmp
2013-08-23 13:42:03 ----D---- C:\Users\Dee\AppData\Roaming\Nitro PDF
2013-08-19 20:24:30 ----D---- C:\KeePass Databases
2013-08-19 10:26:10 ----D---- C:\Windows\Microsoft.NET
2013-08-18 12:36:14 ----D---- C:\Windows\winsxs
2013-08-18 12:34:31 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-18 12:32:35 ----D---- C:\Windows\SYSWOW64\en-US
2013-08-18 12:32:35 ----D---- C:\Windows\system32\en-US
2013-08-18 12:32:34 ----D---- C:\Program Files\Internet Explorer
2013-08-18 12:32:34 ----D---- C:\Program Files (x86)\Internet Explorer
2013-08-18 12:32:33 ----D---- C:\Windows\AppPatch
2013-08-18 12:32:32 ----D---- C:\Windows\system32\drivers
2013-08-18 12:01:57 ----D---- C:\Windows\system32\catroot
2013-08-18 11:54:56 ----D---- C:\Windows\system32\MRT
2013-08-18 11:49:49 ----A---- C:\Windows\system32\MRT.exe
2013-08-03 18:40:57 ----D---- C:\Users\Dee\AppData\Roaming\Nitro
2013-08-03 07:30:47 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [2013-05-09 65336]
R0 aswVmm;aswVmm; C:\Windows\system32\drivers\aswVmm.sys [2013-06-29 189936]
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\drivers\iaStor.sys [2011-02-22 437272]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R1 aswRdr;aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [2013-05-09 72016]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2013-06-29 1030952]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2013-06-29 378944]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2013-05-09 64288]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-13 59904]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2013-05-09 33400]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2013-05-09 80816]
R2 SSPORT;SSPORT; \??\C:\Windows\system32\Drivers\SSPORT.sys [2009-03-02 11576]
R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\Windows\system32\DRIVERS\Apfiltr.sys [2011-09-20 317776]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect; C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2011-06-21 2753536]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT64.sys [2011-08-08 1591936]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2012-08-21 33240]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2011-07-19 12287456]
R3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2011-03-29 317440]
R3 MEIx64;Intel(R) Management Engine Interface; C:\Windows\system32\drivers\HECIx64.sys [2010-10-19 56344]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver; C:\Windows\system32\DRIVERS\RtsPStor.sys [2012-03-11 340072]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-03-29 425064]
R3 SFEP;Sony Firmware Extension Parser; C:\Windows\system32\drivers\SFEP.sys [2010-04-26 12032]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-13 17920]
S2 DgiVecp;DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [2009-03-02 53816]
S2 DVDAccss;DVDAccss; C:\Windows\system32\drivers\DVDAccss.sys []
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver; C:\Windows\system32\DRIVERS\e1y60x64.sys [2009-06-10 281088]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-13 12352]
S3 pfc;Padus ASPI Shell; C:\Windows\system32\drivers\pfc.sys []
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2010-11-20 109056]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys [2012-12-13 54784]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-13 41984]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-05-10 65640]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2012-12-21 57008]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-05-09 46808]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-31 462184]
R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04); C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2011-01-11 168448]
R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04); C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2011-01-11 131072]
R2 EpsonBidirectionalService;EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [2006-12-19 94208]
R2 EpsonCustomerParticipation;EpsonCustomerParticipation; C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [2011-06-09 555392]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-13 13336]
R2 IntuitUpdateServiceV4;Intuit Update Service v4; C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-08-23 13672]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2011-02-01 326168]
R2 NitroReaderDriverReadSpool3;NitroPDFReaderDriverCreatorReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [2013-06-18 230416]
R2 Oasis2Service;Oasis2Service; C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [2013-07-02 61440]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-27 398176]
R2 SampleCollector;VAIO Care Performance Service; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2011-01-29 259192]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2012-02-11 129624]
R2 uCamMonitor;CamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2011-02-23 105024]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
R2 VAIO Event Service;VAIO Event Service; C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe [2011-03-05 64704]
R2 VSNService;VSNService; C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [2011-08-12 971704]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 2292096]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2013-05-31 641352]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 VCService;VCService; C:\Program Files\Sony\VAIO Care\VCService.exe [2011-02-14 44736]
R3 VUAgent;VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [2012-10-26 1286784]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-07-09 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-09 123856]
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-25 116648]
S2 IconMan_R;IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-03-11 2429544]
S3 ACDaemon;ArcSoft Connect Daemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-03 257416]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2012-07-09 51648]
S3 DCDhcpService;DCDhcpService; C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [2011-07-19 104096]
S3 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-25 116648]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2013-08-17 117656]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 SOHCImp;VAIO Content Importer; C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2011-02-21 113824]
S3 SOHDs;VAIO Device Searcher; C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2011-02-21 67232]
S3 SpfService;VAIO Entertainment Common Service; C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-01-20 286936]
S3 VCFw;VAIO Content Folder Watcher; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-01-20 887000]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager; C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-05-24 652016]
S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager; C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-02-19 385336]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface; C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-02-19 99104]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-10-05 1255736]
S4 NetMsmqActivator;@c:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]
S4 NetPipeActivator;@c:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]
S4 NetTcpActivator;@c:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139696]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

-----------------EOF-----------------


----------



## Grubbs (Nov 17, 2003)

info.txt from RSIT scan:

info.txt logfile of random's system information tool 1.09 2013-08-28 19:54:49

======Uninstall list======

-->"C:\Program Files (x86)\InstallShield Installation Information\{70991E0A-1108-437E-BA7D-085702C670C0}\setup.exe" -runfromtemp -l0x0009 -removeonly
-->"C:\Program Files (x86)\InstallShield Installation Information\{82F09B1C-F602-4552-9C40-5BD5F8EAF750}\setup.exe" -runfromtemp -l0x0009 -removeonly
-->"C:\Program Files (x86)\InstallShield Installation Information\{855DDD3C-131E-42A8-BCBD-F9581F80CACB}\setup.exe" -runfromtemp -l0x0009 -removeonly
-->"C:\Program Files (x86)\Uninstall Information\Ib\97\3867\ib_uninstall.exe" /PUninstall="HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\SpeedAnalysis2" /reg=32
-->C:\Program Files\CONEXANT\cAudioFilterAgent\SETUP64.EXE -U -IcAudioFilterAgent -SM=cAudioFilterAgent64.exe,16
-->C:\ProgramData\{AA28280A-C4CA-4B4F-9DF1-593032D2F3EC}\VAIO Messenger Setup 2.0.550.0.exe
ABBYY FineReader 9.0 Sprint-->MsiExec.exe /I {F9000000-0018-0000-0000-074957833700}
ABBYY FineReader 9.0 Sprint-->MsiExec.exe /X{F9000000-0018-0000-0000-074957833700}
Adobe Flash Player 11 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_8_800_94_ActiveX.exe -maintain activex
Adobe Flash Player 11 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_8_800_94_Plugin.exe -maintain plugin
Adobe Reader X (10.1.7) MUI-->MsiExec.exe /I{AC76BA86-7AD7-FFFF-7B44-AA0000000001}
Alps Pointing-device for VAIO-->%ProgramFiles%\Apoint\Uninstap.exe ADDREMOVE
Apple Application Support-->MsiExec.exe /I{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}
Apple Mobile Device Support-->MsiExec.exe /I{2F72F540-1F60-4266-9506-952B21D6640D}
Apple Software Update-->MsiExec.exe /I{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}
Application Manager for VAIO-->C:\Program Files (x86)\Sony\VAIO Uninstaller\vaiouninstaller.exe
ArcSoft Magic-i Visual Effects 2-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{61438020-DDD4-42FA-99A2-50225441980A}\Setup.exe" -l0x9 
ArcSoft WebCam Companion 4-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{C793AD32-2BB8-4CC4-ABD3-A1469C21593C}\Setup.exe" -l0x9 
Atheros WiFi Driver Installation-->"C:\Program Files (x86)\InstallShield Installation Information\{7D916FA5-DAE9-4A25-B089-655C70EAF607}\setup.exe" -runfromtemp -l0x0409 -removeonly
avast! Free Antivirus-->C:\Program Files\AVAST Software\Avast\aswRunDll.exe "C:\Program Files\AVAST Software\Avast\Setup\setiface.dll" RunSetup
Bonjour-->MsiExec.exe /X{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}
Conexant HD Audio-->C:\Program Files\CONEXANT\CNXT_AUDIO_HDA\UIU64a.exe -U -G -IHK1Pebwa.inf
Content Transfer-->MsiExec.exe /X{CFADE4AF-C0CF-4A04-A776-741318F1658F}
Crimson Editor SVN286M-->C:\Program Files (x86)\Emerald Editor Community\Crimson Editor SVN286M\uninst.exe
D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}
Deer Hunt Challenge SE-->C:\Windows\IsUninst.exe -fc:\Uninstdhc.isu
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001C-0000-0000-0000000FF1CE}" "{A3AD381D-848C-4478-80DC-228E37309308}" "1033" "0"
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{A3AD381D-848C-4478-80DC-228E37309308}" "1033" "0"
[email protected] 2.0.3-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{2B34414C-14FB-11D6-A329-0050045C24B2}\Setup.exe" -l0x9 
EA Network Play System-->C:\Windows\IsUninst.exe -f"C:\Program Files (x86)\Electronic Arts\Network Play System\uninst.isu"
Entity Framework Designer for Visual Studio 2012 - enu-->MsiExec.exe /X{32136776-FE3F-453D-80DA-CDD993BDB2A3}
EPSON Artisan 837 Series Printer Uninstall-->C:\Windows\system32\spool\DRIVERS\x64\3\E_IINSHOA.EXE /R /APD /P:"EPSON Artisan 837 Series"
Epson Connect Printer Setup-->MsiExec.exe /X{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}
Epson Connect-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{64BA551C-9AF6-495C-93F3-D1270E0045FC}\Setup.exe" -l0x9 
Epson Customer Participation-->MsiExec.exe /X{814FA673-A085-403C-9545-747FC1495069}
Epson Download Navigator-->MsiExec.exe /X{10F63395-157F-4B93-AB4D-702A2FF11942}
Epson Event Manager-->MsiExec.exe /X{8ED43F7E-A8F6-4898-AF11-B6158F2EDF94}
Epson FAX Utility-->"C:\Program Files (x86)\InstallShield Installation Information\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}\setup.exe" -runfromtemp -l0x0409 -removeonly
Epson PC-FAX Driver-->C:\Windows\system32\spool\DRIVERS\x64\3\EFXIJRMV.exe
Epson Print CD-->C:\Program Files (x86)\InstallShield Installation Information\{D16A31F9-276D-4968-A753-FFEAC56995D0}\Setup.exe -runfromtemp -l0x0009 -removeonly
EPSON Scan-->C:\Program Files (x86)\epson\escndv\setup\setup.exe /r
EpsonNet Print-->C:\Program Files (x86)\InstallShield Installation Information\{3E31400D-274E-4647-916C-2CACC3741799}\ENPSETUP.exe -runfromtemp -l0x0009 -EPSON -removeonly
Evernote v. 4.5.10-->MsiExec.exe /X{EF7E46B8-1FB7-11E2-B6B3-984BE15F174E}
FileZilla Client 3.5.3-->C:\Program Files (x86)\FileZilla FTP Client\uninstall.exe
Google Chrome-->"C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.57\Installer\setup.exe" --uninstall --multi-install --chrome --system-level
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Intel(R) Control Center-->C:\Program Files (x86)\Intel\Intel Control Center\uninstaller\SetupICC.exe -uninstall -force -confirm
Intel(R) Management Engine Components-->C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\Uninstall\setup.exe -uninstall
Intel(R) Processor Graphics-->C:\Program Files (x86)\Intel\Intel(R) Processor Graphics\Uninstall\setup.exe -uninstall
Intel(R) Rapid Storage Technology-->C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\Uninstall\setup.exe -uninstall
iTunes-->MsiExec.exe /I{76FF0F03-B707-4332-B5D1-A56C8303514E}
Java 7 Update 25-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83217025FF}
Java(TM) 6 Update 22 (64-bit)-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F86416022FF}
Java(TM) 6 Update 22-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216022FF}
Jing-->MsiExec.exe /I{22800204-9E53-45C7-B6F3-5BB0F1C1A147}
Junk Mail filter update-->MsiExec.exe /I{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}
KeePass Password Safe 2.22-->"C:\Program Files (x86)\KeePass Password Safe\unins000.exe"
Media Gallery-->MsiExec.exe /I{115B60D5-BBDB-490E-AF2E-064D37A3CE01}
Mesh Runtime-->MsiExec.exe /I{8C6D6116-B724-4810-8F2D-D047E6B7D68E}
Microsoft .NET Framework 4 Multi-Targeting Pack-->MsiExec.exe /I{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}
Microsoft .NET Framework 4.5 Multi-Targeting Pack-->MsiExec.exe /X{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}
Microsoft .NET Framework 4.5 SDK-->MsiExec.exe /X{1948E039-EC79-4591-951D-9867A8C14C90}
Microsoft .NET Framework 4.5-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\\Setup.exe /repair /x86 /x64
Microsoft .NET Framework 4.5-->MsiExec.exe /X{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}
Microsoft Access 2010 Runtime Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001C-0000-0000-0000000FF1CE}" "{FA978F90-F7AB-4CF6-BCF5-885CF559DE7C}" "1033" "0"
Microsoft Access 2010 Runtime Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001C-0409-0000-0000000FF1CE}" "{FF0EF2BE-3400-4E0C-BE30-6D04441CE0ED}" "1033" "0"
Microsoft Access Runtime 2010-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe" /uninstall ACCESSRT /dll OSETUP.DLL
Microsoft Help Viewer 2.0-->msiexec.exe /X{FEB375AB-6EEC-3929-8FAF-188ED81DD8B5}
Microsoft Help Viewer 2.0-->MsiExec.exe /X{FEB375AB-6EEC-3929-8FAF-188ED81DD8B5}
Microsoft NuGet - Visual Studio Express 2012 for Windows Desktop-->MsiExec.exe /I{49402ED1-A795-4435-A745-1B781BE621A6}
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0015-0409-0000-0000000FF1CE}" "{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" "1033" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0016-0409-0000-0000000FF1CE}" "{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" "1033" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0018-0409-0000-0000000FF1CE}" "{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" "1033" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0019-0409-0000-0000000FF1CE}" "{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" "1033" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001A-0409-0000-0000000FF1CE}" "{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" "1033" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001B-0409-0000-0000000FF1CE}" "{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" "1033" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0409-0000-0000000FF1CE}" "{99ACCA38-6DD3-48A8-96AE-A283C9759279}" "1033" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-040C-0000-0000000FF1CE}" "{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" "1033" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0C0A-0000-0000000FF1CE}" "{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" "1033" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002A-0000-1000-0000000FF1CE}" "{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" "1033" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002A-0000-1000-0000000FF1CE}" "{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" "1033" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002A-0409-1000-0000000FF1CE}" "{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" "1033" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002A-0409-1000-0000000FF1CE}" "{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" "1033" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002C-0409-0000-0000000FF1CE}" "{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" "1033" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{047B0968-E622-4FAA-9B4B-121FA109EDDE}" "1033" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-006E-0409-0000-0000000FF1CE}" "{4560037C-E356-444A-A015-D21F487D809E}" "1033" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-006E-0409-0000-0000000FF1CE}" "{4560037C-E356-444A-A015-D21F487D809E}" "1033" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-00A1-0409-0000-0000000FF1CE}" "{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" "1033" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0115-0409-0000-0000000FF1CE}" "{4560037C-E356-444A-A015-D21F487D809E}" "1033" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0115-0409-0000-0000000FF1CE}" "{4560037C-E356-444A-A015-D21F487D809E}" "1033" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0116-0409-1000-0000000FF1CE}" "{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" "1033" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0116-0409-1000-0000000FF1CE}" "{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" "1033" "0"
Microsoft Office 2010 Service Pack 1 (SP1)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0117-0409-0000-0000000FF1CE}" "{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" "1033" "0"
Microsoft Office Access MUI (English) 2010-->MsiExec.exe /X{90140000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Runtime 2010-->MsiExec.exe /X{90140000-001C-0000-0000-0000000FF1CE}
Microsoft Office Access Runtime MUI (English) 2010-->MsiExec.exe /X{90140000-001C-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2010-->MsiExec.exe /X{90140000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2010-->MsiExec.exe /X{90140000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Business 2010-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe" /uninstall SINGLEIMAGE /dll OSETUP.DLL
Microsoft Office Office 64-bit Components 2010-->MsiExec.exe /X{90140000-002A-0000-1000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2010-->MsiExec.exe /X{90140000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2010-->MsiExec.exe /X{90140000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2010-->MsiExec.exe /X{90140000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2010-->MsiExec.exe /X{90140000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2010-->MsiExec.exe /X{90140000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2010-->MsiExec.exe /X{90140000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2010-->MsiExec.exe /X{90140000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2010-->MsiExec.exe /X{90140000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared 64-bit MUI (English) 2010-->MsiExec.exe /X{90140000-002A-0409-1000-0000000FF1CE}
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010-->MsiExec.exe /X{90140000-0116-0409-1000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2010-->MsiExec.exe /X{90140000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2010-->MsiExec.exe /X{90140000-0115-0409-0000-0000000FF1CE}
Microsoft Office Single Image 2010-->MsiExec.exe /X{90140000-003D-0000-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2010-->MsiExec.exe /X{90140000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft SQL Server 2012 Command Line Utilities -->MsiExec.exe /I{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}
Microsoft SQL Server 2012 Data-Tier App Framework -->MsiExec.exe /I{36E619BC-A234-4EC3-849B-779A7C865A45}
Microsoft SQL Server 2012 Data-Tier App Framework -->MsiExec.exe /I{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}
Microsoft SQL Server 2012 Express LocalDB -->MsiExec.exe /I{13D558FE-A863-402C-B115-160007277033}
Microsoft SQL Server 2012 Management Objects (x64)-->MsiExec.exe /I{FA0A244E-F3C2-4589-B42A-3D522DE79A42}
Microsoft SQL Server 2012 Management Objects -->MsiExec.exe /I{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}
Microsoft SQL Server 2012 Native Client -->MsiExec.exe /I{49D665A2-4C2A-476E-9AB8-FCC425F526FC}
Microsoft SQL Server 2012 Transact-SQL Compiler Service -->MsiExec.exe /I{BEB0F91E-F2EA-48A1-B938-7857ABF2A93D}
Microsoft SQL Server 2012 Transact-SQL ScriptDom -->MsiExec.exe /I{0E8670B8-3965-4930-ADA6-570348B67153}
Microsoft SQL Server 2012 T-SQL Language Service -->MsiExec.exe /I{6D6D43E5-218C-4B05-92D3-2240810F4760}
Microsoft SQL Server Compact 3.5 SP2 ENU-->MsiExec.exe /I{3A9FC03D-C685-4831-94CF-4EDFD3749497}
Microsoft SQL Server Compact 4.0 SP1 x64 ENU-->MsiExec.exe /X{78909610-D229-459C-A936-25D92283D3FD}
Microsoft SQL Server Data Tools - enu (11.1.20828.01)-->MsiExec.exe /X{4F2B8233-35EE-4197-8C3B-EACCBF712029}
Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20828.01)-->MsiExec.exe /X{FAE0523E-08A4-4717-8E8E-6EC6F32CBE88}
Microsoft System CLR Types for SQL Server 2012 (x64)-->MsiExec.exe /I{F1949145-EB64-4DE7-9D81-E6D27937146C}
Microsoft System CLR Types for SQL Server 2012-->MsiExec.exe /I{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17-->MsiExec.exe /X{8220EEFE-38CD-377E-8595-13398D740ACE}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148-->MsiExec.exe /X{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161-->MsiExec.exe /X{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Microsoft Visual C++ 2012 32bit Compilers - ENU Resources-->MsiExec.exe /X{0F3C9093-6C13-484D-8385-93AA21BEC025}
Microsoft Visual C++ 2012 Core Libraries-->MsiExec.exe /X{B362A397-B38A-3A23-A190-611F9C7EB4F9}
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727-->MsiExec.exe /X{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}
Microsoft Visual C++ 2012 x64 Debug Runtime - 11.0.50727-->MsiExec.exe /X{2B997E80-3BEC-3222-9114-98DBE1182B2E}
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727-->MsiExec.exe /X{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727-->MsiExec.exe /X{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}
Microsoft Visual C++ 2012 x86 Debug Runtime - 11.0.50727-->MsiExec.exe /X{1C163D33-33B3-33EB-A617-0D4D852BE8E1}
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727-->MsiExec.exe /X{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}
Microsoft Visual C++ 2012 x86-x64 Compilers-->MsiExec.exe /X{A1785BD4-3486-4E7E-8074-E3FC61B8F315}
Microsoft Visual Studio 2012 Express Prerequisites x64 - ENU-->MsiExec.exe /I{30B7A7A6-D519-3332-BEB3-D105EFC7389A}
Microsoft Visual Studio 2012 Preparation-->MsiExec.exe /I{09412B73-6159-40D6-B0B9-C11B30A7531E}
Microsoft Visual Studio 2012 Shell (Minimum) Interop Assemblies-->MsiExec.exe /I{820C677A-41B2-48C3-8136-FEE35A052E73}
Microsoft Visual Studio 2012 Shell (Minimum) Resources-->MsiExec.exe /I{38FC6E9A-F719-431A-A83D-4C86D5FD6555}
Microsoft Visual Studio 2012 Shell (Minimum)-->MsiExec.exe /I{800F484E-9D69-492D-B656-7BAA32586142}
Microsoft Visual Studio 2012 Tools for SQL Server Compact 4.0 SP1 ENU-->MsiExec.exe /I{E818AE7C-244B-4A50-9C86-C0E4A8B69159}
Microsoft Visual Studio Express 2012 for Windows Desktop - ENU-->"C:\ProgramData\Package Cache\{e0efdce9-a486-4676-8aa5-65bb08cbf34c}\wdexpress_full.exe" /uninstall
Microsoft Visual Studio Express 2012 for Windows Desktop - ENU-->MsiExec.exe /X{222C5507-AC43-388F-808E-2266EC57E043}
Microsoft Visual Studio Express 2012 for Windows Desktop-->MsiExec.exe /X{1BE2AFE6-209E-3862-AE45-DA9D3D21BD65}
Microsoft Visual Studio Team Foundation Server 2012 Object Model Language Pack - ENU-->MsiExec.exe /I{68A48EF1-DF03-394F-AF40-1E4FE42BB8DD}
Microsoft Visual Studio Team Foundation Server 2012 Object Model-->MsiExec.exe /I{6F07A6C2-9068-3673-A120-DC10012468C6}
Microsoft Visual Studio Team Foundation Server 2012 Team Explorer Language Pack - ENU-->MsiExec.exe /I{1B9BBB23-65CB-3AEE-BFC6-633E7CA299FD}
Microsoft Visual Studio Team Foundation Server 2012 Team Explorer-->MsiExec.exe /I{6DAB46E3-D017-3E2B-85D8-F57A230384C0}
Microsoft Web Platform Installer 4.0-->MsiExec.exe /X{E2B8249D-895C-4685-8C83-00F3B1A13028}
Mozilla Firefox 23.0.1 (x86 en-US)-->"C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe"
Mozilla Maintenance Service-->"C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe"
MSVCRT_amd64-->MsiExec.exe /I{D0B44725-3666-492D-BEF6-587A14BD9BD9}
MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
MSXML 4.0 SP3 Parser (KB2721691)-->MsiExec.exe /I{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}
MSXML 4.0 SP3 Parser (KB2758694)-->MsiExec.exe /I{1D95BA90-F4F8-47EC-A882-441C99D30C1E}
MSXML 4.0 SP3 Parser (KB973685)-->MsiExec.exe /I{859DFA95-E4A6-48CD-B88E-A3E483E89B44}
MSXML 4.0 SP3 Parser-->MsiExec.exe /I{196467F1-C11F-4F76-858B-5812ADC83B94}
Nitro Reader 3-->MsiExec.exe /X{F6478CC2-B1B3-497E-9BEA-94C1676637DF}
Oasis2Service-->MsiExec.exe /I{E50FC5DB-7CBD-407D-A46E-0C13E45BC386}
OOBE-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{18894D16-5448-4BF9-A128-F7E937322F91}\setup.exe" -l0x9 -removeonly
PlayReady PC Runtime amd64-->MsiExec.exe /X{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}
PMB VAIO Edition Guide-->MsiExec.exe /X{339F9B4D-00CB-4C1C-BED8-EC86A9AB602A}
PMB VAIO Edition Plug-in-->MsiExec.exe /X{133D3F07-D558-46CE-80E8-F4D75DBBAD63}
PMB VAIO Edition Plug-in-->MsiExec.exe /X{270380EB-8812-42E1-8289-53700DB840D2}
PMB VAIO Edition Plug-in-->MsiExec.exe /X{8356CB97-A48F-44CB-837A-A12838DC4669}
PMB-->MsiExec.exe /X{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}
Prerequisites for SSDT -->MsiExec.exe /I{9169C939-ED01-446A-BD0C-29873BAF4E48}
Qualcomm Atheros Direct Connect-->"C:\Program Files (x86)\InstallShield Installation Information\{21DD6041-7251-40FA-9D06-C5EB30268E0F}\setup.exe" -runfromtemp -l0x0409 -removeonly
QuickTime-->MsiExec.exe /I{B67BAFBA-4C9F-48FA-9496-933E3B255044}
Realtek PCIE Card Reader-->"C:\Program Files (x86)\InstallShield Installation Information\{C1594429-8296-4652-BF54-9DBE4932A44C}\setup.exe" -runfromtemp -removeonly
Samsung ML-1200 Series-->C:\Program Files (x86)\SAMSUNG\Samsung ML-1200 Series\Install\Setup.exe /R
SAMSUNG USB Driver for Mobile Phones-->C:\Program Files\SAMSUNG\USB Drivers\Uninstall.exe
Security Update for Microsoft .NET Framework 4.5 (KB2729460)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\setup.exe /uninstallpatch {E7013CF5-8910-3109-93B6-7447D0371F4E}
Security Update for Microsoft .NET Framework 4.5 (KB2737083)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\setup.exe /uninstallpatch {00909A54-CC11-3F00-9279-3CE090432A91}
Security Update for Microsoft .NET Framework 4.5 (KB2742613)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\setup.exe /uninstallpatch {36E5C79E-06D3-32C3-9251-D284B9F3F7E7}
Security Update for Microsoft .NET Framework 4.5 (KB2789648)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\setup.exe /uninstallpatch {698F9EB6-6753-318E-8615-53D77414313F}
Security Update for Microsoft .NET Framework 4.5 (KB2804582)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\setup.exe /uninstallpatch {CEB05EDA-D069-31BF-9789-81637633C0BF}
Security Update for Microsoft .NET Framework 4.5 (KB2833957)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\setup.exe /uninstallpatch {9BBF7EC5-5F9A-3D5E-85E5-3EE53A16166E}
Security Update for Microsoft .NET Framework 4.5 (KB2840642)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\setup.exe /uninstallpatch {DDCAB505-6883-380B-97BD-59381822883B}
Security Update for Microsoft .NET Framework 4.5 (KB2840642v2)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\setup.exe /uninstallpatch {4F658047-A12E-38D9-8EA9-D941E4A84B7D}
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{73CC972E-6ABF-456B-9E1E-BADC0E65B57A}" "1033" "0"
Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002A-0000-1000-0000000FF1CE}" "{F0CF1EB7-3E57-4F85-843F-B3C79088510D}" "1033" "0"
Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002A-0000-1000-0000000FF1CE}" "{F0CF1EB7-3E57-4F85-843F-B3C79088510D}" "1033" "0"
Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{F0CF1EB7-3E57-4F85-843F-B3C79088510D}" "1033" "0"
Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{89F78B33-4282-4698-844D-E306D4260C02}" "1033" "0"
Security Update for Microsoft Office 2010 (KB2553091)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001C-0000-0000-0000000FF1CE}" "{07CA44F3-F5B3-4D12-8C91-EDC5FE91D45C}" "1033" "0"
Security Update for Microsoft Office 2010 (KB2553091)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{07CA44F3-F5B3-4D12-8C91-EDC5FE91D45C}" "1033" "0"
Security Update for Microsoft Office 2010 (KB2553096)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{10802A6D-EDBF-4383-BCBD-9D5B32F56D35}" "1033" "0"
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001C-0000-0000-0000000FF1CE}" "{CCC48FE2-175F-4CDE-82DF-F7BC4672C1A3}" "1033" "0"
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{CCC48FE2-175F-4CDE-82DF-F7BC4672C1A3}" "1033" "0"
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001C-0000-0000-0000000FF1CE}" "{CC39BA1F-7A25-440C-86A7-77E35D8CC88C}" "1033" "0"
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{CC39BA1F-7A25-440C-86A7-77E35D8CC88C}" "1033" "0"
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001C-0000-0000-0000000FF1CE}" "{DCE6D0BF-93E4-46C5-9A7C-F1EFF9707C02}" "1033" "0"
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{DCE6D0BF-93E4-46C5-9A7C-F1EFF9707C02}" "1033" "0"
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001C-0000-0000-0000000FF1CE}" "{B5489515-6DD4-47A5-AE4E-64751D15F10E}" "1033" "0"
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{B5489515-6DD4-47A5-AE4E-64751D15F10E}" "1033" "0"
Security Update for Microsoft Office 2010 (KB2687276) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001C-0000-0000-0000000FF1CE}" "{294CFDA0-FFD3-4C74-A26C-F4AE246783D6}" "1033" "0"
Security Update for Microsoft Office 2010 (KB2687276) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{294CFDA0-FFD3-4C74-A26C-F4AE246783D6}" "1033" "0"
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001C-0000-0000-0000000FF1CE}" "{9FF4E0C9-11BB-4B32-AC5E-EAB896CB4216}" "1033" "0"
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{9FF4E0C9-11BB-4B32-AC5E-EAB896CB4216}" "1033" "0"
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001C-0000-0000-0000000FF1CE}" "{A5E549EB-FDD3-4CD1-8163-50D429A36516}" "1033" "0"
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{A5E549EB-FDD3-4CD1-8163-50D429A36516}" "1033" "0"
Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002A-0000-1000-0000000FF1CE}" "{280E2D43-11CC-4ADE-A171-9286CCB5412B}" "1033" "0"
Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002A-0000-1000-0000000FF1CE}" "{280E2D43-11CC-4ADE-A171-9286CCB5412B}" "1033" "0"
Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{280E2D43-11CC-4ADE-A171-9286CCB5412B}" "1033" "0"
Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{77AA05C3-6499-49F2-801D-55BD0E587579}" "1033" "0"
Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{BC3AD7F4-A075-4C9E-A33A-0FA4F8EBCA96}" "1033" "0"
Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{0690E5CB-319C-4FA5-8513-2E255BBB29B9}" "1033" "0"
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{F8243081-3FB0-4EE8-9B2A-6F7D70AF5269}" "1033" "0"
Should I Remove It-->MsiExec.exe /X{4E62123C-4C0D-4123-A8A2-C0103B92D7EA}
Sony Corporation-->MsiExec.exe /X{4F31AC31-0A28-4F5A-8416-513972DA1F79}
SSLx64-->MsiExec.exe /X{312395BC-7CC2-434C-A660-30250276A926}
SSLx86-->MsiExec.exe /X{63C43435-F428-42BA-8E7B-5848749D9262}
SUABnR-->"C:\Program Files (x86)\InstallShield Installation Information\{2485354C-6B65-4978-BB91-CCE61442377B}\setup.exe" -runfromtemp -l0x0409 -removeonly
SUABnR-->MsiExec.exe /I{2485354C-6B65-4978-BB91-CCE61442377B}
Swis-Sys-->C:\Program Files (x86)\SwissSys 8\uninstall.exe Swis-Sys
Thief 1.25-->C:\Program Files (x86)\ChessThief 1.25\uninst.exe
TurboTax 2011 wariper-->MsiExec.exe /I{4E00EC3D-F349-4FA2-829C-CD55E67F7D92}
TurboTax 2012 WinPerReleaseEngine-->MsiExec.exe /I{F014B696-28C5-4554-802F-A15380418F53}
Update for (KB2504637)-->C:\Windows\SysWOW64\msiexec.exe /package {CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE} /uninstall {815F0BC1-7E54-300C-9ACA-C9460FDF6F78} /qb+ REBOOTPROMPT=""
Update for Microsoft .NET Framework 4.5 (KB2750147)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\setup.exe /uninstallpatch {BEBBFEB1-EA1C-3479-A39D-23A76BCB7BFC}
Update for Microsoft .NET Framework 4.5 (KB2805221)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\setup.exe /uninstallpatch {83FD3E08-19A9-3E5F-85EF-C4786CB743B5}
Update for Microsoft .NET Framework 4.5 (KB2805226)-->c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\setup.exe /uninstallpatch {87B3F837-4DE6-35DE-B11D-D21554DD8412}
Update for Microsoft Office 2010 (KB2494150)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001C-0000-0000-0000000FF1CE}" "{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}" "1033" "0"
Update for Microsoft Office 2010 (KB2494150)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}" "1033" "0"
Update for Microsoft Office 2010 (KB2553065)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{A8686D24-1E89-43A1-973E-05A258D2B3F8}" "1033" "0"
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001C-0000-0000-0000000FF1CE}" "{48E1B6C2-7299-4F3F-AA63-42F0ACE55AA4}" "1033" "0"
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{48E1B6C2-7299-4F3F-AA63-42F0ACE55AA4}" "1033" "0"
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{18B3CF2A-73F7-4716-B1AE-86D68726D408}" "1033" "0"
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-006E-0409-0000-0000000FF1CE}" "{73E67A3A-8D61-44EF-90C2-1697C3DBE668}" "1033" "0"
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-006E-0409-0000-0000000FF1CE}" "{73E67A3A-8D61-44EF-90C2-1697C3DBE668}" "1033" "0"
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001C-0000-0000-0000000FF1CE}" "{14B7142F-D7E2-4FB0-9E3B-7CAA8D7FFC56}" "1033" "0"
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{14B7142F-D7E2-4FB0-9E3B-7CAA8D7FFC56}" "1033" "0"
Update for Microsoft Office 2010 (KB2566458)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{EFB525A0-E1C0-4E32-9968-FE401BC87363}" "1033" "0"
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001C-0000-0000-0000000FF1CE}" "{ED31DE9A-3E13-4E2C-9106-E0D8AFFB9FA6}" "1033" "0"
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{ED31DE9A-3E13-4E2C-9106-E0D8AFFB9FA6}" "1033" "0"
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0409-0000-0000000FF1CE}" "{C4F26A9B-B121-4135-8084-A0D9C780C7C8}" "1033" "0"
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-040C-0000-0000000FF1CE}" "{460FF681-BC66-4C38-99DF-7012E03F1EBA}" "1033" "0"
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001F-0C0A-0000-0000000FF1CE}" "{C633216E-FF30-45B6-B2AB-21922A9353EF}" "1033" "0"
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001C-0000-0000-0000000FF1CE}" "{B1FA5E8C-2342-45AF-8A62-5E860042F8DF}" "1033" "0"
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{B1FA5E8C-2342-45AF-8A62-5E860042F8DF}" "1033" "0"
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001C-0000-0000-0000000FF1CE}" "{1CBEDB37-C438-473F-8BA0-2535B0D237E2}" "1033" "0"
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002A-0000-1000-0000000FF1CE}" "{1CBEDB37-C438-473F-8BA0-2535B0D237E2}" "1033" "0"
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002A-0000-1000-0000000FF1CE}" "{1CBEDB37-C438-473F-8BA0-2535B0D237E2}" "1033" "0"
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{1CBEDB37-C438-473F-8BA0-2535B0D237E2}" "1033" "0"
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001C-0000-0000-0000000FF1CE}" "{35698CB7-AAA2-4577-B505-DBFF504AEF23}" "1033" "0"
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{35698CB7-AAA2-4577-B505-DBFF504AEF23}" "1033" "0"
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001C-0000-0000-0000000FF1CE}" "{9CFD026D-EB1C-48C2-9DD2-8E8875F251B2}" "1033" "0"
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{9CFD026D-EB1C-48C2-9DD2-8E8875F251B2}" "1033" "0"
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-00A1-0409-0000-0000000FF1CE}" "{9865DC3A-2898-48D9-B96A-46397571C934}" "1033" "0"
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{F1CBE095-403D-466D-BB13-B185A5F33231}" "1033" "0"
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001A-0409-0000-0000000FF1CE}" "{47894754-0FEC-4920-9A65-6C1E732587AC}" "1033" "0"
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-001A-0409-0000-0000000FF1CE}" "{1EEFF749-6F29-4F0B-AB08-4C6EA52AA110}" "1033" "0"
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{BC6DFBFD-16DD-47E1-A7EF-2C062930FA4F}" "1033" "0"
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-003D-0000-0000-0000000FF1CE}" "{6B6DDDCE-B456-4FE1-9A07-DBC1708E4158}" "1033" "0"
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002A-0000-1000-0000000FF1CE}" "{5DA2D071-A54C-47C0-83E5-43C63DBFD936}" "1033" "0"
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-002A-0000-1000-0000000FF1CE}" "{5DA2D071-A54C-47C0-83E5-43C63DBFD936}" "1033" "0"
Update for Microsoft Visual Studio 2012 (KB2781514)-->"C:\ProgramData\Package Cache\{3786efc1-59ff-4908-8cd6-dc85ec87209e}\patch_KB2781514.exe" /uninstall
VAIO - Media Gallery-->"C:\Program Files (x86)\InstallShield Installation Information\{FA870BF1-44A1-4B7D-93E1-C101369AF0C1}\setup.exe" -runfromtemp -l0x0009 -removeonly
VAIO - PMB VAIO Edition Guide-->"C:\Program Files (x86)\InstallShield Installation Information\{339F9B4D-00CB-4C1C-BED8-EC86A9AB602A}\setup.exe" -runfromtemp -l0x0409 -removeonly
VAIO - PMB VAIO Edition Plug-in-->"C:\Program Files (x86)\InstallShield Installation Information\{270380EB-8812-42E1-8289-53700DB840D2}\setup.exe" -runfromtemp -l0x0409 -removeonly
VAIO - Remote Keyboard-->"C:\Program Files (x86)\InstallShield Installation Information\{7396FB15-9AB4-4B78-BDD8-24A9C15D2C65}\setup.exe" -runfromtemp -l0x0009 -removeonly
VAIO - Remote Play with PlayStation®3-->"C:\Program Files (x86)\InstallShield Installation Information\{07441A52-E208-478A-92B7-5C337CA8C131}\setup.exe" -runfromtemp -l0x0009 -removeonly
VAIO Care-->"C:\Program Files (x86)\InstallShield Installation Information\{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}\setup.exe" -runfromtemp -l0x0009 -removeonly
VAIO Control Center-->"C:\Program Files (x86)\InstallShield Installation Information\{72042FA6-5609-489F-A8EA-3C2DD650F667}\setup.exe" -runfromtemp -l0x0009 -removeonly
VAIO Data Restore Tool-->"C:\Program Files (x86)\InstallShield Installation Information\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}\setup.exe" -runfromtemp -l0x0009 -removeonly
VAIO Easy Connect-->"C:\Program Files (x86)\InstallShield Installation Information\{7C80D30A-AC02-4E3F-B95D-29F0E4FF937B}\setup.exe" -runfromtemp -l0x0409 -removeonly
VAIO Easy Connect-->MsiExec.exe /X{7C80D30A-AC02-4E3F-B95D-29F0E4FF937B}
VAIO Event Service-->"C:\Program Files (x86)\InstallShield Installation Information\{73D8886A-D416-4687-B609-0D3836BA410C}\setup.exe" -runfromtemp -l0x0009 -removeonly
VAIO Gate Default-->"C:\Program Files (x86)\InstallShield Installation Information\{B7546697-2A80-4256-A24B-1C33163F535B}\setup.exe" -runfromtemp -l0x0009 -removeonly
VAIO Gate-->"C:\Program Files (x86)\InstallShield Installation Information\{A7C30414-2382-4086-B0D6-01A88ABA21C3}\setup.exe" -runfromtemp -l0x0009 -removeonly
VAIO Help and Support-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F5248E24-F52C-4FD1-B76F-102460BAFD6B}\setup.exe" -l0x9 -removeonly
VAIO Improvement-->"C:\Program Files (x86)\InstallShield Installation Information\{3A26D9BD-0F73-432D-B522-2BA18138F7EF}\setup.exe" -runfromtemp -l0x0009 -removeonly
VAIO Manual-->"C:\Program Files (x86)\InstallShield Installation Information\{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}\setup.exe" -runfromtemp -l0x0009 -removeonly
VAIO Messenger-->"C:\ProgramData\{AA28280A-C4CA-4B4F-9DF1-593032D2F3EC}\VAIO Messenger Setup 2.0.550.0.exe" REMOVE=TRUE MODIFY=FALSE
VAIO Quick Web Access-->MsiExec.exe /I{5A92468F-3ED8-4F96-A9E1-4F176C80EC29}
VAIO Quick Web Access-->MsiExec.exe /x{5A92468F-3ED8-4F96-A9E1-4F176C80EC29} CUSTOM_HAVE_DIALOG=Yes
VAIO Sample Contents-->"C:\Program Files (x86)\InstallShield Installation Information\{547C9EB4-4CA6-402F-9D1B-8BD30DC71E44}\setup.exe" -runfromtemp -l0x0009 -removeonly
VAIO Satisfaction Survey.-->"C:\Program Files (x86)\Sony\VAIO Survey\uninstall.exe" "/U:C:\Program Files (x86)\Sony\VAIO Survey\Uninstall\uninstall.xml"
VAIO Smart Network-->"C:\Program Files (x86)\InstallShield Installation Information\{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}\setup.exe" -runfromtemp -l0x0009 -removeonly
VAIO Transfer Support-->"C:\Program Files (x86)\InstallShield Installation Information\{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}\setup.exe" -runfromtemp -l0x0009 -removeonly
VAIO Update-->"C:\Program Files (x86)\InstallShield Installation Information\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}\setup.exe" -runfromtemp -l0x0409 -removeonly
VCCx86-->MsiExec.exe /X{9B088046-8A01-4355-99DD-8530C022F682}
Verizon Wireless Software Upgrade Assistant - Samsung(ar)-->MsiExec.exe /X{1B2035BA-BFB0-4F1F-A702-80CF1377285D}
Verizon Wireless Software Utility Application for Android - Samsung-->MsiExec.exe /X{E459A8EA-1981-4D99-8D1E-5AABE1535AF8}
VESx64-->MsiExec.exe /X{F1DC5C16-9B1F-467B-85E3-CB48C27AC50D}
VESx86-->MsiExec.exe /X{3A94F54D-A8A4-4B82-B346-92B4D56A2708}
VGClientX64-->MsiExec.exe /X{99E6C2F3-59B2-4308-B1CD-4928B55B7E30}
VGClientX86-->MsiExec.exe /X{8B583EF5-FA7B-4AE2-9008-51B7FD505886}
VIx64-->MsiExec.exe /X{D55EAC07-7207-44BD-B524-0F063F327743}
VIx86-->MsiExec.exe /X{D17C2A58-E0EA-4DD7-A2D6-C448FD25B6F6}
VSNx64-->MsiExec.exe /X{F2611404-06BF-4E67-A5B7-8DB2FFC1CBF6}
VSNx86-->MsiExec.exe /X{A49A517F-5332-4665-922C-6D9AD31ADD4F}
VU5x64-->MsiExec.exe /X{6B7DE186-374B-4873-AEC1-7464DA337DD6}
VU5x86-->MsiExec.exe /X{9D12A8B5-9D41-4465-BF11-70719EB0CD02}
VU5x86-->MsiExec.exe /X{D2D23D08-D10E-43D6-883C-78E0B2AC9CC6}
VWSTx86-->MsiExec.exe /X{B8991D99-88FD-41F2-8C32-DB70278D5C30}
Windows Live Communications Platform-->MsiExec.exe /I{D45240D3-B6B3-4FF9-B243-54ECE3E10066}
Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}
Windows Live ID Sign-in Assistant-->MsiExec.exe /I{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}
Windows Live Installer-->MsiExec.exe /I{0B0F231F-CE6A-483D-AA23-77B364F75917}
Windows Live Language Selector-->MsiExec.exe /I{027E5FAB-1476-4C59-AAB4-32EF28520399}
Windows Live Mail-->MsiExec.exe /I{9D56775A-93F3-44A3-8092-840E3826DE30}
Windows Live Mail-->MsiExec.exe /I{C66824E4-CBB3-4851-BB3F-E8CFD6350923}
Windows Live Mesh ActiveX Control for Remote Connections-->MsiExec.exe /I{2902F983-B4C1-44BA-B85D-5C6D52E2C441}
Windows Live Mesh-->MsiExec.exe /I{A0C91188-C88F-4E86-93E6-CD7C9A266649}
Windows Live Mesh-->MsiExec.exe /I{DECDCB7C-58CC-4865-91AF-627F9798FE48}
Windows Live Messenger-->MsiExec.exe /X{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}
Windows Live Messenger-->MsiExec.exe /X{E5B21F11-6933-4E0B-A25C-7963E3C07D11}
Windows Live MIME IFilter-->MsiExec.exe /I{DA54F80E-261C-41A2-A855-549A144F2F59}
Windows Live Movie Maker-->MsiExec.exe /X{19BA08F7-C728-469C-8A35-BFBD3633BE08}
Windows Live Movie Maker-->MsiExec.exe /X{92EA4134-10D1-418A-91E1-5A0453131A38}
Windows Live Photo Common-->MsiExec.exe /X{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}
Windows Live Photo Common-->MsiExec.exe /X{D436F577-1695-4D2F-8B44-AC76C99E0002}
Windows Live Photo Gallery-->MsiExec.exe /X{3336F667-9049-4D46-98B6-4C743EEBC5B1}
Windows Live Photo Gallery-->MsiExec.exe /X{34F4D9A4-42C2-4348-BEF4-E553C84549E7}
Windows Live PIMT Platform-->MsiExec.exe /I{83C292B7-38A5-440B-A731-07070E81A64F}
Windows Live Remote Client Resources-->MsiExec.exe /I{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}
Windows Live Remote Client-->MsiExec.exe /I{DF6D988A-EEA0-4277-AAB8-158E086E439B}
Windows Live Remote Service Resources-->MsiExec.exe /I{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}
Windows Live Remote Service-->MsiExec.exe /I{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}
Windows Live SOXE Definitions-->MsiExec.exe /I{200FEC62-3C34-4D60-9CE8-EC372E01C08F}
Windows Live SOXE-->MsiExec.exe /I{682B3E4F-696A-42DE-A41C-4C07EA1678B4}
Windows Live UX Platform Language Pack-->MsiExec.exe /I{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}
Windows Live UX Platform-->MsiExec.exe /I{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}
Windows Live Writer Resources-->MsiExec.exe /X{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}
Windows Live Writer-->MsiExec.exe /X{A726AE06-AAA3-43D1-87E3-70F510314F04}
Windows Live Writer-->MsiExec.exe /X{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}
Windows Live Writer-->MsiExec.exe /X{AAF454FC-82CA-4F29-AB31-6A109485E76E}
Windows Software Development Kit DirectX x64 Remote-->MsiExec.exe /I{5FB4C443-6BD6-1514-2717-3827D65AE6FB}
Windows Software Development Kit DirectX x86 Remote-->MsiExec.exe /I{23176E97-26CB-C72A-19EB-BFB21AC1D15A}
Windows Software Development Kit for Windows Store Apps DirectX x64 Remote-->MsiExec.exe /I{27EF252D-800C-ED42-9904-459FE0046225}
Windows Software Development Kit for Windows Store Apps DirectX x86 Remote-->MsiExec.exe /I{42F61556-29ED-8122-F39E-6F04EA5FF279}
Windows Software Development Kit for Windows Store Apps-->MsiExec.exe /I{D11F66FF-82B3-DDB8-1146-525370552BE1}
Windows Software Development Kit-->MsiExec.exe /I{60D5EF2A-4E0C-2C30-38F6-59C26E134F4A}

======System event log======

Computer Name: Dee-VAIO
Event Code: 134
Message: NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on ''. NtpClient will try again in 3473457 minutes and double the reattempt interval thereafter. The error was: The requested name is valid, but no data of the requested type was found. (0x80072AFC)
Record Number: 62786
Source Name: Microsoft-Windows-Time-Service
Time Written: 20120903222020.322251-000
Event Type: Warning
User: NT AUTHORITY\LOCAL SERVICE

Computer Name: Dee-VAIO
Event Code: 1014
Message: Name resolution for the name ctldl.windowsupdate.com timed out after none of the configured DNS servers responded.
Record Number: 62785
Source Name: Microsoft-Windows-DNS-Client
Time Written: 20120903222017.221242-000
Event Type: Warning
User: NT AUTHORITY\NETWORK SERVICE

Computer Name: Dee-VAIO
Event Code: 1014
Message: Name resolution for the name ctldl.windowsupdate.com timed out after none of the configured DNS servers responded.
Record Number: 62782
Source Name: Microsoft-Windows-DNS-Client
Time Written: 20120903222014.718037-000
Event Type: Warning
User: NT AUTHORITY\NETWORK SERVICE

Computer Name: Dee-VAIO
Event Code: 1014
Message: Name resolution for the name teredo.ipv6.microsoft.com timed out after none of the configured DNS servers responded.
Record Number: 62779
Source Name: Microsoft-Windows-DNS-Client
Time Written: 20120903222008.462426-000
Event Type: Warning
User: NT AUTHORITY\NETWORK SERVICE

Computer Name: Dee-VAIO
Event Code: 1014
Message: Name resolution for the name dns.msftncsi.com timed out after none of the configured DNS servers responded.
Record Number: 62507
Source Name: Microsoft-Windows-DNS-Client
Time Written: 20120829020435.328226-000
Event Type: Warning
User: NT AUTHORITY\NETWORK SERVICE

=====Application event log=====

Computer Name: Dee-VAIO
Event Code: 100
Message: Task Scheduling Error: m->NextScheduledSPRetry 1342
Record Number: 30962
Source Name: Bonjour Service
Time Written: 20121111231904.000000-000
Event Type: Error
User:

Computer Name: Dee-VAIO
Event Code: 100
Message: Task Scheduling Error: m->NextScheduledEvent 1342
Record Number: 30961
Source Name: Bonjour Service
Time Written: 20121111231904.000000-000
Event Type: Error
User:

Computer Name: Dee-VAIO
Event Code: 100
Message: Task Scheduling Error: Continuously busy for more than a second
Record Number: 30960
Source Name: Bonjour Service
Time Written: 20121111231902.000000-000
Event Type: Error
User:

Computer Name: Dee-VAIO
Event Code: 1000
Message: Faulting application name: APSDaemon.exe, version: 2.1.19.17, time stamp: 0x4fb5bca3
Faulting module name: APSDaemon_main.dll, version: 2.1.19.17, time stamp: 0x4fb5bce6
Exception code: 0xc0000005
Fault offset: 0x000082f0
Faulting process id: 0xdbc
Faulting application start time: 0x01cdbaa752babf46
Faulting application path: C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
Faulting module path: C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon_main.dll
Report Id: bf39cbde-2c00-11e2-8859-78843ce83a19
Record Number: 30945
Source Name: Application Error
Time Written: 20121111130730.000000-000
Event Type: Error
User:

Computer Name: Dee-VAIO
Event Code: 1000
Message: Faulting application name: McCHSvc.exe, version: 3.0.207.0, time stamp: 0x4dfb634d
Faulting module name: mcscan32.dll, version: 5.400.0.1158, time stamp: 0x4a705d78
Exception code: 0xc0000005
Fault offset: 0x0026cb0b
Faulting process id: 0x1c88
Faulting application start time: 0x01cdbc269c035b17
Faulting application path: C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe
Faulting module path: C:\Program Files (x86)\McAfee Security Scan\3.0.207\mcscan32.dll
Report Id: e57312b2-2819-11e2-8859-78843ce83a19
Record Number: 30775
Source Name: Application Error
Time Written: 20121106135727.000000-000
Event Type: Error
User:

=====Security event log=====

Computer Name: Dee-VAIO
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: DEE-VAIO$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 5

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x254
Process Name: C:\Windows\System32\services.exe

Network Information:
Workstation Name:	
Source Network Address:	-
Source Port: -

Detailed Authentication Information:
Logon Process: Advapi 
Authentication Package:	Negotiate
Transited Services:	-
Package Name (NTLM only):	-
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 13710
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20120319000431.117225-000
Event Type: Audit Success
User:

Computer Name: Dee-VAIO
Event Code: 4902
Message: The Per-user audit policy table was created.

Number of Elements:	0
Policy ID:	0x9c0c
Record Number: 13709
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20120319000431.086025-000
Event Type: Audit Success
User:

Computer Name: Dee-VAIO
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0

Logon Type: 0

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x4
Process Name:

Network Information:
Workstation Name:	-
Source Network Address:	-
Source Port: -

Detailed Authentication Information:
Logon Process: -
Authentication Package:	-
Transited Services:	-
Package Name (NTLM only):	-
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 13708
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20120319000431.039225-000
Event Type: Audit Success
User:

Computer Name: Dee-VAIO
Event Code: 4608
Message: Windows is starting up.

This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
Record Number: 13707
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20120319000431.039225-000
Event Type: Audit Success
User:

Computer Name: Dee-VAIO
Event Code: 1100
Message: The event logging service has shut down.
Record Number: 13706
Source Name: Microsoft-Windows-Eventlog
Time Written: 20120316121527.122344-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Sony\VAIO Startup Setting Tool;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files\Microsoft\Web Platform Installer\;C:\Program Files\Microsoft SQL Server\110\Tools\Binn\;C:\Program Files (x86)\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=2
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
"PROCESSOR_REVISION"=2a07
"windows_tracing_logfile"=C:\BVTBin\Tests\installpackage\csilogfile.log
"windows_tracing_flags"=3
"configsetroot"=%SystemRoot%\ConfigSetRoot
"asl.log"=Destination=file
"VS110COMNTOOLS"=C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\Tools\
"CLASSPATH"=.;C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files (x86)\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------


----------



## wannabeageek (Nov 12, 2009)

Hi Grubbs,

Do you have any contacts in the Netherlands? One of your TCP IP address entries is from there.
You may want to reset your router and change the password for it. Also verify that remote access from the internet is disabled. If you have any questions or need help with this, please ask.

I will get back to you tomorrow with more information concerning the logs you posted.

wbg


----------



## Grubbs (Nov 17, 2003)

No, I do not have any contacts in the Netherlands. I will do as suggested on router reset and password. Thanks for the advice.


----------



## wannabeageek (Nov 12, 2009)

Hi Grubbs,

*Step 1.*
Please uninstall the following programs:
Adobe Reader X (10.1.7) MUI
Java(TM) 6 Update 22
Java(TM) 6 Update 22 (64-bit)
McAfee Security Scan Plus

*Step 2.*
*Upload File/Files for testing*
*Please go to*  *Virustotal*
Copy/paste this file and path into the white box at the top:


> C:\Windows\assembly\Desktop.ini


Press Submit - this will submit the file for testing.
Please *wait* for all the scanners to finish then *copy and paste the permalink (web address)* in your next response.
Example of web address :









*Step 3.*
*Run OTL Script*
*We need to run an OTL Fix*


Right-click *OTL.exe* and select * " Run as administrator " *to run it.
*Copy* and *Paste* the following code into the







textbox. Do not include the word *Code*

```
:commands
[createrestorepoint]

:OTL
File not found (No name found) -- C:\USERS\DEE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\B9XJR16W.DEFAULT\EXTE NSIONS\[email protected]
O3 - HKU\S-1-5-21-3761110793-264239725-660992700-1006\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 10.25.2)
[2013/08/26 07:43:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboTax 2012
[2013/08/25 22:53:16 | 000,000,000 | ---D | C] -- C:\Users\Dee\AppData\Local\Intuit
[2013/08/25 15:36:36 | 000,002,062 | ---- | M] () -- C:\Users\Public\Desktop\ChurchTrac 9.lnk

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{4E00EC3D-F349-4FA2-829C-CD55E67F7D92}"=-
"{F014B696-28C5-4554-802F-A15380418F53}"=-

:Files
C:\Users\Dee\Desktop\CKScanner.exe
C:\ProgramData\ChurchTrac
C:\Users\Dee\AppData\Roaming\ChurchTrac
C:\ChurchTrac

:Commands
[EMPTYTEMP]
```

 Click under the *Custom Scan/Fixes* box and paste the copied text.
 Click the *Run Fix* button. If prompted... click *OK*.
 When the scan completes, Notepad will open with the scan results. The report is saved in this location: C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log.
Please post the contents of report in your next reply.

C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log.

*Step 4.*
*SystemLook*

Please download *SystemLook* from one of the links below and save it to your Desktop.
*Download Mirror #1
Download Mirror #2*


Right-click *SystemLook.exe* and select * " Run as administrator " *to run it.
Copy the content of the following codebox into the main textfield: Do not include the word *Code*

```
:filefind
*AskToolbar*
*Ask.com*
*Bandoo*
*Babylon*
*Conduit*
*datamngr*
*searchab*
*Fun4IM*
*Funmoods*
*iLivid*
*IObit*
*Iminent*
*Searchqu*
*Searchnu*
*smartbar*
*Tarma*
*trolltech*
*Vafmusic2*
*vshare*
*whitesmoke*
*Yontoo*

:folderfind
*AskToolbar*
*Ask.com*
*Babylon*
*Bandoo*
*Conduit*
*datamngr*
*searchab*
*smartbar*
*Fun4IM*
*Funmoods*
*iLivid*
*IObit*
*Iminent*
*Searchqu*
*Searchnu*
*Tarma*
*trolltech*
*Vafmusic2*
*vshare*
*whitesmoke*
*Yontoo*

:Regfind
AskToolbar
Ask.com
Babylon
Bandoo
Conduit
datamngr
searchab
Fun4IM
Funmoods
iLivid
IObit
Iminent
Searchqu
Searchnu
smartbar
Tarma
trolltech
Vafmusic2
vshare
whitesmoke
Yontoo
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found on your Desktop entitled *SystemLook.txt*

*Please include in your next reply:*


Results of VirusTotal scan
Contents of C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log
Contents of SystemLook.txt
*Any problem executing the instructions?*

Thanks, 
wbg


----------



## Grubbs (Nov 17, 2003)

OK, I am having problems. I was able to uninstall everything you requested except McAfee Security Scan Plus. This program no longer appears in either the list of programs in Control Panel or on my Start menu. But I seem to remember uninstalling it recently, perhaps when I did the uninstall of Turbotax and Churchtrac. So maybe you are seeing only the remnants of a registry key that didn't properly clean up during that uninstall?

Anyway, that is probably not the larger problem. After I uninstalled Adobe Reader and the Java Updates, I turned on the wireless radio so that I could connect to the internet and execute the instructions for the Virustotal.com scan. I made it to the virustotal.com website OK (although it took a while, because the laptop we're trying to repair is very slow once the wireless is enabled). But at the moment, I've been struggling for over 20 minutes trying to input the file to upload for the scan because the computer keeps "not responding". 

OK, update: I was finally able to type into the file upload dialog box "C:\Windows\assembly\Desktop.ini" (without the " " of course), and after clocking for a while, I received an error message saying the Desktop.ini file is not a valid filename. I am now showing a "File Upload" dialog box with a list of files in the C:\Windows\assembly folder, but scrolling through that list of files, Desktop.ini does not appear anywhere. 

Not sure whether I should attempt to execute the remainder of your instructions if I am unable to figure out how to do the virustotal scan on Desktop.ini. Please advise.


----------



## Grubbs (Nov 17, 2003)

By the way, in case it is not clear, I am not (nor have I been) posting from the computer we are trying to repair. As slow as it is to respond when the wireless is enabled, I am not sure it would even be possible. But I am sure it would be very frustrating. Up until this last set of instructions, I have been able to do the scans you have suggested by downloading the scan tools to a flash drive and transferring them to the computer needing scans without having to enable the wireless on it, then saving the log files back to the flash drive, and uploading them to my posts being made from a computer that is working fine.


----------



## Grubbs (Nov 17, 2003)

Bump.

Still not able to figure out how to submit C:\Windows\assembly\Desktop.ini to virustotal.com. Should I proceed with the remainder of the instructions (Steps 3 and 4) in Post #15 without having first submitted "Desktop.ini" to virustotal.com?

Is there any value in attempting to submit one of the "Desktop.ini" files from a different folder?


----------



## wannabeageek (Nov 12, 2009)

Hi Grubbs,

Sorry abut the delay over the holiday. Disregard the last set of instructions since you are having trouble connecting this computer to the web.

Run the follwing program and post the results in your next reply:

*Farbar Service Scanner (FSS) *
*SCAN Option*
Please download *Farbar Service Scanner* ... by *Farbar* and save it to your Desktop.


Right click on *FSS.exe* select "*Run As Administrator*" to run it. If prompted by UAC, please allow it.
Make sure the following options are checked:
*Internet Services* (checked by default)

Press the "*Scan*" button.
When finished, a text file named *FSS.txt* will be created on your desktop. (Same folder the tool is run).
Please copy and paste the contents of the *FSS.txt* log to your reply.
*Note:* If you receive an *AutoIt* error indicating: Error: Variable must be of type "Object", please UNCHECK the "*Report Windows Version Fully*" option and run the scan again.


----------



## Grubbs (Nov 17, 2003)

No problem on the delayed response. Hope you had a good holiday weekend.

Below is the log from FSS. I did enable wireless before running it.

Farbar Service Scanner Version: 05-09-2013
Ran by Dee (administrator) on 04-09-2013 at 18:20:08
Running from "C:\Users\Dee\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****


----------



## wannabeageek (Nov 12, 2009)

Hi grubbs,

Please run the following and *post the results after each scan:*

*Step 1.*
*Run OTL Scan*


Right-click *OTL.exe* and select * " Run as administrator " *to run it.
Copy and Paste the following code into the







textbox. Do not include the word Code

```
/md5start
tcpip.sys
/md5stop
```

At the top, first click the *NONE* button so it displays *STANDARD* then the Run Scan.









OTL may ask to reboot the machine. Please do so if asked.
The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

*Step 2.*
*Run OTL Scan*


Right-click *OTL.exe* and select * " Run as administrator " *to run it.
Copy and Paste the following code into the







textbox. Do not include the word Code

```
C:\Windows\System32\Drivers\Etc\HOSTS
```

At the top, first click the *NONE* button so it displays *STANDARD* then the Run Scan.









OTL may ask to reboot the machine. Please do so if asked.
The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.


----------



## Grubbs (Nov 17, 2003)

Scan from Step 1:

OTL logfile created on: 9/5/2013 7:22:12 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dee\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.95 Gb Total Physical Memory | 2.52 Gb Available Physical Memory | 63.76% Memory free
7.90 Gb Paging File | 6.38 Gb Available in Paging File | 80.83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 455.34 Gb Total Space | 379.03 Gb Free Space | 83.24% Space Free | Partition Type: NTFS
Drive G: | 3.73 Gb Total Space | 3.66 Gb Free Space | 98.15% Space Free | Partition Type: FAT32

Computer Name: DEE-VAIO | User Name: Dee | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Custom Scans ==========

< MD5 for: TCPIP.SYS >
[2012/10/03 12:56:54 | 001,914,248 | ---- | M] (Microsoft Corporation) MD5=37608401DFDB388CAF66917F6B2D6FB0 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17964_none_110e0fbd7d2e4b88\tcpip.sys
[2011/09/29 12:41:37 | 001,912,176 | ---- | M] (Microsoft Corporation) MD5=3810F06A4D74A7D62641EE73D6B3C660 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21828_none_11c6e9949627e69c\tcpip.sys
[2013/05/08 01:14:42 | 001,900,392 | ---- | M] (Microsoft Corporation) MD5=3E94650745D4DAB67E161F5F32CEA597 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22319_none_11d29984961f0be0\tcpip.sys
[2010/11/20 22:24:08 | 001,924,480 | ---- | M] (Microsoft Corporation) MD5=509383E505C973ED7534A06B3D19688D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys
[2012/08/22 13:06:13 | 001,901,936 | ---- | M] (Microsoft Corporation) MD5=7880A26B7D3B96FDA8EFD9F985036B1D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22097_none_117a13de9661c145\tcpip.sys
[2012/03/30 05:26:36 | 001,901,424 | ---- | M] (Microsoft Corporation) MD5=885B202006EE17AE99B9FBCEC9AF88C9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21954_none_11a27a8e9643d23a\tcpip.sys
[2011/04/25 00:33:51 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=92CE29D95AC9DD2D0EE9061D551BA250 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_114de9497cfe9316\tcpip.sys
[2013/05/08 01:39:01 | 001,910,632 | ---- | M] (Microsoft Corporation) MD5=9849EA3843A2ADBDD1497E97A85D8CAE -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18148_none_11278ac57d1aa96b\tcpip.sys
[2011/06/21 01:20:30 | 001,914,752 | ---- | M] (Microsoft Corporation) MD5=A0EB71E0DC047C7CC95CD6AB4036296E -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21754_none_11a276c29643d7ec\tcpip.sys
[2012/03/30 06:35:47 | 001,918,320 | ---- | M] (Microsoft Corporation) MD5=ACB82BDA8F46C84F465C1AFA517DC4B9 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17802_none_114ceccb7cff740d\tcpip.sys
[2013/07/06 00:20:38 | 001,900,992 | ---- | M] (Microsoft Corporation) MD5=B27F13153343BC37A27EAE01634D94E1 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22378_none_1190b9b296509a2f\tcpip.sys
[2013/01/03 01:00:54 | 001,913,192 | ---- | M] (Microsoft Corporation) MD5=B62A953F2BF3922C8764A29C34A22899 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18042_none_112187237d20143a\tcpip.sys
[2011/04/25 01:16:34 | 001,927,552 | ---- | M] (Microsoft Corporation) MD5=B77977AEB2FF159D01DB08A309989C5F -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_11cbb5de9625357a\tcpip.sys
[2013/01/04 00:47:43 | 001,901,416 | ---- | M] (Microsoft Corporation) MD5=B8C1AAC0523E1C33AEB0EF7572144BA2 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22209_none_11dd678a9616f2c8\tcpip.sys
[2012/10/03 12:44:29 | 001,902,472 | ---- | M] (Microsoft Corporation) MD5=D5707FC2300AA5B04B7BFE86D40C0133 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22124_none_11c2c45a962baed0\tcpip.sys
[2013/07/06 01:03:53 | 001,910,208 | ---- | M] (Microsoft Corporation) MD5=DB74544B75566C974815E79A62433F29 -- C:\Windows\SysNative\drivers\tcpip.sys
[2013/07/06 01:03:53 | 001,910,208 | ---- | M] (Microsoft Corporation) MD5=DB74544B75566C974815E79A62433F29 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18203_none_114dcae97cfeb81b\tcpip.sys
[2011/06/21 01:34:00 | 001,923,968 | ---- | M] (Microsoft Corporation) MD5=F0E98C00A09FDF791525829A1D14240F -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17638_none_11327af77d12659c\tcpip.sys
[2012/08/22 13:12:50 | 001,913,200 | ---- | M] (Microsoft Corporation) MD5=F782CAD3CEDBB3F9FFE3BF2775D92DDC -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17939_none_113380f37d117668\tcpip.sys
[2011/09/29 11:29:28 | 001,923,952 | ---- | M] (Microsoft Corporation) MD5=FC62769E7BFF2896035AEED399108162 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17697_none_10f09b257d43f3eb\tcpip.sys

< End of report >


----------



## Grubbs (Nov 17, 2003)

Scan from Step 2:

OTL logfile created on: 9/5/2013 9:01:09 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Dee\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.95 Gb Total Physical Memory | 2.32 Gb Available Physical Memory | 58.74% Memory free
7.90 Gb Paging File | 6.05 Gb Available in Paging File | 76.56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 455.34 Gb Total Space | 379.03 Gb Free Space | 83.24% Space Free | Partition Type: NTFS
Drive G: | 3.73 Gb Total Space | 3.66 Gb Free Space | 98.15% Space Free | Partition Type: FAT32

Computer Name: DEE-VAIO | User Name: Dee | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Custom Scans ==========

< C:\Windows\System32\Drivers\Etc\HOSTS >
[2009/06/10 16:00:26 | 000,000,824 | ---- | M] () -- C:\Windows\System32\Drivers\Etc\hosts

< End of report >


----------



## wannabeageek (Nov 12, 2009)

Hi Grubbs,

Open a command prompt window ....

Run the command ...

```
ipconfig /all > "%userprofile%\desktop\ipconfigexport.txt"
```
Paste the text by using the "RT-Mouse" click then "Paste" into the CMD Window.

Post the results in your next post.


----------



## Grubbs (Nov 17, 2003)

Results posted below. The wireless was enabled and the network did have internet connectivity when the command was executed. Not sure that would have made a difference...


Windows IP Configuration

Host Name . . . . . . . . . . . . : Dee-VAIO
Primary Dns Suffix . . . . . . . : 
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : 
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : B2-00-4E-D9-BA-E9
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : 
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 78-84-3C-E8-3A-19
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : 
Description . . . . . . . . . . . : Atheros AR9285 Wireless Network Adapter
Physical Address. . . . . . . . . : 90-00-4E-D9-BA-E9
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::2970:afd7:e821:45ef%11(Preferred) 
IPv4 Address. . . . . . . . . . . : 192.168.1.9(Preferred) 
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Friday, September 06, 2013 7:21:49 PM
Lease Expires . . . . . . . . . . : Saturday, September 07, 2013 7:21:49 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 239865710
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-BA-87-2C-78-84-3C-E8-3A-19
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : 
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Reusable ISATAP Interface {DBE70447-C6D0-467D-AA6C-40F4BE15B487}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : 
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . : 
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:101c:27a:38d1:960f(Preferred) 
Link-local IPv6 Address . . . . . : fe80::101c:27a:38d1:960f%20(Preferred) 
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{B322F3CF-A91E-4C37-8D1B-5F84C950046E}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : 
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{BACE280B-4541-4B90-954C-94382AE27089}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : 
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Reusable ISATAP Interface {4A757E19-AB97-4CF1-9A87-2AD07FACBC04}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : 
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes


----------



## wannabeageek (Nov 12, 2009)

Hi Grubbs,

Yes it would had made a difference. Having the wireless turned off would produce a non-functional output.

With the wireless active,
Open a command prompt window ....
Run the command, one at a time ...

```
ipconfig /release
ipconfig /renew
ipconfig /all
```
Paste the text by using the "RT-Mouse" click then "Paste" into the CMD Window.

If you get an error message of any kind, stop and post the message.

Then try this upload again:

*Upload File/Files for testing*
*Please go to*  *Virustotal* *
Copy/paste this file and path into the white box at the top:



C:\Windows\assembly\Desktop.ini

Click to expand...

Press Submit - this will submit the file for testing.
Please wait for all the scanners to finish then copy and paste the permalink (web address) in your next response.
Example of web address :









If it does not work, we will move on to something else.*


----------



## Grubbs (Nov 17, 2003)

I was able to issue the config commands with no issues. Am still unable to upload the "Desktop.ini" file from the c:\Windows\assembly directory - the virustotal website reports it as an invalid file. Browsing the folder does not reveal the file. Using the command prompt, I was able to determine that it is there as a hidden system file, but I was unable to use "attrib" to clear either of these attributes.


----------



## wannabeageek (Nov 12, 2009)

Hi Grubbs,

Ok, lets get this removal process rolling. Honestly, the delay was my wife wanting curtain rods up and later wasn't negotiable. But I'm glad no one else has that issue. 

*Step 1.*
*Run OTL Script*
*We need to run an OTL Fix*


Right-click *OTL.exe* and select * " Run as administrator " *to run it.
*Copy* and *Paste* the following code into the







textbox. Do not include the word *Code*

```
:commands
[createrestorepoint]

:OTL
File not found (No name found) -- C:\USERS\DEE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\B9XJR16W.DEFAULT\EXTE NSIONS\[email protected]
O3 - HKU\S-1-5-21-3761110793-264239725-660992700-1006\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 10.25.2)
[2013/08/26 07:43:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboTax 2012
[2013/08/25 22:53:16 | 000,000,000 | ---D | C] -- C:\Users\Dee\AppData\Local\Intuit
[2013/08/25 15:36:36 | 000,002,062 | ---- | M] () -- C:\Users\Public\Desktop\ChurchTrac 9.lnk

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{4E00EC3D-F349-4FA2-829C-CD55E67F7D92}"=-
"{F014B696-28C5-4554-802F-A15380418F53}"=-

:Files
C:\Windows\assembly\Desktop.ini
C:\Users\Dee\Desktop\CKScanner.exe
C:\ProgramData\ChurchTrac
C:\Users\Dee\AppData\Roaming\ChurchTrac
C:\ChurchTrac
C:\Program Files (x86)\McAfee Security Scan

:Commands
[EMPTYTEMP]
```

 Click under the *Custom Scan/Fixes* box and paste the copied text.
 Click the *Run Fix* button. If prompted... click *OK*.
 When the scan completes, Notepad will open with the scan results. The report is saved in this location: C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log.
Please post the contents of report in your next reply.

C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log.

*Step 2.*
*SystemLook*

Please download *SystemLook* from one of the links below and save it to your Desktop.
*Download Mirror #1
Download Mirror #2*


Right-click *SystemLook.exe* and select * " Run as administrator " *to run it.
Copy the content of the following codebox into the main textfield: Do not include the word *Code*

```
:filefind
*AskToolbar*
*Ask.com*
*Bandoo*
*Babylon*
*Conduit*
*datamngr*
*searchab*
*Fun4IM*
*Funmoods*
*iLivid*
*IObit*
*Iminent*
*Searchqu*
*Searchnu*
*smartbar*
*Tarma*
*trolltech*
*Vafmusic2*
*vshare*
*whitesmoke*
*Yontoo*

:folderfind
*AskToolbar*
*Ask.com*
*Babylon*
*Bandoo*
*Conduit*
*datamngr*
*searchab*
*smartbar*
*Fun4IM*
*Funmoods*
*iLivid*
*IObit*
*Iminent*
*Searchqu*
*Searchnu*
*Tarma*
*trolltech*
*Vafmusic2*
*vshare*
*whitesmoke*
*Yontoo*

:Regfind
AskToolbar
Ask.com
Babylon
Bandoo
Conduit
datamngr
searchab
Fun4IM
Funmoods
iLivid
IObit
Iminent
Searchqu
Searchnu
smartbar
Tarma
trolltech
Vafmusic2
vshare
whitesmoke
Yontoo
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found on your Desktop entitled *SystemLook.txt*

*Please include in your next reply:*


Contents of C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log
Contents of SystemLook.txt
*Any problem executing the instructions?*

Thanks, 
wbg


----------



## Grubbs (Nov 17, 2003)

No problem on the curtain rods, I definitely understand, because I'm a married man also (in fact, it is my wife's computer we are attempting to get back up and running).

Also, no problem using the OTL Fix or the SystemLook scan. But it doesn't seem to have improved performance when the wireless is enabled. Log files follow:

From OTL Fix:

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-3761110793-264239725-660992700-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboTax 2012 folder moved successfully.
C:\Users\Dee\AppData\Local\Intuit\Common\Reporter folder moved successfully.
C:\Users\Dee\AppData\Local\Intuit\Common folder moved successfully.
C:\Users\Dee\AppData\Local\Intuit folder moved successfully.
C:\Users\Public\Desktop\ChurchTrac 9.lnk moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\{4E00EC3D-F349-4FA2-829C-CD55E67F7D92} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E00EC3D-F349-4FA2-829C-CD55E67F7D92}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\{F014B696-28C5-4554-802F-A15380418F53} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F014B696-28C5-4554-802F-A15380418F53}\ not found.
========== FILES ==========
C:\Windows\assembly\Desktop.ini moved successfully.
C:\Users\Dee\Desktop\CKScanner.exe moved successfully.
C:\ProgramData\ChurchTrac folder moved successfully.
C:\Users\Dee\AppData\Roaming\ChurchTrac folder moved successfully.
C:\ChurchTrac folder moved successfully.
File\Folder C:\Program Files (x86)\McAfee Security Scan not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: Dee
->Temp folder emptied: 880689012 bytes
->Temporary Internet Files folder emptied: 2113988012 bytes
->Java cache emptied: 1157846 bytes
->FireFox cache emptied: 89945081 bytes
->Google Chrome cache emptied: 14547902 bytes
->Flash cache emptied: 10738 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 578716676 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 39108356 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 757 bytes
RecycleBin emptied: 6142277874 bytes

Total Files Cleaned = 9,404.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 09082013_192606

Files\Folders moved on Reboot...
C:\Users\Dee\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Dee\AppData\Local\Temp\~DF04D87DECB953B056.TMP not found!
File\Folder C:\Users\Dee\AppData\Local\Temp\~DF0D4E878179322776.TMP not found!
File\Folder C:\Users\Dee\AppData\Local\Temp\~DF12C8700B448DB1F3.TMP not found!
File\Folder C:\Users\Dee\AppData\Local\Temp\~DF4C70A1B5396C2B54.TMP not found!
File\Folder C:\Users\Dee\AppData\Local\Temp\~DF696768D205777DC1.TMP not found!
File\Folder C:\Users\Dee\AppData\Local\Temp\~DF9DDC83878D68549B.TMP not found!
File\Folder C:\Users\Dee\AppData\Local\Temp\~DFA2109A3434A4C966.TMP not found!
File\Folder C:\Users\Dee\AppData\Local\Temp\~DFA367081EDC3F3073.TMP not found!
File\Folder C:\Users\Dee\AppData\Local\Temp\~DFB090FE73BCCDD642.TMP not found!
File\Folder C:\Users\Dee\AppData\Local\Temp\~DFD36DA5DBF283B216.TMP not found!
C:\Users\Dee\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File\Folder C:\Windows\temp\_avast_\Webshlock.txt not found!

PendingFileRenameOperations files...

From SystemLook:

SystemLook 30.07.11 by jpshortstuff
Log created at 19:37 on 08/09/2013 by Dee
Administrator - Elevation successful

========== filefind ==========

Searching for "*AskToolbar*"
No files found.

Searching for "*Ask.com*"
No files found.

Searching for "*Bandoo*"
No files found.

Searching for "*Babylon*"
C:\AdwCleaner\Quarantine\C\Users\Dee\AppData\Roaming\Mozilla\Firefox\Profiles\b9xjr16w.default\searchplugins\Babylon.xml.vir	--a---- 6503 bytes	[19:39 30/05/2013]	[19:39 30/05/2013] 801A2AD16C6184FCAF68C28C6A1ADEDD
C:\Users\Dee\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\2A33CGS5\search.babylon[1].xml	--a---- 747 bytes	[19:21 31/05/2013]	[17:37 18/08/2013] CB79DC526890BC39067B10F5579F03A3

Searching for "*Conduit*"
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iSyncConduit.dll	--a---- 1207392 bytes	[17:43 06/12/2012]	[17:43 06/12/2012] C963B2DECF0872C4A79D4E5E97062E8C

Searching for "*datamngr*"
No files found.

Searching for "*searchab*"
No files found.

Searching for "*Fun4IM*"
No files found.

Searching for "*Funmoods*"
No files found.

Searching for "*iLivid*"
No files found.

Searching for "*IObit*"
No files found.

Searching for "*Iminent*"
No files found.

Searching for "*Searchqu*"
C:\Program Files (x86)\Windows Kits\8.0\Include\um\SearchQuery.idl	--a---- 11506 bytes	[12:31 02/06/2012]	[12:31 02/06/2012] 31CF7D13A3BCA47666D916E23AC7EFD2

Searching for "*Searchnu*"
No files found.

Searching for "*smartbar*"
No files found.

Searching for "*Tarma*"
No files found.

Searching for "*trolltech*"
No files found.

Searching for "*Vafmusic2*"
No files found.

Searching for "*vshare*"
No files found.

Searching for "*whitesmoke*"
No files found.

Searching for "*Yontoo*"
No files found.

========== folderfind ==========

Searching for "*AskToolbar*"
No folders found.

Searching for "*Ask.com*"
No folders found.

Searching for "*Babylon*"
C:\AdwCleaner\Quarantine\C\Users\Dee\AppData\Roaming\Babylon	d------	[23:26 27/08/2013]

Searching for "*Bandoo*"
No folders found.

Searching for "*Conduit*"
No folders found.

Searching for "*datamngr*"
No folders found.

Searching for "*searchab*"
No folders found.

Searching for "*smartbar*"
No folders found.

Searching for "*Fun4IM*"
No folders found.

Searching for "*Funmoods*"
No folders found.

Searching for "*iLivid*"
No folders found.

Searching for "*IObit*"
No folders found.

Searching for "*Iminent*"
No folders found.

Searching for "*Searchqu*"
No folders found.

Searching for "*Searchnu*"
No folders found.

Searching for "*Tarma*"
No folders found.

Searching for "*trolltech*"
No folders found.

Searching for "*Vafmusic2*"
No folders found.

Searching for "*vshare*"
No folders found.

Searching for "*whitesmoke*"
No folders found.

Searching for "*Yontoo*"
No folders found.

========== Regfind ==========

Searching for "AskToolbar"
No data found.

Searching for "Ask.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MAPI/IPM.Task]
"PreviewDetails"="prop:*System.DueDate;*System.Task.CompletionStatus;*System.Task.Owner;*System.Keywords"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SystemFileAssociations\MAPI/IPM.Task]
"PreviewDetails"="prop:*System.DueDate;*System.Task.CompletionStatus;*System.Task.Owner;*System.Keywords"

Searching for "Babylon"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\babylon.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"
[HKEY_USERS\S-1-5-21-3761110793-264239725-660992700-1006\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\babylon.com]

Searching for "Bandoo"
No data found.

Searching for "Conduit"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C511163B-37F1-45b2-826D-336F894B0143}]
@="Microsoft.Workflow.DebugEngine.ControllerConduit"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C511163B-37F1-45b2-826D-336F894B0143}\InprocServer32]
"Class"="Microsoft.Workflow.DebugEngine.ControllerConduit"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C511163B-37F1-45b2-826D-336F894B0143}\InprocServer32\10.0.0.0]
"Class"="Microsoft.Workflow.DebugEngine.ControllerConduit"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C511163B-37F1-45b2-826D-336F894B0143}\ProgId]
@="Microsoft.Workflow.DebugEngine.ControllerConduit.11.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1F7382B9-6B5D-4373-8880-387238072DAD}]
@="IControllerConduit"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2392D0C5-72EA-4215-8C66-280E1CB4344A}]
@="IControllerConduitCallback"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Microsoft.Workflow.DebugEngine.ControllerConduit.11.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Microsoft.Workflow.DebugEngine.ControllerConduit.11.0]
@="Microsoft.Workflow.DebugEngine.ControllerConduit"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v3.0\Setup\Windows Workflow Foundation\Debugger]
"ControllerConduitTypeName"="Microsoft.Workflow.DebugEngine.ControllerConduit, Microsoft.Workflow.DebugController, Version=11.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966]
"045F27F206F16624596059B2126D46D0"="C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iSyncConduit.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966\045F27F206F16624596059B2126D46D0]
"File"="iSyncConduit.dll"

Searching for "datamngr"
No data found.

Searching for "searchab"
No data found.

Searching for "Fun4IM"
No data found.

Searching for "Funmoods"
No data found.

Searching for "iLivid"
No data found.

Searching for "IObit"
No data found.

Searching for "Iminent"
No data found.

Searching for "Searchqu"
[HKEY_CURRENT_USER\Software\Microsoft\WDExpress\11.0_Config\CLSID\{B71B3DF9-7A4A-4D70-8293-3874DB098FDD}]
"Class"="Microsoft.VisualStudio.PlatformUI.VsSearchQueryParser"
[HKEY_CURRENT_USER\Software\Microsoft\WDExpress\11.0_Config\HandleInComingCall\{6223B428-B465-4B2B-864A-D0FFBC4741FD}]
@="IVsSearchQuery"
[HKEY_CURRENT_USER\Software\Microsoft\WDExpress\11.0_Config\HandleInComingCall\{B71B3DF9-7A4A-4D70-8293-3874DB098FDD}]
@="IVsSearchQueryParser"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6223B428-B465-4B2B-864A-D0FFBC4741FD}]
@="IVsSearchQuery"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{7E6C0144-256B-46B5-B4A7-0005C86CF85F}]
@="IVsSearchQueryParser"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1F2FFECB8D90989765A6DC7E0C0A8305]
"A2FE5D06C0E403C2836F952CE631F4A4"="C:\Program Files (x86)\Windows Kits\8.0\Include\um\SearchQuery.idl"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{6223B428-B465-4B2B-864A-D0FFBC4741FD}]
@="IVsSearchQuery"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{7E6C0144-256B-46B5-B4A7-0005C86CF85F}]
@="IVsSearchQueryParser"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_USERS\.DEFAULT\Software\Microsoft\WDExpress\11.0_Config\CLSID\{B71B3DF9-7A4A-4D70-8293-3874DB098FDD}]
"Class"="Microsoft.VisualStudio.PlatformUI.VsSearchQueryParser"
[HKEY_USERS\.DEFAULT\Software\Microsoft\WDExpress\11.0_Config\HandleInComingCall\{6223B428-B465-4B2B-864A-D0FFBC4741FD}]
@="IVsSearchQuery"
[HKEY_USERS\.DEFAULT\Software\Microsoft\WDExpress\11.0_Config\HandleInComingCall\{B71B3DF9-7A4A-4D70-8293-3874DB098FDD}]
@="IVsSearchQueryParser"
[HKEY_USERS\S-1-5-21-3761110793-264239725-660992700-1006\Software\Microsoft\WDExpress\11.0_Config\CLSID\{B71B3DF9-7A4A-4D70-8293-3874DB098FDD}]
"Class"="Microsoft.VisualStudio.PlatformUI.VsSearchQueryParser"
[HKEY_USERS\S-1-5-21-3761110793-264239725-660992700-1006\Software\Microsoft\WDExpress\11.0_Config\HandleInComingCall\{6223B428-B465-4B2B-864A-D0FFBC4741FD}]
@="IVsSearchQuery"
[HKEY_USERS\S-1-5-21-3761110793-264239725-660992700-1006\Software\Microsoft\WDExpress\11.0_Config\HandleInComingCall\{B71B3DF9-7A4A-4D70-8293-3874DB098FDD}]
@="IVsSearchQueryParser"
[HKEY_USERS\S-1-5-18\Software\Microsoft\WDExpress\11.0_Config\CLSID\{B71B3DF9-7A4A-4D70-8293-3874DB098FDD}]
"Class"="Microsoft.VisualStudio.PlatformUI.VsSearchQueryParser"
[HKEY_USERS\S-1-5-18\Software\Microsoft\WDExpress\11.0_Config\HandleInComingCall\{6223B428-B465-4B2B-864A-D0FFBC4741FD}]
@="IVsSearchQuery"
[HKEY_USERS\S-1-5-18\Software\Microsoft\WDExpress\11.0_Config\HandleInComingCall\{B71B3DF9-7A4A-4D70-8293-3874DB098FDD}]
@="IVsSearchQueryParser"

Searching for "Searchnu"
No data found.

Searching for "smartbar"
No data found.

Searching for "Tarma"
No data found.

Searching for "trolltech"
No data found.

Searching for "Vafmusic2"
No data found.

Searching for "vshare"
No data found.

Searching for "whitesmoke"
No data found.

Searching for "Yontoo"
No data found.

-= EOF =-


----------



## wannabeageek (Nov 12, 2009)

Hi Grubbs,

Run these again please and post the results.

*Step 1.*
*Run OTL Script*

*We need to run an OTL Fix*


Right-click *OTL.exe* and select * " Run as administrator " *to run it.
*Copy* and *Paste* the following code into the







textbox. Do not include the word *Code*

```
:commands
[createrestorepoint]

:Reg
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\babylon.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"=-
[HKEY_USERS\S-1-5-21-3761110793-264239725-660992700-1006\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\babylon.com]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]

:Files
C:\Users\Dee\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\2A33CGS5\search.babylon[1].xml

:Commands
[EMPTYTEMP]
```

 Click under the *Custom Scan/Fixes* box and paste the copied text.
 Click the *Run Fix* button. If prompted... click *OK*.
 When the scan completes, Notepad will open with the scan results. The report is saved in this location: C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log.
Please post the contents of report in your next reply.

C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log.

*Step 2.*
*SystemLook*

Please download *SystemLook* from one of the links below and save it to your Desktop.
*Download Mirror #1
Download Mirror #2*


Right-click *SystemLook.exe* and select * " Run as administrator " *to run it.
Copy the content of the following codebox into the main textfield: Do not include the word *Code*

```
:filefind
*Babylon*
*Searchqu*

:folderfind
*Babylon*
*Searchqu*

:Regfind
Babylon
Searchqu
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found on your Desktop entitled *SystemLook.txt*

*Please include in your next reply:*


Contents of C:\_OTL\Moved Files\MMDDYYY_HHMMSS.log.
Contents of SystemLook.txt
*Any problem executing the instructions?*
How is the computer behaving?

*Is it possible to temporarily connect using an ethernet cable?*

Thanks, 
wbg


----------



## Grubbs (Nov 17, 2003)

No problems executing the instructions. Performance seems perhaps a little better, although still much, much slower than it should be. Upon first enabling the wireless, I opened Firefox and it opened almost immediately, which has been taken well in excess of a minute. Same thing with windows explorer, when I opened a folder, it was noticeably faster than it had been, so I was thinking "Hallelujah!" But it still hasn't opened Internet Explorer yet, and it seems as though opening web pages in Firefox is slowing down. So I think you've made some improvement but maybe we're not home free yet.

OK I just re-started (did not have to hard re-boot, which is also unusual since the problems began). But I forgot to turn the wireless off before re-starting. Instead of Windows starting normally, the OTL Scan app came up open. When I closed it, the computer hung with a black screen and I had to hard reboot. This time I remembered to run off the wireless. It again opened the OTL app before Windows actually restarted. However, after closing OTL, Windows finished starting normally.

I had not tried a direct ethernet connection before tonight, but I just tried and was able to establish a network connection. But it seems this also slows everything down with long waits where windows are "not responding". All this was tried after running the OTL Fix and the SystemLook scan, by the way.

Log files follow:

OTL:

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\babylon.com\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}\\DllName deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}\\DllName deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}\\DllName deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}\\DllName not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}\\DllName not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}\\DllName not found.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ not found.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ not found.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ not found.
========== FILES ==========
C:\Users\Dee\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\2A33CGS5\search.babylon[1].xml moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: Dee
->Temp folder emptied: 2188861 bytes
->Temporary Internet Files folder emptied: 128 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4351 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 2.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 09092013_201354

Files\Folders moved on Reboot...
C:\Users\Dee\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Dee\AppData\Local\Temp\~DF0B33A64C634B4F82.TMP not found!
File\Folder C:\Users\Dee\AppData\Local\Temp\~DF0C0AE290CB0578A3.TMP not found!
File\Folder C:\Users\Dee\AppData\Local\Temp\~DF11D1CE695631C121.TMP not found!
File\Folder C:\Users\Dee\AppData\Local\Temp\~DF25334839CBBD2141.TMP not found!
File\Folder C:\Users\Dee\AppData\Local\Temp\~DF4ACA1051999DA5F3.TMP not found!
File\Folder C:\Users\Dee\AppData\Local\Temp\~DF6E5DA092407DC5AF.TMP not found!
File\Folder C:\Users\Dee\AppData\Local\Temp\~DF89A0283142546EF3.TMP not found!
File\Folder C:\Users\Dee\AppData\Local\Temp\~DF8C60742908A351DE.TMP not found!
File\Folder C:\Users\Dee\AppData\Local\Temp\~DFC0A0B4BF5E5C7919.TMP not found!
File\Folder C:\Users\Dee\AppData\Local\Temp\~DFFBCE7EEF311FD326.TMP not found!
C:\Users\Dee\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File\Folder C:\Windows\temp\_avast_\Webshlock.txt not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ not found.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ not found.
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ scheduled to be deleted on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ not found.

SystemLook:

SystemLook 30.07.11 by jpshortstuff
Log created at 20:20 on 09/09/2013 by Dee
Administrator - Elevation successful

========== filefind ==========

Searching for "*Babylon*"
C:\AdwCleaner\Quarantine\C\Users\Dee\AppData\Roaming\Mozilla\Firefox\Profiles\b9xjr16w.default\searchplugins\Babylon.xml.vir	--a---- 6503 bytes	[19:39 30/05/2013]	[19:39 30/05/2013] 801A2AD16C6184FCAF68C28C6A1ADEDD
C:\_OTL\MovedFiles\09092013_201354\C_Users\Dee\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\2A33CGS5\search.babylon[1].xml	--a---- 747 bytes	[19:21 31/05/2013]	[17:37 18/08/2013] CB79DC526890BC39067B10F5579F03A3

Searching for "*Searchqu*"
C:\Program Files (x86)\Windows Kits\8.0\Include\um\SearchQuery.idl	--a---- 11506 bytes	[12:31 02/06/2012]	[12:31 02/06/2012] 31CF7D13A3BCA47666D916E23AC7EFD2

========== folderfind ==========

Searching for "*Babylon*"
C:\AdwCleaner\Quarantine\C\Users\Dee\AppData\Roaming\Babylon	d------	[23:26 27/08/2013]

Searching for "*Searchqu*"
No folders found.

========== Regfind ==========

Searching for "Babylon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"

Searching for "Searchqu"
[HKEY_CURRENT_USER\Software\Microsoft\WDExpress\11.0_Config\CLSID\{B71B3DF9-7A4A-4D70-8293-3874DB098FDD}]
"Class"="Microsoft.VisualStudio.PlatformUI.VsSearchQueryParser"
[HKEY_CURRENT_USER\Software\Microsoft\WDExpress\11.0_Config\HandleInComingCall\{6223B428-B465-4B2B-864A-D0FFBC4741FD}]
@="IVsSearchQuery"
[HKEY_CURRENT_USER\Software\Microsoft\WDExpress\11.0_Config\HandleInComingCall\{B71B3DF9-7A4A-4D70-8293-3874DB098FDD}]
@="IVsSearchQueryParser"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6223B428-B465-4B2B-864A-D0FFBC4741FD}]
@="IVsSearchQuery"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{7E6C0144-256B-46B5-B4A7-0005C86CF85F}]
@="IVsSearchQueryParser"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1F2FFECB8D90989765A6DC7E0C0A8305]
"A2FE5D06C0E403C2836F952CE631F4A4"="C:\Program Files (x86)\Windows Kits\8.0\Include\um\SearchQuery.idl"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{6223B428-B465-4B2B-864A-D0FFBC4741FD}]
@="IVsSearchQuery"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{7E6C0144-256B-46B5-B4A7-0005C86CF85F}]
@="IVsSearchQueryParser"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_USERS\.DEFAULT\Software\Microsoft\WDExpress\11.0_Config\CLSID\{B71B3DF9-7A4A-4D70-8293-3874DB098FDD}]
"Class"="Microsoft.VisualStudio.PlatformUI.VsSearchQueryParser"
[HKEY_USERS\.DEFAULT\Software\Microsoft\WDExpress\11.0_Config\HandleInComingCall\{6223B428-B465-4B2B-864A-D0FFBC4741FD}]
@="IVsSearchQuery"
[HKEY_USERS\.DEFAULT\Software\Microsoft\WDExpress\11.0_Config\HandleInComingCall\{B71B3DF9-7A4A-4D70-8293-3874DB098FDD}]
@="IVsSearchQueryParser"
[HKEY_USERS\S-1-5-21-3761110793-264239725-660992700-1006\Software\Microsoft\WDExpress\11.0_Config\CLSID\{B71B3DF9-7A4A-4D70-8293-3874DB098FDD}]
"Class"="Microsoft.VisualStudio.PlatformUI.VsSearchQueryParser"
[HKEY_USERS\S-1-5-21-3761110793-264239725-660992700-1006\Software\Microsoft\WDExpress\11.0_Config\HandleInComingCall\{6223B428-B465-4B2B-864A-D0FFBC4741FD}]
@="IVsSearchQuery"
[HKEY_USERS\S-1-5-21-3761110793-264239725-660992700-1006\Software\Microsoft\WDExpress\11.0_Config\HandleInComingCall\{B71B3DF9-7A4A-4D70-8293-3874DB098FDD}]
@="IVsSearchQueryParser"
[HKEY_USERS\S-1-5-18\Software\Microsoft\WDExpress\11.0_Config\CLSID\{B71B3DF9-7A4A-4D70-8293-3874DB098FDD}]
"Class"="Microsoft.VisualStudio.PlatformUI.VsSearchQueryParser"
[HKEY_USERS\S-1-5-18\Software\Microsoft\WDExpress\11.0_Config\HandleInComingCall\{6223B428-B465-4B2B-864A-D0FFBC4741FD}]
@="IVsSearchQuery"
[HKEY_USERS\S-1-5-18\Software\Microsoft\WDExpress\11.0_Config\HandleInComingCall\{B71B3DF9-7A4A-4D70-8293-3874DB098FDD}]
@="IVsSearchQueryParser"

-= EOF =-


----------



## wannabeageek (Nov 12, 2009)

Hi grubbs,

I need you to run a few more scans. Please post after each scan.

*Step 1.*
*HJT - StartupList Log *


 Please *Run HijackThis.*
*Right click (hijackthis.exe) and choose "Run As Administrator"* Allow the UAC.
If you are on the "scan & fix stuff" page... Press the *"Main Menu"* button.

On the Main Menu... Press the *"Open the Misc Tools"* button.
On the Misc Tools window... to the right of *"StartupList (integrated v1.52)"*... *Check* the boxes:
"List also minor sections (full)"
 "List empty sections (complete)".

 Press the *"Generate StartupList log"* button. Press *Yes* at the prompt.
Notepad will open with a file "startuplist.txt" ... it will be saved to your HJT folder, when closed.
 Copy and Paste the contents of the *startuplist.txt* in your next reply.

*Step 2.*
*HJT - Uninstall Manager Log *


 Please *Run *HijackThis. 
*Right click (hijackthis.exe) and choose "Run As Administrator"* Allow the UAC.
If you are on the "scan & fix stuff" page... Press the *"Main Menu"*...button.

From the Main Menu...Press the *"Open the Misc Tools"*...button.
 Press the *"Open Uninstall Manager...* button.
 Press *only* the *Save List*...button.
 Press the *"Save"* button. The file "uninstall_list.txt" will be saved in your HJT folder.
 Copy and Paste the contents of *"uninstall_list.txt'* in your next reply.


----------



## Grubbs (Nov 17, 2003)

Wannabeageek,

Just wanted to let you know that I will be traveling for the next few days without access to the computer you're helping me with, so it will probably be Thursday evening at the earliest before I am able to run the scans and post results.


----------



## wannabeageek (Nov 12, 2009)

Good enough. See you then.


----------



## Grubbs (Nov 17, 2003)

StartupList report, 9/12/2013, 7:20:12 PM
StartupList version: 1.52.2
Started from : C:\Users\Dee\Desktop\HijackThis(1).EXE
Detected: Windows 7 SP1 (WinNT 6.00.3505)
Detected: Internet Explorer v10.0 (10.00.9200.16660)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\Users\Dee\AppData\Roaming\Verizon\UA_ar\UtilityApplication.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Sony\Walkman Content Transfer\ContentTransferWMDetector.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Users\Dee\Desktop\HijackThis(1).exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Users\Dee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup]
Launch Utility Application.lnk = Dee\AppData\Roaming\Verizon\UA_ar\UtilityApplication.exe
OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup]
[email protected] = ?

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = userinit.exe

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

IAStorIcon = C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
ISBMgr.exe = "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
PMBVolumeWatcher = C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
avast = "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
APSDaemon = "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
EEventManager = "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
ContentTransferWMDetector.exe = C:\Program Files (x86)\Sony\Walkman Content Transfer\ContentTransferWMDetector.exe
QuickTime Task = "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
iTunesHelper = "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
KeePass 2 PreLoad = "C:\Program Files (x86)\KeePass Password Safe\KeePass.exe" --preload

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

ApplePhotoStreams = C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
=

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\Windows\SysWOW64\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = %SystemRoot%\system32\unregmp2.exe /ShowWMP

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{2D46B6DC-2207-486B-B523-A557E6D54B47}] *
StubPath = C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = %SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

[{8A69D345-D564-463c-AFF1-A69D9E530F96}]
StubPath = "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\Windows\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from C:\Windows\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\Windows\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\Windows\Explorer\Explorer.exe: not present
C:\Windows\System\Explorer.exe: not present
C:\Windows\System32\Explorer.exe: not present
C:\Windows\Command\Explorer.exe: not present
C:\Windows\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: *Registry key not found*
.shb: *Registry key not found*
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\Windows
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename NOT OK: 'REGEDIT.EXE.MUI'
- File description: 'Registry Editor'

Registry check failed!

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06}
(no name) - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - {9030D464-4C02-4ABF-8ECC-5164760863C6}
URLRedirectionBHO - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL - {B4F3A835-0E21-4959-BA22-42B3008E02FF}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Adobe Flash Player Updater.job
GoogleUpdateTaskMachineCore.job
GoogleUpdateTaskMachineUA.job

--------------------------------------------------

Enumerating Download Program Files:

[Java Plug-in 1.7.0_25]
InProcServer32 = C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll
CODEBASE = http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\Windows\system32\NLAapi.dll
NameSpace #2: C:\Windows\system32\napinsp.dll
NameSpace #3: C:\Windows\system32\pnrpnsp.dll
NameSpace #4: C:\Windows\system32\pnrpnsp.dll
NameSpace #5: C:\Windows\System32\mswsock.dll
NameSpace #6: C:\Windows\System32\winrnr.dll
NameSpace #7: C:\Program Files (x86)\Bonjour\mdnsNSP.dll
NameSpace #8: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
NameSpace #9: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
Protocol #1: C:\Windows\system32\mswsock.dll
Protocol #2: C:\Windows\system32\mswsock.dll
Protocol #3: C:\Windows\system32\mswsock.dll
Protocol #4: C:\Windows\system32\mswsock.dll
Protocol #5: C:\Windows\system32\mswsock.dll
Protocol #6: C:\Windows\system32\mswsock.dll
Protocol #7: C:\Windows\system32\mswsock.dll
Protocol #8: C:\Windows\system32\mswsock.dll
Protocol #9: C:\Windows\system32\mswsock.dll
Protocol #10: C:\Windows\system32\mswsock.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

1394 OHCI Compliant Host Controller: \SystemRoot\system32\drivers\1394ohci.sys (manual start)
ABBYY FineReader 9.0 Sprint Licensing Service: "C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe" -service (autostart)
ArcSoft Connect Daemon: C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (manual start)
Microsoft ACPI Driver: system32\drivers\ACPI.sys (system)
ACPI Power Meter Driver: \SystemRoot\system32\drivers\acpipmi.sys (manual start)
Adobe Flash Player Update Service: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (manual start)
adp94xx: \SystemRoot\system32\drivers\adp94xx.sys (manual start)
adpahci: \SystemRoot\system32\drivers\adpahci.sys (manual start)
adpu320: \SystemRoot\system32\drivers\adpu320.sys (manual start)
@%SystemRoot%\system32\aelupsvc.dll,-1: %systemroot%\system32\svchost.exe -k netsvcs (manual start)
@%systemroot%\system32\drivers\afd.sys,-1000: \SystemRoot\system32\drivers\afd.sys (system)
Intel AGP Bus Filter: \SystemRoot\system32\drivers\agp440.sys (manual start)
@%SystemRoot%\system32\Alg.exe,-112: %SystemRoot%\System32\alg.exe (manual start)
aliide: \SystemRoot\system32\drivers\aliide.sys (manual start)
amdide: \SystemRoot\system32\drivers\amdide.sys (manual start)
AMD K8 Processor Driver: \SystemRoot\system32\drivers\amdk8.sys (manual start)
AMD Processor Driver: \SystemRoot\system32\drivers\amdppm.sys (manual start)
amdsata: \SystemRoot\system32\drivers\amdsata.sys (manual start)
amdsbs: \SystemRoot\system32\drivers\amdsbs.sys (manual start)
amdxata: system32\drivers\amdxata.sys (system)
Alps Pointing-device Filter Driver: system32\DRIVERS\Apfiltr.sys (manual start)
@%systemroot%\system32\appidsvc.dll,-102: \SystemRoot\system32\drivers\appid.sys (manual start)
@%systemroot%\system32\appidsvc.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation (manual start)
@%systemroot%\system32\appinfo.dll,-100: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Apple Mobile Device: "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" (autostart)
arc: \SystemRoot\system32\drivers\arc.sys (manual start)
arcsas: \SystemRoot\system32\drivers\arcsas.sys (manual start)
ArcSoft Magic-I Visual Effect: system32\DRIVERS\ArcSoftKsUFilter.sys (manual start)
ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe (manual start)
aswMonFlt: \??\C:\Windows\system32\drivers\aswMonFlt.sys (autostart)
aswRdr: \SystemRoot\System32\Drivers\aswrdr2.sys (system)
@%systemroot%\system32\rascfg.dll,-32000: system32\DRIVERS\asyncmac.sys (manual start)
atapi: \SystemRoot\system32\drivers\atapi.sys (manual start)
Atheros Extensible Wireless LAN device driver: system32\DRIVERS\athrx.sys (manual start)
@%SystemRoot%\system32\audiosrv.dll,-204: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
@%SystemRoot%\system32\audiosrv.dll,-200: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted (autostart)
avast! Antivirus: "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" (autostart)
@%SystemRoot%\system32\AxInstSV.dll,-103: %SystemRoot%\system32\svchost.exe -k AxInstSVGroup (manual start)
Broadcom NetXtreme II VBD: \SystemRoot\system32\drivers\bxvbda.sys (manual start)
Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0: system32\DRIVERS\b57nd60a.sys (manual start)
@%SystemRoot%\system32\bdesvc.dll,-100: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
@%SystemRoot%\system32\bfe.dll,-1001: %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork (autostart)
@%SystemRoot%\system32\qmgr.dll,-1000: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
blbdrive: \SystemRoot\system32\drivers\blbdrive.sys (system)
Bonjour Service: "C:\Program Files\Bonjour\mDNSResponder.exe" (autostart)
@%systemroot%\system32\browser.dll,-102: system32\DRIVERS\bowser.sys (manual start)
Brother USB Mass-Storage Lower Filter Driver: \SystemRoot\system32\drivers\BrFiltLo.sys (manual start)
Brother USB Mass-Storage Upper Filter Driver: \SystemRoot\system32\drivers\BrFiltUp.sys (manual start)
@%systemroot%\system32\browser.dll,-100: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Brother MFC Serial Port Interface Driver (WDM): \SystemRoot\System32\Drivers\Brserid.sys (manual start)
Brother WDM Serial driver: \SystemRoot\System32\Drivers\BrSerWdm.sys (manual start)
Brother MFC USB Fax Only Modem: \SystemRoot\System32\Drivers\BrUsbMdm.sys (manual start)
Brother MFC USB Serial WDM Driver: \SystemRoot\System32\Drivers\BrUsbSer.sys (manual start)
Bluetooth Serial Communications Driver: \SystemRoot\system32\drivers\bthmodem.sys (manual start)
@%SystemRoot%\System32\bthserv.dll,-101: %SystemRoot%\system32\svchost.exe -k bthsvcs (manual start)
CD/DVD File System Reader: system32\DRIVERS\cdfs.sys (disabled)
CD-ROM Driver: system32\DRIVERS\cdrom.sys (system)
@%SystemRoot%\System32\certprop.dll,-11: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Consumer IR Devices: \SystemRoot\system32\drivers\circlass.sys (manual start)
@%SystemRoot%\system32\clfs.sys,-100: System32\CLFS.sys (system)
Microsoft .NET Framework NGEN v2.0.50727_X86: %systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (disabled)
Microsoft .NET Framework NGEN v2.0.50727_X64: %systemroot%\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (disabled)
Microsoft .NET Framework NGEN v4.0.30319_X86: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (autostart)
Microsoft .NET Framework NGEN v4.0.30319_X64: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (autostart)
Microsoft ACPI Control Method Battery Driver: \SystemRoot\system32\drivers\CmBatt.sys (manual start)
cmdide: \SystemRoot\system32\drivers\cmdide.sys (manual start)
: System32\Drivers\cng.sys (system)
Conexant UAA Function Driver for High Definition Audio Service: system32\drivers\CHDRT64.sys (manual start)
Microsoft Composite Battery Driver: system32\drivers\compbatt.sys (system)
Composite Bus Enumerator Driver: \SystemRoot\system32\drivers\CompositeBus.sys (manual start)
@comres.dll,-947: %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Crcdisk Filter Driver: \SystemRoot\system32\drivers\crcdisk.sys (disabled)
@%SystemRoot%\system32\cryptsvc.dll,-1001: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)
DCDhcpService: "C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe" (manual start)
@oleres.dll,-5012: %SystemRoot%\system32\svchost.exe -k DcomLaunch (autostart)
@%SystemRoot%\system32\defragsvc.dll,-101: %SystemRoot%\system32\svchost.exe -k defragsvc (manual start)
@%systemroot%\system32\drivers\dfsc.sys,-101: System32\Drivers\dfsc.sys (system)
DgiVecp: \??\C:\Windows\system32\Drivers\DgiVecp.sys (autostart)
@%SystemRoot%\system32\dhcpcore.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted (autostart)
@%systemroot%\system32\drivers\discache.sys,-102: System32\drivers\discache.sys (system)
Disk Driver: system32\drivers\disk.sys (system)
@%SystemRoot%\System32\dnsapi.dll,-101: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart)
@%systemroot%\system32\dot3svc.dll,-1102: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
@%systemroot%\system32\dps.dll,-500: %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork (autostart)
Microsoft Trusted Audio Drivers: system32\drivers\drmkaud.sys (manual start)
DVDAccss: system32\drivers\DVDAccss.sys (autostart)
LDDM Graphics Subsystem: \SystemRoot\System32\drivers\dxgkrnl.sys (manual start)
Intel(R) Gigabit Network Connections Driver: system32\DRIVERS\e1y60x64.sys (manual start)
@%systemroot%\system32\eapsvc.dll,-1: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Broadcom NetXtreme II 10 GigE VBD: \SystemRoot\system32\drivers\evbda.sys (manual start)
@%SystemRoot%\system32\efssvc.dll,-100: %SystemRoot%\System32\lsass.exe (manual start)
@%SystemRoot%\ehome\ehrecvr.exe,-101: %systemroot%\ehome\ehRecvr.exe (manual start)
@%SystemRoot%\ehome\ehsched.exe,-101: %systemroot%\ehome\ehsched.exe (manual start)
elxstor: \SystemRoot\system32\drivers\elxstor.sys (manual start)
EpsonBidirectionalService: C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe (autostart)
EpsonCustomerParticipation: "C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe" (autostart)
EPSON V5 Service4(04): C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE (autostart)
EPSON V3 Service4(04): C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE (autostart)
Microsoft Hardware Error Device Driver: \SystemRoot\system32\drivers\errdev.sys (manual start)
@%SystemRoot%\system32\wevtsvc.dll,-200: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted (autostart)
@comres.dll,-2450: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
@%systemroot%\system32\fxsresm.dll,-118: %systemroot%\system32\fxssvc.exe (manual start)
Floppy Disk Controller Driver: \SystemRoot\system32\drivers\fdc.sys (manual start)
@%systemroot%\system32\fdPHost.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
@%systemroot%\system32\fdrespub.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation (autostart)
@%SystemRoot%\system32\drivers\fileinfo.sys,-100: system32\drivers\fileinfo.sys (system)
@%SystemRoot%\system32\drivers\filetrace.sys,-10001: system32\drivers\filetrace.sys (manual start)
Floppy Disk Driver: \SystemRoot\system32\drivers\flpydisk.sys (manual start)
@%SystemRoot%\system32\drivers\fltmgr.sys,-10001: system32\drivers\fltmgr.sys (system)
@%systemroot%\system32\FntCache.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalService (autostart)
@%SystemRoot%\system32\PresentationHost.exe,-3309: %systemroot%\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (manual start)
@%SystemRoot%\system32\drivers\fsdepends.sys,-10001: System32\drivers\FsDepends.sys (manual start)
@%SystemRoot%\system32\drivers\fvevol.sys,-100: System32\DRIVERS\fvevol.sys (system)
Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms: \SystemRoot\system32\drivers\gagp30kx.sys (manual start)
GEAR ASPI Filter Driver: system32\DRIVERS\GEARAspiWDM.sys (manual start)
@gpapi.dll,-112: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Google Update Service (gupdate): "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc (autostart)
Google Update Service (gupdatem): "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc (manual start)
Hauppauge Consumer Infrared Receiver: \SystemRoot\system32\drivers\hcw85cir.sys (manual start)
Microsoft 1.1 UAA Function Driver for High Definition Audio Service: system32\drivers\HdAudio.sys (manual start)
Microsoft UAA Bus Driver for High Definition Audio: \SystemRoot\system32\drivers\HDAudBus.sys (manual start)
HID UPS Battery Driver: \SystemRoot\system32\drivers\HidBatt.sys (manual start)
Microsoft Bluetooth HID Miniport: \SystemRoot\system32\drivers\hidbth.sys (manual start)
Microsoft Infrared HID Driver: \SystemRoot\system32\drivers\hidir.sys (manual start)
@%SystemRoot%\System32\hidserv.dll,-101: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
Microsoft HID Class Driver: system32\DRIVERS\hidusb.sys (manual start)
@%SystemRoot%\system32\kmsvc.dll,-6: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
@%SystemRoot%\System32\ListSvc.dll,-100: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
@%SystemRoot%\System32\provsvc.dll,-100: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted (manual start)
HpSAMD: \SystemRoot\system32\drivers\HpSAMD.sys (manual start)
@%SystemRoot%\system32\drivers\http.sys,-1: system32\drivers\HTTP.sys (manual start)
@%systemroot%\system32\drivers\hwpolicy.sys,-101: System32\drivers\hwpolicy.sys (system)
i8042 Keyboard and PS/2 Mouse Port Driver: system32\DRIVERS\i8042prt.sys (manual start)
Intel AHCI Controller: system32\drivers\iaStor.sys (system)
Intel(R) Rapid Storage Technology: "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe" (autostart)
Intel RAID Controller Windows 7: \SystemRoot\system32\drivers\iaStorV.sys (manual start)
IconMan_R: "C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe" (autostart)
@%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8193: "%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe" (manual start)
igfx: system32\DRIVERS\igdkmd64.sys (manual start)
iirsp: \SystemRoot\system32\drivers\iirsp.sys (manual start)
@%SystemRoot%\system32\ikeext.dll,-501: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Intel(R) Display Audio: system32\DRIVERS\IntcDAud.sys (manual start)
intelide: \SystemRoot\system32\drivers\intelide.sys (manual start)
Intel Processor Driver: \SystemRoot\system32\drivers\intelppm.sys (manual start)
Intuit Update Service v4: "C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe" (autostart)
@%systemroot%\system32\IPBusEnum.dll,-102: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
@%systemroot%\system32\rascfg.dll,-32013: system32\DRIVERS\ipfltdrv.sys (manual start)
@%SystemRoot%\system32\iphlpsvc.dll,-500: %SystemRoot%\System32\svchost.exe -k NetSvcs (autostart)
IPMIDRV: \SystemRoot\system32\drivers\IPMIDrv.sys (manual start)
IP Network Address Translator: System32\drivers\ipnat.sys (manual start)
iPod Service: "C:\Program Files\iPod\bin\iPodService.exe" (manual start)
@%SystemRoot%\system32\drivers\irenum.sys,-100: system32\drivers\irenum.sys (manual start)
isapnp: \SystemRoot\system32\drivers\isapnp.sys (manual start)
iScsiPort Driver: \SystemRoot\system32\drivers\msiscsi.sys (manual start)
Keyboard Class Driver: \SystemRoot\system32\drivers\kbdclass.sys (manual start)
Keyboard HID Driver: \SystemRoot\system32\drivers\kbdhid.sys (manual start)
@keyiso.dll,-100: %SystemRoot%\system32\lsass.exe (manual start)
: System32\Drivers\ksecdd.sys (system)
: System32\Drivers\ksecpkg.sys (system)
Kernel Streaming Thunks: \SystemRoot\system32\drivers\ksthunk.sys (manual start)
@comres.dll,-2946: %SystemRoot%\System32\svchost.exe -k NetworkServiceAndNoImpersonation (manual start)
@%systemroot%\system32\srvsvc.dll,-100: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
@%systemroot%\system32\wkssvc.dll,-100: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
Link-Layer Topology Discovery Mapper I/O Driver: system32\DRIVERS\lltdio.sys (autostart)
@%SystemRoot%\system32\lltdres.dll,-1: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
@%SystemRoot%\system32\lmhsvc.dll,-101: %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted (autostart)
Intel(R) Management and Security Application Local Management Service: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (autostart)
LSI_FC: \SystemRoot\system32\drivers\lsi_fc.sys (manual start)
LSI_SAS: \SystemRoot\system32\drivers\lsi_sas.sys (manual start)
LSI_SAS2: \SystemRoot\system32\drivers\lsi_sas2.sys (manual start)
LSI_SCSI: \SystemRoot\system32\drivers\lsi_scsi.sys (manual start)
@%systemroot%\system32\drivers\luafv.sys,-100: \SystemRoot\system32\drivers\luafv.sys (autostart)
@%SystemRoot%\ehome\ehres.dll,-15501: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation (disabled)
megasas: \SystemRoot\system32\drivers\megasas.sys (manual start)
MegaSR: \SystemRoot\system32\drivers\MegaSR.sys (manual start)
Intel(R) Management Engine Interface: \SystemRoot\system32\drivers\HECIx64.sys (manual start)
@%systemroot%\system32\mmcss.dll,-100: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
: system32\drivers\modem.sys (manual start)
Microsoft Monitor Class Function Driver Service: system32\DRIVERS\monitor.sys (manual start)
Mouse Class Driver: system32\DRIVERS\mouclass.sys (manual start)
Mouse HID Driver: system32\DRIVERS\mouhid.sys (manual start)
@%SystemRoot%\system32\drivers\mountmgr.sys,-100: System32\drivers\mountmgr.sys (system)
Mozilla Maintenance Service: "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" (manual start)
mpio: \SystemRoot\system32\drivers\mpio.sys (manual start)
@%SystemRoot%\system32\FirewallAPI.dll,-23092: System32\drivers\mpsdrv.sys (manual start)
@%SystemRoot%\system32\FirewallAPI.dll,-23090: %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork (autostart)
@%systemroot%\system32\webclnt.dll,-104: \SystemRoot\system32\drivers\mrxdav.sys (manual start)
@%systemroot%\system32\wkssvc.dll,-1002: system32\DRIVERS\mrxsmb.sys (manual start)
@%systemroot%\system32\wkssvc.dll,-1004: system32\DRIVERS\mrxsmb10.sys (manual start)
@%systemroot%\system32\wkssvc.dll,-1006: system32\DRIVERS\mrxsmb20.sys (manual start)
msahci: \SystemRoot\system32\drivers\msahci.sys (manual start)
msdsm: \SystemRoot\system32\drivers\msdsm.sys (manual start)
@comres.dll,-2797: %SystemRoot%\System32\msdtc.exe (manual start)
@%SystemRoot%\system32\drivers\mshidkmdf.sys,-100: \SystemRoot\System32\drivers\mshidkmdf.sys (manual start)
msisadrv: system32\drivers\msisadrv.sys (system)
@%SystemRoot%\system32\iscsidsc.dll,-5000: %systemroot%\system32\svchost.exe -k netsvcs (manual start)
@%SystemRoot%\system32\msimsg.dll,-27: %systemroot%\system32\msiexec.exe /V (autostart)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Microsoft System Management BIOS Driver: \SystemRoot\system32\drivers\mssmbios.sys (system)
Microsoft Streaming Tee/Sink-to-Sink Converter: system32\drivers\MSTEE.sys (manual start)
Microsoft Input Configuration Driver: \SystemRoot\system32\drivers\MTConfig.sys (manual start)
@%systemroot%\system32\drivers\mup.sys,-101: System32\Drivers\mup.sys (system)
@%SystemRoot%\system32\qagentrt.dll,-6: %SystemRoot%\System32\svchost.exe -k NetworkService (manual start)
NativeWiFi Filter: system32\DRIVERS\nwifi.sys (manual start)
@%SystemRoot%\system32\drivers\ndis.sys,-200: system32\drivers\ndis.sys (system)
NDIS Capture LightWeight Filter: system32\DRIVERS\ndiscap.sys (manual start)
@%systemroot%\system32\rascfg.dll,-32001: system32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: system32\DRIVERS\ndisuio.sys (manual start)
@%systemroot%\system32\rascfg.dll,-32002: system32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: system32\DRIVERS\netbios.sys (system)
@%SystemRoot%\system32\drivers\netbt.sys,-2: System32\DRIVERS\netbt.sys (system)
@%SystemRoot%\System32\netlogon.dll,-102: %systemroot%\system32\lsass.exe (manual start)
@%SystemRoot%\system32\netman.dll,-109: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
@c:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195: "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator (disabled)
@c:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (disabled)
@%SystemRoot%\system32\netprofm.dll,-202: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
@c:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (disabled)
@c:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8201: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (disabled)
nfrd960: \SystemRoot\system32\drivers\nfrd960.sys (manual start)
NitroPDFReaderDriverCreatorReadSpool3: "C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe" (autostart)
@%SystemRoot%\System32\nlasvc.dll,-1: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
@%SystemRoot%\system32\nsisvc.dll,-200: %systemroot%\system32\svchost.exe -k LocalService (autostart)
@%SystemRoot%\system32\drivers\nsiproxy.sys,-2: system32\drivers\nsiproxy.sys (system)
nvlddmkm: system32\DRIVERS\nvlddmkm.sys (manual start)
nvraid: \SystemRoot\system32\drivers\nvraid.sys (manual start)
nvstor: \SystemRoot\system32\drivers\nvstor.sys (manual start)
NVIDIA nForce AGP Bus Filter: \SystemRoot\system32\drivers\nv_agp.sys (manual start)
Oasis2Service: "C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe" (autostart)
1394 OHCI Compliant Host Controller (Legacy): \SystemRoot\system32\drivers\ohci1394.sys (manual start)
Office Source Engine: "C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE" (manual start)
Office Software Protection Platform: "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE" (manual start)
@%SystemRoot%\system32\pnrpsvc.dll,-8004: %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet (manual start)
@%SystemRoot%\system32\p2psvc.dll,-8006: %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet (manual start)
Parallel port driver: \SystemRoot\system32\drivers\parport.sys (manual start)
@%SystemRoot%\system32\drivers\partmgr.sys,-100: System32\drivers\partmgr.sys (system)
@%SystemRoot%\system32\pcasvc.dll,-1: %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted (disabled)
PCI Bus Driver: system32\drivers\pci.sys (system)
pciide: \SystemRoot\system32\drivers\pciide.sys (manual start)
pcmcia: \SystemRoot\system32\drivers\pcmcia.sys (manual start)
Performance Counters for Windows Driver: System32\drivers\pcw.sys (system)
PEAUTH: system32\drivers\peauth.sys (autostart)
@%systemroot%\sysWow64\perfhost.exe,-2: %SystemRoot%\SysWow64\perfhost.exe (manual start)
Padus ASPI Shell: system32\drivers\pfc.sys (manual start)
@%systemroot%\system32\pla.dll,-500: %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork (manual start)
@%SystemRoot%\system32\umpnpmgr.dll,-100: %SystemRoot%\system32\svchost.exe -k DcomLaunch (autostart)
PMBDeviceInfoProvider: "C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe" (autostart)
@%SystemRoot%\system32\pnrpauto.dll,-8002: %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet (manual start)
@%SystemRoot%\system32\pnrpsvc.dll,-8000: %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet (manual start)
@%SystemRoot%\System32\polstore.dll,-5010: %SystemRoot%\system32\svchost.exe -k NetworkServiceNetworkRestricted (manual start)
@%SystemRoot%\system32\umpo.dll,-100: %SystemRoot%\system32\svchost.exe -k DcomLaunch (autostart)
@%systemroot%\system32\rascfg.dll,-32006: system32\DRIVERS\raspptp.sys (manual start)
Processor Driver: \SystemRoot\system32\drivers\processr.sys (manual start)
@%systemroot%\system32\profsvc.dll,-300: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
@%systemroot%\system32\psbase.dll,-300: %SystemRoot%\system32\lsass.exe (manual start)
@%SystemRoot%\System32\drivers\pacer.sys,-101: system32\DRIVERS\pacer.sys (system)
ql2300: \SystemRoot\system32\drivers\ql2300.sys (manual start)
ql40xx: \SystemRoot\system32\drivers\ql40xx.sys (manual start)
@%SystemRoot%\system32\qwave.dll,-1: %windir%\system32\svchost.exe -k LocalServiceAndNoImpersonation (manual start)
@%SystemRoot%\system32\drivers\qwavedrv.sys,-1: \SystemRoot\system32\drivers\qwavedrv.sys (manual start)
Remote Access Auto Connection Driver: System32\DRIVERS\rasacd.sys (manual start)
WAN Miniport (IKEv2): system32\DRIVERS\AgileVpn.sys (manual start)
@%Systemroot%\system32\rasauto.dll,-200: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
@%systemroot%\system32\rascfg.dll,-32005: system32\DRIVERS\rasl2tp.sys (manual start)
@%Systemroot%\system32\rasmans.dll,-200: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
@%systemroot%\system32\rascfg.dll,-32007: system32\DRIVERS\raspppoe.sys (manual start)
@%systemroot%\system32\sstpsvc.dll,-202: system32\DRIVERS\rassstp.sys (manual start)
@%systemroot%\system32\wkssvc.dll,-1000: system32\DRIVERS\rdbss.sys (system)
Remote Desktop Device Redirector Bus Driver: \SystemRoot\system32\drivers\rdpbus.sys (manual start)
@%systemroot%\system32\DRIVERS\RDPCDD.sys,-100: System32\DRIVERS\RDPCDD.sys (system)
@%systemroot%\system32\drivers\RDPENCDD.sys,-101: system32\drivers\rdpencdd.sys (system)
@%systemroot%\system32\drivers\RdpRefMp.sys,-101: system32\drivers\rdprefmp.sys (system)
ReadyBoost: System32\drivers\rdyboost.sys (system)
@%Systemroot%\system32\mprdim.dll,-200: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
@regsvc.dll,-1: %SystemRoot%\system32\svchost.exe -k regsvc (manual start)
@%windir%\system32\RpcEpMap.dll,-1001: %SystemRoot%\system32\svchost.exe -k RPCSS (autostart)
@%systemroot%\system32\Locator.exe,-2: %SystemRoot%\system32\locator.exe (manual start)
@oleres.dll,-5010: %SystemRoot%\system32\svchost.exe -k rpcss (autostart)
Realtek PCIE CardReader Driver: system32\DRIVERS\RtsPStor.sys (manual start)
Link-Layer Topology Discovery Responder: system32\DRIVERS\rspndr.sys (autostart)
Realtek 8167 NT Driver: system32\DRIVERS\Rt64win7.sys (manual start)
@%SystemRoot%\system32\samsrv.dll,-1: %SystemRoot%\system32\lsass.exe (autostart)
sbp2port: \SystemRoot\system32\drivers\sbp2port.sys (manual start)
@%SystemRoot%\System32\SCardSvr.dll,-1: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation (manual start)
@%SystemRoot%\System32\drivers\scfilter.sys,-11: System32\DRIVERS\scfilter.sys (manual start)
@%SystemRoot%\system32\schedsvc.dll,-100: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
@%SystemRoot%\System32\certprop.dll,-13: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
sdbus: system32\DRIVERS\sdbus.sys (manual start)
@%SystemRoot%\system32\sdrsvc.dll,-107: %SystemRoot%\system32\svchost.exe -k SDRSVC (manual start)
@%SystemRoot%\system32\seclogon.dll,-7001: %windir%\system32\svchost.exe -k netsvcs (manual start)
@%SystemRoot%\system32\Sens.dll,-200: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
@%SystemRoot%\System32\sensrsvc.dll,-1000: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation (manual start)
Serenum Filter Driver: \SystemRoot\system32\drivers\serenum.sys (manual start)
Serial: \SystemRoot\system32\drivers\serial.sys (manual start)
Serial Mouse Driver: \SystemRoot\system32\drivers\sermouse.sys (manual start)
@%SystemRoot%\System32\SessEnv.dll,-1026: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Sony Firmware Extension Parser: \SystemRoot\system32\drivers\SFEP.sys (manual start)
SFF Storage Class Driver: \SystemRoot\system32\drivers\sffdisk.sys (manual start)
SFF Storage Protocol Driver for MMC: \SystemRoot\system32\drivers\sffp_mmc.sys (manual start)
SFF Storage Protocol Driver for SDBus: \SystemRoot\system32\drivers\sffp_sd.sys (manual start)
High-Capacity Floppy Disk Drive: \SystemRoot\system32\drivers\sfloppy.sys (manual start)
@%SystemRoot%\system32\ipnathlp.dll,-106: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
@%SystemRoot%\System32\shsvcs.dll,-12288: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
SiSRaid2: \SystemRoot\system32\drivers\SiSRaid2.sys (manual start)
SiSRaid4: \SystemRoot\system32\drivers\sisraid4.sys (manual start)
@%SystemRoot%\system32\tcpipcfg.dll,-50005: system32\DRIVERS\smb.sys (manual start)
@%SystemRoot%\system32\snmptrap.exe,-3: %SystemRoot%\System32\snmptrap.exe (manual start)
VAIO Content Importer: "C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe" (manual start)
VAIO Device Searcher: "C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe" (manual start)
VAIO Entertainment Common Service: "C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe" (manual start)
@%systemroot%\system32\spoolsv.exe,-1: %SystemRoot%\System32\spoolsv.exe (autostart)
@%SystemRoot%\system32\sppsvc.exe,-101: %SystemRoot%\system32\sppsvc.exe (autostart)
@%SystemRoot%\system32\sppuinotify.dll,-103: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
SQL Server VSS Writer: "C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" (autostart)
@%systemroot%\system32\srvsvc.dll,-102: System32\DRIVERS\srv.sys (manual start)
@%systemroot%\system32\srvsvc.dll,-104: System32\DRIVERS\srv2.sys (manual start)
: System32\DRIVERS\srvnet.sys (manual start)
@%systemroot%\system32\ssdpsrv.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation (manual start)
SSPORT: \??\C:\Windows\system32\Drivers\SSPORT.sys (autostart)
@%SystemRoot%\system32\sstpsvc.dll,-200: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
Epson Printer Status Agent4: C:\Windows\SysWOW64\SAgent4.exe (autostart)
stexstor: \SystemRoot\system32\drivers\stexstor.sys (manual start)
@%SystemRoot%\system32\wiaservc.dll,-9: %SystemRoot%\system32\svchost.exe -k imgsvc (autostart)
Software Bus Driver: \SystemRoot\system32\drivers\swenum.sys (manual start)
@%SystemRoot%\System32\swprv.dll,-103: %SystemRoot%\System32\svchost.exe -k swprv (manual start)
@%SystemRoot%\system32\sysmain.dll,-1000: %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
@%SystemRoot%\system32\TabSvc.dll,-100: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
@%SystemRoot%\system32\tapisrv.dll,-10100: %SystemRoot%\System32\svchost.exe -k NetworkService (manual start)
@%SystemRoot%\system32\tbssvc.dll,-100: %SystemRoot%\System32\svchost.exe -k LocalServiceAndNoImpersonation (manual start)
@%SystemRoot%\system32\tcpipcfg.dll,-50003: System32\drivers\tcpip.sys (system)
Microsoft IPv6 Protocol Driver: system32\DRIVERS\tcpip.sys (manual start)
TCP/IP Registry Compatibility: System32\drivers\tcpipreg.sys (autostart)
TDPIPE: system32\drivers\tdpipe.sys (manual start)
TDTCP: system32\drivers\tdtcp.sys (manual start)
@%SystemRoot%\system32\tcpipcfg.dll,-50004: system32\DRIVERS\tdx.sys (system)
Terminal Device Driver: \SystemRoot\system32\drivers\termdd.sys (system)
@%SystemRoot%\System32\termsrv.dll,-268: %SystemRoot%\System32\svchost.exe -k NetworkService (manual start)
@%SystemRoot%\System32\themeservice.dll,-8192: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
@%systemroot%\system32\mmcss.dll,-102: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
@%SystemRoot%\system32\trkwks.dll,-1: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
@%SystemRoot%\servicing\TrustedInstaller.exe,-100: %SystemRoot%\servicing\TrustedInstaller.exe (manual start)
@%SystemRoot%\System32\DRIVERS\tssecsrv.sys,-101: System32\DRIVERS\tssecsrv.sys (manual start)
: system32\drivers\tsusbflt.sys (manual start)
Remote Desktop Generic USB Device: \SystemRoot\system32\drivers\TsUsbGD.sys (manual start)
Microsoft Tunnel Miniport Adapter Driver: system32\DRIVERS\tunnel.sys (manual start)
Microsoft AGPv3.5 Filter: \SystemRoot\system32\drivers\uagp35.sys (manual start)
CamMonitor: C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (autostart)
udfs: system32\DRIVERS\udfs.sys (disabled)
@%SystemRoot%\system32\ui0detect.exe,-101: %SystemRoot%\system32\UI0Detect.exe (manual start)
Uli AGP Bus Filter: \SystemRoot\system32\drivers\uliagpkx.sys (manual start)
UMBus Enumerator Driver: system32\DRIVERS\umbus.sys (manual start)
Microsoft UMPass Driver: system32\DRIVERS\umpass.sys (manual start)
Intel(R) Management and Security Application User Notification Service: "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" (autostart)
@%systemroot%\system32\upnphost.dll,-213: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation (manual start)
Apple Mobile USB Driver: System32\Drivers\usbaapl64.sys (manual start)
Microsoft USB Generic Parent Driver: system32\DRIVERS\usbccgp.sys (manual start)
eHome Infrared Receiver (USBCIR): \SystemRoot\system32\drivers\usbcir.sys (manual start)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: \SystemRoot\system32\drivers\usbehci.sys (manual start)
Microsoft USB Standard Hub Driver: system32\DRIVERS\usbhub.sys (manual start)
Microsoft USB Open Host Controller Miniport Driver: \SystemRoot\system32\drivers\usbohci.sys (manual start)
Microsoft USB PRINTER Class: system32\DRIVERS\usbprint.sys (manual start)
USB Scanner Driver: system32\DRIVERS\usbscan.sys (manual start)
USB Mass Storage Driver: system32\DRIVERS\USBSTOR.SYS (manual start)
Microsoft USB Universal Host Controller Miniport Driver: \SystemRoot\system32\drivers\usbuhci.sys (manual start)
USB Video Device (WDM): System32\Drivers\usbvideo.sys (manual start)
@%SystemRoot%\system32\dwm.exe,-2000: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
VAIO Event Service: "C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe" (autostart)
@%SystemRoot%\system32\vaultsvc.dll,-1003: %SystemRoot%\system32\lsass.exe (manual start)
VAIO Content Folder Watcher: "C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe" (manual start)
VAIO Content Metadata Intelligent Analyzing Manager: "C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe" (manual start)
VAIO Content Metadata Intelligent Network Service Manager: "C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe" (manual start)
VAIO Content Metadata XML Interface: "C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe" (manual start)
VCService: "C:\Program Files\Sony\VAIO Care\VCService.exe" (manual start)
Microsoft Virtual Drive Enumerator Driver: system32\drivers\vdrvroot.sys (system)
@%SystemRoot%\system32\vds.exe,-100: %SystemRoot%\System32\vds.exe (manual start)
vga: system32\DRIVERS\vgapnp.sys (manual start)
: \SystemRoot\System32\drivers\vga.sys (system)
vhdmp: \SystemRoot\system32\drivers\vhdmp.sys (manual start)
viaide: \SystemRoot\system32\drivers\viaide.sys (manual start)
Volume Manager Driver: system32\drivers\volmgr.sys (system)
@%SystemRoot%\system32\drivers\volmgrx.sys,-100: System32\drivers\volmgrx.sys (system)
Storage volumes: system32\drivers\volsnap.sys (system)
vsmraid: \SystemRoot\system32\drivers\vsmraid.sys (manual start)
VSNService: "C:\Program Files\Sony\VAIO Smart Network\VSNService.exe" (autostart)
@%systemroot%\system32\vssvc.exe,-102: %systemroot%\system32\vssvc.exe (manual start)
VUAgent: "C:\Program Files\Sony\VAIO Update\VUAgent.exe" (manual start)
Virtual WiFi Bus Driver: system32\DRIVERS\vwifibus.sys (manual start)
Virtual WiFi Filter Driver: system32\DRIVERS\vwififlt.sys (system)
Microsoft Virtual WiFi Miniport Service: system32\DRIVERS\vwifimp.sys (manual start)
@%SystemRoot%\system32\w32time.dll,-200: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
Wacom Serial Pen HID Driver: \SystemRoot\system32\drivers\wacompen.sys (manual start)
@%systemroot%\system32\rascfg.dll,-32011: system32\DRIVERS\wanarp.sys (manual start)
@%systemroot%\system32\rascfg.dll,-32012: system32\DRIVERS\wanarp.sys (system)
@%SystemRoot%\system32\Wat\WatUX.exe,-601: %SystemRoot%\system32\Wat\WatAdminSvc.exe (manual start)
@%systemroot%\system32\wbengine.exe,-104: "%systemroot%\system32\wbengine.exe" (manual start)
@%systemroot%\system32\wbiosrvc.dll,-100: %SystemRoot%\system32\svchost.exe -k WbioSvcGroup (manual start)
@%SystemRoot%\system32\wcncsvc.dll,-3: %SystemRoot%\System32\svchost.exe -k LocalServiceAndNoImpersonation (manual start)
@%SystemRoot%\system32\WcsPlugInService.dll,-200: %SystemRoot%\system32\svchost.exe -k wcssvc (manual start)
Microsoft Watchdog Timer Driver: system32\drivers\wd.sys (system)
@%SystemRoot%\system32\drivers\Wdf01000.sys,-1000: system32\drivers\Wdf01000.sys (system)
@%systemroot%\system32\wdi.dll,-502: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
@%systemroot%\system32\wdi.dll,-500: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
@%systemroot%\system32\webclnt.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
@%SystemRoot%\system32\wecsvc.dll,-200: %SystemRoot%\system32\svchost.exe -k NetworkService (manual start)
@%SystemRoot%\System32\wercplsupport.dll,-101: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
@%SystemRoot%\System32\wersvc.dll,-100: %SystemRoot%\System32\svchost.exe -k WerSvcGroup (manual start)
WFP Lightweight Filter: system32\DRIVERS\wfplwf.sys (system)
WIMMount: system32\drivers\wimmount.sys (manual start)
@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103: %SystemRoot%\System32\svchost.exe -k secsvcs (autostart)
@%SystemRoot%\system32\winhttp.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalService (manual start)
@%Systemroot%\system32\wbem\wmisvc.dll,-205: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
@%Systemroot%\system32\wsmsvc.dll,-101: %SystemRoot%\System32\svchost.exe -k NetworkService (manual start)
WinUsb: system32\DRIVERS\WinUsb.sys (manual start)
@%SystemRoot%\System32\wlansvc.dll,-257: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted (autostart)
Windows Live Mesh remote connections service: "C:\Program Files\Windows Live\Mesh\wlcrasvc.exe" (disabled)
Windows Live ID Sign-in Assistant: "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" (autostart)
Microsoft Windows Management Interface for ACPI: \SystemRoot\system32\drivers\wmiacpi.sys (manual start)
@%Systemroot%\system32\wbem\wmiapsrv.exe,-110: %systemroot%\system32\wbem\WmiApSrv.exe (manual start)
@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101: "%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe" (autostart)
@%SystemRoot%\system32\wpcsvc.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted (manual start)
@%SystemRoot%\system32\wpdbusenum.dll,-100: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
@%systemroot%\System32\drivers\ws2ifsl.sys,-1000: \SystemRoot\system32\drivers\ws2ifsl.sys (disabled)
@%SystemRoot%\System32\wscsvc.dll,-200: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted (autostart)
@%systemroot%\system32\SearchIndexer.exe,-103: %systemroot%\system32\SearchIndexer.exe /Embedding (autostart)
@%systemroot%\system32\wuaueng.dll,-105: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
@%SystemRoot%\system32\drivers\Wudfpf.sys,-1000: system32\drivers\WudfPf.sys (manual start)
WUDFRd: system32\DRIVERS\WUDFRd.sys (manual start)
@%SystemRoot%\system32\wudfsvc.dll,-1000: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted (manual start)
@%SystemRoot%\System32\wwansvc.dll,-257: %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork (manual start)

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

WebCheck: *Registry key not found*

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

End of report, 56,410 bytes
Report generated in 0.265 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only


----------



## Grubbs (Nov 17, 2003)

From HJT uninstall_list log:

ABBYY FineReader 9.0 Sprint
ABBYY FineReader 9.0 Sprint
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Apple Application Support
Apple Software Update
Application Manager for VAIO
ArcSoft Magic-i Visual Effects 2
ArcSoft WebCam Companion 4
Atheros WiFi Driver Installation
avast! Free Antivirus
Content Transfer
Crimson Editor SVN286M
D3DX10
Deer Hunt Challenge SE
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
[email protected] 2.0.3
EA Network Play System
Entity Framework Designer for Visual Studio 2012 - enu
Epson Connect
Epson Connect Printer Setup
Epson Download Navigator
Epson Event Manager
Epson FAX Utility
Epson PC-FAX Driver
Epson Print CD
EPSON Scan
EpsonNet Print
Evernote v. 4.5.10
FileZilla Client 3.5.3
Google Chrome
Google Update Helper
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
Java 7 Update 25
Jing
Junk Mail filter update
KeePass Password Safe 2.22
Mesh Runtime
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft .NET Framework 4.5 Multi-Targeting Pack
Microsoft .NET Framework 4.5 SDK
Microsoft Access 2010 Runtime Service Pack 1 (SP1)
Microsoft Access 2010 Runtime Service Pack 1 (SP1)
Microsoft Access Runtime 2010
Microsoft Help Viewer 2.0
Microsoft Help Viewer 2.0
Microsoft NuGet - Visual Studio Express 2012 for Windows Desktop
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Runtime 2010
Microsoft Office Access Runtime MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Business 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2012 Data-Tier App Framework 
Microsoft SQL Server 2012 Management Objects 
Microsoft SQL Server 2012 T-SQL Language Service 
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Data Tools - enu (11.1.20828.01)
Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20828.01)
Microsoft System CLR Types for SQL Server 2012
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2012 32bit Compilers - ENU Resources
Microsoft Visual C++ 2012 Core Libraries
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Debug Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86-x64 Compilers
Microsoft Visual Studio 2012 Preparation
Microsoft Visual Studio 2012 Shell (Minimum)
Microsoft Visual Studio 2012 Shell (Minimum) Interop Assemblies
Microsoft Visual Studio 2012 Shell (Minimum) Resources
Microsoft Visual Studio 2012 Tools for SQL Server Compact 4.0 SP1 ENU
Microsoft Visual Studio Express 2012 for Windows Desktop
Microsoft Visual Studio Express 2012 for Windows Desktop - ENU
Microsoft Visual Studio Express 2012 for Windows Desktop - ENU
Microsoft Visual Studio Team Foundation Server 2012 Team Explorer
Microsoft Visual Studio Team Foundation Server 2012 Team Explorer Language Pack - ENU
Mozilla Firefox 23.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
MSXML 4.0 SP3 Parser (KB973685)
Oasis2Service
OOBE
PMB
PMB VAIO Edition Guide
PMB VAIO Edition Plug-in
PMB VAIO Edition Plug-in
Prerequisites for SSDT 
Qualcomm Atheros Direct Connect
QuickTime
Realtek PCIE Card Reader
Samsung ML-1200 Series
Security Update for Microsoft .NET Framework 4.5 (KB2729460)
Security Update for Microsoft .NET Framework 4.5 (KB2737083)
Security Update for Microsoft .NET Framework 4.5 (KB2742613)
Security Update for Microsoft .NET Framework 4.5 (KB2789648)
Security Update for Microsoft .NET Framework 4.5 (KB2804582)
Security Update for Microsoft .NET Framework 4.5 (KB2833957)
Security Update for Microsoft .NET Framework 4.5 (KB2840642)
Security Update for Microsoft .NET Framework 4.5 (KB2840642v2)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition
Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition
Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687276) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687276) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition
Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition
Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
Should I Remove It
SSLx86
SUABnR
SUABnR
Swis-Sys
Thief 1.25
TurboTax 2011 wariper
TurboTax 2012 WinPerReleaseEngine
Update for (KB2504637)
Update for Microsoft .NET Framework 4.5 (KB2750147)
Update for Microsoft .NET Framework 4.5 (KB2805221)
Update for Microsoft .NET Framework 4.5 (KB2805226)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Update for Microsoft Visual Studio 2012 (KB2781514)
VAIO - Media Gallery
VAIO - PMB VAIO Edition Guide
VAIO - PMB VAIO Edition Plug-in
VAIO - Remote Keyboard
VAIO - Remote Play with PlayStation®3
VAIO Care
VAIO Control Center
VAIO Data Restore Tool
VAIO Easy Connect
VAIO Easy Connect
VAIO Event Service
VAIO Gate
VAIO Gate Default
VAIO Help and Support
VAIO Improvement
VAIO Manual
VAIO Messenger
VAIO Quick Web Access
VAIO Quick Web Access
VAIO Sample Contents
VAIO Satisfaction Survey.
VAIO Smart Network
VAIO Transfer Support
VAIO Update
VCCx86
Verizon Wireless Software Upgrade Assistant - Samsung(ar)
Verizon Wireless Software Utility Application for Android - Samsung
VESx86
VGClientX86
VIx86
VSNx86
VU5x86
VU5x86
VWSTx86
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mail
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger
Windows Live Movie Maker
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer
Windows Live Writer
Windows Live Writer Resources
Windows Software Development Kit
Windows Software Development Kit DirectX x86 Remote
Windows Software Development Kit for Windows Store Apps
Windows Software Development Kit for Windows Store Apps DirectX x86 Remote


----------



## wannabeageek (Nov 12, 2009)

Hi grubbs,

There are 2 things I would like you to do:


Run these scans using an ethernet cable connection.
Tell me how long ago it was that you installed Microsoft .NET Framework 4.5

*Step 1.*
*TDSSKiller*

Please download *TDSSKiller.exe* and save it to your *Desktop*.


Double click on *TDSSKiller.exe* to launch it.
Click on *Start Scan*, the scan will run.
When the scan has finished, if it finds anything please click on the drop down arrow next to *Cure* and select *Skip*
Now click on *Report* to open the log file created by TDSSKiller in your root directory *C:\*
To find the log go to *Start* > *Computer* > *C:*
A log file should be created on your C: drive named something like *TDSSKiller.2.4.0.0 24.07.2010*.
*Post the contents of that log in your next reply please.*
*DO NOT TRY TO FIX ANYTHING AT THIS POINT*

*Step 2.*
*ESET online scanner*

*Note: You can use either Internet Explorer or Mozilla FireFox for this scan.*

_Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select *'Run as administrator' *to perform this scan._


First please *Disable* any* Antivirus * you have active, as shown in *This topic*. Scroll down to find your product.
*Note: Don't forget to re-enable it after the scan.*
Next hold down Control then click on the following link to open a new window to *ESET online scanner*
Press the Blue *Run ESET Online Scanner* button on the left side of the page.
A popup box will open.
Select the option *YES, I accept the Terms of Use* then click on *Start*.


> *Note:* If using Mozilla Firefox you will need to download *esetsmartinstaller_enu.exe* when prompted then double click on it to install.
> _All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox._



When prompted allow the *Add-On/Active X* to install.
Make sure that the option *Remove found threats* is *NOT* checked, and the option *Scan archives* is checked.
Now click on *Advanced Settings* and select the following:



*Scan for potentially unwanted applications*
*Scan for potentially unsafe applications*
*Enable Anti-Stealth Technology*

Now click on *Start*.
The *virus signature database... *will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the* Online Scan* will begin automatically.
When the scan is completed and you would like the program removed, select *Uninstall application on close. Be sure you have copied the log file first!*
Now click on *Finish*.
Use notepad to open the logfile located at *C:\Program Files\ESET\EsetOnlineScanner\log.txt*.
Copy and paste that log as a reply to this topic.

*Note:* Do not forget to re-enable your Anti-Virus application after running the above scan!

*Please include in your next reply:*


Answer to my question on Microsoft .NET Framework 4.5
Contents of C:\TDSSKiller.xxxxxxxxxxxxxxx.xxxx
Contents of C:\Program Files\ESET\EsetOnlineScanner\log.txt
*Any problem executing the instructions?*

Thanks, 
wbg


----------



## Grubbs (Nov 17, 2003)

Microsoft.NET Framework 4.5 installed 9/28/2012. So nearly a year ago.

First time I attempted running TDSSKiller, it started scanning, but then hung for over an hour. I noticed that even the laptop's system clock was frozen. I tried "CTRL-ALT-DEL", but no response for several minutes, then screen finally went completely black. Had to hard reboot. TDSSKiller seemed to run fine once booted back up, very quickly ran the scan but didn't find any threats. Will work on ESET online scanner next.

Scan from TDSSKiller:

13:05:09.0079 5064 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
13:05:10.0147 5064 ============================================================
13:05:10.0147 5064 Current date / time: 2013/09/15 13:05:10.0147
13:05:10.0147 5064 SystemInfo:
13:05:10.0147 5064 
13:05:10.0147 5064 OS Version: 6.1.7601 ServicePack: 1.0
13:05:10.0147 5064 Product type: Workstation
13:05:10.0148 5064 ComputerName: DEE-VAIO
13:05:10.0148 5064 UserName: Dee
13:05:10.0148 5064 Windows directory: C:\Windows
13:05:10.0148 5064 System windows directory: C:\Windows
13:05:10.0148 5064 Running under WOW64
13:05:10.0148 5064 Processor architecture: Intel x64
13:05:10.0148 5064 Number of processors: 2
13:05:10.0148 5064 Page size: 0x1000
13:05:10.0148 5064 Boot type: Normal boot
13:05:10.0148 5064 ============================================================
13:05:12.0538 5064 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:05:12.0553 5064 Drive \Device\Harddisk1\DR1 - Size: 0xEEB00000 (3.73 Gb), SectorSize: 0x200, Cylinders: 0x1E6, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:05:12.0553 5064 ============================================================
13:05:12.0553 5064 \Device\Harddisk0\DR0:
13:05:12.0553 5064 MBR partitions:
13:05:12.0553 5064 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14A7000, BlocksNum 0x32000
13:05:12.0553 5064 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x14D9000, BlocksNum 0x38EAC830
13:05:12.0553 5064 \Device\Harddisk1\DR1:
13:05:12.0553 5064 MBR partitions:
13:05:12.0553 5064 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0x7757E0
13:05:12.0553 5064 ============================================================
13:05:12.0663 5064 C: <-> \Device\Harddisk0\DR0\Partition2
13:05:12.0663 5064 ============================================================
13:05:12.0663 5064 Initialize success
13:05:12.0663 5064 ============================================================
13:05:38.0465 6028 ============================================================
13:05:38.0465 6028 Scan started
13:05:38.0465 6028 Mode: Manual; 
13:05:38.0465 6028 ============================================================
13:05:39.0853 6028 ================ Scan system memory ========================
13:05:39.0853 6028 System memory - ok
13:05:39.0853 6028 ================ Scan services =============================
13:05:40.0899 6028 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
13:05:40.0945 6028 1394ohci - ok
13:05:41.0273 6028 [ B33CF4DE909A5B30F526D82053A63C8E ] ABBYY.Licensing.FineReader.Sprint.9.0 C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
13:05:41.0398 6028 ABBYY.Licensing.FineReader.Sprint.9.0 - ok
13:05:41.0538 6028 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
13:05:41.0554 6028 ACDaemon - ok
13:05:41.0710 6028 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
13:05:41.0757 6028 ACPI - ok
13:05:41.0819 6028 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
13:05:41.0819 6028 AcpiPmi - ok
13:05:42.0911 6028 [ 476BB014F3F68C0C15EDDD5B444DA8FF ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:05:42.0927 6028 AdobeFlashPlayerUpdateSvc - ok
13:05:43.0020 6028 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
13:05:43.0036 6028 adp94xx - ok
13:05:43.0083 6028 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
13:05:43.0083 6028 adpahci - ok
13:05:43.0176 6028 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
13:05:43.0192 6028 adpu320 - ok
13:05:43.0223 6028 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
13:05:43.0239 6028 AeLookupSvc - ok
13:05:43.0379 6028 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
13:05:43.0426 6028 AFD - ok
13:05:43.0457 6028 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
13:05:43.0457 6028 agp440 - ok
13:05:43.0535 6028 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
13:05:43.0535 6028 ALG - ok
13:05:43.0644 6028 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
13:05:43.0660 6028 aliide - ok
13:05:43.0675 6028 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
13:05:43.0675 6028 amdide - ok
13:05:43.0722 6028 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
13:05:43.0722 6028 AmdK8 - ok
13:05:43.0785 6028 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
13:05:43.0785 6028 AmdPPM - ok
13:05:43.0847 6028 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
13:05:43.0847 6028 amdsata - ok
13:05:43.0909 6028 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
13:05:43.0909 6028 amdsbs - ok
13:05:43.0941 6028 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
13:05:43.0956 6028 amdxata - ok
13:05:44.0175 6028 [ 12BFA9EC4B03CC16BB7D19BAA308AEF2 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
13:05:44.0175 6028 ApfiltrService - ok
13:05:44.0253 6028 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
13:05:44.0268 6028 AppID - ok
13:05:44.0284 6028 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
13:05:44.0299 6028 AppIDSvc - ok
13:05:44.0346 6028 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll
13:05:44.0346 6028 Appinfo - ok
13:05:44.0611 6028 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:05:44.0611 6028 Apple Mobile Device - ok
13:05:44.0736 6028 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
13:05:44.0736 6028 arc - ok
13:05:44.0783 6028 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
13:05:44.0783 6028 arcsas - ok
13:05:44.0861 6028 [ C130BC4A51B1382B2BE8E44579EC4C0A ] ArcSoftKsUFilter C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
13:05:44.0861 6028 ArcSoftKsUFilter - ok
13:05:45.0313 6028 [ 108FB6DDB69E537A2EA53F425363FAE5 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
13:05:45.0345 6028 aspnet_state - ok
13:05:45.0391 6028 [ 0BAEFD3F648C6E7AB52990DD9565E4E2 ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
13:05:45.0391 6028 aswFsBlk - ok
13:05:45.0516 6028 [ FA562F34ED6633C66170B09182B4C049 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
13:05:45.0516 6028 aswMonFlt - ok
13:05:45.0657 6028 [ 64E2BAB4096C13D2342BC4661C967E07 ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
13:05:45.0657 6028 aswRdr - ok
13:05:45.0781 6028 [ 5573AA70993A2BB81525B1C704B88763 ] aswRvrt C:\Windows\system32\drivers\aswRvrt.sys
13:05:45.0797 6028 aswRvrt - ok
13:05:46.0078 6028 [ 8C0800CDB501CFC1164B286A0478DC10 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
13:05:46.0093 6028 aswSnx - ok
13:05:46.0171 6028 [ 3815DB16CDA62190F5C0A65118F3D714 ] aswSP C:\Windows\system32\drivers\aswSP.sys
13:05:46.0171 6028 aswSP - ok
13:05:46.0265 6028 [ 29DD8E458A84171202AA4979364C30C0 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
13:05:46.0265 6028 aswTdi - ok
13:05:46.0343 6028 [ 22F521108881DC59837F6FC614E0568F ] aswVmm C:\Windows\system32\drivers\aswVmm.sys
13:05:46.0359 6028 aswVmm - ok
13:05:46.0390 6028 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
13:05:46.0390 6028 AsyncMac - ok
13:05:46.0452 6028 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
13:05:46.0452 6028 atapi - ok
13:05:46.0717 6028 [ A5E770426D18F8EF332A593F3289DA91 ] athr C:\Windows\system32\DRIVERS\athrx.sys
13:05:46.0795 6028 athr - ok
13:05:46.0858 6028 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:05:46.0889 6028 AudioEndpointBuilder - ok
13:05:46.0936 6028 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
13:05:46.0951 6028 AudioSrv - ok
13:05:47.0217 6028 [ 28D6701C710AD7BA3CB95E75F8F1A9AA ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
13:05:47.0217 6028 avast! Antivirus - ok
13:05:47.0341 6028 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
13:05:47.0341 6028 AxInstSV - ok
13:05:47.0388 6028 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
13:05:47.0388 6028 b06bdrv - ok
13:05:47.0497 6028 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
13:05:47.0497 6028 b57nd60a - ok
13:05:47.0560 6028 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
13:05:47.0560 6028 BDESVC - ok
13:05:47.0591 6028 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
13:05:47.0591 6028 Beep - ok
13:05:47.0685 6028 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
13:05:47.0731 6028 BFE - ok
13:05:47.0809 6028 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
13:05:47.0872 6028 BITS - ok
13:05:47.0919 6028 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
13:05:47.0919 6028 blbdrive - ok
13:05:48.0012 6028 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
13:05:48.0043 6028 Bonjour Service - ok
13:05:48.0075 6028 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
13:05:48.0090 6028 bowser - ok
13:05:48.0121 6028 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
13:05:48.0121 6028 BrFiltLo - ok
13:05:48.0137 6028 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
13:05:48.0153 6028 BrFiltUp - ok
13:05:48.0199 6028 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
13:05:48.0215 6028 Browser - ok
13:05:48.0246 6028 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
13:05:48.0262 6028 Brserid - ok
13:05:48.0277 6028 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
13:05:48.0277 6028 BrSerWdm - ok
13:05:48.0293 6028 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
13:05:48.0293 6028 BrUsbMdm - ok
13:05:48.0324 6028 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
13:05:48.0324 6028 BrUsbSer - ok
13:05:48.0340 6028 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
13:05:48.0340 6028 BTHMODEM - ok
13:05:48.0387 6028 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
13:05:48.0387 6028 bthserv - ok
13:05:48.0402 6028 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
13:05:48.0418 6028 cdfs - ok
13:05:48.0449 6028 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
13:05:48.0449 6028 cdrom - ok
13:05:48.0496 6028 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
13:05:48.0511 6028 CertPropSvc - ok
13:05:48.0558 6028 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
13:05:48.0558 6028 circlass - ok
13:05:48.0605 6028 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
13:05:48.0605 6028 CLFS - ok
13:05:48.0652 6028 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:05:48.0667 6028 clr_optimization_v2.0.50727_32 - ok
13:05:48.0699 6028 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:05:48.0714 6028 clr_optimization_v2.0.50727_64 - ok
13:05:48.0839 6028 [ 6D7C8A951AF6AD6835C029B3CB88D333 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:05:48.0886 6028 clr_optimization_v4.0.30319_32 - ok
13:05:48.0917 6028 [ 86329C35FF23CFEF0FB6C0023BA06BCE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:05:48.0933 6028 clr_optimization_v4.0.30319_64 - ok
13:05:48.0964 6028 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
13:05:48.0979 6028 CmBatt - ok
13:05:49.0011 6028 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
13:05:49.0011 6028 cmdide - ok
13:05:49.0073 6028 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
13:05:49.0104 6028 CNG - ok
13:05:49.0291 6028 [ 61F989B3E4C097DE52330BA00FCBCB67 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
13:05:49.0307 6028 CnxtHdAudService - ok
13:05:49.0385 6028 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
13:05:49.0385 6028 Compbatt - ok
13:05:49.0416 6028 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
13:05:49.0416 6028 CompositeBus - ok
13:05:49.0432 6028 COMSysApp - ok
13:05:49.0447 6028 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
13:05:49.0447 6028 crcdisk - ok
13:05:49.0510 6028 [ 6B400F211BEE880A37A1ED0368776BF4 ] CryptSvc C:\Windows\system32\cryptsvc.dll
13:05:49.0510 6028 CryptSvc - ok
13:05:49.0666 6028 [ 75E3C4BB1ED032310EDCF5691A452B4B ] DCDhcpService C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe
13:05:49.0666 6028 DCDhcpService - ok
13:05:49.0759 6028 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
13:05:49.0806 6028 DcomLaunch - ok
13:05:49.0869 6028 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
13:05:49.0900 6028 defragsvc - ok
13:05:49.0931 6028 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
13:05:49.0947 6028 DfsC - ok
13:05:50.0103 6028 [ 2D589A2C024B2FB238535DB9F7B3597D ] DgiVecp C:\Windows\system32\Drivers\DgiVecp.sys
13:05:50.0103 6028 DgiVecp - ok
13:05:50.0181 6028 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
13:05:50.0181 6028 Dhcp - ok
13:05:50.0227 6028 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
13:05:50.0227 6028 discache - ok
13:05:50.0290 6028 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
13:05:50.0290 6028 Disk - ok
13:05:50.0337 6028 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
13:05:50.0337 6028 Dnscache - ok
13:05:50.0383 6028 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
13:05:50.0399 6028 dot3svc - ok
13:05:50.0415 6028 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
13:05:50.0415 6028 DPS - ok
13:05:50.0461 6028 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
13:05:50.0461 6028 drmkaud - ok
13:05:50.0493 6028 DVDAccss - ok
13:05:50.0633 6028 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
13:05:50.0633 6028 DXGKrnl - ok
13:05:50.0695 6028 [ 50AD8FC1DC800FF36087994C8F7FDFF2 ] e1yexpress C:\Windows\system32\DRIVERS\e1y60x64.sys
13:05:50.0695 6028 e1yexpress - ok
13:05:50.0758 6028 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
13:05:50.0758 6028 EapHost - ok
13:05:51.0101 6028 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
13:05:51.0210 6028 ebdrv - ok
13:05:51.0273 6028 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
13:05:51.0273 6028 EFS - ok
13:05:51.0351 6028 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
13:05:51.0382 6028 ehRecvr - ok
13:05:51.0397 6028 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
13:05:51.0413 6028 ehSched - ok
13:05:51.0444 6028 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
13:05:51.0475 6028 elxstor - ok
13:05:51.0522 6028 [ ABDD5AD016AFFD34AD40E944CE94BF59 ] EpsonBidirectionalService C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
13:05:51.0522 6028 EpsonBidirectionalService - ok
13:05:51.0694 6028 [ 757305C7AD34222F4A46D86FE0BEE241 ] EpsonCustomerParticipation C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
13:05:51.0709 6028 EpsonCustomerParticipation - ok
13:05:51.0772 6028 [ 7C5BFAAC8DCE7292B0C04EBF892E71F9 ] EPSON_EB_RPCV4_04 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
13:05:51.0772 6028 EPSON_EB_RPCV4_04 - ok
13:05:51.0787 6028 [ D4615670CD49A1679E6067F155C47C68 ] EPSON_PM_RPCV4_04 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
13:05:51.0803 6028 EPSON_PM_RPCV4_04 - ok
13:05:51.0819 6028 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
13:05:51.0819 6028 ErrDev - ok
13:05:51.0881 6028 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
13:05:51.0881 6028 EventSystem - ok
13:05:51.0928 6028 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
13:05:51.0928 6028 exfat - ok
13:05:51.0943 6028 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
13:05:51.0943 6028 fastfat - ok
13:05:51.0975 6028 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
13:05:52.0006 6028 Fax - ok
13:05:52.0021 6028 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
13:05:52.0021 6028 fdc - ok
13:05:52.0053 6028 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
13:05:52.0068 6028 fdPHost - ok
13:05:52.0099 6028 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
13:05:52.0099 6028 FDResPub - ok
13:05:52.0131 6028 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
13:05:52.0131 6028 FileInfo - ok
13:05:52.0146 6028 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
13:05:52.0146 6028 Filetrace - ok
13:05:52.0162 6028 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
13:05:52.0162 6028 flpydisk - ok
13:05:52.0193 6028 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
13:05:52.0193 6028 FltMgr - ok
13:05:52.0271 6028 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
13:05:52.0318 6028 FontCache - ok
13:05:52.0349 6028 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:05:52.0365 6028 FontCache3.0.0.0 - ok
13:05:52.0380 6028 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
13:05:52.0380 6028 FsDepends - ok
13:05:52.0411 6028 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
13:05:52.0411 6028 Fs_Rec - ok
13:05:52.0474 6028 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
13:05:52.0474 6028 fvevol - ok
13:05:52.0521 6028 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
13:05:52.0521 6028 gagp30kx - ok
13:05:52.0567 6028 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:05:52.0567 6028 GEARAspiWDM - ok
13:05:52.0645 6028 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
13:05:52.0677 6028 gpsvc - ok
13:05:52.0770 6028 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:05:52.0770 6028 gupdate - ok
13:05:52.0786 6028 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:05:52.0786 6028 gupdatem - ok
13:05:52.0833 6028 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
13:05:52.0833 6028 hcw85cir - ok
13:05:52.0895 6028 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:05:52.0895 6028 HdAudAddService - ok
13:05:52.0926 6028 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
13:05:52.0942 6028 HDAudBus - ok
13:05:52.0957 6028 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
13:05:52.0957 6028 HidBatt - ok
13:05:53.0051 6028 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
13:05:53.0051 6028 HidBth - ok
13:05:53.0082 6028 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
13:05:53.0082 6028 HidIr - ok
13:05:53.0113 6028 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
13:05:53.0129 6028 hidserv - ok
13:05:53.0160 6028 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
13:05:53.0160 6028 HidUsb - ok
13:05:53.0191 6028 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
13:05:53.0207 6028 hkmsvc - ok
13:05:53.0223 6028 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:05:53.0238 6028 HomeGroupListener - ok
13:05:53.0269 6028 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:05:53.0269 6028 HomeGroupProvider - ok
13:05:53.0301 6028 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
13:05:53.0301 6028 HpSAMD - ok
13:05:53.0347 6028 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
13:05:53.0363 6028 HTTP - ok
13:05:53.0394 6028 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
13:05:53.0394 6028 hwpolicy - ok
13:05:53.0410 6028 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
13:05:53.0425 6028 i8042prt - ok
13:05:53.0457 6028 [ F7CE9BE72EDAC499B713ECA6DAE5D26F ] iaStor C:\Windows\system32\drivers\iaStor.sys
13:05:53.0472 6028 iaStor - ok
13:05:53.0535 6028 [ B25F192EA1F84A316EB7C19EFCCCF33D ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
13:05:53.0535 6028 IAStorDataMgrSvc - ok
13:05:53.0581 6028 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
13:05:53.0613 6028 iaStorV - ok
13:05:53.0769 6028 [ 3CC7B3BB1A9EA201A040883EDFAA67A0 ] IconMan_R C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
13:05:53.0847 6028 IconMan_R - ok
13:05:53.0893 6028 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:05:53.0925 6028 idsvc - ok
13:05:54.0533 6028 [ 0BD58366C86EF9DDC4F61AFED0CADA99 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
13:05:54.0798 6028 igfx - ok
13:05:54.0829 6028 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
13:05:54.0845 6028 iirsp - ok
13:05:54.0876 6028 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
13:05:54.0907 6028 IKEEXT - ok
13:05:54.0970 6028 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
13:05:54.0970 6028 IntcDAud - ok
13:05:54.0985 6028 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
13:05:55.0001 6028 intelide - ok
13:05:55.0032 6028 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys
13:05:55.0032 6028 intelppm - ok
13:05:55.0157 6028 [ D9DA7B3117BF5EFF921C0CDED4D58050 ] IntuitUpdateServiceV4 C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
13:05:55.0157 6028 IntuitUpdateServiceV4 - ok
13:05:55.0188 6028 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
13:05:55.0204 6028 IPBusEnum - ok
13:05:55.0219 6028 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:05:55.0219 6028 IpFilterDriver - ok
13:05:55.0266 6028 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
13:05:55.0282 6028 iphlpsvc - ok
13:05:55.0313 6028 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
13:05:55.0313 6028 IPMIDRV - ok
13:05:55.0329 6028 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
13:05:55.0344 6028 IPNAT - ok
13:05:55.0407 6028 [ 0FF335D687C85097725A53458160E81E ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
13:05:55.0422 6028 iPod Service - ok
13:05:55.0453 6028 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
13:05:55.0453 6028 IRENUM - ok
13:05:55.0469 6028 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
13:05:55.0469 6028 isapnp - ok
13:05:55.0500 6028 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
13:05:55.0516 6028 iScsiPrt - ok
13:05:55.0547 6028 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
13:05:55.0547 6028 kbdclass - ok
13:05:55.0578 6028 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
13:05:55.0578 6028 kbdhid - ok
13:05:55.0594 6028 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
13:05:55.0609 6028 KeyIso - ok
13:05:55.0641 6028 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
13:05:55.0656 6028 KSecDD - ok
13:05:55.0672 6028 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
13:05:55.0672 6028 KSecPkg - ok
13:05:55.0703 6028 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
13:05:55.0703 6028 ksthunk - ok
13:05:55.0781 6028 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
13:05:55.0797 6028 KtmRm - ok
13:05:55.0859 6028 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
13:05:55.0875 6028 LanmanServer - ok
13:05:55.0906 6028 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:05:55.0921 6028 LanmanWorkstation - ok
13:05:55.0968 6028 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
13:05:55.0968 6028 lltdio - ok
13:05:55.0999 6028 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
13:05:56.0015 6028 lltdsvc - ok
13:05:56.0046 6028 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
13:05:56.0046 6028 lmhosts - ok
13:05:56.0109 6028 [ 98B16E756243BEA9410E32025B19C06F ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
13:05:56.0109 6028 LMS - ok
13:05:56.0140 6028 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
13:05:56.0155 6028 LSI_FC - ok
13:05:56.0171 6028 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
13:05:56.0171 6028 LSI_SAS - ok
13:05:56.0187 6028 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
13:05:56.0187 6028 LSI_SAS2 - ok
13:05:56.0202 6028 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
13:05:56.0218 6028 LSI_SCSI - ok
13:05:56.0233 6028 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
13:05:56.0233 6028 luafv - ok
13:05:56.0280 6028 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
13:05:56.0296 6028 Mcx2Svc - ok
13:05:56.0311 6028 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
13:05:56.0327 6028 megasas - ok
13:05:56.0358 6028 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
13:05:56.0358 6028 MegaSR - ok
13:05:56.0405 6028 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\drivers\HECIx64.sys
13:05:56.0405 6028 MEIx64 - ok
13:05:56.0467 6028 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
13:05:56.0483 6028 MMCSS - ok
13:05:56.0499 6028 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
13:05:56.0499 6028 Modem - ok
13:05:56.0514 6028 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
13:05:56.0514 6028 monitor - ok
13:05:56.0545 6028 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
13:05:56.0545 6028 mouclass - ok
13:05:56.0577 6028 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
13:05:56.0577 6028 mouhid - ok
13:05:56.0592 6028 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
13:05:56.0592 6028 mountmgr - ok
13:05:56.0670 6028 [ A35576A433F4AEB0D48976A004657CB6 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
13:05:56.0670 6028 MozillaMaintenance - ok
13:05:56.0701 6028 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
13:05:56.0717 6028 mpio - ok
13:05:56.0733 6028 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
13:05:56.0748 6028 mpsdrv - ok
13:05:56.0779 6028 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
13:05:56.0811 6028 MpsSvc - ok
13:05:56.0826 6028 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
13:05:56.0826 6028 MRxDAV - ok
13:05:56.0857 6028 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
13:05:56.0857 6028 mrxsmb - ok
13:05:56.0889 6028 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:05:56.0889 6028 mrxsmb10 - ok
13:05:56.0904 6028 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:05:56.0920 6028 mrxsmb20 - ok
13:05:56.0935 6028 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
13:05:56.0951 6028 msahci - ok
13:05:56.0967 6028 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
13:05:56.0982 6028 msdsm - ok
13:05:56.0998 6028 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
13:05:57.0013 6028 MSDTC - ok
13:05:57.0045 6028 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
13:05:57.0045 6028 Msfs - ok
13:05:57.0060 6028 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
13:05:57.0060 6028 mshidkmdf - ok
13:05:57.0060 6028 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
13:05:57.0060 6028 msisadrv - ok
13:05:57.0107 6028 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
13:05:57.0107 6028 MSiSCSI - ok
13:05:57.0107 6028 msiserver - ok
13:05:57.0138 6028 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
13:05:57.0138 6028 MSKSSRV - ok
13:05:57.0154 6028 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
13:05:57.0154 6028 MSPCLOCK - ok
13:05:57.0169 6028 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
13:05:57.0169 6028 MSPQM - ok
13:05:57.0201 6028 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
13:05:57.0216 6028 MsRPC - ok
13:05:57.0263 6028 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
13:05:57.0263 6028 mssmbios - ok
13:05:57.0279 6028 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
13:05:57.0279 6028 MSTEE - ok
13:05:57.0294 6028 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
13:05:57.0310 6028 MTConfig - ok
13:05:57.0325 6028 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
13:05:57.0325 6028 Mup - ok
13:05:57.0388 6028 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
13:05:57.0403 6028 napagent - ok
13:05:57.0435 6028 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
13:05:57.0450 6028 NativeWifiP - ok
13:05:57.0544 6028 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
13:05:57.0559 6028 NDIS - ok
13:05:57.0591 6028 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
13:05:57.0591 6028 NdisCap - ok
13:05:57.0622 6028 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
13:05:57.0622 6028 NdisTapi - ok
13:05:57.0653 6028 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
13:05:57.0653 6028 Ndisuio - ok
13:05:57.0669 6028 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
13:05:57.0669 6028 NdisWan - ok
13:05:57.0700 6028 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
13:05:57.0700 6028 NDProxy - ok
13:05:57.0731 6028 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
13:05:57.0731 6028 NetBIOS - ok
13:05:57.0747 6028 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
13:05:57.0747 6028 NetBT - ok
13:05:57.0762 6028 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
13:05:57.0778 6028 Netlogon - ok
13:05:57.0809 6028 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
13:05:57.0825 6028 Netman - ok
13:05:57.0856 6028 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:05:57.0871 6028 NetMsmqActivator - ok
13:05:57.0871 6028 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:05:57.0871 6028 NetPipeActivator - ok
13:05:57.0887 6028 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
13:05:57.0903 6028 netprofm - ok
13:05:57.0918 6028 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:05:57.0918 6028 NetTcpActivator - ok
13:05:57.0934 6028 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:05:57.0934 6028 NetTcpPortSharing - ok
13:05:57.0965 6028 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
13:05:57.0981 6028 nfrd960 - ok
13:05:58.0059 6028 [ C5EAE2B8A6188F8A3810D6FE80F3F3D7 ] NitroReaderDriverReadSpool3 C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
13:05:58.0059 6028 NitroReaderDriverReadSpool3 - ok
13:05:58.0121 6028 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
13:05:58.0168 6028 NlaSvc - ok
13:05:58.0183 6028 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
13:05:58.0183 6028 Npfs - ok
13:05:58.0215 6028 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
13:05:58.0230 6028 nsi - ok
13:05:58.0246 6028 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
13:05:58.0246 6028 nsiproxy - ok
13:05:58.0339 6028 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
13:05:58.0386 6028 Ntfs - ok
13:05:58.0417 6028 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
13:05:58.0417 6028 Null - ok
13:05:58.0761 6028 [ DD81FBC57AB9134CDDC5CE90880BFD80 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
13:05:59.0026 6028 nvlddmkm - ok
13:05:59.0057 6028 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
13:05:59.0057 6028 nvraid - ok
13:05:59.0088 6028 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
13:05:59.0088 6028 nvstor - ok
13:05:59.0104 6028 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
13:05:59.0104 6028 nv_agp - ok
13:05:59.0213 6028 [ 5B4E5D841B029EDF5FFB71E50C2D2C02 ] Oasis2Service C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe
13:05:59.0213 6028 Oasis2Service - ok
13:05:59.0260 6028 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
13:05:59.0275 6028 ohci1394 - ok
13:05:59.0416 6028 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:05:59.0431 6028 ose - ok
13:05:59.0650 6028 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
13:05:59.0776 6028 osppsvc - ok
13:05:59.0854 6028 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
13:05:59.0869 6028 p2pimsvc - ok
13:05:59.0916 6028 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
13:05:59.0932 6028 p2psvc - ok
13:05:59.0963 6028 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
13:05:59.0963 6028 Parport - ok
13:05:59.0994 6028 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
13:05:59.0994 6028 partmgr - ok
13:06:00.0025 6028 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
13:06:00.0041 6028 PcaSvc - ok
13:06:00.0088 6028 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
13:06:00.0088 6028 pci - ok
13:06:00.0119 6028 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
13:06:00.0119 6028 pciide - ok
13:06:00.0150 6028 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
13:06:00.0166 6028 pcmcia - ok
13:06:00.0181 6028 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
13:06:00.0181 6028 pcw - ok
13:06:00.0212 6028 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH  C:\Windows\system32\drivers\peauth.sys
13:06:00.0244 6028 PEAUTH - ok
13:06:00.0353 6028 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
13:06:00.0384 6028 PerfHost - ok
13:06:00.0415 6028 pfc - ok
13:06:00.0509 6028 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
13:06:00.0556 6028 pla - ok
13:06:00.0602 6028 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
13:06:00.0618 6028 PlugPlay - ok
13:06:00.0774 6028 [ 63694C307273062A2167AE4CE80730EF ] PMBDeviceInfoProvider C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
13:06:00.0821 6028 PMBDeviceInfoProvider - ok
13:06:00.0836 6028 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
13:06:00.0852 6028 PNRPAutoReg - ok
13:06:00.0883 6028 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
13:06:00.0883 6028 PNRPsvc - ok
13:06:00.0930 6028 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
13:06:00.0930 6028 PolicyAgent - ok
13:06:00.0977 6028 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
13:06:00.0992 6028 Power - ok
13:06:01.0008 6028 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
13:06:01.0024 6028 PptpMiniport - ok
13:06:01.0055 6028 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
13:06:01.0055 6028 Processor - ok
13:06:01.0117 6028 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
13:06:01.0133 6028 ProfSvc - ok
13:06:01.0148 6028 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
13:06:01.0148 6028 ProtectedStorage - ok
13:06:01.0180 6028 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
13:06:01.0195 6028 Psched - ok
13:06:01.0258 6028 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
13:06:01.0336 6028 ql2300 - ok
13:06:01.0351 6028 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
13:06:01.0367 6028 ql40xx - ok
13:06:01.0382 6028 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
13:06:01.0414 6028 QWAVE - ok
13:06:01.0429 6028 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
13:06:01.0429 6028 QWAVEdrv - ok
13:06:01.0492 6028 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
13:06:01.0492 6028 RasAcd - ok
13:06:01.0554 6028 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
13:06:01.0554 6028 RasAgileVpn - ok
13:06:01.0601 6028 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
13:06:01.0616 6028 RasAuto - ok
13:06:01.0632 6028 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
13:06:01.0648 6028 Rasl2tp - ok
13:06:01.0679 6028 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
13:06:01.0710 6028 RasMan - ok
13:06:01.0757 6028 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
13:06:01.0772 6028 RasPppoe - ok
13:06:01.0804 6028 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
13:06:01.0804 6028 RasSstp - ok
13:06:01.0850 6028 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
13:06:01.0866 6028 rdbss - ok
13:06:01.0882 6028 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
13:06:01.0882 6028 rdpbus - ok
13:06:01.0913 6028 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
13:06:01.0913 6028 RDPCDD - ok
13:06:01.0928 6028 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
13:06:01.0928 6028 RDPENCDD - ok
13:06:01.0944 6028 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
13:06:01.0944 6028 RDPREFMP - ok
13:06:02.0006 6028 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
13:06:02.0006 6028 RDPWD - ok
13:06:02.0053 6028 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
13:06:02.0053 6028 rdyboost - ok
13:06:02.0084 6028 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
13:06:02.0100 6028 RemoteAccess - ok
13:06:02.0116 6028 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
13:06:02.0131 6028 RemoteRegistry - ok
13:06:02.0162 6028 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
13:06:02.0162 6028 RpcEptMapper - ok
13:06:02.0178 6028 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
13:06:02.0194 6028 RpcLocator - ok
13:06:02.0209 6028 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
13:06:02.0225 6028 RpcSs - ok
13:06:02.0240 6028 [ EBBFA2B4E317AF86E93FEC4C04D7A9B3 ] RSPCIESTOR C:\Windows\system32\DRIVERS\RtsPStor.sys
13:06:02.0256 6028 RSPCIESTOR - ok
13:06:02.0303 6028 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
13:06:02.0303 6028 rspndr - ok
13:06:02.0350 6028 [ EA5532868BA76923D75BCB2A1448D810 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
13:06:02.0350 6028 RTL8167 - ok
13:06:02.0396 6028 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
13:06:02.0396 6028 SamSs - ok
13:06:02.0412 6028 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
13:06:02.0428 6028 sbp2port - ok
13:06:02.0443 6028 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
13:06:02.0459 6028 SCardSvr - ok
13:06:02.0474 6028 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
13:06:02.0474 6028 scfilter - ok
13:06:02.0506 6028 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
13:06:02.0537 6028 Schedule - ok
13:06:02.0568 6028 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
13:06:02.0568 6028 SCPolicySvc - ok
13:06:02.0615 6028 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
13:06:02.0615 6028 sdbus - ok
13:06:02.0646 6028 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
13:06:02.0646 6028 SDRSVC - ok
13:06:02.0677 6028 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
13:06:02.0677 6028 secdrv - ok
13:06:02.0693 6028 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
13:06:02.0693 6028 seclogon - ok
13:06:02.0708 6028 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
13:06:02.0708 6028 SENS - ok
13:06:02.0740 6028 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
13:06:02.0740 6028 SensrSvc - ok
13:06:02.0755 6028 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
13:06:02.0755 6028 Serenum - ok
13:06:02.0802 6028 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
13:06:02.0818 6028 Serial - ok
13:06:02.0833 6028 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
13:06:02.0833 6028 sermouse - ok
13:06:02.0864 6028 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
13:06:02.0864 6028 SessionEnv - ok
13:06:02.0911 6028 [ 286D3889E6AB5589646FF8A63CB928AE ] SFEP C:\Windows\system32\drivers\SFEP.sys
13:06:02.0911 6028 SFEP - ok
13:06:02.0927 6028 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
13:06:02.0927 6028 sffdisk - ok
13:06:02.0958 6028 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
13:06:02.0974 6028 sffp_mmc - ok
13:06:03.0005 6028 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
13:06:03.0005 6028 sffp_sd - ok
13:06:03.0005 6028 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
13:06:03.0020 6028 sfloppy - ok
13:06:03.0052 6028 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
13:06:03.0067 6028 SharedAccess - ok
13:06:03.0098 6028 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:06:03.0114 6028 ShellHWDetection - ok
13:06:03.0130 6028 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
13:06:03.0145 6028 SiSRaid2 - ok
13:06:03.0176 6028 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
13:06:03.0176 6028 SiSRaid4 - ok
13:06:03.0192 6028 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
13:06:03.0192 6028 Smb - ok
13:06:03.0254 6028 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
13:06:03.0254 6028 SNMPTRAP - ok
13:06:03.0426 6028 [ DDF2EC98AF6FC70608A4F9CE4DB52758 ] SOHCImp C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
13:06:03.0442 6028 SOHCImp - ok
13:06:03.0488 6028 [ 5FA03F5EA6EFEF6D17B4A1A48C40A23C ] SOHDs C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
13:06:03.0488 6028 SOHDs - ok
13:06:03.0551 6028 [ 65E5659E9C2A0762D05657C0E22A7CA2 ] SpfService C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
13:06:03.0566 6028 SpfService - ok
13:06:03.0598 6028 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
13:06:03.0598 6028 spldr - ok
13:06:03.0660 6028 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
13:06:03.0738 6028 Spooler - ok
13:06:03.0972 6028 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
13:06:04.0097 6028 sppsvc - ok
13:06:04.0097 6028 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
13:06:04.0128 6028 sppuinotify - ok
13:06:04.0237 6028 [ EAD5300C93946B0250A309E2BF2BE4CF ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
13:06:04.0237 6028 SQLWriter - ok
13:06:04.0315 6028 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
13:06:04.0331 6028 srv - ok
13:06:04.0346 6028 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
13:06:04.0378 6028 srv2 - ok
13:06:04.0409 6028 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
13:06:04.0409 6028 srvnet - ok
13:06:04.0440 6028 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
13:06:04.0440 6028 SSDPSRV - ok
13:06:04.0471 6028 [ 0211AB46B73A2623B86C1CFCB30579AB ] SSPORT C:\Windows\system32\Drivers\SSPORT.sys
13:06:04.0471 6028 SSPORT - ok
13:06:04.0487 6028 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
13:06:04.0487 6028 SstpSvc - ok
13:06:04.0565 6028 [ 773940B8D50439391FFA619B3EEF01A3 ] StatusAgent4 C:\Windows\SysWOW64\SAgent4.exe
13:06:04.0565 6028 StatusAgent4 - ok
13:06:04.0596 6028 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
13:06:04.0612 6028 stexstor - ok
13:06:04.0643 6028 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
13:06:04.0674 6028 stisvc - ok
13:06:04.0674 6028 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
13:06:04.0674 6028 swenum - ok
13:06:04.0736 6028 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
13:06:04.0768 6028 swprv - ok
13:06:04.0846 6028 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
13:06:04.0924 6028 SysMain - ok
13:06:04.0939 6028 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:06:04.0939 6028 TabletInputService - ok
13:06:04.0986 6028 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
13:06:04.0986 6028 TapiSrv - ok
13:06:05.0002 6028 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
13:06:05.0002 6028 TBS - ok
13:06:05.0111 6028 [ DB74544B75566C974815E79A62433F29 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
13:06:05.0204 6028 Tcpip - ok
13:06:05.0579 6028 [ DB74544B75566C974815E79A62433F29 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
13:06:05.0594 6028 TCPIP6 - ok
13:06:05.0641 6028 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
13:06:05.0641 6028 tcpipreg - ok
13:06:05.0672 6028 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
13:06:05.0672 6028 TDPIPE - ok
13:06:05.0813 6028 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
13:06:05.0813 6028 TDTCP - ok
13:06:05.0875 6028 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
13:06:05.0875 6028 tdx - ok
13:06:05.0953 6028 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
13:06:05.0953 6028 TermDD - ok
13:06:06.0031 6028 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
13:06:06.0078 6028 TermService - ok
13:06:06.0109 6028 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
13:06:06.0109 6028 Themes - ok
13:06:06.0140 6028 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
13:06:06.0140 6028 THREADORDER - ok
13:06:06.0172 6028 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
13:06:06.0187 6028 TrkWks - ok
13:06:06.0218 6028 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:06:06.0218 6028 TrustedInstaller - ok
13:06:06.0265 6028 [ 4CE278FC9671BA81A138D70823FCAA09 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
13:06:06.0265 6028 tssecsrv - ok
13:06:06.0296 6028 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
13:06:06.0296 6028 TsUsbFlt - ok
13:06:06.0328 6028 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
13:06:06.0328 6028 TsUsbGD - ok
13:06:06.0374 6028 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
13:06:06.0374 6028 tunnel - ok
13:06:06.0406 6028 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
13:06:06.0406 6028 uagp35 - ok
13:06:06.0468 6028 [ 1FE69F3C1CA1CF4B7EC7E2E9090FFFDC ] uCamMonitor C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
13:06:06.0468 6028 uCamMonitor - ok
13:06:06.0515 6028 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
13:06:06.0515 6028 udfs - ok
13:06:06.0562 6028 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
13:06:06.0562 6028 UI0Detect - ok
13:06:06.0577 6028 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
13:06:06.0593 6028 uliagpkx - ok
13:06:06.0624 6028 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
13:06:06.0624 6028 umbus - ok
13:06:06.0640 6028 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
13:06:06.0640 6028 UmPass - ok
13:06:06.0905 6028 [ 7A78ED1088890114DFDE2C4AB038D6B6 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
13:06:07.0030 6028 UNS - ok
13:06:07.0092 6028 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
13:06:07.0139 6028 upnphost - ok
13:06:07.0201 6028 [ C9E9D59C0099A9FF51697E9306A44240 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
13:06:07.0201 6028 USBAAPL64 - ok
13:06:07.0248 6028 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
13:06:07.0264 6028 usbccgp - ok
13:06:07.0310 6028 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
13:06:07.0310 6028 usbcir - ok
13:06:07.0373 6028 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
13:06:07.0373 6028 usbehci - ok
13:06:07.0404 6028 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
13:06:07.0435 6028 usbhub - ok
13:06:07.0451 6028 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
13:06:07.0451 6028 usbohci - ok
13:06:07.0482 6028 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
13:06:07.0498 6028 usbprint - ok
13:06:07.0544 6028 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
13:06:07.0544 6028 usbscan - ok
13:06:07.0560 6028 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:06:07.0576 6028 USBSTOR - ok
13:06:07.0607 6028 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
13:06:07.0607 6028 usbuhci - ok
13:06:07.0654 6028 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
13:06:07.0654 6028 usbvideo - ok
13:06:07.0685 6028 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
13:06:07.0700 6028 UxSms - ok
13:06:07.0747 6028 [ DCB1F83AD167D16D263CE57C94E9EEDF ] VAIO Event Service C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
13:06:07.0747 6028 VAIO Event Service - ok
13:06:07.0778 6028 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
13:06:07.0778 6028 VaultSvc - ok
13:06:07.0966 6028 [ D00058C1FFF3F3DE990444A5734E9639 ] VCFw C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
13:06:08.0028 6028 VCFw - ok
13:06:08.0106 6028 [ BFFDE5AF83DBEF61F8AFE1781482521D ] VcmIAlzMgr C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
13:06:08.0137 6028 VcmIAlzMgr - ok
13:06:08.0184 6028 [ 2F06D134554BA84FE253DBC481DCFE6D ] VcmINSMgr C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
13:06:08.0184 6028 VcmINSMgr - ok
13:06:08.0246 6028 [ 32A3735F6874B7783C6209ED5CA36D9D ] VcmXmlIfHelper C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
13:06:08.0262 6028 VcmXmlIfHelper - ok
13:06:08.0309 6028 [ D347D3ABE070AA09C22FC37121555D52 ] VCService C:\Program Files\Sony\VAIO Care\VCService.exe
13:06:08.0309 6028 VCService - ok
13:06:08.0387 6028 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
13:06:08.0387 6028 vdrvroot - ok
13:06:08.0512 6028 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
13:06:08.0558 6028 vds - ok
13:06:08.0621 6028 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
13:06:08.0621 6028 vga - ok
13:06:08.0636 6028 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
13:06:08.0636 6028 VgaSave - ok
13:06:08.0668 6028 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
13:06:08.0683 6028 vhdmp - ok
13:06:08.0714 6028 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
13:06:08.0714 6028 viaide - ok
13:06:08.0746 6028 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
13:06:08.0746 6028 volmgr - ok
13:06:08.0792 6028 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
13:06:08.0808 6028 volmgrx - ok
13:06:08.0886 6028 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
13:06:08.0902 6028 volsnap - ok
13:06:08.0933 6028 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
13:06:08.0964 6028 vsmraid - ok
13:06:09.0151 6028 [ 03F6F618367CB16A2176B8DB4215D1F9 ] VSNService C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
13:06:09.0182 6028 VSNService - ok
13:06:09.0401 6028 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
13:06:09.0463 6028 VSS - ok
13:06:09.0572 6028 [ D2D646D4D686C6996BA1FF96E11BE570 ] VUAgent C:\Program Files\Sony\VAIO Update\VUAgent.exe
13:06:09.0635 6028 VUAgent - ok
13:06:09.0650 6028 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
13:06:09.0666 6028 vwifibus - ok
13:06:09.0697 6028 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
13:06:09.0697 6028 vwififlt - ok
13:06:09.0744 6028 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
13:06:09.0744 6028 vwifimp - ok
13:06:09.0775 6028 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
13:06:09.0806 6028 W32Time - ok
13:06:09.0838 6028 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
13:06:09.0838 6028 WacomPen - ok
13:06:09.0916 6028 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
13:06:09.0916 6028 WANARP - ok
13:06:09.0916 6028 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
13:06:09.0931 6028 Wanarpv6 - ok
13:06:10.0040 6028 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
13:06:10.0087 6028 WatAdminSvc - ok
13:06:10.0243 6028 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
13:06:10.0337 6028 wbengine - ok
13:06:10.0384 6028 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
13:06:10.0399 6028 WbioSrvc - ok
13:06:10.0430 6028 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
13:06:10.0462 6028 wcncsvc - ok
13:06:10.0477 6028 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:06:10.0493 6028 WcsPlugInService - ok
13:06:10.0524 6028 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
13:06:10.0524 6028 Wd - ok
13:06:10.0649 6028 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
13:06:10.0680 6028 Wdf01000 - ok
13:06:10.0727 6028 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
13:06:10.0742 6028 WdiServiceHost - ok
13:06:10.0742 6028 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
13:06:10.0758 6028 WdiSystemHost - ok
13:06:10.0805 6028 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
13:06:10.0836 6028 WebClient - ok
13:06:10.0852 6028 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
13:06:10.0883 6028 Wecsvc - ok
13:06:10.0898 6028 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
13:06:10.0914 6028 wercplsupport - ok
13:06:10.0930 6028 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
13:06:10.0945 6028 WerSvc - ok
13:06:10.0992 6028 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
13:06:10.0992 6028 WfpLwf - ok
13:06:11.0023 6028 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
13:06:11.0023 6028 WIMMount - ok
13:06:11.0039 6028 WinDefend - ok
13:06:11.0086 6028 WinHttpAutoProxySvc - ok
13:06:11.0148 6028 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
13:06:11.0148 6028 Winmgmt - ok
13:06:11.0398 6028 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
13:06:11.0476 6028 WinRM - ok
13:06:11.0569 6028 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
13:06:11.0585 6028 WinUsb - ok
13:06:11.0616 6028 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
13:06:11.0678 6028 Wlansvc - ok
13:06:11.0725 6028 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
13:06:11.0725 6028 wlcrasvc - ok
13:06:11.0881 6028 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:06:11.0959 6028 wlidsvc - ok
13:06:11.0990 6028 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
13:06:11.0990 6028 WmiAcpi - ok
13:06:12.0022 6028 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
13:06:12.0022 6028 wmiApSrv - ok
13:06:12.0068 6028 WMPNetworkSvc - ok
13:06:12.0115 6028 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
13:06:12.0115 6028 WPCSvc - ok
13:06:12.0131 6028 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
13:06:12.0146 6028 WPDBusEnum - ok
13:06:12.0193 6028 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
13:06:12.0209 6028 ws2ifsl - ok
13:06:12.0224 6028 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
13:06:12.0240 6028 wscsvc - ok
13:06:12.0256 6028 WSearch - ok
13:06:12.0708 6028 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
13:06:12.0802 6028 wuauserv - ok
13:06:12.0833 6028 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
13:06:12.0848 6028 WudfPf - ok
13:06:12.0880 6028 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
13:06:12.0880 6028 WUDFRd - ok
13:06:12.0911 6028 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
13:06:12.0926 6028 wudfsvc - ok
13:06:12.0958 6028 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\Windows\System32\wwansvc.dll
13:06:12.0973 6028 WwanSvc - ok
13:06:13.0020 6028 ================ Scan global ===============================
13:06:13.0036 6028 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
13:06:13.0067 6028 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
13:06:13.0082 6028 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
13:06:13.0129 6028 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
13:06:13.0176 6028 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
13:06:13.0192 6028 [Global] - ok
13:06:13.0192 6028 ================ Scan MBR ==================================
13:06:13.0207 6028 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
13:06:14.0112 6028 \Device\Harddisk0\DR0 - ok
13:06:14.0112 6028 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
13:06:14.0174 6028 \Device\Harddisk1\DR1 - ok
13:06:14.0174 6028 ================ Scan VBR ==================================
13:06:14.0190 6028 [ F3F4D70CF5529C813A5A9EE2C1ADEC93 ] \Device\Harddisk0\DR0\Partition1
13:06:14.0206 6028 \Device\Harddisk0\DR0\Partition1 - ok
13:06:14.0221 6028 [ 5C85B7132166071BECBD72C42D3E7602 ] \Device\Harddisk0\DR0\Partition2
13:06:14.0221 6028 \Device\Harddisk0\DR0\Partition2 - ok
13:06:14.0221 6028 [ A32362A89086E87C466C1B6F81E4FB5D ] \Device\Harddisk1\DR1\Partition1
13:06:14.0221 6028 \Device\Harddisk1\DR1\Partition1 - ok
13:06:14.0221 6028 ============================================================
13:06:14.0221 6028 Scan finished
13:06:14.0221 6028 ============================================================
13:06:14.0284 5268 Detected object count: 0
13:06:14.0284 5268 Actual detected object count: 0


----------



## Grubbs (Nov 17, 2003)

The thread you linked to describe disabling anti-virus appears to have out-of-date info on disabling Avast!. However, I think I know how to disable the current version.


----------



## Grubbs (Nov 17, 2003)

OK, looks like ESET identified a couple of things. Here's the log file:

[email protected] as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
[email protected] as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=3516f2872645714092bb8e24c344c49a
# engine=15141
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-09-15 08:17:08
# local_time=2013-09-15 03:17:08 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 91 4757547 155064500 0 0
# compatibility_mode=5893 16776573 100 94 0 130819678 0 0
# scanned=163754
# found=2
# cleaned=0
# scan_time=6354
sh=6D83869D7EB65B6C7DFA54DB8FF6E8C158ADA9EE ft=1 fh=c71c00118b4bdd35 vn="Win32/FileScout.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Dee\AppData\Roaming\file scout\filescout.exe.vir"
sh=D3EBAE74CBB1A7BDF328367BD39F555E5C988CD0 ft=1 fh=acdba0aaab96e644 vn="a variant of Win32/InstallBrain.AB application" ac=I fn="C:\Program Files (x86)\Uninstall Information\Ib\97\3867\ib_uninstall.exe"


----------



## wannabeageek (Nov 12, 2009)

Hi grubbs,



> OK, looks like ESET identified a couple of things.


 These would not cause your pc to have a bad connection or run slow.

When did you uninstall "Microsoft .NET Framework 4 Client Profile" and its related updates?

Please run the following. Post the results individually. I would prefer you run it from an installation cd if possible.

*Step 1.*
*FRST in Recovery Environment*

Please download *FRST64.exe* ... by Farbar. Save it to a FLASH drive.


Plug the flashdrive into the infected PC.
Enter *System Recovery Options*. Use either A or B.
*To enter System Recovery Options from the Boot Menu ....*
Restart the computer.
As soon as the BIOS is loaded begin tapping the* F8* key until the boot menu appears.
Use the arrow keys to select *Repair your computer*.
Select the operating system you want to repair, and then click *Next*.
Select your user account and click *Next*.

*To enter System Recovery Options by using Windows installation disk ....*
Insert the installation disk.
Restart your computer.
If prompted, press any key to start Windows from the installation disc.
If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Choose your language settings, and then click *Next*.
Click *Repair your computer*.
Select the operating system you want to repair, and then click *Next*.
Select your user account and click *Next*.


*In the System Recovery Options Menu you will see the following options:*
*Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Scan your computer's memory for errors.
Command Prompt*

Select *Command Prompt*
In the command window type in *notepad* and press *Enter*.
*Notepad* will open.
Under File menu select *Open*.
Select "Computer" and find your flash drive letter.
Close Notepad.

In the command window type *E:\frst.exe* and press *Enter*. (*Note:* Replace letter E with the drive letter of your flash drive.)

The tool will start to run.
When the tool opens click *Yes* to disclaimer.
Press *Scan* button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

*Step 2.*


Download MBRfix.zip and save it to your desktop.
Open the zipped folder, copy MBRfix and paste to your flash drive that has FRST on it.
Open notepad.
Copy the words in the quote box below but do not copy the word quote.


> SaveMbr: Drive=0



Paste this to the open notepad. Save it as "FIXLIST.TXT to your flash drive.


Plug the flashdrive into the infected PC.
Enter *System Recovery Options*.
*To enter System Recovery Options from the Boot Menu ....*
Restart the computer.
As soon as the BIOS is loaded begin tapping the* F8* key until the boot menu appears.
Use the arrow keys to select *Repair your computer*.
Select the operating system you want to repair, and then click *Next*.
Select your user account and click *Next*.

*To enter System Recovery Options by using Windows installation disk ....*
Insert the installation disk.
Restart your computer.
If prompted, press any key to start Windows from the installation disc.
If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Choose your language settings, and then click *Next*.
Click *Repair your computer*.
Select the operating system you want to repair, and then click *Next*.
Select your user account and click *Next*.


*In the System Recovery Options Menu you will see the following options:*
*Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Scan your computer's memory for errors.
Command Prompt*

Select *Command Prompt*
In the command window type in *notepad* and press *Enter*.
*Notepad* will open.
Under File menu select *Open*.
Select "Computer" and find your flash drive letter.
Close Notepad.
In the command window type *E:\frst.exe* and press *Enter*. (*Note:* Replace letter E with the drive letter of your flash drive.)

The tool will start to run.
When the tool opens click *Yes* to disclaimer.
Press *FIX* button.
It will make 2 files; Fixlog.txt and MBRDUMP.txt on the flash drive.
Attach MBRDUMP.txt to your next reply.
Please copy and paste the contents of Fixlog.txt to your reply as well.


*Please include in your next reply:*


Answer to my question about Microsoft .NET Framework 4 Client Profile.
 Post Contents of FRST.txt
 Post Contents of Fixlog.txt
*ATTACH the Contents of MBRDUMP.txt *
*Any problem executing the instructions?*

Thanks, 
wbg


----------



## Grubbs (Nov 17, 2003)

I did not knowingly uninstall the Microsoft.NET Client Profile, and am not sure how to determine when the uninstall occurred. If you can provide some direction on how to determine this, I'll see what we can figure out. 

Also, I'm not home now to check, but I'm not sure that the laptop came with an installation disk. If it did, I should be able to find it, but I just don't remember this particular laptop coming with any disk. If I don't have one already, should I create one and if so, is it advisable or even possible to create it from a different PC?


----------



## wannabeageek (Nov 12, 2009)

Forget about the question concerning the .NET Framework 4 for now.

If you do not have an installation disk for Windows 7 Premium, you don't have one. Complete the instructions I gave in the previous post without it.


----------



## Grubbs (Nov 17, 2003)

For whatever it is worth, I poked around the events logs and found MSInstall activity in August 2013 related to Microsoft.NET Framework, but I was unable to determine if it was an uninstall of the Client profile or perhaps just some activity related to installation of Windows Updates or patches. Also, I do not have an install cd.

Problems related to instructions, probably not relevant but just in case:

Instructions say to execute "frst" from command prompt, even though frst64 is what was copied to flash drive. After trying to execute frst unsuccessfully and then realizing why, I executed frst64.

First attempt to use fix option, I did not get a "MBRDUMP.TXT" file. After investingating, I realized that I had apparently not successfully saved "FIXLIST.TXT". Made sure it was saved and re-ran frst64 with the fix. Log files below, "MBRDUMP.TXT" attached.

*******
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-09-2013
Ran by SYSTEM on MININT-DK8K0P6 on 19-09-2013 13:41:59
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
*ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.*

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint\Apoint.exe [226672 2011-02-16] (Alps Electric Co., Ltd.)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [2757312 2011-02-15] (Sony Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] - C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [648032 2010-11-26] (Sony Corporation)
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\avastUI.exe [4858968 2013-05-09] (AVAST Software)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [EEventManager] - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXRCV] - C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [495616 2011-03-08] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] - C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [856064 2011-03-08] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [ContentTransferWMDetector.exe] - C:\Program Files (x86)\Sony\Walkman Content Transfer\ContentTransferWMDetector.exe [423200 2008-07-11] (Sony Corporation)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [KeePass 2 PreLoad] - C:\Program Files (x86)\KeePass Password Safe\KeePass.exe [1960448 2013-04-05] (Dominik Reichl)
HKU\Dee\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-04-05] (Apple Inc.)
HKU\Dee\...\Policies\system: [LogonHoursAction] 2
HKU\Dee\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\Users\Dee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Launch Utility Application.lnk
ShortcutTarget: Launch Utility Application.lnk -> (No File)
Startup: C:\Users\Dee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Services (Whitelisted) =================

S2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-05-09] (AVAST Software)
S3 DCDhcpService; C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [104096 2011-07-19] (Atheros Communication Inc.)
S2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-06-18] (Nitro PDF Software)
S2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [259192 2011-01-29] (Sony Corporation)
S2 StatusAgent4; C:\Windows\SysWOW64\SAgent4.exe [131072 2006-12-19] (SEIKO EPSON CORPORATION)
S2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [105024 2011-02-23] (ArcSoft, Inc.)
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [887000 2011-01-20] (Sony Corporation)
S3 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [1286784 2012-10-26] (Sony Corporation)

==================== Drivers (Whitelisted) ====================

S3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
S2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-05-09] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-05-09] (AVAST Software)
S1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-05-09] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-05-09] ()
S1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-06-29] (AVAST Software)
S1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-06-29] (AVAST Software)
S1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-05-09] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [189936 2013-06-29] ()
S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [53816 2009-03-02] (Samsung Electronics Co., Ltd.)
S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [53816 2009-03-02] (Samsung Electronics Co., Ltd.)
S3 pfc; C:\Windows\SysWow64\drivers\pfc.sys [14572 2002-02-11] (Padus, Inc.)
S2 DVDAccss; system32\drivers\DVDAccss.sys [x]
S3 pfc; system32\drivers\pfc.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-09-19 13:41 - 2013-09-19 13:41 - 00000000 ____D C:\FRST
2013-09-16 16:51 - 2013-08-09 21:22 - 02241024 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-09-16 16:51 - 2013-08-09 21:22 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-09-16 16:51 - 2013-08-09 21:22 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-09-16 16:51 - 2013-08-09 21:21 - 19246592 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-09-16 16:51 - 2013-08-09 21:21 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-09-16 16:51 - 2013-08-09 21:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-09-16 16:51 - 2013-08-09 21:20 - 15404544 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-09-16 16:51 - 2013-08-09 21:20 - 03959296 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-09-16 16:51 - 2013-08-09 21:20 - 02647040 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-09-16 16:51 - 2013-08-09 21:20 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-09-16 16:51 - 2013-08-09 21:20 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-09-16 16:51 - 2013-08-09 21:20 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-09-16 16:51 - 2013-08-09 21:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-09-16 16:51 - 2013-08-09 21:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-09-16 16:51 - 2013-08-09 19:59 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-16 16:51 - 2013-08-09 19:59 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-16 16:51 - 2013-08-09 19:58 - 14332928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-16 16:51 - 2013-08-09 19:58 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-16 16:51 - 2013-08-09 19:58 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-16 16:51 - 2013-08-09 19:58 - 02048000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-16 16:51 - 2013-08-09 19:58 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-16 16:51 - 2013-08-09 19:58 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-16 16:51 - 2013-08-09 19:58 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-09-16 16:51 - 2013-08-09 19:58 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-09-16 16:51 - 2013-08-09 19:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-09-16 16:51 - 2013-08-09 19:58 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-16 16:51 - 2013-08-09 19:58 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-09-16 16:51 - 2013-08-09 19:17 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-09-16 16:51 - 2013-08-09 19:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-16 16:51 - 2013-08-09 18:27 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-09-16 16:51 - 2013-08-09 18:17 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-09-15 12:31 - 2013-09-15 12:31 - 00000234 _____ C:\Users\Dee\Desktop\threats.txt
2013-09-15 11:46 - 2013-09-15 11:46 - 09430408 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-09-15 10:36 - 2013-08-07 17:20 - 03155456 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-09-15 10:36 - 2013-08-04 18:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ataport.sys
2013-09-15 10:36 - 2013-08-01 18:23 - 05550528 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-09-15 10:36 - 2013-08-01 18:15 - 01732032 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2013-09-15 10:36 - 2013-08-01 18:15 - 00362496 _____ (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2013-09-15 10:36 - 2013-08-01 18:15 - 00243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll
2013-09-15 10:36 - 2013-08-01 18:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2013-09-15 10:36 - 2013-08-01 18:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2013-09-15 10:36 - 2013-08-01 18:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2013-09-15 10:36 - 2013-08-01 18:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2013-09-15 10:36 - 2013-08-01 18:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2013-09-15 10:36 - 2013-08-01 18:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2013-09-15 10:36 - 2013-08-01 18:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\System32\apisetschema.dll
2013-09-15 10:36 - 2013-08-01 18:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2013-09-15 10:36 - 2013-08-01 18:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2013-09-15 10:36 - 2013-08-01 18:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-15 10:36 - 2013-08-01 18:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-15 10:36 - 2013-08-01 18:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-15 10:36 - 2013-08-01 18:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2013-09-15 10:36 - 2013-08-01 18:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-15 10:36 - 2013-08-01 18:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2013-09-15 10:36 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-15 10:36 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-15 10:36 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-15 10:36 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2013-09-15 10:36 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2013-09-15 10:36 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-15 10:36 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2013-09-15 10:36 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2013-09-15 10:36 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2013-09-15 10:36 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2013-09-15 10:36 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2013-09-15 10:36 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2013-09-15 10:36 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-15 10:36 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2013-09-15 10:36 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2013-09-15 10:36 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-15 10:36 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2013-09-15 10:36 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2013-09-15 10:36 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2013-09-15 10:36 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2013-09-15 10:36 - 2013-08-01 17:59 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-09-15 10:36 - 2013-08-01 17:59 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-09-15 10:36 - 2013-08-01 17:51 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-09-15 10:36 - 2013-08-01 17:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-09-15 10:36 - 2013-08-01 17:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-09-15 10:36 - 2013-08-01 17:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-09-15 10:36 - 2013-08-01 17:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-09-15 10:36 - 2013-08-01 17:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-09-15 10:36 - 2013-08-01 17:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-09-15 10:36 - 2013-08-01 17:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-09-15 10:36 - 2013-08-01 17:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-09-15 10:36 - 2013-08-01 17:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-09-15 10:36 - 2013-08-01 17:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-09-15 10:36 - 2013-08-01 17:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-09-15 10:36 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-09-15 10:36 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-09-15 10:36 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-09-15 10:36 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-09-15 10:36 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-09-15 10:36 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-09-15 10:36 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-09-15 10:36 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-09-15 10:36 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-09-15 10:36 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-09-15 10:36 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-09-15 10:36 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-09-15 10:36 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-09-15 10:36 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-09-15 10:36 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-09-15 10:36 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-09-15 10:36 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-09-15 10:36 - 2013-08-01 17:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\System32\conhost.exe
2013-09-15 10:36 - 2013-08-01 16:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\System32\smss.exe
2013-09-15 10:36 - 2013-08-01 16:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-09-15 10:36 - 2013-08-01 16:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-09-15 10:36 - 2013-08-01 16:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-09-15 10:36 - 2013-08-01 16:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-09-15 10:36 - 2013-08-01 16:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-09-15 10:36 - 2013-08-01 16:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-09-15 10:36 - 2013-08-01 16:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-09-15 10:36 - 2013-08-01 16:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-09-15 10:36 - 2013-07-25 18:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-09-15 10:36 - 2013-07-25 18:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-09-15 10:36 - 2013-07-25 17:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-09-15 10:36 - 2013-07-25 17:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-09-15 10:26 - 2013-09-15 10:27 - 02347384 _____ (ESET) C:\Users\Dee\Downloads\esetsmartinstaller_enu.exe
2013-09-15 08:07 - 2013-09-15 07:11 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Dee\Desktop\tdsskiller.exe
2013-09-12 16:20 - 2013-09-12 16:20 - 00055679 _____ C:\Users\Dee\Desktop\startuplist.txt
2013-09-08 16:37 - 2013-09-09 17:23 - 00009254 _____ C:\Users\Dee\Desktop\SystemLook.txt
2013-09-08 16:26 - 2013-09-08 16:26 - 00000000 ____D C:\_OTL
2013-09-06 16:22 - 2013-09-06 16:22 - 00004538 _____ C:\Users\Dee\Desktop\ipconfigexport.txt
2013-09-04 15:18 - 2013-09-04 15:20 - 00001022 _____ C:\Users\Dee\Desktop\FSS.txt
2013-09-04 15:17 - 2013-09-04 15:15 - 00358609 _____ (Farbar) C:\Users\Dee\Desktop\FSS.exe
2013-09-03 19:03 - 2006-12-19 10:14 - 00131072 _____ (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\SAgent4.exe
2013-08-30 17:52 - 2013-08-30 17:46 - 00165376 _____ C:\Users\Dee\Desktop\SystemLook_x64.exe
2013-08-28 16:54 - 2013-08-28 16:54 - 00000000 ____D C:\rsit
2013-08-28 16:54 - 2013-08-28 16:54 - 00000000 ____D C:\Program Files\trend micro
2013-08-28 16:54 - 2013-08-28 16:51 - 00935175 _____ C:\Users\Dee\Desktop\RSITx64.exe
2013-08-27 15:42 - 2013-08-27 15:42 - 00087656 _____ C:\Users\Dee\Desktop\Extras.Txt
2013-08-27 15:40 - 2013-09-05 18:01 - 00002716 _____ C:\Users\Dee\Desktop\OTL.Txt
2013-08-27 15:23 - 2013-08-27 15:26 - 00000000 ____D C:\AdwCleaner
2013-08-27 15:22 - 2013-08-27 15:16 - 00602112 _____ (OldTimer Tools) C:\Users\Dee\Desktop\OTL.exe
2013-08-27 15:22 - 2013-08-27 15:15 - 00994642 _____ C:\Users\Dee\Desktop\AdwCleaner.exe
2013-08-26 18:42 - 2013-08-26 18:42 - 00000163 _____ C:\Users\Dee\Desktop\ckfiles.txt
2013-08-26 18:37 - 2013-08-26 18:37 - 00000000 ____D C:\ProgramData\Office Genuine Advantage
2013-08-26 18:37 - 2013-08-26 18:37 - 00000000 ____D C:\MGADiagToolOutput
2013-08-26 18:34 - 2013-08-26 18:19 - 02031992 _____ (Microsoft Corporation) C:\Users\Dee\Desktop\MGADiag.exe
2013-08-26 05:17 - 2013-08-26 05:17 - 00000404 _____ C:\Users\Dee\Desktop\ark.txt
2013-08-26 04:58 - 2013-08-26 04:58 - 00025179 _____ C:\Users\Dee\Desktop\dds.txt
2013-08-26 04:58 - 2013-08-26 04:58 - 00024828 _____ C:\Users\Dee\Desktop\attach.txt
2013-08-26 04:56 - 2013-08-26 04:56 - 00015272 _____ C:\Users\Dee\Desktop\hijackthis.log
2013-08-25 12:35 - 2013-08-25 12:35 - 04662864 _____ (ChurchTrac Software) C:\Users\Dee\Downloads\churchtrac9_130725.exe
2013-08-25 12:16 - 2013-08-25 12:16 - 00509440 _____ (Tech Support Guy System) C:\Users\Dee\Downloads\SysInfo.exe
2013-08-25 12:00 - 2013-08-25 12:00 - 00377856 _____ C:\Users\Dee\Downloads\do0sjypu.exe
2013-08-25 11:57 - 2013-08-25 11:57 - 00688992 ____R (Swearware) C:\Users\Dee\Desktop\dds.scr
2013-08-25 11:55 - 2013-08-25 11:55 - 00388608 _____ (Trend Micro Inc.) C:\Users\Dee\Downloads\HijackThis(1).exe
2013-08-25 11:55 - 2013-08-25 11:55 - 00388608 _____ (Trend Micro Inc.) C:\Users\Dee\Desktop\HijackThis(1).exe
2013-08-24 17:55 - 2013-08-24 17:55 - 00007605 _____ C:\Users\Dee\AppData\Local\Resmon.ResmonCfg

==================== One Month Modified Files and Folders =======

2013-09-19 13:41 - 2013-09-19 13:41 - 00000000 ____D C:\FRST
2013-09-19 10:33 - 2013-05-19 17:17 - 00000000 ____D C:\Users\Public\Documents\Verizon_Android
2013-09-19 10:33 - 2013-03-25 18:13 - 00000888 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-19 10:33 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-19 10:33 - 2009-07-13 20:51 - 00068560 _____ C:\Windows\setupact.log
2013-09-19 10:31 - 2011-07-21 17:18 - 01293539 _____ C:\Windows\WindowsUpdate.log
2013-09-19 10:30 - 2013-03-25 18:13 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-19 10:30 - 2012-04-04 14:14 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-16 17:55 - 2009-07-13 20:45 - 00028576 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-16 17:55 - 2009-07-13 20:45 - 00028576 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-16 17:28 - 2011-10-15 14:58 - 00000000 ____D C:\Users\Public\Documents\First Presbyterian
2013-09-16 17:09 - 2010-11-20 19:47 - 00556398 _____ C:\Windows\PFRO.log
2013-09-16 17:09 - 2009-07-13 20:45 - 00380832 _____ C:\Windows\System32\FNTCACHE.DAT
2013-09-16 16:48 - 2013-07-19 13:36 - 00000000 ____D C:\Windows\System32\MRT
2013-09-16 16:48 - 2011-10-05 18:37 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-16 16:48 - 2011-10-05 16:45 - 79143768 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-09-15 12:31 - 2013-09-15 12:31 - 00000234 _____ C:\Users\Dee\Desktop\threats.txt
2013-09-15 11:46 - 2013-09-15 11:46 - 09430408 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-09-15 11:46 - 2012-04-04 14:14 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-09-15 11:46 - 2012-04-04 14:14 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-09-15 11:46 - 2011-10-23 14:06 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-15 10:27 - 2013-09-15 10:26 - 02347384 _____ (ESET) C:\Users\Dee\Downloads\esetsmartinstaller_enu.exe
2013-09-15 07:46 - 2013-07-07 13:54 - 00000000 ____D C:\Users\Dee\AppData\Roaming\KeePass
2013-09-15 07:11 - 2013-09-15 08:07 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Dee\Desktop\tdsskiller.exe
2013-09-12 16:34 - 2011-11-30 19:30 - 00044438 _____ C:\test.xml
2013-09-12 16:20 - 2013-09-12 16:20 - 00055679 _____ C:\Users\Dee\Desktop\startuplist.txt
2013-09-09 17:54 - 2011-10-06 16:24 - 00000000 ____D C:\Users\Dee\Documents\Outlook Files
2013-09-09 17:48 - 2011-10-04 15:44 - 00003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{F437F2AD-E70A-499B-87A0-1718ED22A414}
2013-09-09 17:23 - 2013-09-08 16:37 - 00009254 _____ C:\Users\Dee\Desktop\SystemLook.txt
2013-09-08 16:26 - 2013-09-08 16:26 - 00000000 ____D C:\_OTL
2013-09-08 09:56 - 2012-07-07 10:26 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-09-06 16:22 - 2013-09-06 16:22 - 00004538 _____ C:\Users\Dee\Desktop\ipconfigexport.txt
2013-09-05 18:01 - 2013-08-27 15:40 - 00002716 _____ C:\Users\Dee\Desktop\OTL.Txt
2013-09-04 15:20 - 2013-09-04 15:18 - 00001022 _____ C:\Users\Dee\Desktop\FSS.txt
2013-09-04 15:20 - 2009-07-13 21:13 - 00782470 _____ C:\Windows\System32\PerfStringBackup.INI
2013-09-04 15:15 - 2013-09-04 15:17 - 00358609 _____ (Farbar) C:\Users\Dee\Desktop\FSS.exe
2013-09-03 17:16 - 2011-10-23 07:07 - 00062464 _____ C:\Users\Public\Documents\pw.xls
2013-08-30 18:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2013-08-30 17:54 - 2011-05-03 22:54 - 00000000 ____D C:\ProgramData\Adobe
2013-08-30 17:46 - 2013-08-30 17:52 - 00165376 _____ C:\Users\Dee\Desktop\SystemLook_x64.exe
2013-08-28 16:54 - 2013-08-28 16:54 - 00000000 ____D C:\rsit
2013-08-28 16:54 - 2013-08-28 16:54 - 00000000 ____D C:\Program Files\trend micro
2013-08-28 16:51 - 2013-08-28 16:54 - 00935175 _____ C:\Users\Dee\Desktop\RSITx64.exe
2013-08-27 15:42 - 2013-08-27 15:42 - 00087656 _____ C:\Users\Dee\Desktop\Extras.Txt
2013-08-27 15:26 - 2013-08-27 15:23 - 00000000 ____D C:\AdwCleaner
2013-08-27 15:16 - 2013-08-27 15:22 - 00602112 _____ (OldTimer Tools) C:\Users\Dee\Desktop\OTL.exe
2013-08-27 15:15 - 2013-08-27 15:22 - 00994642 _____ C:\Users\Dee\Desktop\AdwCleaner.exe
2013-08-27 10:13 - 2011-10-06 15:40 - 00000040 _____ C:\Windows\System32\sstate_prev.sdt
2013-08-27 10:11 - 2011-10-06 15:40 - 00000102 _____ C:\Windows\System32\sstates.sdt
2013-08-26 18:42 - 2013-08-26 18:42 - 00000163 _____ C:\Users\Dee\Desktop\ckfiles.txt
2013-08-26 18:37 - 2013-08-26 18:37 - 00000000 ____D C:\ProgramData\Office Genuine Advantage
2013-08-26 18:37 - 2013-08-26 18:37 - 00000000 ____D C:\MGADiagToolOutput
2013-08-26 18:19 - 2013-08-26 18:34 - 02031992 _____ (Microsoft Corporation) C:\Users\Dee\Desktop\MGADiag.exe
2013-08-26 05:17 - 2013-08-26 05:17 - 00000404 _____ C:\Users\Dee\Desktop\ark.txt
2013-08-26 04:58 - 2013-08-26 04:58 - 00025179 _____ C:\Users\Dee\Desktop\dds.txt
2013-08-26 04:58 - 2013-08-26 04:58 - 00024828 _____ C:\Users\Dee\Desktop\attach.txt
2013-08-26 04:56 - 2013-08-26 04:56 - 00015272 _____ C:\Users\Dee\Desktop\hijackthis.log
2013-08-26 04:55 - 2013-06-21 20:10 - 00000000 ____D C:\Users\Dee\Desktop\Malware Detection and Removal
2013-08-26 04:47 - 2011-12-04 15:36 - 00000000 ____D C:\Users\Dee\AppData\Roaming\Skype
2013-08-26 04:47 - 2011-12-04 15:36 - 00000000 ____D C:\ProgramData\Skype
2013-08-25 19:53 - 2011-10-04 15:39 - 00097568 _____ C:\Users\Dee\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-25 19:52 - 2011-10-07 21:13 - 00000000 ____D C:\Users\Public\Documents\ChurchTrac
2013-08-25 12:39 - 2013-04-22 05:29 - 00023040 _____ C:\Users\Dee\Documents\Karen Names.xls
2013-08-25 12:35 - 2013-08-25 12:35 - 04662864 _____ (ChurchTrac Software) C:\Users\Dee\Downloads\churchtrac9_130725.exe
2013-08-25 12:16 - 2013-08-25 12:16 - 00509440 _____ (Tech Support Guy System) C:\Users\Dee\Downloads\SysInfo.exe
2013-08-25 12:00 - 2013-08-25 12:00 - 00377856 _____ C:\Users\Dee\Downloads\do0sjypu.exe
2013-08-25 11:57 - 2013-08-25 11:57 - 00688992 ____R (Swearware) C:\Users\Dee\Desktop\dds.scr
2013-08-25 11:55 - 2013-08-25 11:55 - 00388608 _____ (Trend Micro Inc.) C:\Users\Dee\Downloads\HijackThis(1).exe
2013-08-25 11:55 - 2013-08-25 11:55 - 00388608 _____ (Trend Micro Inc.) C:\Users\Dee\Desktop\HijackThis(1).exe
2013-08-25 11:51 - 2011-10-04 15:39 - 00000000 ____D C:\users\Dee
2013-08-25 11:37 - 2013-03-26 06:22 - 00000000 ____D C:\Users\Dee\AppData\Local\Google
2013-08-25 11:37 - 2013-03-25 18:13 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-24 17:55 - 2013-08-24 17:55 - 00007605 _____ C:\Users\Dee\AppData\Local\Resmon.ResmonCfg
2013-08-23 10:42 - 2013-07-28 11:34 - 00000000 ____D C:\Users\Dee\AppData\Roaming\Nitro PDF
2013-08-23 10:42 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\FxsTmp
2013-08-21 05:35 - 2013-03-25 18:22 - 00002143 _____ C:\Users\Public\Desktop\Google Chrome.lnk

Files to move or delete:
====================
C:\Users\Dee\jagex_runescape_preferences.dat
C:\Users\Dee\jagex_runescape_preferences2.dat

==================== Known DLLs (Whitelisted) ================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

13
Restore point made on: 2013-07-25 06:55:21
Restore point made on: 2013-07-27 19:16:44
Restore point made on: 2013-07-31 07:29:07
Restore point made on: 2013-08-06 16:29:41
Restore point made on: 2013-08-11 18:06:04
Restore point made on: 2013-08-17 05:48:12
Restore point made on: 2013-08-18 08:46:54
Restore point made on: 2013-08-23 06:38:59
Restore point made on: 2013-08-25 11:36:15
Restore point made on: 2013-09-08 16:26:49
Restore point made on: 2013-09-09 17:14:26
Restore point made on: 2013-09-15 10:18:41
Restore point made on: 2013-09-16 16:40:36

==================== Memory info ===========================

Percentage of memory in use: 15%
Total physical RAM: 4043.86 MB
Available physical RAM: 3416.09 MB
Total Pagefile: 4042.01 MB
Available Pagefile: 3407.78 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:455.34 GB) (Free:387.08 GB) NTFS
Drive e: (Recovery) (Fixed) (Total:10.32 GB) (Free:1.1 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: () (Removable) (Total:3.73 GB) (Free:3.66 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: A338678A)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=455 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 4 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=4 GB) - (Type=0B)

LastRegBack: 2013-07-07 20:50

==================== End Of Log ============================

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-09-2013
Ran by SYSTEM at 2013-09-19 14:15:30 Run:2
Running from G:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
SaveMbr: Drive=0 
*****************

MBRDUMP.txt is made successfully.

==== End of Fixlog ====


----------



## wannabeageek (Nov 12, 2009)

I will need another day to go through all the logs. I will post back tomorrow with more instructions.


----------



## wannabeageek (Nov 12, 2009)

Hi grubbs,

I would like you to run Defogger to disable any potential CD emulators. Emulators may cause interference with rootkit tools. Then I would like you to run GMER and Kaspersky again.

*Step 1.*
*Defogger*
*Disable Drivers*
Please download *DeFogger*... by jpshortstuff. Save it to your *desktop*.


Double click *DeFogger.exe* to run the tool. The application window will appear.
 Click the *Disable* button to disable your CD Emulation drivers.
 Click *Yes* to continue. A *'Finished!'* message will appear. Click *OK*.
 Click *OK* when DeFogger asks to reboot the machine.

*Do not* re-enable these drivers until otherwise instructed.
*IMPORTANT!* If you receive an error message while running DeFogger, please post the log *defogger_disable* which will appear on your desktop.

*Step 2.*
*GMER*
The downloaded file will have a _random_ name... this prevents malware from detecting and blocking it. 
Please download *GMER... random file name.exe* by GMER. An alternate (zip file) download *site*.
*Note:* Do not run any programs while Gmer is running.
_**Caution** Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries_


Right click _random named_.exe and choose "Run As Administrator". If asked, allow the *gmer.sys* driver load.
 If it gives you a warning about rootkit activity and asks if you want to run scan...click on *NO*  <--- Important!
 On the right side panel, several boxes have been checked. Please *UNCHECK the following:* _(see image below)_
 IAT/EAT
 Drives/Partition other than Systemdrive (typically C:\)
 Show All <-- don't miss this one


_Click on image to enlarge_
If you don't get a warning then... Click the *Rootkit/Malware* tab at the top of the GMER window.
Click the *Scan* button.
Once the scan has finished... click *Save*. The Save... window will open.
Save the scan results as *gmerroot.log*, save it to your Desktop.
Double click on the desktop "gmerroot.log" file, to open in Notepad.
Copy and paste the contents of the file *gmerroot.log* in your next reply.

*Step 3.*
*TDSSKiller*

Please download *TDSSKiller.exe* and save it to your *Desktop*.


Double click on *TDSSKiller.exe* to launch it.
Click on *Start Scan*, the scan will run.
When the scan has finished, if it finds anything please click on the drop down arrow next to *Cure* and select *Skip*
Now click on *Report* to open the log file created by TDSSKiller in your root directory *C:\*
To find the log go to *Start* > *Computer* > *C:*
A log file should be created on your C: drive named something like *TDSSKiller.2.4.0.0 24.07.2010*.
*Post the contents of that log in your next reply please.*
*DO NOT TRY TO FIX ANYTHING AT THIS POINT*

*Please include in your next reply:*


Contents of gmerroot.log
Contents of TDSSKiller.2.4.0.0 24.07.2010
*Any problem executing the instructions?*

Thanks, 
wbg


----------



## Grubbs (Nov 17, 2003)

OK, had some problems.

I ran Defogger, acknowledged the "Finished!" message, but it never asked to re-boot. After waiting about 30 minutes, I restarted and ran the GMER scan as instructed. Seemed to be scanning fine, so I left the computer to watch some TV. When I returned, I had this Blue Screen of Death:


```
A problem has been detected and window has been shut down to prevent damage to your computer.

DRIVER_POWER_STATE_FAILURE

If this is the first time you've seen this stop error screen, restart your computer.  If this screen appears again, follow these steps:

Check to make sure any new hardware of software is properly installed.  If this is a new installation, ask your hardware of software manufacturer for any windows updates you might need.  

If problems continue....

Technical information:

*** STOP:  0x000000oF (0x0000000000000004, 0x0000000000000258, 0x0000000000000000, 0xFFFFF80000B9C4D0)

Collecting data for crash dump...
Initializing disk for crash dump...
Beginning dump of physical memor.
Dumping physical memory to disk:  100
```
Been sitting like that for a while, so I'll try restarting it. Seems to have restarted fine. I do note that there is a "defogger_disable" log on the desktop, posted below. I could probably make another attempt at the GMER scan, but I'll await your instructions before doing so.

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 20:03 on 23/09/2013 (Dee)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...

-=E.O.F=-


----------



## wannabeageek (Nov 12, 2009)

*** STOP: 0x000000oF Is not a valid stop code.
Run GMER again and see if it repeats the BSOD.


----------



## Grubbs (Nov 17, 2003)

Typo on the stop code, should have been all 0's except for the final F.

Will try GMER again tonight when I get home. Is there any significance to Defogger never asking to re-boot? Is there some check I should do before running GMER to make sure that all CD emulators have been disabled?


----------



## Grubbs (Nov 17, 2003)

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-09-24 19:32:22
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950032 rev.0006 465.76GB
Running: zkbvb6wb.exe; Driver: C:\Users\Dee\AppData\Local\Temp\pwldapow.sys

---- User code sections - GMER 2.1 ----

.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c31360 5 bytes JMP 0000000077d90460
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c313b0 5 bytes JMP 0000000077d90450
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c31510 5 bytes JMP 0000000077d90370
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c31560 5 bytes JMP 0000000077d90470
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c31570 5 bytes JMP 0000000077d903e0
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c31620 5 bytes JMP 0000000077d90320
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c31650 5 bytes JMP 0000000077d903b0
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c31670 5 bytes JMP 0000000077d90390
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c316b0 5 bytes JMP 0000000077d902e0
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c31730 5 bytes JMP 0000000077d902d0
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c31750 5 bytes JMP 0000000077d90310
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c31790 5 bytes JMP 0000000077d903c0
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c317e0 5 bytes JMP 0000000077d903f0
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c31940 5 bytes JMP 0000000077d90230
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c31b00 5 bytes JMP 0000000077d90480
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c31b30 5 bytes JMP 0000000077d903a0
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c31c10 5 bytes JMP 0000000077d902f0
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c31c20 5 bytes JMP 0000000077d90350
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c31c80 5 bytes JMP 0000000077d90290
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c31d10 5 bytes JMP 0000000077d902b0
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c31d30 5 bytes JMP 0000000077d903d0
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c31d40 5 bytes JMP 0000000077d90330
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c31db0 5 bytes JMP 0000000077d90410
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c31de0 5 bytes JMP 0000000077d90240
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c320a0 5 bytes JMP 0000000077d901e0
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c32160 5 bytes JMP 0000000077d90250
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c32190 5 bytes JMP 0000000077d90490
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c321a0 5 bytes JMP 0000000077d904a0
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c321d0 5 bytes JMP 0000000077d90300
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c321e0 5 bytes JMP 0000000077d90360
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c32240 5 bytes JMP 0000000077d902a0
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c32290 5 bytes JMP 0000000077d902c0
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c322c0 5 bytes JMP 0000000077d90380
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c322d0 5 bytes JMP 0000000077d90340
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c325c0 5 bytes JMP 0000000077d90440
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c327c0 5 bytes JMP 0000000077d90260
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c327d0 5 bytes JMP 0000000077d90270
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c327e0 5 bytes JMP 0000000077d90400
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c329a0 5 bytes JMP 0000000077d901f0
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c329b0 5 bytes JMP 0000000077d90210
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c32a20 5 bytes JMP 0000000077d90200
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c32a80 5 bytes JMP 0000000077d90420
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c32a90 5 bytes JMP 0000000077d90430
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c32aa0 5 bytes JMP 0000000077d90220
.text C:\Windows\system32\wininit.exe[536] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c32b80 5 bytes JMP 0000000077d90280
.text C:\Windows\system32\wininit.exe[536] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a1eecd 1 byte [62]
.text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c31360 5 bytes JMP 0000000077d90460
.text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c313b0 5 bytes JMP 0000000077d90450
.text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c31510 5 bytes JMP 0000000077d90370
.text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c31560 5 bytes JMP 0000000077d90470
.text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c31570 5 bytes JMP 0000000077d903e0
.text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c31620 5 bytes JMP 0000000077d90320
.text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c31650 5 bytes JMP 0000000077d903b0
.text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c31670 5 bytes JMP 0000000077d90390
.text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c316b0 5 bytes JMP 0000000077d902e0
.text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c31730 5 bytes JMP 0000000077d902d0
.text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c31750 5 bytes JMP 0000000077d90310
.text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c31790 5 bytes JMP 0000000077d903c0
.text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c317e0 5 bytes JMP 0000000077d903f0
.text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c31940 5 bytes JMP 0000000077d90230
.text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c31b00 5 bytes JMP 0000000077d90480
.text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c31b30 5 bytes JMP 0000000077d903a0
.text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c31c10 5 bytes JMP 0000000077d902f0
.text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c31c20 5 bytes JMP 0000000077d90350
.text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c31c80 5 bytes JMP 0000000077d90290
.text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c31d10 5 bytes JMP 0000000077d902b0
.text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c31d30 5 bytes JMP 0000000077d903d0
.text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c31d40 5 bytes JMP 0000000077d90330
.text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c31db0 5 bytes JMP 0000000077d90410
.text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c31de0 5 bytes JMP 0000000077d90240
.text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c320a0 5 bytes JMP 0000000077d901e0
.text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c32160 5 bytes JMP 0000000077d90250
.text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c32190 5 bytes JMP 0000000077d90490
.text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c321a0 5 bytes JMP 0000000077d904a0
.text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c321d0 5 bytes JMP 0000000077d90300
.text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c321e0 5 bytes JMP 0000000077d90360
.text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c32240 5 bytes JMP 0000000077d902a0
.text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c32290 5 bytes JMP 0000000077d902c0
.text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c322c0 5 bytes JMP 0000000077d90380
.text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c322d0 5 bytes JMP 0000000077d90340
.text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c325c0 5 bytes JMP 0000000077d90440
.text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c327c0 5 bytes JMP 0000000077d90260
.text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c327d0 5 bytes JMP 0000000077d90270
.text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c327e0 5 bytes JMP 0000000077d90400
.text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c329a0 5 bytes JMP 0000000077d901f0
.text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c329b0 5 bytes JMP 0000000077d90210
.text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c32a20 5 bytes JMP 0000000077d90200
.text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c32a80 5 bytes JMP 0000000077d90420
.text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c32a90 5 bytes JMP 0000000077d90430
.text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c32aa0 5 bytes JMP 0000000077d90220
.text C:\Windows\system32\services.exe[592] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c32b80 5 bytes JMP 0000000077d90280
.text C:\Windows\system32\svchost.exe[732] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a1eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c31360 5 bytes JMP 0000000077d90460
.text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c313b0 5 bytes JMP 0000000077d90450
.text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c31510 5 bytes JMP 0000000077d90370
.text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c31560 5 bytes JMP 0000000077d90470
.text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c31570 5 bytes JMP 0000000077d903e0
.text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c31620 5 bytes JMP 0000000077d90320
.text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c31650 5 bytes JMP 0000000077d903b0
.text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c31670 5 bytes JMP 0000000077d90390
.text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c316b0 5 bytes JMP 0000000077d902e0
.text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c31730 5 bytes JMP 0000000077d902d0
.text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c31750 5 bytes JMP 0000000077d90310
.text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c31790 5 bytes JMP 0000000077d903c0
.text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c317e0 5 bytes JMP 0000000077d903f0
.text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c31940 5 bytes JMP 0000000077d90230
.text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c31b00 5 bytes JMP 0000000077d90480
.text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c31b30 5 bytes JMP 0000000077d903a0
.text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair  0000000077c31c10 5 bytes JMP 0000000077d902f0
.text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c31c20 5 bytes JMP 0000000077d90350
.text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c31c80 5 bytes JMP 0000000077d90290
.text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c31d10 5 bytes JMP 0000000077d902b0
.text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c31d30 5 bytes JMP 0000000077d903d0
.text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c31d40 5 bytes JMP 0000000077d90330
.text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c31db0 5 bytes JMP 0000000077d90410
.text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c31de0 5 bytes JMP 0000000077d90240
.text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c320a0 5 bytes JMP 0000000077d901e0
.text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c32160 5 bytes JMP 0000000077d90250
.text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c32190 5 bytes JMP 0000000077d90490
.text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c321a0 5 bytes JMP 0000000077d904a0
.text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c321d0 5 bytes JMP 0000000077d90300
.text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c321e0 5 bytes JMP 0000000077d90360
.text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c32240 5 bytes JMP 0000000077d902a0
.text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c32290 5 bytes JMP 0000000077d902c0
.text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c322c0 5 bytes JMP 0000000077d90380
.text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c322d0 5 bytes JMP 0000000077d90340
.text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c325c0 5 bytes JMP 0000000077d90440
.text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c327c0 5 bytes JMP 0000000077d90260
.text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c327d0 5 bytes JMP 0000000077d90270
.text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c327e0 5 bytes JMP 0000000077d90400
.text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c329a0 5 bytes JMP 0000000077d901f0
.text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c329b0 5 bytes JMP 0000000077d90210
.text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c32a20 5 bytes JMP 0000000077d90200
.text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c32a80 5 bytes JMP 0000000077d90420
.text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c32a90 5 bytes JMP 0000000077d90430
.text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c32aa0 5 bytes JMP 0000000077d90220
.text C:\Windows\system32\svchost.exe[876] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c32b80 5 bytes JMP 0000000077d90280
.text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c31360 5 bytes JMP 0000000077d90460
.text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c313b0 5 bytes JMP 0000000077d90450
.text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c31510 5 bytes JMP 0000000077d90370
.text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c31560 5 bytes JMP 0000000077d90470
.text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c31570 5 bytes JMP 0000000077d903e0
.text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c31620 5 bytes JMP 0000000077d90320
.text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c31650 5 bytes JMP 0000000077d903b0
.text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c31670 5 bytes JMP 0000000077d90390
.text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c316b0 5 bytes JMP 0000000077d902e0
.text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c31730 5 bytes JMP 0000000077d902d0
.text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c31750 5 bytes JMP 0000000077d90310
.text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c31790 5 bytes JMP 0000000077d903c0
.text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c317e0 5 bytes JMP 0000000077d903f0
.text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c31940 5 bytes JMP 0000000077d90230
.text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c31b00 5 bytes JMP 0000000077d90480
.text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c31b30 5 bytes JMP 0000000077d903a0
.text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c31c10 5 bytes JMP 0000000077d902f0
.text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c31c20 5 bytes JMP 0000000077d90350
.text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c31c80 5 bytes JMP 0000000077d90290
.text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c31d10 5 bytes JMP 0000000077d902b0
.text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c31d30 5 bytes JMP 0000000077d903d0
.text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c31d40 5 bytes JMP 0000000077d90330
.text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c31db0 5 bytes JMP 0000000077d90410
.text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c31de0 5 bytes JMP 0000000077d90240
.text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c320a0 5 bytes JMP 0000000077d901e0
.text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c32160 5 bytes JMP 0000000077d90250
.text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c32190 5 bytes JMP 0000000077d90490
.text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c321a0 5 bytes JMP 0000000077d904a0
.text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c321d0 5 bytes JMP 0000000077d90300
.text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c321e0 5 bytes JMP 0000000077d90360
.text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c32240 5 bytes JMP 0000000077d902a0
.text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c32290 5 bytes JMP 0000000077d902c0
.text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c322c0 5 bytes JMP 0000000077d90380
.text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c322d0 5 bytes JMP 0000000077d90340
.text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c325c0 5 bytes JMP 0000000077d90440
.text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c327c0 5 bytes JMP 0000000077d90260
.text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c327d0 5 bytes JMP 0000000077d90270
.text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c327e0 5 bytes JMP 0000000077d90400
.text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c329a0 5 bytes JMP 0000000077d901f0
.text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c329b0 5 bytes JMP 0000000077d90210
.text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c32a20 5 bytes JMP 0000000077d90200
.text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c32a80 5 bytes JMP 0000000077d90420
.text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c32a90 5 bytes JMP 0000000077d90430
.text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c32aa0 5 bytes JMP 0000000077d90220
.text C:\Windows\System32\svchost.exe[936] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c32b80 5 bytes JMP 0000000077d90280
.text C:\Windows\System32\svchost.exe[936] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a1eecd 1 byte [62]
.text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c31360 5 bytes JMP 0000000077d90460
.text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c313b0 5 bytes JMP 0000000077d90450
.text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c31510 5 bytes JMP 0000000077d90370
.text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c31560 5 bytes JMP 0000000077d90470
.text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c31570 5 bytes JMP 0000000077d903e0
.text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c31620 5 bytes JMP 0000000077d90320
.text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c31650 5 bytes JMP 0000000077d903b0
.text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c31670 5 bytes JMP 0000000077d90390
.text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c316b0 5 bytes JMP 0000000077d902e0
.text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c31730 5 bytes JMP 0000000077d902d0
.text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c31750 5 bytes JMP 0000000077d90310
.text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c31790 5 bytes JMP 0000000077d903c0
.text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c317e0 5 bytes JMP 0000000077d903f0
.text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c31940 5 bytes JMP 0000000077d90230
.text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c31b00 5 bytes JMP 0000000077d90480
.text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c31b30 5 bytes JMP 0000000077d903a0
.text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c31c10 5 bytes JMP 0000000077d902f0
.text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c31c20 5 bytes JMP 0000000077d90350
.text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c31c80 5 bytes JMP 0000000077d90290
.text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c31d10 5 bytes JMP 0000000077d902b0
.text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c31d30 5 bytes JMP 0000000077d903d0
.text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c31d40 5 bytes JMP 0000000077d90330
.text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c31db0 5 bytes JMP 0000000077d90410
.text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c31de0 5 bytes JMP 0000000077d90240
.text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c320a0 5 bytes JMP 0000000077d901e0
.text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c32160 5 bytes JMP 0000000077d90250
.text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c32190 5 bytes JMP 0000000077d90490
.text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c321a0 5 bytes JMP 0000000077d904a0
.text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c321d0 5 bytes JMP 0000000077d90300
.text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c321e0 5 bytes JMP 0000000077d90360
.text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c32240 5 bytes JMP 0000000077d902a0
.text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c32290 5 bytes JMP 0000000077d902c0
.text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c322c0 5 bytes JMP 0000000077d90380
.text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c322d0 5 bytes JMP 0000000077d90340
.text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c325c0 5 bytes JMP 0000000077d90440
.text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c327c0 5 bytes JMP 0000000077d90260
.text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c327d0 5 bytes JMP 0000000077d90270
.text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c327e0 5 bytes JMP 0000000077d90400
.text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c329a0 5 bytes JMP 0000000077d901f0
.text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c329b0 5 bytes JMP 0000000077d90210
.text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem  0000000077c32a20 5 bytes JMP 0000000077d90200
.text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c32a80 5 bytes JMP 0000000077d90420
.text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c32a90 5 bytes JMP 0000000077d90430
.text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c32aa0 5 bytes JMP 0000000077d90220
.text C:\Windows\System32\svchost.exe[1016] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c32b80 5 bytes JMP 0000000077d90280
.text C:\Windows\system32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c31360 5 bytes JMP 0000000077d90460
.text C:\Windows\system32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c313b0 5 bytes JMP 0000000077d90450
.text C:\Windows\system32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c31510 5 bytes JMP 0000000077d90370
.text C:\Windows\system32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c31560 5 bytes JMP 0000000077d90470
.text C:\Windows\system32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c31570 5 bytes JMP 0000000077d903e0
.text C:\Windows\system32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c31620 5 bytes JMP 0000000077d90320
.text C:\Windows\system32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c31650 5 bytes JMP 0000000077d903b0
.text C:\Windows\system32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c31670 5 bytes JMP 0000000077d90390
.text C:\Windows\system32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c316b0 5 bytes JMP 0000000077d902e0
.text C:\Windows\system32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c31730 5 bytes JMP 0000000077d902d0
.text C:\Windows\system32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c31750 5 bytes JMP 0000000077d90310
.text C:\Windows\system32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c31790 5 bytes JMP 0000000077d903c0
.text C:\Windows\system32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c317e0 5 bytes JMP 0000000077d903f0
.text C:\Windows\system32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c31940 5 bytes JMP 0000000077d90230
.text C:\Windows\system32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort  0000000077c31b00 5 bytes JMP 0000000077d90480
.text C:\Windows\system32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c31b30 5 bytes JMP 0000000077d903a0
.text C:\Windows\system32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c31c10 5 bytes JMP 0000000077d902f0
.text C:\Windows\system32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c31c20 5 bytes JMP 0000000077d90350
.text C:\Windows\system32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c31c80 5 bytes JMP 0000000077d90290
.text C:\Windows\system32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c31d10 5 bytes JMP 0000000077d902b0
.text C:\Windows\system32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c31d30 5 bytes JMP 0000000077d903d0
.text C:\Windows\system32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c31d40 5 bytes JMP 0000000077d90330
.text C:\Windows\system32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c31db0 5 bytes JMP 0000000077d90410
.text C:\Windows\system32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c31de0 5 bytes JMP 0000000077d90240
.text C:\Windows\system32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c320a0 5 bytes JMP 0000000077d901e0
.text C:\Windows\system32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c32160 5 bytes JMP 0000000077d90250
.text C:\Windows\system32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c32190 5 bytes JMP 0000000077d90490
.text C:\Windows\system32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c321a0 5 bytes JMP 0000000077d904a0
.text C:\Windows\system32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c321d0 5 bytes JMP 0000000077d90300
.text C:\Windows\system32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c321e0 5 bytes JMP 0000000077d90360
.text C:\Windows\system32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c32240 5 bytes JMP 0000000077d902a0
.text C:\Windows\system32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c32290 5 bytes JMP 0000000077d902c0
.text C:\Windows\system32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c322c0 5 bytes JMP 0000000077d90380
.text C:\Windows\system32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c322d0 5 bytes JMP 0000000077d90340
.text C:\Windows\system32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c325c0 5 bytes JMP 0000000077d90440
.text C:\Windows\system32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c327c0 5 bytes JMP 0000000077d90260
.text C:\Windows\system32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c327d0 5 bytes JMP 0000000077d90270
.text C:\Windows\system32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c327e0 5 bytes JMP 0000000077d90400
.text C:\Windows\system32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c329a0 5 bytes JMP 0000000077d901f0
.text C:\Windows\system32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c329b0 5 bytes JMP 0000000077d90210
.text C:\Windows\system32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c32a20 5 bytes JMP 0000000077d90200
.text C:\Windows\system32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c32a80 5 bytes JMP 0000000077d90420
.text C:\Windows\system32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c32a90 5 bytes JMP 0000000077d90430
.text C:\Windows\system32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c32aa0 5 bytes JMP 0000000077d90220
.text C:\Windows\system32\svchost.exe[408] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c32b80 5 bytes JMP 0000000077d90280
.text C:\Windows\system32\svchost.exe[408] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a1eecd 1 byte [62]
.text C:\Windows\system32\Dwm.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c31360 5 bytes JMP 0000000077d90460
.text C:\Windows\system32\Dwm.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c313b0 5 bytes JMP 0000000077d90450
.text C:\Windows\system32\Dwm.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c31510 5 bytes JMP 0000000077d90370
.text C:\Windows\system32\Dwm.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c31560 5 bytes JMP 0000000077d90470
.text C:\Windows\system32\Dwm.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c31570 5 bytes JMP 0000000077d903e0
.text C:\Windows\system32\Dwm.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c31620 5 bytes JMP 0000000077d90320
.text C:\Windows\system32\Dwm.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c31650 5 bytes JMP 0000000077d903b0
.text C:\Windows\system32\Dwm.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c31670 5 bytes JMP 0000000077d90390
.text C:\Windows\system32\Dwm.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c316b0 5 bytes JMP 0000000077d902e0
.text C:\Windows\system32\Dwm.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c31730 5 bytes JMP 0000000077d902d0
.text C:\Windows\system32\Dwm.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c31750 5 bytes JMP 0000000077d90310
.text C:\Windows\system32\Dwm.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c31790 5 bytes JMP 0000000077d903c0
.text C:\Windows\system32\Dwm.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c317e0 5 bytes JMP 0000000077d903f0
.text C:\Windows\system32\Dwm.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c31940 5 bytes JMP 0000000077d90230
.text C:\Windows\system32\Dwm.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c31b00 5 bytes JMP 0000000077d90480
.text C:\Windows\system32\Dwm.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c31b30 5 bytes JMP 0000000077d903a0
.text C:\Windows\system32\Dwm.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c31c10 5 bytes JMP 0000000077d902f0
.text C:\Windows\system32\Dwm.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c31c20 5 bytes JMP 0000000077d90350
.text C:\Windows\system32\Dwm.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c31c80 5 bytes JMP 0000000077d90290
.text C:\Windows\system32\Dwm.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c31d10 5 bytes JMP 0000000077d902b0
.text C:\Windows\system32\Dwm.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c31d30 5 bytes JMP 0000000077d903d0
.text C:\Windows\system32\Dwm.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c31d40 5 bytes JMP 0000000077d90330
.text C:\Windows\system32\Dwm.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c31db0 5 bytes JMP 0000000077d90410
.text C:\Windows\system32\Dwm.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c31de0 5 bytes JMP 0000000077d90240
.text C:\Windows\system32\Dwm.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c320a0 5 bytes JMP 0000000077d901e0
.text C:\Windows\system32\Dwm.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c32160 5 bytes JMP 0000000077d90250
.text C:\Windows\system32\Dwm.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c32190 5 bytes JMP 0000000077d90490
.text C:\Windows\system32\Dwm.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys  0000000077c321a0 5 bytes JMP 0000000077d904a0
.text C:\Windows\system32\Dwm.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c321d0 5 bytes JMP 0000000077d90300
.text C:\Windows\system32\Dwm.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c321e0 5 bytes JMP 0000000077d90360
.text C:\Windows\system32\Dwm.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c32240 5 bytes JMP 0000000077d902a0
.text C:\Windows\system32\Dwm.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c32290 5 bytes JMP 0000000077d902c0
.text C:\Windows\system32\Dwm.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c322c0 5 bytes JMP 0000000077d90380
.text C:\Windows\system32\Dwm.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c322d0 5 bytes JMP 0000000077d90340
.text C:\Windows\system32\Dwm.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c325c0 5 bytes JMP 0000000077d90440
.text C:\Windows\system32\Dwm.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c327c0 5 bytes JMP 0000000077d90260
.text C:\Windows\system32\Dwm.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c327d0 5 bytes JMP 0000000077d90270
.text C:\Windows\system32\Dwm.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c327e0 5 bytes JMP 0000000077d90400
.text C:\Windows\system32\Dwm.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c329a0 5 bytes JMP 0000000077d901f0
.text C:\Windows\system32\Dwm.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c329b0 5 bytes JMP 0000000077d90210
.text C:\Windows\system32\Dwm.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c32a20 5 bytes JMP 0000000077d90200
.text C:\Windows\system32\Dwm.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c32a80 5 bytes JMP 0000000077d90420
.text C:\Windows\system32\Dwm.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c32a90 5 bytes JMP 0000000077d90430
.text C:\Windows\system32\Dwm.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c32aa0 5 bytes JMP 0000000077d90220
.text C:\Windows\system32\Dwm.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c32b80 5 bytes JMP 0000000077d90280
.text C:\Windows\Explorer.EXE[1572] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c31360 5 bytes JMP 0000000077d90460
.text C:\Windows\Explorer.EXE[1572] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c313b0 5 bytes JMP 0000000077d90450
.text C:\Windows\Explorer.EXE[1572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c31510 5 bytes JMP 0000000077d90370
.text C:\Windows\Explorer.EXE[1572] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c31560 5 bytes JMP 0000000077d90470
.text C:\Windows\Explorer.EXE[1572] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c31570 5 bytes JMP 0000000077d903e0
.text C:\Windows\Explorer.EXE[1572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c31620 5 bytes JMP 0000000077d90320
.text C:\Windows\Explorer.EXE[1572] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c31650 5 bytes JMP 0000000077d903b0
.text C:\Windows\Explorer.EXE[1572] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c31670 5 bytes JMP 0000000077d90390
.text C:\Windows\Explorer.EXE[1572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c316b0 5 bytes JMP 0000000077d902e0
.text C:\Windows\Explorer.EXE[1572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c31730 5 bytes JMP 0000000077d902d0
.text C:\Windows\Explorer.EXE[1572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c31750 5 bytes JMP 0000000077d90310
.text C:\Windows\Explorer.EXE[1572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c31790 5 bytes JMP 0000000077d903c0
.text C:\Windows\Explorer.EXE[1572] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c317e0 5 bytes JMP 0000000077d903f0
.text C:\Windows\Explorer.EXE[1572] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c31940 5 bytes JMP 0000000077d90230
.text C:\Windows\Explorer.EXE[1572] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c31b00 5 bytes JMP 0000000077d90480
.text C:\Windows\Explorer.EXE[1572] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c31b30 5 bytes JMP 0000000077d903a0
.text C:\Windows\Explorer.EXE[1572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c31c10 5 bytes JMP 0000000077d902f0
.text C:\Windows\Explorer.EXE[1572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c31c20 5 bytes JMP 0000000077d90350
.text C:\Windows\Explorer.EXE[1572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c31c80 5 bytes JMP 0000000077d90290
.text C:\Windows\Explorer.EXE[1572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c31d10 5 bytes JMP 0000000077d902b0
.text C:\Windows\Explorer.EXE[1572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c31d30 5 bytes JMP 0000000077d903d0
.text C:\Windows\Explorer.EXE[1572] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c31d40 5 bytes JMP 0000000077d90330
.text C:\Windows\Explorer.EXE[1572] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c31db0 5 bytes JMP 0000000077d90410
.text C:\Windows\Explorer.EXE[1572] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c31de0 5 bytes JMP 0000000077d90240
.text C:\Windows\Explorer.EXE[1572] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c320a0 5 bytes JMP 0000000077d901e0
.text C:\Windows\Explorer.EXE[1572] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c32160 5 bytes JMP 0000000077d90250
.text C:\Windows\Explorer.EXE[1572] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c32190 5 bytes JMP 0000000077d90490
.text C:\Windows\Explorer.EXE[1572] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c321a0 5 bytes JMP 0000000077d904a0
.text C:\Windows\Explorer.EXE[1572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c321d0 5 bytes JMP 0000000077d90300
.text C:\Windows\Explorer.EXE[1572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c321e0 5 bytes JMP 0000000077d90360
.text C:\Windows\Explorer.EXE[1572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c32240 5 bytes JMP 0000000077d902a0
.text C:\Windows\Explorer.EXE[1572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c32290 5 bytes JMP 0000000077d902c0
.text C:\Windows\Explorer.EXE[1572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c322c0 5 bytes JMP 0000000077d90380
.text C:\Windows\Explorer.EXE[1572] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c322d0 5 bytes JMP 0000000077d90340
.text C:\Windows\Explorer.EXE[1572] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c325c0 5 bytes JMP 0000000077d90440
.text C:\Windows\Explorer.EXE[1572] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c327c0 5 bytes JMP 0000000077d90260
.text C:\Windows\Explorer.EXE[1572] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c327d0 5 bytes JMP 0000000077d90270
.text C:\Windows\Explorer.EXE[1572] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c327e0 5 bytes JMP 0000000077d90400
.text C:\Windows\Explorer.EXE[1572] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c329a0 5 bytes JMP 0000000077d901f0
.text C:\Windows\Explorer.EXE[1572] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c329b0 5 bytes JMP 0000000077d90210
.text C:\Windows\Explorer.EXE[1572] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c32a20 5 bytes JMP 0000000077d90200
.text C:\Windows\Explorer.EXE[1572] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c32a80 5 bytes JMP 0000000077d90420
.text C:\Windows\Explorer.EXE[1572] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c32a90 5 bytes JMP 0000000077d90430
.text C:\Windows\Explorer.EXE[1572] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c32aa0 5 bytes JMP 0000000077d90220
.text C:\Windows\Explorer.EXE[1572] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c32b80 5 bytes JMP 0000000077d90280
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1252] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000776da2ba 1 byte [62]
.text C:\Windows\System32\igfxpers.exe[2060] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a1eecd 1 byte [62]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2272] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000776da2ba 1 byte [62]
.text C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe[2348] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a1eecd 1 byte [62]
.text C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe[2576] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000776da2ba 1 byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2716] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000776da2ba 1 byte [62]
.text C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe[2732] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000776da2ba 1 byte [62]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[2776] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000776da2ba 1 byte [62]
.text C:\Windows\system32\svchost.exe[2980] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a1eecd 1 byte [62]
.text C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE[3432] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000776da2ba 1 byte [62]
.text C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe[4136] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000776da2ba 1 byte [62]
.text C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe[4944] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a1eecd 1 byte [62]
.text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[1304] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000776da2ba 1 byte [62]
.text C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe[4336] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000776da2ba 1 byte [62]
.text C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe[3020] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000776da2ba 1 byte [62]
.text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c31360 5 bytes JMP 0000000077d90460
.text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c313b0 5 bytes JMP 0000000077d90450
.text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c31510 5 bytes JMP 0000000077d90370
.text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c31560 5 bytes JMP 0000000077d90470
.text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c31570 5 bytes JMP 0000000077d903e0
.text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c31620 5 bytes JMP 0000000077d90320
.text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c31650 5 bytes JMP 0000000077d903b0
.text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c31670 5 bytes JMP 0000000077d90390
.text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c316b0 5 bytes JMP 0000000077d902e0
.text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c31730 5 bytes JMP 0000000077d902d0
.text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c31750 5 bytes JMP 0000000077d90310
.text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c31790 5 bytes JMP 0000000077d903c0
.text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c317e0 5 bytes JMP 0000000077d903f0
.text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c31940 5 bytes JMP 0000000077d90230
.text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c31b00 5 bytes JMP 0000000077d90480
.text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c31b30 5 bytes JMP 0000000077d903a0
.text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c31c10 5 bytes JMP 0000000077d902f0
.text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c31c20 5 bytes JMP 0000000077d90350
.text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c31c80 5 bytes JMP 0000000077d90290
.text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore  0000000077c31d10 5 bytes JMP 0000000077d902b0
.text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c31d30 5 bytes JMP 0000000077d903d0
.text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c31d40 5 bytes JMP 0000000077d90330
.text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c31db0 5 bytes JMP 0000000077d90410
.text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c31de0 5 bytes JMP 0000000077d90240
.text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c320a0 5 bytes JMP 0000000077d901e0
.text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c32160 5 bytes JMP 0000000077d90250
.text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c32190 5 bytes JMP 0000000077d90490
.text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c321a0 5 bytes JMP 0000000077d904a0
.text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c321d0 5 bytes JMP 0000000077d90300
.text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c321e0 5 bytes JMP 0000000077d90360
.text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c32240 5 bytes JMP 0000000077d902a0
.text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c32290 5 bytes JMP 0000000077d902c0
.text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c322c0 5 bytes JMP 0000000077d90380
.text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c322d0 5 bytes JMP 0000000077d90340
.text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c325c0 5 bytes JMP 0000000077d90440
.text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c327c0 5 bytes JMP 0000000077d90260
.text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c327d0 5 bytes JMP 0000000077d90270
.text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c327e0 5 bytes JMP 0000000077d90400
.text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c329a0 5 bytes JMP 0000000077d901f0
.text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c329b0 5 bytes JMP 0000000077d90210
.text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c32a20 5 bytes JMP 0000000077d90200
.text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c32a80 5 bytes JMP 0000000077d90420
.text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c32a90 5 bytes JMP 0000000077d90430
.text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c32aa0 5 bytes JMP 0000000077d90220
.text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[1984] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c32b80 5 bytes JMP 0000000077d90280
.text C:\Program Files\Sony\VAIO Care\VCPerfService.exe[1984] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a1eecd 1 byte [62]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[5256] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 0000000077a1eecd 1 byte [62]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5564] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000776da2ba 1 byte [62]
.text C:\Program Files\Sony\VAIO Care\VCService.exe[3700] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000776da2ba 1 byte [62]
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c31360 5 bytes JMP 0000000100250460
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c313b0 5 bytes JMP 0000000100250450
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c31510 5 bytes JMP 0000000100250370
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c31560 5 bytes JMP 0000000100250470
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c31570 5 bytes JMP 00000001002503e0
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c31620 5 bytes JMP 0000000100250320
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c31650 5 bytes JMP 00000001002503b0
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c31670 5 bytes JMP 0000000100250390
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c316b0 5 bytes JMP 00000001002502e0
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c31730 5 bytes JMP 00000001002502d0
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c31750 5 bytes JMP 0000000100250310
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c31790 5 bytes JMP 00000001002503c0
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c317e0 5 bytes JMP 00000001002503f0
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c31940 5 bytes JMP 0000000100250230
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c31b00 5 bytes JMP 0000000100250480
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c31b30 5 bytes JMP 00000001002503a0
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c31c10 5 bytes JMP 00000001002502f0
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c31c20 5 bytes JMP 0000000100250350
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c31c80 5 bytes JMP 0000000100250290
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c31d10 5 bytes JMP 00000001002502b0
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c31d30 5 bytes JMP 00000001002503d0
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c31d40 5 bytes JMP 0000000100250330
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c31db0 5 bytes JMP 0000000100250410
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c31de0 5 bytes JMP 0000000100250240
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c320a0 5 bytes JMP 00000001002501e0
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c32160 5 bytes JMP 0000000100250250
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c32190 5 bytes JMP 0000000100250490
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c321a0 5 bytes JMP 00000001002504a0
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c321d0 5 bytes JMP 0000000100250300
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c321e0 5 bytes JMP 0000000100250360
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c32240 5 bytes JMP 00000001002502a0
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c32290 5 bytes JMP 00000001002502c0
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c322c0 5 bytes JMP 0000000100250380
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c322d0 5 bytes JMP 0000000100250340
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c325c0 5 bytes JMP 0000000100250440
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c327c0 5 bytes JMP 0000000100250260
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c327d0 5 bytes JMP 0000000100250270
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c327e0 5 bytes JMP 0000000100250400
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c329a0 5 bytes JMP 00000001002501f0
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c329b0 5 bytes JMP 0000000100250210
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c32a20 5 bytes JMP 0000000100250200
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c32a80 5 bytes JMP 0000000100250420
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c32a90 5 bytes JMP 0000000100250430
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c32aa0 5 bytes JMP 0000000100250220
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[3080] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c32b80 5 bytes JMP 0000000100250280
.text C:\Program Files\Sony\VAIO Care\VCAgent.exe[3080] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000077a1eecd 1 byte [62]
.text C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe[1308] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000776da2ba 1 byte [62]
.text C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe[1308] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69  0000000075eb1465 2 bytes {JMP 0x77}
.text C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe[1308] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000075eb14bb 2 bytes {JMP 0x77}
.text ... * 2
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5768] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c31360 5 bytes JMP 0000000077d90460
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5768] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c313b0 5 bytes JMP 0000000077d90450
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c31510 5 bytes JMP 0000000077d90370
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5768] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c31560 5 bytes JMP 0000000077d90470
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5768] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c31570 5 bytes JMP 0000000077d903e0
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c31620 5 bytes JMP 0000000077d90320
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5768] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c31650 5 bytes JMP 0000000077d903b0
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5768] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c31670 5 bytes JMP 0000000077d90390
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c316b0 5 bytes JMP 0000000077d902e0
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c31730 5 bytes JMP 0000000077d902d0
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c31750 5 bytes JMP 0000000077d90310
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c31790 5 bytes JMP 0000000077d903c0
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5768] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c317e0 5 bytes JMP 0000000077d903f0
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5768] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c31940 5 bytes JMP 0000000077d90230
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5768] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c31b00 5 bytes JMP 0000000077d90480
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5768] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c31b30 5 bytes JMP 0000000077d903a0
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c31c10 5 bytes JMP 0000000077d902f0
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c31c20 5 bytes JMP 0000000077d90350
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c31c80 5 bytes JMP 0000000077d90290
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c31d10 5 bytes JMP 0000000077d902b0
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c31d30 5 bytes JMP 0000000077d903d0
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5768] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c31d40 5 bytes JMP 0000000077d90330
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5768] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c31db0 5 bytes JMP 0000000077d90410
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5768] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c31de0 5 bytes JMP 0000000077d90240
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5768] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c320a0 5 bytes JMP 0000000077d901e0
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5768] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c32160 5 bytes JMP 0000000077d90250
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5768] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c32190 5 bytes JMP 0000000077d90490
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5768] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c321a0 5 bytes JMP 0000000077d904a0
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c321d0 5 bytes JMP 0000000077d90300
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c321e0 5 bytes JMP 0000000077d90360
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c32240 5 bytes JMP 0000000077d902a0
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c32290 5 bytes JMP 0000000077d902c0
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c322c0 5 bytes JMP 0000000077d90380
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5768] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c322d0 5 bytes JMP 0000000077d90340
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5768] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c325c0 5 bytes JMP 0000000077d90440
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5768] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c327c0 5 bytes JMP 0000000077d90260
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5768] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c327d0 5 bytes JMP 0000000077d90270
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5768] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c327e0 5 bytes JMP 0000000077d90400
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5768] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c329a0 5 bytes JMP 0000000077d901f0
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5768] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c329b0 5 bytes JMP 0000000077d90210
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5768] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c32a20 5 bytes JMP 0000000077d90200
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5768] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c32a80 5 bytes JMP 0000000077d90420
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5768] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c32a90 5 bytes JMP 0000000077d90430
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5768] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c32aa0 5 bytes JMP 0000000077d90220
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5768] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c32b80 5 bytes JMP 0000000077d90280
.text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[5768] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000077a1eecd 1 byte [62]
.text C:\Program Files\Sony\VAIO Care\Admload.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077c31360 5 bytes JMP 00000001001e0460
.text C:\Program Files\Sony\VAIO Care\Admload.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077c313b0 5 bytes JMP 00000001001e0450
.text C:\Program Files\Sony\VAIO Care\Admload.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077c31510 5 bytes JMP 00000001001e0370
.text C:\Program Files\Sony\VAIO Care\Admload.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077c31560 5 bytes JMP 00000001001e0470
.text C:\Program Files\Sony\VAIO Care\Admload.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077c31570 5 bytes JMP 00000001001e03e0
.text C:\Program Files\Sony\VAIO Care\Admload.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077c31620 5 bytes JMP 00000001001e0320
.text C:\Program Files\Sony\VAIO Care\Admload.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077c31650 5 bytes JMP 00000001001e03b0
.text C:\Program Files\Sony\VAIO Care\Admload.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077c31670 5 bytes JMP 00000001001e0390
.text C:\Program Files\Sony\VAIO Care\Admload.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077c316b0 5 bytes JMP 00000001001e02e0
.text C:\Program Files\Sony\VAIO Care\Admload.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077c31730 5 bytes JMP 00000001001e02d0
.text C:\Program Files\Sony\VAIO Care\Admload.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077c31750 5 bytes JMP 00000001001e0310
.text C:\Program Files\Sony\VAIO Care\Admload.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077c31790 5 bytes JMP 00000001001e03c0
.text C:\Program Files\Sony\VAIO Care\Admload.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077c317e0 5 bytes JMP 00000001001e03f0
.text C:\Program Files\Sony\VAIO Care\Admload.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077c31940 5 bytes JMP 00000001001e0230
.text C:\Program Files\Sony\VAIO Care\Admload.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077c31b00 5 bytes JMP 00000001001e0480
.text C:\Program Files\Sony\VAIO Care\Admload.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077c31b30 5 bytes JMP 00000001001e03a0
.text C:\Program Files\Sony\VAIO Care\Admload.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077c31c10 5 bytes JMP 00000001001e02f0
.text C:\Program Files\Sony\VAIO Care\Admload.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077c31c20 5 bytes JMP 00000001001e0350
.text C:\Program Files\Sony\VAIO Care\Admload.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077c31c80 5 bytes JMP 00000001001e0290
.text C:\Program Files\Sony\VAIO Care\Admload.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077c31d10 5 bytes JMP 00000001001e02b0
.text C:\Program Files\Sony\VAIO Care\Admload.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077c31d30 5 bytes JMP 00000001001e03d0
.text C:\Program Files\Sony\VAIO Care\Admload.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077c31d40 5 bytes JMP 00000001001e0330
.text C:\Program Files\Sony\VAIO Care\Admload.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077c31db0 5 bytes JMP 00000001001e0410
.text C:\Program Files\Sony\VAIO Care\Admload.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077c31de0 5 bytes JMP 00000001001e0240
.text C:\Program Files\Sony\VAIO Care\Admload.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077c320a0 5 bytes JMP 00000001001e01e0
.text C:\Program Files\Sony\VAIO Care\Admload.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077c32160 5 bytes JMP 00000001001e0250
.text C:\Program Files\Sony\VAIO Care\Admload.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077c32190 5 bytes JMP 00000001001e0490
.text C:\Program Files\Sony\VAIO Care\Admload.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077c321a0 5 bytes JMP 00000001001e04a0
.text C:\Program Files\Sony\VAIO Care\Admload.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077c321d0 5 bytes JMP 00000001001e0300
.text C:\Program Files\Sony\VAIO Care\Admload.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077c321e0 5 bytes JMP 00000001001e0360
.text C:\Program Files\Sony\VAIO Care\Admload.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077c32240 5 bytes JMP 00000001001e02a0
.text C:\Program Files\Sony\VAIO Care\Admload.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077c32290 5 bytes JMP 00000001001e02c0
.text C:\Program Files\Sony\VAIO Care\Admload.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077c322c0 5 bytes JMP 00000001001e0380
.text C:\Program Files\Sony\VAIO Care\Admload.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077c322d0 5 bytes JMP 00000001001e0340
.text C:\Program Files\Sony\VAIO Care\Admload.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077c325c0 5 bytes JMP 00000001001e0440
.text C:\Program Files\Sony\VAIO Care\Admload.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077c327c0 5 bytes JMP 00000001001e0260
.text C:\Program Files\Sony\VAIO Care\Admload.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077c327d0 5 bytes JMP 00000001001e0270
.text C:\Program Files\Sony\VAIO Care\Admload.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077c327e0 5 bytes JMP 00000001001e0400
.text C:\Program Files\Sony\VAIO Care\Admload.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077c329a0 5 bytes JMP 00000001001e01f0
.text C:\Program Files\Sony\VAIO Care\Admload.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077c329b0 5 bytes JMP 00000001001e0210
.text C:\Program Files\Sony\VAIO Care\Admload.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077c32a20 5 bytes JMP 00000001001e0200
.text C:\Program Files\Sony\VAIO Care\Admload.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077c32a80 5 bytes JMP 00000001001e0420
.text C:\Program Files\Sony\VAIO Care\Admload.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077c32a90 5 bytes JMP 00000001001e0430
.text C:\Program Files\Sony\VAIO Care\Admload.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077c32aa0 5 bytes JMP 00000001001e0220
.text C:\Program Files\Sony\VAIO Care\Admload.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077c32b80 5 bytes JMP 00000001001e0280
.text C:\Program Files\Sony\VAIO Care\Admload.exe[5712] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 0000000077a1eecd 1 byte [62]
.text C:\Program Files\Sony\VAIO Care\listener.exe[3388] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000776da2ba 1 byte [62]
.text C:\Users\Dee\Desktop\zkbvb6wb.exe[664] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000776da2ba 1 byte [62]

---- Threads - GMER 2.1 ----

Thread C:\Windows\system32\svchost.exe [408:2516] 000007fef4e9506c
Thread C:\Windows\system32\svchost.exe [408:2520] 000007fef0f01c20
Thread C:\Windows\system32\svchost.exe [408:2616]  000007fef0f01c20
Thread C:\Windows\system32\svchost.exe [408:5056] 000007fef61d5124
Thread C:\Windows\system32\svchost.exe [408:6140] 000007fef4cc4164
Thread C:\Windows\system32\svchost.exe [408:2552] 000007feefdacb70
Thread C:\Windows\system32\WLANExt.exe [1240:1280] 00000000001d8684
Thread C:\Windows\system32\WLANExt.exe [1240:1284] 00000000001d8684
Thread C:\Windows\System32\spoolsv.exe [1456:3328] 000007fef36a10c8
Thread C:\Windows\System32\spoolsv.exe [1456:3340] 000007fef3636144
Thread C:\Windows\System32\spoolsv.exe [1456:3348] 000007fef6a95fd0
Thread C:\Windows\System32\spoolsv.exe [1456:3352] 000007fef3613438
Thread C:\Windows\System32\spoolsv.exe [1456:3360] 000007fef6a963ec
Thread C:\Windows\System32\spoolsv.exe [1456:3368] 000007fef61c5e5c
Thread C:\Windows\System32\spoolsv.exe [1456:3512] 00000000001ce0bc
Thread C:\Windows\System32\spoolsv.exe [1456:3536] 000007fef36f8760
Thread C:\Windows\System32\spoolsv.exe [1456:3716] 00000000001c81fc
Thread C:\Windows\System32\spoolsv.exe [1456:4496] 00000000001ce0bc
Thread C:\Windows\system32\Dwm.exe [1540:1584] 000007fefa68f0d8
Thread C:\Windows\system32\Dwm.exe [1540:1588] 000007fef9feabf0
Thread C:\Windows\SysWOW64\DllHost.exe [4220:4288] 00000000725828f0
Thread C:\Windows\System32\svchost.exe [5200:5660] 000007fef4319688

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] 2
Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] 2
Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected]  1
Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] aswFsBlk
Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] FSFilter Activity Monitor
Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] FltMgr?
Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] avast! mini-filter driver (aswFsBlk)
Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances 
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\[email protected] aswFsBlk Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance 
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk [email protected] 388400
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk [email protected] 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk 
Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] 2
Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] 2
Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] 1
Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] \??\C:\Windows\system32\drivers\aswMonFlt.sys
Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] aswMonFlt
Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] FSFilter Anti-Virus
Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] FltMgr?
Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] avast! mini-filter driver (aswMonFlt)
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances 
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\[email protected] aswMonFlt Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance 
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt [email protected] 320700
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt [email protected] 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt 
Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] 1
Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] 1
Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] 1
Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] aswRdr
Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] PNP_TDI
Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] tcpip?
Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] avast! WFP Redirect driver
Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] \SystemRoot\System32\Drivers\aswrdr2.sys
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters 
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\[email protected] 
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\[email protected] nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr 
Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] 1
Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] 0
Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] 1
Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] aswRvrt
Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] avast! Revert
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters 
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\[email protected] 62
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\[email protected] 7991036
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\[email protected] \Device\Harddisk0\Partition3\Windows
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\[email protected] 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt 
Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] 2
Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] 1
Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] 1
Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] aswSnx
Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] FSFilter Virtualization
Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] FltMgr?
Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] avast! virtualization driver (aswSnx)
Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] 2
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances 
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\[email protected] aswSnx Instance
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance 
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx [email protected] 137600
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx [email protected] 0
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters 
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\[email protected] \DosDevices\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\[email protected] \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx 
Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] 1
Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] 1
Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] 1
Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] aswSP
Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] avast! Self Protection
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters 
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\[email protected] 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\[email protected] \DosDevices\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\[email protected] \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\[email protected] 1
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\[email protected] \DosDevices\C:\Program Files
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\[email protected] \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget
Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP 
Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] 1
Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] 1
Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] 1
Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] avast! Network Shield Support
Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] PNP_TDI
Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] tcpip?
Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] avast! Network Shield TDI driver
Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] 9
Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi 
Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] 1
Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] 0
Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] 1
Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected]  aswVmm
Reg HKLM\SYSTEM\CurrentControlSet\services\[email protected] avast! VM Monitor
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm\Parameters 
Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm 
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! [email protected] 32
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! [email protected] 2
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! [email protected] 1
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! [email protected] "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! [email protected] avast! Antivirus
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! [email protected] ShellSvcGroup
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! [email protected] aswMonFlt?RpcSS?
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! [email protected] 1
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! [email protected] LocalSystem
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! [email protected] 1
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! [email protected] Manages and implements avast! antivirus services for this computer. This includes the resident protection, the virus chest and the scheduler.
Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus 
Reg HKLM\SYSTEM\ControlSet002\services\[email protected] 2
Reg HKLM\SYSTEM\ControlSet002\services\[email protected] 2
Reg HKLM\SYSTEM\ControlSet002\services\[email protected] 1
Reg HKLM\SYSTEM\ControlSet002\services\[email protected] aswFsBlk
Reg HKLM\SYSTEM\ControlSet002\services\[email protected] FSFilter Activity Monitor
Reg HKLM\SYSTEM\ControlSet002\services\[email protected] FltMgr?
Reg HKLM\SYSTEM\ControlSet002\services\[email protected]  avast! mini-filter driver (aswFsBlk)
Reg HKLM\SYSTEM\ControlSet002\services\[email protected] 2
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\[email protected] aswFsBlk Instance
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk [email protected] 388400
Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk [email protected] 0
Reg HKLM\SYSTEM\ControlSet002\services\[email protected] 2
Reg HKLM\SYSTEM\ControlSet002\services\[email protected] 2
Reg HKLM\SYSTEM\ControlSet002\services\[email protected] 1
Reg HKLM\SYSTEM\ControlSet002\services\[email protected] \??\C:\Windows\system32\drivers\aswMonFlt.sys
Reg HKLM\SYSTEM\ControlSet002\services\[email protected] aswMonFlt
Reg HKLM\SYSTEM\ControlSet002\services\[email protected] FSFilter Anti-Virus
Reg HKLM\SYSTEM\ControlSet002\services\[email protected] FltMgr?
Reg HKLM\SYSTEM\ControlSet002\services\[email protected] avast! mini-filter driver (aswMonFlt)
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\[email protected] aswMonFlt Instance
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt [email protected] 320700
Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt [email protected] 0
Reg HKLM\SYSTEM\ControlSet002\services\[email protected] 1
Reg HKLM\SYSTEM\ControlSet002\services\[email protected] 1
Reg HKLM\SYSTEM\ControlSet002\services\[email protected] 1
Reg HKLM\SYSTEM\ControlSet002\services\[email protected]  aswRdr
Reg HKLM\SYSTEM\ControlSet002\services\[email protected] PNP_TDI
Reg HKLM\SYSTEM\ControlSet002\services\[email protected] tcpip?
Reg HKLM\SYSTEM\ControlSet002\services\[email protected] avast! WFP Redirect driver
Reg HKLM\SYSTEM\ControlSet002\services\[email protected] \SystemRoot\System32\Drivers\aswrdr2.sys
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\[email protected] 
Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\[email protected] nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll
Reg HKLM\SYSTEM\ControlSet002\services\[email protected] 1
Reg HKLM\SYSTEM\ControlSet002\services\[email protected] 0
Reg HKLM\SYSTEM\ControlSet002\services\[email protected] 1
Reg HKLM\SYSTEM\ControlSet002\services\[email protected] aswRvrt
Reg HKLM\SYSTEM\ControlSet002\services\[email protected] avast! Revert
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\[email protected] 62
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\[email protected] 7991036
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\[email protected] \Device\Harddisk0\Partition3\Windows
Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\[email protected] 1
Reg HKLM\SYSTEM\ControlSet002\services\[email protected] 2
Reg HKLM\SYSTEM\ControlSet002\services\[email protected] 1
Reg HKLM\SYSTEM\ControlSet002\services\[email protected] 1
Reg HKLM\SYSTEM\ControlSet002\services\[email protected] aswSnx
Reg HKLM\SYSTEM\ControlSet002\services\[email protected] FSFilter Virtualization
Reg HKLM\SYSTEM\ControlSet002\services\a[email protected] FltMgr?
Reg HKLM\SYSTEM\ControlSet002\services\[email protected] avast! virtualization driver (aswSnx)
Reg HKLM\SYSTEM\ControlSet002\services\[email protected] 2
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\[email protected] aswSnx Instance
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx [email protected] 137600
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx [email protected] 0
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\[email protected] \DosDevices\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\[email protected] \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet002\services\[email protected] 1
Reg HKLM\SYSTEM\ControlSet002\services\[email protected] 1
Reg HKLM\SYSTEM\ControlSet002\services\[email protected] 1
Reg HKLM\SYSTEM\ControlSet002\services\[email protected] aswSP
Reg HKLM\SYSTEM\ControlSet002\services\[email protected] avast! Self Protection
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\[email protected] 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\[email protected] \DosDevices\C:\Program Files\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\[email protected] \DosDevices\C:\ProgramData\AVAST Software\Avast
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\[email protected] 1
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\[email protected] \DosDevices\C:\Program Files
Reg HKLM\SYSTEM\ControlSet002\services\aswSP\[email protected]  \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget
Reg HKLM\SYSTEM\ControlSet002\services\[email protected] 1
Reg HKLM\SYSTEM\ControlSet002\services\[email protected] 1
Reg HKLM\SYSTEM\ControlSet002\services\[email protected] 1
Reg HKLM\SYSTEM\ControlSet002\services\[email protected] avast! Network Shield Support
Reg HKLM\SYSTEM\ControlSet002\services\[email protected] PNP_TDI
Reg HKLM\SYSTEM\ControlSet002\services\[email protected] tcpip?
Reg HKLM\SYSTEM\ControlSet002\services\[email protected] avast! Network Shield TDI driver
Reg HKLM\SYSTEM\ControlSet002\services\[email protected] 9
Reg HKLM\SYSTEM\ControlSet002\services\[email protected] 1
Reg HKLM\SYSTEM\ControlSet002\services\[email protected] 0
Reg HKLM\SYSTEM\ControlSet002\services\[email protected] 1
Reg HKLM\SYSTEM\ControlSet002\services\[email protected] aswVmm
Reg HKLM\SYSTEM\ControlSet002\services\[email protected] avast! VM Monitor
Reg HKLM\SYSTEM\ControlSet002\services\aswVmm\Parameters (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet002\services\avast! [email protected] 32
Reg HKLM\SYSTEM\ControlSet002\services\avast! [email protected] 2
Reg HKLM\SYSTEM\ControlSet002\services\avast! [email protected] 1
Reg HKLM\SYSTEM\ControlSet002\services\avast! [email protected] "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
Reg HKLM\SYSTEM\ControlSet002\services\avast! [email protected] avast! Antivirus
Reg HKLM\SYSTEM\ControlSet002\services\avast! [email protected] ShellSvcGroup
Reg HKLM\SYSTEM\ControlSet002\services\avast! [email protected] aswMonFlt?RpcSS?
Reg HKLM\SYSTEM\ControlSet002\services\avast! [email protected] 1
Reg HKLM\SYSTEM\ControlSet002\services\avast! [email protected] LocalSystem
Reg HKLM\SYSTEM\ControlSet002\services\avast! [email protected] 1
Reg HKLM\SYSTEM\ControlSet002\services\avast! [email protected] Manages and implements avast! antivirus services for this computer. This includes the resident protection, the virus chest and the scheduler.

---- EOF - GMER 2.1 ----


----------



## Grubbs (Nov 17, 2003)

19:33:03.0900 2956 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
19:33:03.0915 2956 ============================================================
19:33:03.0915 2956 Current date / time: 2013/09/24 19:33:03.0915
19:33:03.0915 2956 SystemInfo:
19:33:03.0915 2956 
19:33:03.0915 2956 OS Version: 6.1.7601 ServicePack: 1.0
19:33:03.0915 2956 Product type: Workstation
19:33:03.0915 2956 ComputerName: DEE-VAIO
19:33:03.0915 2956 UserName: Dee
19:33:03.0915 2956 Windows directory: C:\Windows
19:33:03.0915 2956 System windows directory: C:\Windows
19:33:03.0915 2956 Running under WOW64
19:33:03.0915 2956 Processor architecture: Intel x64
19:33:03.0915 2956 Number of processors: 2
19:33:03.0915 2956 Page size: 0x1000
19:33:03.0915 2956 Boot type: Normal boot
19:33:03.0915 2956 ============================================================
19:33:04.0508 2956 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:33:04.0633 2956 Drive \Device\Harddisk1\DR2 - Size: 0xEEB00000 (3.73 Gb), SectorSize: 0x200, Cylinders: 0x1E6, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:33:04.0633 2956 ============================================================
19:33:04.0633 2956 \Device\Harddisk0\DR0:
19:33:04.0633 2956 MBR partitions:
19:33:04.0633 2956 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14A7000, BlocksNum 0x32000
19:33:04.0633 2956 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x14D9000, BlocksNum 0x38EAC830
19:33:04.0633 2956 \Device\Harddisk1\DR2:
19:33:04.0633 2956 MBR partitions:
19:33:04.0633 2956 \Device\Harddisk1\DR2\Partition1: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0x7757E0
19:33:04.0633 2956 ============================================================
19:33:04.0664 2956 C: <-> \Device\Harddisk0\DR0\Partition2
19:33:04.0664 2956 ============================================================
19:33:04.0664 2956 Initialize success
19:33:04.0664 2956 ============================================================
19:33:08.0907 4272 ============================================================
19:33:08.0907 4272 Scan started
19:33:08.0907 4272 Mode: Manual; 
19:33:08.0907 4272 ============================================================
19:33:09.0250 4272 ================ Scan system memory ========================
19:33:09.0250 4272 System memory - ok
19:33:09.0250 4272 ================ Scan services =============================
19:33:09.0516 4272 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
19:33:09.0531 4272 1394ohci - ok
19:33:09.0640 4272 [ B33CF4DE909A5B30F526D82053A63C8E ] ABBYY.Licensing.FineReader.Sprint.9.0 C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
19:33:09.0687 4272 ABBYY.Licensing.FineReader.Sprint.9.0 - ok
19:33:09.0750 4272 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
19:33:09.0765 4272 ACDaemon - ok
19:33:09.0812 4272 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
19:33:09.0828 4272 ACPI - ok
19:33:09.0843 4272 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
19:33:09.0843 4272 AcpiPmi - ok
19:33:09.0968 4272 [ 3109B16A0939BA11696EEB04F345D099 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:33:09.0984 4272 AdobeFlashPlayerUpdateSvc - ok
19:33:10.0030 4272 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
19:33:10.0062 4272 adp94xx - ok
19:33:10.0108 4272 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
19:33:10.0124 4272 adpahci - ok
19:33:10.0140 4272 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
19:33:10.0155 4272 adpu320 - ok
19:33:10.0186 4272 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:33:10.0186 4272 AeLookupSvc - ok
19:33:10.0249 4272 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
19:33:10.0264 4272 AFD - ok
19:33:10.0296 4272 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
19:33:10.0311 4272 agp440 - ok
19:33:10.0327 4272 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
19:33:10.0327 4272 ALG - ok
19:33:10.0374 4272 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
19:33:10.0374 4272 aliide - ok
19:33:10.0389 4272 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
19:33:10.0389 4272 amdide - ok
19:33:10.0436 4272 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
19:33:10.0436 4272 AmdK8 - ok
19:33:10.0452 4272 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
19:33:10.0467 4272 AmdPPM - ok
19:33:10.0483 4272 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
19:33:10.0498 4272 amdsata - ok
19:33:10.0530 4272 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
19:33:10.0530 4272 amdsbs - ok
19:33:10.0545 4272 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
19:33:10.0545 4272 amdxata - ok
19:33:10.0608 4272 [ 12BFA9EC4B03CC16BB7D19BAA308AEF2 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
19:33:10.0623 4272 ApfiltrService - ok
19:33:10.0654 4272 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
19:33:10.0670 4272 AppID - ok
19:33:10.0686 4272 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:33:10.0701 4272 AppIDSvc - ok
19:33:10.0732 4272 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll
19:33:10.0748 4272 Appinfo - ok
19:33:10.0842 4272 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:33:10.0842 4272 Apple Mobile Device - ok
19:33:10.0873 4272 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
19:33:10.0888 4272 arc - ok
19:33:10.0920 4272 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
19:33:10.0920 4272 arcsas - ok
19:33:10.0966 4272 [ C130BC4A51B1382B2BE8E44579EC4C0A ] ArcSoftKsUFilter C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
19:33:10.0966 4272 ArcSoftKsUFilter - ok
19:33:11.0076 4272 [ 108FB6DDB69E537A2EA53F425363FAE5 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
19:33:11.0091 4272 aspnet_state - ok
19:33:11.0122 4272 [ 0BAEFD3F648C6E7AB52990DD9565E4E2 ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
19:33:11.0122 4272 aswFsBlk - ok
19:33:11.0169 4272 [ FA562F34ED6633C66170B09182B4C049 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
19:33:11.0169 4272 aswMonFlt - ok
19:33:11.0232 4272 [ 64E2BAB4096C13D2342BC4661C967E07 ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys
19:33:11.0232 4272 aswRdr - ok
19:33:11.0278 4272 [ 5573AA70993A2BB81525B1C704B88763 ] aswRvrt C:\Windows\system32\drivers\aswRvrt.sys
19:33:11.0278 4272 aswRvrt - ok
19:33:11.0325 4272 [ 8C0800CDB501CFC1164B286A0478DC10 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
19:33:11.0356 4272 aswSnx - ok
19:33:11.0403 4272 [ 3815DB16CDA62190F5C0A65118F3D714 ] aswSP C:\Windows\system32\drivers\aswSP.sys
19:33:11.0403 4272 aswSP - ok
19:33:11.0434 4272 [ 29DD8E458A84171202AA4979364C30C0 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
19:33:11.0450 4272 aswTdi - ok
19:33:11.0481 4272 [ 22F521108881DC59837F6FC614E0568F ] aswVmm C:\Windows\system32\drivers\aswVmm.sys
19:33:11.0497 4272 aswVmm - ok
19:33:11.0528 4272 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:33:11.0528 4272 AsyncMac - ok
19:33:11.0559 4272 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
19:33:11.0559 4272 atapi - ok
19:33:11.0668 4272 [ A5E770426D18F8EF332A593F3289DA91 ] athr C:\Windows\system32\DRIVERS\athrx.sys
19:33:11.0746 4272 athr - ok
19:33:11.0809 4272 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:33:11.0840 4272 AudioEndpointBuilder - ok
19:33:11.0871 4272 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
19:33:11.0887 4272 AudioSrv - ok
19:33:12.0012 4272 [ 28D6701C710AD7BA3CB95E75F8F1A9AA ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
19:33:12.0012 4272 avast! Antivirus - ok
19:33:12.0074 4272 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:33:12.0074 4272 AxInstSV - ok
19:33:12.0121 4272 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
19:33:12.0136 4272 b06bdrv - ok
19:33:12.0168 4272 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
19:33:12.0183 4272 b57nd60a - ok
19:33:12.0230 4272 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
19:33:12.0230 4272 BDESVC - ok
19:33:12.0246 4272 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
19:33:12.0246 4272 Beep - ok
19:33:12.0292 4272 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
19:33:12.0339 4272 BFE - ok
19:33:12.0386 4272 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
19:33:12.0417 4272 BITS - ok
19:33:12.0464 4272 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
19:33:12.0464 4272 blbdrive - ok
19:33:12.0542 4272 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:33:12.0558 4272 Bonjour Service - ok
19:33:12.0604 4272 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:33:12.0620 4272 bowser - ok
19:33:12.0636 4272 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
19:33:12.0636 4272 BrFiltLo - ok
19:33:12.0667 4272 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
19:33:12.0667 4272 BrFiltUp - ok
19:33:12.0698 4272 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
19:33:12.0714 4272 Browser - ok
19:33:12.0729 4272 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:33:12.0745 4272 Brserid - ok
19:33:12.0760 4272 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:33:12.0760 4272 BrSerWdm - ok
19:33:12.0776 4272 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:33:12.0776 4272 BrUsbMdm - ok
19:33:12.0807 4272 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:33:12.0807 4272 BrUsbSer - ok
19:33:12.0838 4272 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
19:33:12.0854 4272 BTHMODEM - ok
19:33:12.0885 4272 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
19:33:12.0901 4272 bthserv - ok
19:33:12.0916 4272 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:33:12.0916 4272 cdfs - ok
19:33:12.0963 4272 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:33:12.0963 4272 cdrom - ok
19:33:13.0010 4272 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
19:33:13.0010 4272 CertPropSvc - ok
19:33:13.0026 4272 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
19:33:13.0041 4272 circlass - ok
19:33:13.0057 4272 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
19:33:13.0072 4272 CLFS - ok
19:33:13.0135 4272 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:33:13.0135 4272 clr_optimization_v2.0.50727_32 - ok
19:33:13.0182 4272 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:33:13.0197 4272 clr_optimization_v2.0.50727_64 - ok
19:33:13.0275 4272 [ 6D7C8A951AF6AD6835C029B3CB88D333 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:33:13.0291 4272 clr_optimization_v4.0.30319_32 - ok
19:33:13.0306 4272 [ 86329C35FF23CFEF0FB6C0023BA06BCE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:33:13.0322 4272 clr_optimization_v4.0.30319_64 - ok
19:33:13.0353 4272 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
19:33:13.0353 4272 CmBatt - ok
19:33:13.0400 4272 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:33:13.0400 4272 cmdide - ok
19:33:13.0447 4272 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
19:33:13.0462 4272 CNG - ok
19:33:13.0556 4272 [ 61F989B3E4C097DE52330BA00FCBCB67 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
19:33:13.0634 4272 CnxtHdAudService - ok
19:33:13.0665 4272 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
19:33:13.0665 4272 Compbatt - ok
19:33:13.0696 4272 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
19:33:13.0696 4272 CompositeBus - ok
19:33:13.0712 4272 COMSysApp - ok
19:33:13.0712 4272 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
19:33:13.0728 4272 crcdisk - ok
19:33:13.0774 4272 [ 6B400F211BEE880A37A1ED0368776BF4 ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:33:13.0774 4272 CryptSvc - ok
19:33:13.0899 4272 [ 75E3C4BB1ED032310EDCF5691A452B4B ] DCDhcpService C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe
19:33:13.0899 4272 DCDhcpService - ok
19:33:13.0962 4272 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
19:33:14.0008 4272 DcomLaunch - ok
19:33:14.0040 4272 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
19:33:14.0055 4272 defragsvc - ok
19:33:14.0071 4272 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:33:14.0071 4272 DfsC - ok
19:33:14.0133 4272 [ 2D589A2C024B2FB238535DB9F7B3597D ] DgiVecp C:\Windows\system32\Drivers\DgiVecp.sys
19:33:14.0133 4272 DgiVecp - ok
19:33:14.0180 4272 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
19:33:14.0196 4272 Dhcp - ok
19:33:14.0227 4272 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
19:33:14.0242 4272 discache - ok
19:33:14.0461 4272 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
19:33:14.0461 4272 Disk - ok
19:33:14.0492 4272 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:33:14.0508 4272 Dnscache - ok
19:33:14.0523 4272 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
19:33:14.0539 4272 dot3svc - ok
19:33:14.0554 4272 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
19:33:14.0570 4272 DPS - ok
19:33:14.0586 4272 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:33:14.0601 4272 drmkaud - ok
19:33:14.0617 4272 DVDAccss - ok
19:33:14.0679 4272 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:33:14.0710 4272 DXGKrnl - ok
19:33:14.0742 4272 [ 50AD8FC1DC800FF36087994C8F7FDFF2 ] e1yexpress C:\Windows\system32\DRIVERS\e1y60x64.sys
19:33:14.0757 4272 e1yexpress - ok
19:33:14.0773 4272 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
19:33:14.0788 4272 EapHost - ok
19:33:14.0882 4272 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
19:33:14.0991 4272 ebdrv - ok
19:33:15.0038 4272 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
19:33:15.0038 4272 EFS - ok
19:33:15.0100 4272 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:33:15.0132 4272 ehRecvr - ok
19:33:15.0147 4272 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
19:33:15.0163 4272 ehSched - ok
19:33:15.0194 4272 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
19:33:15.0225 4272 elxstor - ok
19:33:15.0272 4272 [ ABDD5AD016AFFD34AD40E944CE94BF59 ] EpsonBidirectionalService C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
19:33:15.0272 4272 EpsonBidirectionalService - ok
19:33:15.0334 4272 [ 757305C7AD34222F4A46D86FE0BEE241 ] EpsonCustomerParticipation C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
19:33:15.0366 4272 EpsonCustomerParticipation - ok
19:33:15.0412 4272 [ 7C5BFAAC8DCE7292B0C04EBF892E71F9 ] EPSON_EB_RPCV4_04 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
19:33:15.0412 4272 EPSON_EB_RPCV4_04 - ok
19:33:15.0444 4272 [ D4615670CD49A1679E6067F155C47C68 ] EPSON_PM_RPCV4_04 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
19:33:15.0444 4272 EPSON_PM_RPCV4_04 - ok
19:33:15.0475 4272 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:33:15.0475 4272 ErrDev - ok
19:33:15.0522 4272 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
19:33:15.0537 4272 EventSystem - ok
19:33:15.0568 4272 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
19:33:15.0584 4272 exfat - ok
19:33:15.0600 4272 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:33:15.0600 4272 fastfat - ok
19:33:15.0646 4272 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
19:33:15.0662 4272 Fax - ok
19:33:15.0678 4272 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
19:33:15.0678 4272 fdc - ok
19:33:15.0709 4272 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
19:33:15.0709 4272 fdPHost - ok
19:33:15.0724 4272 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
19:33:15.0724 4272 FDResPub - ok
19:33:15.0756 4272 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:33:15.0756 4272 FileInfo - ok
19:33:15.0771 4272 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:33:15.0771 4272 Filetrace - ok
19:33:15.0787 4272 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
19:33:15.0787 4272 flpydisk - ok
19:33:15.0802 4272 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:33:15.0818 4272 FltMgr - ok
19:33:15.0880 4272 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
19:33:15.0927 4272 FontCache - ok
19:33:15.0974 4272 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:33:15.0974 4272 FontCache3.0.0.0 - ok
19:33:15.0990 4272 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:33:16.0005 4272 FsDepends - ok
19:33:16.0052 4272 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:33:16.0052 4272 Fs_Rec - ok
19:33:16.0099 4272 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:33:16.0099 4272 fvevol - ok
19:33:16.0146 4272 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
19:33:16.0146 4272 gagp30kx - ok
19:33:16.0177 4272 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:33:16.0192 4272 GEARAspiWDM - ok
19:33:16.0255 4272 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
19:33:16.0286 4272 gpsvc - ok
19:33:16.0364 4272 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:33:16.0364 4272 gupdate - ok
19:33:16.0380 4272 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:33:16.0395 4272 gupdatem - ok
19:33:16.0411 4272 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:33:16.0411 4272 hcw85cir - ok
19:33:16.0458 4272 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:33:16.0473 4272 HdAudAddService - ok
19:33:16.0489 4272 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
19:33:16.0504 4272 HDAudBus - ok
19:33:16.0520 4272 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
19:33:16.0520 4272 HidBatt - ok
19:33:16.0536 4272 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
19:33:16.0536 4272 HidBth - ok
19:33:16.0551 4272 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
19:33:16.0567 4272 HidIr - ok
19:33:16.0598 4272 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
19:33:16.0598 4272 hidserv - ok
19:33:16.0629 4272 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:33:16.0629 4272 HidUsb - ok
19:33:16.0660 4272 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:33:16.0660 4272 hkmsvc - ok
19:33:16.0692 4272 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:33:16.0692 4272 HomeGroupListener - ok
19:33:16.0723 4272 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:33:16.0738 4272 HomeGroupProvider - ok
19:33:16.0770 4272 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
19:33:16.0770 4272 HpSAMD - ok
19:33:16.0801 4272 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:33:16.0832 4272 HTTP - ok
19:33:16.0863 4272 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:33:16.0863 4272 hwpolicy - ok
19:33:16.0879 4272 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
19:33:16.0879 4272 i8042prt - ok
19:33:16.0926 4272 [ F7CE9BE72EDAC499B713ECA6DAE5D26F ] iaStor C:\Windows\system32\drivers\iaStor.sys
19:33:16.0926 4272 iaStor - ok
19:33:17.0004 4272 [ B25F192EA1F84A316EB7C19EFCCCF33D ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
19:33:17.0004 4272 IAStorDataMgrSvc - ok
19:33:17.0066 4272 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
19:33:17.0082 4272 iaStorV - ok
19:33:17.0222 4272 [ 3CC7B3BB1A9EA201A040883EDFAA67A0 ] IconMan_R C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
19:33:17.0300 4272 IconMan_R - ok
19:33:17.0347 4272 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:33:17.0378 4272 idsvc - ok
19:33:17.0643 4272 [ 0BD58366C86EF9DDC4F61AFED0CADA99 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
19:33:17.0924 4272 igfx - ok
19:33:17.0955 4272 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
19:33:17.0955 4272 iirsp - ok
19:33:18.0002 4272 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
19:33:18.0049 4272 IKEEXT - ok
19:33:18.0096 4272 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
19:33:18.0111 4272 IntcDAud - ok
19:33:18.0127 4272 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
19:33:18.0127 4272 intelide - ok
19:33:18.0220 4272 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys
19:33:18.0220 4272 intelppm - ok
19:33:18.0314 4272 [ D9DA7B3117BF5EFF921C0CDED4D58050 ] IntuitUpdateServiceV4 C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
19:33:18.0314 4272 IntuitUpdateServiceV4 - ok
19:33:18.0361 4272 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:33:18.0376 4272 IPBusEnum - ok
19:33:18.0392 4272 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:33:18.0392 4272 IpFilterDriver - ok
19:33:18.0454 4272 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:33:18.0470 4272 iphlpsvc - ok
19:33:18.0501 4272 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
19:33:18.0501 4272 IPMIDRV - ok
19:33:18.0517 4272 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:33:18.0532 4272 IPNAT - ok
19:33:18.0595 4272 [ 0FF335D687C85097725A53458160E81E ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
19:33:18.0626 4272 iPod Service - ok
19:33:18.0642 4272 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:33:18.0642 4272 IRENUM - ok
19:33:18.0657 4272 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:33:18.0657 4272 isapnp - ok
19:33:18.0688 4272 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
19:33:18.0704 4272 iScsiPrt - ok
19:33:18.0735 4272 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
19:33:18.0735 4272 kbdclass - ok
19:33:18.0766 4272 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
19:33:18.0766 4272 kbdhid - ok
19:33:18.0798 4272 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
19:33:18.0798 4272 KeyIso - ok
19:33:18.0844 4272 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:33:18.0844 4272 KSecDD - ok
19:33:18.0860 4272 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:33:18.0876 4272 KSecPkg - ok
19:33:18.0891 4272 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
19:33:18.0891 4272 ksthunk - ok
19:33:18.0938 4272 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
19:33:18.0954 4272 KtmRm - ok
19:33:19.0016 4272 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
19:33:19.0016 4272 LanmanServer - ok
19:33:19.0047 4272 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:33:19.0047 4272 LanmanWorkstation - ok
19:33:19.0078 4272 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:33:19.0078 4272 lltdio - ok
19:33:19.0110 4272 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:33:19.0125 4272 lltdsvc - ok
19:33:19.0156 4272 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:33:19.0156 4272 lmhosts - ok
19:33:19.0219 4272 [ 98B16E756243BEA9410E32025B19C06F ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
19:33:19.0219 4272 LMS - ok
19:33:19.0250 4272 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
19:33:19.0266 4272 LSI_FC - ok
19:33:19.0281 4272 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
19:33:19.0281 4272 LSI_SAS - ok
19:33:19.0297 4272 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
19:33:19.0297 4272 LSI_SAS2 - ok
19:33:19.0312 4272 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
19:33:19.0328 4272 LSI_SCSI - ok
19:33:19.0344 4272 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
19:33:19.0359 4272 luafv - ok
19:33:19.0390 4272 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:33:19.0390 4272 Mcx2Svc - ok
19:33:19.0422 4272 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
19:33:19.0422 4272 megasas - ok
19:33:19.0453 4272 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
19:33:19.0468 4272 MegaSR - ok
19:33:19.0500 4272 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\drivers\HECIx64.sys
19:33:19.0500 4272 MEIx64 - ok
19:33:19.0531 4272 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
19:33:19.0531 4272 MMCSS - ok
19:33:19.0562 4272 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
19:33:19.0562 4272 Modem - ok
19:33:19.0593 4272 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:33:19.0593 4272 monitor - ok
19:33:19.0609 4272 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:33:19.0609 4272 mouclass - ok
19:33:19.0640 4272 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:33:19.0640 4272 mouhid - ok
19:33:19.0656 4272 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:33:19.0671 4272 mountmgr - ok
19:33:19.0734 4272 [ A35576A433F4AEB0D48976A004657CB6 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:33:19.0734 4272 MozillaMaintenance - ok
19:33:19.0765 4272 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
19:33:19.0780 4272 mpio - ok
19:33:19.0796 4272 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:33:19.0796 4272 mpsdrv - ok
19:33:19.0843 4272 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
19:33:19.0874 4272 MpsSvc - ok
19:33:19.0890 4272 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:33:19.0905 4272 MRxDAV - ok
19:33:19.0921 4272 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:33:19.0936 4272 mrxsmb - ok
19:33:19.0952 4272 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:33:19.0968 4272 mrxsmb10 - ok
19:33:19.0983 4272 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:33:19.0999 4272 mrxsmb20 - ok
19:33:20.0014 4272 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
19:33:20.0014 4272 msahci - ok
19:33:20.0046 4272 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:33:20.0046 4272 msdsm - ok
19:33:20.0077 4272 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
19:33:20.0077 4272 MSDTC - ok
19:33:20.0124 4272 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:33:20.0124 4272 Msfs - ok
19:33:20.0139 4272 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:33:20.0155 4272 mshidkmdf - ok
19:33:20.0170 4272 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:33:20.0170 4272 msisadrv - ok
19:33:20.0202 4272 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:33:20.0217 4272 MSiSCSI - ok
19:33:20.0217 4272 msiserver - ok
19:33:20.0248 4272 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:33:20.0248 4272 MSKSSRV - ok
19:33:20.0280 4272 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:33:20.0280 4272 MSPCLOCK - ok
19:33:20.0295 4272 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:33:20.0295 4272 MSPQM - ok
19:33:20.0326 4272 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:33:20.0342 4272 MsRPC - ok
19:33:20.0358 4272 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
19:33:20.0358 4272 mssmbios - ok
19:33:20.0373 4272 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:33:20.0373 4272 MSTEE - ok
19:33:20.0389 4272 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
19:33:20.0389 4272 MTConfig - ok
19:33:20.0420 4272 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
19:33:20.0420 4272 Mup - ok
19:33:20.0451 4272 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
19:33:20.0482 4272 napagent - ok
19:33:20.0514 4272 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:33:20.0529 4272 NativeWifiP - ok
19:33:20.0607 4272 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:33:20.0638 4272 NDIS - ok
19:33:20.0670 4272 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:33:20.0670 4272 NdisCap - ok
19:33:20.0701 4272 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:33:20.0701 4272 NdisTapi - ok
19:33:20.0732 4272 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:33:20.0732 4272 Ndisuio - ok
19:33:20.0763 4272 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:33:20.0763 4272 NdisWan - ok
19:33:20.0779 4272 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:33:20.0779 4272 NDProxy - ok
19:33:20.0810 4272 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:33:20.0810 4272 NetBIOS - ok
19:33:20.0826 4272 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:33:20.0841 4272 NetBT - ok
19:33:20.0857 4272 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
19:33:20.0857 4272 Netlogon - ok
19:33:20.0904 4272 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
19:33:20.0919 4272 Netman - ok
19:33:20.0966 4272 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:33:20.0966 4272 NetMsmqActivator - ok
19:33:20.0982 4272 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:33:20.0982 4272 NetPipeActivator - ok
19:33:21.0028 4272 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
19:33:21.0044 4272 netprofm - ok
19:33:21.0060 4272 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:33:21.0060 4272 NetTcpActivator - ok
19:33:21.0075 4272 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
19:33:21.0075 4272 NetTcpPortSharing - ok
19:33:21.0106 4272 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
19:33:21.0106 4272 nfrd960 - ok
19:33:21.0184 4272 [ C5EAE2B8A6188F8A3810D6FE80F3F3D7 ] NitroReaderDriverReadSpool3 C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
19:33:21.0200 4272 NitroReaderDriverReadSpool3 - ok
19:33:21.0262 4272 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:33:21.0278 4272 NlaSvc - ok
19:33:21.0309 4272 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:33:21.0309 4272 Npfs - ok
19:33:21.0340 4272 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
19:33:21.0340 4272 nsi - ok
19:33:21.0372 4272 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:33:21.0372 4272 nsiproxy - ok
19:33:21.0450 4272 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:33:21.0512 4272 Ntfs - ok
19:33:21.0543 4272 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
19:33:21.0543 4272 Null - ok
19:33:21.0793 4272 [ DD81FBC57AB9134CDDC5CE90880BFD80 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:33:22.0042 4272 nvlddmkm - ok
19:33:22.0074 4272 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:33:22.0089 4272 nvraid - ok
19:33:22.0105 4272 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:33:22.0120 4272 nvstor - ok
19:33:22.0152 4272 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:33:22.0152 4272 nv_agp - ok
19:33:22.0261 4272 [ 5B4E5D841B029EDF5FFB71E50C2D2C02 ] Oasis2Service C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe
19:33:22.0261 4272 Oasis2Service - ok
19:33:22.0292 4272 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:33:22.0308 4272 ohci1394 - ok
19:33:22.0432 4272 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:33:22.0432 4272 ose - ok
19:33:22.0620 4272 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:33:22.0760 4272 osppsvc - ok
19:33:22.0791 4272 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:33:22.0807 4272 p2pimsvc - ok
19:33:22.0822 4272 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
19:33:22.0838 4272 p2psvc - ok
19:33:22.0854 4272 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
19:33:22.0854 4272 Parport - ok
19:33:22.0885 4272 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:33:22.0900 4272 partmgr - ok
19:33:22.0916 4272 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
19:33:22.0932 4272 PcaSvc - ok
19:33:22.0978 4272 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
19:33:22.0978 4272 pci - ok
19:33:23.0010 4272 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
19:33:23.0010 4272 pciide - ok
19:33:23.0025 4272 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
19:33:23.0041 4272 pcmcia - ok
19:33:23.0056 4272 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
19:33:23.0056 4272 pcw - ok
19:33:23.0088 4272 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:33:23.0119 4272 PEAUTH - ok
19:33:23.0197 4272 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
19:33:23.0197 4272 PerfHost - ok
19:33:23.0228 4272 pfc - ok
19:33:23.0290 4272 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
19:33:23.0384 4272 pla - ok
19:33:23.0446 4272 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:33:23.0478 4272 PlugPlay - ok
19:33:23.0556 4272 [ 63694C307273062A2167AE4CE80730EF ] PMBDeviceInfoProvider C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
19:33:23.0587 4272 PMBDeviceInfoProvider - ok
19:33:23.0602 4272 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:33:23.0602 4272 PNRPAutoReg - ok
19:33:23.0634 4272 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:33:23.0634 4272 PNRPsvc - ok
19:33:23.0680 4272 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:33:23.0696 4272 PolicyAgent - ok
19:33:23.0712 4272 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
19:33:23.0712 4272 Power - ok
19:33:23.0758 4272 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:33:23.0758 4272 PptpMiniport - ok
19:33:23.0790 4272 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
19:33:23.0790 4272 Processor - ok
19:33:23.0821 4272 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
19:33:23.0836 4272 ProfSvc - ok
19:33:23.0852 4272 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:33:23.0852 4272 ProtectedStorage - ok
19:33:23.0883 4272 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:33:23.0883 4272 Psched - ok
19:33:23.0946 4272 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
19:33:24.0008 4272 ql2300 - ok
19:33:24.0039 4272 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
19:33:24.0039 4272 ql40xx - ok
19:33:24.0070 4272 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
19:33:24.0070 4272 QWAVE - ok
19:33:24.0086 4272 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:33:24.0086 4272 QWAVEdrv - ok
19:33:24.0102 4272 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:33:24.0102 4272 RasAcd - ok
19:33:24.0133 4272 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:33:24.0133 4272 RasAgileVpn - ok
19:33:24.0148 4272 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
19:33:24.0148 4272 RasAuto - ok
19:33:24.0164 4272 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:33:24.0164 4272 Rasl2tp - ok
19:33:24.0195 4272 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
19:33:24.0211 4272 RasMan - ok
19:33:24.0211 4272 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:33:24.0226 4272 RasPppoe - ok
19:33:24.0242 4272 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:33:24.0242 4272 RasSstp - ok
19:33:24.0258 4272 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:33:24.0273 4272 rdbss - ok
19:33:24.0289 4272 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
19:33:24.0289 4272 rdpbus - ok
19:33:24.0320 4272 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:33:24.0320 4272 RDPCDD - ok
19:33:24.0336 4272 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:33:24.0336 4272 RDPENCDD - ok
19:33:24.0351 4272 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:33:24.0351 4272 RDPREFMP - ok
19:33:24.0382 4272 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:33:24.0398 4272 RDPWD - ok
19:33:24.0429 4272 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:33:24.0429 4272 rdyboost - ok
19:33:24.0445 4272 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
19:33:24.0460 4272 RemoteAccess - ok
19:33:24.0492 4272 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:33:24.0492 4272 RemoteRegistry - ok
19:33:24.0507 4272 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:33:24.0523 4272 RpcEptMapper - ok
19:33:24.0524 4272 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
19:33:24.0524 4272 RpcLocator - ok
19:33:24.0555 4272 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
19:33:24.0555 4272 RpcSs - ok
19:33:24.0586 4272 [ EBBFA2B4E317AF86E93FEC4C04D7A9B3 ] RSPCIESTOR C:\Windows\system32\DRIVERS\RtsPStor.sys
19:33:24.0602 4272 RSPCIESTOR - ok
19:33:24.0617 4272 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:33:24.0633 4272 rspndr - ok
19:33:24.0664 4272 [ EA5532868BA76923D75BCB2A1448D810 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
19:33:24.0664 4272 RTL8167 - ok
19:33:24.0711 4272 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
19:33:24.0711 4272 SamSs - ok
19:33:24.0742 4272 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:33:24.0742 4272 sbp2port - ok
19:33:24.0773 4272 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:33:24.0789 4272 SCardSvr - ok
19:33:24.0805 4272 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:33:24.0805 4272 scfilter - ok
19:33:24.0836 4272 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
19:33:24.0867 4272 Schedule - ok
19:33:24.0898 4272 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
19:33:24.0914 4272 SCPolicySvc - ok
19:33:24.0945 4272 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
19:33:24.0945 4272 sdbus - ok
19:33:24.0976 4272 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:33:24.0976 4272 SDRSVC - ok
19:33:25.0007 4272 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:33:25.0007 4272 secdrv - ok
19:33:25.0023 4272 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
19:33:25.0023 4272 seclogon - ok
19:33:25.0054 4272 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
19:33:25.0054 4272 SENS - ok
19:33:25.0085 4272 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:33:25.0085 4272 SensrSvc - ok
19:33:25.0117 4272 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
19:33:25.0117 4272 Serenum - ok
19:33:25.0132 4272 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
19:33:25.0132 4272 Serial - ok
19:33:25.0163 4272 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
19:33:25.0163 4272 sermouse - ok
19:33:25.0195 4272 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
19:33:25.0195 4272 SessionEnv - ok
19:33:25.0257 4272 [ 286D3889E6AB5589646FF8A63CB928AE ] SFEP C:\Windows\system32\drivers\SFEP.sys
19:33:25.0257 4272 SFEP - ok
19:33:25.0288 4272 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:33:25.0288 4272 sffdisk - ok
19:33:25.0319 4272 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:33:25.0319 4272 sffp_mmc - ok
19:33:25.0335 4272 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:33:25.0335 4272 sffp_sd - ok
19:33:25.0335 4272 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
19:33:25.0351 4272 sfloppy - ok
19:33:25.0366 4272 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:33:25.0382 4272 SharedAccess - ok
19:33:25.0397 4272 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:33:25.0413 4272 ShellHWDetection - ok
19:33:25.0444 4272 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
19:33:25.0444 4272 SiSRaid2 - ok
19:33:25.0475 4272 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
19:33:25.0475 4272 SiSRaid4 - ok
19:33:25.0507 4272 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:33:25.0507 4272 Smb - ok
19:33:25.0569 4272 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:33:25.0585 4272 SNMPTRAP - ok
19:33:25.0647 4272 [ DDF2EC98AF6FC70608A4F9CE4DB52758 ] SOHCImp C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
19:33:25.0663 4272 SOHCImp - ok
19:33:25.0694 4272 [ 5FA03F5EA6EFEF6D17B4A1A48C40A23C ] SOHDs C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
19:33:25.0694 4272 SOHDs - ok
19:33:25.0741 4272 [ 65E5659E9C2A0762D05657C0E22A7CA2 ] SpfService C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
19:33:25.0756 4272 SpfService - ok
19:33:25.0772 4272 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
19:33:25.0787 4272 spldr - ok
19:33:25.0834 4272 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
19:33:25.0865 4272 Spooler - ok
19:33:25.0975 4272 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
19:33:26.0068 4272 sppsvc - ok
19:33:26.0084 4272 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:33:26.0099 4272 sppuinotify - ok
19:33:26.0162 4272 [ EAD5300C93946B0250A309E2BF2BE4CF ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
19:33:26.0177 4272 SQLWriter - ok
19:33:26.0224 4272 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
19:33:26.0240 4272 srv - ok
19:33:26.0271 4272 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:33:26.0287 4272 srv2 - ok
19:33:26.0318 4272 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:33:26.0333 4272 srvnet - ok
19:33:26.0365 4272 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:33:26.0380 4272 SSDPSRV - ok
19:33:26.0411 4272 [ 0211AB46B73A2623B86C1CFCB30579AB ] SSPORT C:\Windows\system32\Drivers\SSPORT.sys
19:33:26.0411 4272 SSPORT - ok
19:33:26.0443 4272 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:33:26.0443 4272 SstpSvc - ok
19:33:26.0521 4272 [ 773940B8D50439391FFA619B3EEF01A3 ] StatusAgent4 C:\Windows\SysWOW64\SAgent4.exe
19:33:26.0521 4272 StatusAgent4 - ok
19:33:26.0552 4272 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
19:33:26.0567 4272 stexstor - ok
19:33:26.0599 4272 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
19:33:26.0645 4272 stisvc - ok
19:33:26.0661 4272 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
19:33:26.0661 4272 swenum - ok
19:33:26.0692 4272 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
19:33:26.0723 4272 swprv - ok
19:33:26.0786 4272 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
19:33:26.0864 4272 SysMain - ok
19:33:26.0864 4272 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:33:26.0879 4272 TabletInputService - ok
19:33:26.0895 4272 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
19:33:26.0911 4272 TapiSrv - ok
19:33:26.0911 4272 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
19:33:26.0926 4272 TBS - ok
19:33:27.0020 4272 [ DB74544B75566C974815E79A62433F29 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:33:27.0082 4272 Tcpip - ok
19:33:27.0191 4272 [ DB74544B75566C974815E79A62433F29 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:33:27.0207 4272 TCPIP6 - ok
19:33:27.0254 4272 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:33:27.0254 4272 tcpipreg - ok
19:33:27.0285 4272 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:33:27.0285 4272 TDPIPE - ok
19:33:27.0316 4272 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:33:27.0316 4272 TDTCP - ok
19:33:27.0332 4272 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:33:27.0347 4272 tdx - ok
19:33:27.0379 4272 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
19:33:27.0394 4272 TermDD - ok
19:33:27.0425 4272 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
19:33:27.0457 4272 TermService - ok
19:33:27.0472 4272 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
19:33:27.0472 4272 Themes - ok
19:33:27.0503 4272 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
19:33:27.0503 4272 THREADORDER - ok
19:33:27.0519 4272 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
19:33:27.0535 4272 TrkWks - ok
19:33:27.0566 4272 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:33:27.0581 4272 TrustedInstaller - ok
19:33:27.0613 4272 [ 4CE278FC9671BA81A138D70823FCAA09 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:33:27.0613 4272 tssecsrv - ok
19:33:27.0644 4272 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
19:33:27.0659 4272 TsUsbFlt - ok
19:33:27.0675 4272 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
19:33:27.0691 4272 TsUsbGD - ok
19:33:27.0706 4272 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:33:27.0706 4272 tunnel - ok
19:33:27.0722 4272 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
19:33:27.0737 4272 uagp35 - ok
19:33:27.0784 4272 [ 1FE69F3C1CA1CF4B7EC7E2E9090FFFDC ] uCamMonitor C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
19:33:27.0784 4272 uCamMonitor - ok
19:33:27.0815 4272 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:33:27.0815 4272 udfs - ok
19:33:27.0847 4272 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:33:27.0847 4272 UI0Detect - ok
19:33:27.0878 4272 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:33:27.0878 4272 uliagpkx - ok
19:33:27.0909 4272 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
19:33:27.0909 4272 umbus - ok
19:33:27.0925 4272 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
19:33:27.0925 4272 UmPass - ok
19:33:28.0034 4272 [ 7A78ED1088890114DFDE2C4AB038D6B6 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
19:33:28.0127 4272 UNS - ok
19:33:28.0143 4272 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
19:33:28.0159 4272 upnphost - ok
19:33:28.0190 4272 [ C9E9D59C0099A9FF51697E9306A44240 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
19:33:28.0205 4272 USBAAPL64 - ok
19:33:28.0237 4272 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:33:28.0237 4272 usbccgp - ok
19:33:28.0268 4272 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:33:28.0268 4272 usbcir - ok
19:33:28.0283 4272 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
19:33:28.0283 4272 usbehci - ok
19:33:28.0315 4272 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:33:28.0330 4272 usbhub - ok
19:33:28.0346 4272 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
19:33:28.0346 4272 usbohci - ok
19:33:28.0393 4272 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:33:28.0393 4272 usbprint - ok
19:33:28.0439 4272 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
19:33:28.0439 4272 usbscan - ok
19:33:28.0471 4272 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:33:28.0471 4272 USBSTOR - ok
19:33:28.0502 4272 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
19:33:28.0517 4272 usbuhci - ok
19:33:28.0549 4272 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
19:33:28.0564 4272 usbvideo - ok
19:33:28.0595 4272 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
19:33:28.0595 4272 UxSms - ok
19:33:28.0658 4272 [ DCB1F83AD167D16D263CE57C94E9EEDF ] VAIO Event Service C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
19:33:28.0658 4272 VAIO Event Service - ok
19:33:28.0689 4272 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
19:33:28.0689 4272 VaultSvc - ok
19:33:28.0751 4272 [ D00058C1FFF3F3DE990444A5734E9639 ] VCFw C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
19:33:28.0783 4272 VCFw - ok
19:33:28.0861 4272 [ BFFDE5AF83DBEF61F8AFE1781482521D ] VcmIAlzMgr C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
19:33:28.0892 4272 VcmIAlzMgr - ok
19:33:28.0939 4272 [ 2F06D134554BA84FE253DBC481DCFE6D ] VcmINSMgr C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
19:33:28.0970 4272 VcmINSMgr - ok
19:33:29.0001 4272 [ 32A3735F6874B7783C6209ED5CA36D9D ] VcmXmlIfHelper C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
19:33:29.0001 4272 VcmXmlIfHelper - ok
19:33:29.0032 4272 [ D347D3ABE070AA09C22FC37121555D52 ] VCService C:\Program Files\Sony\VAIO Care\VCService.exe
19:33:29.0048 4272 VCService - ok
19:33:29.0079 4272 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
19:33:29.0095 4272 vdrvroot - ok
19:33:29.0126 4272 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
19:33:29.0157 4272 vds - ok
19:33:29.0188 4272 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:33:29.0188 4272 vga - ok
19:33:29.0204 4272 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
19:33:29.0219 4272 VgaSave - ok
19:33:29.0235 4272 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
19:33:29.0251 4272 vhdmp - ok
19:33:29.0266 4272 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
19:33:29.0282 4272 viaide - ok
19:33:29.0297 4272 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:33:29.0313 4272 volmgr - ok
19:33:29.0329 4272 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:33:29.0329 4272 volmgrx - ok
19:33:29.0360 4272 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:33:29.0375 4272 volsnap - ok
19:33:29.0407 4272 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
19:33:29.0407 4272 vsmraid - ok
19:33:29.0500 4272 [ 03F6F618367CB16A2176B8DB4215D1F9 ] VSNService C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
19:33:29.0531 4272 VSNService - ok
19:33:29.0594 4272 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
19:33:29.0625 4272 VSS - ok
19:33:29.0719 4272 [ D2D646D4D686C6996BA1FF96E11BE570 ] VUAgent C:\Program Files\Sony\VAIO Update\VUAgent.exe
19:33:29.0765 4272 VUAgent - ok
19:33:29.0781 4272 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
19:33:29.0797 4272 vwifibus - ok
19:33:29.0812 4272 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
19:33:29.0812 4272 vwififlt - ok
19:33:29.0843 4272 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
19:33:29.0843 4272 vwifimp - ok
19:33:29.0890 4272 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
19:33:29.0921 4272 W32Time - ok
19:33:29.0937 4272 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
19:33:29.0937 4272 WacomPen - ok
19:33:29.0968 4272 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:33:29.0968 4272 WANARP - ok
19:33:29.0984 4272 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:33:29.0984 4272 Wanarpv6 - ok
19:33:30.0077 4272 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
19:33:30.0124 4272 WatAdminSvc - ok
19:33:30.0187 4272 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
19:33:30.0265 4272 wbengine - ok
19:33:30.0296 4272 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:33:30.0296 4272 WbioSrvc - ok
19:33:30.0327 4272 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:33:30.0343 4272 wcncsvc - ok
19:33:30.0358 4272 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:33:30.0374 4272 WcsPlugInService - ok
19:33:30.0389 4272 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
19:33:30.0405 4272 Wd - ok
19:33:30.0452 4272 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:33:30.0483 4272 Wdf01000 - ok
19:33:30.0499 4272 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:33:30.0499 4272 WdiServiceHost - ok
19:33:30.0499 4272 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:33:30.0514 4272 WdiSystemHost - ok
19:33:30.0545 4272 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
19:33:30.0545 4272 WebClient - ok
19:33:30.0561 4272 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:33:30.0577 4272 Wecsvc - ok
19:33:30.0592 4272 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:33:30.0592 4272 wercplsupport - ok
19:33:30.0623 4272 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
19:33:30.0623 4272 WerSvc - ok
19:33:30.0655 4272 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:33:30.0655 4272 WfpLwf - ok
19:33:30.0670 4272 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:33:30.0670 4272 WIMMount - ok
19:33:30.0701 4272 WinDefend - ok
19:33:30.0717 4272 WinHttpAutoProxySvc - ok
19:33:30.0779 4272 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:33:30.0779 4272 Winmgmt - ok
19:33:30.0857 4272 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
19:33:30.0920 4272 WinRM - ok
19:33:30.0982 4272 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
19:33:30.0982 4272 WinUsb - ok
19:33:31.0029 4272 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
19:33:31.0060 4272 Wlansvc - ok
19:33:31.0107 4272 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
19:33:31.0107 4272 wlcrasvc - ok
19:33:31.0216 4272 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:33:31.0294 4272 wlidsvc - ok
19:33:31.0310 4272 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
19:33:31.0325 4272 WmiAcpi - ok
19:33:31.0341 4272 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:33:31.0341 4272 wmiApSrv - ok
19:33:31.0357 4272 WMPNetworkSvc - ok
19:33:31.0388 4272 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:33:31.0403 4272 WPCSvc - ok
19:33:31.0419 4272 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:33:31.0450 4272 WPDBusEnum - ok
19:33:31.0481 4272 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:33:31.0481 4272 ws2ifsl - ok
19:33:31.0497 4272 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
19:33:31.0497 4272 wscsvc - ok
19:33:31.0513 4272 WSearch - ok
19:33:31.0606 4272 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
19:33:31.0653 4272 wuauserv - ok
19:33:31.0700 4272 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:33:31.0700 4272 WudfPf - ok
19:33:31.0747 4272 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:33:31.0747 4272 WUDFRd - ok
19:33:31.0778 4272 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:33:31.0778 4272 wudfsvc - ok
19:33:31.0825 4272 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\Windows\System32\wwansvc.dll
19:33:31.0840 4272 WwanSvc - ok
19:33:31.0856 4272 ================ Scan global ===============================
19:33:31.0871 4272 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:33:31.0918 4272 [ 88EDD0B34EED542745931E581AD21A32 ] C:\Windows\system32\winsrv.dll
19:33:31.0934 4272 [ 88EDD0B34EED542745931E581AD21A32 ] C:\Windows\system32\winsrv.dll
19:33:31.0981 4272 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:33:31.0996 4272 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:33:32.0012 4272 [Global] - ok
19:33:32.0012 4272 ================ Scan MBR ==================================
19:33:32.0027 4272 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:33:32.0293 4272 \Device\Harddisk0\DR0 - ok
19:33:32.0293 4272 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR2
19:33:32.0339 4272 \Device\Harddisk1\DR2 - ok
19:33:32.0339 4272 ================ Scan VBR ==================================
19:33:32.0355 4272 [ F3F4D70CF5529C813A5A9EE2C1ADEC93 ] \Device\Harddisk0\DR0\Partition1
19:33:32.0355 4272 \Device\Harddisk0\DR0\Partition1 - ok
19:33:32.0386 4272 [ 5C85B7132166071BECBD72C42D3E7602 ] \Device\Harddisk0\DR0\Partition2
19:33:32.0386 4272 \Device\Harddisk0\DR0\Partition2 - ok
19:33:32.0386 4272 [ 258BE47171E2708D880A3DA3D7F9B5CE ] \Device\Harddisk1\DR2\Partition1
19:33:32.0402 4272 \Device\Harddisk1\DR2\Partition1 - ok
19:33:32.0402 4272 ============================================================
19:33:32.0402 4272 Scan finished
19:33:32.0402 4272 ============================================================
19:33:32.0402 1516 Detected object count: 0
19:33:32.0402 1516 Actual detected object count: 0


----------



## wannabeageek (Nov 12, 2009)

How is the computer behaving in relation to your original complaint: Applications won't open, computer very slow


----------



## Grubbs (Nov 17, 2003)

No better, I'm afraid.


----------



## wannabeageek (Nov 12, 2009)

Hi grubbs,

Thank you for coming back and answering. I have to ask this as the next step requires us to run ComboFix. Please follow the instructions carefully. If you have any questions, please post back with them.

*ComboFix* 








Please download *ComboFix.exe*... © Copyrighted to *sUBs*. *Save it to your desktop. <<--- IMPORTANT!! *. 
Alternate download site:  here 
_If you previously downloaded ComboFix, please delete that version and download it again. This tool is frequently updated._

The first thing you need to do is print out *How-To-Use-ComboFix*. Read these instructions thoroughly. 
*You will not have Internet access when you execute ComboFix.*
Please *disable* any* Antivirus *or *Firewall* you have active, as shown in *this topic*. *Close all* open application windows.


Right mouse click the* ComboFix.exe icon *on your desktop to begin execution. Select "*Run As Administrator*" to run it. If prompted by UAC, please allow it. _If you receive the "Open File - Security Warning"... press *Run*_.
Press *Yes* to the Disclaimer prompt.
ComboFix screen appears... preparing to run. ComboFix will now begin creating a System Restore Point and then backup your registry.

*For XP users: If not already installed... Press "Yes" to any "Recovery Console" prompts.*
*Do Not use your keyboard or mouse click anywhere in the ComboFix window, as this may cause the program to stall or crash!*
When finished... Notepad will open ... ComboFix will produce a log file called "*ComboFix.txt*".
Please copy/paste the contents of *ComboFix.txt*... in your next reply.



> *Do NOT use Combofix* *unless* you have been instructed to do so by a Malware Removal Expert. It is a powerful tool intended by its creator to be used under the guidance and supervision of an expert, *NOT for general public or personal use*. *Using this tool incorrectly could lead to serious problems with your operating system such as preventing it from ever starting again.* This site, sUBs and myself *will not* be responsible for any damage caused to your machine by misusing or running ComboFix on your own. Please read *Combofix's Disclaimer*.


*** Enable your Antivirus and Firewall, before connecting to the Internet again! ***


----------



## Grubbs (Nov 17, 2003)

ComboFix 13-09-28.02 - Dee 09/29/2013 19:15:24.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4044.2523 [GMT -5:00]
Running from: c:\users\Dee\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Outdated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Outdated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\readme.txt
c:\users\Dee\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eooncjejnppfjjklapaamhcdmjbilmde_0.localstorage
c:\users\Dee\AppData\Local\Google\Chrome\User Data\Default\preferences
.
.
((((((((((((((((((((((((( Files Created from 2013-08-28 to 2013-09-30 )))))))))))))))))))))))))))))))
.
.
2013-09-30 00:25 . 2013-09-30 00:25	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-09-30 00:23 . 2013-09-30 00:23	76232	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{44E74569-3687-446E-994F-48399BAF35F2}\offreg.dll
2013-09-25 02:19 . 2013-09-05 05:32	9694160	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{44E74569-3687-446E-994F-48399BAF35F2}\mpengine.dll
2013-09-19 21:41 . 2013-09-19 21:41	--------	d-----w-	C:\FRST
2013-09-15 19:46 . 2013-09-15 19:46	9430408	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-09-09 00:26 . 2013-09-09 00:26	--------	d-----w-	C:\_OTL
2013-09-04 03:03 . 2006-12-19 18:14	131072	----a-w-	c:\windows\SysWow64\SAgent4.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-17 00:48 . 2011-10-06 00:45	79143768	----a-w-	c:\windows\system32\MRT.exe
2013-09-15 19:46 . 2012-04-04 22:14	692616	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-15 19:46 . 2011-10-23 22:06	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-07 09:22 . 2010-11-21 03:27	278800	------w-	c:\windows\system32\MpSigStub.exe
2013-08-02 01:48 . 2013-09-15 18:36	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2013-07-25 09:25 . 2013-08-17 13:35	1888768	----a-w-	c:\windows\system32\WMVDECOD.DLL
2013-07-25 08:57 . 2013-08-17 13:35	1620992	----a-w-	c:\windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58 . 2013-08-17 13:36	2048	----a-w-	c:\windows\system32\tzres.dll
2013-07-19 01:41 . 2013-08-17 13:36	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2013-07-09 05:52 . 2013-08-17 13:37	224256	----a-w-	c:\windows\system32\wintrust.dll
2013-07-09 05:51 . 2013-08-17 13:38	1217024	----a-w-	c:\windows\system32\rpcrt4.dll
2013-07-09 05:46 . 2013-08-17 13:37	1472512	----a-w-	c:\windows\system32\crypt32.dll
2013-07-09 05:46 . 2013-08-17 13:37	184320	----a-w-	c:\windows\system32\cryptsvc.dll
2013-07-09 05:46 . 2013-08-17 13:37	139776	----a-w-	c:\windows\system32\cryptnet.dll
2013-07-09 04:52 . 2013-08-17 13:38	663552	----a-w-	c:\windows\SysWow64\rpcrt4.dll
2013-07-09 04:52 . 2013-08-17 13:37	175104	----a-w-	c:\windows\SysWow64\wintrust.dll
2013-07-09 04:46 . 2013-08-17 13:37	1166848	----a-w-	c:\windows\SysWow64\crypt32.dll
2013-07-09 04:46 . 2013-08-17 13:37	140288	----a-w-	c:\windows\SysWow64\cryptsvc.dll
2013-07-09 04:46 . 2013-08-17 13:37	103936	----a-w-	c:\windows\SysWow64\cryptnet.dll
2013-07-06 06:03 . 2013-08-15 15:21	1910208	----a-w-	c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-04-05 59720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-09-14 283160]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2011-02-15 2757312]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-11-27 648032]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]
"FUFAXRCV"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe" [2011-03-09 495616]
"FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2011-03-09 856064]
"ContentTransferWMDetector.exe"="c:\program files (x86)\Sony\Walkman Content Transfer\ContentTransferWMDetector.exe" [2008-07-11 423200]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392]
"KeePass 2 PreLoad"="c:\program files (x86)\KeePass Password Safe\KeePass.exe" [2013-04-05 1960448]
.
c:\users\Dee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Launch Utility Application.lnk - c:\users\Dee\AppData\Roaming\Verizon\UA_ar\UtilityApplication.exe /boot [2013-5-14 932208]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
[email protected] - c:\program files (x86)\Apple Computer\[email protected]\DVDAccess.exe [2012-9-29 888832]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 DVDAccss;DVDAccss;c:\windows\system32\drivers\DVDAccss.sys;c:\windows\SYSNATIVE\drivers\DVDAccss.sys [x]
R2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
R2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service\Oasis2Service.exe;c:\program files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [x]
R3 DCDhcpService;DCDhcpService;c:\program files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe;c:\program files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [x]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1y60x64.sys [x]
R3 SOHCImp;VAIO Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [x]
R3 SOHDs;VAIO Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [x]
R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [x]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [x]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [x]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [x]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [x]
S2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [x]
S2 NitroReaderDriverReadSpool3;NitroPDFReaderDriverCreatorReadSpool3;c:\program files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe;c:\program files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [x]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [x]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe;c:\program files\Sony\VAIO Care\VCPerfService.exe [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe;c:\program files\Sony\VAIO Smart Network\VSNService.exe [x]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys;c:\windows\SYSNATIVE\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys;c:\windows\SYSNATIVE\drivers\SFEP.sys [x]
S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe;c:\program files\Sony\VAIO Care\VCService.exe [x]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update\VUAgent.exe;c:\program files\Sony\VAIO Update\VUAgent.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-25 02:22	1177552	----a-w-	c:\program files (x86)\Google\Chrome\Application\29.0.1547.76\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 19:46]
.
2013-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-26 02:13]
.
2013-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-26 02:13]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58	133840	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-08 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-08 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-08 416024]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
FF - ProfilePath - c:\users\Dee\AppData\Roaming\Mozilla\Firefox\Profiles\b9xjr16w.default\
.
- - - - ORPHANS REMOVED - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} - (no file)
HKLM-Run-cAudioFilterAgent - c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
HKLM-Run-Apoint - c:\program files (x86)\Apoint\Apoint.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_174_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_174_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-09-29 20:04:47
ComboFix-quarantined-files.txt 2013-09-30 01:04
.
Pre-Run: 415,304,523,776 bytes free
Post-Run: 415,592,632,320 bytes free
.
- - End Of File - - 57DBA7A7F5F94DA8FA17B5BFFD71858D


----------



## wannabeageek (Nov 12, 2009)

Hi grubbs,
I apologize for not posting back sooner. I had a few issues come up and I will post a fix for you tomorrow.
wbg


----------



## wannabeageek (Nov 12, 2009)

Hi Grubbs

Sorry for the late reply. Please run the following:

Tell me if there was any improvement in the computers performance.

*ComboFix - CFScript*
* WARNING ! 
This script is for THIS user and computer ONLY! 
Using this tool incorrectly could damage your Operating System... preventing it from starting again! *

*You will not have Internet access when you execute ComboFix. All open windows will need to be closed!*


Please open *Notepad* and copy/paste all the text below... into the window:

```
KILLALL::

File::
C:\Program Files (x86)\Uninstall Information\Ib\97\3867\ib_uninstall.exe

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{4E00EC3D-F349-4FA2-829C-CD55E67F7D92}"=- 
"{F014B696-28C5-4554-802F-A15380418F53}"=-
```

*Save* it to your *desktop* as *CFScript.txt*
Please *disable* any* Antivirus *or *Firewall* you have active, as shown in *this topic*. Please *close all* open application windows.
Drag the CFScript.txt (icon) into the ComboFix.exe icon... as seen in the image below:










This will cause *ComboFix* to run again.
*Do Not use your keyboard or mouse click anywhere in the ComboFix window, as this may cause the program to stall or crash. 
Do Not touch your computer when ComboFix is running!*
When finished... Notepad will open ... ComboFix will produce a log file called "*ComboFix.txt*".
Please copy/paste the contents of *ComboFix.txt*... in your next reply.

*** Enable your Antivirus and Firewall, before connecting to the Internet again! ***

*Please include in your next reply:*


Contents of ComboFix.txt
*Any problem executing the instructions?*
*How is the computer behaving?*

Thanks, 
wbg


----------



## Grubbs (Nov 17, 2003)

No problems executing instructions. Computer still behaving oddly, not fully opening applications, but does seem to get further into the process before the apps stop responding.

ComboFix log:

ComboFix 13-10-04.02 - Dee 10/06/2013 11:49:50.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4044.2346 [GMT -5:00]
Running from: c:\users\Dee\Desktop\ComboFix.exe
Command switches used :: c:\users\Dee\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Outdated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Outdated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\program files (x86)\Uninstall Information\Ib\97\3867\ib_uninstall.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Uninstall Information\Ib\97\3867\ib_uninstall.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-09-06 to 2013-10-06 )))))))))))))))))))))))))))))))
.
.
2013-10-06 16:55 . 2013-10-06 16:55	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-09-25 02:19 . 2013-09-05 05:32	9694160	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{44E74569-3687-446E-994F-48399BAF35F2}\mpengine.dll
2013-09-19 21:41 . 2013-09-19 21:41	--------	d-----w-	C:\FRST
2013-09-15 19:46 . 2013-09-15 19:46	9430408	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-09-09 00:26 . 2013-09-09 00:26	--------	d-----w-	C:\_OTL
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-17 00:48 . 2011-10-06 00:45	79143768	----a-w-	c:\windows\system32\MRT.exe
2013-09-15 19:46 . 2012-04-04 22:14	692616	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-15 19:46 . 2011-10-23 22:06	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-07 09:22 . 2010-11-21 03:27	278800	------w-	c:\windows\system32\MpSigStub.exe
2013-08-02 01:48 . 2013-09-15 18:36	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2013-07-25 09:25 . 2013-08-17 13:35	1888768	----a-w-	c:\windows\system32\WMVDECOD.DLL
2013-07-25 08:57 . 2013-08-17 13:35	1620992	----a-w-	c:\windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58 . 2013-08-17 13:36	2048	----a-w-	c:\windows\system32\tzres.dll
2013-07-19 01:41 . 2013-08-17 13:36	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2013-07-09 05:52 . 2013-08-17 13:37	224256	----a-w-	c:\windows\system32\wintrust.dll
2013-07-09 05:51 . 2013-08-17 13:38	1217024	----a-w-	c:\windows\system32\rpcrt4.dll
2013-07-09 05:46 . 2013-08-17 13:37	1472512	----a-w-	c:\windows\system32\crypt32.dll
2013-07-09 05:46 . 2013-08-17 13:37	184320	----a-w-	c:\windows\system32\cryptsvc.dll
2013-07-09 05:46 . 2013-08-17 13:37	139776	----a-w-	c:\windows\system32\cryptnet.dll
2013-07-09 04:52 . 2013-08-17 13:38	663552	----a-w-	c:\windows\SysWow64\rpcrt4.dll
2013-07-09 04:52 . 2013-08-17 13:37	175104	----a-w-	c:\windows\SysWow64\wintrust.dll
2013-07-09 04:46 . 2013-08-17 13:37	1166848	----a-w-	c:\windows\SysWow64\crypt32.dll
2013-07-09 04:46 . 2013-08-17 13:37	140288	----a-w-	c:\windows\SysWow64\cryptsvc.dll
2013-07-09 04:46 . 2013-08-17 13:37	103936	----a-w-	c:\windows\SysWow64\cryptnet.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-04-05 59720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-09-14 283160]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2011-02-15 2757312]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-11-27 648032]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328]
"FUFAXRCV"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe" [2011-03-09 495616]
"FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2011-03-09 856064]
"ContentTransferWMDetector.exe"="c:\program files (x86)\Sony\Walkman Content Transfer\ContentTransferWMDetector.exe" [2008-07-11 423200]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392]
"KeePass 2 PreLoad"="c:\program files (x86)\KeePass Password Safe\KeePass.exe" [2013-04-05 1960448]
.
c:\users\Dee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Launch Utility Application.lnk - c:\users\Dee\AppData\Roaming\Verizon\UA_ar\UtilityApplication.exe /boot [2013-5-14 932208]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
[email protected] - c:\program files (x86)\Apple Computer\[email protected]\DVDAccess.exe [2012-9-29 888832]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
2;2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 DVDAccss;DVDAccss;c:\windows\system32\drivers\DVDAccss.sys;c:\windows\SYSNATIVE\drivers\DVDAccss.sys [x]
R2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
R3 DCDhcpService;DCDhcpService;c:\program files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe;c:\program files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [x]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1y60x64.sys [x]
R3 SOHCImp;VAIO Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [x]
R3 SOHDs;VAIO Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [x]
R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [x]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [x]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [x]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [x]
R3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe;c:\program files\Sony\VAIO Care\VCService.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [x]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [x]
S2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [x]
S2 NitroReaderDriverReadSpool3;NitroPDFReaderDriverCreatorReadSpool3;c:\program files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe;c:\program files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [x]
S2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service\Oasis2Service.exe;c:\program files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [x]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [x]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe;c:\program files\Sony\VAIO Care\VCPerfService.exe [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [x]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe;c:\program files\Sony\VAIO Smart Network\VSNService.exe [x]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys;c:\windows\SYSNATIVE\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys;c:\windows\SYSNATIVE\drivers\SFEP.sys [x]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update\VUAgent.exe;c:\program files\Sony\VAIO Update\VUAgent.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-25 02:22	1177552	----a-w-	c:\program files (x86)\Google\Chrome\Application\29.0.1547.76\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-10-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 19:46]
.
2013-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-26 02:13]
.
2013-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-26 02:13]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58	133840	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [BU]
"Apoint"="c:\program files (x86)\Apoint\Apoint.exe" [BU]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-08 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-08 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-08 416024]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
FF - ProfilePath - c:\users\Dee\AppData\Roaming\Mozilla\Firefox\Profiles\b9xjr16w.default\
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} - (no file)
AddRemove-SpeedAnalysis2 - c:\program files (x86)\Uninstall Information\Ib\97\3867\ib_uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_174_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_174_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\SAgent4.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgr.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
c:\program files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
c:\windows\SysWOW64\DllHost.exe
c:\windows\SysWOW64\DllHost.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files\Sony\VAIO Care\listener.exe
.
**************************************************************************
.
Completion time: 2013-10-06 12:02:48 - machine was rebooted
ComboFix-quarantined-files.txt 2013-10-06 17:02
ComboFix2.txt 2013-09-30 01:05
.
Pre-Run: 415,473,807,360 bytes free
Post-Run: 415,406,833,664 bytes free
.
- - End Of File - - 4512037618FC312830316390D6D34404


----------



## wannabeageek (Nov 12, 2009)

Hi grubbs,

All of your recent logs *appear* to be free of malware.

Some of the scans implicate that the registry has been damaged and that you are missing some system files for the operating system. But understand that my profession is malware removal and not hardware/software analysis.
If you would still like help, I can message an Admin to arrange further assistance.

*Remove GMER*

Delete the *GMER* icon from your desktop, it will be named .exe

*Uninstall ComboFix*


Click START
Now type *Combofix /Uninstall* in the runbox and click OK

*Clean up with OTL*


Right click on *OTL.exe* select "*Run As Administrator*" to run it. If prompted by UAC, please allow it. This will remove all the tools we used to clean your pc.
Close all other programs apart from OTL as this step will require a reboot
On the OTL main screen, press the *CleanUp! *button
Say *Yes* to the prompt and then allow the program to reboot your computer.

*Remove all used tools* not removed by OTL if they remain on your desktop.

*Create a new, clean System Restore point which you can use in case of future system problems:*


Press* Start *>> *All Programs* >>* Accessories* >>*System Tools* >> *System Restore*
Select *Create a restore point*, then Next, type a name like _All Clean_ then press the *Create* button and once it's done press *Close*
*Now remove old, infected System Restore points:*
Next click *Start* >> *Run* and type *cleanmgr* in the box and press *OK*
Ensure the boxes for *Recycle Bin*, *Temporary Files* and *Temporary Internet Files* are checked, you can choose to check other boxes if you wish but they are not required.
Select the *More Option*s tab, under *System Restore* press *Clean up...* and say *Yes* to the prompt
Press *OK* and* Yes *to confirm

*Update your AntiVirus Software and keep your other programs up-to-date*
Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

*Security Updates for Windows, Internet Explorer & Microsoft Office*
Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via *Start* > right-click on *My Computer* > *Properties* > *Automatic Updates* tab or visit the *Microsoft Update site* on a regular basis.

*Update all these programs regularly* - Make sure you update all the programs I have listed regularly. Without regular updates you *WILL NOT* be protected when new malicious programs are released.Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will enhance your safety


MVPS Hosts file *<=* The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
Winpatrol *<=*  Download and install the free version of Winpatrol. a tutorial for this product is located here:
* Using Winpatrol to protect your computer from malicious software*

Also, please read this great article by Tony Klein So How Did I Get Infected In First Place

*I would be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.*


----------



## Grubbs (Nov 17, 2003)

wannabeageek said:


> Hi grubbs,
> 
> All of your recent logs *appear* to be free of malware.


Thank you for your help and your patience throughout. Just curious, was there actually a serious infection, or did we basically clean up some nuisance adware type stuff? I really didn't try to understand all the scan results and fixes you implemented.



wannabeageek said:


> Some of the scans implicate that the registry has been damaged and that you are missing some system files for the operating system. But understand that my profession is malware removal and not hardware/software analysis.
> If you would still like help, I can message an Admin to arrange further assistance.


Yes, that would be fantastic. Despite being free of malware, the system performance when connected to a network does not seem to be any better. If one of the forum's administrators can direct me to someone who can help with the registry damage/missing system files, that would be definitely be appreciated.

Although I'm not quoting your entire previous post, I will be sure and follow the final instructions it contained.



wannabeageek said:


> *I would be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.*


If it's not too much trouble to answer my question above about the severity of malware actually found and removed and confirm that you've made contact with a system administrator about helping with my system issues, that would be nice but not necessary. Feel free to close the thread either way. Again, I greatly appreciate the assistance and look forward to hearing from someone with advice on repairing the rest of my issues. Will that contact come via reply to this post, e-mail, or private message?


----------

