[arkman]

Internet is up and running, but it feels a bit slow..

Currently have no audio...

Also, when I go into device manager there is a yellow exclaimation mark on Sony Notebook Control Device, Sony Progammable I/O Device, UGX and SigmaTel High Definition Audio Codec?


EDIT: I was able to download the SigmaTel Codec. Sound appears to be back, but everything still seems to feel sluggish.

Edited by arkman, 31 May 2012 - 01:21 AM.

[Advertisements]

Hi.


Step 1

The steps that I am about to suggest involve modifying the registry. Modifying the registry can be dangerous so we will make a backup of the registry first.
Modification of the registry can be EXTREMELY dangerous if you do not know exactly what you are doing so follow the steps that are listed below EXACTLY. if you cannot perform some of these steps or if you have ANY questions please ask BEFORE proceeding.

Backing Up Your Registry

• Download ERUNT.
  (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed).
• Install ERUNT by following the prompts.
  (Use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later).
• Start ERUNT.
  (Either by double clicking on the desktop icon or choosing to start the program at the end of the setup).
• Choose a location for the backup.
  (The default location is C:\WINDOWS\ERDNT which is acceptable).
• Make sure that at least the first two check boxes are ticked.
• Press OK.
• Press YES to create the folder.

Step 2

We can compose a registry file to manipulate the keys and values we're after.

1. Copy and paste the text below into notepad:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]
"netsvcs"="hex(7):36,00,74,00,6f,00,34,00,00,00,41,00,70,00,70,00,4d,00,67,00,\
  6d,00,74,00,00,00,41,00,75,00,64,00,69,00,6f,00,53,00,72,00,76,00,00,00,42,\
  00,72,00,6f,00,77,00,73,00,65,00,72,00,00,00,43,00,72,00,79,00,70,00,74,00,\
  53,00,76,00,63,00,00,00,44,00,4d,00,53,00,65,00,72,00,76,00,65,00,72,00,00,\
  00,44,00,48,00,43,00,50,00,00,00,45,00,52,00,53,00,76,00,63,00,00,00,45,00,\
  76,00,65,00,6e,00,74,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,46,00,61,\
  00,73,00,74,00,55,00,73,00,65,00,72,00,53,00,77,00,69,00,74,00,63,00,68,00,\
  69,00,6e,00,67,00,43,00,6f,00,6d,00,70,00,61,00,74,00,69,00,62,00,69,00,6c,\
  00,69,00,74,00,79,00,00,00,48,00,69,00,64,00,53,00,65,00,72,00,76,00,00,00,\
  49,00,61,00,73,00,00,00,49,00,70,00,72,00,69,00,70,00,00,00,49,00,72,00,6d,\
  00,6f,00,6e,00,00,00,4c,00,61,00,6e,00,6d,00,61,00,6e,00,53,00,65,00,72,00,\
  76,00,65,00,72,00,00,00,4c,00,61,00,6e,00,6d,00,61,00,6e,00,57,00,6f,00,72,\
  00,6b,00,73,00,74,00,61,00,74,00,69,00,6f,00,6e,00,00,00,4d,00,65,00,73,00,\
  73,00,65,00,6e,00,67,00,65,00,72,00,00,00,4e,00,65,00,74,00,6d,00,61,00,6e,\
  00,00,00,4e,00,6c,00,61,00,00,00,4e,00,74,00,6d,00,73,00,73,00,76,00,63,00,\
  00,00,4e,00,57,00,43,00,57,00,6f,00,72,00,6b,00,73,00,74,00,61,00,74,00,69,\
  00,6f,00,6e,00,00,00,4e,00,77,00,73,00,61,00,70,00,61,00,67,00,65,00,6e,00,\
  74,00,00,00,52,00,61,00,73,00,61,00,75,00,74,00,6f,00,00,00,52,00,61,00,73,\
  00,6d,00,61,00,6e,00,00,00,52,00,65,00,6d,00,6f,00,74,00,65,00,61,00,63,00,\
  63,00,65,00,73,00,73,00,00,00,53,00,63,00,68,00,65,00,64,00,75,00,6c,00,65,\
  00,00,00,53,00,65,00,63,00,6c,00,6f,00,67,00,6f,00,6e,00,00,00,53,00,45,00,\
  4e,00,53,00,00,00,53,00,68,00,61,00,72,00,65,00,64,00,61,00,63,00,63,00,65,\
  00,73,00,73,00,00,00,53,00,52,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,\
  00,00,54,00,61,00,70,00,69,00,73,00,72,00,76,00,00,00,54,00,68,00,65,00,6d,\
  00,65,00,73,00,00,00,54,00,72,00,6b,00,57,00,6b,00,73,00,00,00,57,00,33,00,\
  32,00,54,00,69,00,6d,00,65,00,00,00,57,00,5a,00,43,00,53,00,56,00,43,00,00,\
  00,57,00,6d,00,69,00,00,00,57,00,6d,00,64,00,6d,00,50,00,6d,00,53,00,70,00,\
  00,00,77,00,69,00,6e,00,6d,00,67,00,6d,00,74,00,00,00,77,00,73,00,63,00,73,\
  00,76,00,63,00,00,00,78,00,6d,00,6c,00,70,00,72,00,6f,00,76,00,00,00,6e,00,\
  61,00,70,00,61,00,67,00,65,00,6e,00,74,00,00,00,68,00,6b,00,6d,00,73,00,76,\
  00,63,00,00,00,42,00,49,00,54,00,53,00,00,00,77,00,75,00,61,00,75,00,73,00,\
  65,00,72,00,76,00,00,00,53,00,68,00,65,00,6c,00,6c,00,48,00,57,00,44,00,65,\
  00,74,00,65,00,63,00,74,00,69,00,6f,00,6e,00,00,00,68,00,65,00,6c,00,70,00,\
  73,00,76,00,63,00,00,00,57,00,6d,00,64,00,6d,00,50,00,6d,00,53,00,4e,00,00,\
  00,00,00"

2. Save the file as netsvcs.reg.
3. Set the Filetype to "All Files".
4. Save it to your desktop. It should look like this
5. Click on the file after you've saved it. Click Yes to the box that appears.


Step 3

In the device manager, right-click each driver you mentioned and select Update Driver. If the driver(s) can't be found, do you have the driver CD that came with your computer.
If you don't have the driver CD, please tell me your computer model/number.


Step 4

Please run ComboFix again and post the resultant log.


Things I want to see in your next reply

• Information from Step 3 (if needed)
• ComboFix.txt

[Nedklaw]

Hi.


Step 1

The steps that I am about to suggest involve modifying the registry. Modifying the registry can be dangerous so we will make a backup of the registry first.
Modification of the registry can be EXTREMELY dangerous if you do not know exactly what you are doing so follow the steps that are listed below EXACTLY. if you cannot perform some of these steps or if you have ANY questions please ask BEFORE proceeding.

Backing Up Your Registry

• Download ERUNT.
  (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed).
• Install ERUNT by following the prompts.
  (Use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later).
• Start ERUNT.
  (Either by double clicking on the desktop icon or choosing to start the program at the end of the setup).
• Choose a location for the backup.
  (The default location is C:\WINDOWS\ERDNT which is acceptable).
• Make sure that at least the first two check boxes are ticked.
• Press OK.
• Press YES to create the folder.

Step 2

We can compose a registry file to manipulate the keys and values we're after.

1. Copy and paste the text below into notepad:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]
"netsvcs"="hex(7):36,00,74,00,6f,00,34,00,00,00,41,00,70,00,70,00,4d,00,67,00,\
  6d,00,74,00,00,00,41,00,75,00,64,00,69,00,6f,00,53,00,72,00,76,00,00,00,42,\
  00,72,00,6f,00,77,00,73,00,65,00,72,00,00,00,43,00,72,00,79,00,70,00,74,00,\
  53,00,76,00,63,00,00,00,44,00,4d,00,53,00,65,00,72,00,76,00,65,00,72,00,00,\
  00,44,00,48,00,43,00,50,00,00,00,45,00,52,00,53,00,76,00,63,00,00,00,45,00,\
  76,00,65,00,6e,00,74,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,46,00,61,\
  00,73,00,74,00,55,00,73,00,65,00,72,00,53,00,77,00,69,00,74,00,63,00,68,00,\
  69,00,6e,00,67,00,43,00,6f,00,6d,00,70,00,61,00,74,00,69,00,62,00,69,00,6c,\
  00,69,00,74,00,79,00,00,00,48,00,69,00,64,00,53,00,65,00,72,00,76,00,00,00,\
  49,00,61,00,73,00,00,00,49,00,70,00,72,00,69,00,70,00,00,00,49,00,72,00,6d,\
  00,6f,00,6e,00,00,00,4c,00,61,00,6e,00,6d,00,61,00,6e,00,53,00,65,00,72,00,\
  76,00,65,00,72,00,00,00,4c,00,61,00,6e,00,6d,00,61,00,6e,00,57,00,6f,00,72,\
  00,6b,00,73,00,74,00,61,00,74,00,69,00,6f,00,6e,00,00,00,4d,00,65,00,73,00,\
  73,00,65,00,6e,00,67,00,65,00,72,00,00,00,4e,00,65,00,74,00,6d,00,61,00,6e,\
  00,00,00,4e,00,6c,00,61,00,00,00,4e,00,74,00,6d,00,73,00,73,00,76,00,63,00,\
  00,00,4e,00,57,00,43,00,57,00,6f,00,72,00,6b,00,73,00,74,00,61,00,74,00,69,\
  00,6f,00,6e,00,00,00,4e,00,77,00,73,00,61,00,70,00,61,00,67,00,65,00,6e,00,\
  74,00,00,00,52,00,61,00,73,00,61,00,75,00,74,00,6f,00,00,00,52,00,61,00,73,\
  00,6d,00,61,00,6e,00,00,00,52,00,65,00,6d,00,6f,00,74,00,65,00,61,00,63,00,\
  63,00,65,00,73,00,73,00,00,00,53,00,63,00,68,00,65,00,64,00,75,00,6c,00,65,\
  00,00,00,53,00,65,00,63,00,6c,00,6f,00,67,00,6f,00,6e,00,00,00,53,00,45,00,\
  4e,00,53,00,00,00,53,00,68,00,61,00,72,00,65,00,64,00,61,00,63,00,63,00,65,\
  00,73,00,73,00,00,00,53,00,52,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,\
  00,00,54,00,61,00,70,00,69,00,73,00,72,00,76,00,00,00,54,00,68,00,65,00,6d,\
  00,65,00,73,00,00,00,54,00,72,00,6b,00,57,00,6b,00,73,00,00,00,57,00,33,00,\
  32,00,54,00,69,00,6d,00,65,00,00,00,57,00,5a,00,43,00,53,00,56,00,43,00,00,\
  00,57,00,6d,00,69,00,00,00,57,00,6d,00,64,00,6d,00,50,00,6d,00,53,00,70,00,\
  00,00,77,00,69,00,6e,00,6d,00,67,00,6d,00,74,00,00,00,77,00,73,00,63,00,73,\
  00,76,00,63,00,00,00,78,00,6d,00,6c,00,70,00,72,00,6f,00,76,00,00,00,6e,00,\
  61,00,70,00,61,00,67,00,65,00,6e,00,74,00,00,00,68,00,6b,00,6d,00,73,00,76,\
  00,63,00,00,00,42,00,49,00,54,00,53,00,00,00,77,00,75,00,61,00,75,00,73,00,\
  65,00,72,00,76,00,00,00,53,00,68,00,65,00,6c,00,6c,00,48,00,57,00,44,00,65,\
  00,74,00,65,00,63,00,74,00,69,00,6f,00,6e,00,00,00,68,00,65,00,6c,00,70,00,\
  73,00,76,00,63,00,00,00,57,00,6d,00,64,00,6d,00,50,00,6d,00,53,00,4e,00,00,\
  00,00,00"

2. Save the file as netsvcs.reg.
3. Set the Filetype to "All Files".
4. Save it to your desktop. It should look like this
5. Click on the file after you've saved it. Click Yes to the box that appears.


Step 3

In the device manager, right-click each driver you mentioned and select Update Driver. If the driver(s) can't be found, do you have the driver CD that came with your computer.
If you don't have the driver CD, please tell me your computer model/number.


Step 4

Please run ComboFix again and post the resultant log.


Things I want to see in your next reply

• Information from Step 3 (if needed)
• ComboFix.txt

[Nedklaw]

Hi.
A System Restore reverts your computer back to an earlier date.
If you haven't already, please follow the instructions in my previous post.


Step 1

Please run Farbar Service Scanner.

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  
  
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

Things I want to see in your next reply

• Information from Step 3 (if needed)
• ComboFix.txt
• FSS.txt

[arkman]

Hi,

When I attempted to update the drivers it said (1) the wizard could not find a better match, (2) wizard could not find the necessary hardware...I'm on a Sony VGN-SZ340..

Farbar Service Scanner Version: 17-05-2012
Ran by Computer (administrator) on 05-06-2012 at 00:14:12
Running from "C:\Documents and Settings\Computer\Desktop"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
AegisP(9) Gpc(6) IPSec(4) NetBT(5) PSched(7) s24trans(8) Tcpip(3)
0x0A000000040000000100000002000000030000000A0000000500000006000000070000000800000009000000
IpSec Tag value is correct.

**** End of log ****






ComboFix 12-06-04.03 - Computer 06/05/2012 1:48.9.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.625 [GMT -4:00]
Running from: c:\documents and settings\Computer\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\RECYCLER(2)
c:\recycler(2)\S-1-5-21-2919104967-2981136551-2492303643-1006(2)\INFO2
c:\windows\system32\ntpr_nic_service2.dll
c:\windows\TEMP\2.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SE27MDFL
-------\Service_SE27mdfl
.
.
((((((((((((((((((((((((( Files Created from 2012-05-05 to 2012-06-05 )))))))))))))))))))))))))))))))
.
.
2012-06-05 04:15 . 2012-06-05 04:15 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM
2012-06-04 06:35 . 2012-06-04 06:35 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-04 06:18 . 2012-06-04 06:18 -------- d-----w- c:\windows\system32\wbem\Repository
2012-06-04 06:14 . 2012-06-04 06:14 -------- d-----w- c:\program files\Common Files\Protector Suite QL
2012-06-04 06:13 . 2012-06-04 06:14 -------- d-----w- c:\program files\Protector Suite QL
2012-06-03 04:45 . 2006-02-23 01:11 39936 ----a-w- c:\windows\system32\fusstub.dll
2012-06-03 04:45 . 2006-02-23 01:10 5632 ----a-w- c:\windows\system32\biologon.dll
2012-06-03 04:13 . 2012-06-03 04:13 -------- d-----w- C:\found.000
2012-05-31 04:06 . 2012-05-31 04:06 -------- d-----w- C:\dell
2012-05-20 06:06 . 2012-05-20 06:06 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-05 04:11 . 2006-07-22 01:30 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2012-04-11 13:14 . 2004-08-03 23:18 2148352 ------w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12 . 2006-07-22 01:31 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35 . 2004-08-03 22:59 2026496 ------w- c:\windows\system32\ntkrnlpa.exe
2012-04-10 03:41 . 2012-04-10 03:41 711240 ----a-w- c:\windows\is-7UA4F.exe
2012-04-04 19:56 . 2011-11-01 03:51 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-03-21 17:19 . 2009-03-21 17:19 7522240 ----a-w- c:\program files\Firefox Setup 3.0.7.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2006-05-08 81920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-17 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-17 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-17 118784]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-11-18 118784]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-02-28 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-02-28 602182]
"EOUApp"="c:\program files\Intel\Wireless\Bin\EOUWiz.exe" [2006-02-28 569413]
"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2006-06-13 217088]
"VAIO Update 2"="c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe" [2005-10-12 151552]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-21 7561216]
"Biomenu"="c:\program files\Protector Suite QL\menusw.exe" [2006-02-23 1354240]
"Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 176128]
"VAIOCameraUtility"="c:\program files\Sony\VAIO Camera Utility\VCUServe.exe" [2005-12-27 69632]
"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2010-05-31 323976]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\Computer\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideFastUserSwitching"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-06 20:40 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-02-23 01:11 39936 ----a-w- c:\windows\system32\fusstub.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-03-09 21:51 73728 ----a-w- c:\windows\system32\VESWinlogon.dll
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Trend Micro Anti-Spyware.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Trend Micro Anti-Spyware.lnk
backup=c:\windows\pss\Trend Micro Anti-Spyware.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISBMgr.exe]
2004-02-20 21:12 32768 ----a-w- c:\program files\Sony\ISB Utility\ISBMgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Sony\\VAIO Event Service\\VESMgr.exe"=
"c:\\Program Files\\Sony\\VAIO Power Management\\SPMgr.exe"=
"c:\\Documents and Settings\\Computer\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Common Files\\Microsoft Shared\\DW\\DW20.EXE"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.scr"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\SpywareBlaster\\spywareblaster.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12001:UDP"= 12001:UDP:SMART WebServer Handshake Multicast Port
.
R0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\drivers\shpf.sys [7/21/2006 9:31 PM 9216]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [11/27/2010 3:25 PM 691696]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [12/22/2008 12:06 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/22/2008 12:05 PM 68168]
R2 FdRedir;FdRedir;c:\program files\Common Files\Protector Suite QL\Drivers\FdRedir.sys [2/22/2006 9:13 PM 13440]
R2 FileDisk2;FileDisk Protector Kernel Driver;c:\program files\Common Files\Protector Suite QL\Drivers\filedisk.sys [2/22/2006 9:13 PM 33024]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/31/2011 11:52 PM 654408]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [7/21/2006 9:31 PM 36352]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/31/2011 11:51 PM 22344]
R3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [8/24/2011 10:08 PM 23096]
R3 SndTVideo;SndTVideo;c:\windows\system32\drivers\SndTVideo.sys [8/24/2011 10:08 PM 3768]
R3 SonyImgF;Sony Image Conversion Filter Driver;c:\windows\system32\drivers\SonyImgF.sys [7/21/2006 9:31 PM 30080]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [7/21/2006 9:31 PM 808448]
S1 MpKsl09776da1;MpKsl09776da1;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A794F713-3490-495A-A17C-FFF3A9BC3586}\MpKsl09776da1.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A794F713-3490-495A-A17C-FFF3A9BC3586}\MpKsl09776da1.sys [?]
S1 MpKsl20977336;MpKsl20977336;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A4863416-5299-448A-8343-23981918D675}\MpKsl20977336.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{A4863416-5299-448A-8343-23981918D675}\MpKsl20977336.sys [?]
S1 MpKsl281305a0;MpKsl281305a0;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3281A8F8-1922-4761-9F7F-26AF67EA1ADA}\MpKsl281305a0.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3281A8F8-1922-4761-9F7F-26AF67EA1ADA}\MpKsl281305a0.sys [?]
S1 MpKsl36782a5c;MpKsl36782a5c;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{03A4983B-38BB-481C-920E-C332803F1F31}\MpKsl36782a5c.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{03A4983B-38BB-481C-920E-C332803F1F31}\MpKsl36782a5c.sys [?]
S1 MpKsl3aa3c35d;MpKsl3aa3c35d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C7E44140-8495-45EF-BE90-0704441F4C1A}\MpKsl3aa3c35d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C7E44140-8495-45EF-BE90-0704441F4C1A}\MpKsl3aa3c35d.sys [?]
S1 MpKsl3e6442b9;MpKsl3e6442b9;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{57ADF33C-D5E9-47B9-B37E-5ACCAEA28493}\MpKsl3e6442b9.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{57ADF33C-D5E9-47B9-B37E-5ACCAEA28493}\MpKsl3e6442b9.sys [?]
S1 MpKsl87b1fb46;MpKsl87b1fb46;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7C124399-5300-4C9C-BD22-160EF89785AF}\MpKsl87b1fb46.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7C124399-5300-4C9C-BD22-160EF89785AF}\MpKsl87b1fb46.sys [?]
S1 MpKsl89c4b4a0;MpKsl89c4b4a0;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AD535431-0320-4E9A-8786-7BD28E0133EE}\MpKsl89c4b4a0.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AD535431-0320-4E9A-8786-7BD28E0133EE}\MpKsl89c4b4a0.sys [?]
S1 MpKsl8e1bda59;MpKsl8e1bda59;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C7E44140-8495-45EF-BE90-0704441F4C1A}\MpKsl8e1bda59.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C7E44140-8495-45EF-BE90-0704441F4C1A}\MpKsl8e1bda59.sys [?]
S1 MpKsla4e06307;MpKsla4e06307;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0F0C4424-D801-4B2E-B6C5-7D57494C03D0}\MpKsla4e06307.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{0F0C4424-D801-4B2E-B6C5-7D57494C03D0}\MpKsla4e06307.sys [?]
S1 MpKslc5497097;MpKslc5497097;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{471F9D3F-F1D3-4AA6-B4FF-5BB3EB3F6214}\MpKslc5497097.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{471F9D3F-F1D3-4AA6-B4FF-5BB3EB3F6214}\MpKslc5497097.sys [?]
S1 MpKslc7db95b3;MpKslc7db95b3;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{998BD1DF-1508-441B-B987-FF61046C05E1}\MpKslc7db95b3.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{998BD1DF-1508-441B-B987-FF61046C05E1}\MpKslc7db95b3.sys [?]
S1 MpKslcfc00972;MpKslcfc00972;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{998BD1DF-1508-441B-B987-FF61046C05E1}\MpKslcfc00972.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{998BD1DF-1508-441B-B987-FF61046C05E1}\MpKslcfc00972.sys [?]
S1 MpKsld903df8a;MpKsld903df8a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B8F308A4-F141-4C2C-ACF7-33ED60597DBA}\MpKsld903df8a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B8F308A4-F141-4C2C-ACF7-33ED60597DBA}\MpKsld903df8a.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [5/20/2012 2:06 AM 40776]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [8/21/2008 11:49 PM 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [8/21/2008 11:49 PM 8320]
S3 RTCore32;RTCore32;c:\program files\RMClock\RTCore32.sys [9/17/2009 7:03 PM 4608]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/22/2008 12:06 PM 12872]
S3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\DRIVERS\SonyPI.sys --> c:\windows\system32\DRIVERS\SonyPI.sys [?]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/30/2011 3:50 PM 136176]
S4 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 8:49 AM 227232]
S4 SoundMovieServer;SoundMovieServer;c:\windows\system32\snmvtsvc.exe [8/24/2011 10:08 PM 200704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
NETSVCS REQUIRES REPAIRS - current entries shown
6to4
audiosrv
browser
cryptsvc
dmserver
dhcp
ersvc
eventsystem
fastuserswitchingcompatibility
ias
iprip
irmon
lanmanserver
lanmanworkstation
messenger
netman
nla
ntmssvc
nwcworkstation
nwsapagent
rasauto
rasman
rismxdp
SQLAgent$LG_LP2
ma_cmidi_installerservice
61883
profos
aic116x
rasirda
ar5211
msmframework
cpqdfw
s117mgmt
SimpTcp
EUSBMSD
Cardex
LKbdFlt2
vproeventmonitor
btwaudio
stunnel
pdlnshay
SbieDrv
W2acehid
EIO_XP
revudfservice
ELmon
se58bus
irda
avidsdmservice
ntcharge
advantage
avipbb
Si3132
se44nd5
pxfhmdfl
admjoy
cxlpt
DcFpoint
arrayssl_vpn_service3,0,1,9
asapiw2k
ASDR
netmdsb
lsdiorw
db2jds
NICSer_WPC300N
rdpdr
FirePM
zumbus
tfsncofs
hcwPP2
unrealircd
elockservice
rtport
ndasscsi
defwatch
MA_CMIDI
epsonbidirectionalservice
alertmanager
marvinbus
cwafadmincontroller
oracledbconsoleorcl
vmnetbridge
pae_1394
DS1410D
MRESP50
lhidusb
susbser
NICSer_WPC54G
ctprxy2k
s7otranx
SED133x
oracleorahome92tnslistener
msi_wlan_service
U2SP
twdns
qbposdbservices
ispwdsvc
ramaint
PSDNServ
T6963C
meraksmtp
SDdriver
sisagp
k750mgmt
cachemanxp
aslm75
bthmodem
dvpapi
MaVctrl
emupia
ntuneservice
MXOFX
mi-raysat_3dsMax2008_32
GoogleDesktopManager-010708-104812
wkscfgsrv
pcx1nd5
ihcservice
nmservice
uisp
filterservice
omsad
nisum
pptchpad
bt
vmkbd2
Via4in1
ssoftservice
avc
ASNDIS5
remoteaccess
schedule
seclogon
sens
sharedaccess
srservice
tapisrv
themes
trkwks
w32time
wzcsvc
wmi
wmdmpmsp
winmgmt
wscsvc
xmlprov
bits
wuauserv
shellhwdetection
helpsvc
wmdmpmsn
napagent
hkmsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2919104967-2981136551-2492303643-1006Core.job
- c:\documents and settings\Computer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-30 23:20]
.
2012-06-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2919104967-2981136551-2492303643-1006UA.job
- c:\documents and settings\Computer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-30 23:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
Trusted Zone: westlaw.com
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{562E49FA-4568-466F-8F14-F0EBE8503C89}: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-25608225.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-05 02:18
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST98823AS rev.3.14 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
.
device: opened successfully
user: MBR read successfully
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x86CBD2E2
user & kernel MBR OK
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
"value"="?\0b\03\02\0421n"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(868)
c:\windows\system32\WININET.dll
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\fusstub.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homefus.dll
c:\windows\system32\biologon.dll
c:\program files\Protector Suite QL\homepass.dll
c:\program files\Protector Suite QL\passport.dll
c:\program files\Protector Suite QL\BhTcAll.dll
c:\program files\Protector Suite QL\BhDevTfm.dll
c:\program files\Protector Suite QL\AlgVer.dll
c:\program files\Protector Suite QL\TCBioLib.dll
c:\program files\Protector Suite QL\remote.dll
c:\windows\system32\VESWinlogon.dll
c:\program files\Protector Suite QL\mysafe.dll
.
- - - - - - - > 'lsass.exe'(928)
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(820)
c:\windows\system32\WININET.dll
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Protector Suite QL\mysafe.dll
c:\program files\Protector Suite QL\infra.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\Apoint\Apntex.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
.
**************************************************************************
.
Completion time: 2012-06-05 02:27:12 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-05 06:27
ComboFix2.txt 2012-05-29 04:39
ComboFix3.txt 2012-05-22 04:06
.
Pre-Run: 3,135,037,440 bytes free
Post-Run: 4,841,033,728 bytes free
.
- - End Of File - - A9C97963EE63AE14F696581AB9071EC6

[Nedklaw]

Hi.
Please refrain from performing any steps yourself as there is no way to know how that will affect our fixes and it may possibly complicate matters.


Step 1

• Start ERUNT.
  (Either by double clicking on the desktop icon or choosing to start the program at the end of the setup).
• Choose a location for the backup.
  (The default location is C:\WINDOWS\ERDNT which is acceptable).
• Make sure that at least the first two check boxes are ticked.
• Press OK.
• Press YES to create the folder.

Step 2

• Download and extract the following file to your desktop:
• Click on the file after you have extracted it. Click Yes to the box that appears.
  
• Next, I'm going to check that the registry fix has worked. Type cmd.exe into the Run box.
• Copy and paste the following command into the black box:
  
  

  regedit /a C:\netsvcs.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost"

• Post the contents of C:\netsvcs.txt in your next reply.

Step 3

Download the following three drivers you mentioned before from here, here and here.
Do the yellow exclamation marks still appear next to the 3 drivers in Device Manager?


Things I want to see in your next reply

• netsvcs.txt
• Answer to my question

[Nedklaw]

Hi.
Please follow these instructions for Step 2 as opposed to the ones in my previous post:

Step 2

• Download and extract the following file to your desktop:  NetSvcs.zip   973bytes   89 downloads
• Click on the file after you have extracted it. Click Yes to the box that appears.
  
• Next, I'm going to check that the registry fix has worked. Type cmd.exe into the Run box.
• Copy and paste the following command into the black box and press Enter:
  
  

  regedit /a C:\netsvcs.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost"

• Post the contents of C:\netsvcs.txt in your next reply.

[arkman]

Hi. Yellow exclaimation for Sony Programmable I/O Control Device still remains. The other two disappeared.


REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost]
"HTTPFilter"=hex(7):48,54,54,50,46,69,6c,74,65,72,00,00
"LocalService"=hex(7):41,6c,65,72,74,65,72,00,57,65,62,43,6c,69,65,6e,74,00,4c,\
6d,48,6f,73,74,73,00,52,65,6d,6f,74,65,52,65,67,69,73,74,72,79,00,75,70,6e,\
70,68,6f,73,74,00,53,53,44,50,53,52,56,00,00
"NetworkService"=hex(7):44,6e,73,43,61,63,68,65,00,00
"netsvcs"=hex(7):36,74,6f,34,00,41,70,70,4d,67,6d,74,00,41,75,64,69,6f,53,72,\
76,00,42,72,6f,77,73,65,72,00,43,72,79,70,74,53,76,63,00,44,4d,53,65,72,76,\
65,72,00,44,48,43,50,00,45,52,53,76,63,00,45,76,65,6e,74,53,79,73,74,65,6d,\
00,46,61,73,74,55,73,65,72,53,77,69,74,63,68,69,6e,67,43,6f,6d,70,61,74,69,\
62,69,6c,69,74,79,00,48,69,64,53,65,72,76,00,49,61,73,00,49,70,72,69,70,00,\
49,72,6d,6f,6e,00,4c,61,6e,6d,61,6e,53,65,72,76,65,72,00,4c,61,6e,6d,61,6e,\
57,6f,72,6b,73,74,61,74,69,6f,6e,00,4d,65,73,73,65,6e,67,65,72,00,4e,65,74,\
6d,61,6e,00,4e,6c,61,00,4e,74,6d,73,73,76,63,00,4e,57,43,57,6f,72,6b,73,74,\
61,74,69,6f,6e,00,4e,77,73,61,70,61,67,65,6e,74,00,52,61,73,61,75,74,6f,00,\
52,61,73,6d,61,6e,00,52,65,6d,6f,74,65,61,63,63,65,73,73,00,53,63,68,65,64,\
75,6c,65,00,53,65,63,6c,6f,67,6f,6e,00,53,45,4e,53,00,53,68,61,72,65,64,61,\
63,63,65,73,73,00,53,52,53,65,72,76,69,63,65,00,54,61,70,69,73,72,76,00,54,\
68,65,6d,65,73,00,54,72,6b,57,6b,73,00,57,33,32,54,69,6d,65,00,57,5a,43,53,\
56,43,00,57,6d,69,00,57,6d,64,6d,50,6d,53,70,00,77,69,6e,6d,67,6d,74,00,77,\
73,63,73,76,63,00,78,6d,6c,70,72,6f,76,00,6e,61,70,61,67,65,6e,74,00,68,6b,\
6d,73,76,63,00,42,49,54,53,00,77,75,61,75,73,65,72,76,00,53,68,65,6c,6c,48,\
57,44,65,74,65,63,74,69,6f,6e,00,68,65,6c,70,73,76,63,00,57,6d,64,6d,50,6d,\
53,4e,00,00
"DcomLaunch"=hex(7):44,63,6f,6d,4c,61,75,6e,63,68,00,54,65,72,6d,53,65,72,76,\
69,63,65,00,00
"rpcss"=hex(7):52,70,63,53,73,00,00
"imgsvc"=hex(7):53,74,69,53,76,63,00,00
"termsvcs"=hex(7):54,65,72,6d,53,65,72,76,69,63,65,00,00
"eapsvcs"=hex(7):65,61,70,68,6f,73,74,00,00
"dot3svc"=hex(7):64,6f,74,33,73,76,63,00,00
"WudfServiceGroup"=hex(7):57,55,44,46,53,76,63,00,00
"HPZ12"=hex(7):50,6d,6c,20,44,72,69,76,65,72,20,48,50,5a,31,32,00,4e,65,74,20,\
44,72,69,76,65,72,20,48,50,5a,31,32,00,00
"bthsvcs"=hex(7):62,74,68,73,65,72,76,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\DComLaunch]
"CoInitializeSecurityParam"=dword:00000001
"DefaultRpcStackSize"=dword:00000008

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\dot3svc]
"AuthenticationCapabilities"=dword:00003020
"CoInitializeSecurityParam"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\eapsvcs]
"AuthenticationCapabilities"=dword:00003020
"CoInitializeSecurityParam"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\HTTPFilter]
"CoInitializeSecurityParam"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\LocalService]
"CoInitializeSecurityParam"=dword:00000001
"AuthenticationCapabilities"=dword:00002000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs]
"CoInitializeSecurityParam"=dword:00000001
"AuthenticationCapabilities"=dword:00003020

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\PCHealth]
"CoInitializeSecurityParam"=dword:00000002
"AuthenticationCapabilities"=dword:00000040

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\termsvcs]
"CoInitializeSecurityParam"=dword:00000001
"DefaultRpcStackSize"=dword:00000008

[Nedklaw]

Hi.


Step 1

• Right-click on Sony Programmable I/O Control Device in Device Manager.
• Select Properties.
• The information located in the text box under Device status contains the current status of this particular driver.
• Copy and paste the information in the text box in your next reply.

Step 2

• Open OTL again and select the "Scan All Users" box.
• Click the Quick Scan button. Post the log it produces in your next reply.

Things I want to see in your next reply

• Information from Device Manager
• OTL.txt

[arkman]

I've tried to run OTL twice and each time I get a blue screen with a message about "atapi.sys"?





Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)

Click Troubleshoot to start the troubleshooter for this device.

[Nedklaw]

Hi.
Try to run OTL again. If you get a blue screen then tell me the exact message that appears.

[arkman]

A problem has been detected and windows has been shut down to prevent damage to your computer.

If this is the first time you’ve seen this stop error screen, restart your computer. If this screen appears again follow these steps:

Check to be sure you have adequate disk space. If a driver is identified in the Stop message, disable the driver or check with the manufacturer for driver updates. Try changing video adapters.

Check with your hardware vendor for any BIOS updates. Disable BIOS memory options such as caching or shadowing. If you need to use Safe Mode to remove or disable components, restart your computer, press F8 to select Advanced Startup Options, and then select Safe Mode.

Technical Information:

*** STOP: 0x0000008E (0xC0000005, 0XF736E71D, 0XB936E580, 0X00000000)

*** atapi.sys - Address F736E71D base at F7364000, DateStamp 4802539d

Beginning dump of physical memory
Physical dump complete.
Contact your system adminstrator or technical support group for further assistance.

[Nedklaw]

Hi.
The blue screen error code could be due to faulty drivers or a faulty RAM module.


Step 1

First, we need to roll back the drivers we recently installed:

• Start Device Manager.
• Double-click the Sony Notebook Control Device, Sony Progammable I/O Device and UGX drivers.
• Click the Driver tab, and then click the Roll Back Driver button.

Run OTL again and see if you get a blue screen.


Step 2

If the blue screen still appears then we will check to see if you have faulty RAM modules:

• Take the first RAM module out of your computer and then boot up your computer. Can you run OTL?
• Put the RAM module back in and repeat the process until you can run OTL or until you have taken out all of the RAM modules.

Could you run OTL without the blue screen?

[Essexboy]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.