Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot remove Rootkit boot.sst.b.


  • Please log in to reply
20 replies to this topic

#1 HiRez

HiRez

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:08 AM

Posted 14 September 2012 - 06:21 PM

Hello all:

First off, I would like to thank you for taking the time to read this.

Anyway, my laptop was recently hit with a plephora of malware, notably Security Shield, File recovery, and vista antivirus. They installed themselves automatically. Plus now I was also dealing with Google redirects, and phantom audio (when nothing was oped). Not only that, but my security center was disabled, as was Windows firewall, and windows defender (disabled as in their services were not only off, but missing). Windows update also is missing as well. System restore also did not work.

I am using Windows Vista, SP2.

So, before I signed on to this forum, I did what I could with what I already knew to do. I used:
Spybot Search and Destroy
MBAM
Symantec End Point Protection
MS Security Essentials (though while this worked in the beginning, being tied to security center, it is rendered useless.
Superantispyware
hitmanpro

Between all of these, I was able to do some cleanup. However, there was still a process that was causing malware replication. I seemed to have gotten rid of vista antivirus and file recovery, but it seems that security shield keeps self installing if my pc is connected to the internet. And I still have the problem with Google redirect and the phantom sound (which sounds like ads or some sort of video).

I tried using TDSSKiller, but it was being blocked. I was able to find online a version of TDSSKiller that would be undetected by the malicious process. It ran, and gave me the following threat:
Rootkit.boot.SST.b.
Physical Drive: \Device\Harddisk0\DR0

It was not able to cure it, and gave the prompt to 'write standard boot code'. However, after I click that option (and the prompt to reboot), upon reboot, the rootkit is still there. I have net access with the infected pc, but turn it off to avoid future malware self installs.

As for my security center issue, it seemed likely that the rootkit screwed with my registry to remove the services. I was able to find online fixes to my missing registry items, and so far, it seems that I was able to regain windows defender and firewall. I am still having trouble with windows update and system restore.

I ran sfc, and it came back to me with corrupt files that it was unable to fix.

As I did not want to mess with my computer any more and am not knowledgeable enough to properly use programs such as Combofix and HijackThis, I come here to ask for help to finally rid me of this annoyance which has plagued my computer for the past week. I guess I have a two part problem, to get rid of the rootkit and second, to make sure that all the windows components that were deleted/disabled are fully restored.
I appreciate any help you can give me and thank you for your time in doing so.

Edited by HiRez, 14 September 2012 - 06:27 PM.


BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:08 AM

Posted 14 September 2012 - 06:27 PM

Download Listparts from here

For 32 bit

List parts 32

For 64 bit

List parts 64

Launch it,click on SCAN,post the log

#3 HiRez

HiRez
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:08 AM

Posted 14 September 2012 - 07:13 PM

Here is the log:

ListParts by Farbar Version: 14-09-2012
Ran by NA (administrator) on 14-09-2012 at 19:39:05
Windows Vista (X86)
Running From: C:\Users\NA\Downloads
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 47%
Total physical RAM: 2549.69 MB
Available physical RAM: 1345.95 MB
Total Pagefile: 5316.16 MB
Available Pagefile: 4124.07 MB
Total Virtual: 2047.88 MB
Available Virtual: 1959.45 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:141.61 GB) (Free:17.39 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 149 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 7621 MB 1024 KB
Partition 2 Primary 142 GB 7622 MB
Partition 3 Primary 1016 KB 149 GB

======================================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

There is no volume associated with this partition.

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 142 GB Healthy System (partition with boot components)

======================================================================================================

Disk: 0
Partition 3
Type : 17 (Suspicious Type)
Hidden: Yes
Active: Yes

There is no volume associated with this partition.

======================================================================================================

****** End Of Log ******

#4 HiRez

HiRez
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:08 AM

Posted 14 September 2012 - 08:53 PM

TDSS Killer doesnt find anything.

Here is the listparts log

ListParts by Farbar Version: 14-09-2012
Ran by NA (administrator) on 14-09-2012 at 21:44:12
Windows Vista (X86)
Running From: C:\Users\NA\Downloads
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 48%
Total physical RAM: 2549.69 MB
Available physical RAM: 1306.06 MB
Total Pagefile: 5316.17 MB
Available Pagefile: 4086.8 MB
Total Virtual: 2047.88 MB
Available Virtual: 1959.45 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:141.61 GB) (Free:20.27 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 149 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 No Media 0 B 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 7621 MB 1024 KB
Partition 2 Primary 142 GB 7622 MB

======================================================================================================

Disk: 0
Partition 1
Type : 27
Hidden: Yes
Active: No

There is no volume associated with this partition.

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 142 GB Healthy System (partition with boot components)

======================================================================================================

****** End Of Log ******

#5 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:08 AM

Posted 14 September 2012 - 08:54 PM

Good work.We have removed it.

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply


Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

#6 HiRez

HiRez
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:08 AM

Posted 15 September 2012 - 02:29 PM

Thank you for your patience.

Here is the aswMBR result Log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-14 21:57:45
-----------------------------
21:57:45.711 OS Version: Windows 6.0.6002 Service Pack 2
21:57:45.711 Number of processors: 2 586 0xF0D
21:57:45.711 ComputerName: RAIN UserName: NA
21:57:48.083 Initialize success
22:04:57.198 AVAST engine defs: 12091400
22:05:53.857 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
22:05:53.873 Disk 0 Vendor: TOSHIBA_ DL03 Size: 152627MB BusType: 3
22:05:53.873 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000071
22:05:53.873 Disk 1 Vendor: ( Size: 152627MB BusType: 0
22:05:53.888 Disk 2 \Device\Harddisk2\DR2 -> \Device\00000072
22:05:53.888 Disk 2 Vendor: ( Size: 152627MB BusType: 0
22:05:53.904 Disk 0 MBR read successfully
22:05:53.904 Disk 0 MBR scan
22:05:53.951 Disk 0 Windows VISTA default MBR code
22:05:53.982 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 7621 MB offset 2048
22:05:53.998 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 145004 MB offset 15609856
22:05:54.013 Disk 0 scanning sectors +312579760
22:05:54.122 Disk 0 scanning C:\Windows\system32\drivers
22:06:15.245 Service scanning
22:07:03.511 Modules scanning
22:07:32.278 Disk 0 trace - called modules:
22:07:32.309 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iastor.sys
22:07:32.309 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86a4a9b8]
22:07:32.324 3 CLASSPNP.SYS[8a1ab8b3] -> nt!IofCallDriver -> [0x8599f1b8]
22:07:32.324 5 acpi.sys[898956bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x859a7030]
22:07:33.463 AVAST engine scan C:\Windows
22:07:39.563 AVAST engine scan C:\Windows\system32
22:15:41.104 AVAST engine scan C:\Windows\system32\drivers
22:16:03.911 AVAST engine scan C:\Users\NA
23:07:23.023 AVAST engine scan C:\ProgramData
23:18:50.858 Scan finished successfully
07:32:36.881 Disk 0 MBR has been saved successfully to "C:\Users\NA\Desktop\MBR.dat"
07:32:36.896 The log file has been saved successfully to "C:\Users\NA\Desktop\aswMBR.txt"

--------------------------------

Here is the Eset log:

C:\TDSSKiller_Quarantine\14.09.2012_21.17.31\mbr0000\tdlfs0000\tsk0005.dta Win32/Olmasco.O trojan cleaned by deleting - quarantined



----------------------------

I am currently running MBAM again full scan, will update when it is done. In the meantime, aswMBR has a button for 'fixMBR'. Do I use this at all, or should I simply exit.

Likewise, Eset has the option to delete delete quarantined files. Should I do this?

#7 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:08 AM

Posted 15 September 2012 - 03:25 PM

I am currently running MBAM again full scan, will update when it is done. In the meantime, aswMBR has a button for 'fixMBR'. Do I use this at all, or should I simply exit.

Likewise, Eset has the option to delete delete quarantined files. Should I do this?


Do not click FIXMBR

delete quarantined files

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

Download

FSS

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.



Download

adware cleaner

Launch it click on Delete

post the generated log

#8 HiRez

HiRez
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:08 AM

Posted 15 September 2012 - 09:49 PM

MBAM full scan reported clean (as did quickscan after reboot).


Here is the log for mini toolkit

MiniToolBox by Farbar Version: 23-07-2012
Ran by NA (administrator) on 15-09-2012 at 22:42:45
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================




127.0.0.1 localhost

========================= IP Configuration: ================================

VMware Virtual Ethernet Adapter for VMnet1 = Local Area Connection 2 (Connected)
Intel® Wireless WiFi Link 4965AGN = Wireless Network Connection (Connected)
VMware Virtual Ethernet Adapter for VMnet8 = Local Area Connection 3 (Connected)
Marvell Yukon 88E8036 PCI-E Fast Ethernet Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Rain
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Marvell Yukon 88E8036 PCI-E Fast Ethernet Controller
Physical Address. . . . . . . . . : 00-1A-80-49-78-7C
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® Wireless WiFi Link 4965AGN
Physical Address. . . . . . . . . : 00-13-E8-89-73-61
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::b06c:531c:5fd6:6649%9(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.104(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Saturday, September 15, 2012 7:46:15 PM
Lease Expires . . . . . . . . . . : Sunday, September 16, 2012 7:46:21 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 285217768
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-0E-A6-28-98-00-13-E8-89-73-61
DNS Servers . . . . . . . . . . . : 167.206.245.129
167.206.245.130
192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection 2:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter for VMnet1
Physical Address. . . . . . . . . : 00-50-56-C0-00-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::2070:d4a8:ab61:b5fb%15(Preferred)
Autoconfiguration IPv4 Address. . : 169.254.181.251(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 184569942
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-0E-A6-28-98-00-13-E8-89-73-61
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection 3:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter for VMnet8
Physical Address. . . . . . . . . : 00-50-56-C0-00-08
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::b56e:26ed:b831:dc64%16(Preferred)
Autoconfiguration IPv4 Address. . : 169.254.220.100(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 268456022
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-0E-A6-28-98-00-13-E8-89-73-61
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{432C376F-49B0-4AB2-93E3-D75C808D8884}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{F3190096-33E1-494F-8233-2FE9ECE13E18}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 16:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{8DD0245E-6B1C-4CBE-BF48-B500F51A0803}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 17:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{F7AA1536-A9CB-45AF-B44A-8B720C4C5CD7}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: vdns1.srv.prnynj.cv.net
Address: 167.206.245.129

Name: google.com
Addresses: 2607:f8b0:4006:802::1006
173.194.43.6
173.194.43.14
173.194.43.7
173.194.43.8
173.194.43.0
173.194.43.9
173.194.43.2
173.194.43.3
173.194.43.4
173.194.43.1
173.194.43.5



Pinging google.com [173.194.43.5] with 32 bytes of data:

Reply from 173.194.43.5: bytes=32 time=18ms TTL=55

Reply from 173.194.43.5: bytes=32 time=21ms TTL=55



Ping statistics for 173.194.43.5:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 18ms, Maximum = 21ms, Average = 19ms

Server: vdns1.srv.prnynj.cv.net
Address: 167.206.245.129

Name: yahoo.com
Addresses: 98.139.183.24
72.30.38.140
98.138.253.109



Pinging yahoo.com [98.139.183.24] with 32 bytes of data:

Reply from 98.139.183.24: bytes=32 time=156ms TTL=52

Reply from 98.139.183.24: bytes=32 time=102ms TTL=52



Ping statistics for 98.139.183.24:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 102ms, Maximum = 156ms, Average = 129ms

Server: vdns1.srv.prnynj.cv.net
Address: 167.206.245.129

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:

Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
10 ...00 1a 80 49 78 7c ...... Marvell Yukon 88E8036 PCI-E Fast Ethernet Controller
9 ...00 13 e8 89 73 61 ...... Intel® Wireless WiFi Link 4965AGN
15 ...00 50 56 c0 00 01 ...... VMware Virtual Ethernet Adapter for VMnet1
16 ...00 50 56 c0 00 08 ...... VMware Virtual Ethernet Adapter for VMnet8
1 ........................... Software Loopback Interface 1
19 ...00 00 00 00 00 00 00 e0 isatap.{432C376F-49B0-4AB2-93E3-D75C808D8884}
8 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
20 ...00 00 00 00 00 00 00 e0 isatap.{F3190096-33E1-494F-8233-2FE9ECE13E18}
17 ...00 00 00 00 00 00 00 e0 isatap.{8DD0245E-6B1C-4CBE-BF48-B500F51A0803}
18 ...00 00 00 00 00 00 00 e0 isatap.{F7AA1536-A9CB-45AF-B44A-8B720C4C5CD7}
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.104 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
169.254.0.0 255.255.0.0 On-link 169.254.220.100 276
169.254.0.0 255.255.0.0 On-link 169.254.181.251 276
169.254.181.251 255.255.255.255 On-link 169.254.181.251 276
169.254.220.100 255.255.255.255 On-link 169.254.220.100 276
169.254.255.255 255.255.255.255 On-link 169.254.220.100 276
169.254.255.255 255.255.255.255 On-link 169.254.181.251 276
192.168.1.0 255.255.255.0 On-link 192.168.1.104 281
192.168.1.104 255.255.255.255 On-link 192.168.1.104 281
192.168.1.255 255.255.255.255 On-link 192.168.1.104 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 169.254.181.251 276
224.0.0.0 240.0.0.0 On-link 169.254.220.100 276
224.0.0.0 240.0.0.0 On-link 192.168.1.104 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 169.254.181.251 276
255.255.255.255 255.255.255.255 On-link 169.254.220.100 276
255.255.255.255 255.255.255.255 On-link 192.168.1.104 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
15 276 fe80::/64 On-link
16 276 fe80::/64 On-link
9 281 fe80::/64 On-link
15 276 fe80::2070:d4a8:ab61:b5fb/128
On-link
9 281 fe80::b06c:531c:5fd6:6649/128
On-link
16 276 fe80::b56e:26ed:b831:dc64/128
On-link
1 306 ff00::/8 On-link
15 276 ff00::/8 On-link
16 276 ff00::/8 On-link
9 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 mswsock.dll [File Not found] ()
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 06 C:\Windows\System32\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 07 C:\Windows\system32\wshbth.dll [34304] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 31 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 32 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 33 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 34 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 35 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 36 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 37 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 38 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 39 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 40 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 41 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/15/2012 07:48:12 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (09/15/2012 07:48:12 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (09/15/2012 07:48:12 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (09/15/2012 07:48:12 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"1".
Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (09/15/2012 07:45:19 PM) (Source: VzCdbSvc) (User: )
Description: Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error code = 0x80042019)

Error: (09/15/2012 02:57:08 PM) (Source: SescLU) (User: )
Description: LiveUpdate returned a non-critical error. Available content updates may have failed to install.

Error: (09/15/2012 11:59:20 AM) (Source: SescLU) (User: )
Description: LiveUpdate returned a non-critical error. Available content updates may have failed to install.

Error: (09/15/2012 10:57:32 AM) (Source: SescLU) (User: )
Description: LiveUpdate returned a non-critical error. Available content updates may have failed to install.

Error: (09/15/2012 01:20:13 AM) (Source: MatSvc) (User: )
Description: The scheduled MATS task encountered a failure when collecting configuration data. hr=0x80092003
.

Error: (09/15/2012 01:20:11 AM) (Source: MatSvc) (User: )
Description: The MATS service encountered a failure when loading SAP. hr=0x80092003
SAP folder: C:\Program Files\Microsoft Fix it Center\SAPFolder\Scheduled\DDA435FA-6E05-4DBF-80FE-C4EBE882E798.32


System errors:
=============
Error: (09/15/2012 07:47:23 PM) (Source: Service Control Manager) (User: )
Description: Cdr4_xp

Error: (09/15/2012 07:47:22 PM) (Source: Service Control Manager) (User: )
Description: SharedAccess

Error: (09/15/2012 07:45:23 PM) (Source: Service Control Manager) (User: )
Description: Net.Tcp Listener AdapterNet.Tcp Port Sharing Service%%1058

Error: (09/15/2012 07:45:23 PM) (Source: Service Control Manager) (User: )
Description: Net.Pipe Listener Adapterwas

Error: (09/15/2012 07:45:23 PM) (Source: Service Control Manager) (User: )
Description: Net.Msmq Listener Adaptermsmq

Error: (09/15/2012 07:45:23 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (09/15/2012 07:45:18 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D215781D-019E-4FA0-903D-0CDCDE13A4F5}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (09/15/2012 07:41:14 PM) (Source: DCOM) (User: )
Description: {C2BFE331-6739-4270-86C9-493D9A04CD38}

Error: (09/15/2012 07:40:47 PM) (Source: DCOM) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (09/15/2012 11:04:51 AM) (Source: Dhcp) (User: )
Description: The IP address lease 192.168.1.108 for the Network Card with network address 0013E8897361 has been denied by the DHCP server 1.1.1.1 (The DHCP Server sent a DHCPNACK message).


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
AAC Decoder (Version: 7.1.0)
Activation Assistant for the 2007 Microsoft Office suites
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0)
Adobe Acrobat 8 Professional - English, Français, Deutsch (Version: 8.1.5)
Adobe Acrobat 8.1.5 - CPSID_49013
Adobe Acrobat 8.1.5 Professional (Version: 8.1.5)
Adobe AIR (Version: 1.5.3.9130)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.271)
Adobe Flash Player 11 Plugin (Version: 11.3.300.271)
Adobe Reader 8.2.0 (Version: 8.2.0)
Adobe Shockwave Player 11 (Version: 11)
AIM 6
Aim Plugin for QQ Games
AIMTunes
Alps Pointing-device for VAIO
Apple Software Update (Version: 2.0.2.92)
ArcSoft Magic-i Visual Effects Installer
AutoUpdate (Version: 1.1)
BitLord v2.0 (Version: v2.0)
ButtonDemo
Click to DVD 2.0.05 Menu Data (Version: 2.0.05)
Click to DVD 2.6.00 (Version: 2.6.00)
CodeBlocks (Version: 10.05)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Corel Paint Shop Pro Photo XI (Version: 11.10.0000)
Corel Snapfire (Version: 1.10.0000)
Crackle Screen Saver 1.0 (Version: 1.0)
Dell Driver Download Manager (Version: 1.0.0.0)
DivX Codec (Version: 6.8.5)
DivX Converter (Version: 7.0.0)
DivX Player (Version: 7.0.0)
DivX Plus DirectShow Filters
DivX Version Checker (Version: 7.0.0.19)
DivX Web Player (Version: 1.4.2)
DSD Direct (Version: 2.0.01)
DSD Playback Plug-in (Version: 1.1)
ESET Online Scanner v3
FrameDemo
FrameDemo2
Game Maker 8.0
GearDrvs (Version: 1)
H.264 Decoder (Version: 1.0.0)
HDAUDIO SoftV92 Data Fax Modem with SmartCP
Instant Mode (Version: 1.0.2)
Internet Explorer (Enable DEP)
Java 2 SDK, SE v1.4.2_02 (Version: 1.4.2_02)
Java 3D 1.4.0_01 (Version: 1.4.0_01)
Java Auto Updater (Version: 2.0.5.1)
Java DB 10.4.1.3 (Version: 10.4.1.3)
Java™ 6 Update 26 (Version: 6.0.260)
Java™ SE Development Kit 6 Update 13 (Version: 1.6.0.130)
jEdit 4.3pre12 (Version: 4.3pre12)
Karnaugh Map Minimizer 0.4 (Version: 0.4)
LiveUpdate 3.3 (Symantec Corporation) (Version: 3.3.0.99)
LocationFree Player (Version: 3.02.0000)
Malwarebytes Anti-Malware version 1.65.0.1400 (Version: 1.65.0.1400)
MATLAB Family of Products Release 14
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Multi-Targeting Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Fix it Center (Version: 1.0.0100)
Microsoft Help Viewer 1.0 (Version: 1.0.30319)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office XP Professional with FrontPage (Version: 10.0.2606.0)
Microsoft Security Client (Version: 4.0.1526.0)
Microsoft Security Essentials (Version: 4.0.1526.0)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server Compact 3.5 SP2 ENU (Version: 3.5.8080.0)
Microsoft VC9 runtime libraries (Version: 1.0.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (Version: 9.0.30729.4974)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 Express - ENU (Version: 10.0.30319)
Microsoft Works (Version: 9.7.0621)
mixi station (Version: 3.0.0)
MKV Splitter (Version: 1.0.0)
ModelSim PE Student Edition 6.5a
MSN Money Investment Toolbox (Version: 15 SP1)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
Norton 360 (Version: 1.2.0.10)
Notepad++ (Version: 5.8.7)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
OpenMG Limited Patch 4.7-07-15-19-01
OpenMG Secure Module 4.7.00 (Version: 4.7.00.12140)
QQ Games (Version: 2.0.102.36)
Quake Live Internet Explorer Plugin (Version: 1.0.491)
Quartus II 8.0 (Version: 8.0)
QuickBooks Product Listing Service (Version: 2.0.148)
QuickBooks Simple Start Free Starter Edition (Version: )
QuickTime (Version: 7.3.1.70)
Roxio Easy Media Creator Home (Version: 9.0.178)
Sentinel System Driver
Setting Utility Series (Version: 3.0.00.07240)
SigmaTel Audio (Version: 5.10.5102.0)
Skype Toolbars (Version: 1.0.4051)
Skype™ 4.2 (Version: 4.2.155)
SliderDemo
SonicStage Mastering Studio (Version: 2.3.01)
SonicStage Mastering Studio Audio Filter (Version: 2.3.01)
SonicStage Mastering Studio Audio Filter Custom Preset (Version: 2.3)
SonicStage Mastering Studio Plugins (Version: 2.4)
Sony Video Shared Library (Version: 3.2.00)
Spelling Dictionaries Support For Adobe Reader 8 (Version: 8.0.0)
Splashup Light (Version: 1.0)
Spybot - Search & Destroy (Version: 1.6.2)
SSH Secure Shell
SUPERAntiSpyware (Version: 5.0.1150)
SupportSoft Assisted Service (Version: 15)
Symantec Endpoint Protection (Version: 11.0.6200.754)
Trader Workstation
Tweaking.com - Windows Repair (All in One) (Version: 1.8.0)
Unity (Version: )
Unity Web Player (Version: )
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VAIO Azure Float Wallpaper (Version: 1.0.00.10100)
VAIO Camera Capture Utility (Version: 2.5.00.06250)
VAIO Center Access Bar (Version: 1.00.0622)
VAIO Content Folder Setting (Version: 1.0.00.07170)
VAIO Content Importer VAIO Content Exporter (Version: 1.2.00.06270)
VAIO Content Importer / VAIO Content Exporter (Version: 1.2.00.06270)
VAIO Content Metadata Intelligent Analyzing Manager (Version: 2.0.02.07130)
VAIO Content Metadata Manager Setting (Version: 2.0.01.07041)
VAIO Content Metadata XML Interface Library (Version: 2.0.01.07050)
VAIO Control Center (Version: 2.1.00.07110)
VAIO Entertainment Center (Version: 2.00.0711)
VAIO Entertainment Platform (Version: 3.0.00.06280)
VAIO Event Service (Version: 3.2.00.07240)
VAIO Floral Dusk Wallpaper (Version: 1.0.00.10100)
VAIO Help And Support (Version: 3.10.0724.FZVP)
VAIO Launcher (Version: 1.0.00.07090)
VAIO Media (Version: 6.0.10)
VAIO Media 6.0 (Version: 6.0.10)
VAIO Media AC3 Decoder 1.0
VAIO Media Content Collection 6.0
VAIO Media Integrated Server 6.1
VAIO Media Redistribution 6.0 (Version: 6.0.10)
VAIO Media Registration Tool (Version: 6.0.10)
VAIO Media Registration Tool 6.0 (Version: 6.0.10)
VAIO Movie Story (Version: 1.0.00.18280)
VAIO Movie Story Template Data (Version: 1.0.00.18280)
VAIO MusicBox (Version: 1.0.00.07090)
VAIO MusicBox Sample Music (Version: 1.0.00.07030)
VAIO OOBE (Version: 3.00.0710)
VAIO Original Function Setting (Version: 1.1.00.07130)
VAIO PC Wireless LAN Wizard (Version: 1.00.0716)
VAIO Power Management (Version: 2.2.00.06130)
VAIO Productivity Center (Version: 2.00.0702)
VAIO Security Center (Version: 5.00.0716)
VAIO Service Utility (Version: 1.1.1.3)
VAIO Survey (Version: 5.00.7207)
VAIO Teal Whisper Wallpaper (Version: 1.0.00.10100)
VAIO Update 3 (Version: 3.0.02.05090)
VC80CRTRedist - 8.0.50727.762 (Version: 1.0.0)
Viewpoint Media Player
Virtual DJ - Atomix Productions
VMware Player (Version: 2.5.0.4558)
WIDCOMM Bluetooth Software 6.1.0.1203 (Version: 6.1.0.1203)
Winamp (Version: 5.61 )
Winamp Detector Plug-in (Version: 1.0.0.1)
Winamp Remote (Version: 2.2008.0508.1530)
WinDVD for VAIO (Version: 8.0-B8.384)
WinRAR archiver
WinSCP 4.1.7 (Version: 4.1.7)
Wireless Switch Setting Utility (Version: 3.6.00.18210)
Xming 6.9.0.31 (Version: 6.9.0.31)
Xvid 1.1.3 final uninstall (Version: 1.1)
Yahoo! Messenger

========================= Memory info: ===================================

Percentage of memory in use: 45%
Total physical RAM: 2549.69 MB
Available physical RAM: 1400.41 MB
Total Pagefile: 5316.17 MB
Available Pagefile: 4222.53 MB
Total Virtual: 2047.88 MB
Available Virtual: 1941.08 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:141.61 GB) (Free:21.39 GB) NTFS

========================= Users: ========================================

User accounts for \\RAIN

__vmware_user__ Administrator ASPNET
cyg_server Guest hadoop-user
NA


**** End of log ****


Here is the log of FSS

Farbar Service Scanner Version: 06-08-2012
Ran by NA (administrator) on 15-09-2012 at 22:48:04
Running from "C:\Users\NA\Downloads\fixcomp"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============
BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll
[2008-09-19 12:06] - [2008-01-19 03:34] - 0288256 ____A (Microsoft Corporation) E1499BD0FF76B1B2FBBF1AF339D91165

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

Here is the adwcleaner log:

# AdwCleaner v2.001 - Logfile created 09/15/2012 at 22:52:21
# Updated 09/09/2012 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : NA - RAIN
# Boot Mode : Normal
# Running from : C:\Users\NA\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : Viewpoint Manager Service

***** [Files / Folders] *****

Folder Deleted : C:\Program Files\Viewpoint
Folder Deleted : C:\ProgramData\Viewpoint
Folder Deleted : C:\Users\NA\AppData\LocalLow\Viewpoint

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\Software\Viewpoint

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

*************************

AdwCleaner[S1].txt - [2369 octets] - [15/09/2012 22:52:21]

########## EOF - C:\AdwCleaner[S1].txt - [2429 octets] ##########



I see I may have some problems left. What would be the next step?

Thanks.

Edited by HiRez, 15 September 2012 - 10:01 PM.


#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:08 AM

Posted 16 September 2012 - 02:09 AM

Download

BITS

Launch them ,click YES when you get UAC prompt

Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the text contents here

#10 HiRez

HiRez
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:08 AM

Posted 16 September 2012 - 09:53 AM

BITS was run.


rkill Log:

Rkill 2.3.15 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 09/16/2012 10:45:05 AM in x86 mode.
Windows Version: Windows Vista ™ Home Premium Service Pack 2

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* iphlpsvc [Missing Service]

* pcmcia => system32\DRIVERS\pcmcia.sys [Incorrect ImagePath]

Searching for Missing Digital Signatures:

* No issues found.

Program finished at: 09/16/2012 10:45:23 AM
Execution time: 0 hours(s), 0 minute(s), and 17 seconds(s)


autoruns log:

"HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms" "" "" ""
+ "rdpclip" "" "" "File not found: rdpclip"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Acrobat Assistant 8.0" "AcroTray" "Adobe Systems Inc." "c:\program files\adobe\acrobat 8.0\acrobat\acrotray.exe"
+ "Adobe ARM" "Adobe Reader and Acrobat Manager" "Adobe Systems Incorporated" "c:\program files\common files\adobe\arm\1.0\adobearm.exe"
+ "Adobe Reader Speed Launcher" "Adobe Acrobat SpeedLauncher" "Adobe Systems Incorporated" "c:\program files\adobe\reader 8.0\reader\reader_sl.exe"
+ "Apoint" "Alps Pointing-device Driver" "Alps Electric Co., Ltd." "c:\program files\apoint\apoint.exe"
+ "ccApp" "Symantec User Session" "Symantec Corporation" "c:\program files\common files\symantec shared\ccapp.exe"
+ "HotKeysCmds" "hkcmd Module" "Intel Corporation" "c:\windows\system32\hkcmd.exe"
+ "IgfxTray" "igfxTray Module" "Intel Corporation" "c:\windows\system32\igfxtray.exe"
+ "MSC" "Microsoft Security Client User Interface" "Microsoft Corporation" "c:\program files\microsoft security client\msseces.exe"
+ "Persistence" "persistence Module" "Intel Corporation" "c:\windows\system32\igfxpers.exe"
+ "QuickTime Task" "QuickTime Task" "Apple Inc." "c:\program files\quicktime\qttask.exe"
+ "SunJavaUpdateSched" "" "" "File not found: C:\Program Files\Java\jre6\bin\jusched.exe"
+ "VMware hqtray" "VMware Host Network Access Status Tray Application" "VMware, Inc." "c:\program files\vmware\vmware player\hqtray.exe"
+ "VWLASU" "AutoLaunchWLASU" "Sony Electronics, Inc." "c:\program files\sony\vaio pc wireless lan wizard\autolaunchwlasu.exe"
+ "WinampAgent" "Winamp Agent" "Nullsoft, Inc." "c:\program files\winamp\winampa.exe"
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup" "" "" ""
+ "Bluetooth.lnk" "Bluetooth Tray Application" "Broadcom Corporation." "c:\program files\widcomm\bluetooth software\bttray.exe"
+ "Microsoft Office.lnk" "Microsoft Office XP component" "Microsoft Corporation" "c:\program files\microsoft office\office10\osa.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows Mail 7" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe"
"HKLM\SOFTWARE\Microsoft\Windows CE Services\AutoStartOnConnect" "" "" ""
+ "BTW Setup Wizard" "BtWizard Module" "Broadcom Corporation." "c:\windows\system32\btwizard.dll"
"HKLM\SOFTWARE\Classes\Protocols\Filter" "" "" ""
+ "text/xml" "Microsoft Office XML MIME Filter" "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\msoxmlmf.dll"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
+ "cdo" "Microsoft SharePoint Portal Server Object Model" "Microsoft Corporation" "c:\program files\common files\microsoft shared\web folders\pkmcdo.dll"
+ "ms-help" "Microsoft® Help Data Services Module" "Microsoft Corporation" "c:\program files\common files\microsoft shared\help\hxds.dll"
+ "ms-itss" "Microsoft® InfoTech Storage System Library" "Microsoft Corporation" "c:\program files\common files\microsoft shared\information retrieval\msitss.dll"
+ "mso-offdap" "Microsoft Office XP Web Components" "Microsoft Corporation" "c:\program files\common files\microsoft shared\web components\10\owc10.dll"
+ "skype-ie-addon-data" "Skype add-on for IE" "Skype Technologies S.A." "c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll"
+ "skype4com" "Skype for COM API" "Skype Technologies" "c:\program files\common files\skype\skype4com.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks" "" "" ""
+ "SABShellExecuteHook Class" "ShellExecuteHook" "SuperAdBlocker.com" "c:\program files\superantispyware\sasseh.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "Adobe.Acrobat.ContextMenu" "Adobe Acrobat Context Menu" "Adobe Systems Inc." "c:\program files\adobe\acrobat 8.0\acrobat elements\contextmenu.dll"
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\microsoft security client\shellext.dll"
+ "LDVPMenu" "Symantec AntiVirus" "Symantec Corporation" "c:\program files\symantec\symantec endpoint protection\vpshell2.dll"
+ "Notepad++" "ShellHandler for Notepad++ (64 bit)" "" "c:\program files\notepad++\nppshell_04.dll"
+ "SASContextMenu Class" "SUPERAntiSpyware Context Menu Extension" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sasctxmn.dll"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers" "" "" ""
+ "EPP" "Microsoft Security Client Shell Extension" "Microsoft Corporation" "c:\program files\microsoft security client\shellext.dll"
+ "SASContextMenu Class" "SUPERAntiSpyware Context Menu Extension" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sasctxmn.dll"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Classes\Directory\Shellex\DragDropHandlers" "" "" ""
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Classes\Directory\Shellex\CopyHookHandlers" "" "" ""
+ "Monitor" "BTNCopy Module" "Broadcom Corporation." "c:\windows\system32\btncopy.dll"
+ "WinSCPCopyHook" "Drag&Drop shell extension for WinSCP (32-bit)" "Martin Prikryl" "c:\program files\winscp\dragext.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "igfxcui" "igfxpph Module" "Intel Corporation" "c:\windows\system32\igfxpph.dll"
"HKLM\Software\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "Adobe.Acrobat.ContextMenu" "Adobe Acrobat Context Menu" "Adobe Systems Inc." "c:\program files\adobe\acrobat 8.0\acrobat elements\contextmenu.dll"
+ "LDVPMenu" "Symantec AntiVirus" "Symantec Corporation" "c:\program files\symantec\symantec endpoint protection\vpshell2.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files\malwarebytes' anti-malware\mbamext.dll"
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers" "" "" ""
+ "WinRAR" "" "" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Conversion Toolbar Helper" "Adobe PDF Toolbar for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\adobe\acrobat 8.0\acrobat\acroiefavclient.dll"
+ "Adobe PDF Reader Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll"
+ "Java™ Plug-In 2 SSV Helper" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\jp2ssv.dll"
+ "Skype add-on for Internet Explorer" "Skype add-on for IE" "Skype Technologies S.A." "c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll"
+ "Spybot-S&D IE Protection" "SBSD IE Protection" "Safer Networking Limited" "c:\program files\spybot - search & destroy\sdhelper.dll"
+ "SSVHelper Class" "Java™ Platform SE binary" "Sun Microsystems, Inc." "c:\program files\java\jre6\bin\ssv.dll"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "Adobe PDF" "Adobe PDF Toolbar for Internet Explorer" "Adobe Systems Incorporated" "c:\program files\adobe\acrobat 8.0\acrobat\acroiefavclient.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "S&end to OneNote" "Microsoft Office OneNote Internet Explorer Add-in" "Microsoft Corporation" "c:\program files\microsoft office\office12\onbttnie.dll"
+ "Send to &Bluetooth Device..." "" "" "c:\program files\widcomm\bluetooth software\btsendto_ie.htm"
+ "Skype add-on for Internet Explorer" "Skype add-on for IE" "Skype Technologies S.A." "c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll"
+ "Spybot - Search & Destroy Configuration" "SBSD IE Protection" "Safer Networking Limited" "c:\program files\spybot - search & destroy\sdhelper.dll"
"Task Scheduler" "" "" ""
+ "\Adobe Flash Player Updater" "Adobe® Flash® Player Update Service 11.3 r300" "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe"
+ "\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan" "Microsoft Malware Protection Command Line Utility" "Microsoft Corporation" "c:\program files\microsoft security client\mpcmdrun.exe"
+ "\Microsoft\Microsoft Antimalware\MpIdleTask" "Microsoft Malware Protection Command Line Utility" "Microsoft Corporation" "c:\program files\microsoft security client\mpcmdrun.exe"
+ "\Microsoft\Support\Microsoft Fix it Center\ConfigExec" "Microsoft Automated Troubleshooting Service Client" "Microsoft Corporation" "c:\program files\microsoft fix it center\matsapi.dll"
+ "\Microsoft\Support\Microsoft Fix it Center\OSUpgrade" "Microsoft Automated Troubleshooting Service Client" "Microsoft Corporation" "c:\program files\microsoft fix it center\matsapi.dll"
+ "\Microsoft\Windows Defender\MP Scheduled Scan" "Windows Defender Command Line Utility" "Microsoft Corporation" "c:\program files\windows defender\mpcmdrun.exe"
+ "\Microsoft\Windows Defender\MP Scheduled Signature Update" "Windows Defender Command Line Utility" "Microsoft Corporation" "c:\program files\windows defender\mpcmdrun.exe"
+ "\Microsoft\Windows\Wired\GatherWiredInfo" "" "" "c:\windows\system32\gatherwiredinfo.vbs"
+ "\Microsoft\Windows\Wireless\GatherWirelessInfo" "" "" "c:\windows\system32\gatherwirelessinfo.vbs"
+ "\SONY\VAIO Update\VAIO Update" "VAIO Update" "Sony Corporation" "c:\program files\sony\vaio update 3\vaioupdt.exe"
+ "\SONY\WSSU\WSSU" "Wireless Switch Setting Utility" "Sony Corporation" "c:\program files\sony\wireless switch setting utility\switcher.exe"
+ "\VAIO Service Utility" "" "" "c:\program files\sony\vaio service utility\vaio-su.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "!SASCORE" "SUPERAntiSpyware Core Service" "SUPERAntiSpyware.com" "c:\program files\superantispyware\sascore.exe"
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\system32\macromed\flash\flashplayerupdateservice.exe"
+ "ccEvtMgr" "Event propagation and logging service" "Symantec Corporation" "c:\program files\common files\symantec shared\ccsvchst.exe"
+ "ccSetMgr" "Settings storage and management service" "Symantec Corporation" "c:\program files\common files\symantec shared\ccsvchst.exe"
+ "CLTNetCnService" "Symantec Lic NetConnect Service" "Symantec Corporation" "c:\program files\common files\symantec shared\ccsvchst.exe"
+ "FLEXnet Licensing Service" "This service performs licensing functions on behalf of FLEXnet enabled products." "Macrovision Europe Ltd." "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe"
+ "IDriverT" "Provides support for the Running Object Table for InstallShield Drivers" "Macrovision Corporation" "c:\program files\common files\installshield\driver\1150\intel 32\idrivert.exe"
+ "IviRegMgr" "RegMgr Module" "InterVideo" "c:\program files\common files\intervideo\regmgr\iviregmgr.exe"
+ "JTAGServer" "" "" "c:\altera\80\quartus\bin\jtagserver.exe"
+ "LiveUpdate" "LiveUpdate Core Engine" "Symantec Corporation" "c:\program files\symantec\liveupdate\lucomserver_3_3.exe"
+ "MatSvc" "Microsoft Automated Troubleshooting Service" "Microsoft Corporation" "c:\program files\microsoft fix it center\matsvc.exe"
+ "MDM" "Manages local and remote debugging for Visual Studio debuggers" "Microsoft Corporation" "c:\program files\common files\microsoft shared\vs7debug\mdm.exe"
+ "MSCSPTISRV" "MSCSPTISRV Module" "Sony Corporation" "c:\program files\common files\sony shared\avlib\mscsptisrv.exe"
+ "NisSrv" "Helps guard against intrusion attempts targeting known and newly discovered vulnerabilities in network protocols" "Microsoft Corporation" "c:\program files\microsoft security client\nissrv.exe"
+ "odserv" "Run portions of Microsoft Office Diagnostics." "Microsoft Corporation" "c:\program files\common files\microsoft shared\office12\odserv.exe"
+ "ose" "Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports." "Microsoft Corporation" "c:\program files\common files\microsoft shared\source engine\ose.exe"
+ "PACSPTISVR" "PACSPTISVR Module" "" "c:\program files\common files\sony shared\avlib\pacsptisvr.exe"
+ "QBCFMonitorService" "Used to monitor system for new/copied QuickBooks files and prepare them to be serviced by the QBDBSvr" "Intuit" "c:\program files\common files\intuit\quickbooks\qbcfmonitorservice.exe"
+ "QBFCService" "QuickBooks FCS module" "Intuit Inc." "c:\program files\common files\intuit\quickbooks\fcs\intuit.quickbooks.fcs.exe"
+ "SmcService" "Provides communication with the Symantec Endpoint Protection Manager. It also provides network threat protection and application and device control for the client." "Symantec Corporation" "c:\program files\symantec\symantec endpoint protection\smc.exe"
+ "SPTISRV" "SPTISRV Module" "Sony Corporation" "c:\program files\common files\sony shared\avlib\sptisrv.exe"
+ "sshd" "" "" "c:\cygwin\bin\cygrunsrv.exe"
+ "STacSV" "Manages SigmaTel Audio Universal Jack configurations." "SigmaTel, Inc." "c:\windows\system32\stacsv.exe"
+ "Symantec AntiVirus" "Provides virus-scanning for Symantec Endpoint Protection." "Symantec Corporation" "c:\program files\symantec\symantec endpoint protection\rtvscan.exe"
+ "ufad-ws60" "VMware Agent Service" "VMware, Inc." "c:\program files\vmware\vmware player\vmware-ufad.exe"
+ "VAIO Entertainment TV Device Arbitration Service" "Hardware Resource Manager" "Sony Corporation" "c:\program files\common files\sony shared\vaio entertainment platform\vzcs\vzhardwareresourcemanager\vzhardwareresourcemanager.exe"
+ "VAIO Event Service" "Provides the hardware event managing service for VAIO. During termination of this service, some fuctions such as Special button ,Hotkey ,and VAIO original powermanagement are limited." "Sony Corporation" "c:\program files\sony\vaio event service\vesmgr.exe"
+ "VAIOMediaPlatform-IntegratedServer-AppServer" "VAIO Media Integrated Server" "Sony Corporation" "c:\program files\sony\vaio media integrated server\vmisrv.exe"
+ "VAIOMediaPlatform-IntegratedServer-HTTP" "Sony HTTP Server" "Sony Corporation" "c:\program files\sony\vaio media integrated server\platform\sv_httpd.exe"
+ "VAIOMediaPlatform-IntegratedServer-UPnP" "Sony UPnP Framework" "Sony Corporation" "c:\program files\sony\vaio media integrated server\platform\upnpframework.exe"
+ "VAIOMediaPlatform-Mobile-Gateway" "VAIO Media Gateway Server" "Sony Corporation" "c:\program files\sony\vaio media integrated server\platform\vmgateway.exe"
+ "VAIOMediaPlatform-UCLS-AppServer" "VAIO Media Content Collection" "Sony Corporation" "c:\program files\sony\vaio media integrated server\ucls.exe"
+ "VAIOMediaPlatform-UCLS-HTTP" "Sony HTTP Server" "Sony Corporation" "c:\program files\sony\vaio media integrated server\platform\sv_httpd.exe"
+ "VAIOMediaPlatform-UCLS-UPnP" "Sony UPnP Framework" "Sony Corporation" "c:\program files\sony\vaio media integrated server\platform\upnpframework.exe"
+ "VcmIAlzMgr" "VAIO Content Metadata Intelligent Analyzing Manager" "Sony Corporation" "c:\program files\sony\vcm intelligent analyzing manager\vcmialzmgr.exe"
+ "VcmXmlIfHelper" "VcmXml Helper Interface" "Sony Corporation" "c:\program files\common files\sony shared\vcmxml\vcmxmlifhelper.exe"
+ "Vcsw" "VAIO Entertainment UPnP Client Adapter" "Sony Corporation" "c:\program files\common files\sony shared\vaio entertainment platform\vcsw\vcsw.exe"
+ "VMAuthdService" "Authorization and authentication service for starting and accessing virtual machines" "VMware, Inc." "c:\program files\vmware\vmware player\vmware-authd.exe"
+ "VMnetDHCP" "DHCP service for virtual networks" "VMware, Inc." "c:\windows\system32\vmnetdhcp.exe"
+ "VMware NAT Service" "Network address translation for virtual networks" "VMware, Inc." "c:\windows\system32\vmnat.exe"
+ "VzCdbSvc" "VAIO Entertainment Database Service" "Sony Corporation" "c:\program files\common files\sony shared\vaio entertainment platform\vzcdb\vzcdbsvc.exe"
+ "VzFw" "VAIO Entertainment File Import Service" "Sony Corporation" "c:\program files\common files\sony shared\vaio entertainment platform\vzcdb\vzfw.exe"
+ "WinDefend" "Scan your computer for unwanted software, schedule scans, and get the latest unwanted software definitions." "Microsoft Corporation" "c:\program files\windows defender\mpsvc.dll"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
+ "XAudioService" "User-mode gate for Modem Speakerphone" "Conexant Systems, Inc." "c:\windows\system32\drivers\xaudio.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "ApfiltrService" "Alps Touch Pad Driver" "Alps Electric Co., Ltd." "c:\windows\system32\drivers\apfiltr.sys"
+ "BrFiltLo" "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltlo.sys"
+ "BrFiltUp" "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltup.sys"
+ "BrUsbSer" "Brother USB Serial Driver" "Brother Industries Ltd." "c:\windows\system32\drivers\brusbser.sys"
+ "btwaudio" "Bluetooth Audio Device" "Broadcom Corporation." "c:\windows\system32\drivers\btwaudio.sys"
+ "btwavdt" "Broadcom Bluetooth AVDT Service" "Broadcom Corporation." "c:\windows\system32\drivers\btwavdt.sys"
+ "btwl2cap" "Broadcom Bluetooth L2CAP Service" "Broadcom Corporation." "c:\windows\system32\drivers\btwl2cap.sys"
+ "btwrchid" "Bluetooth Remote Control HID Minidriver" "Broadcom Corporation." "c:\windows\system32\drivers\btwrchid.sys"
+ "Cdr4_xp" "CDR4 CD and DVD Place Holder Driver (see PxHelp)" "Sonic Solutions" "c:\windows\system32\drivers\cdr4_xp.sys"
+ "Cdralw2k" "CDRAL Place Holder Driver (see PxHelp)" "Sonic Solutions" "c:\windows\system32\drivers\cdralw2k.sys"
+ "COH_Mon" "Confidence Online v6.1 WDM driver (6,1,4,10)" "Symantec Corporation" "c:\windows\system32\drivers\coh_mon.sys"
+ "DMICall" "Windows 2000 DMI Call Kernel Driver" "Sony Corporation" "c:\windows\system32\drivers\dmicall.sys"
+ "E1G60" "Intel® PRO/1000 Adapter NDIS 6 deserialized driver" "Intel Corporation" "c:\windows\system32\drivers\e1g60i32.sys"
+ "eeCtrl" "Symantec Eraser Control Driver" "Symantec Corporation" "c:\program files\common files\symantec shared\eengine\eectrl.sys"
+ "EraserUtilRebootDrv" "Symantec Eraser Utility Driver" "Symantec Corporation" "c:\program files\common files\symantec shared\eengine\eraserutilrebootdrv.sys"
+ "GEARAspiWDM" "CD/DVD Class Filter Driver" "GEAR Software Inc." "c:\windows\system32\drivers\gearaspiwdm.sys"
+ "hcmon" "VMware USB Driver" "VMware, Inc." "c:\windows\system32\drivers\hcmon.sys"
+ "hitmanpro36" "HitmanPro 3.6 Support Driver" "" "c:\windows\system32\drivers\hitmanpro36.sys"
+ "HSF_DPV" "HSF_DP driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\hsx_dpv.sys"
+ "HSFHWAZL" "HSF_HWAZL WDM driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\vstazl3.sys"
+ "HSXHWAZL" "HSF_HWAZL WDM driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\hsxhwazl.sys"
+ "iaStor" "Intel Matrix Storage Manager driver - ia32" "Intel Corporation" "c:\windows\system32\drivers\iastor.sys"
+ "iaStorV" "Intel Matrix Storage Manager driver (base)" "Intel Corporation" "c:\windows\system32\drivers\iastorv.sys"
+ "igfx" "Intel Graphics Kernel Mode Driver" "Intel Corporation" "c:\windows\system32\drivers\igdkmd32.sys"
+ "IpInIp" "IP in IP Tunnel Driver" "" "File not found: system32\DRIVERS\ipinip.sys"
+ "mdmxsdk" "Diagnostic Interface x86 Driver" "Conexant" "c:\windows\system32\drivers\mdmxsdk.sys"
+ "NAVENG" "AV Engine" "Symantec Corporation" "c:\programdata\symantec\definitions\virusdefs\20120915.008\naveng.sys"
+ "NAVEX15" "AV Engine" "Symantec Corporation" "c:\programdata\symantec\definitions\virusdefs\20120915.008\navex15.sys"
+ "NETw4v32" "Intel® Wireless WiFi Link Driver" "Intel Corporation" "c:\windows\system32\drivers\netw4v32.sys"
+ "NwlnkFlt" "IPX Traffic Filter Driver" "" "File not found: system32\DRIVERS\nwlnkflt.sys"
+ "NwlnkFwd" "IPX Traffic Forwarder Driver" "" "File not found: system32\DRIVERS\nwlnkfwd.sys"
+ "PxHelp20" "Px Engine Device Driver for Windows 2000/XP" "Sonic Solutions" "c:\windows\system32\drivers\pxhelp20.sys"
+ "R5U870FLx86" "Description string for UvcFilter driver" "Ricoh" "c:\windows\system32\drivers\r5u870flx86.sys"
+ "R5U870FUx86" "Description string for UvcUpperFilter driver" "Ricoh" "c:\windows\system32\drivers\r5u870fux86.sys"
+ "regi" "regi driver" "InterVideo" "c:\windows\system32\drivers\regi.sys"
+ "SASDIFSV" "SASDIFSV.SYS" "SUPERAdBlocker.com and SUPERAntiSpyware.com" "c:\program files\superantispyware\sasdifsv.sys"
+ "SASKUTIL" "SASKUTIL.SYS" "SUPERAdBlocker.com and SUPERAntiSpyware.com" "c:\program files\superantispyware\saskutil.sys"
+ "secdrv" "Macrovision SECURITY Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "Sentinel" "Sentinel System Driver (NT Parallel driver)" "Rainbow Technologies, Inc." "c:\windows\system32\drivers\sentinel.sys"
+ "SNC" "Sony Firmware Extension Parser driver" "Sony Corporation" "c:\windows\system32\drivers\sonync.sys"
+ "Sntnlusb" "Rainbow Technologies Sentinel Device Driver" "Rainbow Technologies Inc." "c:\windows\system32\drivers\sntnlusb.sys"
+ "SonyImgF" "Sony Image Filter Driver" "Sony Corporation" "c:\windows\system32\drivers\sonyimgf.sys"
+ "SPBBCDrv" "SPBBC Driver" "Symantec Corporation" "c:\program files\common files\symantec shared\spbbc\spbbcdrv.sys"
+ "SRTSP" "Symantec AutoProtect" "Symantec Corporation" "c:\windows\system32\drivers\srtsp.sys"
+ "SRTSPL" "Symantec AutoProtect" "Symantec Corporation" "c:\windows\system32\drivers\srtspl.sys"
+ "SRTSPX" "Symantec AutoProtect" "Symantec Corporation" "c:\windows\system32\drivers\srtspx.sys"
+ "STHDA" "NDRC" "SigmaTel, Inc." "c:\windows\system32\drivers\stwrt.sys"
+ "SymEvent" "Symantec Event Library" "Symantec Corporation" "c:\windows\system32\drivers\symevent.sys"
+ "SYMREDRV" "Redirector Filter Driver" "Symantec Corporation" "c:\windows\system32\drivers\symredrv.sys"
+ "SYMTDI" "Network Dispatch Driver" "Symantec Corporation" "c:\windows\system32\drivers\symtdi.sys"
+ "ti21sony" "ti21sony.sys" "Texas Instruments" "c:\windows\system32\drivers\ti21sony.sys"
+ "UIUSys" "" "" "File not found: system32\DRIVERS\UIUSYS.SYS"
+ "vmci" "Virtual Machine Communication Interface" "VMware, Inc." "c:\windows\system32\drivers\vmci.sys"
+ "vmkbd2" "VMware Keyboard Driver" "VMware, Inc." "c:\windows\system32\drivers\vmkbd.sys"
+ "VMnetAdapter" "Driver for VMware's Virtual Ethernet Adapters Ver. 2" "VMware, Inc." "c:\windows\system32\drivers\vmnetadapter.sys"
+ "VMnetBridge" "VMware Bridge Protocol" "VMware, Inc." "c:\windows\system32\drivers\vmnetbridge.sys"
+ "VMnetuserif" "Allows VMware applications to use virtual networks." "VMware, Inc." "c:\windows\system32\drivers\vmnetuserif.sys"
+ "vmx86" "VMware Virtualization Driver" "VMware, Inc." "c:\windows\system32\drivers\vmx86.sys"
+ "vstor2-ws60" "VMware Virtual Storage Volume Driver" "VMware, Inc." "c:\program files\vmware\vmware player\vstor2-ws60.sys"
+ "winachsf" "HSF_CNXT driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\hsx_cnxt.sys"
+ "XAudio" "Modem Audio Device Driver" "Conexant Systems, Inc." "c:\windows\system32\drivers\xaudio.sys"
+ "yukonwlh" "NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller" "Marvell" "c:\windows\system32\drivers\yk60x86.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
+ "msacm.sl_anet" "Audio codec for MS ACM" "Sipro Lab Telecom Inc." "c:\windows\system32\sl_anet.acm"
+ "SENTINEL" "Sentinel Driver Setup DLL" "Rainbow Technologies, Inc." "c:\windows\system32\snti386.dll"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\system32\iccvid.dll"
+ "vidc.DIVX" "DivX" "DivX, Inc." "c:\windows\system32\divx.dll"
+ "VIDC.dvsd" "Video for Windows driver for DV" "Sony Corporation" "c:\program files\common files\sony shared\videolib\sonydv.dll"
+ "VIDC.VMnc" "VMware Movie decoder" "VMware, Inc." "c:\windows\system32\vmnc.dll"
+ "vidc.XVID" "" "" "c:\windows\system32\xvidvfw.dll"
+ "vidc.yv12" "DivX" "DivX, Inc." "c:\windows\system32\divx.dll"
"HKLM\Software\Classes\Filter" "" "" ""
+ "Sonic MP4 Demultiplexer" "Sonic MP4 Demultiplexer" "Sonic Solutions Inc." "c:\program files\common files\sonic shared\sonicmc01\sonicmp4demux.ax"
+ "Sonic MP4 Demultiplexer" "Sonic MP4 Demultiplexer" "Sonic Solutions Inc." "c:\program files\common files\sonic shared\sonicmc01\sonicmp4demux.ax"
+ "Sony MPEG2 TS Splitter Ex" "" "Sony Corporation" "c:\program files\common files\sony shared\videolib\tssplt_s.ax"
+ "Sony MPEG2 TS Splitter Ex" "" "Sony Corporation" "c:\program files\common files\sony shared\videolib\tssplt_s.ax"
+ "Waves L1-Ultramaximizer+" "L1" "K. S. Waves Ltd" "c:\program files\common files\sony shared\avlib\sonicstage effect plugins\l1vaio.dll"
+ "Waves L1-Ultramaximizer+" "L1" "K. S. Waves Ltd" "c:\program files\common files\sony shared\avlib\sonicstage effect plugins\l1vaio.dll"
+ "Waves RBass" "Renaissance Bass" "K. S. Waves Ltd." "c:\program files\common files\sony shared\avlib\sonicstage effect plugins\rbassvaio.dll"
+ "Waves RBass" "Renaissance Bass" "K. S. Waves Ltd." "c:\program files\common files\sony shared\avlib\sonicstage effect plugins\rbassvaio.dll"
+ "Waves S1-Shuffler" "S1" "K. S. Waves Ltd" "c:\program files\common files\sony shared\avlib\sonicstage effect plugins\s1vaio.dll"
+ "Waves S1-Shuffler" "S1" "K. S. Waves Ltd" "c:\program files\common files\sony shared\avlib\sonicstage effect plugins\s1vaio.dll"
+ "Waves S360 Imager s/5.0" "S360" "Waves Ltd Ltd" "c:\program files\common files\sony shared\avlib\sonicstage effect plugins\s360vaio.dll"
+ "Waves S360 Imager s/5.0" "S360" "Waves Ltd Ltd" "c:\program files\common files\sony shared\avlib\sonicstage effect plugins\s360vaio.dll"
+ "Waves S360 Imager s/5.1" "S360" "Waves Ltd Ltd" "c:\program files\common files\sony shared\avlib\sonicstage effect plugins\s360vaio.dll"
+ "Waves S360 Imager s/5.1" "S360" "Waves Ltd Ltd" "c:\program files\common files\sony shared\avlib\sonicstage effect plugins\s360vaio.dll"
"HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance" "" "" ""
+ "9x8Resize" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "aac_parser" "Direct show parser filter for ADTS" "" "c:\program files\winamp remote\bin\aac_parser.ax"
+ "Allocator Fix" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Bitmap" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Capture ASF Writer" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "CoreAAC Audio Decoder" "CoreAAC" "" "c:\program files\winamp remote\bin\coreaac.ax"
+ "CoreCaption Filter" "CoreCaption DLL" "Corel Software, Inc." "c:\program files\common files\corel\directshowcomponents\corecaption.ax"
+ "CoreImgSrc" "COREIMGFLT DLL" "Corel Software, Inc." "c:\program files\common files\corel\directshowcomponents\coreimgsrc.ax"
+ "CoreMovSrc" "COREMOVFLT DLL" "Corel Software, Inc." "c:\program files\common files\corel\directshowcomponents\coremovsrc.ax"
+ "CoreNullXfrm Filter" "CORENULLXFRM DLL" "Corel Software, Inc." "c:\program files\common files\corel\directshowcomponents\corenullxfrm.ax"
+ "CoreVolume Filter" "COREVOLUME DLL" "Corel Software, Inc." "c:\program files\common files\corel\directshowcomponents\corevolume.ax"
+ "DivX AAC Decoder" "AAC Audio Decoder Filter" "DivX, Inc." "c:\program files\divx\divx plus directshow filters\daac.ax"
+ "DivX Decoder Filter" "DivX® Decoder Filter" "DivX, Inc." "c:\windows\system32\divxdec.ax"
+ "DivX H.264 Decoder" "DivX H.264 Decoder Filter" "DivX, Inc." "c:\program files\divx\divx plus directshow filters\divxdech264.ax"
+ "DivX MKV Demux" "DivX MKV Splitter" "" "c:\program files\divx\divx plus directshow filters\dmfsource.ax"
+ "DSD File Source" "DSDSourceFilter DLL" "Sony Corporation" "c:\program files\common files\sony shared\avlib\dsd playback\dsdsourcefilter.ax"
+ "DSF Renderer" "DSDRendererFilter DLL" "Sony Corporation" "c:\program files\common files\sony shared\avlib\dsd playback\dsdrendererfilter.ax"
+ "Frame Eater" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "FullTS2PartialTS" "Infinite FullTS2PartialTS Filter (Sample)" "Microsoft Corporation" "c:\program files\intervideo\common\bin\ulfullts2partialts.ax"
+ "Intervideo 3gFileSource" "Intervideo 3G File Source Filter" "Microsoft Corporation" "c:\program files\intervideo\common\bin\source3g.ax"
+ "Intervideo AMR Decoder" "IVI AMR Decoding" "Intervideo, Inc." "c:\program files\intervideo\common\bin\amrdec.ax"
+ "InterVideo Audio Decoder" "IVIAUDIO LOGID.51667" "InterVideo Inc." "c:\program files\intervideo\common\bin\iviaudio.ax"
+ "InterVideo Demultiplexer" "InterVideo?MPEG System Demultiplexer Filter" "InterVideo Inc." "c:\program files\intervideo\common\bin\ividemux.ax"
+ "InterVideo Navigator" "IVINAV LOGID.51667" "InterVideo Inc." "c:\program files\intervideo\common\bin\ivinav.ax"
+ "InterVideo PSIP/SI Filter" "InterVideo PSIP/SI Sections/Tables Filter" "InterVideo, Inc." "c:\program files\intervideo\common\bin\psidecod.ax"
+ "InterVideo Subtitle" "Minimal Null Filter (Sample)" "MyCompanyName" "c:\program files\intervideo\common\bin\ivisubtitle.ax"
+ "Intervideo TsSplitter Filter" "Intervideo TsSplitter Filter" "InterVideo Inc." "c:\program files\intervideo\common\bin\tssplitter.ax"
+ "InterVideo Video Decoder" "IVIVIDEO LOGID.51667" " InterVideo Inc." "c:\program files\intervideo\common\bin\ivivideo.ax"
+ "IVI QT source" "iviQTsource" "InterVideo" "c:\program files\intervideo\common\bin\iviqtsource.ax"
+ "MatlabDataSinkFilter" "" "" "c:\matlab7\toolbox\matlab\audiovideo\private\matlabdatasink.dll"
+ "MatlabDataSourceFilter" "" "" "c:\matlab7\toolbox\matlab\audiovideo\private\matlabdatasource.dll"
+ "MPEG2 TS Source" "" "" "c:\program files\intervideo\common\bin\mpgtsrdr.ax"
+ "Multiple File Output" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "OMG TRANSFORM" "OmgTransform Filter " "Sony Corporation" "c:\program files\common files\sony shared\openmg\omgtrans.ax"
+ "OmgDsee Filter" "" "" "c:\program files\common files\sony shared\openmg\omgdseefilter.ax"
+ "OmgGenericSrcFilter" "OmgGenericSrcFilter" "Sony Corporation" "c:\program files\common files\sony shared\openmg\omggenericsrcfilter.ax"
+ "OmgMP4Decoder2" "OmgMP4Decoder2" "Sony Corporation" "c:\program files\common files\sony shared\openmg\omgmp4decoder2.ax"
+ "OmgPushSrc" "OmgPushSrc" "Sony Corporation" "c:\program files\common files\sony shared\openmg\omgpushsrc.ax"
+ "OpenMG Async. File Source" "OpenMG Async. File Source" "Sony Corporation" "c:\program files\common files\sony shared\avlib\omgafs.ax"
+ "OpenMG Audio Decrypt" "OpenMG Decrypt Filter" "Sony Corporation" "c:\program files\common files\sony shared\openmg\omgdec.ax"
+ "OpenMG OmgSource Filter" "OpenMG OmgSource Filter" "Sony Corporation" "c:\program files\common files\sony shared\openmg\omgsrc.ax"
+ "Orb RTSP Source Filter" " OrbRTSPSource Filter Dynamic Link Library" "" "c:\program files\winamp remote\bin\orbrtspsource.ax"
+ "OrbNSVSourceFilter" "OrbNSVSource Filter" "Orb Networks, Inc." "c:\program files\winamp remote\bin\orbnsvsourcefilter.ax"
+ "OrbSourceFilter" "OrbSourceFilter" "" "c:\program files\winamp remote\bin\orbsourcefilter.ax"
+ "OrbUrlSource" "OrbUrlSource.ax" "Orb Networks, Inc." "c:\program files\winamp remote\bin\orburlsource.ax"
+ "Proxy Sink" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Proxy Source" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "RealAudio Decoder" "RealMedia Splitter" "Gabest" "c:\program files\winamp remote\bin\realmediasplitter.ax"
+ "RealMedia Source" "RealMedia Splitter" "Gabest" "c:\program files\winamp remote\bin\realmediasplitter.ax"
+ "RealMedia Splitter" "RealMedia Splitter" "Gabest" "c:\program files\winamp remote\bin\realmediasplitter.ax"
+ "RealVideo Decoder" "RealMedia Splitter" "Gabest" "c:\program files\winamp remote\bin\realmediasplitter.ax"
+ "Record Queue" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Roxio Audio Decoder (DVD)" "ROXIO Audio Decoder" "Sonic Solutions" "c:\program files\common files\roxio shared\9.0\mpeg\roxiodvdaudio.dll"
+ "ROXIO LPCMSyncFilter" "LPCMSync Filter" "Sonic Solutions" "c:\program files\common files\roxio shared\9.0\mpeg\lpcmsyncfilter.dll"
+ "Roxio MPEG Analyzer Filter" "MPEG File Analyzer Dynamic Link Library" "Sonic Solutions" "c:\program files\common files\roxio shared\9.0\mpeg\roxiompegprop.dll"
+ "Roxio MPEG Stream Analyzer" "Roxio MPEG Stream Splitter" "Sonic Solutions" "c:\program files\common files\roxio shared\9.0\mpeg\mpegstreamanalyzer.dll"
+ "Roxio MPEG1 Audio Encoder" "ROXIO MPEG Audio Encoder" "Sonic Solutions" "c:\program files\common files\roxio shared\9.0\mpeg\roxioaudioenc.dll"
+ "Roxio MPEG1 Encoder" "ROXIO MPEG1 Codec" "Sonic Solutions" "c:\program files\common files\roxio shared\9.0\mpeg\mpeg1vidcodec.dll"
+ "Roxio MPEG1 Muxer" "ROXIO MPEG MUXER" "Sonic Solutions" "c:\program files\common files\roxio shared\9.0\mpeg\mpeg1muxer.dll"
+ "Roxio MPEG2 Demuxer" "ROXIO MPEG Demuxer" "Sonic Solutions" "c:\program files\common files\roxio shared\9.0\mpeg\roxiompegdemuxer.dll"
+ "Roxio MPEG2 Encoder" "ROXIO MPEG2 Codec" "Sonic Solutions" "c:\program files\common files\roxio shared\9.0\mpeg\mpeg2vidcodec.dll"
+ "Roxio MPEG2 Muxer" "ROXIO MPEG MUXER" "Sonic Solutions" "c:\program files\common files\roxio shared\9.0\mpeg\mpeg2muxer.dll"
+ "Roxio MPEG2 Video Decoder" "ROXIO MPEG2 Codec" "Sonic Solutions" "c:\program files\common files\roxio shared\9.0\mpeg\mpeg2vidcodec.dll"
+ "ROXIO Raw Writer" "ROXIO Raw Writer" "Sonic Solutions" "c:\program files\common files\roxio shared\9.0\mpeg\mgirawwriter.dll"
+ "Roxio Repack Filter" "Repack Filter" "Sonic Solutions" "c:\program files\common files\roxio shared\9.0\mpeg\repackfilter.dll"
+ "Roxio Smart Decoder" "ROXIO MPEG2 Codec" "Sonic Solutions" "c:\program files\common files\roxio shared\9.0\mpeg\mpeg2vidcodec.dll"
+ "Roxio Smart Encoder" "ROXIO MPEG2 Codec" "Sonic Solutions" "c:\program files\common files\roxio shared\9.0\mpeg\mpeg2vidcodec.dll"
+ "Roxio Transport Stream Source" "ListFrameSource" "Sonic Solutions" "c:\program files\common files\roxio shared\9.0\mpeg\tsmpegsource.dll"
+ "SAL Input Converter" "SAL Input Converter Source Filter" "Sony Corporation" "c:\program files\common files\sony shared\openmg\saliconv.ax"
+ "SAL Output Converter" "SAL Output Converter RendererFilter" "Sony Corporation" "c:\program files\common files\sony shared\openmg\saloconv.ax"
+ "Seamless Play" "Seamless-Play Filter (Sample)" "Sony Corporation" "c:\program files\common files\sony shared\openmg\seamlessfilter.ax"
+ "ShotDetect" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Sonic MP4 Demultiplexer" "Sonic MP4 Demultiplexer" "Sonic Solutions Inc." "c:\program files\common files\sonic shared\sonicmc01\sonicmp4demux.ax"
+ "Sonic MPEG Audio Decoder" "MPEG Video and Audio Decoder" "Sonic Solutions Inc." "c:\program files\common files\sonic shared\sonicmc01\sonicdsmpeg.ax"
+ "Sonic MPEG Video Decoder" "MPEG Video and Audio Decoder" "Sonic Solutions Inc." "c:\program files\common files\sonic shared\sonicmc01\sonicdsmpeg.ax"
+ "Sonic MPEG-2 Video Decoder" "MPEG-2 Video Decoder" "Sonic Solutions Inc" "c:\program files\common files\sonic shared\sonicmc01\sonicm2vd.ax"
+ "SONY AC3 Decoder" "Sony AC3 Decoder Filter" "Sony Corporation" "c:\program files\common files\sony shared\ac3dec\sac3dec.ax"
+ "Sony Audio CD Source Filter" "OpenMG CdSource Filter" "Sony Corporation" "c:\program files\common files\sony shared\avlib\cdsrc.ax"
+ "Sony AVC Decoder" "Sony AVC Decoder Filter" "Sony Corporation" "c:\program files\common files\sony shared\videolib\sjvtdl.ax"
+ "Sony DSD VideoOut" "" "" "c:\program files\common files\sony shared\avlib\dsd playback\dsdvideooutfilter.ax"
+ "SONY DV Video Decoder" "Sony DV Video Decoder" "Sony Corporation" "c:\program files\common files\sony shared\videolib\sdvvd.ax"
+ "Sony LPCM Decoder" "Sony LPCM Decode Filter" "Sony Corporation" "c:\program files\common files\sony shared\videolib\slpcmd.ax"
+ "Sony MP4 File Source" "Sony MP4 File Source Filter" "Sony Corporation" "c:\program files\common files\sony shared\videolib\mp4filesource.ax"
+ "Sony MPEG Audio Decoder" "Sony MPEG Audio Decoder" "Sony Corporation" "c:\program files\common files\sony shared\videolib\smad.ax"
+ "SONY MPEG Video Decoder" "Sony MPEG4 Video Decoder" "Sony Corporation" "c:\program files\common files\sony shared\videolib\sm4spvd.ax"
+ "SONY MPEG Video Decoder" "Sony MPEG Video Decoder" "Sony Corporation" "c:\program files\common files\sony shared\videolib\smvd.ax"
+ "Sony MPEG-TS Parser" "Sony MPEG Parser Filter" "Sony Corporation" "c:\program files\common files\sony shared\videolib\smparse.ax"
+ "Sony SCL Flip" "Flip Filter" "Sony Corporation" "c:\program files\sony\vaio camera capture utility\leftright.ax"
+ "Sony SCL MpegFilter" "Sony MPEG Encode Filter " "Sony Corporation" "c:\program files\sony\vaio camera capture utility\smpegenc.ax"
+ "SonyMemSource2 (Async.)" "Memory source Filter" "Sony Corporation" "c:\program files\sony\click to dvd 2\memsource2.ax"
+ "SonyMSAConv" "OpenMG Converter Filter" "Sony Corporation" "c:\program files\common files\sony shared\avlib\sonycdsrcwriter.ax"
+ "SonyMSAConv" "OpenMG Converter Filter" "Sony Corporation" "c:\program files\common files\sony shared\avlib\sonymsaconverter3.ax"
+ "StdOut" "File Dump Filter" "Sony Corporation" "c:\program files\common files\sony shared\avlib\stdout.ax"
+ "Stetch" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "SubPicture Encoder" "ROXIO SubPicture Encoder" "Sonic Solutions" "c:\program files\common files\roxio shared\9.0\mpeg\subpictenc.dll"
+ "Ulead Http Stream Push Source Filter" "Ulead HTTP Push Source Filter" "Ulead Systems, Inc." "c:\program files\intervideo\common\bin\ulhttppushsource.ax"
+ "Ulead Http Stream Source (Async.)" "Async Http Stream source filter" "InterVideo Inc." "c:\program files\intervideo\common\bin\asynchttpstream.ax"
+ "Ulead WMV/WMA Source Filter" "UleadWMSrcFilter" "Ulead Systems,Inc." "c:\program files\intervideo\common\bin\uleadwmsrcfilter.ax"
+ "VAIO Content Metadata IAlz Univ Filter" "DirectShow Filter for VCM Intelligent Analyzing Manager" "Sony Corporation" "c:\program files\sony\vcm intelligent analyzing manager\vcmsmplcapflt.ax"
+ "VaioAacDecFilter" "Sony MPEG4 AAC Decoder" "Sony Corporation" "c:\program files\common files\sony shared\videolib\saaclcd.ax"
+ "WM VIH2 Fix" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Audio Analyzer" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Black Frame Generator" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT DV Extract Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT FormatConversion" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Import Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Interlacer" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Log Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT MuxDeMux Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Sample Info Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Switch Filter" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Renderer" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Virtual Source" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "WMT Volume" "Windows Movie Maker Filters" "Microsoft Corporation" "c:\program files\movie maker\wmm2filt.dll"
+ "Xvid MPEG-4 Video Decoder" "" "" "c:\windows\system32\xvid.ax"
+ "{1AD512C6-24AF-4395-82B4-2D3CF21F44A2}" "Roxio MP3 Encoder Dynamic Link Library" "Roxio" "c:\program files\common files\roxio shared\sharedcom\rxdsaudiostreamwriter.ax"
+ "{472C92F0-5438-423D-9B30-FD2932EA44EE}" "Roxio Audio Source Filter" "Microsoft Corporation" "c:\program files\common files\roxio shared\sharedcom\rxdsaudiosource.ax"
+ "{58FF69ED-8388-483B-B9AC-3EB04BBEB913}" "Roxio Audio Stream Reader Filter" "Microsoft Corporation" "c:\program files\common files\roxio shared\sharedcom\rxdsaudiostreamreader.ax"
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify" "" "" ""
+ "!SASWinLogon" "SUPERAntiSpyware WinLogon Processor" "SUPERAntiSpyware.com" "c:\program files\superantispyware\saswinlo.dll"
+ "igfxcui" "igfxdev Module" "Intel Corporation" "c:\windows\system32\igfxdev.dll"
+ "VESWinlogon" "VAIO Event Service (Winlogon Notification Module)" "Sony Corporation" "c:\windows\system32\veswinlogon.dll"
"HKCU\Control Panel\Desktop\Scrnsave.exe" "" "" ""
+ "none" "" "" "File not found: none"
"HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors" "" "" ""
+ "Adobe PDF Port" "Acrobat ® PDF Port" "Adobe Systems Incorporated." "c:\windows\system32\adobepdf.dll"
"HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order" "" "" ""
+ "SnacNp" "Symantec SNAC Network Provider" "Symantec Corporation" "c:\program files\symantec\symantec endpoint protection\snacnp.dll"
"C:\Users\NA\AppData\Local\Microsoft\Windows Sidebar\Settings.ini" "" "" ""
+ "Clock" "Watch the clock in your own time zone or any city in the world." "Microsoft Corporation" "C:\Program Files\windows sidebar\gadgets\Clock.gadget\en-US\Gadget.xml"

#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:08 AM

Posted 16 September 2012 - 09:59 AM

That looks good

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot.If TFC locks up the system,run it in safemode

Turn off your system restore,restart the PC,create a new restore point

http://windows.microsoft.com/en-US/windows-vista/Turn-System-Restore-on-or-off

Update your JAVA from here

http://java.com/en/download/inc/windows_upgrade_xpi.jsp

Update your flash player

Update your antivirus frequently,do not click on suspicious links

Safe surfing :)

#12 HiRez

HiRez
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:08 AM

Posted 16 September 2012 - 12:44 PM

Hi

I have run TFC

I have turned off System Restore and then turned it back on and created a restore point. I have updated java. I have updated flash.

So far so good.

However, rkill still states these two items:

-------------
Checking Windows Service Integrity:

* iphlpsvc [Missing Service]

* pcmcia => system32\DRIVERS\pcmcia.sys [Incorrect ImagePath]
------------

Any ideas?

Edited by HiRez, 16 September 2012 - 12:45 PM.


#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:08 AM

Posted 16 September 2012 - 12:51 PM

Both can be ignored

#14 HiRez

HiRez
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:08 AM

Posted 16 September 2012 - 01:18 PM

Would there be a practical situation where they are necessary to be fixed?

#15 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:08 AM

Posted 16 September 2012 - 01:19 PM

If it was necessary i should have fixed it right?

Edited by narenxp, 16 September 2012 - 01:19 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users