Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Still Having Internet Issues


  • This topic is locked This topic is locked
17 replies to this topic

#1 brattonm_2006

brattonm_2006

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sullivan, IL, USA
  • Local time:02:10 PM

Posted 08 January 2011 - 11:09 PM

Orange Blossom said for me to post a new topic here so I did. This is what I originally said and still is my problem:


Posted Today, 07:18 PM

So, I am having trouble with my laptop using the the internet. It will work with Mozilla Firefox, which is what I'm using right now. But it won't work with Internet Explorer or Google Chrome. The other issue is that it won't install anything that requires the internet to install it. Another example also is that it refuses to update my anti-virus. Now the thing is that I know how to use Combofix and did use it on this laptop. It came back that there was a virus deleted, but it did not resolve the issues. Help!

Thank You,

Mark


Here are the Logs Ya'll Need.


Here's the ComboFix log I mentioned that Orange Blossom said I should post.


ComboFix 11-01-06.05 - RAC 01/07/2011 3:49.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.869 [GMT -6:00]
Running from: c:\users\RAC\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\RAC\AppData\Local\Temp\1.tmp\F_IN_BOX.dll
c:\windows\system32\drivers\etc\lmhosts

.
((((((((((((((((((((((((( Files Created from 2010-12-07 to 2011-01-07 )))))))))))))))))))))))))))))))
.

2011-01-07 09:57 . 2011-01-07 09:57 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-01-07 09:57 . 2011-01-07 09:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-07 09:41 . 2010-12-21 00:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 16:41 . 2010-05-26 01:36 222080 ------w- c:\windows\system32\MpSigStub.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AOLOverlayIcon]
@="{AB0C8BE3-041C-47d6-8195-E089D32B38DD}"
[HKEY_CLASSES_ROOT\CLSID\{AB0C8BE3-041C-47d6-8195-E089D32B38DD}]
2007-10-05 17:54 303104 ------w- c:\ddi\OverIcon.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Google Update"="c:\users\RAC\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-12-28 136176]
"NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2008-01-16 253952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-09-01 4669440]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-06-08 118784]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-19 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-19 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-19 137752]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-09-19 311296]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"VAIO Center Access Bar"="c:\program files\sony\VAIO Center Access Bar\VCAB.exe" [2007-09-06 53248]
"VAIO Help and Support Demo"="c:\program files\Sony\VAIO Help and Support Demo\LaunchVHSD.exe" [2007-08-28 290816]
"VWLASU"="c:\program files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe" [2007-10-13 45056]
"VAIORegistration"="c:\program files\Sony\First Experience\WelcomeLauncher.exe" [2007-10-17 20480]
"VAIOSurvey"="c:\program files\Sony\VAIO Survey\Vista VAIO Survey.exe" [2007-07-20 577536]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 115816]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Skytel"="Skytel.exe" [2007-09-01 1826816]
"InstaLAN"="c:\program files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2010-07-28 1485208]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AOL DDI.lnk - c:\ddi\AOLICON.exe [N/A]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2007-9-11 972064]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-9-8 5185536]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-08-15 04:05 98304 ----a-w- c:\windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools Security\BDT\BDTUpdateService.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-26 136176]
R2 ThreatFire;ThreatFire;c:\program files\ThreatFire\TFService.exe service [x]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2009-07-25 30560]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2010-01-14 33552]
R3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-01-10 745472]
R3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-08-09 397312]
R3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-08-09 1089536]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2007-09-21 79136]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [2009-02-13 11520]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2010-01-14 51984]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2010-01-14 59664]
S1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20100513.001\IDSvix86.sys [2010-04-29 286768]
S2 NSUService;NSUService;c:\program files\Sony\Network Utility\NSUService.exe [2008-01-16 204800]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
S2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2007-09-29 292128]
S2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-09-08 237056]
S2 WDFME;WD File Management Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [2010-09-08 1034752]
S2 WDSC;WD File Management Shadow Engine;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [2010-09-08 484352]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2007-08-29 9344]
S3 SYMNDISV;SYMNDISV;c:\windows\System32\Drivers\SYMNDISV.SYS [2007-01-09 38200]
S3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-06-05 812544]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2011-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-26 03:41]

2011-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-26 03:41]

2011-01-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-183654327-559262815-1035617414-1000Core.job
- c:\users\RAC\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-28 08:42]

2011-01-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-183654327-559262815-1035617414-1000UA.job
- c:\users\RAC\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-28 08:42]

2011-01-07 c:\windows\Tasks\User_Feed_Synchronization-{94C96097-3C91-4E2E-AE81-0CD73CF14FB5}.job
- c:\windows\system32\msfeedssync.exe [2010-10-24 04:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
TCP: {7FA4822C-538A-49EB-92B7-2F28F29C0188} = 192.168.2.1,97.64.187.150
FF - ProfilePath - c:\users\RAC\AppData\Roaming\Mozilla\Firefox\Profiles\eb2rxdkm.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://www.search-results.com/web?o=15868&l=dis&prt=PRT&chn=UN&geo=US&ver=UN&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Adobe DLM (powered by getPlus®): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-07 04:01
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ThreatFire]
"AlternateImagePath"=""
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(3356)
c:\ddi\overicon.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Belkin\Router Setup and Monitor\BelkinService.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\windows\system32\PSIService.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files\Sony\VAIO Event Service\VESMgrSub.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\windows\system32\WUDFHost.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2011-01-07 04:05:00 - machine was rebooted
ComboFix-quarantined-files.txt 2011-01-07 10:04
ComboFix2.txt 2010-10-24 06:28

Pre-Run: 96,704,735,232 bytes free
Post-Run: 98,450,102,272 bytes free

- - End Of File - - 6FC5F332F0D6C052CBD8B7DAFA37ABB5


Then Here's the DSS Log:


DDS (Ver_10-12-12.02) - NTFSx86
Run by RAC at 21:40:25.75 on Sat 01/08/2011
Internet Explorer: 8.0.6001.18975 BrowserJavaVersion: 1.6.0_21
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.871 [GMT -6:00]

AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Sony\Network Utility\NSUService.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\PSIService.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Apoint\Apoint.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\RAC\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Sony\Network Utility\LANUtil.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32Info.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\RAC\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {1e8a6170-7264-4d0f-beae-d42a53123c75} - c:\program files\common files\symantec shared\coshared\browser\1.5\NppBho.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Show Norton Toolbar: {90222687-f593-4738-b738-fbee9c7b26df} - c:\program files\common files\symantec shared\coshared\browser\1.5\UIBHO.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Google Update] "c:\users\rac\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [NSUFloatingUI] "c:\program files\sony\network utility\LANUtil.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Apoint] "c:\program files\apoint\Apoint.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [ISBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [VAIO Center Access Bar] "c:\program files\sony\vaio center access bar\VCAB.exe" 1
mRun: [VAIO Help and Support Demo] "c:\program files\sony\vaio help and support demo\LaunchVHSD.exe"
mRun: [VWLASU] "c:\program files\sony\vaio pc wireless lan wizard\AutoLaunchWLASU.exe"
mRun: [VAIORegistration] "c:\program files\sony\first experience\WelcomeLauncher.exe"
mRun: [VAIOSurvey] "c:\program files\sony\vaio survey\Vista VAIO Survey.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Skytel] Skytel.exe
mRun: [InstaLAN] "c:\program files\belkin\router setup and monitor\BelkinRouterMonitor.exe" startup
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\aolddi~1.lnk - c:\ddi\AOLICON.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
TCP: {7FA4822C-538A-49EB-92B7-2F28F29C0188} = 192.168.2.1,97.64.187.150
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Notify: igfxcui - igfxdev.dll
Notify: VESWinlogon - VESWinlogon.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\rac\appdata\roaming\mozilla\firefox\profiles\eb2rxdkm.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://www.search-results.com/web?o=15868&l=dis&prt=PRT&chn=UN&geo=US&ver=UN&q=
FF - component: c:\users\rac\appdata\roaming\mozilla\firefox\profiles\eb2rxdkm.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\users\rac\appdata\roaming\mozilla\firefox\profiles\eb2rxdkm.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\worldwinner.com, inc\worldwinner games\npwwload.dll
FF - plugin: c:\users\rac\appdata\local\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\users\rac\appdata\roaming\mozilla\firefox\profiles\eb2rxdkm.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Adobe DLM (powered by getPlus®): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}

============= SERVICES / DRIVERS ===============

R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2010-8-13 51984]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2010-8-13 59664]
R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\idsdefs\20100513.001\IDSvix86.sys [2010-5-25 286768]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-7-27 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-7-27 267944]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-7-27 61960]
R2 NSUService;NSUService;c:\program files\sony\network utility\NSUService.exe [2011-1-7 204800]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe [2008-2-16 292128]
R2 WDDMService;WDDMService;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2010-9-8 237056]
R2 WDFME;WD File Management Engine;c:\program files\western digital\wd smartware\front parlor\wdfme\WDFME.exe [2010-9-8 1034752]
R2 WDSC;WD File Management Shadow Engine;c:\program files\western digital\wd smartware\front parlor\WDSC.exe [2010-9-8 484352]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2008-2-16 9344]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\symndisv.sys [2007-1-9 38200]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2008-2-16 812544]
S2 Browser Defender Update Service;Browser Defender Update Service;"c:\program files\pc tools security\bdt\bdtupdateservice.exe" --> c:\program files\pc tools security\bdt\BDTUpdateService.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-25 136176]
S2 ThreatFire;ThreatFire;c:\program files\threatfire\tfservice.exe service --> c:\program files\threatfire\TFService.exe service [?]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2009-7-24 30560]
S3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2010-4-20 1251720]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2010-8-13 33552]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\sony\vaio media integrated server\UCLS.exe [2010-4-20 745472]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\sony\vaio media integrated server\platform\SV_Httpd.exe [2010-4-20 397312]
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\sony\vaio media integrated server\platform\UPnPFramework.exe [2010-4-20 1089536]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper.exe [2008-2-16 79136]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2009-2-13 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2011-01-09 01:08:22 -------- d-----w- c:\users\rac\appdata\roaming\Avira
2011-01-09 00:57:14 -------- d-----w- c:\progra~2\Avira
2011-01-07 10:05:02 -------- d-----w- c:\users\rac\appdata\local\temp
2011-01-07 10:04:14 -------- d-sh--w- C:\$RECYCLE.BIN
2011-01-07 09:41:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-07 09:41:35 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-07 08:45:33 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{f04cd778-9813-432e-a81e-c50b69f8e5a4}\mpengine.dll
2011-01-07 08:16:03 -------- d-----w- c:\users\rac\appdata\local\Western_Digital
2011-01-07 08:11:53 -------- d-----w- c:\users\rac\appdata\local\Western Digital
2011-01-07 08:11:49 -------- d-----w- c:\progra~2\Western Digital
2011-01-07 08:09:27 -------- d-----w- c:\program files\Western Digital
2011-01-07 03:58:27 -------- d-----w- c:\users\rac\appdata\local\GameSpy
2010-12-15 21:11:22 2048 ----a-w- c:\windows\system32\tzres.dll
2010-12-15 21:11:11 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2010-12-13 19:23:46 -------- d-----w- c:\program files\Daniusoft

==================== Find3M ====================

2010-11-23 17:07:08 3452 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-11-23 17:07:06 88 --sh--r- c:\windows\system32\0296C6CDA0.sys
2010-11-08 07:20:24 89088 ----a-w- c:\windows\MBR.exe
2010-10-19 16:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe

============= FINISH: 21:45:48.87 ===============


I put the Attach file in the Attachments like the instructions say.


Here's the GMER Log:


GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-01-08 21:39:51
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST916082 rev.3.AL
Running: gmer.exe; Driver: C:\Users\RAC\AppData\Local\Temp\agldrpog.sys


---- System - GMER 1.0.15 ----

SSDT 84DE44B0 ZwAllocateVirtualMemory
SSDT 86F33B40 ZwConnectPort
SSDT 84DE4FA8 ZwCreateKey
SSDT 84DE49D8 ZwCreateProcess
SSDT 84DE4960 ZwCreateProcessEx
SSDT 84DE4780 ZwCreateThread
SSDT 84DF7B70 ZwDeleteKey
SSDT 84DF7990 ZwDeleteValueKey
SSDT 84DE4528 ZwQueueApcThread
SSDT 84DE43C0 ZwReadVirtualMemory
SSDT 84DF7AF8 ZwRenameKey
SSDT 84DE4618 ZwSetDefaultUILanguage
SSDT 84DF7A80 ZwSetInformationToken
SSDT 84DE4870 ZwSetIoCompletion
SSDT 84DE4690 ZwSetLdtEntries
SSDT 84DF7A08 ZwStartProfile
SSDT \SystemRoot\system32\drivers\TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwTerminateProcess [0x82B2DB30]
SSDT 84DE45A0 ZwTerminateThread
SSDT 84DE48E8 ZwThawTransactions
SSDT 84DE4708 ZwTraceEvent
SSDT 84DE4438 ZwReleaseKeyedEvent
SSDT 84DE4348 ZwAcquireCMFViewOwnership

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 131 81EF5894 4 Bytes [B0, 44, DE, 84]
.text ntkrnlpa.exe!KeSetEvent + 1C1 81EF5924 4 Bytes [40, 3B, F3, 86]
.text ntkrnlpa.exe!KeSetEvent + 1E9 81EF594C 4 Bytes [A8, 4F, DE, 84]
.text ntkrnlpa.exe!KeSetEvent + 209 81EF596C 8 Bytes [D8, 49, DE, 84, 60, 49, DE, ...]
.text ntkrnlpa.exe!KeSetEvent + 221 81EF5984 4 Bytes [80, 47, DE, 84] {ADD BYTE [EDI-0x22], 0x84}
.text ...
? C:\Users\RAC\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[5628] ntdll.dll!LdrLoadDll 773B9390 5 Bytes JMP 001013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs SSFS0509.SYS (Spy Sweeper FileSystem Filter Driver/Webroot Software Inc (www.webroot.com))
AttachedDevice \FileSystem\Ntfs \Ntfs TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools)
AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

---- EOF - GMER 1.0.15 ----


And that's all I got. I hope this helps my issue.


Thanks!

Attached Files



BC AdBot (Login to Remove)

 


#2 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:09:10 PM

Posted 14 January 2011 - 11:57 AM

Hello, brattonm_2006
Welcome to the Bleeping Computer Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.

If you do not make a reply in 4-5 days, we will have to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
  • Please set your system to show all files.
    Click Start, open My Computer, select the Tools menu and click Folder Options.
    Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
    Uncheck: Hide file extensions for known file types
    Uncheck the Hide protected operating system files (recommended) option.
    Click Yes to confirm.





  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemdrive%\*.sys /90 /md5
  • Push the Quick Scan button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized






Please download Rootkit Unhooker from one of the following links and save it to your desktop. Link 1 (.exe file) Link 2 (zipped file) Link 3 (.rar file) In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.
  • Double-click on RKUnhookerLE.exe to start the program. Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".




Also please navigate to C:\Qoobox and post back with the content of Combofix2.txt.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#3 brattonm_2006

brattonm_2006
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sullivan, IL, USA
  • Local time:02:10 PM

Posted 19 January 2011 - 01:11 AM

OTL logfile created on: 1/18/2011 11:49:40 PM - Run 1
OTL by OldTimer - Version 3.2.20.2 Folder = C:\Users\RAC\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 48.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 141.13 Gb Total Space | 86.94 Gb Free Space | 61.61% Space Free | Partition Type: NTFS

Computer Name: JASON-LAP | User Name: RAC | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/18 23:46:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\RAC\Desktop\OTL.exe
PRC - [2010/12/21 05:16:36 | 001,739,848 | ---- | M] (ManyCam LLC) -- C:\Program Files\ManyCam\Bin\ManyCam.exe
PRC - [2010/12/13 08:40:07 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/12/13 08:39:54 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/12/13 08:39:54 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/09/08 10:45:10 | 001,034,752 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
PRC - [2010/09/08 10:44:50 | 000,484,352 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
PRC - [2010/09/08 10:42:28 | 005,185,536 | ---- | M] (Western Digital Technologies, Inc.) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
PRC - [2010/09/08 10:41:36 | 000,237,056 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2010/07/28 17:34:02 | 000,569,752 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
PRC - [2010/07/28 17:33:58 | 006,995,864 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
PRC - [2010/07/28 17:33:58 | 001,485,208 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
PRC - [2010/04/01 11:58:04 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/29 16:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2008/01/16 14:44:44 | 000,253,952 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Network Utility\LANUtil.exe
PRC - [2008/01/16 12:49:26 | 000,204,800 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Network Utility\NSUService.exe
PRC - [2007/10/12 18:29:56 | 000,045,056 | ---- | M] (Sony Electronics, Inc.) -- C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe
PRC - [2007/10/10 18:24:26 | 000,921,600 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
PRC - [2007/09/28 23:11:44 | 000,292,128 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
PRC - [2007/09/19 13:09:58 | 000,311,296 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\ISB Utility\ISBMgr.exe
PRC - [2007/09/19 06:20:05 | 000,166,424 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxext.exe
PRC - [2007/09/05 10:53:48 | 000,020,480 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2007/08/28 18:27:12 | 000,131,072 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
PRC - [2007/08/28 18:27:10 | 000,192,512 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2007/08/14 22:05:18 | 000,182,392 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2007/08/14 22:05:18 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2007/06/28 10:52:48 | 000,274,432 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2007/06/08 06:35:43 | 000,118,784 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2007/06/08 06:35:43 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2007/06/08 06:35:39 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApMsgFwd.exe
PRC - [2007/06/05 14:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe
PRC - [2007/01/09 22:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2007/01/04 20:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe


========== Modules (SafeList) ==========

MOD - [2011/01/18 23:46:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\RAC\Desktop\OTL.exe
MOD - [2010/08/31 09:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (ThreatFire)
SRV - File not found [Auto | Stopped] -- -- (Browser Defender Update Service)
SRV - [2010/12/13 08:40:07 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/12/13 08:39:54 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/09/08 10:45:10 | 001,034,752 | ---- | M] () [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME)
SRV - [2010/09/08 10:44:50 | 000,484,352 | ---- | M] () [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC)
SRV - [2010/09/08 10:41:36 | 000,237,056 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2010/07/28 17:34:02 | 000,569,752 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)
SRV - [2010/05/25 19:42:53 | 001,251,720 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2010/03/29 07:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/24 19:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2008/01/29 16:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2008/01/20 20:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/16 12:49:26 | 000,204,800 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\Network Utility\NSUService.exe -- (NSUService)
SRV - [2007/09/28 23:11:44 | 000,292,128 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2007/09/23 12:36:38 | 002,818,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2007/09/20 20:52:32 | 000,079,136 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper)
SRV - [2007/09/12 17:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/09/05 10:53:48 | 000,020,480 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2007/08/28 18:27:12 | 000,131,072 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2007/08/28 18:27:10 | 000,192,512 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2007/08/14 22:05:18 | 000,182,392 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2007/08/09 01:51:32 | 000,499,712 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2007/08/09 01:51:30 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-UCLS-UPnP) VAIO Media Content Collection (UPnP)
SRV - [2007/08/09 01:51:30 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP)
SRV - [2007/08/09 01:51:30 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-UCLS-HTTP) VAIO Media Content Collection (HTTP)
SRV - [2007/08/09 01:51:30 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP)
SRV - [2007/06/28 10:53:04 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2007/06/28 10:52:48 | 000,274,432 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2007/06/05 14:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2007/05/24 08:08:44 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2007/01/12 20:40:58 | 000,049,248 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2007/01/10 17:51:06 | 000,745,472 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe -- (VAIOMediaPlatform-UCLS-AppServer)
SRV - [2007/01/09 22:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice Ex)
SRV - [2007/01/09 22:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2007/01/09 22:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2007/01/09 22:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2007/01/04 20:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/12/14 04:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 04:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 03:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2005/11/14 03:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2010/12/13 08:40:21 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/12/13 08:40:21 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/05/25 19:43:57 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/05/17 08:51:24 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/04/29 00:26:48 | 000,286,768 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20100513.001\IDSvix86.sys -- (IDSvix86)
DRV - [2010/01/14 15:08:30 | 000,059,664 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - [2010/01/14 15:08:28 | 000,051,984 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2010/01/14 15:08:28 | 000,033,552 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2009/07/24 18:28:50 | 000,030,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2009/05/11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/04/10 22:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/02/13 12:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/01/20 20:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 20:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 20:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 20:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 20:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 20:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 20:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 20:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 20:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 20:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/20 20:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 20:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 20:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 20:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 20:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 20:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 20:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 20:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 20:23:22 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2008/01/20 20:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 20:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 20:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 20:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2008/01/20 20:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 20:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 20:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 20:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/11/30 22:57:12 | 000,317,616 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2007/11/30 22:57:12 | 000,279,088 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2007/11/30 22:57:12 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2007/10/28 06:28:02 | 000,776,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/09/19 15:38:18 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
DRV - [2007/09/19 06:24:58 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/09/19 06:24:49 | 000,985,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2007/09/19 06:24:45 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2007/09/19 06:24:45 | 000,207,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2007/09/19 06:24:37 | 000,246,784 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2007/09/19 06:19:52 | 001,776,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2007/09/18 21:30:44 | 002,222,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2007/09/01 08:08:23 | 001,841,312 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/08/28 19:58:06 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
DRV - [2007/07/27 17:28:28 | 000,020,792 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\sskbfd.sys -- (SSKBFD)
DRV - [2007/07/27 17:28:26 | 000,144,696 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\SYSTEM32\Drivers\SSIDRV.SYS -- (SSIDRV)
DRV - [2007/07/27 17:28:24 | 000,021,816 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\SYSTEM32\Drivers\SSHRMD.SYS -- (SSHRMD)
DRV - [2007/07/27 17:28:24 | 000,020,280 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\SYSTEM32\Drivers\SSFS0509.SYS -- (SSFS0509)
DRV - [2007/06/08 06:35:43 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/06/05 06:17:29 | 000,812,544 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2007/05/24 18:36:21 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2007/04/17 21:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2007/04/14 01:49:32 | 000,418,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2007/02/28 07:05:36 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2007/01/09 15:32:14 | 000,191,544 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2007/01/09 15:32:14 | 000,145,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2007/01/09 15:32:14 | 000,040,120 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2007/01/09 15:32:14 | 000,038,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMNDISV.SYS -- (SYMNDISV)
DRV - [2007/01/09 15:32:14 | 000,027,576 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2007/01/09 15:32:14 | 000,012,984 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2006/11/02 03:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 03:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 03:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 03:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 03:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 03:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 03:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 03:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 03:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 03:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 03:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 02:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 02:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 02:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 02:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 02:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 02:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 01:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.7.1.3
FF - prefs.js..keyword.URL: "http://www.search-results.com/web?o=15868&l=dis&prt=PRT&chn=UN&geo=US&ver=UN&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/02 00:46:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/23 11:11:00 | 000,000,000 | ---D | M]

[2010/05/25 19:21:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RAC\AppData\Roaming\mozilla\Extensions
[2011/01/18 02:21:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RAC\AppData\Roaming\mozilla\Firefox\Profiles\eb2rxdkm.default\extensions
[2010/05/27 15:34:37 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\RAC\AppData\Roaming\mozilla\Firefox\Profiles\eb2rxdkm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/16 12:59:32 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Users\RAC\AppData\Roaming\mozilla\Firefox\Profiles\eb2rxdkm.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2010/06/04 03:39:22 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Users\RAC\AppData\Roaming\mozilla\Firefox\Profiles\eb2rxdkm.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/10/02 00:42:10 | 000,001,729 | ---- | M] () -- C:\Users\RAC\AppData\Roaming\Mozilla\Firefox\Profiles\eb2rxdkm.default\searchplugins\ask.uk.xml
[2010/11/20 15:31:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/10 21:44:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/11/20 15:31:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/25 20:11:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/08/25 20:10:40 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/01/07 04:00:28 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [InstaLAN] C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [VAIO Center Access Bar] c:\program files\sony\VAIO Center Access Bar\VCAB.exe (Sony Electronics, Inc.)
O4 - HKLM..\Run: [VAIO Help and Support Demo] C:\Program Files\Sony\VAIO Help and Support Demo\LaunchVHSD.exe ()
O4 - HKLM..\Run: [VAIORegistration] C:\Program Files\Sony\First Experience\WelcomeLauncher.exe (Sony Electronics, Inc.)
O4 - HKLM..\Run: [VAIOSurvey] C:\Program Files\Sony\VAIO Survey\Vista VAIO Survey.exe ()
O4 - HKLM..\Run: [VWLASU] C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe (Sony Electronics, Inc.)
O4 - HKCU..\Run: [ManyCam] C:\Program Files\ManyCam\Bin\ManyCam.exe (ManyCam LLC)
O4 - HKCU..\Run: [NSUFloatingUI] C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img16.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img16.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (SsiEfr.exe) - C:\Windows\System32\ssiefr.EXE (Webroot Software Inc (www.webroot.com))
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/01/18 23:46:45 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\RAC\Desktop\OTL.exe
[2011/01/18 12:06:08 | 000,000,000 | R--D | C] -- C:\Users\RAC\Desktop\Mark
[2011/01/14 18:06:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Related Programs
[2011/01/14 18:06:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
[2011/01/14 18:06:13 | 000,000,000 | ---D | C] -- C:\Program Files\NCH Software
[2011/01/11 23:41:15 | 000,000,000 | ---D | C] -- C:\Users\RAC\AppData\Roaming\PrimoPDF
[2011/01/11 23:40:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrimoPDF
[2011/01/11 23:40:37 | 000,000,000 | ---D | C] -- C:\Program Files\Nitro PDF
[2011/01/11 23:33:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2011/01/11 23:33:09 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator
[2011/01/11 16:27:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Trymedia
[2011/01/11 16:04:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firaxis Games
[2011/01/11 16:04:16 | 000,000,000 | ---D | C] -- C:\Program Files\Firaxis Games
[2011/01/08 23:04:24 | 000,000,000 | ---D | C] -- C:\Users\RAC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ManyCam
[2011/01/08 19:08:22 | 000,000,000 | ---D | C] -- C:\Users\RAC\AppData\Roaming\Avira
[2011/01/08 18:57:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011/01/07 04:05:03 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/01/07 04:05:02 | 000,000,000 | ---D | C] -- C:\Users\RAC\AppData\Local\temp
[2011/01/07 04:04:14 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/01/07 03:46:21 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/01/07 03:41:38 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/01/07 03:41:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/01/07 03:41:35 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/01/07 02:16:03 | 000,000,000 | ---D | C] -- C:\Users\RAC\AppData\Local\Western_Digital
[2011/01/07 02:11:53 | 000,000,000 | ---D | C] -- C:\Users\RAC\AppData\Local\Western Digital
[2011/01/07 02:11:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Western Digital
[2011/01/07 02:09:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WD SmartWare
[2011/01/07 02:09:27 | 000,000,000 | ---D | C] -- C:\Program Files\Western Digital
[2011/01/06 21:58:27 | 000,000,000 | ---D | C] -- C:\Users\RAC\AppData\Local\GameSpy
[2011/01/06 16:01:48 | 000,000,000 | ---D | C] -- C:\Users\RAC\Documents\My Downloads
[2011/01/06 15:59:42 | 000,000,000 | ---D | C] -- C:\Users\RAC\AppData\Roaming\IGN_DLM
[2011/01/06 15:51:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2011/01/06 15:51:48 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2010/12/28 02:43:30 | 000,000,000 | ---D | C] -- C:\Users\RAC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2010/05/25 23:18:17 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\RAC\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2011/01/18 23:52:18 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/01/18 23:52:18 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/01/18 23:48:25 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-183654327-559262815-1035617414-1000UA.job
[2011/01/18 23:47:23 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/18 23:46:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\RAC\Desktop\OTL.exe
[2011/01/18 23:43:49 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/18 23:43:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/01/18 21:59:39 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/01/18 21:59:39 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/01/18 21:52:18 | 000,366,840 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/01/18 21:49:22 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/18 12:02:35 | 000,002,574 | ---- | M] () -- C:\Users\RAC\checklist for roosevelt.rtf
[2011/01/18 05:12:29 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{94C96097-3C91-4E2E-AE81-0CD73CF14FB5}.job
[2011/01/18 02:48:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-183654327-559262815-1035617414-1000Core.job
[2011/01/16 01:10:54 | 000,029,184 | ---- | M] () -- C:\Users\RAC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/14 01:04:03 | 000,042,228 | ---- | M] () -- C:\Users\RAC\Documents\Transcript Request 2a.pdf
[2011/01/14 01:03:32 | 000,090,158 | ---- | M] () -- C:\Users\RAC\Documents\Transcript Request 1a.pdf
[2011/01/14 01:03:07 | 000,187,257 | ---- | M] () -- C:\Users\RAC\Documents\Transcript Request 2.pdf
[2011/01/14 01:02:45 | 000,208,380 | ---- | M] () -- C:\Users\RAC\Documents\Transcript Request 1.pdf
[2011/01/11 23:41:59 | 000,082,587 | ---- | M] () -- C:\Users\RAC\Documents\UINDY Fax Authorization.pdf
[2011/01/11 23:40:38 | 000,000,944 | ---- | M] () -- C:\Users\Public\Desktop\PrimoPDF - Drop Files Here to Convert!.lnk
[2011/01/11 23:40:38 | 000,000,314 | ---- | M] () -- C:\Windows\primopdf.ini
[2011/01/11 23:33:12 | 000,000,828 | ---- | M] () -- C:\Users\RAC\PDFCreator.lnk
[2011/01/11 16:04:21 | 000,001,117 | ---- | M] () -- C:\Users\RAC\Launch Sid Meier's Civilization 4.lnk
[2011/01/08 23:04:24 | 000,000,930 | ---- | M] () -- C:\Users\RAC\Application Data\Microsoft\Internet Explorer\Quick Launch\ManyCam.lnk
[2011/01/07 04:00:28 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/01/07 03:41:38 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/07 03:25:37 | 000,002,046 | ---- | M] () -- C:\Users\RAC\Desktop\Google Chrome.lnk
[2011/01/07 02:11:35 | 000,001,221 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk
[2011/01/06 16:00:58 | 000,000,943 | ---- | M] () -- C:\Users\RAC\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/12/28 02:43:35 | 000,001,994 | ---- | M] () -- C:\Users\RAC\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2011/01/14 01:04:02 | 000,042,228 | ---- | C] () -- C:\Users\RAC\Documents\Transcript Request 2a.pdf
[2011/01/14 01:03:31 | 000,090,158 | ---- | C] () -- C:\Users\RAC\Documents\Transcript Request 1a.pdf
[2011/01/14 01:03:06 | 000,187,257 | ---- | C] () -- C:\Users\RAC\Documents\Transcript Request 2.pdf
[2011/01/14 01:02:43 | 000,208,380 | ---- | C] () -- C:\Users\RAC\Documents\Transcript Request 1.pdf
[2011/01/11 23:41:58 | 000,082,587 | ---- | C] () -- C:\Users\RAC\Documents\UINDY Fax Authorization.pdf
[2011/01/11 23:40:38 | 000,176,235 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
[2011/01/11 23:40:38 | 000,000,944 | ---- | C] () -- C:\Users\Public\Desktop\PrimoPDF - Drop Files Here to Convert!.lnk
[2011/01/11 23:33:12 | 000,000,828 | ---- | C] () -- C:\Users\RAC\PDFCreator.lnk
[2011/01/11 23:33:10 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011/01/11 16:04:21 | 000,001,117 | ---- | C] () -- C:\Users\RAC\Launch Sid Meier's Civilization 4.lnk
[2011/01/08 23:04:24 | 000,000,930 | ---- | C] () -- C:\Users\RAC\Application Data\Microsoft\Internet Explorer\Quick Launch\ManyCam.lnk
[2011/01/07 03:41:38 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/07 03:25:37 | 000,002,046 | ---- | C] () -- C:\Users\RAC\Desktop\Google Chrome.lnk
[2011/01/07 02:11:35 | 000,001,221 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk
[2010/12/28 02:43:35 | 000,001,994 | ---- | C] () -- C:\Users\RAC\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/12/28 02:43:02 | 000,000,900 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-183654327-559262815-1035617414-1000UA.job
[2010/12/28 02:43:01 | 000,000,848 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-183654327-559262815-1035617414-1000Core.job
[2010/06/03 21:32:09 | 000,003,452 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2010/06/03 21:32:09 | 000,000,088 | RHS- | C] () -- C:\Windows\System32\0296C6CDA0.sys
[2010/06/03 21:28:08 | 000,002,048 | ---- | C] () -- C:\Users\RAC\AppData\Roaming\wklnhst.dat
[2010/05/26 20:07:45 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/05/25 23:29:31 | 000,029,184 | ---- | C] () -- C:\Users\RAC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/25 23:18:57 | 000,000,034 | ---- | C] () -- C:\Users\RAC\AppData\Roaming\pcouffin.log
[2010/05/25 23:18:17 | 000,007,887 | ---- | C] () -- C:\Users\RAC\AppData\Roaming\pcouffin.cat
[2010/05/25 23:18:17 | 000,001,144 | ---- | C] () -- C:\Users\RAC\AppData\Roaming\pcouffin.inf
[2010/05/25 21:40:54 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/05/25 19:35:43 | 000,000,000 | ---- | C] () -- C:\Windows\WinInit.ini
[2010/04/20 14:51:38 | 000,019,968 | ---- | C] () -- C:\Windows\System32\Cpuinf32.dll
[2010/04/20 14:50:25 | 000,344,064 | ---- | C] () -- C:\Windows\System32\SSMSIppCustom.dll
[2009/12/20 19:42:18 | 000,000,314 | ---- | C] () -- C:\Windows\primopdf.ini
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008/02/16 15:29:46 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2008/02/16 14:10:58 | 000,910,464 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2008/02/16 14:10:58 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2008/02/16 14:10:58 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1295.dll
[2006/11/02 06:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== LOP Check ==========

[2010/05/26 20:17:07 | 000,000,000 | ---D | M] -- C:\Users\RAC\AppData\Roaming\acccore
[2010/11/11 11:59:36 | 000,000,000 | ---D | M] -- C:\Users\RAC\AppData\Roaming\InterVideo
[2011/01/08 23:37:30 | 000,000,000 | ---D | M] -- C:\Users\RAC\AppData\Roaming\ManyCam
[2010/11/20 15:41:09 | 000,000,000 | ---D | M] -- C:\Users\RAC\AppData\Roaming\OpenOffice.org
[2011/01/14 01:04:04 | 000,000,000 | ---D | M] -- C:\Users\RAC\AppData\Roaming\PrimoPDF
[2010/09/11 19:48:45 | 000,000,000 | ---D | M] -- C:\Users\RAC\AppData\Roaming\Stellarium
[2010/06/03 21:28:10 | 000,000,000 | ---D | M] -- C:\Users\RAC\AppData\Roaming\Template
[2010/09/10 21:56:15 | 000,000,000 | ---D | M] -- C:\Users\RAC\AppData\Roaming\uTorrent
[2010/11/30 02:49:57 | 000,000,000 | ---D | M] -- C:\Users\RAC\AppData\Roaming\Vso
[2010/12/05 03:57:34 | 000,000,000 | ---D | M] -- C:\Users\RAC\AppData\Roaming\Worldwinner
[2011/01/18 21:48:03 | 000,032,558 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/01/18 05:12:29 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{94C96097-3C91-4E2E-AE81-0CD73CF14FB5}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/04/11 00:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/11 00:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/01/20 21:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/20 21:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/20 21:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 04:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 04:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemdrive%\*.sys /90 /md5 >
[2011/01/18 21:49:22 | 2137,448,448 | -HS- | M] () Unable to obtain MD5 -- C:\hiberfil.sys
[2011/01/18 21:49:20 | 2451,
247,104 | -HS- | M] () Unable to obtain MD5 -- C:\pagefile.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:430C6D84

< End of report >





OTL Extras logfile created on: 1/18/2011 11:49:40 PM - Run 1
OTL by OldTimer - Version 3.2.20.2 Folder = C:\Users\RAC\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 48.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 141.13 Gb Total Space | 86.94 Gb Free Space | 61.61% Space Free | Partition Type: NTFS

Computer Name: JASON-LAP | User Name: RAC | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00103F62-1C9F-461D-8EA1-C51E2F49FD3A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{01B4E407-7115-47D0-BA23-2A4389CCAD9D}" = lport=3390 | protocol=6 | dir=in | app=system |
"{03C5005B-35B9-43AD-A3F4-DD4566485AAE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{07A4EF87-0D9E-448C-AB8B-4BF67C4CFCF5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{094F56FC-858F-49D1-B44A-A9C0DDBD69EA}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=c:\windows\system32\dfsr.exe |
"{0D573F60-C3EE-4FCC-85F4-23EDFB2428B9}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{0E790B28-2C7C-4A40-B6ED-61723AB188D0}" = lport=2178 | protocol=6 | dir=in | app=system |
"{0FB4D73B-89C8-43BE-B4F1-B81AF06CEED7}" = lport=80 | protocol=6 | dir=in | name=@wsmres.dll,-50 |
"{1119278A-68F4-4F0B-905D-BAEA72CDF6A9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{11D46811-7219-471F-8CF1-7D0768467B3F}" = lport=rpc | protocol=6 | dir=in | svc=eventlog | app=c:\windows\system32\svchost.exe |
"{1B3BBA87-DA46-431C-A3B9-59A7E5F489B7}" = rport=445 | protocol=6 | dir=out | app=system |
"{1BB96765-A02F-4658-9E8E-FE869B1E1667}" = rport=3702 | protocol=17 | dir=out | app=c:\windows\system32\p2phost.exe |
"{1C43E8A0-2D79-497A-B2F3-E7F3E43F7614}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=c:\windows\system32\svchost.exe |
"{1CC24387-6956-49CC-B436-1513D872CCE4}" = lport=7777 | protocol=17 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{1E7A6533-27F4-43F4-8EF1-5968F6930B6C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{2097F439-1A8A-4044-A514-F13DBA31FEA0}" = rport=1723 | protocol=6 | dir=out | app=system |
"{20AE90C4-E0FA-4E26-BB13-BB6C35868476}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{21F307A3-B8C6-46EF-ADB7-CA46133DEF09}" = lport=445 | protocol=6 | dir=in | app=system |
"{224E8D9A-76BD-4EB3-A4F2-E15D49D0880D}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=c:\windows\system32\svchost.exe |
"{24C8C2D3-60F2-4EDA-8B5E-BA2DEF97F00C}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{251F4917-5816-4791-8C71-B5D40973E133}" = lport=3702 | protocol=17 | dir=in | app=c:\windows\system32\netproj.exe |
"{25CE6FB6-6EB6-4843-A7DF-FF5E472C6121}" = lport=2178 | protocol=6 | dir=in | app=system |
"{26F58DE8-47A6-4DE2-83DB-6F98AEBF5A87}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{2B05244A-2E61-4704-B418-6F79BD318BF4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{2F38DDD5-CC19-44A3-AA18-5DD553A38430}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{2FA674C9-4AD6-408F-833E-8561A354366C}" = lport=3702 | protocol=17 | dir=in | svc=bits | app=c:\windows\system32\svchost.exe |
"{2FB3315E-EEDE-48F8-A451-C473CE41AB8B}" = lport=3702 | protocol=17 | dir=in | app=c:\windows\system32\p2phost.exe |
"{304A9A49-CC5C-4C71-8C5E-14543DFB7A12}" = lport=3702 | protocol=17 | dir=in | app=c:\windows\system32\p2phost.exe |
"{328EA87D-7A8A-4DA5-8737-8E54440E3259}" = lport=1723 | protocol=6 | dir=in | app=system |
"{331900EA-A0C5-44E9-AF83-8F9637C87A60}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{344DE792-D889-4EBA-B387-B82F30B9B728}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=c:\windows\system32\svchost.exe |
"{34F42A4F-4F02-4995-9C7B-CE62CF2867CA}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{3531FB4A-950E-49A9-A4C0-9D55BD7A2415}" = lport=10244 | protocol=6 | dir=in | app=system |
"{387B4478-0662-4ABF-BAE0-FD3BECB65BA8}" = lport=2869 | protocol=6 | dir=in | app=system |
"{38AA205F-77BC-4C33-BD15-BB5FF23A2F21}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=c:\windows\system32\svchost.exe |
"{3ACFD244-1CD8-472E-AF7F-808564245BEE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{3CB4F6BA-0D23-4CA2-988A-265A6224369C}" = lport=rpc | protocol=6 | dir=in | svc=bits | app=c:\windows\system32\svchost.exe |
"{3E38D51C-D5FE-4CAA-8574-DC956B430D54}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{405FF80F-6128-427B-80E9-B3FF35D8A08E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{4177501B-B1C6-4E11-A0C2-B33E04B63936}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{45E85AB9-65A2-4D80-A110-7A2F1D52E585}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{45ED2B6F-A539-4E04-A15E-3EE629B55F65}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{46FB5EC1-0A6C-4909-8F88-D3ADA0D11614}" = lport=3702 | protocol=17 | dir=in | svc=bits | app=c:\windows\system32\svchost.exe |
"{498406C8-7F11-43A5-854A-659AEA0D6D7E}" = lport=5358 | protocol=6 | dir=in | app=system |
"{49CAD714-DFE2-48A1-A318-76923C14CE77}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{4A4BE812-957A-415C-882C-C371292615B2}" = lport=443 | protocol=6 | dir=in | app=system |
"{4C052234-308E-461F-99C4-33B822616C03}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4C6E9DC7-D8D5-4BCD-988A-E6BACC95C6B8}" = rport=5358 | protocol=6 | dir=out | app=system |
"{4DB842C1-0A76-4DA1-B6C0-8470EC359E0B}" = rport=1701 | protocol=17 | dir=out | app=system |
"{50A9EC29-8D2A-43AC-8E47-8A9FABF1426C}" = lport=139 | protocol=6 | dir=in | app=system |
"{526AF438-CB52-4702-AF60-2A5A80C12CA6}" = lport=554 | protocol=6 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{5302FE52-34D1-4375-9252-00483AFB94F8}" = lport=445 | protocol=6 | dir=in | app=system |
"{54A20C7A-34BA-4060-9265-B479F338E49B}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=c:\windows\system32\svchost.exe |
"{57B0647F-3A2B-4AEC-84CD-118AC9EEA2CB}" = rport=139 | protocol=6 | dir=out | app=system |
"{57DEBE24-7484-4EB1-81EA-B6A2F0DA9281}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{5B3058A2-2776-4C85-8A43-AB4D95079439}" = lport=10243 | protocol=6 | dir=in | app=system |
"{5DDF1A73-1A23-4D73-96F3-257F4B9F1B0C}" = rport=10244 | protocol=6 | dir=out | app=system |
"{5E07D172-FF43-4EDF-9AB9-4CF010AD0647}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{5E81B8B6-AE8D-434B-8695-9391A12ACEAA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{5F1E2831-63FF-4FDB-B56B-4E8B82847DF2}" = lport=3390 | protocol=6 | dir=in | app=system |
"{650443CF-3F0C-4553-B178-B4643AFA4320}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{687BB0EB-6C08-4BDD-B5CE-C67E56496098}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{6B172FB2-AA93-4027-9759-084BD6420C22}" = rport=2178 | protocol=6 | dir=out | app=system |
"{6B6403B7-2843-4B33-BA64-988B14FC1E1F}" = lport=5985 | protocol=6 | dir=in | app=system |
"{6E1C2249-C7FE-43D2-963A-F314A9442DBC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{6ECE13E3-30F1-4778-AC35-448AFF63A974}" = lport=162 | protocol=17 | dir=in | svc=snmptrap | app=c:\windows\system32\snmptrap.exe |
"{71BB4183-25E7-44D7-9016-2E7BCC9F526B}" = rport=3702 | protocol=17 | dir=out | app=c:\windows\system32\netproj.exe |
"{73EDEFF0-D6BB-4181-AA8C-C11035644D7D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{75DB0221-5A3B-443E-9B26-7A773623ADEE}" = lport=rpc | protocol=6 | dir=in | svc=vds | app=c:\windows\system32\vds.exe |
"{779CD642-AD1F-497C-AA97-EAB884C299E1}" = lport=445 | protocol=6 | dir=in | app=system |
"{7B11C632-85F1-4D88-8D4A-5F24AE482DBD}" = rport=3702 | protocol=17 | dir=out | app=c:\windows\system32\netproj.exe |
"{7CA7ABE3-A050-4383-84B7-2B95E247FAAB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{7E87D20B-FFBB-40E4-9618-BA96576D8759}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{82C2F802-E198-4F9B-BA47-38F546C5AE6E}" = lport=445 | protocol=6 | dir=in | app=system |
"{833D4C18-5BED-4E2D-8A4A-CC88D0312569}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{834A483E-96E8-4F26-8C9E-021E6C366AB2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=c:\windows\system32\spoolsv.exe |
"{866E1D7D-E616-4613-BFEE-883430EC82D0}" = rport=138 | protocol=17 | dir=out | app=system |
"{8694D68F-8DB3-4644-BECC-2F4B87910A24}" = lport=443 | protocol=6 | dir=in | app=system |
"{8726C90C-8D80-4047-8942-1901D0D14A5B}" = lport=5357 | protocol=6 | dir=in | app=system |
"{8A0407E5-BB77-4244-A861-75D4AAF3F0DD}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=c:\windows\system32\svchost.exe |
"{8BC875DB-9071-43E5-825C-77BD948315D3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{8C4DFB07-E439-43A3-9801-C0934C68294C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{91D75F82-FBC4-4F63-87F9-4BA4DDDEBB80}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{92085574-46BB-482B-9A07-8CDA79331007}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{920ACDFA-834D-444F-BB9C-01EC1E09A757}" = lport=rpc | protocol=6 | dir=in | svc=* | app=c:\windows\system32\svchost.exe |
"{92A6E1B7-9913-4E85-BEF8-115665E329D4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{940F9928-0CDA-4A5F-8D2E-5D15D0E317AD}" = lport=1701 | protocol=17 | dir=in | app=system |
"{96DFE9A0-A569-4537-BD55-80B233F64610}" = rport=3702 | protocol=17 | dir=out | svc=bits | app=c:\windows\system32\svchost.exe |
"{97508802-4774-4A62-B483-E840AF51ABBC}" = lport=rpc | protocol=6 | dir=in | svc=ktmrm | app=c:\windows\system32\svchost.exe |
"{9970CDC8-0844-4B34-94E1-5016A9F2300E}" = rport=137 | protocol=17 | dir=out | app=system |
"{9B61CBFB-A16C-4892-BF66-E0184C880E2C}" = rport=3702 | protocol=17 | dir=out | svc=bits | app=c:\windows\system32\svchost.exe |
"{9D14FC39-1F89-4397-A503-2C85EA15F001}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{9FA4D073-748E-4DC5-B6A8-E9F141E3DF47}" = rport=5722 | protocol=6 | dir=out | svc=dfsr | app=c:\windows\system32\dfsr.exe |
"{A1151AF3-6227-40AD-8636-8CFD17E80EDF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{A43864DF-A2DC-45EE-9F07-4FABEEFCE2BF}" = lport=7777 | protocol=17 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{A524D414-143E-4FA0-A0F1-E648C7487362}" = rport=1723 | protocol=6 | dir=out | app=system |
"{A7894ECE-1982-4D02-B9BE-4036585F4080}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=file and printer sharing (spooler service - rpc-epmap) |
"{A9B29950-FBE1-4896-8A9A-DE992B013CAD}" = lport=3702 | protocol=17 | dir=in | app=c:\windows\system32\netproj.exe |
"{AA65AAF8-F850-4F60-BC89-84B4F5D965A3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{ABA3EE26-5993-4D47-A216-67698B205068}" = rport=5357 | protocol=6 | dir=out | app=system |
"{ABEDA5C2-A9A0-45B9-9747-BD39F41479AC}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{AE63447E-9558-4F2A-9169-6F13618EEBAD}" = lport=10244 | protocol=6 | dir=in | app=system |
"{AEBD1D63-AF3A-4E7C-821C-7774D1C87CF7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{AF873396-D4DA-45FB-8797-9AD3BB28051E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{B3195293-3669-426C-BF88-8A31121368D2}" = lport=rpc | protocol=6 | dir=in | svc=bits | app=c:\windows\system32\svchost.exe |
"{B63F3268-2FD3-4561-9146-AE0C1AD2CAD1}" = lport=137 | protocol=17 | dir=in | app=system |
"{B6A140CE-FE75-421F-A17B-13E62C218A66}" = lport=138 | protocol=17 | dir=in | app=system |
"{B82237C5-562C-4B66-9F3B-A731E129D3A7}" = lport=1723 | protocol=6 | dir=in | app=system |
"{BE627938-426A-4686-8809-F729700AE0A5}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=c:\windows\system32\svchost.exe |
"{C1DCE0C9-262B-4B10-B0DA-38F777E267BD}" = lport=rpc | protocol=6 | dir=in | app=c:\windows\system32\services.exe |
"{C33C97E5-74DC-4DFF-AF34-BC43A78CB4F2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{C457E08D-108A-4C12-BF68-ED92A50221B0}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=c:\windows\system32\dfsr.exe |
"{C62E9F58-FC23-4960-AA3C-AC0E313E28F2}" = lport=rpc | protocol=6 | dir=in | app=c:\windows\system32\vdsldr.exe |
"{C7B985D8-26C0-4865-99C3-D945B45ED33B}" = lport=80 | protocol=6 | dir=in | name=@wsmres.dll,-50 |
"{C939844E-686B-408E-8507-A123F1904F5E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{CCBBFAAE-35F1-4D9F-B464-D9B2BCF9B875}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{D0AB727A-1C67-4F97-9CFB-ED4FFA68EA12}" = lport=5722 | protocol=6 | dir=in | svc=dfsr | app=c:\windows\system32\dfsr.exe |
"{D1369347-3ABF-470F-B2EE-C151F9FD1D3D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{D1EC96C6-4D7B-48A0-9388-EA5BFDA729C7}" = lport=3540 | protocol=17 | dir=in | svc=pnrpsvc | app=c:\windows\system32\svchost.exe |
"{D307EADA-DC5C-4676-A471-BDE68180BFE1}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=c:\windows\system32\svchost.exe |
"{D52B8BFA-000C-4131-B90F-5BC7FE051850}" = rport=3702 | protocol=17 | dir=out | app=c:\windows\system32\p2phost.exe |
"{DAA6AFA0-096A-4440-AB88-3BBDD3E9CCAB}" = rport=10243 | protocol=6 | dir=out | app=system |
"{DB8AD220-2194-42A7-91CE-74930EFA0DD1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{DDD469A5-1792-46A0-B68B-66638D452F3F}" = rport=2178 | protocol=6 | dir=out | app=system |
"{DE28C6F4-27E9-4643-9100-7CEF8D539A20}" = lport=445 | protocol=6 | dir=in | app=system |
"{E05F3701-EEB3-44B0-B5AB-E9EA1AEF1560}" = lport=rpc | protocol=6 | dir=in | svc=schedule | app=c:\windows\system32\svchost.exe |
"{E08ECD92-3258-4ED3-B87F-9CA2927FF2E6}" = rport=3540 | protocol=17 | dir=out | svc=pnrpsvc | app=c:\windows\system32\svchost.exe |
"{E2D8A87B-78C9-4547-9D2F-8AFB93E2E628}" = lport=rpc | protocol=6 | dir=in | svc=policyagent | app=c:\windows\system32\svchost.exe |
"{E30A32E5-80CF-4DCE-944D-156C5C0A8BBF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{E32A3A64-E58F-49F5-90CE-E1F227CA4935}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{E77CE150-79A6-474F-AA73-A41DBE2FA31C}" = lport=554 | protocol=6 | dir=in | app=c:\windows\ehome\ehshell.exe |
"{EA97A485-D66E-48CA-9D91-76B15C9A4CC6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EB06B960-077B-4809-B8BC-142C0B2B9739}" = lport=1701 | protocol=17 | dir=in | app=system |
"{ECFED67D-8491-4822-A3D9-953181A84B81}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{ED276E46-CEAF-4752-AA3A-F5FC8AC78DC1}" = lport=445 | protocol=6 | dir=in | app=system |
"{EF24DA64-A290-4E20-B265-4183EA834490}" = lport=3587 | protocol=6 | dir=in | svc=p2psvc | app=c:\windows\system32\svchost.exe |
"{F0054FAA-C700-4E80-8E16-8CBA8A191EEB}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{F007A6E6-8B04-49FE-BD5A-D1031F502A09}" = rport=1701 | protocol=17 | dir=out | app=system |
"{F162BC42-97F6-4579-B1CE-AFE08D20DC9D}" = rport=3587 | protocol=6 | dir=out | svc=p2psvc | app=c:\windows\system32\svchost.exe |
"{F44199AE-B3BA-40CC-9256-B4F74DE52791}" = rport=10244 | protocol=6 | dir=out | app=system |
"{F7CCEB74-7BF6-48DE-AAAE-4D19307DF202}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{FC977A80-BD5E-4AD5-A18A-67B009A2C00A}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0792D556-616E-4179-AB61-38525E5586CC}" = protocol=6 | dir=out | app=c:\windows\ehome\mcx2prov.exe |
"{0CC27A1B-DBDA-499C-A651-EE74A553A1FA}" = protocol=17 | dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe |
"{0E11C2F2-BC03-4E66-80E7-F90FC8363952}" = protocol=6 | dir=in | app=c:\windows\system32\plasrv.exe |
"{1115BC63-AF31-4420-BE63-336CC2534B0B}" = protocol=6 | dir=in | svc=winmgmt | app=c:\windows\system32\svchost.exe |
"{212D83C0-28A4-46A2-8199-B5A670AF3870}" = protocol=6 | dir=in | app=c:\windows\system32\wbem\unsecapp.exe |
"{27EAC13E-1092-46EF-86DA-C15CBB1395D7}" = protocol=6 | dir=in | svc=msiscsi | app=c:\windows\system32\svchost.exe |
"{2898424C-D7DB-421C-BA23-D2AB08218D7D}" = protocol=6 | dir=out | app=c:\windows\ehome\ehshell.exe |
"{28FD3A47-DBA4-4D7A-B7ED-04E58A287349}" = protocol=6 | dir=in | app=c:\program files\samu games\artifact\artifact.exe |
"{2A32D61C-F51A-46CC-B653-F3EEDC9961FA}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{30166EA2-E3EE-474C-B213-7F097B3A9D22}" = protocol=17 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\civilization4.exe |
"{32065F30-2485-4746-8D05-7471CDF187AC}" = protocol=6 | dir=out | app=c:\windows\system32\p2phost.exe |
"{342205CB-D7F4-4684-AFA2-6BCEEB6373EB}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{4766E264-6B3A-4B70-83FA-4B80158F314C}" = protocol=17 | dir=in | app=c:\program files\windows collaboration\wincollab.exe |
"{49E63405-0A4A-416B-8829-80F26C90656A}" = protocol=17 | dir=out | app=c:\windows\ehome\ehshell.exe |
"{4E3B4589-ECB2-4531-B33C-5FE2B672D57C}" = protocol=17 | dir=in | app=c:\program files\samu games\artifact\artifact.exe |
"{510572A0-70F5-435A-B5A0-11E8F502DCF7}" = protocol=17 | dir=out | app=c:\program files\windows collaboration\wincollab.exe |
"{5246A1A5-7557-4A2C-B919-C08677EFAA7B}" = protocol=6 | dir=in | app=c:\program files\windows collaboration\wincollab.exe |
"{5344ED00-3DB5-4A75-834E-449DBE5322ED}" = protocol=6 | dir=out | svc=msiscsi | app=c:\windows\system32\svchost.exe |
"{5AAD27DF-654A-4369-ACEB-F0CFA8D6713E}" = protocol=17 | dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe |
"{5B0B2E5C-11A6-4F1E-A018-8E9081FC97A8}" = protocol=6 | dir=out | svc=winmgmt | app=c:\windows\system32\svchost.exe |
"{5F8A6FC5-AA31-46FF-8B74-3D2A001E295A}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{618FDF73-D003-4575-9F90-DD6B13DCD6A3}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{62D83175-8242-408B-908C-678F844B82BD}" = protocol=6 | dir=out | app=system |
"{631D5D16-5A68-462B-AC69-115919A71BDF}" = protocol=6 | dir=in | app=c:\windows\system32\msdtc.exe |
"{63B08A98-16FB-4349-8829-23AB65135FCA}" = protocol=6 | dir=out | app=system |
"{6BF5B53B-609E-4EAC-8CAE-2A4BA6280D1D}" = protocol=6 | dir=out | app=c:\program files\windows collaboration\wincollab.exe |
"{6CFDEC94-C72B-40F6-BB6B-08FBD16AC049}" = protocol=58 | dir=in | name=file and printer sharing (echo request - icmpv6-in) |
"{71241BEC-95DE-4583-9E67-F8BE4A5BF7FC}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{7801AE20-F211-4ACA-B952-2BB93ECCF353}" = protocol=6 | dir=out | app=c:\windows\system32\msra.exe |
"{7EEEA99E-7F52-4435-BBAB-F372B8A3DF65}" = protocol=17 | dir=out | app=c:\windows\ehome\ehshell.exe |
"{83150BB8-74DF-4CD9-A654-B827F1C8C31D}" = protocol=6 | dir=out | app=c:\windows\ehome\ehshell.exe |
"{8387A5CF-F42B-4D24-AE03-66F499FB5EC9}" = protocol=6 | dir=out | app=c:\program files\windows collaboration\wincollab.exe |
"{85C807B3-1859-4FDB-894F-AA1B97ED8FB7}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmpnetwk.exe |
"{87EB96A3-4498-4A0E-9856-63F653E17C0B}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{88C7ACF1-B722-40D1-AC61-D727600D8067}" = protocol=6 | dir=out | app=c:\windows\system32\p2phost.exe |
"{89C00231-1A05-463E-9F71-311F57A871EE}" = protocol=1 | dir=in | name=file and printer sharing (echo request - icmpv4-in) |
"{8CE37B03-49EE-4998-8D91-A0CE778F6DCB}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{8D8820DB-7083-4FCB-AB78-346D7AB67D47}" = protocol=6 | dir=out | svc=mcx2svc | app=c:\windows\system32\svchost.exe |
"{9A1CADDD-B07A-4632-A201-1416F2C03C97}" = protocol=6 | dir=out | app=system |
"{A4BBEA0A-DE47-4406-AD7A-A680756BD14F}" = protocol=17 | dir=out | app=c:\program files\windows collaboration\wincollab.exe |
"{A5304EAA-5E92-4384-A40C-D422C9384BB8}" = protocol=6 | dir=out | app=system |
"{A6E0D660-B6CA-47DE-8382-F2F1B0DFBE63}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{AA310B54-24F0-4667-9ECF-022B11BFF245}" = protocol=6 | dir=in | app=c:\windows\system32\msra.exe |
"{AD2D82C3-42B9-45CE-96E0-AE59A04693C1}" = protocol=6 | dir=out | svc=mcx2svc | app=c:\windows\system32\svchost.exe |
"{B2E96011-C2C9-4BFD-8570-A824B41460E3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B913EBF3-55E2-4D55-B49A-E94B34E9DDB6}" = protocol=17 | dir=in | app=c:\program files\google\update\googleupdate.exe |
"{BCA4F753-8549-415B-9AF9-0D721B8381B7}" = protocol=6 | dir=out | app=c:\windows\system32\msdtc.exe |
"{C60180DF-15EA-409D-93E2-C7FA3E031BAC}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{C639F8DA-2D46-43C0-8B6B-CBC817BDB794}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{CD1929CB-6FDC-45F6-8B0E-B8AB1E6FD243}" = protocol=6 | dir=in | app=c:\windows\system32\p2phost.exe |
"{CD2A5ECD-CB1E-41FC-9A79-EEB844B237BB}" = protocol=6 | dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe |
"{CD8C1334-CF8E-4DCD-9295-0496F191F33F}" = protocol=6 | dir=in | app=c:\program files\windows media player\wmpnetwk.exe |
"{CE07B7A9-19C2-40D0-9891-2107F878407F}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{CF6418F3-7736-4891-B937-39C8A310D138}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmpnetwk.exe |
"{D357D46A-E617-4620-85DD-6AADD3A340EB}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{E3E434DB-6EFE-4A1F-990A-C44DE5441947}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe |
"{E42379CC-A4BF-4756-A581-591080C98B18}" = protocol=6 | dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe |
"{E4BF7111-FDE6-4DD5-BE08-5E403E973EE9}" = protocol=6 | dir=in | app=c:\program files\google\update\googleupdate.exe |
"{E7B73A41-6D14-48EA-AAC8-47D056F98628}" = dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe |
"{EFD2943C-E0C3-4975-AF82-A1173603D069}" = protocol=6 | dir=out | app=c:\windows\system32\netproj.exe |
"{F0590B0E-8DAC-4EA8-A54C-12EF3BAFC78D}" = protocol=58 | dir=out | name=file and printer sharing (echo request - icmpv6-out) |
"{F301CC73-1F46-4937-AF7F-EA0ECC781F2E}" = protocol=1 | dir=out | name=file and printer sharing (echo request - icmpv4-out) |
"{F341A6A2-080A-4689-B732-23E460485792}" = protocol=6 | dir=out | app=c:\windows\ehome\mcx2prov.exe |
"{F345BA95-E6B2-413F-B5F9-6AC381B65119}" = protocol=6 | dir=in | app=c:\windows\system32\p2phost.exe |
"{F48C47FA-0545-41DA-BD76-0E1841A18F68}" = protocol=6 | dir=in | app=c:\program files\windows collaboration\wincollab.exe |
"{F4F8707D-D36D-40F9-B10C-40DFE217CCEE}" = protocol=17 | dir=in | app=c:\program files\windows collaboration\wincollab.exe |
"{FAFE35A0-8D8F-46DE-9539-B5B31F2EC096}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmpnetwk.exe |
"{FBA3D194-80D0-44E4-B56E-2E344D34276D}" = protocol=6 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\civilization4.exe |
"{FC773761-CE5B-4E35-8489-938B026127FE}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{FE3697CC-9390-4D5B-BAF0-89C04A9ECA82}" = protocol=6 | dir=in | app=c:\windows\system32\netproj.exe |
"{FE5082E1-3E51-419A-802B-F123EDC42F26}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"TCP Query User{24104051-BCF0-4139-AFA0-F134D2CD26CB}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{E38045F1-3F2E-42B4-B5BB-CCDF7E8561A8}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{2710A218-42E6-45A9-8560-24DDAE69D5DB}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{DEA4E541-43E4-4560-B20B-53D2D3D68335}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{017FDD1B-A971-4084-B652-584181002812}" = VAIO Content Metadata Intelligent Analyzing Manager
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
"{022DA2C3-81C7-4003-A6BC-1BB147B20097}" = SuppSoft
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series" = Canon MP250 series MP Drivers
"{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}" = VAIO Launcher
"{1B500D37-E7CF-480B-8054-8A563594EC4E}" = VAIO OOBE and Welcome Center
"{1CA941F1-5006-487E-9FD4-09F812A7D6B8}" = Norton 360 Help
"{1CF028E5-705D-4B62-AC1D-A59593B7C0BB}" = Sid Meier's Civilization 4
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{21829177-4DED-4209-AD08-490B3AC9C01A}" = Norton 360
"{230B9098-A165-491F-B499-8F41AA7139F6}" = WorldWinner Games
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting
"{26A24AE4-039D-4CA4-87B4-2F83216020F0}" = Java™ 6 Update 20
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 21
"{28549656-3CB3-44B6-9FAB-925A18DAC796}" = VAIO Movie Story
"{2D617065-1C52-4240-B5BC-C0AE12157777}" = Norton 360
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet
"{3074EB89-1BCA-4AEF-AFF4-EFB4634C1923}" = Norton Confidential Web Authentification Component
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{34B37A74-125E-4406-87BA-E4BD3D097AE5}" = VAIO Survey
"{3B659FAD-E772-44A3-B7E7-560FF084669F}" = VAIO Smart Network
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}" = ccCommon
"{40DA9A54-48CA-4A2C-AEAF-F67715BB046E}" = Norton 360
"{4203C377-8F5B-4B3C-9096-6FC7C2CB9BC5}" = VAIO Content Metadata XML Interface Library
"{4843B611-8FCB-4428-8C23-31D0A5EAE164}" = Norton Confidential Browser Component
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"{4EA55D20-27FB-45D7-8726-147E8A5F6C62}" = VAIO MusicBox
"{500162A0-4DD5-460A-BAFD-895AAE48C532}" = VAIO Media Content Collection 6.0
"{560F6B2E-F0DF-44E5-8190-A4A161F0E205}" = VAIO Media 6.0
"{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}" = VAIO Media Redistribution 6.0
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic
"{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{6332AFF1-9D9A-429C-AA03-F82749FA4F49}" = SonicStage Mastering Studio
"{63A6E9A9-A190-46D4-9430-2DB28654AFD8}" = Norton 360
"{66E62FB3-D34C-4840-A2B6-44E68BEF3709}" = Symantec Real Time Storage Protection Component
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{6815FCDD-401D-481E-BA88-31B4754C2B46}" = Macromedia Flash Player 8
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc
"{69351E9E-23ED-41D5-B146-EDBF83C63B66}" = VAIO Content Metadata Manager Setting
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{785EB1D4-ECEC-4195-99B4-73C47E187721}" = VAIO Media Integrated Server 6.2
"{802889F8-6AF5-45A5-9764-CA5B999E50FC}" = VAIO Power Management
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{8ECB8220-F419-4BEB-9596-97033C533702}" = QuickBooks Simple Start 2008
"{92B1B3CC-EC78-45B8-96D0-8B3F11495864}" = Symantec Technical Support Controls
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{98D451C4-4ACA-4273-BB47-57CFE46B048E}" = WD SmartWare
"{98FC7A64-774B-49B5-B046-4B4EBC053FA9}" = VAIO MusicBox Sample Music
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C1C8A04-F8CA-4472-A92D-4288CE32DE86}" = SonicStage Mastering Studio Plugins
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA346790-8BF2-4826-9E30-18E9BB547663}" = VAIO Content Metadata Manager Setting
"{ABF29EC7-47C1-4C63-8FE7-3824FD66F357}" = VAIO Content Metadata Intelligent Analyzing Manager
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 6.0
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story
"{B5E2DF30-1061-4DB4-AF28-08996C8E5680}" = VAIO Content Metadata XML Interface Library
"{B7FB0C86-41A4-4402-9A33-912C462042A0}" = Roxio Easy Media Creator Home
"{BABC878D-BB64-4688-9A88-1D9E88F339A9}" = VAIO Productivity Center
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{BCED773C-99EE-48DD-8915-25733F69F0A8}" = VAIO PC Wireless LAN Wizard
"{C11B0B31-C101-4B56-8BA8-F5113022EF2B}" = VAIO Content Metadata Intelligent Analyzing Manager
"{C299F969-AE3D-4679-ADF5-682A186CE62E}" = VAIO Center Access Bar
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFED0AE3-6D93-4745-B8A0-F3410B493CC4}" = VAIO Security Center
"{D353CC51-430D-4C6F-9B7E-52003DA1E05A}" = Norton Confidential Web Protection Component
"{D36E4755-83B9-4B10-BE51-0AC5B9F43C1F}" = VAIO Media
"{D47FE987-EA3D-424B-9886-B752501D7CE7}" = VAIO Help and Support
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{D6651810-8439-4F25-BACC-5FB66D4B1A63}" = VAIO Media Registration Tool
"{D937DD80-3928-4617-876F-538A25AECB17}" = LocationFree Player
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DF7DB916-90E5-40F2-9010-B8125EB5FD6F}" = SonicStage Mastering Studio Audio Filter
"{DFD0E9A9-F24A-492B-8975-8C938E32408F}" = VAIO Startup Assistant
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E66BB7B9-EC7B-45A6-B479-AD43A9B32AA0}" = SonicStage Mastering Studio
"{E74F7423-77CB-4F6A-A44D-604E1010FE50}" = VAIO Entertainment Center
"{EC37A846-53AC-4DA7-98FA-76A4E74AA900}" = SonicStage Mastering Studio Audio Filter Custom Preset
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4DB525F-A986-4249-B98B-42A8066251CA}" = AV
"{F5397A82-641F-4643-8200-51D7F0016511}" = Click to Disc
"{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" =
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AnalogX Vocal Remover (WinAmp)" = AnalogX Vocal Remover (WinAmp)
"Artifact_is1" = Artifact 2
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Belkin Setup and Router Monitor_is1" = Belkin Setup and Router Monitor
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"Crackle Screen Saver_is1" = Crackle Screen Saver 1.0
"Daniusoft MP3 WAV Converter_is1" = Daniusoft MP3 WAV Converter(Build 2.3.1.0)
"Debut" = Debut Video Capture Software
"DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5_is1" = DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.0.6.0
"HDMI" = Intel® Graphics Media Accelerator Driver
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"ManyCam" = ManyCam 2.6.30 (remove only)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-15-19-01
"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
"Revo Uninstaller" = Revo Uninstaller 1.89
"screensavers_foghorn-leghorn_01_pc" = screensavers_foghorn-leghorn_01_pc
"SymSetup.{2D617065-1C52-4240-B5BC-C0AE12157777}" = Norton 360 (Symantec Corporation)
"uTorrent" = µTorrent
"VAIO Service Utility" = VAIO Service Utility
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/12/2011 1:53:01 AM | Computer Name = Jason-Lap | Source = Google Update | ID = 20
Description =

Error - 1/12/2011 2:00:32 AM | Computer Name = Jason-Lap | Source = Google Update | ID = 20
Description =

Error - 1/12/2011 2:47:25 AM | Computer Name = Jason-Lap | Source = Google Update | ID = 20
Description =

Error - 1/12/2011 2:48:14 AM | Computer Name = Jason-Lap | Source = Google Update | ID = 20
Description =

Error - 1/12/2011 2:53:03 AM | Computer Name = Jason-Lap | Source = Google Update | ID = 20
Description =

Error - 1/12/2011 3:00:32 AM | Computer Name = Jason-Lap | Source = Google Update | ID = 20
Description =

Error - 1/12/2011 3:47:25 AM | Computer Name = Jason-Lap | Source = Google Update | ID = 20
Description =

Error - 1/12/2011 3:48:14 AM | Computer Name = Jason-Lap | Source = Google Update | ID = 20
Description =

Error - 1/12/2011 3:53:01 AM | Computer Name = Jason-Lap | Source = Google Update | ID = 20
Description =

Error - 1/12/2011 4:00:32 AM | Computer Name = Jason-Lap | Source = Google Update | ID = 20
Description =


========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >






RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6002 (Service Pack 2)
Number of processors #2
==============================================
>Drivers
==============================================
0x8BC02000 C:\Windows\system32\DRIVERS\igdkmd32.sys 6307840 bytes (Intel Corporation, Intel Graphics Kernel Mode Driver)
0x81E33000 C:\Windows\system32\ntkrnlpa.exe 3903488 bytes (Microsoft Corporation, NT Kernel & System)
0x81E33000 PnpManager 3903488 bytes
0x81E33000 RAW 3903488 bytes
0x81E33000 WMIxWDM 3903488 bytes
0x94CE0000 Win32k 2109440 bytes
0x94CE0000 C:\Windows\System32\win32k.sys 2109440 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x8CC04000 C:\Windows\system32\drivers\RTKVHDA.sys 1835008 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver)
0x88004000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NT File System Driver)
0x8280E000 C:\Windows\SYSTEM32\Drivers\NDIS.SYS 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x8CAF3000 C:\Windows\system32\DRIVERS\HSX_DPV.sys 1060864 bytes (Conexant Systems, Inc., HSF_DP driver)
0x87E0B000 C:\Windows\System32\drivers\tcpip.sys 958464 bytes (Microsoft Corporation, TCP/IP Driver)
0x804D3000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0xABC00000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x8C4E4000 C:\Windows\system32\drivers\ti21sony.sys 835584 bytes (Texas Instruments, ti21sony.sys)
0x8C403000 C:\Windows\system32\DRIVERS\athr.sys 798720 bytes (Atheros Communications, Inc., Atheros Extensible Wireless LAN device driver)
0x87F10000 C:\Windows\System32\Drivers\dump_iaStor.sys 778240 bytes
0x82A02000 C:\Windows\system32\DRIVERS\iaStor.sys 778240 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
0x8D000000 C:\Windows\system32\DRIVERS\HSX_CNXT.sys 737280 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xA8A51000 C:\Windows\system32\drivers\spsys.sys 720896 bytes (Microsoft Corporation, security processor)
0x8C206000 C:\Windows\System32\drivers\dxgkrnl.sys 659456 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8C30B000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x80608000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0x82B53000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x80409000 C:\Windows\system32\mcupdate_GenuineIntel.dll 458752 bytes (Microsoft Corporation, Intel Microcode Update Library)
0xA8B37000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x8D315000 C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 385024 bytes (Symantec Corporation, Symantec Eraser Control Driver)
0xAA6BC000 C:\Windows\System32\DRIVERS\srv.sys 319488 bytes (Microsoft Corporation, Server driver)
0x8D2CB000 C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20100513.001\IDSvix86.sys 303104 bytes (Symantec Corporation, IDS Core Driver)
0x82940000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x8D1B4000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x80691000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
0x80492000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x807BD000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x8C398000 C:\Windows\system32\DRIVERS\yk60x86.sys 258048 bytes (Marvell, NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller)
0x8C2BE000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8CAB6000 C:\Windows\system32\DRIVERS\HSXHWAZL.sys 249856 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver)
0x8D285000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x80782000 C:\Windows\SYSTEM32\Drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem)
0xAA643000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x88114000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x8CA4B000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x81E00000 ACPI_HAL 208896 bytes
0x81E00000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x82AE6000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x8D20C000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x87FCE000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x8D14D000 C:\Windows\System32\Drivers\SYMTDI.SYS 188416 bytes (Symantec Corporation, Network Dispatch Driver)
0x8298A000 C:\Windows\system32\DRIVERS\pcmcia.sys 184320 bytes (Microsoft Corporation, PCMCIA Bus Driver)
0x8CDC4000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x80757000 C:\Windows\SYSTEM32\Drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x8CA0A000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0xA8A02000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x8C3D7000 C:\Windows\system32\DRIVERS\Apfiltr.sys 167936 bytes (Alps Electric Co., Ltd., Alps Touch Pad Driver)
0xAA694000 C:\Windows\System32\DRIVERS\srv2.sys 163840 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x88164000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x806E8000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x80730000 C:\Windows\SYSTEM32\Drivers\SSIDRV.SYS 159744 bytes (Webroot Software Inc (www.webroot.com), Spy Sweeper Interdiction Driver)
0x8D38B000 C:\Windows\system32\DRIVERS\avipbb.sys 155648 bytes (Avira GmbH, Avira Driver for Security Enhancement)
0x8CA91000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x8D17B000 C:\Windows\system32\Drivers\SYMEVENT.SYS 151552 bytes (Symantec Corporation, Symantec Event Library)
0x82BDB000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xA8B0C000 C:\Windows\System32\Drivers\SYMFW.SYS 139264 bytes (Symantec Corporation, Firewall Filter Driver)
0x8819C000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0xAA603000 C:\Windows\system32\drivers\mrxdav.sys 135168 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x8D0E4000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0xAA624000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x82AC8000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0xA8BA4000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x87EF5000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x8D3D7000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0xA8BC1000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x8C5E8000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xAA67C000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x8D374000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x82BC4000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xABD25000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x8D23E000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x8D137000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0x805D8000 C:\Windows\system32\DRIVERS\avgntflt.sys 86016 bytes (Avira GmbH, Avira Minifilter Driver)
0xA8BDA000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x805B3000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0xABCF6000 C:\Windows\system32\DRIVERS\WUDFRd.sys 86016 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Reflector)
0x829EB000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x8D1A0000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x8C5B3000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)
0xA8A36000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8D262000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xABD0B000 C:\Windows\system32\DRIVERS\WUDFPf.sys 73728 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x8818B000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x8CA80000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x80479000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x82B39000 C:\Windows\system32\drivers\TfFsMon.sys 69632 bytes (PC Tools, ThreatFire Filesystem Monitor)
0x82B28000 C:\Windows\system32\drivers\TfSysMon.sys 69632 bytes (PC Tools, ThreatFire System Monitor)
0x82B18000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x805ED000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x829CC000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x8C4C6000 C:\Windows\system32\DRIVERS\ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0x805C8000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x881E7000 C:\Windows\system32\DRIVERS\intelppm.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)
0x8D3C8000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x88155000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x8070F000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x829DC000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8C2FC000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x82931000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x8C4D6000 C:\Windows\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0x94F20000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x8D254000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8D120000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x829BE000 C:\Windows\system32\DRIVERS\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x8D3B1000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x8D0B4000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x8CA3E000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x80684000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0x82800000 C:\Windows\System32\Drivers\pcouffin.sys 49152 bytes (VSO Software, low level access layer for CD/DVD/BD devices)
0x8C5C6000 C:\Windows\System32\Drivers\sskbfd.sys 49152 bytes (Webroot Software Inc (www.webroot.com), Spy Sweeper Keyboard Filter Driver)
0xABCEA000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x8D0D8000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8C2A7000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver)
0x8C5D2000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x8C5DD000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x8D115000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x87E00000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xA8B01000 C:\Windows\System32\Drivers\SYMNDISV.SYS 45056 bytes (Symantec Corporation, NDIS Filter Driver)
0x82919000 C:\Windows\SYSTEM32\Drivers\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x881D3000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8C2B3000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x82927000 C:\Windows\system32\DRIVERS\BATTC.SYS 40960 bytes (Microsoft Corporation, Battery Class Driver)
0x8D3BE000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x8CA34000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0xA8A2C000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x8D2C1000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0xABCE0000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x8D27B000 C:\Windows\System32\Drivers\SRTSPX.SYS 40960 bytes (Symantec Corporation, Symantec AutoProtect)
0x881BD000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x8D0C1000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0xABD3B000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x82B4A000 C:\Windows\System32\Drivers\PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0x8D12E000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x80727000 C:\Windows\SYSTEM32\Drivers\SSFS0509.SYS 36864 bytes (Webroot Software Inc (www.webroot.com), Spy Sweeper FileSystem Filter Driver)
0x8071E000 C:\Windows\SYSTEM32\Drivers\SSHRMD.SYS 36864 bytes (Webroot Software Inc (www.webroot.com), Spy Sweeper Mini Driver)
0xA8B2E000 C:\Windows\System32\Drivers\SYMIDS.SYS 36864 bytes (Symantec Corporation, IDS Filter Driver)
0x94F00000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x881DE000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x806D7000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x82AC0000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x8048A000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x806E0000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8D105000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8D10D000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8814D000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0xABD1D000 C:\Windows\system32\DRIVERS\xaudio.sys 32768 bytes (Conexant Systems, Inc., Modem Audio Device Driver)
0x8D0D1000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x80402000 C:\Windows\system32\kdcom.dll 28672 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x8D0CA000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x829B7000 C:\Windows\system32\DRIVERS\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x8D275000 C:\Windows\system32\DRIVERS\ssmdrv.sys 24576 bytes (Avira GmbH, AVIRA SnapShot Driver)
0xA8A49000 C:\Windows\System32\Drivers\SYMREDRV.SYS 24576 bytes (Symantec Corporation, Redirector Filter Driver)
0x881F6000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xAA722000 C:\Windows\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
0x82924000 C:\Windows\system32\DRIVERS\compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0x8C400000 C:\Windows\System32\Drivers\GEARAspiWDM.sys 12288 bytes (GEAR Software Inc., CD DVD Filter)
0x8C5B0000 C:\Windows\system32\DRIVERS\SFEP.sys 12288 bytes (Sony Corporation, Sony Firmware Extension Parser driver)
0xABCDE000 C:\Windows\system32\drivers\regi.sys 8192 bytes (InterVideo, regi driver)
0x8BC00000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xA8A4F000 C:\Windows\System32\Drivers\SYMDNS.SYS 8192 bytes (Symantec Corporation, DNS Filter Driver)
0x8D373000 C:\Windows\system32\DRIVERS\DMICall.sys 4096 bytes (Sony Corporation, Windows 2000 DMI Call Kernel Driver)
==============================================
>Stealth
==============================================
0x00B80000 Hidden Image-->WDFMEIPC.dll [ EPROCESS 0x85F3D718 ] PID: 2720, 110592 bytes
0x00B90000 Hidden Image-->WDFMEIPC.dll [ EPROCESS 0x85F1ED90 ] PID: 2832, 110592 bytes
0x01120000 Hidden Image-->msvcm90.dll [ EPROCESS 0x85F3D718 ] PID: 2720, 270336 bytes
0x012E0000 Hidden Image-->msvcm90.dll [ EPROCESS 0x85F3D718 ] PID: 2720, 270336 bytes
0x00BD0000 Hidden Image-->msvcm90.dll [ EPROCESS 0x85F1ED90 ] PID: 2832, 270336 bytes
0x009C0000 Hidden Image-->CFScan.dll [ EPROCESS 0x85E99650 ] PID: 2416, 45056 bytes
0x04BB0000 Hidden Image-->System.Data.SQLite.dll [ EPROCESS 0x85F3D718 ] PID: 2720, 905216 bytes






ComboFix 10-10-23.01 - RAC 10/24/2010 1:20.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.953 [GMT -5:00]
Running from: c:\users\RAC\Desktop\ComboFix.exe
AV: Norton 360 *On-access scanning enabled* (Updated) {A5F1BC7C-EA33-4247-961C-0217208396C4}
FW: Norton 360 *enabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}
SP: Norton 360 *enabled* (Updated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
SP: Spy Sweeper *enabled* (Updated) {68A41C74-A1E9-48F8-B2E5-D8232211AB6D}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\RAC\AppData\Roaming\inst.exe

.
((((((((((((((((((((((((( Files Created from 2010-09-24 to 2010-10-24 )))))))))))))))))))))))))))))))
.

2010-10-24 06:26 . 2010-10-24 06:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-22 23:42 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CF97C7B9-D37D-4ED0-88AC-EC8A3A3B530D}\mpengine.dll
2010-10-14 09:24 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-14 09:24 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2010-10-14 09:18 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-14 09:18 . 2010-09-06 13:45 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-14 09:18 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll
2010-10-14 09:18 . 2010-09-06 13:45 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-14 09:18 . 2010-09-06 13:45 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-14 09:17 . 2010-08-10 15:53 274944 ----a-w- c:\windows\system32\schannel.dll
2010-10-14 09:17 . 2010-06-28 17:00 1316864 ----a-w- c:\windows\system32\ole32.dll
2010-10-14 09:17 . 2010-06-28 14:54 339968 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2010-10-14 09:17 . 2010-08-26 16:37 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-10-14 09:16 . 2010-08-31 15:46 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-10-14 09:16 . 2010-08-31 15:46 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-10-14 09:15 . 2010-08-31 13:27 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-10-14 09:15 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll
2010-10-14 09:15 . 2010-08-20 16:05 867328 ----a-w- c:\windows\system32\wmpmde.dll
2010-10-14 09:14 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-10-14 09:14 . 2010-09-08 17:07 834048 ----a-w- c:\windows\system32\wininet.dll
2010-10-14 09:14 . 2010-09-08 15:23 389632 ----a-w- c:\windows\system32\html.iec
2010-10-14 09:14 . 2010-09-08 17:23 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-10-12 08:20 . 2010-10-12 08:20 -------- d-----w- c:\program files\Windows Portable Devices
2010-10-12 08:04 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2010-10-12 08:04 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2010-10-12 08:04 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2010-10-12 08:02 . 2009-10-01 01:02 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2010-10-12 08:02 . 2009-10-01 01:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2010-10-12 08:02 . 2009-10-01 01:01 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2010-10-12 08:02 . 2009-10-01 01:02 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2010-10-12 08:02 . 2009-10-01 01:01 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2010-10-12 08:02 . 2009-10-01 01:01 350208 ----a-w- c:\windows\system32\WPDSp.dll
2010-10-12 08:02 . 2009-10-01 01:01 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2010-10-12 08:02 . 2009-10-01 01:01 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2010-10-12 08:01 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-10-12 08:01 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-10-12 08:01 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-10-11 22:35 . 2010-10-11 22:35 -------- d-----w- c:\users\RAC\AppData\Local\Microsoft Help
2010-10-11 22:04 . 2010-10-11 22:04 -------- d-----w- c:\windows\system32\ca-ES
2010-10-11 22:04 . 2010-10-11 22:04 -------- d-----w- c:\windows\system32\eu-ES
2010-10-11 22:04 . 2010-10-11 22:04 -------- d-----w- c:\windows\system32\vi-VN
2010-10-11 21:44 . 2010-10-11 21:44 -------- d-----w- c:\windows\system32\EventProviders
2010-10-02 00:42 . 2010-10-02 00:42 -------- d-----w- c:\users\RAC\AppData\Roaming\Roxio
2010-10-02 00:42 . 2010-10-02 00:42 -------- d-----w- c:\programdata\Roxio
2010-10-02 00:29 . 2010-10-02 00:29 -------- d-----w- c:\windows\system32\screensavers_foghorn-leghorn_01_pc dir
2010-10-02 00:29 . 2010-10-02 00:29 201728 ----a-w- c:\windows\system32\screensavers_foghorn-leghorn_01_pc.scr
2010-10-02 00:29 . 2010-10-02 00:29 45056 ----a-r- c:\users\RAC\AppData\Roaming\Microsoft\Installer\{6815FCDD-401D-481E-BA88-31B4754C2B46}\ARPPRODUCTICON.exe
2010-09-30 17:00 . 2010-08-17 10:52 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2010-09-30 17:00 . 2010-04-16 16:46 502272 ----a-w- c:\windows\system32\usp10.dll
2010-09-30 16:57 . 2010-08-17 14:11 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-30 16:57 . 2010-04-05 17:02 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-30 16:56 . 2010-06-22 13:30 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-30 16:56 . 2010-05-27 20:08 739328 ----a-w- c:\windows\system32\inetcomm.dll
2010-09-30 16:41 . 2010-09-30 16:41 -------- d-----w- c:\programdata\WindowsSearch

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 16:41 . 2010-05-26 01:36 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-08-26 02:10 . 2010-08-26 02:10 423656 ----a-w- c:\windows\system32\deployJava1.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AOLOverlayIcon]
@="{AB0C8BE3-041C-47d6-8195-E089D32B38DD}"
[HKEY_CLASSES_ROOT\CLSID\{AB0C8BE3-041C-47d6-8195-E089D32B38DD}]
2007-10-05 17:54 303104 ------w- c:\ddi\OverIcon.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2008-01-16 253952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2007-09-01 4669440]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-06-08 118784]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-19 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-19 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-19 137752]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-09-19 311296]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"VAIO Center Access Bar"="c:\program files\sony\VAIO Center Access Bar\VCAB.exe" [2007-09-06 53248]
"VAIO Help and Support Demo"="c:\program files\Sony\VAIO Help and Support Demo\LaunchVHSD.exe" [2007-08-28 290816]
"VWLASU"="c:\program files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe" [2007-10-13 45056]
"VAIORegistration"="c:\program files\Sony\First Experience\WelcomeLauncher.exe" [2007-10-17 20480]
"VAIOSurvey"="c:\program files\Sony\VAIO Survey\Vista VAIO Survey.exe" [2007-07-20 577536]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 115816]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-04-12 1135912]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Skytel"="Skytel.exe" [2007-09-01 1826816]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-08-15 04:05 98304 ----a-w- c:\windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools Security\BDT\BDTUpdateService.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-08-26 136176]
R2 ThreatFire;ThreatFire;c:\program files\ThreatFire\TFService.exe service [x]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2009-07-25 30560]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2010-01-14 33552]
R3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-01-10 745472]
R3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-08-09 397312]
R3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-08-09 1089536]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2007-09-21 79136]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2010-01-14 51984]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2010-01-14 59664]
S1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20100513.001\IDSvix86.sys [2010-04-29 286768]
S2 NSUService;NSUService;c:\program files\Sony\Network Utility\NSUService.exe [2008-01-16 204800]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
S2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2007-09-29 292128]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2007-08-29 9344]
S3 SYMNDISV;SYMNDISV;c:\windows\System32\Drivers\SYMNDISV.SYS [2007-01-09 38200]
S3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-06-05 812544]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-10-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-26 03:41]

2010-10-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-26 03:41]

2010-10-23 c:\windows\Tasks\wrSpySweeper_L63055948BB8F4F059A86ADBF454461EF.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2010-04-20 23:29]

2010-10-23 c:\windows\Tasks\wrSpySweeper_L63055948BB8F4F059A86ADBF454461EF.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2010-04-20 23:29]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.sony.com/vaiopeople
TCP: {7FA4822C-538A-49EB-92B7-2F28F29C0188} = 192.168.2.1,97.64.187.150
FF - ProfilePath - c:\users\RAC\AppData\Roaming\Mozilla\Firefox\Profiles\eb2rxdkm.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://www.search-results.com/web?o=15868&l=dis&prt=PRT&chn=UN&geo=US&ver=UN&q=
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\users\RAC\AppData\Roaming\Mozilla\Firefox\Profiles\eb2rxdkm.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-WebrootSpySweeperService
AddRemove-{A63E7492-A0BC-4BB9-89A7-352965222380} - c:\program files\InstallShield Installation Information\{A63E7492-A0BC-4BB9-89A7-352965222380}\setup.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-24 01:27
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ThreatFire]
"AlternateImagePath"=""
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-10-24 01:28:40
ComboFix-quarantined-files.txt 2010-10-24 06:28

Pre-Run: 105,413,324,800 bytes free
Post-Run: 109,641,150,464 bytes free

- - End Of File - - 516939FCA847238CD7F6F707523771CC

#4 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:09:10 PM

Posted 20 January 2011 - 12:43 AM

Hi,

Please update your version of Malwarebytes and run a quick scan, post back with the content of the logfile.



Please download TFC by Old Timer and save it to your desktop.
alternate download link
  • Save any unsaved work. TFC will close ALL open programs including your browser!
  • Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.
  • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.
TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder. It also cleans out the %systemroot%\temp folder and checks for .tmp files in the %systemdrive% root folder, %systemroot%, and the system32 folder (both 32bit and 64bit on 64bit OSs). It shows the amount removed for each location found (in bytes) and the total removed (in MB). Before running, it will stop Explorer and all other running apps. When finished, if a reboot is required the user must reboot to finish clearing any in-use temp files.

TFC only cleans temp folders. TFC will not clean URL history, prefetch, or cookies. Depending on how often someone cleans their temp folders, their system hardware, and how many accounts are present, it can take anywhere from a few seconds to a minute or more. TFC will completely clear all temp files where other temp file cleaners may fail. TFC requires a reboot immediately after running. Be sure to save any unsaved work before running TFC.






Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#5 brattonm_2006

brattonm_2006
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sullivan, IL, USA
  • Local time:02:10 PM

Posted 20 January 2011 - 10:07 AM

Well, I attempted to Update Malwarebytes and it gave me the error message it has been lately:

PROGRAM_ERROR_UPDATING (12029,0,WinHttpSendRequest)

I have uninstalled and reinstalled Malwarebytes several times on this laptop to no update.

As you can see from my first post I am familiar with Combofix and did a scan with it. It did
remove a couple viruses and some other files, but it has made no difference to the laptop's
attitude towards the internet at all. This is why it's my theory it is not a virus problem as
much as an issue with the internet on the laptop. This laptop does not have a recovery drive
nor did we do recovery discs when we first got the laptop. Which we are now seeing as a mistake.
We do have a removable hard drive to back up all the files on this laptop if we have to something
as big as putting the operating system back on here.

I ran the TFO scanner. It did remove all the temporary files on the laptop. That hasn't made a
difference after the reboot to the internet on the laptop. I use Ccleaner frequently on the
laptop which basically does the same thing, right?

This laptop cannot access Internet Explorer to use the ESET scanner, so I couldn't do that part.
When I diagnose the internet connection coming up broken... it runs for awhile and says there is
no issue to the laptop's internet. Go figure?

I hope this helps helping us out figuring out why we can't access the internet to use programs on
the laptop.

Thanks,

Mark

#6 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:09:10 PM

Posted 20 January 2011 - 10:59 AM

Hi,

The internet is still working fine with Firefox?
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#7 brattonm_2006

brattonm_2006
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sullivan, IL, USA
  • Local time:02:10 PM

Posted 21 January 2011 - 01:47 AM

Yep. The internet works fine with Mozilla Firefox. But does not work with Internet Explorer or Google Chrome. My best friend's husband is a computer programmer and works for a school district. He's had a look at the PC and couldn't figure it out. At least without having it for like a week to tinker with it.

#8 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:09:10 PM

Posted 21 January 2011 - 11:59 AM

Please go here

http://support.microsoft.com/kb/331796/en-us

and follow the instructions to try a clean boot. Let me know if this helps. Also please do this:


Please visit the links HERE and HERE first to read about this new Microsoft tool!

Then you can download and use: Posted Image Microsoft Fix it Center Online
Microsoft Fix it Center Client contains troubleshooters that help detect issues on target PCs and solve them on demand or proactively before you even know they exist!
It finds and fixes many common PC and device problems automatically. It also helps prevent new problems by proactively checking for known issues and installing updates. Fix it Center helps to consolidate the many steps of diagnosing and repairing a problem into an automated tool that does the work for you.

Microsoft Fix it Center makes getting support easier than ever, with tools that help solve the issues you have now and prevent new ones.
  • Easy to Install and Run: Easy-to-use wizards will guide you through the set-up process and help you anytime you need support.
  • Automated: With automated troubleshooters, Fix it Center helps solve issues with your PC, even if you're not sure what the exact problem is. Fix It Center scans your device to diagnose and repair problems, then gives you the option to "Find and fix" or to "Find and report.
  • Preventive Care: By helping you find and fix issues before they become real problems, Fix it Center helps keep your PC running smoothly and automatically downloading the latest solutions.
Let me know after you had run all the troubleshooters on your pc if it corrected your problem.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#9 brattonm_2006

brattonm_2006
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sullivan, IL, USA
  • Local time:02:10 PM

Posted 23 January 2011 - 05:04 PM

I tried the clean boot and followed the instructions and did it carefully. However, our Belkin router uses a program on all our PC's in order to use the internet. Well, take the program away. It was impossible to see if Internet Explorer had internet or not. So, that didn't work and I restored the boot the default programs.

I've had issues installing Fix It being that it takes the internet to download the parts to install it. *Sigh* Then it was telling me it was runtime error to let it install. That worried me. I Googled this weekend to find more information about if that was the case to limited answers. I found on Google where one can manually install it. I would install it and restart and no Fix It to be found. Fix It looks like a great program. And I really want to use it on the laptop, but it just won't let me. Tomorrow (Monday), I'm planning on my free time calling Sony and seeing if we could for free or at a cheap price get the Windows Vista operating system CD from them. I think that might be the solution. I might have to have my best friend's husband who is the computer programmer just take Windows Vista off of the laptop and reinstall it. If the problem would continue then I'd say it's hardware issue. Where then we'd be SOL because we'd just have to buy parts for the laptop and replace them. Which I guess could be OK if it was affordable enough.

Well, thanks for your continued help. Hope there's more advice or other options we could continue to try.

Thanks again,

Mark

Edited by brattonm_2006, 23 January 2011 - 05:05 PM.


#10 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:09:10 PM

Posted 24 January 2011 - 11:38 AM

Hi,

I can't believe that this will be hardware related. Because Firefox is working.

Please do me a favour and go to start > all programs > accessories > system programs

there you will find "Internet Explorer without Addons". Please run this and have a look if you can access the internet.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#11 brattonm_2006

brattonm_2006
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sullivan, IL, USA
  • Local time:02:10 PM

Posted 26 January 2011 - 11:37 AM

Nope. Running IE without add-ons did not work.

#12 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:09:10 PM

Posted 26 January 2011 - 12:35 PM

Hi,

I will ask some others from the team to have a look too, maybe one of them has another idea. Stay tuned :).
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#13 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:09:10 PM

Posted 27 January 2011 - 12:30 PM

Hi again.

Please try the following. Disable the Norton Firewall and try IE and Chrome again. Best would be to completely uninstall Norton and reboot. Then try the browsers please :).
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#14 brattonm_2006

brattonm_2006
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sullivan, IL, USA
  • Local time:02:10 PM

Posted 01 February 2011 - 01:34 AM

I don't use Norton on my computer. I've tried disabling Windows Firewall... But IE, Chrome, and other applications that use the web still cannot access the web to either play a game or install a program.

#15 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:09:10 PM

Posted 01 February 2011 - 03:46 PM

There are signs from Norton in the logfiles.

http://us.norton.com/support/kb/web_view.jsp?wv_type=public_web&docurl=20080710133834EN&ln=en_US

PLease follow the steps in the link above.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users