Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Persistant Rootkit [Solved]

Started by GUBID , Jul 17 2013 04:07 AM

  • This topic is locked This topic is locked

#1
GUBID
Posted 17 July 2013 - 04:07 AM

GUBID

    Member

  • Member
  • PipPip
  • 29 posts
I have AVG Internet Security installed on my laptop. It found a rootkit during a routine scan, in order to remove it I had to reboot the laptop, unfortunately this did not clear the infection as it would be found again during a follow up scan. I went on to the AVG forum for advice, before they got back to me I began to clear scans and presumed that the AVG had been updated to deal with whatever infection was involved. Fast forward two months and the infection is back, I re-posted to the AVG forum for help, they asked for AVG scan result export, Msinfo output, GMER scan result, which I provided. In response they posted that I should "Please use AVG Rescue CD and restore your MBR as described here (refer to Offline mode using AVG Rescue CD). Then, scan the system using AVG Rescue CD and remove detected threats." Whilst waiting for their reply I began to get clear scans again which I fed back to them. They have since posted that my issue is "solved" and closed the thread! I haven't followed their advice. I have sneaky feeling though that my infection is not resolved. I ran Tdsskiller and it flagged up a 'locked file, Service: sptd' and graded it as a medium risk. Could you give me any advice? The symptoms I am experiencing are sudden browser crashes, getting disconnected from the net when playing Youtube videos which requires a reboot to reestablish the connection. Thanks in advance.
  • 0

Advertisements

#2
Teima
Posted 17 July 2013 - 04:35 AM

Teima

    Member

  • Member
  • PipPipPip
  • 833 posts
Hello GUBID,

My name is Teima and I'll be happy to assist you with this issue. Before we commence I'd like to ask that you take into careful thought of the points which I've listed below as they will beneficial to the guidance as to which I'll present yourself with here on Geekstogo. :)

Notes before we commence:

  • It's important that you reply within four days. If you haven't replied within that time, the thread will be closed.
  • As the process of malware removal is often challenging at times I'd like you to take into consideration that it may take multiple replies in order to resolve the issue/issues present.
  • If you are uncertain about any of the steps as to which I present yourself with. Please feel free to ask myself for further clarification.
  • It's important that you don't use tools which have been recommended for other users of the forum, failure to follow these guidelines will most likely result in an unbootable machine.
  • These steps only apply for the user "GUBID". If you're reading this thread and you're requiring assistance, then read this thread and follow the listed steps carefully.
  • The absence of symptoms does not necessarily mean that your system is clean. Please stick with me until I state that your system is clean.
  • If It's been a total of three days and you've yet to receive a response from myself. Please send myself a reminder by clicking here and attaching the appropriate thread link where I can respond.

Extra

Please be patient with me as I am currently in training, and all of my responses to you have to be reviewed by my instructor before I post them. Just keep in mind that you get the advantage as you have two people examining your issue. Thanks for your consideration. :thumbsup:
  • 0

#3
Teima
Posted 18 July 2013 - 02:25 AM

Teima

    Member

  • Member
  • PipPipPip
  • 833 posts
Hello GUBID.

I ran Tdsskiller and it flagged up a 'locked file,

Do you still have the log file which was produced by TDSSKiller at the time? The log should be situated in the C: Drive with the name: TDSSKiller.[Version]_[Date]_[Time]_log.txt. If so. Please post it here for me to review.

Could you give me any advice?

Yes. That's what I'm here for mate. First I'll present some instructions to look into this further with my intial diagnosis tool which is called OTL below.

Step One

Download OTL to your Desktop

  • Double click on the icon to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator"). Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time into this topic for me to review.

  • 0

#4
GUBID
Posted 18 July 2013 - 05:46 AM

GUBID

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Thanks for the quick reply Tiema!
I have posted the scan outputs you have asked for below.
For some reason OTL is not generating an Extra.txt file for the scan I've just run, so I have posted the Extra file from the first scan I ran yesterday. I hope that's Okay?

The Tdsskiller output is below:

10:58:27.0687 79104 TDSS rootkit removing tool 2.8.18.0 Jun 10 2013 21:44:19
10:58:27.0874 79104 ============================================================
10:58:27.0874 79104 Current date / time: 2013/07/17 10:58:27.0874
10:58:27.0874 79104 SystemInfo:
10:58:27.0874 79104
10:58:27.0874 79104 OS Version: 6.0.6002 ServicePack: 2.0
10:58:27.0874 79104 Product type: Workstation
10:58:27.0874 79104 ComputerName: SHAUN-PC
10:58:27.0874 79104 UserName: Shaun
10:58:27.0874 79104 Windows directory: C:\Windows
10:58:27.0874 79104 System windows directory: C:\Windows
10:58:27.0874 79104 Processor architecture: Intel x86
10:58:27.0874 79104 Number of processors: 2
10:58:27.0874 79104 Page size: 0x1000
10:58:27.0874 79104 Boot type: Normal boot
10:58:27.0874 79104 ============================================================
10:58:29.0001 79104 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
10:58:29.0074 79104 Drive \Device\Harddisk3\DR4 - Size: 0xE8DED00000 (931.48 Gb), SectorSize: 0x200, Cylinders: 0x1DAFD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
10:58:29.0087 79104 ============================================================
10:58:29.0087 79104 \Device\Harddisk0\DR0:
10:58:29.0116 79104 MBR partitions:
10:58:29.0116 79104 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x16F6000, BlocksNum 0x1BACF170
10:58:29.0116 79104 \Device\Harddisk3\DR4:
10:58:29.0117 79104 MBR partitions:
10:58:29.0117 79104 \Device\Harddisk3\DR4\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x746F6000
10:58:29.0117 79104 ============================================================
10:58:29.0469 79104 C: <-> \Device\Harddisk0\DR0\Partition1
10:58:29.0597 79104 H: <-> \Device\Harddisk3\DR4\Partition1
10:58:29.0598 79104 ============================================================
10:58:29.0598 79104 Initialize success
10:58:29.0598 79104 ============================================================
10:58:31.0431 94636 ============================================================
10:58:31.0431 94636 Scan started
10:58:31.0431 94636 Mode: Manual;
10:58:31.0432 94636 ============================================================
10:58:33.0207 94636 ================ Scan system memory ========================
10:58:33.0207 94636 System memory - ok
10:58:33.0207 94636 ================ Scan services =============================
10:58:35.0270 94636 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
10:58:35.0281 94636 ACPI - ok
10:58:35.0393 94636 [ E8FE4FCE23D2809BD88BCC1D0F8408CE ] AdobeActiveFileMonitor6.0 C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
10:58:35.0396 94636 AdobeActiveFileMonitor6.0 - ok
10:58:35.0489 94636 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
10:58:35.0492 94636 AdobeARMservice - ok
10:58:35.0575 94636 [ 476BB014F3F68C0C15EDDD5B444DA8FF ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
10:58:35.0581 94636 AdobeFlashPlayerUpdateSvc - ok
10:58:35.0658 94636 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
10:58:35.0680 94636 adp94xx - ok
10:58:35.0725 94636 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
10:58:35.0732 94636 adpahci - ok
10:58:35.0762 94636 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
10:58:35.0765 94636 adpu160m - ok
10:58:35.0787 94636 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
10:58:35.0791 94636 adpu320 - ok
10:58:35.0839 94636 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
10:58:35.0841 94636 AeLookupSvc - ok
10:58:35.0894 94636 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
10:58:35.0900 94636 AFD - ok
10:58:35.0955 94636 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
10:58:35.0957 94636 agp440 - ok
10:58:36.0008 94636 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
10:58:36.0009 94636 aic78xx - ok
10:58:36.0033 94636 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
10:58:36.0035 94636 ALG - ok
10:58:36.0057 94636 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
10:58:36.0059 94636 aliide - ok
10:58:36.0075 94636 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
10:58:36.0077 94636 amdagp - ok
10:58:36.0093 94636 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
10:58:36.0095 94636 amdide - ok
10:58:36.0112 94636 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
10:58:36.0114 94636 AmdK7 - ok
10:58:36.0131 94636 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
10:58:36.0133 94636 AmdK8 - ok
10:58:36.0185 94636 [ 9325E49D555D8F12CE1735227DBB3D80 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
10:58:36.0189 94636 ApfiltrService - ok
10:58:36.0244 94636 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
10:58:36.0246 94636 Appinfo - ok
10:58:36.0322 94636 [ 20F6F19FE9E753F2780DC2FA083AD597 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:58:36.0325 94636 Apple Mobile Device - ok
10:58:36.0373 94636 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
10:58:36.0376 94636 arc - ok
10:58:36.0411 94636 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
10:58:36.0413 94636 arcsas - ok
10:58:36.0454 94636 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
10:58:36.0456 94636 AsyncMac - ok
10:58:36.0495 94636 [ 2D9C903DC76A66813D350A562DE40ED9 ] atapi C:\Windows\system32\drivers\atapi.sys
10:58:36.0497 94636 atapi - ok
10:58:36.0540 94636 [ 23344711BF51590B9322CC3AD9681671 ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
10:58:36.0564 94636 Ati External Event Utility - ok
10:58:36.0701 94636 [ 71C98AFEF4BF7A5BB54CBAADDB5D7972 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
10:58:36.0856 94636 atikmdag - ok
10:58:36.0915 94636 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:58:36.0922 94636 AudioEndpointBuilder - ok
10:58:36.0931 94636 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
10:58:36.0934 94636 Audiosrv - ok
10:58:37.0185 94636 [ 3A457C2F798CAD79CD30224E723E01FB ] AVG Security Toolbar Service C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
10:58:37.0763 94636 AVG Security Toolbar Service - ok
10:58:37.0991 94636 [ 0FE7773CD592DAE0CA994BA987F44E85 ] Avgfwfd C:\Windows\system32\DRIVERS\avgfwd6x.sys
10:58:38.0105 94636 Avgfwfd - ok
10:58:39.0647 94636 [ 6D3A517FE33AD047578BF73BB447EEAD ] avgfws C:\Program Files\AVG\AVG2013\avgfws.exe
10:58:40.0834 94636 avgfws - ok
10:58:43.0338 94636 [ 50185186719134FA8F307D269106A51C ] AVGIDSAgent C:\Program Files\AVG\AVG2013\avgidsagent.exe
10:58:43.0468 94636 AVGIDSAgent - ok
10:58:43.0589 94636 [ 4750A2A188D39034F5DDDDAE1BF38BF8 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdriverx.sys
10:58:43.0612 94636 AVGIDSDriver - ok
10:58:43.0699 94636 [ B0DEF92F4E1E6B9242E6C8FAB82703F7 ] AVGIDSHX C:\Windows\system32\DRIVERS\avgidshx.sys
10:58:43.0705 94636 AVGIDSHX - ok
10:58:43.0743 94636 [ A426B2DC795531D99E2EE1952AEC051A ] AVGIDSShim C:\Windows\system32\DRIVERS\avgidsshimx.sys
10:58:43.0744 94636 AVGIDSShim - ok
10:58:43.0819 94636 [ 08FA13787D77A75DC413E27FD92B44E8 ] Avgldx86 C:\Windows\system32\DRIVERS\avgldx86.sys
10:58:43.0824 94636 Avgldx86 - ok
10:58:43.0872 94636 [ 3E587EE55C70E6DB78A98D7121D3052E ] Avglogx C:\Windows\system32\DRIVERS\avglogx.sys
10:58:43.0878 94636 Avglogx - ok
10:58:43.0957 94636 [ 5AC56B2CF8EE751796C5A8FC5C631B66 ] Avgmfx86 C:\Windows\system32\DRIVERS\avgmfx86.sys
10:58:43.0960 94636 Avgmfx86 - ok
10:58:44.0015 94636 [ C29E6070396E437FDE184D739CCBA2C7 ] Avgrkx86 C:\Windows\system32\DRIVERS\avgrkx86.sys
10:58:44.0017 94636 Avgrkx86 - ok
10:58:44.0052 94636 [ 14370FB29526F593C04FA48B5D69F7F0 ] Avgtdix C:\Windows\system32\DRIVERS\avgtdix.sys
10:58:44.0057 94636 Avgtdix - ok
10:58:44.0111 94636 [ C6C470CD49FE9DBA0F082540D7AF7642 ] avgtp C:\Windows\system32\drivers\avgtpx86.sys
10:58:44.0118 94636 avgtp - ok
10:58:44.0164 94636 [ 3A0977CB68AF13E2579E47EB8984056B ] avgwd C:\Program Files\AVG\AVG2013\avgwdsvc.exe
10:58:44.0170 94636 avgwd - ok
10:58:44.0234 94636 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
10:58:44.0235 94636 Beep - ok
10:58:44.0300 94636 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
10:58:44.0307 94636 BFE - ok
10:58:44.0348 94636 [ ACC9C8C560C567FAD6F79C977AB2EA09 ] bgsvcgen C:\Windows\System32\bgsvcgen.exe
10:58:44.0352 94636 bgsvcgen - ok
10:58:44.0439 94636 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
10:58:44.0462 94636 BITS - ok
10:58:44.0485 94636 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
10:58:44.0488 94636 blbdrive - ok
10:58:44.0583 94636 [ F2060A34C8A75BC24A9222EB4F8C07BD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
10:58:44.0590 94636 Bonjour Service - ok
10:58:44.0624 94636 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
10:58:44.0627 94636 bowser - ok
10:58:44.0670 94636 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
10:58:44.0672 94636 BrFiltLo - ok
10:58:44.0690 94636 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
10:58:44.0693 94636 BrFiltUp - ok
10:58:44.0722 94636 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
10:58:44.0724 94636 Browser - ok
10:58:44.0765 94636 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
10:58:44.0767 94636 Brserid - ok
10:58:44.0787 94636 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
10:58:44.0789 94636 BrSerWdm - ok
10:58:44.0806 94636 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
10:58:44.0808 94636 BrUsbMdm - ok
10:58:44.0821 94636 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
10:58:44.0823 94636 BrUsbSer - ok
10:58:44.0885 94636 [ 6D39C954799B63BA866910234CF7D726 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
10:58:44.0888 94636 BthEnum - ok
10:58:44.0926 94636 [ 9A966A8E86D1771911AE34A20D11BFF3 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
10:58:44.0928 94636 BTHMODEM - ok
10:58:44.0955 94636 [ 5904EFA25F829BF84EA6FB045134A1D8 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
10:58:44.0969 94636 BthPan - ok
10:58:45.0048 94636 [ 611FF3F2F095C8D4A6D4CFD9DCC09793 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
10:58:45.0071 94636 BTHPORT - ok
10:58:45.0144 94636 [ A4C8377FA4A994E07075107DBE2E3DCE ] BthServ C:\Windows\System32\bthserv.dll
10:58:45.0160 94636 BthServ - ok
10:58:45.0208 94636 [ D330803EAB2A15CAEC7F011F1D4CB30E ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
10:58:45.0210 94636 BTHUSB - ok
10:58:45.0254 94636 [ ED97CD06EF748004B8AAC56C2D0AA5DB ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
10:58:45.0257 94636 btwaudio - ok
10:58:45.0276 94636 [ 4871B5ED4757197135FF65BE61DA44B3 ] btwavdt C:\Windows\system32\drivers\btwavdt.sys
10:58:45.0279 94636 btwavdt - ok
10:58:45.0361 94636 [ 346B62198C40D6CF12A3FA8804247ADF ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
10:58:45.0384 94636 btwdins - ok
10:58:45.0400 94636 [ 6AF9FD2AEEBDC16A98D3E30E68440C5C ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
10:58:45.0402 94636 btwl2cap - ok
10:58:45.0420 94636 [ F5DA7DF99CF11FCB68E2BEA12002F63A ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
10:58:45.0421 94636 btwrchid - ok
10:58:45.0490 94636 [ 5753532C476B83119D85AA43B1B10AB3 ] CCALib8 C:\Program Files\Canon\CAL\CALMAIN.exe
10:58:45.0497 94636 CCALib8 - ok
10:58:45.0541 94636 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
10:58:45.0544 94636 cdfs - ok
10:58:45.0569 94636 [ E0042BD5BEF17A6A3EF1DF576BDE24D1 ] cdrbsdrv C:\Windows\system32\drivers\cdrbsdrv.sys
10:58:45.0571 94636 cdrbsdrv - ok
10:58:45.0620 94636 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
10:58:45.0623 94636 cdrom - ok
10:58:45.0680 94636 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
10:58:45.0682 94636 CertPropSvc - ok
10:58:45.0704 94636 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
10:58:45.0706 94636 circlass - ok
10:58:45.0729 94636 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
10:58:45.0736 94636 CLFS - ok
10:58:45.0868 94636 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:58:45.0871 94636 clr_optimization_v2.0.50727_32 - ok
10:58:45.0932 94636 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:58:45.0936 94636 clr_optimization_v4.0.30319_32 - ok
10:58:46.0009 94636 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
10:58:46.0010 94636 CmBatt - ok
10:58:46.0025 94636 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
10:58:46.0027 94636 cmdide - ok
10:58:46.0054 94636 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
10:58:46.0055 94636 Compbatt - ok
10:58:46.0062 94636 COMSysApp - ok
10:58:46.0078 94636 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
10:58:46.0080 94636 crcdisk - ok
10:58:46.0099 94636 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
10:58:46.0101 94636 Crusoe - ok
10:58:46.0170 94636 [ 3EDE4C1F9672C972479201544969ADCB ] CryptSvc C:\Windows\system32\cryptsvc.dll
10:58:46.0174 94636 CryptSvc - ok
10:58:46.0236 94636 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
10:58:46.0259 94636 DcomLaunch - ok
10:58:46.0294 94636 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
10:58:46.0296 94636 DfsC - ok
10:58:46.0406 94636 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
10:58:46.0462 94636 DFSR - ok
10:58:46.0530 94636 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
10:58:46.0535 94636 Dhcp - ok
10:58:46.0564 94636 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
10:58:46.0576 94636 disk - ok
10:58:46.0628 94636 [ F206E28ED74C491FD5D7C0A1119CE37F ] DMICall C:\Windows\system32\DRIVERS\DMICall.sys
10:58:46.0630 94636 DMICall - ok
10:58:46.0685 94636 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
10:58:46.0701 94636 Dnscache - ok
10:58:46.0740 94636 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
10:58:46.0745 94636 dot3svc - ok
10:58:46.0770 94636 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
10:58:46.0775 94636 DPS - ok
10:58:46.0830 94636 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
10:58:46.0832 94636 drmkaud - ok
10:58:46.0877 94636 [ 5DE0FAEC9E5D1AAE74F8568897891A01 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
10:58:46.0900 94636 DXGKrnl - ok
10:58:46.0930 94636 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
10:58:46.0933 94636 E1G60 - ok
10:58:46.0990 94636 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
10:58:47.0003 94636 EapHost - ok
10:58:47.0064 94636 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
10:58:47.0069 94636 Ecache - ok
10:58:47.0115 94636 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
10:58:47.0121 94636 ehRecvr - ok
10:58:47.0137 94636 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
10:58:47.0140 94636 ehSched - ok
10:58:47.0154 94636 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
10:58:47.0155 94636 ehstart - ok
10:58:47.0204 94636 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
10:58:47.0212 94636 elxstor - ok
10:58:47.0274 94636 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
10:58:47.0296 94636 EMDMgmt - ok
10:58:47.0336 94636 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
10:58:47.0337 94636 ErrDev - ok
10:58:47.0393 94636 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
10:58:47.0399 94636 EventSystem - ok
10:58:47.0567 94636 [ 791464A9E9ADE063327A29F1B3F1A86C ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
10:58:47.0601 94636 EvtEng - ok
10:58:47.0670 94636 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
10:58:47.0674 94636 exfat - ok
10:58:47.0713 94636 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
10:58:47.0717 94636 fastfat - ok
10:58:47.0750 94636 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
10:58:47.0752 94636 fdc - ok
10:58:47.0768 94636 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
10:58:47.0770 94636 fdPHost - ok
10:58:47.0784 94636 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
10:58:47.0786 94636 FDResPub - ok
10:58:47.0832 94636 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
10:58:47.0834 94636 FileInfo - ok
10:58:47.0850 94636 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
10:58:47.0852 94636 Filetrace - ok
10:58:47.0924 94636 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
10:58:47.0947 94636 FLEXnet Licensing Service - ok
10:58:47.0960 94636 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
10:58:47.0962 94636 flpydisk - ok
10:58:47.0995 94636 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
10:58:48.0000 94636 FltMgr - ok
10:58:48.0135 94636 [ 119ACA7CADCA75BEA6B38E999443BAA6 ] FontCache C:\Windows\system32\FntCache.dll
10:58:48.0180 94636 FontCache - ok
10:58:48.0226 94636 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
10:58:48.0228 94636 FontCache3.0.0.0 - ok
10:58:48.0256 94636 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
10:58:48.0258 94636 Fs_Rec - ok
10:58:48.0291 94636 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
10:58:48.0294 94636 gagp30kx - ok
10:58:48.0330 94636 [ AB8A6A87D9D7255C3884D5B9541A6E80 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:58:48.0332 94636 GEARAspiWDM - ok
10:58:48.0355 94636 getPlus® Helper - ok
10:58:48.0411 94636 [ 9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F ] GoogleDesktopManager-051210-111108 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
10:58:48.0419 94636 GoogleDesktopManager-051210-111108 - ok
10:58:48.0488 94636 [ 0795F9EA2A6A6C1BC4AC7D8C2B507C88 ] GoToAssist C:\Program Files\Citrix\GoToAssist\482\g2aservice.exe
10:58:48.0505 94636 GoToAssist - ok
10:58:48.0589 94636 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
10:58:48.0947 94636 gpsvc - ok
10:58:49.0296 94636 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1c998c61618a726 C:\Program Files\Google\Update\GoogleUpdate.exe
10:58:49.0300 94636 gupdate1c998c61618a726 - ok
10:58:49.0307 94636 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
10:58:49.0309 94636 gupdatem - ok
10:58:49.0350 94636 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
10:58:49.0355 94636 gusvc - ok
10:58:49.0413 94636 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:58:49.0419 94636 HdAudAddService - ok
10:58:49.0459 94636 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
10:58:49.0481 94636 HDAudBus - ok
10:58:49.0501 94636 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
10:58:49.0503 94636 HidBth - ok
10:58:49.0523 94636 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
10:58:49.0525 94636 HidIr - ok
10:58:49.0550 94636 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
10:58:49.0553 94636 hidserv - ok
10:58:49.0580 94636 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
10:58:49.0581 94636 HidUsb - ok
10:58:49.0613 94636 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
10:58:49.0617 94636 hkmsvc - ok
10:58:49.0637 94636 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
10:58:49.0639 94636 HpCISSs - ok
10:58:49.0671 94636 [ 46D67209550973257601A533E2AC5785 ] HSFHWAZL C:\Windows\system32\DRIVERS\VSTAZL3.SYS
10:58:49.0684 94636 HSFHWAZL - ok
10:58:49.0775 94636 [ 7BC42C65B5C6281777C1A7605B253BA8 ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys
10:58:49.0809 94636 HSF_DPV - ok
10:58:49.0850 94636 [ 9EBF2D102CCBB6BCDFBF1B7922F8BA2E ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys
10:58:49.0855 94636 HSXHWAZL - ok
10:58:49.0896 94636 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
10:58:49.0905 94636 HTTP - ok
10:58:49.0936 94636 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
10:58:49.0949 94636 i2omp - ok
10:58:50.0002 94636 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
10:58:50.0004 94636 i8042prt - ok
10:58:50.0037 94636 [ DB0CC620B27A928D968C1A1E9CD9CB87 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
10:58:50.0040 94636 iaStor - ok
10:58:50.0067 94636 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
10:58:50.0089 94636 iaStorV - ok
10:58:50.0175 94636 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
10:58:50.0179 94636 IDriverT - ok
10:58:50.0277 94636 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:58:50.0321 94636 idsvc - ok
10:58:50.0349 94636 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
10:58:50.0351 94636 iirsp - ok
10:58:50.0482 94636 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
10:58:50.0541 94636 IKEEXT - ok
10:58:51.0914 94636 [ 4A0F260DF9A5333C07F4AB40CA9D4F4B ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
10:58:53.0696 94636 IntcAzAudAddService - ok
10:58:53.0822 94636 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
10:58:53.0886 94636 intelide - ok
10:58:54.0057 94636 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
10:58:54.0121 94636 intelppm - ok
10:58:54.0261 94636 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
10:58:54.0363 94636 IPBusEnum - ok
10:58:54.0422 94636 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:58:54.0500 94636 IpFilterDriver - ok
10:58:54.0719 94636 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
10:58:54.0895 94636 iphlpsvc - ok
10:58:54.0903 94636 IpInIp - ok
10:58:55.0027 94636 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
10:58:55.0068 94636 IPMIDRV - ok
10:58:55.0088 94636 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
10:58:55.0092 94636 IPNAT - ok
10:58:55.0112 94636 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
10:58:55.0114 94636 IRENUM - ok
10:58:55.0134 94636 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
10:58:55.0137 94636 isapnp - ok
10:58:55.0191 94636 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
10:58:55.0196 94636 iScsiPrt - ok
10:58:55.0210 94636 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
10:58:55.0212 94636 iteatapi - ok
10:58:55.0257 94636 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
10:58:55.0259 94636 iteraid - ok
10:58:55.0287 94636 [ 213822072085B5BBAD9AF30AB577D817 ] IviRegMgr C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
10:58:55.0290 94636 IviRegMgr - ok
10:58:55.0315 94636 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
10:58:55.0317 94636 kbdclass - ok
10:58:55.0346 94636 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
10:58:55.0348 94636 kbdhid - ok
10:58:55.0376 94636 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
10:58:55.0378 94636 KeyIso - ok
10:58:55.0470 94636 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
10:58:55.0503 94636 KSecDD - ok
10:58:55.0564 94636 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
10:58:55.0573 94636 KtmRm - ok
10:58:55.0606 94636 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
10:58:55.0612 94636 LanmanServer - ok
10:58:55.0679 94636 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:58:55.0685 94636 LanmanWorkstation - ok
10:58:55.0717 94636 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
10:58:55.0720 94636 lltdio - ok
10:58:55.0755 94636 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
10:58:55.0761 94636 lltdsvc - ok
10:58:55.0789 94636 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
10:58:55.0791 94636 lmhosts - ok
10:58:55.0816 94636 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
10:58:55.0819 94636 LSI_FC - ok
10:58:55.0834 94636 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
10:58:55.0837 94636 LSI_SAS - ok
10:58:55.0859 94636 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
10:58:55.0862 94636 LSI_SCSI - ok
10:58:55.0882 94636 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
10:58:55.0886 94636 luafv - ok
10:58:55.0962 94636 [ DDF15A42E27E8EFE27B18FD403151A86 ] MatSvc C:\Program Files\Microsoft Fix it Center\Matsvc.exe
10:58:55.0968 94636 MatSvc - ok
10:58:55.0991 94636 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
10:58:55.0994 94636 Mcx2Svc - ok
10:58:56.0029 94636 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
10:58:56.0030 94636 mdmxsdk - ok
10:58:56.0077 94636 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
10:58:56.0079 94636 megasas - ok
10:58:56.0129 94636 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
10:58:56.0137 94636 MegaSR - ok
10:58:56.0227 94636 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
10:58:56.0229 94636 Microsoft Office Groove Audit Service - ok
10:58:56.0258 94636 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
10:58:56.0262 94636 MMCSS - ok
10:58:56.0276 94636 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
10:58:56.0278 94636 Modem - ok
10:58:56.0327 94636 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
10:58:56.0329 94636 monitor - ok
10:58:56.0351 94636 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
10:58:56.0354 94636 mouclass - ok
10:58:56.0367 94636 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
10:58:56.0370 94636 mouhid - ok
10:58:56.0394 94636 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
10:58:56.0397 94636 MountMgr - ok
10:58:56.0467 94636 [ 528A5C2570F468155A1B3CF0A2FF5EBD ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
10:58:56.0471 94636 MozillaMaintenance - ok
10:58:56.0516 94636 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
10:58:56.0520 94636 mpio - ok
10:58:56.0545 94636 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
10:58:56.0547 94636 mpsdrv - ok
10:58:56.0587 94636 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
10:58:56.0610 94636 MpsSvc - ok
10:58:56.0631 94636 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
10:58:56.0633 94636 Mraid35x - ok
10:58:56.0663 94636 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
10:58:56.0674 94636 MRxDAV - ok
10:58:56.0698 94636 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
10:58:56.0701 94636 mrxsmb - ok
10:58:56.0732 94636 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:58:56.0738 94636 mrxsmb10 - ok
10:58:56.0758 94636 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:58:56.0761 94636 mrxsmb20 - ok
10:58:56.0792 94636 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys
10:58:56.0794 94636 msahci - ok
10:58:56.0863 94636 MSCSPTISRV - ok
10:58:56.0880 94636 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
10:58:56.0884 94636 msdsm - ok
10:58:56.0903 94636 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
10:58:56.0910 94636 MSDTC - ok
10:58:56.0925 94636 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
10:58:56.0927 94636 Msfs - ok
10:58:56.0951 94636 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
10:58:56.0953 94636 msisadrv - ok
10:58:57.0011 94636 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
10:58:57.0015 94636 MSiSCSI - ok
10:58:57.0021 94636 msiserver - ok
10:58:57.0058 94636 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
10:58:57.0069 94636 MSKSSRV - ok
10:58:57.0082 94636 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
10:58:57.0084 94636 MSPCLOCK - ok
10:58:57.0101 94636 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
10:58:57.0102 94636 MSPQM - ok
10:58:57.0141 94636 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
10:58:57.0146 94636 MsRPC - ok
10:58:57.0173 94636 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
10:58:57.0175 94636 mssmbios - ok
10:58:57.0228 94636 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
10:58:57.0230 94636 MSTEE - ok
10:58:57.0249 94636 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
10:58:57.0251 94636 Mup - ok
10:58:57.0296 94636 MySQL - ok
10:58:57.0333 94636 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
10:58:57.0342 94636 napagent - ok
10:58:57.0422 94636 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
10:58:57.0432 94636 NativeWifiP - ok
10:58:57.0485 94636 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
10:58:57.0508 94636 NDIS - ok
10:58:57.0532 94636 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
10:58:57.0534 94636 NdisTapi - ok
10:58:57.0549 94636 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
10:58:57.0550 94636 Ndisuio - ok
10:58:57.0598 94636 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
10:58:57.0602 94636 NdisWan - ok
10:58:57.0615 94636 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
10:58:57.0618 94636 NDProxy - ok
10:58:57.0638 94636 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
10:58:57.0641 94636 NetBIOS - ok
10:58:57.0673 94636 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
10:58:57.0678 94636 netbt - ok
10:58:57.0684 94636 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
10:58:57.0686 94636 Netlogon - ok
10:58:57.0743 94636 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
10:58:57.0777 94636 Netman - ok
10:58:57.0802 94636 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
10:58:57.0811 94636 netprofm - ok
10:58:57.0843 94636 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:58:57.0847 94636 NetTcpPortSharing - ok
10:58:58.0037 94636 [ F0C42E0CDCE558D658FA53A222B4CCB1 ] NETw5v32 C:\Windows\system32\DRIVERS\NETw5v32.sys
10:58:58.0147 94636 NETw5v32 - ok
10:58:58.0186 94636 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
10:58:58.0188 94636 nfrd960 - ok
10:58:58.0214 94636 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
10:58:58.0220 94636 NlaSvc - ok
10:58:58.0241 94636 [ B0A67DE1A128389AEA4D42C5A56215FD ] nmwcd C:\Windows\system32\drivers\ccdcmb.sys
10:58:58.0243 94636 nmwcd - ok
10:58:58.0299 94636 [ 025C54F9F8C8BC1894EA38529C742C54 ] nmwcdc C:\Windows\system32\drivers\ccdcmbo.sys
10:58:58.0300 94636 nmwcdc - ok
10:58:58.0329 94636 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
10:58:58.0331 94636 Npfs - ok
10:58:58.0341 94636 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
10:58:58.0345 94636 nsi - ok
10:58:58.0361 94636 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
10:58:58.0363 94636 nsiproxy - ok
10:58:58.0417 94636 [ 080FC237D26F860E8996550566C8EBBF ] NSUService C:\Program Files\Sony\Network Utility\NSUService.exe
10:58:58.0423 94636 NSUService - ok
10:58:58.0497 94636 [ 2C1121F2B87E9A6B12485DF53CD848C7 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
10:58:58.0564 94636 Ntfs - ok
10:58:58.0611 94636 [ 7F1C1F78D709C4A54CBB46EDE7E0B48D ] NTIDrvr C:\Windows\system32\DRIVERS\NTIDrvr.sys
10:58:58.0613 94636 NTIDrvr - ok
10:58:58.0640 94636 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
10:58:58.0642 94636 ntrigdigi - ok
10:58:58.0648 94636 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
10:58:58.0650 94636 Null - ok
10:58:58.0666 94636 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
10:58:58.0669 94636 nvraid - ok
10:58:58.0685 94636 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
10:58:58.0687 94636 nvstor - ok
10:58:58.0705 94636 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
10:58:58.0709 94636 nv_agp - ok
10:58:58.0714 94636 NwlnkFlt - ok
10:58:58.0722 94636 NwlnkFwd - ok
10:58:58.0818 94636 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
10:58:58.0828 94636 odserv - ok
10:58:58.0886 94636 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
10:58:58.0889 94636 ohci1394 - ok
10:58:58.0948 94636 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:58:58.0952 94636 ose - ok
10:58:59.0018 94636 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
10:58:59.0040 94636 p2pimsvc - ok
10:58:59.0062 94636 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
10:58:59.0069 94636 p2psvc - ok
10:58:59.0121 94636 [ 5D43D0BA9E0C2F8782077F660DFE916F ] PACSPTISVR C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
10:58:59.0124 94636 PACSPTISVR - ok
10:58:59.0158 94636 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
10:58:59.0161 94636 Parport - ok
10:58:59.0203 94636 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
10:58:59.0206 94636 partmgr - ok
10:58:59.0223 94636 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
10:58:59.0225 94636 Parvdm - ok
10:58:59.0246 94636 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
10:58:59.0250 94636 PcaSvc - ok
10:58:59.0279 94636 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
10:58:59.0281 94636 pci - ok
10:58:59.0295 94636 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys
10:58:59.0297 94636 pciide - ok
10:58:59.0323 94636 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
10:58:59.0328 94636 pcmcia - ok
10:58:59.0434 94636 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
10:58:59.0756 94636 PEAUTH - ok
10:59:00.0602 94636 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
10:59:00.0943 94636 pla - ok
10:59:00.0977 94636 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
10:59:00.0998 94636 PlugPlay - ok
10:59:01.0029 94636 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
10:59:01.0036 94636 PNRPAutoReg - ok
10:59:01.0074 94636 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
10:59:01.0081 94636 PNRPsvc - ok
10:59:01.0103 94636 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
10:59:01.0113 94636 PolicyAgent - ok
10:59:01.0147 94636 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
10:59:01.0149 94636 PptpMiniport - ok
10:59:01.0176 94636 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
10:59:01.0178 94636 Processor - ok
10:59:01.0210 94636 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
10:59:01.0216 94636 ProfSvc - ok
10:59:01.0243 94636 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
10:59:01.0245 94636 ProtectedStorage - ok
10:59:01.0303 94636 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
10:59:01.0306 94636 PSched - ok
10:59:01.0328 94636 [ E42E3433DBB4CFFE8FDD91EAB29AEA8E ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
10:59:01.0330 94636 PxHelp20 - ok
10:59:01.0413 94636 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
10:59:01.0457 94636 ql2300 - ok
10:59:01.0489 94636 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
10:59:01.0519 94636 ql40xx - ok
10:59:01.0597 94636 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
10:59:01.0612 94636 QWAVE - ok
10:59:01.0650 94636 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
10:59:01.0652 94636 QWAVEdrv - ok
10:59:01.0662 94636 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
10:59:01.0664 94636 RasAcd - ok
10:59:01.0679 94636 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
10:59:01.0683 94636 RasAuto - ok
10:59:01.0697 94636 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
10:59:01.0700 94636 Rasl2tp - ok
10:59:01.0733 94636 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
10:59:01.0758 94636 RasMan - ok
10:59:01.0837 94636 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
10:59:01.0859 94636 RasPppoe - ok
10:59:01.0895 94636 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
10:59:01.0898 94636 RasSstp - ok
10:59:01.0926 94636 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
10:59:01.0931 94636 rdbss - ok
10:59:01.0946 94636 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
10:59:01.0947 94636 RDPCDD - ok
10:59:01.0976 94636 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
10:59:01.0981 94636 rdpdr - ok
10:59:01.0987 94636 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
10:59:01.0989 94636 RDPENCDD - ok
10:59:02.0083 94636 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
10:59:02.0138 94636 RDPWD - ok
10:59:02.0186 94636 [ 001B4278407F4303EFC902A2B16F2453 ] regi C:\Windows\system32\drivers\regi.sys
10:59:02.0211 94636 regi - ok
10:59:02.0338 94636 [ 636AAFAD77BEABE192D01E7E74F4A45B ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
10:59:02.0353 94636 RegSrvc - ok
10:59:02.0403 94636 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
10:59:02.0407 94636 RemoteAccess - ok
10:59:02.0435 94636 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
10:59:02.0440 94636 RemoteRegistry - ok
10:59:02.0516 94636 [ 6482707F9F4DA0ECBAB43B2E0398A101 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
10:59:02.0520 94636 RFCOMM - ok
10:59:02.0607 94636 [ 3C57AEA854EB5B33C664A377ACE37449 ] RHDISK C:\Program Files\Rohos\RHDISK.SYS
10:59:02.0621 94636 RHDISK - ok
10:59:02.0691 94636 [ D0C2A0CE1091E08EFB7CCBA6CEA4C3F9 ] rimsptsk C:\Windows\system32\DRIVERS\rimsptsk.sys
10:59:02.0712 94636 rimsptsk - ok
10:59:02.0811 94636 [ C22E4E27CCDF9AA5FE8143104F28CDE3 ] risdptsk C:\Windows\system32\DRIVERS\risdptsk.sys
10:59:02.0865 94636 risdptsk - ok
10:59:03.0267 94636 [ 87955D842741C3B31C6CC0B16DEEC797 ] Rohos Disk C:\Program Files\Rohos\agent.exe
10:59:03.0816 94636 Rohos Disk - ok
10:59:03.0942 94636 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
10:59:03.0994 94636 RpcLocator - ok
10:59:04.0273 94636 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
10:59:04.0281 94636 RpcSs - ok
10:59:04.0407 94636 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
10:59:04.0465 94636 rspndr - ok
10:59:04.0798 94636 [ 39C5C2FBF652C9F8C194873D5C8A1F58 ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIV.sys
10:59:04.0803 94636 RTHDMIAzAudService - ok
10:59:04.0850 94636 [ 65330E78C17DB8A99A7FF1BA3C8824B6 ] RtkAudioService C:\Windows\RtkAudioService.exe
10:59:04.0853 94636 RtkAudioService - ok
10:59:04.0865 94636 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
10:59:04.0867 94636 SamSs - ok
10:59:04.0910 94636 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
10:59:04.0912 94636 sbp2port - ok
10:59:04.0954 94636 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
10:59:04.0959 94636 SCardSvr - ok
10:59:05.0000 94636 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
10:59:05.0023 94636 Schedule - ok
10:59:05.0059 94636 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
10:59:05.0060 94636 SCPolicySvc - ok
10:59:05.0099 94636 [ 126EA89BCC413EE45E3004FB0764888F ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
10:59:05.0102 94636 sdbus - ok
10:59:05.0129 94636 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
10:59:05.0134 94636 SDRSVC - ok
10:59:05.0224 94636 [ 331E7BDE228914574FC9AE6CD520DAFA ] SeaPort C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
10:59:05.0229 94636 SeaPort - ok
10:59:05.0260 94636 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
10:59:05.0262 94636 secdrv - ok
10:59:05.0271 94636 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
10:59:05.0275 94636 seclogon - ok
10:59:05.0292 94636 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
10:59:05.0296 94636 SENS - ok
10:59:05.0322 94636 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
10:59:05.0324 94636 Serenum - ok
10:59:05.0348 94636 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
10:59:05.0351 94636 Serial - ok
10:59:05.0374 94636 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
10:59:05.0376 94636 sermouse - ok
10:59:05.0413 94636 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
10:59:05.0418 94636 SessionEnv - ok
10:59:05.0470 94636 [ 8B7C1768D2CDE2E02E09A66563DDFD16 ] SFEP C:\Windows\system32\DRIVERS\SFEP.sys
10:59:05.0472 94636 SFEP - ok
10:59:05.0489 94636 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
10:59:05.0491 94636 sffdisk - ok
10:59:05.0513 94636 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
10:59:05.0515 94636 sffp_mmc - ok
10:59:05.0527 94636 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
10:59:05.0529 94636 sffp_sd - ok
10:59:05.0559 94636 [ C33BFBD6E9E41FCD9FFEF9729E9FAED6 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
10:59:05.0561 94636 sfloppy - ok
10:59:05.0641 94636 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
10:59:05.0648 94636 SharedAccess - ok
10:59:05.0681 94636 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:59:05.0689 94636 ShellHWDetection - ok
10:59:05.0729 94636 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
10:59:05.0732 94636 sisagp - ok
10:59:05.0755 94636 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
10:59:05.0758 94636 SiSRaid2 - ok
10:59:05.0796 94636 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
10:59:05.0799 94636 SiSRaid4 - ok
10:59:05.0883 94636 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
10:59:05.0887 94636 SkypeUpdate - ok
10:59:06.0008 94636 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
10:59:06.0107 94636 slsvc - ok
10:59:06.0153 94636 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
10:59:06.0157 94636 SLUINotify - ok
10:59:06.0188 94636 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
10:59:06.0191 94636 Smb - ok
10:59:06.0225 94636 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
10:59:06.0229 94636 SNMPTRAP - ok
10:59:06.0273 94636 [ DC826AFFA608F50C385BCA4C71EF1BDD ] SOHCImp C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe
10:59:06.0278 94636 SOHCImp - ok
10:59:06.0316 94636 [ 1EC739F65C51FA1C7AC4502464A3C3A8 ] SOHDms C:\Program Files\Sony\VAIO Media plus\SOHDms.exe
10:59:06.0324 94636 SOHDms - ok
10:59:06.0351 94636 [ EC8FAB4AC684445D6032AA5C6E77CA2E ] SOHDs C:\Program Files\Sony\VAIO Media plus\SOHDs.exe
10:59:06.0353 94636 SOHDs - ok
10:59:06.0381 94636 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
10:59:06.0383 94636 spldr - ok
10:59:06.0410 94636 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
10:59:06.0415 94636 Spooler - ok
10:59:06.0471 94636 [ D15DA1BA189770D93EEA2D7E18F95AF9 ] sptd C:\Windows\system32\Drivers\sptd.sys
10:59:06.0472 94636 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: D15DA1BA189770D93EEA2D7E18F95AF9
10:59:06.0475 94636 sptd ( LockedFile.Multi.Generic ) - warning
10:59:06.0475 94636 sptd - detected LockedFile.Multi.Generic (1)
10:59:06.0479 94636 SPTISRV - ok
10:59:06.0533 94636 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
10:59:06.0540 94636 srv - ok
10:59:06.0585 94636 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
10:59:06.0589 94636 srv2 - ok
10:59:06.0604 94636 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
10:59:06.0608 94636 srvnet - ok
10:59:06.0633 94636 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
10:59:06.0639 94636 SSDPSRV - ok
10:59:06.0649 94636 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
10:59:06.0655 94636 SstpSvc - ok
10:59:06.0726 94636 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
10:59:06.0749 94636 stisvc - ok
10:59:06.0774 94636 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
10:59:06.0776 94636 swenum - ok
10:59:06.0819 94636 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
10:59:06.0828 94636 swprv - ok
10:59:06.0862 94636 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
10:59:06.0864 94636 Symc8xx - ok
10:59:06.0881 94636 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
10:59:06.0883 94636 Sym_hi - ok
10:59:06.0895 94636 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
10:59:06.0897 94636 Sym_u3 - ok
10:59:06.0934 94636 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
10:59:06.0957 94636 SysMain - ok
10:59:06.0979 94636 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:59:06.0984 94636 TabletInputService - ok
10:59:07.0147 94636 [ 629021756C8FC4C579849A823C471CB3 ] TabletServicePen C:\Windows\system32\Pen_Tablet.exe
10:59:07.0303 94636 TabletServicePen - ok
10:59:07.0348 94636 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
10:59:07.0356 94636 TapiSrv - ok
10:59:07.0383 94636 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
10:59:07.0388 94636 TBS - ok
10:59:07.0512 94636 [ 548E198BAE21EFC21F8B5F0C1728AD27 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
10:59:08.0051 94636 Tcpip - ok
10:59:08.0430 94636 [ 548E198BAE21EFC21F8B5F0C1728AD27 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
10:59:08.0437 94636 Tcpip6 - ok
10:59:08.0572 94636 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
10:59:08.0633 94636 tcpipreg - ok
10:59:08.0776 94636 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
10:59:08.0778 94636 TDPIPE - ok
10:59:08.0797 94636 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
10:59:08.0799 94636 TDTCP - ok
10:59:08.0831 94636 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
10:59:08.0834 94636 tdx - ok
10:59:08.0862 94636 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
10:59:08.0864 94636 TermDD - ok
10:59:08.0884 94636 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
10:59:08.0907 94636 TermService - ok
10:59:08.0926 94636 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
10:59:08.0930 94636 Themes - ok
10:59:08.0948 94636 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
10:59:08.0950 94636 THREADORDER - ok
10:59:08.0983 94636 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
10:59:08.0988 94636 TrkWks - ok
10:59:09.0048 94636 [ 746B8CF9CEDEDDD865472544EDF626DA ] truecrypt C:\Windows\system32\drivers\truecrypt.sys
10:59:09.0054 94636 truecrypt - ok
10:59:09.0086 94636 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:59:09.0088 94636 TrustedInstaller - ok
10:59:09.0146 94636 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
10:59:09.0148 94636 tssecsrv - ok
10:59:09.0163 94636 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
10:59:09.0165 94636 tunmp - ok
10:59:09.0196 94636 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
10:59:09.0198 94636 tunnel - ok
10:59:09.0213 94636 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
10:59:09.0217 94636 uagp35 - ok
10:59:09.0243 94636 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
10:59:09.0248 94636 udfs - ok
10:59:09.0294 94636 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
10:59:09.0298 94636 UI0Detect - ok
10:59:09.0319 94636 UIUSys - ok
10:59:09.0340 94636 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
10:59:09.0343 94636 uliagpkx - ok
10:59:09.0370 94636 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
10:59:09.0376 94636 uliahci - ok
10:59:09.0409 94636 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
10:59:09.0412 94636 UlSata - ok
10:59:09.0433 94636 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
10:59:09.0436 94636 ulsata2 - ok
10:59:09.0454 94636 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
10:59:09.0456 94636 umbus - ok
10:59:09.0485 94636 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
10:59:09.0493 94636 upnphost - ok
10:59:09.0554 94636 [ 78B74AF8727A28C128E164E9B53A5413 ] upperdev C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
10:59:09.0556 94636 upperdev - ok
10:59:09.0615 94636 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
10:59:09.0618 94636 usbccgp - ok
10:59:09.0657 94636 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
10:59:09.0660 94636 usbcir - ok
10:59:09.0681 94636 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
10:59:09.0683 94636 usbehci - ok
10:59:09.0705 94636 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
10:59:09.0710 94636 usbhub - ok
10:59:09.0723 94636 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
10:59:09.0725 94636 usbohci - ok
10:59:09.0753 94636 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
10:59:09.0755 94636 usbprint - ok
10:59:09.0780 94636 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
10:59:09.0783 94636 usbscan - ok
10:59:09.0804 94636 [ D575246188F63DE0ACCF6EAC5FB59E6A ] usbser C:\Windows\system32\DRIVERS\usbser.sys
10:59:09.0806 94636 usbser - ok
10:59:09.0846 94636 [ 4F8FBC51A1C0A17310846B417A447F91 ] UsbserFilt C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
10:59:09.0848 94636 UsbserFilt - ok
10:59:09.0879 94636 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:59:09.0881 94636 USBSTOR - ok
10:59:09.0908 94636 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
10:59:09.0910 94636 usbuhci - ok
10:59:09.0934 94636 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
10:59:09.0938 94636 usbvideo - ok
10:59:09.0969 94636 [ 8D31A140B55021BBD3A608F5A7AA2E18 ] USB_RNDIS C:\Windows\system32\DRIVERS\usb8023.sys
10:59:09.0971 94636 USB_RNDIS - ok
10:59:09.0994 94636 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
10:59:09.0998 94636 UxSms - ok
10:59:10.0070 94636 [ 4E7135D6D0127067E4CFEE12259F895D ] VAIO Entertainment TV Device Arbitration Service C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
10:59:10.0073 94636 VAIO Entertainment TV Device Arbitration Service - ok
10:59:10.0141 94636 [ 693A3FDD279C345105FFF9DDE277849B ] VAIO Event Service C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
10:59:10.0145 94636 VAIO Event Service - ok
10:59:10.0244 94636 [ 43CEC9BF5A4F2917982AD01D92E0F44D ] VAIO Power Management C:\Program Files\Sony\VAIO Power Management\SPMService.exe
10:59:10.0361 94636 VAIO Power Management - ok
10:59:12.0888 94636 [ 721A1677FD204AB065238504D9268D92 ] VCFw C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
10:59:14.0000 94636 VCFw - ok
10:59:14.0209 94636 [ FD03AC6CD1571AA8B2FF56D3C600E26E ] VcmIAlzMgr C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
10:59:14.0353 94636 VcmIAlzMgr - ok
10:59:14.0397 94636 Vcsw - ok
10:59:14.0442 94636 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
10:59:14.0542 94636 vds - ok
10:59:14.0591 94636 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
10:59:14.0632 94636 vga - ok
10:59:14.0672 94636 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
10:59:14.0738 94636 VgaSave - ok
10:59:14.0865 94636 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
10:59:14.0886 94636 viaagp - ok
10:59:14.0921 94636 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
10:59:14.0940 94636 ViaC7 - ok
10:59:14.0981 94636 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
10:59:15.0000 94636 viaide - ok
10:59:15.0083 94636 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
10:59:15.0091 94636 volmgr - ok
10:59:15.0185 94636 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
10:59:15.0239 94636 volmgrx - ok
10:59:15.0313 94636 [ 786DB5771F05EF300390399F626BF30A ] volsnap C:\Windows\system32\drivers\volsnap.sys
10:59:15.0655 94636 volsnap - ok
10:59:15.0803 94636 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
10:59:15.0938 94636 vsmraid - ok
10:59:16.0576 94636 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
10:59:17.0573 94636 VSS - ok
10:59:17.0927 94636 [ 254E8F9BA44E9F55416B0E51DBFF3C5F ] vToolbarUpdater15.3.0 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe
10:59:18.0325 94636 vToolbarUpdater15.3.0 - ok
10:59:18.0418 94636 [ BDB755F9B3E01BF33993C10C007202DF ] VUAgent C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
10:59:18.0530 94636 VUAgent - ok
10:59:18.0618 94636 [ 79EB419F4A694B4514249E0D3DB16ECF ] VzCdbSvc C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
10:59:18.0626 94636 VzCdbSvc - ok
10:59:18.0668 94636 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
10:59:18.0676 94636 W32Time - ok
10:59:18.0763 94636 [ 826A053968D0FAF39AFD8AECFF580CB6 ] wacmoumonitor C:\Windows\system32\DRIVERS\wacmoumonitor.sys
10:59:18.0789 94636 wacmoumonitor - ok
10:59:18.0928 94636 [ 427A8BC96F16C40DF81C2D2F4EDD32DD ] wacommousefilter C:\Windows\system32\DRIVERS\wacommousefilter.sys
10:59:18.0931 94636 wacommousefilter - ok
10:59:19.0043 94636 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
10:59:19.0063 94636 WacomPen - ok
10:59:19.0182 94636 [ 51D580F30D1A1F2EA4965AF6ABC2BCB2 ] wacomvhid C:\Windows\system32\DRIVERS\wacomvhid.sys
10:59:19.0201 94636 wacomvhid - ok
10:59:19.0270 94636 [ 889459833432B161CB99CFDF84A1A9BB ] WacomVKHid C:\Windows\system32\DRIVERS\WacomVKHid.sys
10:59:19.0278 94636 WacomVKHid - ok
10:59:19.0336 94636 [ 799C84CE3BD9600172AA53B4EAD8357A ] WacomVTHid C:\Windows\system32\DRIVERS\WacomVTHid.sys
10:59:19.0340 94636 WacomVTHid - ok
10:59:19.0388 94636 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
10:59:19.0452 94636 Wanarp - ok
10:59:19.0494 94636 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
10:59:19.0496 94636 Wanarpv6 - ok
10:59:19.0781 94636 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
10:59:20.0199 94636 wcncsvc - ok
10:59:20.0340 94636 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:59:20.0351 94636 WcsPlugInService - ok
10:59:20.0411 94636 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
10:59:20.0419 94636 Wd - ok
10:59:20.0635 94636 [ 96C4C98FE4866C16FC64E4578A0AA975 ] WDBackup C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe
10:59:20.0758 94636 WDBackup - ok
10:59:20.0842 94636 [ D6EFAF429FD30C5DF613D220E344CCE7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam.sys
10:59:20.0844 94636 WDC_SAM - ok
10:59:20.0961 94636 [ B5B84712111414DD1B14C2346E9868BE ] WDDriveService C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
10:59:21.0052 94636 WDDriveService - ok
10:59:21.0228 94636 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
10:59:21.0335 94636 Wdf01000 - ok
10:59:21.0381 94636 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
10:59:21.0448 94636 WdiServiceHost - ok
10:59:21.0459 94636 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
10:59:21.0463 94636 WdiSystemHost - ok
10:59:22.0036 94636 [ FD2D1C60CDBDFAB63EF182539D8FFC2D ] WDRulesService C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
10:59:23.0416 94636 WDRulesService - ok
10:59:23.0599 94636 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
10:59:23.0924 94636 WebClient - ok
10:59:24.0174 94636 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
10:59:24.0354 94636 Wecsvc - ok
10:59:24.0558 94636 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
10:59:24.0643 94636 wercplsupport - ok
10:59:24.0735 94636 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
10:59:24.0935 94636 WerSvc - ok
10:59:25.0385 94636 [ 090A2B8F055343815556A01F725F6C35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
10:59:25.0581 94636 WimFltr - ok
10:59:26.0376 94636 [ 5A77AC34A0FFB70CE8B35B524FEDE9BA ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys
10:59:27.0101 94636 winachsf - ok
10:59:27.0635 94636 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
10:59:27.0946 94636 WinDefend - ok
10:59:27.0954 94636 WinHttpAutoProxySvc - ok
10:59:29.0071 94636 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
10:59:29.0316 94636 Winmgmt - ok
10:59:30.0048 94636 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
10:59:31.0078 94636 WinRM - ok
10:59:31.0233 94636 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
10:59:31.0693 94636 Wlansvc - ok
10:59:32.0472 94636 [ 6067ACEF367E79914AF628FA1E9B5330 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
10:59:32.0483 94636 wlcrasvc - ok
10:59:33.0324 94636 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:59:33.0423 94636 wlidsvc - ok
10:59:33.0481 94636 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
10:59:33.0482 94636 WmiAcpi - ok
10:59:33.0523 94636 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
10:59:33.0527 94636 wmiApSrv - ok
10:59:33.0612 94636 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
10:59:33.0635 94636 WMPNetworkSvc - ok
10:59:33.0672 94636 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
10:59:33.0679 94636 WPCSvc - ok
10:59:33.0712 94636 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
10:59:33.0717 94636 WPDBusEnum - ok
10:59:33.0746 94636 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
10:59:33.0749 94636 WpdUsb - ok
10:59:33.0875 94636 [ B800EEC15851597405784126C407188C ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
10:59:33.0900 94636 WPFFontCache_v0400 - ok
10:59:33.0915 94636 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
10:59:33.0917 94636 ws2ifsl - ok
10:59:33.0953 94636 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll
10:59:33.0957 94636 wscsvc - ok
10:59:33.0963 94636 WSearch - ok
10:59:34.0021 94636 [ F37569C373A4475007835ED77593475C ] WTouchService C:\Program Files\WTouch\WTouchService.exe
10:59:34.0024 94636 WTouchService - ok
10:59:34.0105 94636 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
10:59:34.0172 94636 wuauserv - ok
10:59:34.0238 94636 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
10:59:34.0241 94636 WudfPf - ok
10:59:34.0262 94636 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
10:59:34.0266 94636 WUDFRd - ok
10:59:34.0321 94636 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
10:59:34.0327 94636 wudfsvc - ok
10:59:34.0359 94636 [ 88AF537264F2B818DA15479CEEAF5D7C ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys
10:59:34.0361 94636 XAudio - ok
10:59:34.0387 94636 [ 15A317674A08DF26BE65164D959E9203 ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe
10:59:34.0395 94636 XAudioService - ok
10:59:34.0467 94636 [ 67E3D2AF24C3873E6A0CAC89DE78D63B ] yukonwlh C:\Windows\system32\DRIVERS\yk60x86.sys
10:59:34.0473 94636 yukonwlh - ok
10:59:34.0543 94636 ================ Scan global ===============================
10:59:34.0576 94636 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
10:59:34.0628 94636 [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
10:59:34.0672 94636 [ A508314231C49AEE86987CEA3EAECAD1 ] C:\Windows\system32\winsrv.dll
10:59:34.0709 94636 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
10:59:34.0717 94636 [Global] - ok
10:59:34.0718 94636 ================ Scan MBR ==================================
10:59:34.0748 94636 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
10:59:35.0011 94636 \Device\Harddisk0\DR0 - ok
10:59:35.0072 94636 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk3\DR4
10:59:35.0217 94636 \Device\Harddisk3\DR4 - ok
10:59:35.0217 94636 ================ Scan VBR ==================================
10:59:35.0222 94636 [ 5A45F3BC4DBF5D89A08E1534446390FA ] \Device\Harddisk0\DR0\Partition1
10:59:35.0224 94636 \Device\Harddisk0\DR0\Partition1 - ok
10:59:35.0253 94636 [ 88D4D6BF121381C1CFEA1B29A66B31E5 ] \Device\Harddisk3\DR4\Partition1
10:59:35.0361 94636 \Device\Harddisk3\DR4\Partition1 - ok
10:59:35.0362 94636 ============================================================
10:59:35.0362 94636 Scan finished
10:59:35.0362 94636 ============================================================
10:59:35.0378 91616 Detected object count: 1
10:59:35.0378 91616 Actual detected object count: 1
11:13:43.0371 91616 sptd ( LockedFile.Multi.Generic ) - skipped by user
11:13:43.0371 91616 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
11:13:47.0933 93020 Deinitialize success

The OTL.txt file is below:

OTL logfile created on: 18/07/2013 12:23:57 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\GUB\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.37 Gb Available Physical Memory | 45.89% Memory free
6.20 Gb Paging File | 4.51 Gb Available in Paging File | 72.73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.40 Gb Total Space | 68.73 Gb Free Space | 31.04% Space Free | Partition Type: NTFS

Computer Name: SHAUN-PC | User Name: Shaun | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/07/17 11:15:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\GUB\Downloads\OTL.exe
PRC - [2013/06/27 12:14:45 | 002,236,080 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2013/06/27 12:14:44 | 001,598,128 | ---- | M] (AVG Secure Search) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe
PRC - [2013/06/27 12:14:43 | 000,152,240 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\loggingserver.exe
PRC - [2013/05/14 00:54:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2013/05/10 08:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/29 00:58:42 | 004,408,368 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2013/04/18 04:34:38 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2013/04/10 11:07:36 | 001,428,472 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgfws.exe
PRC - [2013/04/04 03:15:08 | 001,117,232 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
PRC - [2013/03/28 02:48:36 | 000,763,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
PRC - [2013/02/19 04:00:58 | 000,448,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PRC - [2012/09/19 22:10:10 | 001,177,536 | R--- | M] (Western Digital ) -- C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
PRC - [2012/09/19 22:10:06 | 001,157,056 | R--- | M] (Western Digital ) -- C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe
PRC - [2012/09/19 22:03:58 | 005,236,664 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe
PRC - [2012/09/06 11:50:24 | 000,248,248 | R--- | M] (Western Digital) -- C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
PRC - [2012/06/13 17:53:50 | 001,688,008 | R--- | M] (Western Digital) -- C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe
PRC - [2011/11/23 13:45:18 | 000,809,272 | ---- | M] (Tesline-Service SRL) -- C:\Program Files\Rohos\agent.exe
PRC - [2009/09/16 13:27:12 | 000,480,624 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
PRC - [2009/07/15 17:13:06 | 003,662,632 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\WTouch\WTouchUser.exe
PRC - [2009/07/15 17:13:04 | 000,393,512 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\WTablet\Pen_TabletUser.exe
PRC - [2009/07/15 17:13:04 | 000,112,936 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\WTouch\WTouchService.exe
PRC - [2009/07/15 17:13:02 | 004,408,616 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\Pen_Tablet.exe
PRC - [2009/05/21 15:28:38 | 000,874,768 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2009/05/21 14:04:14 | 000,473,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/05 19:47:40 | 000,313,264 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2009/03/05 19:47:40 | 000,192,512 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2009/03/05 19:41:58 | 005,189,992 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
PRC - [2008/08/11 20:59:58 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2008/08/07 02:06:44 | 001,771,360 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
PRC - [2008/08/07 02:06:42 | 000,411,488 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe
PRC - [2008/07/31 00:05:22 | 000,299,008 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Network Utility\NSUService.exe
PRC - [2008/07/31 00:05:22 | 000,262,144 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Network Utility\LANUtil.exe
PRC - [2008/07/18 12:14:24 | 000,104,992 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RTKAUDIOSERVICE.EXE
PRC - [2008/07/16 02:04:08 | 000,182,112 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2008/07/16 02:04:08 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2008/02/23 01:38:50 | 000,122,880 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2008/02/23 01:38:50 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2008/02/23 01:38:49 | 000,050,472 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApMsgFwd.exe
PRC - [2007/09/11 08:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
PRC - [2007/06/15 12:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\Windows\System32\bgsvcgen.exe
PRC - [2007/01/05 03:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006/10/23 07:24:02 | 000,620,152 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
PRC - [2005/09/30 20:22:50 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe


========== Modules (No Company Name) ==========

MOD - [2013/07/13 15:59:23 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\d8f9327ccf9ae9cd853d9f9c6c8807bc\System.Web.ni.dll
MOD - [2013/07/13 15:59:14 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\59375bfcbdf9a51a963b71c10f6204d4\System.Runtime.Remoting.ni.dll
MOD - [2013/07/13 15:58:49 | 000,978,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\798504f7455735fbc9abe8d6ebe73f03\System.Configuration.ni.dll
MOD - [2013/07/13 15:58:45 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\05034abc5246a6fef208f73cb912d971\Accessibility.ni.dll
MOD - [2013/07/13 14:05:16 | 005,462,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\4a249ccdc8817127b91bc36d1aa52b5e\System.Xml.ni.dll
MOD - [2013/07/13 14:04:57 | 012,434,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f58a8a55eda29b5a43af20c4568f7f91\System.Windows.Forms.ni.dll
MOD - [2013/07/13 14:04:43 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6ac6cab47b69e44769c726610e7f29bc\System.Drawing.ni.dll
MOD - [2013/07/13 14:01:59 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\e3cc2cbffd5fb21da64e93d9b6c27c7c\System.ni.dll
MOD - [2013/07/13 14:01:39 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\6a938df70a8b7996a3890b4f34c83906\mscorlib.ni.dll
MOD - [2013/06/27 12:14:45 | 002,236,080 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2013/06/27 12:14:45 | 000,521,392 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\log4cplusU.dll
MOD - [2013/06/27 12:14:45 | 000,145,072 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.3.0\SiteSafety.dll
MOD - [2013/05/29 07:28:01 | 002,052,096 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2013/05/29 07:27:58 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2013/04/23 00:00:21 | 004,550,656 | ---- | M] () -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
MOD - [2012/12/12 06:34:13 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2012/10/08 12:01:09 | 000,110,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMDiagnostics.dll
MOD - [2012/10/08 12:01:06 | 005,967,872 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
MOD - [2012/10/08 12:01:03 | 000,970,752 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
MOD - [2012/10/08 12:01:03 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
MOD - [2012/10/05 11:59:03 | 003,194,880 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2012/10/05 11:59:03 | 000,630,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2011/12/27 03:51:23 | 005,251,072 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
MOD - [2009/11/01 11:46:25 | 001,691,648 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3421.42257__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2009/11/01 11:46:25 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3421.42331__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2009/11/01 11:46:25 | 000,290,816 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3421.42239__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2009/11/01 11:46:25 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3421.42258__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2009/11/01 11:46:25 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3421.42313__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2009/11/01 11:46:25 | 000,069,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3421.42295__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2009/11/01 11:46:25 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3421.42253__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2009/11/01 11:46:25 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3421.42282__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2009/11/01 11:46:25 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3421.42247__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2009/11/01 11:46:24 | 000,139,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3421.42332__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2009/11/01 11:46:24 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3421.42247__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2009/11/01 11:46:23 | 000,364,544 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3421.42300__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2009/11/01 11:46:23 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3421.42300__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2009/11/01 11:46:23 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3421.42299__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2009/11/01 11:46:21 | 000,811,008 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3421.42284__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2009/11/01 11:46:21 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3421.42308__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2009/11/01 11:46:21 | 000,081,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3421.42284__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2009/11/01 11:46:20 | 000,712,704 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3421.42248__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2009/11/01 11:46:20 | 000,589,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3421.42259__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2009/11/01 11:46:20 | 000,450,560 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3421.42279__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2009/11/01 11:46:20 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3421.42294__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll
MOD - [2009/11/01 11:46:20 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3421.42263__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll
MOD - [2009/11/01 11:46:20 | 000,225,280 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3421.42259__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2009/11/01 11:46:20 | 000,126,976 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3421.42293__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2009/11/01 11:46:20 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3421.42263__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2009/11/01 11:46:20 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3421.42292__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2009/11/01 11:46:20 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3421.42294__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2009/11/01 11:46:19 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3421.42283__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2009/11/01 11:46:19 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3421.42283__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2009/11/01 11:46:19 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3421.42284__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2009/11/01 11:46:19 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3294.18728__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2009/11/01 11:46:19 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3294.18709__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2009/11/01 11:46:19 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3294.18751__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2009/11/01 11:46:18 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3294.18787__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll
MOD - [2009/11/01 11:46:18 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3294.18795__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2009/11/01 11:46:18 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3294.18747__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2009/11/01 11:46:18 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3294.18794__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2009/11/01 11:46:18 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2009/11/01 11:46:17 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2009/11/01 11:46:17 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3294.18699__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2009/11/01 11:46:17 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3294.18701__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2009/11/01 11:46:17 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3294.18753__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2009/11/01 11:46:17 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3294.18745__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2009/11/01 11:46:17 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3294.18787__90ba9c70f846762e\DEM.OS.dll
MOD - [2009/11/01 11:46:17 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2009/11/01 11:46:17 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3294.18755__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2009/11/01 11:46:17 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2009/11/01 11:46:16 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3294.18708__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2009/11/01 11:46:16 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3294.18735__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2009/11/01 11:46:16 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3294.18785__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2009/11/01 11:46:16 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3294.18832__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2009/11/01 11:46:16 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3294.18737__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2009/11/01 11:46:16 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3294.18731__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2009/11/01 11:46:16 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3294.18717__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2009/11/01 11:46:16 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3294.18727__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2009/11/01 11:46:16 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3294.18758__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2009/11/01 11:46:16 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3294.18755__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2009/11/01 11:46:15 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3294.18771__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2009/11/01 11:46:14 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3294.18772__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2009/11/01 11:46:14 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3294.18767__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2009/11/01 11:46:14 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3294.18742__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2009/11/01 11:46:14 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3294.18760__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2009/11/01 11:46:14 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3294.18756__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2009/11/01 11:46:14 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3294.18769__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2009/11/01 11:46:14 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3294.18757__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2009/11/01 11:46:13 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3294.18766__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2009/11/01 11:46:13 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3294.18765__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2009/11/01 11:46:13 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3294.18771__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2009/11/01 11:46:13 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3294.18748__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2009/11/01 11:46:12 | 000,503,808 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3421.42357__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll
MOD - [2009/11/01 11:46:12 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3421.42340__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2009/11/01 11:46:12 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2009/11/01 11:46:12 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3294.18746__90ba9c70f846762e\APM.Foundation.dll
MOD - [2009/11/01 11:46:12 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3294.18728__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2009/11/01 11:46:11 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3294.18720__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll
MOD - [2009/11/01 11:46:11 | 000,014,848 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
MOD - [2009/11/01 11:46:11 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll
MOD - [2009/11/01 11:46:11 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3421.42234__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2009/11/01 11:46:10 | 000,540,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3421.42321__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2009/11/01 11:46:10 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3421.42252__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2009/11/01 11:46:10 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3421.42326__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2009/11/01 11:46:10 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3421.42325__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2009/11/01 11:46:10 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3421.42238__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2009/11/01 11:46:10 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3294.18750__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2009/11/01 11:46:10 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3294.18714__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2009/11/01 11:46:10 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3294.18725__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2009/11/01 11:46:10 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3294.18748__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2009/11/01 11:46:10 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3294.18745__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2009/11/01 11:46:09 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3421.42236__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2009/11/01 11:46:09 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3294.18744__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2009/11/01 11:46:08 | 001,142,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3421.42243__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2009/11/01 11:46:08 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3294.18740__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2009/11/01 11:46:08 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3294.18774__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2009/11/01 11:46:07 | 000,081,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3421.42237__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2009/11/01 11:46:07 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3421.42236__90ba9c70f846762e\APM.Server.dll
MOD - [2009/11/01 11:46:07 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3421.42235__90ba9c70f846762e\AEM.Server.dll
MOD - [2009/11/01 11:46:07 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2009/11/01 11:46:07 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3421.42326__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2009/05/14 23:22:46 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2009/03/30 05:42:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009/03/30 05:42:10 | 000,010,752 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
MOD - [2009/02/18 19:38:39 | 000,126,976 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.IdentityModel.Selectors\3.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
MOD - [2008/08/26 12:41:42 | 000,016,384 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2008/08/11 21:02:00 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\SPMDam\3.1.0.6020__1b3c579b6925895f\SPMDam.dll
MOD - [2008/08/11 21:01:56 | 000,086,016 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\SPMCommon\3.1.0.6020__e3c7096ba83f9295\SPMCommon.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus®
SRV - [2013/07/13 07:42:07 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/27 12:14:44 | 001,598,128 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe -- (vToolbarUpdater15.3.0)
SRV - [2013/06/26 10:03:39 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/14 00:54:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/05/10 08:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/18 04:34:38 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013/04/10 11:07:36 | 001,428,472 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgfws.exe -- (avgfws)
SRV - [2012/11/09 12:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/09/19 22:10:10 | 001,177,536 | R--- | M] (Western Digital ) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe -- (WDRulesService)
SRV - [2012/09/19 22:10:06 | 001,157,056 | R--- | M] (Western Digital ) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe -- (WDBackup)
SRV - [2012/09/06 11:50:24 | 000,248,248 | R--- | M] (Western Digital) [Auto | Running] -- C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe -- (WDDriveService)
SRV - [2012/01/13 10:53:48 | 000,939,624 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Update Common\VUAgent.exe -- (VUAgent)
SRV - [2011/11/23 13:45:18 | 000,809,272 | ---- | M] (Tesline-Service SRL) [Auto | Running] -- C:\Program Files\Rohos\agent.exe -- (Rohos Disk)
SRV - [2011/09/01 09:17:00 | 001,025,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/06/13 23:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2009/09/16 13:27:12 | 000,480,624 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2009/07/15 17:13:04 | 000,112,936 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\WTouch\WTouchService.exe -- (WTouchService)
SRV - [2009/07/15 17:13:02 | 004,408,616 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\System32\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2009/06/14 16:58:12 | 000,016,936 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\482\g2aservice.exe -- (GoToAssist)
SRV - [2009/05/21 15:28:38 | 000,874,768 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2009/05/21 14:04:14 | 000,473,360 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2009/04/02 01:15:30 | 000,114,688 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2009/03/05 19:47:40 | 000,313,264 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2009/03/05 19:47:40 | 000,192,512 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2009/03/05 19:47:40 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2009/03/05 19:41:58 | 005,189,992 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2008/08/11 20:59:58 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/08/07 02:06:42 | 000,411,488 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV - [2008/07/31 00:05:22 | 000,299,008 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\Network Utility\NSUService.exe -- (NSUService)
SRV - [2008/07/18 12:14:24 | 000,104,992 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Windows\RTKAUDIOSERVICE.EXE -- (RtkAudioService)
SRV - [2008/07/16 02:04:08 | 000,182,112 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2008/05/21 03:05:40 | 000,353,568 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHDms.exe -- (SOHDms)
SRV - [2008/05/21 03:05:40 | 000,103,712 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe -- (SOHCImp)
SRV - [2008/05/21 03:05:40 | 000,062,752 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHDs.exe -- (SOHDs)
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/11 08:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2007/06/15 12:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\Windows\System32\bgsvcgen.exe -- (bgsvcgen)
SRV - [2007/01/05 03:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2005/09/30 20:22:50 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2013/06/27 12:14:46 | 000,037,664 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2013/03/29 02:53:48 | 000,208,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013/03/21 03:08:24 | 000,182,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2013/03/01 10:32:20 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2013/02/12 02:57:27 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2013/02/08 04:37:58 | 000,096,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013/02/08 04:37:56 | 000,245,048 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013/02/08 04:37:52 | 000,060,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013/02/08 04:37:44 | 000,170,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013/02/08 04:37:40 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2012/09/04 11:39:32 | 000,050,296 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgfwd6x.sys -- (Avgfwfd)
DRV - [2012/01/08 09:36:45 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2011/08/17 10:56:32 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2011/08/17 10:56:30 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011/08/17 10:56:26 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2011/08/17 10:56:22 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009/07/24 10:43:26 | 000,033,280 | ---- | M] (Tesline-Service SRL) [Kernel | Auto | Running] -- C:\Program Files\Rohos\rhdisk.sys -- (RHDISK)
DRV - [2009/06/14 18:30:40 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2009/05/28 23:41:28 | 004,233,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2009/05/20 23:14:32 | 000,013,224 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WacomVTHid.sys -- (WacomVTHid)
DRV - [2009/05/20 20:54:06 | 000,013,736 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2009/05/15 02:58:02 | 004,304,384 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/01/30 22:29:50 | 000,015,656 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV - [2008/07/12 00:42:58 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
DRV - [2008/06/28 01:33:45 | 000,068,608 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008/06/28 01:11:39 | 000,143,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2008/06/21 01:03:04 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\risdptsk.sys -- (risdptsk)
DRV - [2008/06/07 01:02:55 | 000,131,000 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2008/05/06 17:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/03/10 12:01:26 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
DRV - [2008/02/23 01:38:50 | 000,164,400 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/01/25 03:14:25 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/04/18 04:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2007/02/16 20:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2007/02/16 01:11:28 | 000,011,440 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WacomVKHid.sys -- (WacomVKHid)
DRV - [2006/02/20 19:17:40 | 000,033,408 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdrbsdrv.sys -- (cdrbsdrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com
IE - HKLM\..\SearchScopes,DefaultScope = {6BE6BE36-0285-4779-BDB3-51009CE7EB92}
IE - HKLM\..\SearchScopes\{6BE6BE36-0285-4779-BDB3-51009CE7EB92}: "URL" = http://www.google.co...rchTerms}&meta=
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search...p={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.sonystyle-europe.comht [Binary data over 200 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.sonystyle-europe.comht [Binary data over 200 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.club-vaio.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {6BE6BE36-0285-4779-BDB3-51009CE7EB92}
IE - HKCU\..\SearchScopes\{6BE6BE36-0285-4779-BDB3-51009CE7EB92}: "URL" = http://www.google.co...z=1I7GGLL_en-GB
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:466...q={searchTerms}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...pr&d=2011-10-26 09:10:28&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0
FF - prefs.js..extensions.enabledAddons: avg%40toolbar:15.3.0.11
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.3.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/09/05 20:02:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2011/09/05 20:02:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\15.3.0.11 [2013/06/27 12:16:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/06/26 10:03:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/06/26 10:03:28 | 000,000,000 | ---D | M]

[2011/07/21 01:22:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shaun\AppData\Roaming\Mozilla\Extensions
[2012/04/28 18:48:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shaun\AppData\Roaming\Mozilla\Firefox\Profiles\zr58ms5x.default\extensions
[2013/06/26 10:03:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/06/26 10:03:40 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/06/27 12:16:49 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\FIREFOXEXT\15.3.0.11
[2009/09/02 00:40:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2013/02/19 14:23:57 | 000,003,714 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml

========== Chrome ==========


O1 HOSTS File: ([2009/02/26 00:14:42 | 000,302,495 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 10429 more lines...
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\15.3.0.11\AVG Secure Search_toolbar.dll (AVG Secure Search)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google BAE\BAE.dll (Your Company Name)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\15.3.0.11\AVG Secure Search_toolbar.dll (AVG Secure Search)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AML] C:\Program Files\Sony\VAIO Launcher\AML.exe (Sony)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [WD Drive Unlocker] C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe (Western Digital)
O4 - HKLM..\Run: [WD Quick View] C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe (Western Digital Technologies, Inc.)
O4 - HKCU..\Run: [AVG-Secure-Search-Update_JUNE2013_TB] C:\Program Files\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe (AVG Secure Search)
O4 - HKLM..\RunOnce: [*WerKernelReporting] C:\Windows\System32\WerFault.exe (Microsoft Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_09)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_09)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{60E51E2B-CC60-42D5-A583-A0B5F6AD8638}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{91F519CC-6D64-4B1B-8061-F3D9C90B5205}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\15.3.0\ViProtocol.dll (AVG Secure Search)
O20 - AppInit_DLLs: (C:\PROGRA~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\482\G2AWinLogon.dll) - File not found
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Desert Landscape.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Desert Landscape.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2a8f8a67-d767-11dd-85d6-00214f4a1208}\Shell - "" = AutoRun
O33 - MountPoints2\{2a8f8a67-d767-11dd-85d6-00214f4a1208}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Autorun\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/07/14 22:42:22 | 000,000,000 | ---D | C] -- C:\Windows\System32\MRT
[2013/07/13 09:43:44 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/07/13 09:28:20 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/07/13 09:28:17 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/07/13 09:28:17 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/07/13 09:28:17 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/07/13 09:28:16 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/07/13 09:28:15 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/07/13 09:28:15 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/07/13 09:28:14 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/07/13 07:55:20 | 002,049,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/07/13 07:55:05 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2013/07/13 07:55:05 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2013/07/13 07:55:05 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2013/07/13 07:55:05 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2013/07/13 07:55:05 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2013/07/13 07:55:04 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2013/07/13 07:55:04 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2013/07/13 07:55:04 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2013/07/13 07:55:03 | 000,505,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2013/07/13 07:55:02 | 001,548,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2013/07/08 20:59:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/06/26 10:03:26 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/06/26 09:05:59 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine

========== Files - Modified Within 30 Days ==========

[2013/07/18 12:25:32 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/18 12:25:32 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/18 12:24:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2013/07/18 12:15:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/18 12:01:02 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/18 11:38:12 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/18 11:38:12 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\ROC_JAN2013_TB_rmv.job
[2013/07/18 11:38:09 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
[2013/07/18 11:24:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/18 11:24:11 | 3218,120,704 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/18 01:21:24 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013/07/13 13:59:29 | 000,417,200 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/07/13 09:44:33 | 000,598,958 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/07/13 09:44:33 | 000,104,972 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/07/13 07:42:07 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/07/13 07:42:07 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/06/27 12:16:51 | 000,003,716 | ---- | M] () -- C:\Program Files\Mozilla Firefoxavg-secure-search.xml
[2013/06/27 12:14:46 | 000,037,664 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys

========== Files Created - No Company Name ==========

[2013/06/28 06:39:26 | 3218,120,704 | -HS- | C] () -- C:\hiberfil.sys
[2013/05/21 12:35:00 | 000,003,716 | ---- | C] () -- C:\Program Files\Mozilla Firefoxavg-secure-search.xml
[2011/12/05 18:45:24 | 000,393,256 | ---- | C] () -- C:\Windows\System32\CNQ2414N.DAT
[2010/04/26 09:49:21 | 000,000,036 | ---- | C] () -- C:\Users\Shaun\AppData\Local\housecall.guid.cache
[2010/04/04 21:45:32 | 000,001,116 | -HS- | C] () -- C:\ProgramData\VHx0W
[2009/05/13 17:34:29 | 000,000,371 | ---- | C] () -- C:\Users\Shaun\Documents - Shortcut.lnk
[2009/03/01 00:01:39 | 000,000,632 | RHS- | C] () -- C:\Users\Shaun\ntuser.pol
[2009/01/01 09:45:22 | 000,000,000 | ---- | C] () -- C:\Users\Shaun\AppData\Roaming\wklnhst.dat
[2008/12/21 21:32:47 | 000,007,168 | ---- | C] () -- C:\Users\Shaun\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/21 14:48:08 | 000,002,032 | ---- | C] () -- C:\Users\Shaun\AppData\Local\d3d9caps.dat

========== ZeroAccess Check ==========

[2006/11/02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Files - Unicode (All) ==========
[2010/01/23 14:28:30 | 000,000,036 | ---- | M] ()(C:\Windows\System32\??) -- C:\Windows\System32\狀΀
[2010/01/23 14:28:30 | 000,000,036 | ---- | C] ()(C:\Windows\System32\??) -- C:\Windows\System32\狀΀

========== Alternate Data Streams ==========

@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:0B4227B4

< End of report>
  • 0

#5
Teima
Posted 19 July 2013 - 05:45 AM

Teima

    Member

  • Member
  • PipPipPip
  • 833 posts
Hello GUBID,

Thanks for the quick reply Tiema!

You're welcome! :)

For some reason OTL is not generating an Extra.txt file for the scan I've just run, so I have posted the Extra file from the first scan I ran yesterday. I hope that's Okay?

Yes that's normal don't worry. The reason that occurs is because you have used OTL within the past. We will fetch a fresh Extras.txt document later. Don't worry about it at this moment in time. The older document should be fine warranted that no major changes have occurred on the system since we have last spoke.

Step One

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following.
:Commands
[CREATERESTOREPOINT]

:OTL
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\482\G2AWinLogon.dll) - File not found
[2010/01/23 14:28:30 | 000,000,036 | ---- | M] ()(C:\Windows\System32\??) -- C:\Windows\System32\狀΀
[2010/01/23 14:28:30 | 000,000,036 | ---- | C] ()(C:\Windows\System32\??) -- C:\Windows\System32\狀΀
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:0B4227B4
  • Click run fix.
  • OTL may ask to reboot the machine. Please click the OK button if prompted.
  • Once done a report will be displayed. Copy and paste the contents of that report within your next response.

Step Two

Download aswMBR.exe (4.52MB) to your desktop.

Double click the aswMBR.exe to run it.

Click the "Scan" button to start the scan.
If Avast asks to download definitions, please say Yes.

Posted Image

Posted Image

On completion of the scan click save log, save it to your desktop and post it in your next reply.
  • 0

#6
GUBID
Posted 19 July 2013 - 01:40 PM

GUBID

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Thanks for the quick response again, it is very much appreciated Teima.
In regards to the Extra file and it being ok if no major changes have been made, I have deleted some programs since that file was generated, namely a hookey copy of the Macromedia suite (Dreamweaver etc) and Microsoft Visual 2005, 2008 and 2010.

The output from the OTL Runfix is below:

========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\GD\\http deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist\ deleted successfully.
C:\Windows\System32\狀΀ moved successfully.
File C:\Windows\System32\狀΀ not found.
ADS C:\ProgramData\Temp:0B4227B4 deleted successfully.

OTL by OldTimer - Version 3.2.69.0 log created on 07192013_191842

The output from the aswMBR is below:

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-07-19 19:23:53
-----------------------------
19:23:53.555 OS Version: Windows 6.0.6002 Service Pack 2
19:23:53.556 Number of processors: 2 586 0xF0D
19:23:53.557 ComputerName: SHAUN-PC UserName: Shaun
19:23:55.315 Initialize success
20:05:20.536 AVAST engine defs: 13071900
20:07:20.845 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:07:20.845 Disk 0 Vendor: FUJITSU_ 0041 Size: 238475MB BusType: 3
20:07:20.845 Disk 1 \Device\Harddisk1\DR1 -> \Device\0000006d
20:07:20.845 Disk 1 Vendor: RICOH 01 Size: 238475MB BusType: 0
20:07:20.845 Disk 2 \Device\Harddisk2\DR2 -> \Device\0000006e
20:07:20.861 Disk 2 Vendor: RICOH 02 Size: 238475MB BusType: 0
20:07:21.251 Disk 0 MBR read successfully
20:07:21.251 Disk 0 MBR scan
20:07:21.267 Disk 0 Windows VISTA default MBR code
20:07:21.282 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 11755 MB offset 2048
20:07:21.298 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 226718 MB offset 24076288
20:07:21.313 Disk 0 scanning sectors +488395120
20:07:21.563 Disk 0 scanning C:\Windows\system32\drivers
20:07:39.846 Service scanning
20:08:02.653 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
20:08:13.417 Modules scanning
20:09:10.295 Disk 0 trace - called modules:
20:09:10.311 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys spci.sys >>UNKNOWN [0x862d9938]<<
20:09:10.326 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x878b4ac8]
20:09:10.326 3 CLASSPNP.SYS[8b7ac8b3] -> nt!IofCallDriver -> [0x863ce408]
20:09:10.326 5 acpi.sys[805b96bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x863fa028]
20:09:11.465 AVAST engine scan C:\Windows
20:09:26.659 AVAST engine scan C:\Windows\system32
20:13:42.331 AVAST engine scan C:\Windows\system32\drivers
20:13:58.992 AVAST engine scan C:\Users\Shaun
20:15:11.845 AVAST engine scan C:\ProgramData
20:21:09.709 Scan finished successfully
20:21:55.557 Disk 0 MBR has been saved successfully to "C:\Users\GUB\Downloads\MBR.dat"
20:21:55.573 The log file has been saved successfully to "C:\Users\GUB\Downloads\aswMBR first run.txt"

I saw that the locked file got highlighted in yellow during the scan but >>UNKNOWN<< got highlighted in red!
It would be really cool to actually understand what those two items are and also what exactly they are doing!
Also why is AVG giving me the all clear when clearly things aren't?
I managed to spell your name correctly this time!
  • 0

#7
GUBID
Posted 19 July 2013 - 01:55 PM

GUBID

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Looking on the net the sptd file is linked to Daemon Tools Pro, a quick search of my laptop found a folder in "program files" named Daemon Tools Pro, I vaguely remember installing it! When I opened it, it was empty! Weird!?
  • 0

#8
Teima
Posted 20 July 2013 - 05:48 AM

Teima

    Member

  • Member
  • PipPipPip
  • 833 posts
Hi GUBID. I am just double checking something with my instructor at the moment. I'll have my next series of instructions posted very shortly. Thanks.
  • 0

#9
GUBID
Posted 20 July 2013 - 07:23 AM

GUBID

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
That's great Teima.
The sptd file that has been found can't be linked to the Daemons tool program, because it shouldn't be in the Windows/System32 folder should it!!
  • 0

#10
Teima
Posted 22 July 2013 - 01:52 AM

Teima

    Member

  • Member
  • PipPipPip
  • 833 posts
Hello GUBID.

My apologies about the delay. With that in mind lets delve into this further.

Also why is AVG giving me the all clear when clearly things aren't?

Usually anti-virus scanners operate on a database of known or infected files. Whilst something might be detected by one scanner it might not be detected by something else. Usually these scanners are quite well adapt and will update their definitions within a short period of time.

It would be really cool to actually understand what those two items are and also what exactly they are doing!

As you have already picked they are related to a program named Daemon tools. Whilst they aren't exactly malicious as one would say. They might have come bundled with another legitimate program and installed as foistware. We can remove this if you would like. Let me know.

In regards to the Extra file and it being ok if no major changes have been made, I have deleted some programs since that file was generated, namely a hookey copy of the Macromedia suite (Dreamweaver etc) and Microsoft Visual 2005, 2008 and 2010.

That's no worries at all.

The sptd file that has been found can't be linked to the Daemons tool program, because it shouldn't be in the Windows/System32 folder should it!!

It is related to Daemon Tools. :) Within this instance the file is situated C:\Windows\System32\Drivers\sptd.sys which is normal. More information can be found situated at this URL.

Instructions

Step One

I would assume you still have OTL on your machine. Right-click on OTL.exe and select Run As Administrator to start the program. If prompted by UAC, please allow it.

  • Please check the box next to Scan All Users.
  • Make sure Use SafeList is selected under Extra Registry.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
dir C:\ /S /A:L /C
CREATERESTOREPOINT
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your reply. If both log won't fit in the same post, you may post them in two separate posts.

Step Two

Malwarebytes Anti-Malware

Please download Malwarebytes Anti-Malware from here.

  • Double click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick Scan, then click scan.
  • When the scan is complete, click OK, then show results to view the scan results.
  • If anything is found make sure that everything is checked, and then click remove selected.
  • Once the scan has completed, a log will open in Notepad and you may be prompted to restart.
  • Please note the log is automatically saved and can be viewed by clicking the logs tab within Malwarebytes.
  • Copy and paste the entire content of that report within your next response.

  • 0

Advertisements

#11
GUBID
Posted 22 July 2013 - 02:48 PM

GUBID

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
No worries on the delay Teima, I just appreciate your efforts!

What I don't understand and what worries me about the AVG alerts is that this is the second time this has happened in 3 months. A scan found an infection requiring a Restart to remove it, only for it to be rediscovered on the very next scan, there would a very slight variation in the file name with each scan, which is all classic Rootkit behaviour! Then after posting to the AVG forums about this and before a response was posted by them I got a clear scans. Fast forward a couple of months and it is exactly the same. I posted to the AVG forums and they asked me run Gmer, which I did. They posted back that I needed to run the Rescue CD and restore my MBR. Whilst I had been waiting for this response I again began to get clear scans, so was AVG issuing a false positive, had AVG updated the removal tool. If so why did they ask me to do a repair? All very confusing!
If I understand what you have posted both the "locked file" and the "unknown" are linked to Daemon Tools Pro? Grrrr! As I mentioned the Daemon folder is empty, it isn't a program I use so lets delete the bloody thing, so it doesn't cause any other problems in the future! So there is no malware on my machine??
I already have Malwarebytes Anti-Malware on my machine as a back up to the AVG. I only ever run it with AVG and it's Firewall off and whilst disconnected from the internet. All it's scans have been negative. I have run the scans you have asked for and the outputs are below.

OTL.Txt Output:

OTL logfile created on: 22/07/2013 20:42:56 - Run 6
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\GUB\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.94 Gb Available Physical Memory | 64.78% Memory free
6.20 Gb Paging File | 4.75 Gb Available in Paging File | 76.60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.40 Gb Total Space | 69.02 Gb Free Space | 31.18% Space Free | Partition Type: NTFS

Computer Name: SHAUN-PC | User Name: Shaun | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/07/17 11:15:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\GUB\Desktop\OTL.exe
PRC - [2013/06/27 12:14:45 | 002,236,080 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2013/06/27 12:14:44 | 001,598,128 | ---- | M] (AVG Secure Search) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe
PRC - [2013/06/27 12:14:43 | 000,152,240 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\loggingserver.exe
PRC - [2013/05/10 08:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/29 00:58:42 | 004,408,368 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2013/04/18 04:34:38 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2013/02/19 04:01:14 | 000,328,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcfgex.exe
PRC - [2012/09/19 22:10:10 | 001,177,536 | R--- | M] (Western Digital ) -- C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
PRC - [2012/09/19 22:10:06 | 001,157,056 | R--- | M] (Western Digital ) -- C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe
PRC - [2012/09/19 22:03:58 | 005,236,664 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe
PRC - [2012/09/06 11:50:24 | 000,248,248 | R--- | M] (Western Digital) -- C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
PRC - [2012/06/13 17:53:50 | 001,688,008 | R--- | M] (Western Digital) -- C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe
PRC - [2009/09/16 13:27:12 | 000,480,624 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
PRC - [2009/07/15 17:13:06 | 003,662,632 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\WTouch\WTouchUser.exe
PRC - [2009/07/15 17:13:04 | 000,112,936 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\WTouch\WTouchService.exe
PRC - [2009/07/15 17:13:02 | 004,408,616 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\Pen_Tablet.exe
PRC - [2009/05/21 15:28:38 | 000,874,768 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2009/05/21 14:04:14 | 000,473,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/05 19:47:40 | 000,313,264 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2009/03/05 19:47:40 | 000,192,512 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2009/03/05 19:41:58 | 005,189,992 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
PRC - [2008/08/11 20:59:58 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2008/08/07 02:06:44 | 001,771,360 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
PRC - [2008/08/07 02:06:42 | 000,411,488 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe
PRC - [2008/07/31 00:05:22 | 000,299,008 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Network Utility\NSUService.exe
PRC - [2008/07/31 00:05:22 | 000,262,144 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Network Utility\LANUtil.exe
PRC - [2008/07/18 12:14:24 | 000,104,992 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RTKAUDIOSERVICE.EXE
PRC - [2008/07/16 02:04:08 | 000,182,112 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2008/07/16 02:04:08 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2008/02/23 01:38:50 | 000,122,880 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2008/02/23 01:38:50 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2008/02/23 01:38:49 | 000,050,472 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApMsgFwd.exe
PRC - [2007/09/11 08:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
PRC - [2007/06/15 12:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\Windows\System32\bgsvcgen.exe
PRC - [2007/01/05 03:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006/10/23 07:24:02 | 000,620,152 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
PRC - [2005/09/30 20:22:50 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe


========== Modules (No Company Name) ==========

MOD - [2013/07/13 15:59:23 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\d8f9327ccf9ae9cd853d9f9c6c8807bc\System.Web.ni.dll
MOD - [2013/07/13 15:59:14 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\59375bfcbdf9a51a963b71c10f6204d4\System.Runtime.Remoting.ni.dll
MOD - [2013/07/13 15:58:49 | 000,978,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\798504f7455735fbc9abe8d6ebe73f03\System.Configuration.ni.dll
MOD - [2013/07/13 15:58:45 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\05034abc5246a6fef208f73cb912d971\Accessibility.ni.dll
MOD - [2013/07/13 14:05:16 | 005,462,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\4a249ccdc8817127b91bc36d1aa52b5e\System.Xml.ni.dll
MOD - [2013/07/13 14:04:57 | 012,434,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f58a8a55eda29b5a43af20c4568f7f91\System.Windows.Forms.ni.dll
MOD - [2013/07/13 14:04:43 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6ac6cab47b69e44769c726610e7f29bc\System.Drawing.ni.dll
MOD - [2013/07/13 14:01:59 | 007,977,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\e3cc2cbffd5fb21da64e93d9b6c27c7c\System.ni.dll
MOD - [2013/07/13 14:01:39 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\6a938df70a8b7996a3890b4f34c83906\mscorlib.ni.dll
MOD - [2013/06/27 12:14:45 | 002,236,080 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2013/06/27 12:14:45 | 000,521,392 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\log4cplusU.dll
MOD - [2013/06/27 12:14:45 | 000,145,072 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.3.0\SiteSafety.dll
MOD - [2013/05/29 07:28:01 | 002,052,096 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2013/05/29 07:27:58 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2013/04/23 00:00:21 | 004,550,656 | ---- | M] () -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
MOD - [2012/12/12 06:34:13 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2012/10/08 12:01:09 | 000,110,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\SMDiagnostics\3.0.0.0__b77a5c561934e089\SMDiagnostics.dll
MOD - [2012/10/08 12:01:06 | 005,967,872 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll
MOD - [2012/10/08 12:01:03 | 000,970,752 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
MOD - [2012/10/08 12:01:03 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.IdentityModel\3.0.0.0__b77a5c561934e089\System.IdentityModel.dll
MOD - [2012/10/05 11:59:03 | 003,194,880 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2012/10/05 11:59:03 | 000,630,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2011/12/27 03:51:23 | 005,251,072 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
MOD - [2009/11/01 11:46:25 | 001,691,648 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3421.42257__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2009/11/01 11:46:25 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3421.42331__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2009/11/01 11:46:25 | 000,290,816 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3421.42239__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2009/11/01 11:46:25 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3421.42258__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2009/11/01 11:46:25 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3421.42313__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2009/11/01 11:46:25 | 000,069,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3421.42295__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2009/11/01 11:46:25 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3421.42253__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2009/11/01 11:46:25 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3421.42282__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2009/11/01 11:46:25 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3421.42247__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2009/11/01 11:46:24 | 000,139,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3421.42332__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2009/11/01 11:46:24 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3421.42247__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2009/11/01 11:46:23 | 000,364,544 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3421.42300__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2009/11/01 11:46:23 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3421.42300__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2009/11/01 11:46:23 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3421.42299__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2009/11/01 11:46:21 | 000,811,008 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3421.42284__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2009/11/01 11:46:21 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3421.42308__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2009/11/01 11:46:21 | 000,081,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3421.42284__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2009/11/01 11:46:20 | 000,712,704 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3421.42248__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2009/11/01 11:46:20 | 000,589,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3421.42259__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2009/11/01 11:46:20 | 000,450,560 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3421.42279__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2009/11/01 11:46:20 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.3421.42294__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll
MOD - [2009/11/01 11:46:20 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3421.42263__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll
MOD - [2009/11/01 11:46:20 | 000,225,280 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3421.42259__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2009/11/01 11:46:20 | 000,126,976 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3421.42293__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2009/11/01 11:46:20 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3421.42263__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2009/11/01 11:46:20 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3421.42292__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2009/11/01 11:46:20 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3421.42294__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2009/11/01 11:46:19 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3421.42283__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2009/11/01 11:46:19 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3421.42283__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2009/11/01 11:46:19 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3421.42284__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2009/11/01 11:46:19 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3294.18728__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2009/11/01 11:46:19 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3294.18709__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2009/11/01 11:46:19 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3294.18751__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2009/11/01 11:46:18 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3294.18787__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll
MOD - [2009/11/01 11:46:18 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3294.18795__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2009/11/01 11:46:18 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3294.18747__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2009/11/01 11:46:18 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3294.18794__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2009/11/01 11:46:18 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2009/11/01 11:46:17 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2009/11/01 11:46:17 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3294.18699__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2009/11/01 11:46:17 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3294.18701__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2009/11/01 11:46:17 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3294.18753__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2009/11/01 11:46:17 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3294.18745__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2009/11/01 11:46:17 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3294.18787__90ba9c70f846762e\DEM.OS.dll
MOD - [2009/11/01 11:46:17 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2009/11/01 11:46:17 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3294.18755__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2009/11/01 11:46:17 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2009/11/01 11:46:16 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3294.18708__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2009/11/01 11:46:16 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3294.18735__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2009/11/01 11:46:16 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3294.18785__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2009/11/01 11:46:16 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3294.18832__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2009/11/01 11:46:16 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3294.18737__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2009/11/01 11:46:16 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3294.18731__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2009/11/01 11:46:16 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3294.18717__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2009/11/01 11:46:16 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3294.18727__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2009/11/01 11:46:16 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3294.18758__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2009/11/01 11:46:16 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3294.18755__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2009/11/01 11:46:15 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3294.18771__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2009/11/01 11:46:14 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3294.18772__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2009/11/01 11:46:14 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3294.18767__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2009/11/01 11:46:14 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3294.18742__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2009/11/01 11:46:14 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3294.18760__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2009/11/01 11:46:14 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3294.18756__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2009/11/01 11:46:14 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3294.18769__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2009/11/01 11:46:14 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3294.18757__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2009/11/01 11:46:13 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3294.18766__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2009/11/01 11:46:13 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3294.18765__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2009/11/01 11:46:13 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3294.18771__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2009/11/01 11:46:13 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3294.18748__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2009/11/01 11:46:12 | 000,503,808 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3421.42357__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll
MOD - [2009/11/01 11:46:12 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3421.42340__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2009/11/01 11:46:12 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2009/11/01 11:46:12 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3294.18746__90ba9c70f846762e\APM.Foundation.dll
MOD - [2009/11/01 11:46:12 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3294.18728__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2009/11/01 11:46:11 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3294.18720__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll
MOD - [2009/11/01 11:46:11 | 000,014,848 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
MOD - [2009/11/01 11:46:11 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll
MOD - [2009/11/01 11:46:11 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3421.42234__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2009/11/01 11:46:10 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3421.42252__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2009/11/01 11:46:10 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3421.42326__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2009/11/01 11:46:10 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3421.42325__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2009/11/01 11:46:10 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3421.42238__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2009/11/01 11:46:10 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3294.18750__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2009/11/01 11:46:10 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3294.18714__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2009/11/01 11:46:10 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3294.18725__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2009/11/01 11:46:10 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3294.18748__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2009/11/01 11:46:10 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3294.18745__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2009/11/01 11:46:09 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3421.42236__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2009/11/01 11:46:09 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3294.18744__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2009/11/01 11:46:08 | 001,142,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3421.42243__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2009/11/01 11:46:08 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3294.18740__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2009/11/01 11:46:08 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3294.18774__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2009/11/01 11:46:07 | 000,081,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3421.42237__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2009/11/01 11:46:07 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3421.42236__90ba9c70f846762e\APM.Server.dll
MOD - [2009/11/01 11:46:07 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3421.42235__90ba9c70f846762e\AEM.Server.dll
MOD - [2009/11/01 11:46:07 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2009/11/01 11:46:07 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3421.42326__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2009/05/14 23:22:46 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2009/03/30 05:42:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009/03/30 05:42:10 | 000,010,752 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
MOD - [2009/02/18 19:38:39 | 000,126,976 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.IdentityModel.Selectors\3.0.0.0__b77a5c561934e089\System.IdentityModel.Selectors.dll
MOD - [2008/08/26 12:41:42 | 000,016,384 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2008/08/11 21:02:00 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\SPMDam\3.1.0.6020__1b3c579b6925895f\SPMDam.dll
MOD - [2008/08/11 21:01:56 | 000,086,016 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\SPMCommon\3.1.0.6020__e3c7096ba83f9295\SPMCommon.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus®
SRV - [2013/07/13 07:42:07 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/27 12:14:44 | 001,598,128 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe -- (vToolbarUpdater15.3.0)
SRV - [2013/06/26 10:03:39 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/14 00:54:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/05/10 08:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/18 04:34:38 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013/04/10 11:07:36 | 001,428,472 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG2013\avgfws.exe -- (avgfws)
SRV - [2012/11/09 12:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/09/19 22:10:10 | 001,177,536 | R--- | M] (Western Digital ) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe -- (WDRulesService)
SRV - [2012/09/19 22:10:06 | 001,157,056 | R--- | M] (Western Digital ) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDBackupEngine.exe -- (WDBackup)
SRV - [2012/09/06 11:50:24 | 000,248,248 | R--- | M] (Western Digital) [Auto | Running] -- C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe -- (WDDriveService)
SRV - [2012/01/13 10:53:48 | 000,939,624 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Update Common\VUAgent.exe -- (VUAgent)
SRV - [2011/09/01 09:17:00 | 001,025,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/06/13 23:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2009/09/16 13:27:12 | 000,480,624 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2009/07/15 17:13:04 | 000,112,936 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\WTouch\WTouchService.exe -- (WTouchService)
SRV - [2009/07/15 17:13:02 | 004,408,616 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\System32\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2009/06/14 16:58:12 | 000,016,936 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\482\g2aservice.exe -- (GoToAssist)
SRV - [2009/05/21 15:28:38 | 000,874,768 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2009/05/21 14:04:14 | 000,473,360 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2009/04/02 01:15:30 | 000,114,688 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2009/03/05 19:47:40 | 000,313,264 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2009/03/05 19:47:40 | 000,192,512 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2009/03/05 19:47:40 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2009/03/05 19:41:58 | 005,189,992 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2008/08/11 20:59:58 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/08/07 02:06:42 | 000,411,488 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV - [2008/07/31 00:05:22 | 000,299,008 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\Network Utility\NSUService.exe -- (NSUService)
SRV - [2008/07/18 12:14:24 | 000,104,992 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Windows\RTKAUDIOSERVICE.EXE -- (RtkAudioService)
SRV - [2008/07/16 02:04:08 | 000,182,112 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2008/05/21 03:05:40 | 000,353,568 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHDms.exe -- (SOHDms)
SRV - [2008/05/21 03:05:40 | 000,103,712 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe -- (SOHCImp)
SRV - [2008/05/21 03:05:40 | 000,062,752 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHDs.exe -- (SOHDs)
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/11 08:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2007/06/15 12:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\Windows\System32\bgsvcgen.exe -- (bgsvcgen)
SRV - [2007/01/05 03:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2005/09/30 20:22:50 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2013/06/27 12:14:46 | 000,037,664 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2013/03/29 02:53:48 | 000,208,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013/03/21 03:08:24 | 000,182,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2013/03/01 10:32:20 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2013/02/12 02:57:27 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2013/02/08 04:37:58 | 000,096,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013/02/08 04:37:56 | 000,245,048 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013/02/08 04:37:52 | 000,060,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013/02/08 04:37:44 | 000,170,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013/02/08 04:37:40 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2012/09/04 11:39:32 | 000,050,296 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgfwd6x.sys -- (Avgfwfd)
DRV - [2011/08/17 10:56:32 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2011/08/17 10:56:30 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011/08/17 10:56:26 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2011/08/17 10:56:22 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009/06/14 18:30:40 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2009/05/28 23:41:28 | 004,233,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2009/05/20 23:14:32 | 000,013,224 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WacomVTHid.sys -- (WacomVTHid)
DRV - [2009/05/20 20:54:06 | 000,013,736 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2009/05/15 02:58:02 | 004,304,384 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/01/30 22:29:50 | 000,015,656 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV - [2008/07/12 00:42:58 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
DRV - [2008/06/28 01:33:45 | 000,068,608 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008/06/28 01:11:39 | 000,143,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2008/06/21 01:03:04 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\risdptsk.sys -- (risdptsk)
DRV - [2008/06/07 01:02:55 | 000,131,000 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2008/05/06 17:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/03/10 12:01:26 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
DRV - [2008/02/23 01:38:50 | 000,164,400 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/01/25 03:14:25 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/04/18 04:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2007/02/16 20:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2007/02/16 01:11:28 | 000,011,440 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WacomVKHid.sys -- (WacomVKHid)
DRV - [2006/02/20 19:17:40 | 000,033,408 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdrbsdrv.sys -- (cdrbsdrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com
IE - HKLM\..\SearchScopes,DefaultScope = {6BE6BE36-0285-4779-BDB3-51009CE7EB92}
IE - HKLM\..\SearchScopes\{6BE6BE36-0285-4779-BDB3-51009CE7EB92}: "URL" = http://www.google.co...rchTerms}&meta=
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search...p={searchTerms}


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {6BE6BE36-0285-4779-BDB3-51009CE7EB92}
IE - HKU\.DEFAULT\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search...p={searchTerms}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {6BE6BE36-0285-4779-BDB3-51009CE7EB92}
IE - HKU\S-1-5-18\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search...p={searchTerms}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1287660353-1891574393-3237263245-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com
IE - HKU\S-1-5-21-1287660353-1891574393-3237263245-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1287660353-1891574393-3237263245-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.sonystyle-europe.comht [Binary data over 200 bytes]
IE - HKU\S-1-5-21-1287660353-1891574393-3237263245-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-1287660353-1891574393-3237263245-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1287660353-1891574393-3237263245-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.sonystyle-europe.comht [Binary data over 200 bytes]
IE - HKU\S-1-5-21-1287660353-1891574393-3237263245-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.club-vaio.com
IE - HKU\S-1-5-21-1287660353-1891574393-3237263245-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1287660353-1891574393-3237263245-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-1287660353-1891574393-3237263245-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1287660353-1891574393-3237263245-1000\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-21-1287660353-1891574393-3237263245-1000\..\SearchScopes,DefaultScope = {6BE6BE36-0285-4779-BDB3-51009CE7EB92}
IE - HKU\S-1-5-21-1287660353-1891574393-3237263245-1000\..\SearchScopes\{6BE6BE36-0285-4779-BDB3-51009CE7EB92}: "URL" = http://www.google.co...z=1I7GGLL_en-GB
IE - HKU\S-1-5-21-1287660353-1891574393-3237263245-1000\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:466...q={searchTerms}
IE - HKU\S-1-5-21-1287660353-1891574393-3237263245-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...pr&d=2011-10-26 09:10:28&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-1287660353-1891574393-3237263245-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1287660353-1891574393-3237263245-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-1287660353-1891574393-3237263245-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com
IE - HKU\S-1-5-21-1287660353-1891574393-3237263245-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.sonystyle-europe.comht [Binary data over 200 bytes]
IE - HKU\S-1-5-21-1287660353-1891574393-3237263245-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-1287660353-1891574393-3237263245-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1287660353-1891574393-3237263245-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.sonystyle-europe.comht [Binary data over 200 bytes]
IE - HKU\S-1-5-21-1287660353-1891574393-3237263245-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1287660353-1891574393-3237263245-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1287660353-1891574393-3237263245-1001\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-21-1287660353-1891574393-3237263245-1001\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-1287660353-1891574393-3237263245-1001\..\SearchScopes\{6BE6BE36-0285-4779-BDB3-51009CE7EB92}: "URL" = http://www.google.co...z=1I7SNYK_en-GB
IE - HKU\S-1-5-21-1287660353-1891574393-3237263245-1001\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:466...q={searchTerms}
IE - HKU\S-1-5-21-1287660353-1891574393-3237263245-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...pr&d=2011-10-26 09:10:28&v=15.3.0.11&pid=avg&sg=0&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-1287660353-1891574393-3237263245-1001\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://search.avg.co...e}&iy=&ychte=us
IE - HKU\S-1-5-21-1287660353-1891574393-3237263245-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1287660353-1891574393-3237263245-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0
FF - prefs.js..extensions.enabledAddons: avg%40toolbar:15.3.0.11
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\15.3.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\15.3.0.11 [2013/06/27 12:16:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/06/26 10:03:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/06/26 10:03:28 | 000,000,000 | ---D | M]

[2011/07/21 01:22:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shaun\AppData\Roaming\Mozilla\Extensions
[2012/04/28 18:48:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shaun\AppData\Roaming\Mozilla\Firefox\Profiles\zr58ms5x.default\extensions
[2013/06/26 10:03:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/06/26 10:03:40 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/06/27 12:16:49 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\FIREFOXEXT\15.3.0.11
[2009/09/02 00:40:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2013/02/19 14:23:57 | 000,003,714 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml

========== Chrome ==========


O1 HOSTS File: ([2009/02/26 00:14:42 | 000,302,495 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 10429 more lines...
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\15.3.0.11\AVG Secure Search_toolbar.dll (AVG Secure Search)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google BAE\BAE.dll (Your Company Name)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\15.3.0.11\AVG Secure Search_toolbar.dll (AVG Secure Search)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKU\S-1-5-21-1287660353-1891574393-3237263245-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1287660353-1891574393-3237263245-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1287660353-1891574393-3237263245-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1287660353-1891574393-3237263245-1001\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AML] C:\Program Files\Sony\VAIO Launcher\AML.exe (Sony)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [WD Drive Unlocker] C:\Program Files\Western Digital\WD Security\WDDriveAutoUnlock.exe (Western Digital)
O4 - HKLM..\Run: [WD Quick View] C:\Program Files\Western Digital\WD Quick View\WDDMStatus.exe (Western Digital Technologies, Inc.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1287660353-1891574393-3237263245-1000..\Run: [AVG-Secure-Search-Update_JUNE2013_TB] C:\Program Files\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe (AVG Secure Search)
O4 - HKU\S-1-5-21-1287660353-1891574393-3237263245-1001..\Run: [NSUFloatingUI] C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation)
O4 - HKLM..\RunOnce: [*WerKernelReporting] C:\Windows\System32\WerFault.exe (Microsoft Corporation)
O7 - HKU\S-1-5-21-1287660353-1891574393-3237263245-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1287660353-1891574393-3237263245-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-1287660353-1891574393-3237263245-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\S-1-5-21-1287660353-1891574393-3237263245-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1287660353-1891574393-3237263245-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-1287660353-1891574393-3237263245-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Add to Evernote 4.0 - res://C:\Program Files\Evernote\Evernote\EvernoteIE.dll/204 File not found
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1287660353-1891574393-3237263245-1001\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-1287660353-1891574393-3237263245-1001\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_09)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_09)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{60E51E2B-CC60-42D5-A583-A0B5F6AD8638}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{91F519CC-6D64-4B1B-8061-F3D9C90B5205}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\15.3.0\ViProtocol.dll (AVG Secure Search)
O20 - AppInit_DLLs: (C:\PROGRA~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Desert Landscape.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Desert Landscape.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2a8f8a67-d767-11dd-85d6-00214f4a1208}\Shell - "" = AutoRun
O33 - MountPoints2\{2a8f8a67-d767-11dd-85d6-00214f4a1208}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Autorun\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/07/19 19:18:42 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/07/14 22:42:22 | 000,000,000 | ---D | C] -- C:\Windows\System32\MRT
[2013/07/13 09:28:20 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/07/13 09:28:17 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/07/13 09:28:17 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/07/13 09:28:17 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/07/13 09:28:16 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/07/13 09:28:15 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/07/13 09:28:15 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/07/13 09:28:14 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/07/13 07:55:20 | 002,049,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/07/13 07:55:05 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2013/07/13 07:55:05 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2013/07/13 07:55:05 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2013/07/13 07:55:05 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2013/07/13 07:55:05 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2013/07/13 07:55:04 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2013/07/13 07:55:04 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2013/07/13 07:55:04 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2013/07/13 07:55:03 | 000,505,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll
[2013/07/13 07:55:02 | 001,548,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL
[2013/07/08 20:59:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/06/26 10:03:26 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/06/26 09:05:59 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine

========== Files - Modified Within 30 Days ==========

[2013/07/22 20:33:19 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\ROC_JAN2013_TB_rmv.job
[2013/07/22 20:33:10 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/22 20:32:51 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
[2013/07/22 20:31:45 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/22 20:31:44 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/22 20:31:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/22 20:31:22 | 3218,120,704 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/21 23:14:38 | 000,001,076 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013/07/21 23:01:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/21 22:15:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/20 21:40:05 | 000,612,546 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/07/20 21:40:05 | 000,109,962 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/07/20 12:24:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2013/07/19 08:20:55 | 000,416,456 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/07/13 07:42:07 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/07/13 07:42:07 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/06/27 12:16:51 | 000,003,716 | ---- | M] () -- C:\Program Files\Mozilla Firefoxavg-secure-search.xml
[2013/06/27 12:14:46 | 000,037,664 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys

========== Files Created - No Company Name ==========

[2013/06/28 06:39:26 | 3218,120,704 | -HS- | C] () -- C:\hiberfil.sys
[2013/05/21 12:35:00 | 000,003,716 | ---- | C] () -- C:\Program Files\Mozilla Firefoxavg-secure-search.xml
[2011/12/05 18:45:24 | 000,393,256 | ---- | C] () -- C:\Windows\System32\CNQ2414N.DAT
[2010/04/26 09:49:21 | 000,000,036 | ---- | C] () -- C:\Users\Shaun\AppData\Local\housecall.guid.cache
[2010/04/04 21:45:32 | 000,001,116 | -HS- | C] () -- C:\ProgramData\VHx0W
[2009/05/13 17:34:29 | 000,000,371 | ---- | C] () -- C:\Users\Shaun\Documents - Shortcut.lnk
[2009/03/01 00:01:39 | 000,000,632 | RHS- | C] () -- C:\Users\Shaun\ntuser.pol
[2009/01/01 09:45:22 | 000,000,000 | ---- | C] () -- C:\Users\Shaun\AppData\Roaming\wklnhst.dat
[2008/12/21 21:32:47 | 000,007,168 | ---- | C] () -- C:\Users\Shaun\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/21 14:48:08 | 000,002,032 | ---- | C] () -- C:\Users\Shaun\AppData\Local\d3d9caps.dat

========== ZeroAccess Check ==========

[2006/11/02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

========== Base Services ==========
SRV - [2006/11/02 10:46:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2008/01/21 03:24:17 | 000,033,280 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
SRV - [2008/01/21 03:24:14 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG)
SRV - [2009/04/11 07:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\qmgr.dll -- (BITS)
SRV - [2009/04/11 07:28:18 | 000,334,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\BFE.DLL -- (BFE)
SRV - [2011/11/16 15:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\lsass.exe -- (KeyIso)
SRV - [2009/04/11 07:28:19 | 000,268,800 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem)
SRV - [2008/01/21 03:24:36 | 000,081,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\browser.dll -- (Browser)
SRV - [2013/04/24 05:00:30 | 000,133,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2009/04/11 07:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
SRV - [2009/04/11 07:28:18 | 000,204,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcsvc.dll -- (Dhcp)
SRV - [2011/03/02 16:44:27 | 000,086,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2008/01/21 03:25:01 | 000,057,344 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
SRV - [2009/04/11 07:28:19 | 000,026,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\hidserv.dll -- (hidserv)
SRV - [2008/01/21 03:24:09 | 000,288,256 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2009/04/11 07:28:20 | 000,364,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV - [2009/04/11 07:28:24 | 000,311,808 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\swprv.dll -- (swprv)
SRV - [2008/01/21 03:24:54 | 000,045,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
SRV - [2008/01/21 03:24:11 | 000,274,432 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)
SRV - [2008/01/21 03:24:23 | 000,237,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm)
SRV - [2008/01/21 03:23:44 | 000,168,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
SRV - [2008/01/21 03:24:47 | 000,018,432 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)
SRV - [2009/04/11 07:28:25 | 000,222,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2010/08/17 15:11:37 | 000,128,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2011/11/16 15:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
SRV - [2009/04/11 07:28:19 | 000,564,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\emdmgmt.dll -- (EMDMgmt)
SRV - [2008/01/21 03:24:19 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
SRV - [2009/04/11 07:28:24 | 000,262,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\rasmans.dll -- (RasMan)
SRV - [2009/04/11 07:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs)
SRV - [2008/01/21 03:24:35 | 000,019,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2011/11/16 15:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs)
SRV - [2009/04/11 07:28:26 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wscsvc.dll -- (wscsvc)
SRV - [2010/09/06 17:20:29 | 000,125,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
SRV - [2009/07/10 12:47:42 | 000,247,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
SRV - [2009/04/11 07:27:49 | 003,408,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\SLsvc.exe -- (slsvc)
SRV - [2010/11/04 19:55:12 | 000,601,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
SRV - [2009/04/11 07:28:24 | 000,242,688 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
SRV - [2009/07/10 12:47:42 | 000,247,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (Themes)
SRV - [2009/04/11 07:28:23 | 000,153,088 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
SRV - [2009/04/11 07:28:10 | 001,055,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\VSSVC.exe -- (VSS)
SRV - [2009/04/11 07:28:18 | 000,315,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
SRV - [2009/04/11 07:28:18 | 000,315,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2008/01/21 03:23:27 | 000,104,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/04/11 07:28:25 | 001,017,856 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (Eventlog)
SRV - [2009/04/11 07:28:20 | 000,407,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\MPSSVC.dll -- (MpsSvc)
SRV - [2009/04/11 07:28:25 | 000,453,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wiaservc.dll -- (stisvc)
SRV - [2009/04/11 07:27:45 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver)
SRV - [2009/04/11 07:28:25 | 000,162,304 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2012/06/02 23:19:17 | 001,933,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wuaueng.dll -- (wuauserv)
SRV - [2009/04/11 07:28:18 | 000,175,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
SRV - [2009/07/11 20:01:42 | 000,513,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
SRV - [2009/06/10 12:42:23 | 000,160,256 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/10/29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SERVICES >
[2006/09/18 22:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\System32\drivers\etc\services
[2006/09/18 22:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\services

< MD5 for: SERVICES.CFG >
[2013/05/10 08:57:30 | 000,558,879 | ---- | M] () MD5=3679F8D3253DC110D1D8F2AE115EE00C -- C:\Program Files\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 13:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg

< MD5 for: SERVICES.EXE >
[2008/01/21 03:24:48 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2009/04/11 07:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\System32\services.exe
[2009/04/11 07:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2006/11/02 13:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\System32\en-US\services.exe.mui
[2006/11/02 13:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_en-us_67c6851b290a1ced\services.exe.mui

< MD5 for: SERVICES.LNK >
[2008/01/21 03:42:58 | 000,001,688 | ---- | M] () MD5=C50AE46E57C3F3FB61A3B3A1E5D9C412 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/21 03:42:58 | 000,001,688 | ---- | M] () MD5=C50AE46E57C3F3FB61A3B3A1E5D9C412 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOF >
[2006/09/18 22:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2006/09/18 22:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.mof
[2006/09/18 22:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.mof

< MD5 for: SERVICES.MSC >
[2006/11/02 13:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
[2006/09/18 22:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2006/11/02 13:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.0.6000.16386_en-us_a2085506ff73b6e0\services.msc
[2006/09/18 22:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6001.18000_none_cf63e2a445bae4e3\services.msc

< MD5 for: SVCHOST.EXE >
[2008/01/21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/01/21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< dir C:\ /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is FC34-5C7D
Directory of C:\
02/11/2006 14:02 <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
02/11/2006 14:02 <JUNCTION> Application Data [C:\ProgramData]
02/11/2006 14:02 <JUNCTION> Desktop [C:\Users\Public\Desktop]
02/11/2006 14:02 <JUNCTION> Documents [C:\Users\Public\Documents]
02/11/2006 14:02 <JUNCTION> Favorites [C:\Users\Public\Favorites]
02/11/2006 14:02 <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
02/11/2006 14:02 <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
02/11/2006 14:02 <SYMLINKD> All Users [C:\ProgramData]
02/11/2006 14:02 <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\All Users
02/11/2006 14:02 <JUNCTION> Application Data [C:\ProgramData]
02/11/2006 14:02 <JUNCTION> Desktop [C:\Users\Public\Desktop]
02/11/2006 14:02 <JUNCTION> Documents [C:\Users\Public\Documents]
02/11/2006 14:02 <JUNCTION> Favorites [C:\Users\Public\Favorites]
02/11/2006 14:02 <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
02/11/2006 14:02 <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default
02/11/2006 14:02 <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
02/11/2006 14:02 <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
02/11/2006 14:02 <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
02/11/2006 14:02 <JUNCTION> My Documents [C:\Users\Default\Documents]
02/11/2006 14:02 <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
02/11/2006 14:02 <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
02/11/2006 14:02 <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
02/11/2006 14:02 <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
02/11/2006 14:02 <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
02/11/2006 14:02 <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
02/11/2006 14:02 <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
02/11/2006 14:02 <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
02/11/2006 14:02 <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
02/11/2006 14:02 <JUNCTION> My Music [C:\Users\Default\Music]
02/11/2006 14:02 <JUNCTION> My Pictures [C:\Users\Default\Pictures]
02/11/2006 14:02 <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Grace
01/03/2009 00:04 <JUNCTION> Application Data [C:\Users\Grace\AppData\Roaming]
01/03/2009 00:04 <JUNCTION> Cookies [C:\Users\Grace\AppData\Roaming\Microsoft\Windows\Cookies]
01/03/2009 00:04 <JUNCTION> Local Settings [C:\Users\Grace\AppData\Local]
01/03/2009 00:04 <JUNCTION> My Documents [C:\Users\Grace\Documents]
01/03/2009 00:04 <JUNCTION> NetHood [C:\Users\Grace\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
01/03/2009 00:04 <JUNCTION> PrintHood [C:\Users\Grace\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
01/03/2009 00:04 <JUNCTION> Recent [C:\Users\Grace\AppData\Roaming\Microsoft\Windows\Recent]
01/03/2009 00:04 <JUNCTION> SendTo [C:\Users\Grace\AppData\Roaming\Microsoft\Windows\SendTo]
01/03/2009 00:04 <JUNCTION> Start Menu [C:\Users\Grace\AppData\Roaming\Microsoft\Windows\Start Menu]
01/03/2009 00:04 <JUNCTION> Templates [C:\Users\Grace\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Grace\AppData\Local
01/03/2009 00:04 <JUNCTION> Application Data [C:\Users\Grace\AppData\Local]
01/03/2009 00:04 <JUNCTION> History [C:\Users\Grace\AppData\Local\Microsoft\Windows\History]
01/03/2009 00:04 <JUNCTION> Temporary Internet Files [C:\Users\Grace\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Grace\Documents
01/03/2009 00:04 <JUNCTION> My Music [C:\Users\Grace\Music]
01/03/2009 00:04 <JUNCTION> My Pictures [C:\Users\Grace\Pictures]
01/03/2009 00:04 <JUNCTION> My Videos [C:\Users\Grace\Videos]
0 File(s) 0 bytes
Directory of C:\Users\GUB
21/12/2008 21:37 <JUNCTION> Application Data [C:\Users\GUB\AppData\Roaming]
21/12/2008 21:37 <JUNCTION> Cookies [C:\Users\GUB\AppData\Roaming\Microsoft\Windows\Cookies]
21/12/2008 21:37 <JUNCTION> Local Settings [C:\Users\GUB\AppData\Local]
21/12/2008 21:37 <JUNCTION> My Documents [C:\Users\GUB\Documents]
21/12/2008 21:37 <JUNCTION> NetHood [C:\Users\GUB\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
21/12/2008 21:37 <JUNCTION> PrintHood [C:\Users\GUB\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
21/12/2008 21:37 <JUNCTION> Recent [C:\Users\GUB\AppData\Roaming\Microsoft\Windows\Recent]
21/12/2008 21:37 <JUNCTION> SendTo [C:\Users\GUB\AppData\Roaming\Microsoft\Windows\SendTo]
21/12/2008 21:37 <JUNCTION> Start Menu [C:\Users\GUB\AppData\Roaming\Microsoft\Windows\Start Menu]
21/12/2008 21:37 <JUNCTION> Templates [C:\Users\GUB\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\GUB\AppData\Local
21/12/2008 21:37 <JUNCTION> Application Data [C:\Users\GUB\AppData\Local]
21/12/2008 21:37 <JUNCTION> History [C:\Users\GUB\AppData\Local\Microsoft\Windows\History]
21/12/2008 21:37 <JUNCTION> Temporary Internet Files [C:\Users\GUB\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\GUB\Documents
21/12/2008 21:37 <JUNCTION> My Music [C:\Users\GUB\Music]
21/12/2008 21:37 <JUNCTION> My Pictures [C:\Users\GUB\Pictures]
21/12/2008 21:37 <JUNCTION> My Videos [C:\Users\GUB\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Guest
15/08/2012 13:07 <JUNCTION> Application Data [C:\Users\Guest\AppData\Roaming]
15/08/2012 13:07 <JUNCTION> Cookies [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Cookies]
15/08/2012 13:07 <JUNCTION> Local Settings [C:\Users\Guest\AppData\Local]
15/08/2012 13:07 <JUNCTION> My Documents [C:\Users\Guest\Documents]
15/08/2012 13:07 <JUNCTION> NetHood [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
15/08/2012 13:07 <JUNCTION> PrintHood [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
15/08/2012 13:07 <JUNCTION> Recent [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Recent]
15/08/2012 13:07 <JUNCTION> SendTo [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\SendTo]
15/08/2012 13:07 <JUNCTION> Start Menu [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu]
15/08/2012 13:07 <JUNCTION> Templates [C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Guest\AppData\Local
15/08/2012 13:07 <JUNCTION> Application Data [C:\Users\Guest\AppData\Local]
15/08/2012 13:07 <JUNCTION> History [C:\Users\Guest\AppData\Local\Microsoft\Windows\History]
15/08/2012 13:07 <JUNCTION> Temporary Internet Files [C:\Users\Guest\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Guest\Documents
15/08/2012 13:07 <JUNCTION> My Music [C:\Users\Guest\Music]
15/08/2012 13:07 <JUNCTION> My Pictures [C:\Users\Guest\Pictures]
15/08/2012 13:07 <JUNCTION> My Videos [C:\Users\Guest\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
02/11/2006 14:02 <JUNCTION> My Music [C:\Users\Public\Music]
02/11/2006 14:02 <JUNCTION> My Pictures [C:\Users\Public\Pictures]
02/11/2006 14:02 <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Shaun
21/12/2008 14:48 <JUNCTION> Application Data [C:\Users\Shaun\AppData\Roaming]
21/12/2008 14:48 <JUNCTION> Cookies [C:\Users\Shaun\AppData\Roaming\Microsoft\Windows\Cookies]
21/12/2008 14:48 <JUNCTION> Local Settings [C:\Users\Shaun\AppData\Local]
21/12/2008 14:48 <JUNCTION> My Documents [C:\Users\Shaun\Documents]
21/12/2008 14:48 <JUNCTION> NetHood [C:\Users\Shaun\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
21/12/2008 14:48 <JUNCTION> PrintHood [C:\Users\Shaun\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
21/12/2008 14:48 <JUNCTION> Recent [C:\Users\Shaun\AppData\Roaming\Microsoft\Windows\Recent]
21/12/2008 14:48 <JUNCTION> SendTo [C:\Users\Shaun\AppData\Roaming\Microsoft\Windows\SendTo]
21/12/2008 14:48 <JUNCTION> Start Menu [C:\Users\Shaun\AppData\Roaming\Microsoft\Windows\Start Menu]
21/12/2008 14:48 <JUNCTION> Templates [C:\Users\Shaun\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Shaun\AppData\Local
21/12/2008 14:48 <JUNCTION> Application Data [C:\Users\Shaun\AppData\Local]
21/12/2008 14:48 <JUNCTION> History [C:\Users\Shaun\AppData\Local\Microsoft\Windows\History]
21/12/2008 14:48 <JUNCTION> Temporary Internet Files [C:\Users\Shaun\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Shaun\Documents
21/12/2008 14:48 <JUNCTION> My Music [C:\Users\Shaun\Music]
21/12/2008 14:48 <JUNCTION> My Pictures [C:\Users\Shaun\Pictures]
21/12/2008 14:48 <JUNCTION> My Videos [C:\Users\Shaun\Videos]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile
06/10/2010 08:09 <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]
06/10/2010 08:09 <JUNCTION> Cookies [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies]
06/10/2010 08:09 <JUNCTION> Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]
06/10/2010 08:09 <JUNCTION> My Documents [C:\Windows\system32\config\systemprofile\Documents]
06/10/2010 08:09 <JUNCTION> NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
06/10/2010 08:09 <JUNCTION> PrintHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
06/10/2010 08:09 <JUNCTION> Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]
06/10/2010 08:09 <JUNCTION> SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]
06/10/2010 08:09 <JUNCTION> Start Menu [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]
06/10/2010 08:09 <JUNCTION> Templates [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\AppData\Local
06/10/2010 08:09 <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]
06/10/2010 08:09 <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]
06/10/2010 08:09 <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Windows\System32\config\systemprofile\Documents
06/10/2010 08:09 <JUNCTION> My Music [C:\Windows\system32\config\systemprofile\Music]
06/10/2010 08:09 <JUNCTION> My Pictures [C:\Windows\system32\config\systemprofile\Pictures]
06/10/2010 08:09 <JUNCTION> My Videos [C:\Windows\system32\config\systemprofile\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
114 Dir(s) 73,785,638,912 bytes free

< End of report >

The Extras.Txt output:

OTL Extras logfile created on: 22/07/2013 20:42:56 - Run 6
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\GUB\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.94 Gb Available Physical Memory | 64.78% Memory free
6.20 Gb Paging File | 4.75 Gb Available in Paging File | 76.60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.40 Gb Total Space | 69.02 Gb Free Space | 31.18% Space Free | Partition Type: NTFS

Computer Name: SHAUN-PC | User Name: Shaun | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
.js [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-1287660353-1891574393-3237263245-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{777BBB4E-AB01-45A6-B2FD-3ED89F1E64DA}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{8289B44C-3D95-469C-99E9-D02504DE944B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{9A77820D-8050-4696-9237-B4B9E203D751}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03B8F6D9-FFC0-4BCB-B791-AEB488C300B5}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
"{044296A8-9D5D-4120-9AD0-EF9FD899C8B0}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{0835EC17-9733-4073-BE96-BD3AFF97838D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{08C790D8-203A-4B5C-95A7-2FBA05F4B199}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
"{0D2E1D40-6BFA-4E57-9397-3CC7DB56B72C}" = protocol=17 | dir=in | app=c:\program files\google\google talk\googletalk.exe |
"{1B858662-2EC0-40E3-AE5D-DBD46B5C37B1}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 1050 j410 series\bin\usbsetup.exe |
"{2A958510-70F9-4A11-9C6E-24D51E34C973}" = protocol=6 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 complete\beyond the sword\civ4beyondsword.exe |
"{37510A87-D06A-4BF4-964F-653ED6B3650E}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{38497E29-91CA-4EF4-99B9-7CEC4EDC3119}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{38C5E73B-1489-4DBE-BFAC-9ECBD1CCA49D}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{3AE7C579-4C5F-48D1-92CA-EEF8E33A2B36}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{3CBB7F71-C79B-432F-93C3-EC44E0B3DFFB}" = protocol=17 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 complete\warlords\civ4warlords.exe |
"{437F9870-1A32-409E-8B91-299D41B12EE7}" = protocol=17 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 complete\beyond the sword\civ4beyondsword.exe |
"{571A057E-F9A6-4860-8316-7BA3EBA87DBA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5CA15B6D-138D-4480-BC04-D1D0E8CE3167}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 1050 j410 series\bin\usbsetup.exe |
"{64B076CC-5991-44E8-B5ED-956B30299C58}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{72579957-22D4-4293-A571-09E398D3D16B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{7AEE7024-11BC-436F-91D8-9D27555C0D35}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{85E639E7-BCEE-41BF-A680-D8DCEAE31068}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{93C6B37E-93F0-4230-A790-330C44960240}" = protocol=6 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 complete\civilization4.exe |
"{A074D09C-992E-4675-98AC-4196C8BEBB7F}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{A1512486-B251-4CCA-B40D-8674486531AC}" = protocol=6 | dir=in | app=c:\program files\google\google talk\googletalk.exe |
"{A2800D64-AD5C-4BDD-9459-E230A838882F}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{A3A8AE71-7A40-40DD-9AAB-AA9A7BFB50A8}" = protocol=6 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 complete\warlords\civ4warlords.exe |
"{A47DB3F7-04A7-4540-9DFD-728E41019DEA}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{B0B0DE69-4A4C-4DF7-A6B7-4E9774C7EFD8}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{C4C50EF6-6CEA-4C33-A9CE-DB09495E076B}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{C94FBC30-77A8-42BF-A3C8-C46265EF876A}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{CBCD4085-5D9D-4165-8FF7-8509C1813959}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{CC42B040-FB2D-4DE4-89DA-72FC393C850F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{D6B1646E-A822-4474-8D9D-6B6A5121C2A2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D6B35956-7012-4099-A5CE-2EFD22A696FC}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
"{D733BF0E-CFE0-4E3B-81DF-A9E87B7646CB}" = protocol=17 | dir=in | app=c:\program files\2k games\firaxis games\sid meier's civilization 4 complete\civilization4.exe |
"{DDBC1F66-7598-44BA-9F48-C59D0D656209}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{ECB64449-C610-46DC-A063-44CF88D64A0F}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{F4AD7AB4-9991-4A21-BA8B-CE965875D81F}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{F523959D-9846-4CD2-833C-E1A3615AEEB7}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00FE2935-FB56-4410-AB5F-D6E70C1771D2}" = Garmin WebUpdater
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{0A04086B-0B71-43C3-95EF-FDFC4C18D161}" = SILKYPIX Developer Studio 3.1 SE
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B9B76C9-4967-59FC-C994-191AEA152F04}" = ATI Catalyst Install Manager
"{0C19D563-5F25-4621-BF10-01F741BD283F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools English
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2414" = CanoScan LiDE 110 Scanner Driver
"{12D0BE8D-538C-4AB1-86DE-C540308F50DA}" = VAIO Content Metadata Manager Settings
"{1316AEF2-E086-46C7-B1FB-8C9A39A2ABF9}" = VAIO Media plus
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}" = VAIO Launcher
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{18510937-0146-417B-95D8-14706649C384}" = VAIO Content Metadata Manager Settings
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1B47F7BA-7CF9-4F00-9340-099E3A004059}" = VAIO Update Merge Module x86
"{1B50F09A-CDE0-4F33-A428-2E459CED07EF}" = WD Software Upgrader
"{1F51A0CA-2BDD-474E-BB90-C7FA8EA78F52}" = ImageMixer VCD/DVD2 for OLYMPUS
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2018C019-30D9-4240-8C01-0865C10DCF5A}" = VAIO Presentation Support
"{202F2838-156B-FC76-013F-9241B9673F39}" = CCC Help Thai
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD BD for VAIO
"{226837D8-0BF8-4CBE-BAB2-8F07E2C2B4DD}" = HP Deskjet 1050 J410 series Basic Device Software
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{291FB4BF-EEC7-4CF9-8469-F39ED1DBC4D8}" = VAIO Content Metadata XML Interface Library
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{30D1F3D2-54CF-481D-A005-F94B0E98FEEC}" = Sid Meier's Civilization 4 Complete
"{325ED81A-EC15-7CE8-729B-0392A1DD3854}" = CCC Help Czech
"{326DC400-1FC4-4D7D-946D-06D1EAB93200}" = VAIO Guide 
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3B659FAD-E772-44A3-B7E7-560FF084669F}" = VAIO Smart Network
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CCA23DD-CEDA-CC7F-C74C-4D1EDAE919AA}" = Catalyst Control Center Graphics Full New
"{3E2C691B-B7E6-4053-B5C3-94B8BC407E7A}" = Adobe Premiere Elements 4.0
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{42DD2173-B7CA-8AB3-8AC2-40DFE2CA6FBC}" = CCC Help German
"{430DD2C5-65FD-9781-F9F2-693CAF05CD10}" = Catalyst Control Center InstallProxy
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{46D7A7FB-305B-F77D-60F8-8FAE1C432374}" = Catalyst Control Center InstallProxy
"{4882EBF5-CA37-4EF4-BCB8-9B0E78B907D0}" = VAIO Content Metadata Intelligent Analyzing Manager
"{49B8916D-1DEA-F18A-731F-BF0FE209C63B}" = CCC Help Chinese Standard
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"{4EA55D20-27FB-45D7-8726-147E8A5F6C62}" = VAIO MusicBox
"{4EEAF8D8-CB79-06CA-A566-EAC1726DAABB}" = CCC Help Finnish
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy Media Creator 10 LJ
"{540DB82A-EE11-BBC1-8BD8-BB7D937A53A4}" = CCC Help Hungarian
"{577AD794-8B34-40B4-9E7A-BE4CFFE396E6}" = Microsoft Visual Basic 2005 Express Edition - ENU
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{5882396B-9FB3-37AC-1AE1-5EA344BD7705}" = Catalyst Control Center Graphics Previews Vista
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic
"{5BA149D9-D5FA-5AB3-400B-9F1BF424B7CE}" = CCC Help Chinese Traditional
"{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
"{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update
"{5C5EE8F2-0B38-4C13-AE4E-A87A237FE718}" =
"{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}" = HP Deskjet 1050 J410 series Help
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5E4339CF-F287-4DB9-BE23-D8460487B3A3}" = AVG 2013
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F5867F0-2D23-4338-A206-01A76C823924}" = VAIO Power Management
"{6332AFF1-9D9A-429C-AA03-F82749FA4F49}" = SonicStage Mastering Studio
"{642F96CC-1D3B-20DE-8673-44EE15B3DC2F}" = CCC Help Portuguese
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6D26ACF9-4919-0744-C509-28EAF53112D4}" = CCC Help Dutch
"{6EA78F57-89F2-4B2E-8ADB-3FA6865D32EF}" = AVG 2013
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{71256374-2053-CF0F-BD54-20082980B95C}" = Catalyst Control Center Graphics Full Existing
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71980982-AEA1-480C-B748-0CB376DACDFE}" = WD SmartWare
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{72E40002-8CEC-47C1-A099-83AC8E173BF0}" = WD Drive Utilities
"{72EEB695-388B-4835-8EA6-0C04545B06B9}" = Intel® PROSet/Wireless WiFi Software
"{737D8F4D-24D4-D626-DEC0-9E39A6166890}" = CCC Help Danish
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{7414C891-720D-4E86-85E5-C3AA898DA9EC}" = HP Deskjet 1050 J410 series Product Improvement Study
"{74B705C2-173A-FFD1-98BC-AD5FB647AB38}" = CCC Help Polish
"{761E061F-FB8E-BBB4-69A4-B1DEF3640DB7}" = Zinio Reader 4
"{767E3E57-D183-48F2-B25F-1AA5CBC98F5E}" = VAIO Edit Components
"{784BDC03-2D22-BCAE-5CAC-84AFA799FBDE}" = CCC Help Turkish
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{83270912-15C7-4336-822E-E8F1B1BBCA60}" = WD Security
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{8572CE7D-46B0-70B3-96CD-534F07B35F5D}" = CCC Help Italian
"{87544F2E-CCA5-01BC-AEBC-D8C1D759EE61}" = CCC Help English
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A158B7D-A6E3-49B6-8702-A6A10CCC6323}" = Garmin POI Loader
"{8BD60AEF-3F9D-47AE-B80A-FB7FFCE335A0}" = VAIO Movie Story
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{8F5E3B9E-ABBD-4B35-BB68-626CB9BE98D6}" = MySQL Server 5.1
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90B38901-52C8-85A7-D6C8-9A5592C9FCAA}" = CCC Help Greek
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{959282E3-55A9-49D8-B885-D27CF8A2FD82}" = PHOTOfunSTUDIO 5.0 HD Edition
"{9648D00F-0589-619B-6114-BF2A0620168B}" = CCC Help Korean
"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" =
"{9805E4EE-9B66-CABD-AF6B-4B84F2A8EF46}" = Skins
"{989ED050-E296-4FDC-9E4E-C48B4AF76E32}" = VAIO Content Metadata Intelligent Analyzing Manager
"{98FC7A64-774B-49B5-B046-4B4EBC053FA9}" = VAIO MusicBox Sample Music
"{9973498D-EA29-4A68-BE0B-C88D6E03E928}" = ArcSoft WebCam Companion 2
"{9AC34FA1-BCDE-1D09-5DB7-EB6A064FDEA9}" = CCC Help Spanish
"{9B973FC0-E71F-6F89-10D6-1BFD063D1707}" = CCC Help Swedish
"{9C1C8A04-F8CA-4472-A92D-4288CE32DE86}" = SonicStage Mastering Studio Plugins
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9EAC0E21-510E-4259-A9C6-F5D5B8969036}" = Catalyst Control Center - Branding
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A3563827-B0DB-44DC-B037-15CC4E5E692F}" = VAIO Content Metadata XML Interface Library
"{A3979A05-6834-D0A7-75CD-71B5A9E5F4C0}" = Catalyst Control Center Localization All
"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Function Setting
"{A6F21795-E629-35B2-9487-00A8363B28AA}" = Catalyst Control Center Graphics Light
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{ABA5E381-EC46-425C-86C5-5CD15BBFB4BF}" = Garmin USB Drivers
"{AC76BA86-1033-F400-BA7E-000000000003}" = Adobe Acrobat 8 Standard - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.7)
"{AEA6A4C2-7C4E-48F9-A770-879DE2EDEE1B}" = OpenMG Secure Module 5.4.00
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B1991F22-4F93-4D11-9866-A7DFE551DF9E}" = VAIO Content Metadata Intelligent Analyzing Manager
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story
"{B3668C08-EBB1-40F4-B4F9-4F8E13501A7D}" = VAIO Entertainment Platform
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
"{B7C03E84-AF46-42F4-809D-D4127D9086D0}" = VAIO Edit Components 6.6
"{BA4DA261-CB60-4690-B202-44998DFC6986}" = Microsoft SQL Server 2008 Setup Support Files
"{BACD22AE-5B6B-4F23-B506-3FCFF13AC137}" = VAIO Media plus
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{C0482AA0-9CDF-49B4-9B39-551FD1A7A7E6}" = VAIO Movie Story 1.5 Upgrade
"{C0AD2831-3398-A078-CBEB-39A6B381BB56}" = CCC Help Japanese
"{C18A02EC-966B-E7A7-9AC9-082F770ABF9B}" = CCC Help Russian
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{C9C390CC-F9B9-EFE8-27DF-6EB7FF8F8760}" = CCC Help Norwegian
"{CAAB0192-5704-469F-A0BE-2D842D70E93B}_is1" = Sothink FLV Player
"{CD431A7B-88D8-0823-E66F-CCFAEA6DA7B4}" = ccc-core-static
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Music Transfer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF0F8D1B-5FB9-468D-BD88-E6239906D2B7}" = Click to Disc
"{D035FBF6-FDEF-487D-89CA-6F9DD07B783F}" = Dolby Control Center
"{D17D6E7A-DF1E-41E9-B8C2-0078110221A3}" = VAIO Update Merge Module x86
"{D2D23D08-D10E-43D6-883C-78E0B2AC9CC6}" = VU5x86
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D47E6B9C-F5A5-23B7-AB6A-3806AD4C9529}" = ccc-utility
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{D6DA6836-77C2-5338-10E3-D7A6CD65681D}" = Catalyst Control Center Core Implementation
"{DA8F979E-43B9-3EEC-721C-F297D9509992}" = Catalyst Control Center Graphics Previews Common
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF7DB916-90E5-40F2-9010-B8125EB5FD6F}" = SonicStage Mastering Studio Audio Filter
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E464702F-5433-46EC-8F65-159276C0A54F}" = WIDCOMM Bluetooth Software 6.2.0.4100
"{E4715C25-7114-4F40-A915-C1951D4D7520}" = VAIO Update Merge Module x86
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E6A3770D-C87A-4505-B8C6-A4CF96AC395C}" = SonicStage Mastering Studio
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EC37A846-53AC-4DA7-98FA-76A4E74AA900}" = SonicStage Mastering Studio Audio Filter Custom Preset
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F85C7118-F3DC-4ED9-AB27-3E7931EA3D88}" = Adobe Premiere Elements 4.0 Templates
"{F88A7EB0-90F4-4012-9194-33AF2F1C5BF1}" = VAIO Movie Story 1.5 Upgrade
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE0782BC-7AB0-CF6A-6E38-D3040462C7EC}" = CCC Help French
"{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Easy Media Creator Home
"98157A226B40B173301B0F53C8E98C47805D5152" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Acrobat 8 Standard - English, Français, Deutsch" = Adobe Acrobat 8 Standard - English, Français, Deutsch
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"AVG" = AVG 2013
"AVG Secure Search" = AVG Security Toolbar
"BFG-Big Fish Games Game Suite" = Big Fish Games Game Suite
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"CanonSolutionMenuEX" = Canon Solution Menu EX
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"CSCLIB" = Canon Camera Support Core Library
"DivX Setup.divx.com" = DivX Setup
"DPP" = Canon Utilities Digital Photo Professional 2.2
"dt icon module" =
"ENTERPRISER" = Microsoft Office Enterprise 2007
"EOS Utility" = Canon Utilities EOS Utility
"EPSON Scanner" = EPSON Scan
"ESET Online Scanner" = ESET Online Scanner v3
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"GoToAssist" = GoToAssist 8.0.0.482
"gtfirstboot Setting Request" =
"HP Photo Creations" = HP Photo Creations
"InstallShield_{0A04086B-0B71-43C3-95EF-FDFC4C18D161}" = SILKYPIX Developer Studio 3.1 SE
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD BD for VAIO
"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"InstallShield_{AEA6A4C2-7C4E-48F9-A770-879DE2EDEE1B}" = OpenMG Secure Module 5.4.00
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"MarketingTools" = VAIO Marketing Tools
"MFU Module" =
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 22.0 (x86 en-US)" = Mozilla Firefox 22.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"Orbit_is1" = Orbit Downloader
"Pen Tablet Driver" = Bamboo
"PhotoStitch" = Canon Utilities PhotoStitch
"PremElem40" = Adobe Premiere Elements 4.0
"PremElem40Templates" = Adobe Premiere Elements 4.0 Templates
"ProInst" = Intel PROSet Wireless
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"VAIO Help and Support" =
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite" = Windows Live Essentials
"ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1" = Zinio Reader 4
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 20/07/2013 04:04:48 | Computer Name = Shaun-PC | Source = Perflib | ID = 1008
Description =

Error - 21/07/2013 01:34:23 | Computer Name = Shaun-PC | Source = VzCdbSvc | ID = 7
Description = Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error
code = 0x80042019)

Error - 21/07/2013 01:34:24 | Computer Name = Shaun-PC | Source = WinMgmt | ID = 10
Description =

Error - 21/07/2013 16:17:43 | Computer Name = Shaun-PC | Source = VzCdbSvc | ID = 7
Description = Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error
code = 0x80042019)

Error - 21/07/2013 16:17:43 | Computer Name = Shaun-PC | Source = WinMgmt | ID = 10
Description =

Error - 21/07/2013 16:28:30 | Computer Name = Shaun-PC | Source = Perflib | ID = 1010
Description =

Error - 21/07/2013 16:28:31 | Computer Name = Shaun-PC | Source = Perflib | ID = 1008
Description =

Error - 21/07/2013 18:14:29 | Computer Name = Shaun-PC | Source = EventSystem | ID = 4621
Description =

Error - 22/07/2013 15:32:07 | Computer Name = Shaun-PC | Source = WinMgmt | ID = 10
Description =

Error - 22/07/2013 15:32:07 | Computer Name = Shaun-PC | Source = VzCdbSvc | ID = 7
Description = Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error
code = 0x80042019)

[ OSession Events ]
Error - 15/03/2011 18:27:46 | Computer Name = Shaun-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

Error - 16/03/2011 18:54:12 | Computer Name = Shaun-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8
seconds with 0 seconds of active time. This session ended with a crash.

Error - 18/03/2011 18:51:45 | Computer Name = Shaun-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

Error - 21/03/2011 07:57:34 | Computer Name = Shaun-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

Error - 21/03/2011 08:02:14 | Computer Name = Shaun-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 21/03/2011 08:32:13 | Computer Name = Shaun-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

Error - 21/03/2011 16:54:53 | Computer Name = Shaun-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 04/05/2011 17:15:36 | Computer Name = Shaun-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

Error - 27/05/2011 18:11:20 | Computer Name = Shaun-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 12
seconds with 0 seconds of active time. This session ended with a crash.

Error - 02/06/2011 18:55:39 | Computer Name = Shaun-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 14
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 19/07/2013 03:21:24 | Computer Name = Shaun-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 19/07/2013 03:21:24 | Computer Name = Shaun-PC | Source = Service Control Manager | ID = 7006
Description =

Error - 19/07/2013 19:32:45 | Computer Name = Shaun-PC | Source = Service Control Manager | ID = 7006
Description =

Error - 20/07/2013 03:06:33 | Computer Name = Shaun-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 20/07/2013 08:44:09 | Computer Name = Shaun-PC | Source = bowser | ID = 8003
Description =

Error - 21/07/2013 01:34:25 | Computer Name = Shaun-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 21/07/2013 01:47:50 | Computer Name = Shaun-PC | Source = Service Control Manager | ID = 7006
Description =

Error - 21/07/2013 16:17:44 | Computer Name = Shaun-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 21/07/2013 18:14:34 | Computer Name = Shaun-PC | Source = Service Control Manager | ID = 7006
Description =

Error - 22/07/2013 15:32:07 | Computer Name = Shaun-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >

The output from the Malwarebytes:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.07.22.08

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Shaun :: SHAUN-PC [administrator]

22/07/2013 21:31:33
mbam-log-2013-07-22 (21-31-33).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 311165
Time elapsed: 9 minute(s), 27 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Once again thanks for your time and patience Teima, also thanks to your instructor too!!
  • 0

#12
Teima
Posted 23 July 2013 - 04:04 AM

Teima

    Member

  • Member
  • PipPipPip
  • 833 posts
Hi there! Just a heads up. I'll be absent for the next 48 hours as I'll be on vacation. Hopefully you're fine with me to resume once I'm back. Thanks. :thumbsup:
  • 0

#13
Teima
Posted 26 July 2013 - 05:22 AM

Teima

    Member

  • Member
  • PipPipPip
  • 833 posts
Hello GBUID. Thanks for your patience.

What I don't understand and what worries me about the AVG alerts is that this is the second time this has happened in 3 months. A scan found an infection requiring a Restart to remove it, only for it to be rediscovered on the very next scan, there would a very slight variation in the file name with each scan, which is all classic Rootkit behaviour!

Yes. Rootkits are a hard infection to remove and the staff members here use a variety of different tools which are specialised for these infections. We aren't necessarily reliant on an antivirus scanner to remove it so to speak. :)

AVG forums and they asked me run Gmer, which I did. They posted back that I needed to run the Rescue CD and restore my MBR. Whilst I had been waiting for this response I again began to get clear scans, so was AVG issuing a false positive, had AVG updated the removal tool. If so why did they ask me to do a repair? All very confusing!

I see. Usually I can't make a decision until I see what they've posted on their support forum. But with that in mind Rootkits are renown to reside within the MBR and be resilient to antivirus scanners. Usually a restore of the MBR under supervision will be able to rectify the issue at hand but most of the time there will be some remnants of the malware and helpers will be required to delve into the issue further.

If I understand what you have posted both the "locked file" and the "unknown" are linked to Daemon Tools Pro? Grrrr! As I mentioned the Daemon folder is empty, it isn't a program I use so lets delete the bloody thing, so it doesn't cause any other problems in the future! So there is no malware on my machine??

Based on what you have mentioned and the logs provided within the initial response it appears that just the folder in question remains. Please feel free to delete it. Based on what I have in front of me everything looks about fine, I'll present some further instructions to tidy the machine up before declaring your system as cleansed. :)

I already have Malwarebytes Anti-Malware on my machine as a back up to the AVG. I only ever run it with AVG and it's Firewall off and whilst disconnected from the internet. All it's scans have been negative. I have run the scans you have asked for and the outputs are below.

I see. Usually it would be prudent to run Malwarebytes whilst connected to the internet as this will enable you to achieve the current signatures/updates which helps protect against some of the latest internet threads. And thanks.

Step One

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following.
:OTL
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1287660353-1891574393-3237263245-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1287660353-1891574393-3237263245-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-21-1287660353-1891574393-3237263245-1000\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-21-1287660353-1891574393-3237263245-1001\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
O15 - HKU\S-1-5-21-1287660353-1891574393-3237263245-1001\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-1287660353-1891574393-3237263245-1001\..Trusted Ranges: GD ([http] in Local intranet)

:Commands
[REBOOT]

  • Click run fix.
  • OTL may ask to reboot the machine. Please click the OK button if prompted.
  • Once done a report will be displayed. Copy and paste the contents of that report within your next response.
Step Two

Please run a free online scan with the ESET Online Scanner

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Note: This scan works with Internet Explorer or Mozilla FireFox.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

  • Click the green ESET Online Scanner box
  • Tick the box next to YES, I accept the Terms of Use
    then click on: Start
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
  • Make sure that the option Remove found threats is Not checked
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Then click on: Finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

  • 0

#14
Teima
Posted 28 July 2013 - 05:39 AM

Teima

    Member

  • Member
  • PipPipPip
  • 833 posts
Hello GBUID. Are you still with me? If I don't receive a response within 48 hours I'll be required to mark this topic as closed. ;)
  • 0

#15
GUBID
Posted 28 July 2013 - 11:40 AM

GUBID

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Sorry about the delay! I actually missed the scroll bar on your last response!
With the Malwarebytes I always update it before running it.
I ran the script you provided and OTL did ask for a reboot which I then did. OTL did not however provide a report so am unable to provide that info, I looked for it on my Desktop and in the Downloads folder, where OTL is, but no report. I ran OTL with AVG disabled and disconnected from the internet. Suggestions?
I then downloaded and ran the ESET, I ran it with AVG disabled.
The report is below:

# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=a4618a4270f8ac41a83fa2f30cceeb7d
# engine=14566
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-07-28 05:14:54
# local_time=2013-07-28 06:14:54 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1040 16777213 100 92 22324 62162078 0 0
# compatibility_mode=5892 16776574 100 100 118052123 212564422 0 0
# scanned=251544
# found=0
# cleaned=0
# scan_time=4780
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP