Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Internet seems to be hijacked on my computer

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Internet seems to be hijacked on my computer

Unread postby juliend » August 20th, 2011, 11:30 pm

Hi and thank you for taking time reading through my post, and maybe help me to check my computer.

Description of the problem

I had a virus quite some time ago, and asked for help here
viewtopic.php?f=12&t=50343&start=0

Since then I have the feeling there is a virus appeared again during a long time and had various issues with my computer, like getting locked out of folders.
I also had the feeling that many duplicate processes were opened every time I connected to the Internet using Internet Explorer.
And sometimes my internet access went down I could not understand why.

At times, I have tried removing my Antivirus, and use Windows Defender. Then I stopped using Windows Defender by using a new Antivirus (Avira- Antivir Personal).
After fresh reinstall, Avira could finally find one “virus” and blocked it. But otherwise, despite updating and running many scans, the antivirus never found anything strange.

Right now, I have a new problem that I noticed: I have the feeling that my internet access is being hijacked.
1- If I have my internet access ready at start-up, it is automatically hijacked and I cannot connect to the internet normally
2- If I keep internet access out at the start and only plug in afterwards, it seems to work. But since yesterday, I notice that it is automatically being hijacked when I start, even after waiting…
I noticed because there is a moment when the screen flashes and a new box appears on the bottom of the screen telling something like “connecting to…”.
When it does it at the start, sometimes I can see a box or text at the start screen of windows before even starting showing the Desktop.

I tried to identify the processor service, but I could not. So I hope you could help me doing something about it.
(sorry for the long description)

DDS logs

DDS.txt

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Home at 12:13:01 on 2011-08-21
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2938.1891 [GMT 9:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Google\Google Japanese Input\GoogleIMEJaCacheService.exe
C:\Program Files\Sony\Network Utility\NSUService.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Sony\VAIO Update 5\VUAgent.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\iashost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conime.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://google.com/
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain ... &bmod=EU01
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://www.google.com/
mDefault_Page_URL = hxxp://www.google.com/
mDefault_Search_URL = hxxp://www.google.com/
mSearch Page = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [Mobile Partner] c:\program files\emobile hw utility\EMOBILE HW Utility.exe
uRun: [PTT] "c:\program files\true time tracker\ttt.exe" silent
uRun: [Speech Recognition] "c:\windows\speech\common\sapisvr.exe" -SpeechUX -Startup
uRun: [Google Update] "c:\users\home\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Skytel] c:\program files\realtek\audio\hda\Skytel.exe
mRun: [SunJavaUpdateSched] c:\program files\common files\java\java update\jusched.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [ISBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [PEBCOM] c:\program files\citizen-systems\pebnote\bin\PEBCOM.exe regrun
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Evernote - c:\program files\evernote\evernote3\enbar.dll/2000
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {E0B8C461-F8FB-49b4-8373-FE32E9252800} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEE1} - c:\program files\evernote\evernote3\enbar.dll
Trusted Zone: localhost
Trusted Zone: thebigword.com\citrix2
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: Interfaces\{09AA9AED-69D7-46EC-AA89-71E89F39815C} : DhcpNameServer = 10.56.4.52
TCP: Interfaces\{2B3B23BB-5811-4B25-98EB-F915AF22A3AC} : DhcpNameServer = 10.56.4.52
TCP: Interfaces\{4413101C-9BCC-42C3-9561-FD43F244B389} : DhcpNameServer = 213.86.178.227 143.90.130.165 143.90.130.39
TCP: Interfaces\{B0EC2943-02B4-47B8-94C3-195228B12CFB} : DhcpNameServer = 10.56.4.52
TCP: Interfaces\{B782F2DC-03A4-43F3-A193-911035262425} : DhcpNameServer = 172.16.1.254
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
Notify: VESWinlogon - VESWinlogon.dll
.
============= SERVICES / DRIVERS ===============
.
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-5-2 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-5-2 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-5-2 66616]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 GoogleIMEJaCacheService;Google Japanese Input Cache Service;c:\program files\google\google japanese input\GoogleIMEJaCacheService.exe [2011-7-13 664192]
R2 NSUService;NSUService;c:\program files\sony\network utility\NSUService.exe [2009-3-31 303104]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-18 11032]
R2 uCamMonitor;CamMonitor;c:\program files\arcsoft\magic-i visual effects 2\uCamMonitor.exe [2009-3-31 104960]
R2 VAIO Power Management;VAIO Power Management;c:\program files\sony\vaio power management\SPMService.exe [2009-3-5 415592]
R2 VCFw;VAIO Content Folder Watcher;c:\program files\common files\sony shared\vaio content folder watcher\VCFw.exe [2009-3-6 5189992]
R2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe [2009-3-31 394536]
R2 VUAgent;VUAgent;c:\program files\sony\vaio update 5\VUAgent.exe [2009-12-27 722288]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\drivers\ArcSoftKsUFilter.sys [2009-3-31 17920]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2011-4-2 72832]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2009-3-5 9344]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-9-20 133104]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2011-4-2 102784]
S3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\drivers\ew_usbenumfilter.sys [2011-4-2 11136]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [2011-4-2 116736]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-12-19 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-3-31 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-9-20 133104]
S3 SOHCImp;VAIO Media plus Content Importer;c:\program files\common files\sony shared\sohlib\SOHCImp.exe [2009-3-31 120104]
S3 SOHDBSvr;VAIO Media plus Database Manager;c:\program files\common files\sony shared\sohlib\SOHDBSvr.exe [2009-3-31 70952]
S3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\common files\sony shared\sohlib\SOHDms.exe [2009-3-31 390440]
S3 SOHDs;VAIO Media plus Device Searcher;c:\program files\common files\sony shared\sohlib\SOHDs.exe [2009-3-31 75048]
S3 SOHPlMgr;VAIO Media plus Playlist Manager;c:\program files\common files\sony shared\sohlib\SOHPlMgr.exe [2009-3-31 91432]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper.exe [2009-3-31 83240]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2011-08-20 03:57:42 -------- d-----w- c:\program files\EMDB
2011-08-20 03:57:13 -------- d-----w- c:\users\home\emdb
2011-08-16 20:58:01 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-08-16 20:56:35 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-16 20:55:02 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-08-16 20:53:47 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-08-16 20:53:47 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-16 20:53:35 905104 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-08-01 01:31:15 -------- d-----w- c:\users\home\M
2011-07-31 13:41:19 -------- d-----w- c:\users\home\appdata\local\{38048B5C-CD6C-4C28-847A-B4E99A6DEB53}
2011-07-26 23:03:16 0 ---ha-w- c:\users\home\appdata\local\BITC61B.tmp
2011-07-24 10:47:58 -------- d-----w- c:\users\home\appdata\local\{F909F99F-6216-49BE-BC0E-DBDF70CE191B}
2011-07-23 02:49:03 -------- d-----w- c:\users\home\appdata\local\{3717936B-2DBF-41E7-9648-6BC0075846CB}
.
==================== Find3M ====================
.
2011-08-20 03:38:43 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-22 02:54:43 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-07-22 02:48:26 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-07-22 02:44:36 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-13 11:05:40 1381504 ----a-w- c:\windows\system32\GIMEJa.ime
2011-07-09 08:43:16 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-06-02 13:34:49 2043392 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 12:14:09.63 ===============

Attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 06/09/2009 04:02:48
System Uptime: 21/08/2011 12:08:41 (0 hours ago)
.
Motherboard: Sony Corporation | | VAIO
Processor: Pentium(R) Dual-Core CPU T4200 @ 2.00GHz | N/A | 1200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 223 GiB total, 111.383 GiB free.
D: is Removable
E: is Removable
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
.
Update for Microsoft Office 2007 (KB2508958)
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.4
Amazon Kindle For PC v1.1
ArcSoft Magic-i Visual Effects 2
ArcSoft WebCam Companion 2
Audacity 1.3.13 (Unicode)
AutoUpdate
Avira AntiVir Personal - Free Antivirus
Citrix XenApp Web Plugin
Click to Disc
Click to Disc Editor
D3DX10
DivX Codec
DivX Converter
DivX Player
DivX Version Checker
EMDB 1.33
EMOBILE HW Utility
Evernote
FLV Player 2.0 (build 25)
Google ?????
Google Chrome
Google Desktop
Google Earth Plug-in
Google Update Helper
HDAUDIO SoftV92 Data Fax Modem with SmartCP
Home'Bank Light 3.3.3
Home'Bank Off-line services 5.11
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) Graphics Media Accelerator Driver
Japanese Fonts Support For Adobe Reader 9
Java Auto Updater
Junk Mail filter update
Kanji Gold 2.10
LAME v3.98.3 for Audacity
Me&My VAIO
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
MSVCRT
OGA Notifier 2.0.0048.0
Paint.NET v3.5.5
pebNote
Primo
Realtek High Definition Audio Driver
Roxio Central Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio Easy Media Creator 10 LJ
Roxio Easy Media Creator Home
Runtime
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft Office 2007 System (KB2541012)
Security Update for Microsoft Office Excel 2007 (KB2541007)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Segoe UI
Setting Utility Series
Skype™ 5.3
Software Info for Me&My VAIO
Sony Home Network Library
Sony Picture Utility
Sony Video Shared Library
Synaptics Pointing Device Driver
Totally Spies! Totally Party
True Time Tracker
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VAIO Content Folder Setting
VAIO Content Folder Watcher
VAIO Content Metadata Intelligent Analyzing Manager
VAIO Content Metadata Manager Setting
VAIO Content Metadata XML Interface Library
VAIO Control Center
VAIO Data Restore Tool
VAIO DVD Menu Data Basic
VAIO Entertainment Platform
VAIO Event Service
VAIO Launcher
VAIO Media plus
VAIO Media plus Opening Movie
VAIO Movie Story
VAIO Movie Story 1.5 Upgrade
VAIO Movie Story Template Data
VAIO MusicBox
VAIO MusicBox Sample Music
VAIO Original Function Settings
VAIO Power Management
VAIO Presentation Support
VAIO Smart Network
VAIO Update
VAIO Wallpaper Contents
VC80CRTRedist - 8.0.50727.4053
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinDVD for VAIO
.
==== Event Viewer Messages From Past Week ========
.
21/08/2011 12:09:38, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgfwfd
21/08/2011 12:09:19, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
21/08/2011 08:42:36, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Secure Socket Tunneling Protocol Service service, but this action failed with the following error: An instance of the service is already running.
21/08/2011 08:42:36, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Network Store Interface Service service, but this action failed with the following error: An instance of the service is already running.
21/08/2011 08:42:26, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Telephony service, but this action failed with the following error: An instance of the service is already running.
21/08/2011 08:42:23, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Base Filtering Engine service, but this action failed with the following error: An instance of the service is already running.
21/08/2011 08:42:23, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error 2150760449 (0x80320001).
21/08/2011 08:42:18, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
21/08/2011 08:42:18, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Remote Access Connection Manager service, but this action failed with the following error: An instance of the service is already running.
21/08/2011 08:40:10, Error: Service Control Manager [7034] - The Diagnostic System Host service terminated unexpectedly. It has done this 2 time(s).
21/08/2011 08:40:10, Error: Service Control Manager [7031] - The WLAN AutoConfig service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
21/08/2011 08:40:10, Error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
21/08/2011 08:40:10, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
21/08/2011 08:40:10, Error: Service Control Manager [7031] - The Tablet PC Input Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
21/08/2011 08:40:10, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
21/08/2011 08:40:10, Error: Service Control Manager [7031] - The ReadyBoost service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
21/08/2011 08:40:10, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
21/08/2011 08:40:10, Error: Service Control Manager [7031] - The Portable Device Enumerator Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
21/08/2011 08:40:10, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
21/08/2011 08:40:10, Error: Service Control Manager [7031] - The Human Interface Device Access service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
21/08/2011 08:40:10, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
21/08/2011 08:40:08, Error: Service Control Manager [7034] - The VAIO Entertainment UPnP Client Adapter service terminated unexpectedly. It has done this 1 time(s).
21/08/2011 08:40:00, Error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
21/08/2011 08:39:36, Error: Service Control Manager [7034] - The VAIO Entertainment TV Device Arbitration Service service terminated unexpectedly. It has done this 1 time(s).
21/08/2011 08:39:07, Error: Service Control Manager [7034] - The VAIO Content Metadata Intelligent Analyzing Manager service terminated unexpectedly. It has done this 1 time(s).
21/08/2011 08:39:00, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
21/08/2011 08:38:55, Error: Service Control Manager [7034] - The VAIO Event Service service terminated unexpectedly. It has done this 1 time(s).
21/08/2011 08:37:21, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Program Compatibility Assistant Service service, but this action failed with the following error: An instance of the service is already running.
21/08/2011 08:37:07, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 10.208.2.207 for the Network Card with network address 001E101FAA49 has been denied by the DHCP server 10.209.3.254 (The DHCP Server sent a DHCPNACK message).
21/08/2011 08:36:21, Error: Service Control Manager [7034] - The Diagnostic System Host service terminated unexpectedly. It has done this 1 time(s).
21/08/2011 08:36:21, Error: Service Control Manager [7031] - The WLAN AutoConfig service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
21/08/2011 08:36:21, Error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
21/08/2011 08:36:21, Error: Service Control Manager [7031] - The Tablet PC Input Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
21/08/2011 08:36:21, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
21/08/2011 08:36:21, Error: Service Control Manager [7031] - The ReadyBoost service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
21/08/2011 08:36:21, Error: Service Control Manager [7031] - The Program Compatibility Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
21/08/2011 08:36:21, Error: Service Control Manager [7031] - The Portable Device Enumerator Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
21/08/2011 08:36:21, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
21/08/2011 08:36:21, Error: Service Control Manager [7031] - The Human Interface Device Access service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
21/08/2011 08:36:21, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
21/08/2011 08:33:35, Error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
21/08/2011 08:32:57, Error: Service Control Manager [7034] - The VAIO Power Management service terminated unexpectedly. It has done this 1 time(s).
21/08/2011 08:32:28, Error: Service Control Manager [7034] - The Google Japanese Input Cache Service service terminated unexpectedly. It has done this 1 time(s).
21/08/2011 07:46:34, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
21/08/2011 07:46:16, Error: Service Control Manager [7031] - The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
20/08/2011 18:40:04, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 10.209.4.226 for the Network Card with network address 001E101F8ED0 has been denied by the DHCP server 10.208.2.145 (The DHCP Server sent a DHCPNACK message).
20/08/2011 12:38:19, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 10.208.2.57 for the Network Card with network address 001E101F8ED0 has been denied by the DHCP server 10.209.4.225 (The DHCP Server sent a DHCPNACK message).
20/08/2011 11:46:48, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {A47979D2-C419-11D9-A5B4-001185AD2B89} to the user SonyNS30E\Home SID (S-1-5-21-3181071557-3652069577-897653104-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
18/08/2011 23:36:04, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 4 on Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008 x86 (KB2539636).
18/08/2011 23:21:34, Error: Service Control Manager [7034] - The Volume Shadow Copy service terminated unexpectedly. It has done this 1 time(s).
18/08/2011 23:20:58, Error: Service Control Manager [7031] - The Windows Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
.
==== End Of File ===========================
juliend
Regular Member
 
Posts: 17
Joined: March 27th, 2010, 10:01 am
Advertisement
Register to Remove

Re: Internet seems to be hijacked on my computer

Unread postby askey127 » August 25th, 2011, 6:07 pm

Hi juliend,
We need to update your Adobe Reader. Will download new version later.
------------------------------------------------
Remove Programs Using Control Panel
From Start, Control Panel, click on Uninstall a program under the Programs heading.
Right click each Entry, as follows, one by one, if it exists, choose Uninstall/Change, and give permission to Continue:

Adobe Reader 9.4.4
Google Update Helper
Me&My VAIO

Take extra care in answering questions posed by any Uninstaller.
---------------------------------------------
Download the OTL Scanner
Please download OTL.exe by OldTimer and save it to your desktop.
---------------------------------------------
Run a Scan with OTL
  • Double click on the icon to run it. For Vista or Win7, right click the icon and choose "Run as administrator".
  • Check the boxes labeled :
    • Scan All Users
    • LOP check
    • Purity check
    • Extra Registry > Use SafeList
  • Make sure all other windows are closed to let it run uninterrupted.
  • Click on the Run Scan button at the top left hand corner. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. (desktop)
The Extras.txt file will only appear the very first time you run OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them as a reply. Use separate replies if more convenient.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Internet seems to be hijacked on my computer

Unread postby juliend » August 26th, 2011, 7:38 pm

Thank you for you help askey127,

I could successfully uninstall :
Adobe Reader 9.4.4
Me&My VAIO

I cannot find:
Google Update Helper

Under the Programs and Features, I can only find
Google Chrome
Google Desktop
Google Earth Plug-in
Google Japanese input

It is not under Start>Programs either.

Should I go on with the OTL scanner or should I look somewhere else to find and uninstall Google Update Helper before?
juliend
Regular Member
 
Posts: 17
Joined: March 27th, 2010, 10:01 am

Re: Internet seems to be hijacked on my computer

Unread postby askey127 » August 26th, 2011, 8:19 pm

juliend,
That's fine. We will deal with those later.
Please go ahead with the OTL scan.
Thanks
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Internet seems to be hijacked on my computer

Unread postby juliend » August 26th, 2011, 10:05 pm

I went with the OTL scan as requested.
I had to turn off Avira AntiVir gard because it detected 2 viruses in the OTL programme and prevented me from running it.

OTL. txt log

OTL logfile created on: 27/08/2011 10:55:52 - Run 2
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Users\Home\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.87 Gb Total Physical Memory | 1.86 Gb Available Physical Memory | 64.77% Memory free
5.97 Gb Paging File | 4.74 Gb Available in Paging File | 79.51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.11 Gb Total Space | 110.60 Gb Free Space | 49.57% Space Free | Partition Type: NTFS
Drive H: | 34.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: SONYNS30E | User Name: Home | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/27 10:55:11 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Home\Desktop\OTL.exe
PRC - [2011/07/13 20:03:38 | 000,664,192 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Japanese Input\GoogleIMEJaCacheService.exe
PRC - [2011/07/09 17:43:15 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/04/02 14:30:37 | 000,417,792 | ---- | M] () -- C:\Program Files\EMOBILE HW Utility\EMOBILE HW Utility.exe
PRC - [2011/03/28 16:15:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/03/28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/28 16:15:29 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/09/01 18:04:12 | 005,517,312 | ---- | M] (ExtraSpy Software) -- C:\Program Files\True Time Tracker\TTT.exe
PRC - [2010/04/09 13:37:34 | 001,459,568 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
PRC - [2010/04/09 13:37:34 | 000,722,288 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update 5\VUAgent.exe
PRC - [2009/04/11 15:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 15:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009/03/06 03:47:40 | 000,313,264 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2009/03/06 03:47:40 | 000,192,512 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2009/03/06 03:47:40 | 000,069,632 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
PRC - [2009/03/06 03:41:58 | 005,189,992 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
PRC - [2009/01/20 08:43:04 | 000,394,536 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
PRC - [2009/01/20 04:49:20 | 000,203,624 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2009/01/20 04:49:20 | 000,112,488 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2008/12/22 13:55:06 | 000,303,104 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Network Utility\NSUService.exe
PRC - [2008/12/20 07:02:08 | 001,771,368 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
PRC - [2008/12/20 07:02:08 | 000,415,592 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe
PRC - [2008/12/19 02:53:50 | 000,317,288 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\ISB Utility\ISBMgr.exe
PRC - [2008/09/19 02:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
PRC - [2008/01/21 11:24:05 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iashost.exe


========== Modules (No Company Name) ==========

MOD - [2011/08/20 13:56:40 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\2ba816b41a3f13685fd28d2ad50970ec\System.IdentityModel.Selectors.ni.dll
MOD - [2011/08/20 13:56:38 | 001,070,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\21c45e88bbc379aaed3baadd0bd14a8b\System.IdentityModel.ni.dll
MOD - [2011/08/20 13:56:37 | 002,346,496 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\9ea6cff5cccb649eb8ad7cc6e3f03c88\System.Runtime.Serialization.ni.dll
MOD - [2011/08/20 13:56:33 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\ca54e016986a14796591228eaa80cce1\SMDiagnostics.ni.dll
MOD - [2011/08/20 13:56:32 | 017,404,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\beab37721e12fef7fc1e8f2ff130fa31\System.ServiceModel.ni.dll
MOD - [2011/08/20 13:55:00 | 011,804,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5aa9131000876de66160ff713b543d99\System.Web.ni.dll
MOD - [2011/08/20 13:54:09 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29c6ef7f07d89496c72a1bbf718aed5d\System.Configuration.ni.dll
MOD - [2011/08/20 09:00:17 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\4c3cda96b8f12220da20f2f8d1b9439c\System.Xml.ni.dll
MOD - [2011/08/20 08:59:45 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c50d9d540acecdef29c31201e203a331\System.Windows.Forms.ni.dll
MOD - [2011/08/20 08:59:33 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\d8d83838f9840bde901df516ba3de588\System.Drawing.ni.dll
MOD - [2011/08/20 08:58:05 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b9ea0d414c4861120bfb7365d8ec0939\System.ni.dll
MOD - [2011/08/19 03:07:13 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f6deb187f24bb3185841092b89fbfdbb\mscorlib.ni.dll
MOD - [2011/04/02 14:30:37 | 000,417,792 | ---- | M] () -- C:\Program Files\EMOBILE HW Utility\EMOBILE HW Utility.exe
MOD - [2010/09/29 16:28:20 | 001,003,520 | ---- | M] () -- C:\Program Files\EMOBILE HW Utility\NDISAPI.dll
MOD - [2010/08/04 11:02:00 | 000,147,456 | ---- | M] () -- C:\Program Files\EMOBILE HW Utility\LocaleMgrPlugin.dll
MOD - [2010/08/04 11:01:32 | 000,032,768 | ---- | M] () -- C:\Program Files\EMOBILE HW Utility\NotifyServicePlugin.dll
MOD - [2010/08/04 11:01:22 | 000,061,440 | ---- | M] () -- C:\Program Files\EMOBILE HW Utility\ConfigFilePlugin.dll
MOD - [2010/08/04 11:00:52 | 000,122,880 | ---- | M] () -- C:\Program Files\EMOBILE HW Utility\DeviceMgrPlugin.dll
MOD - [2010/08/04 11:00:02 | 000,139,264 | ---- | M] () -- C:\Program Files\EMOBILE HW Utility\NetInfoPlugin.dll
MOD - [2010/08/04 10:59:50 | 000,090,112 | ---- | M] () -- C:\Program Files\EMOBILE HW Utility\DialUpPlugin.dll
MOD - [2010/08/04 10:59:28 | 000,200,704 | ---- | M] () -- C:\Program Files\EMOBILE HW Utility\DeviceMgrUIPlugin.dll
MOD - [2010/08/04 10:57:54 | 000,014,848 | ---- | M] () -- C:\Program Files\EMOBILE HW Utility\isaputrace.dll
MOD - [2010/07/09 15:52:08 | 000,061,440 | ---- | M] () -- C:\Program Files\EMOBILE HW Utility\DeviceOperate.dll
MOD - [2010/07/09 15:52:02 | 000,155,648 | ---- | M] () -- C:\Program Files\EMOBILE HW Utility\DetectDev.dll
MOD - [2010/07/09 15:51:50 | 000,561,152 | ---- | M] () -- C:\Program Files\EMOBILE HW Utility\atcomm.dll
MOD - [2010/07/09 15:51:06 | 000,061,440 | ---- | M] () -- C:\Program Files\EMOBILE HW Utility\XCodec.dll
MOD - [2010/04/09 13:37:32 | 000,065,536 | ---- | M] () -- C:\Program Files\Sony\VAIO Update 5\VUAgentPS.dll
MOD - [2010/04/02 18:03:56 | 000,321,536 | ---- | M] () -- C:\Program Files\True Time Tracker\sqlite36_engine.dll
MOD - [2009/03/05 06:35:58 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\SPMDam\3.1.0.6020__1b3c579b6925895f\SPMDam.dll
MOD - [2009/03/05 06:35:56 | 000,086,016 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\SPMCommon\3.1.0.6020__e3c7096ba83f9295\SPMCommon.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/07/13 20:03:38 | 000,664,192 | ---- | M] (Google Inc.) [Auto | Running] -- C:\Program Files\Google\Google Japanese Input\GoogleIMEJaCacheService.exe -- (GoogleIMEJaCacheService)
SRV - [2011/07/09 17:43:15 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/03/28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/04/22 02:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/04/22 02:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/04/09 13:37:34 | 000,722,288 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Update 5\VUAgent.exe -- (VUAgent)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/04/11 15:28:17 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2009/03/06 03:47:40 | 000,313,264 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2009/03/06 03:47:40 | 000,192,512 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2009/03/06 03:47:40 | 000,069,632 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2009/03/06 03:41:58 | 005,189,992 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2009/01/21 03:56:06 | 000,120,104 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2009/01/21 03:52:18 | 000,091,432 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe -- (SOHPlMgr)
SRV - [2009/01/21 03:51:48 | 000,075,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2009/01/21 03:51:18 | 000,390,440 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)
SRV - [2009/01/21 03:50:48 | 000,070,952 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe -- (SOHDBSvr)
SRV - [2009/01/20 08:43:04 | 000,394,536 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2009/01/20 04:49:20 | 000,203,624 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2009/01/17 13:59:08 | 000,083,240 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper)
SRV - [2008/12/22 13:55:06 | 000,303,104 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\Network Utility\NSUService.exe -- (NSUService)
SRV - [2008/12/20 07:02:08 | 000,415,592 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV - [2008/09/19 02:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2008/01/21 11:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/06/07 09:50:14 | 000,538,096 | ---- | M] ( ) [Disabled | Stopped] -- C:\Windows\System32\dlbtcoms.exe -- (dlbt_device)
SRV - [2007/01/05 11:48:50 | 000,112,152 | ---- | M] (InterVideo) [Disabled | Stopped] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV - [2011/07/09 17:43:16 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/07/09 17:43:16 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/08/27 13:53:46 | 000,116,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2010/08/07 17:48:42 | 000,106,880 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2010/07/27 15:25:48 | 000,072,832 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2010/07/27 09:52:02 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/03/20 12:06:58 | 000,011,136 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV - [2009/01/07 05:14:38 | 003,847,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/11/25 16:41:52 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
DRV - [2008/11/19 09:08:46 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
DRV - [2008/10/23 09:02:29 | 000,937,984 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/10/23 09:02:23 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\risdptsk.sys -- (risdptsk)
DRV - [2008/10/23 09:02:02 | 000,068,608 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008/06/07 09:02:55 | 000,131,000 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2008/04/25 06:06:40 | 000,017,920 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV - [2008/03/12 20:51:52 | 000,057,536 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2008/03/12 20:50:02 | 000,072,000 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2008/01/25 11:14:25 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/04/18 12:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3181071557-3652069577-897653104-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain ... &bmod=EU01
IE - HKU\S-1-5-21-3181071557-3652069577-897653104-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-3181071557-3652069577-897653104-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3181071557-3652069577-897653104-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKU\S-1-5-21-3181071557-3652069577-897653104-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
IE - HKU\S-1-5-21-3181071557-3652069577-897653104-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3181071557-3652069577-897653104-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Home\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Home\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Home\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)



O1 HOSTS File: ([2011/04/20 20:52:56 | 000,000,734 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKU\S-1-5-21-3181071557-3652069577-897653104-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [PEBCOM] C:\Program Files\CITIZEN-SYSTEMS\pebNote\bin\PEBCOM.exe (CITIZEN SYSTEMS JAPAN Co.,Ltd.)
O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] File not found
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3181071557-3652069577-897653104-1000..\Run: [Mobile Partner] C:\Program Files\EMOBILE HW Utility\EMOBILE HW Utility.exe ()
O4 - HKU\S-1-5-21-3181071557-3652069577-897653104-1000..\Run: [PTT] C:\Program Files\True Time Tracker\ttt.exe (ExtraSpy Software)
O4 - HKU\S-1-5-21-3181071557-3652069577-897653104-1000..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-3181071557-3652069577-897653104-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O8 - Extra context menu item: Add to Evernote - C:\Program Files\Evernote\Evernote3\enbar.dll (Evernote Corporation)
O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Program Files\Evernote\Evernote3\enbar.dll (Evernote Corporation)
O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Program Files\Evernote\Evernote3\enbar.dll (Evernote Corporation)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3181071557-3652069577-897653104-1000\..Trusted Domains: localhost ([]http in Trusted sites)
O15 - HKU\S-1-5-21-3181071557-3652069577-897653104-1000\..Trusted Domains: thebigword.com ([citrix2] https in Trusted sites)
O15 - HKU\S-1-5-21-3181071557-3652069577-897653104-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.56.4.52
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Users\Home\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Home\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 06:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/08/20 01:43:30 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.) - H:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2008/07/30 19:53:02 | 000,000,045 | R--- | M] () - H:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{14d4212b-5d22-11e0-a18b-dbc2a410f651}\Shell - "" = AutoRun
O33 - MountPoints2\{14d4212b-5d22-11e0-a18b-dbc2a410f651}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{1e773af7-75d2-11df-b6fa-001dbaf2c4f7}\Shell - "" = AutoRun
O33 - MountPoints2\{1e773af7-75d2-11df-b6fa-001dbaf2c4f7}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{1e773b03-75d2-11df-b6fa-001dbaf2c4f7}\Shell - "" = AutoRun
O33 - MountPoints2\{1e773b03-75d2-11df-b6fa-001dbaf2c4f7}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{32bd8a29-4f65-11e0-99aa-81095e46ae6f}\Shell - "" = AutoRun
O33 - MountPoints2\{32bd8a29-4f65-11e0-99aa-81095e46ae6f}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{348cebbf-4f6b-11e0-b493-cbcffc501f69}\Shell - "" = AutoRun
O33 - MountPoints2\{348cebbf-4f6b-11e0-b493-cbcffc501f69}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{348cebc7-4f6b-11e0-b493-cbcffc501f69}\Shell - "" = AutoRun
O33 - MountPoints2\{348cebc7-4f6b-11e0-b493-cbcffc501f69}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{4454023d-4f62-11e0-aabb-ea4d24e9dc6f}\Shell - "" = AutoRun
O33 - MountPoints2\{4454023d-4f62-11e0-aabb-ea4d24e9dc6f}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{52f28007-006a-11e0-8bbe-001dbaf2c4f7}\Shell\AutoRun\command - "" = G:\wubi.exe --cdmenu
O33 - MountPoints2\{560cd788-4de8-11e0-b1ef-fb48cbbb4e6c}\Shell - "" = AutoRun
O33 - MountPoints2\{560cd788-4de8-11e0-b1ef-fb48cbbb4e6c}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{560cd798-4de8-11e0-b1ef-fb48cbbb4e6c}\Shell - "" = AutoRun
O33 - MountPoints2\{560cd798-4de8-11e0-b1ef-fb48cbbb4e6c}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{5e7b60fa-9a0f-11de-9d82-001dbaf2c4f7}\Shell\AutoRun\command - "" = G:\Supercharge.bat
O33 - MountPoints2\{5e7b60fa-9a0f-11de-9d82-001dbaf2c4f7}\Shell\TGSC\command - "" = G:\Supercharge.bat
O33 - MountPoints2\{6842c48d-4ee2-11e0-97c3-a0e7db342d54}\Shell - "" = AutoRun
O33 - MountPoints2\{6842c48d-4ee2-11e0-97c3-a0e7db342d54}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{69b3efcb-5db8-11e0-9762-ad0ed5c1d5f6}\Shell - "" = AutoRun
O33 - MountPoints2\{69b3efcb-5db8-11e0-9762-ad0ed5c1d5f6}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{74a7a545-8b76-11e0-8ee0-dad57e0a6f96}\Shell - "" = AutoRun
O33 - MountPoints2\{74a7a545-8b76-11e0-8ee0-dad57e0a6f96}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{78a01ebf-4f72-11e0-9059-8a48478e3a69}\Shell - "" = AutoRun
O33 - MountPoints2\{78a01ebf-4f72-11e0-9059-8a48478e3a69}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{c7ed10e3-8057-11df-a319-001dbaf2c4f7}\Shell - "" = AutoRun
O33 - MountPoints2\{c7ed10e3-8057-11df-a319-001dbaf2c4f7}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{d7b57073-69f5-11df-bcfd-86ebcb39b94b}\Shell - "" = AutoRun
O33 - MountPoints2\{d7b57073-69f5-11df-bcfd-86ebcb39b94b}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{d7b57075-69f5-11df-bcfd-86ebcb39b94b}\Shell - "" = AutoRun
O33 - MountPoints2\{d7b57075-69f5-11df-bcfd-86ebcb39b94b}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{f7cb6fd2-67fc-11df-8517-001dbaf2c4f7}\Shell - "" = AutoRun
O33 - MountPoints2\{f7cb6fd2-67fc-11df-8517-001dbaf2c4f7}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{f7cb6fee-67fc-11df-8517-001dbaf2c4f7}\Shell - "" = AutoRun
O33 - MountPoints2\{f7cb6fee-67fc-11df-8517-001dbaf2c4f7}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{fd4ff810-5c1a-11e0-a009-8d1c78125e6f}\Shell - "" = AutoRun
O33 - MountPoints2\{fd4ff810-5c1a-11e0-a009-8d1c78125e6f}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{fd4ff83c-5c1a-11e0-a009-9d7832926a48}\Shell - "" = AutoRun
O33 - MountPoints2\{fd4ff83c-5c1a-11e0-a009-9d7832926a48}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- [2010/08/20 01:43:30 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/27 10:54:54 | 000,000,000 | ---D | C] -- C:\Users\Home\Desktop\Wrong
[2011/08/27 10:36:14 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Home\Desktop\OTL.exe
[2011/08/27 08:31:30 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/08/24 07:13:25 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011/08/21 21:01:12 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\Windows Live Writer
[2011/08/21 21:01:12 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\Windows Live Writer
[2011/08/21 21:01:09 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{014FBF81-6C2F-4E64-97B9-F13CE7A05380}
[2011/08/21 09:13:30 | 000,607,017 | R--- | C] (Swearware) -- C:\Users\Home\Desktop\dds.scr
[2011/08/20 12:57:45 | 000,000,000 | ---D | C] -- C:\Users\Home\Documents\EMDB
[2011/08/20 12:57:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EMDB
[2011/08/20 12:57:42 | 000,000,000 | ---D | C] -- C:\Program Files\EMDB
[2011/08/20 12:57:13 | 000,000,000 | ---D | C] -- C:\Users\Home\emdb
[2011/08/20 12:36:25 | 000,000,000 | ---D | C] -- C:\Users\Home\Desktop\ToRead
[2011/08/18 23:22:29 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/08/18 23:22:27 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/08/18 23:22:26 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/08/18 23:22:26 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/08/18 23:22:25 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/08/17 05:58:01 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011/08/17 05:53:47 | 003,602,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/08/17 05:53:47 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/08/01 10:31:15 | 000,000,000 | ---D | C] -- C:\Users\Home\M
[2011/07/31 22:41:19 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{38048B5C-CD6C-4C28-847A-B4E99A6DEB53}
[2007/06/07 09:50:16 | 000,386,544 | ---- | C] ( ) -- C:\Windows\System32\dlbtih.exe
[2007/06/07 09:50:14 | 000,538,096 | ---- | C] ( ) -- C:\Windows\System32\dlbtcoms.exe
[2007/06/07 09:50:12 | 000,382,448 | ---- | C] ( ) -- C:\Windows\System32\dlbtcfg.exe
[2007/01/30 22:47:52 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\dlbtpmui.dll
[2007/01/30 22:46:00 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\dlbtserv.dll
[2007/01/30 22:38:18 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\dlbtcomm.dll
[2007/01/30 22:36:30 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\dlbtlmpm.dll
[2007/01/30 22:35:00 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\dlbtiesc.dll
[2007/01/30 22:32:06 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\dlbtpplc.dll
[2007/01/30 22:31:08 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\dlbtcomc.dll
[2007/01/30 22:30:30 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\dlbtprox.dll
[2007/01/30 22:22:32 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\dlbtinpa.dll
[2007/01/30 22:21:46 | 000,995,328 | ---- | C] ( ) -- C:\Windows\System32\dlbtusb1.dll
[2007/01/30 22:17:02 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\dlbthbn3.dll
[2 C:\Users\Home\AppData\Local\*.tmp files -> C:\Users\Home\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/27 10:55:11 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Home\Desktop\OTL.exe
[2011/08/27 10:23:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/27 10:19:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/27 10:16:55 | 006,074,525 | ---- | M] () -- C:\Users\Home\Desktop\Hamlet.mp3.php
[2011/08/27 10:08:59 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3181071557-3652069577-897653104-1000UA.job
[2011/08/27 09:08:06 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/27 09:08:06 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/27 07:40:30 | 002,799,478 | ---- | M] () -- C:\Users\Home\Desktop\White Christmas Song Parody.mp3
[2011/08/27 07:24:24 | 003,317,747 | ---- | M] () -- C:\Users\Home\Desktop\Weird Al Yankovic.mp3
[2011/08/27 07:21:26 | 000,389,557 | ---- | M] () -- C:\Users\Home\Desktop\image.png
[2011/08/27 07:17:53 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3181071557-3652069577-897653104-1000Core.job
[2011/08/27 07:14:30 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/26 07:10:37 | 000,002,037 | ---- | M] () -- C:\Users\Home\Desktop\Google Chrome.lnk
[2011/08/26 07:10:37 | 000,001,999 | ---- | M] () -- C:\Users\Home\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/08/26 07:09:51 | 000,048,537 | ---- | M] () -- C:\Users\Home\Desktop\DSK_image.jpg
[2011/08/24 06:18:46 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/08/23 23:44:20 | 000,002,609 | ---- | M] () -- C:\Users\Home\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2007.lnk
[2011/08/23 22:11:46 | 000,637,256 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/08/23 22:11:46 | 000,116,034 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/08/23 08:08:54 | 000,867,747 | ---- | M] () -- C:\Users\Home\Desktop\62848471-kanji-2.pdf
[2011/08/21 21:29:28 | 000,002,651 | ---- | M] () -- C:\Users\Home\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
[2011/08/21 15:07:29 | 000,208,171 | ---- | M] () -- C:\Users\Home\Desktop\AF102692134.PDF
[2011/08/21 15:07:23 | 000,193,804 | ---- | M] () -- C:\Users\Home\Desktop\AF102692116.PDF
[2011/08/21 15:07:14 | 000,290,935 | ---- | M] () -- C:\Users\Home\Desktop\AF102692107.PDF
[2011/08/21 09:13:38 | 000,607,017 | R--- | M] (Swearware) -- C:\Users\Home\Desktop\dds.scr
[2011/08/21 07:51:37 | 000,331,280 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/08/20 12:57:43 | 000,000,704 | ---- | M] () -- C:\Users\Home\Desktop\EMDB.lnk
[2011/08/20 12:38:43 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/08/12 02:16:47 | 000,097,280 | ---- | M] () -- C:\Users\Home\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/01 00:09:19 | 001,414,034 | ---- | M] () -- C:\Users\Home\Desktop\NetProspex_SocialBusinessReport_Summer2011.pdf
[2 C:\Users\Home\AppData\Local\*.tmp files -> C:\Users\Home\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/27 10:11:38 | 006,074,525 | ---- | C] () -- C:\Users\Home\Desktop\Hamlet.mp3.php
[2011/08/27 07:40:16 | 002,799,478 | ---- | C] () -- C:\Users\Home\Desktop\White Christmas Song Parody.mp3
[2011/08/27 07:23:42 | 003,317,747 | ---- | C] () -- C:\Users\Home\Desktop\Weird Al Yankovic.mp3
[2011/08/27 07:21:24 | 000,389,557 | ---- | C] () -- C:\Users\Home\Desktop\image.png
[2011/08/26 07:09:55 | 000,048,537 | ---- | C] () -- C:\Users\Home\Desktop\DSK_image.jpg
[2011/08/23 08:08:50 | 000,867,747 | ---- | C] () -- C:\Users\Home\Desktop\62848471-kanji-2.pdf
[2011/08/21 15:07:30 | 000,208,171 | ---- | C] () -- C:\Users\Home\Desktop\AF102692134.PDF
[2011/08/21 15:07:23 | 000,193,804 | ---- | C] () -- C:\Users\Home\Desktop\AF102692116.PDF
[2011/08/21 15:07:16 | 000,290,935 | ---- | C] () -- C:\Users\Home\Desktop\AF102692107.PDF
[2011/08/20 12:57:43 | 000,000,704 | ---- | C] () -- C:\Users\Home\Desktop\EMDB.lnk
[2011/08/01 00:09:19 | 001,414,034 | ---- | C] () -- C:\Users\Home\Desktop\NetProspex_SocialBusinessReport_Summer2011.pdf
[2011/07/27 08:03:04 | 000,000,000 | ---- | C] () -- C:\Users\Home\AppData\Local\{7D902F3A-A7A0-4C37-8F91-681CC155B979}
[2011/06/15 07:29:14 | 000,000,000 | ---- | C] () -- C:\Users\Home\AppData\Local\{C0D80EB7-07E5-4EC6-A3F2-6C561B495077}
[2011/04/16 09:56:15 | 000,007,168 | ---- | C] () -- C:\Windows\System32\Dtctrace.dll
[2011/01/13 23:30:05 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010/03/27 08:36:15 | 000,000,036 | ---- | C] () -- C:\Users\Home\AppData\Local\housecall.guid.cache
[2010/03/22 03:06:22 | 000,000,680 | ---- | C] () -- C:\Users\Home\AppData\Local\d3d9caps.dat
[2009/10/26 04:49:29 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2009/09/29 16:50:59 | 000,716,058 | ---- | C] () -- C:\Windows\System32\unins000.exe
[2009/09/29 16:50:59 | 000,032,024 | ---- | C] () -- C:\Windows\System32\unins000.dat
[2009/09/12 11:30:02 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/12 11:30:02 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/12 07:15:09 | 000,097,280 | ---- | C] () -- C:\Users\Home\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/10 06:19:50 | 000,024,206 | ---- | C] () -- C:\Users\Home\AppData\Roaming\UserTile.png
[2009/09/07 00:55:43 | 000,000,000 | ---- | C] () -- C:\Windows\ka.ini
[2009/09/06 20:45:24 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/08/03 23:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 23:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/03/31 06:52:01 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2009/03/05 02:47:58 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/03/05 01:57:25 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/03/05 01:31:17 | 002,192,024 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2009/03/05 01:31:17 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1511.dll
[2009/03/05 01:31:16 | 000,492,496 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2009/03/05 01:31:16 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2009/03/05 01:30:31 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2009/03/05 01:30:25 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2009/03/05 01:30:25 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2009/03/05 01:30:24 | 000,174,819 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009/03/05 01:30:24 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2007/02/19 15:20:28 | 000,106,496 | ---- | C] () -- C:\Windows\System32\dlbtinsr.dll
[2007/02/19 15:20:24 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dlbtcur.dll
[2007/02/19 15:20:02 | 000,135,168 | ---- | C] () -- C:\Windows\System32\dlbtjswr.dll
[2007/02/19 15:17:06 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dlbtinsb.dll
[2007/02/19 15:17:00 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dlbtcub.dll
[2007/02/19 15:16:52 | 000,073,728 | ---- | C] () -- C:\Windows\System32\dlbtcu.dll
[2007/02/19 15:16:48 | 000,159,744 | ---- | C] () -- C:\Windows\System32\dlbtins.dll
[2007/02/19 15:15:34 | 000,434,176 | ---- | C] () -- C:\Windows\System32\dlbtutil.dll
[2007/02/08 01:57:16 | 000,344,064 | ---- | C] () -- C:\Windows\System32\dlbtcoin.dll
[2007/01/22 15:18:28 | 000,069,632 | ---- | C] () -- C:\Windows\System32\dlbtcfg.dll
[2006/11/02 21:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 21:47:37 | 000,331,280 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 21:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 19:33:01 | 000,637,256 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 19:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 19:33:01 | 000,116,034 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 19:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 19:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 17:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 17:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 16:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 16:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005/08/18 18:26:46 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dlbtvs.dll
[2005/05/25 21:07:26 | 000,061,440 | ---- | C] () -- C:\Windows\System32\dlbtcnv4.dll

========== LOP Check ==========

[2010/04/18 07:32:28 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\ICAClient
[2010/10/23 04:18:28 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Amazon
[2010/10/28 22:55:46 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\app.jbbres.com
[2011/06/12 21:21:48 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Audacity
[2010/03/24 07:52:54 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\AVG9
[2011/02/03 00:22:22 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\com.focusboosterapp.focusbooster.8E5F79C899747AD22E21DB62AA496926DA6BBC64.1
[2010/04/03 03:17:29 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Desktopicon
[2011/01/13 23:40:15 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\DiskSpaceFan
[2010/10/28 21:34:03 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\HamsterSoft
[2009/10/30 08:21:12 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\ICAClient
[2009/09/10 06:19:49 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\PeerNetworking
[2010/08/29 19:57:58 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2011/08/21 21:01:12 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Windows Live Writer
[2010/03/27 06:06:57 | 000,000,000 | ---D | M] -- C:\Users\Keiko\AppData\Roaming\AVG9
[2011/08/24 06:18:46 | 000,032,532 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >



Extra. txt log

OTL Extras logfile created on: 27/08/2011 10:55:52 - Run 2
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Users\Home\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.87 Gb Total Physical Memory | 1.86 Gb Available Physical Memory | 64.77% Memory free
5.97 Gb Paging File | 4.74 Gb Available in Paging File | 79.51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.11 Gb Total Space | 110.60 Gb Free Space | 49.57% Space Free | Partition Type: NTFS
Drive H: | 34.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: SONYNS30E | User Name: Home | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1B108DF2-BEFE-460D-8491-D764BE6CC790}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{B039AFE7-0010-4139-9F8D-AA11B2F2B036}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C56B3483-5F1F-4A32-9EFF-C52AAA5EAFD2}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{FD95152E-6D6B-4FF8-80F4-B1556CBC3C5D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003D6FBC-9458-40C3-9146-053EDC9BFD01}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{0F54A240-D592-43C5-9BCE-E1E4F905E81B}" = protocol=17 | dir=in | app=c:\windows\system32\dlbtcoms.exe |
"{18951EE0-60A7-4770-AE52-9CA8158BA1C7}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{3248DA4E-0751-46CF-8800-B781FCA01131}" = dir=in | app=c:\program files\avg\avg9\avgupd.exe |
"{34C4AE56-9EBA-48DE-9FFE-07D6C588769A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{80E119ED-EAE1-4A22-A3F4-533A761A4BB4}" = dir=in | app=c:\program files\avg\avg9\avgam.exe |
"{9DFE2411-5EF7-4B65-970E-2706AD324125}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{A77F80BC-BC70-414C-95C9-70B45A4EA4D1}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{B17FFEFD-F4C8-46B1-B05D-533983CAD6CF}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe |
"{B55DBC67-0613-4B0E-8244-F8E39DACA82E}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{B8A194F2-5A19-474C-B799-EE5C3474C2D6}" = dir=in | app=c:\program files\avg\avg9\avgdiagex.exe |
"{BB757812-8940-46B6-AADF-F24C7AF051AA}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{C2BB549A-E5C2-4BED-8406-4181FF12EF3E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D5024AE1-BA3A-4B0E-A17B-E25B55D5B191}" = dir=in | app=c:\program files\avg\avg9\avgemc.exe |
"{EAF6C57B-102B-43EE-B418-7F189019150B}" = protocol=6 | dir=in | app=c:\windows\system32\dlbtcoms.exe |
"{F83DD6C7-16B2-4803-B37B-31B21E8F40D9}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
"{068F037B-2723-48E3-85F1-4D7D93A29D2A}" = VAIO Content Metadata Intelligent Analyzing Manager
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D025345-1033-4F35-A5CE-68CDCDE6CC03}" = Evernote
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}" = VAIO Launcher
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A414CE4-CE57-4718-A4E0-B2C33DC4D620}_is1" = True Time Tracker
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2018C019-30D9-4240-8C01-0865C10DCF5A}" = VAIO Presentation Support
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting
"{2878C3C9-9D91-430F-8F50-885BB23DB001}" = VAIO Content Folder Watcher
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{327B75F0-92AF-420A-988F-FA596A218E0B}" = VAIO Content Folder Watcher
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3B659FAD-E772-44A3-B7E7-560FF084669F}" = VAIO Smart Network
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy Media Creator 10 LJ
"{570190E8-6EA3-4364-93D0-96E4EE263193}" = pebNote
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic
"{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F5867F0-2D23-4338-A206-01A76C823924}" = VAIO Power Management
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{64DBE9FE-A07D-41A0-B81A-8D416D9647FF}" = VAIO Content Folder Watcher
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc
"{69C8B1E3-2665-4A0F-B049-67746E5C4CE3}" = Software Info for Me&My VAIO
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6EB6A82E-4918-481F-9AF8-3129E6D29B7E}" = Sony Home Network Library
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7B79CD75-F848-4B33-83E3-0EE1A1805A8C}" = VAIO Movie Story
"{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-i Visual Effects 2
"{7C404084-C5A6-42FF-B731-0BAC79A6E134}" = VAIO Original Function Settings
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{88A23708-97BF-4E2E-AE5A-B600935EE575}" = Google 日本語入力
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}" = VAIO Media plus
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9238E8A4-BEBA-43A3-B926-769BDBF194C5}" = VAIO Media plus Opening Movie
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95229EF6-F4A1-413A-BA50-668311FAFE19}" = VAIO Original Function Settings
"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" =
"{98FC7A64-774B-49B5-B046-4B4EBC053FA9}" = VAIO MusicBox Sample Music
"{9973498D-EA29-4A68-BE0B-C88D6E03E928}" = ArcSoft WebCam Companion 2
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9F6CFB0-806D-11E0-8EA1-B8AC6F97B88E}" = Google Earth Plug-in
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story
"{B3668C08-EBB1-40F4-B4F9-4F8E13501A7D}" = VAIO Entertainment Platform
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{BFD85D24-D4F3-4CCC-B518-D7C4FC29C76D}" = VAIO Content Metadata Intelligent Analyzing Manager
"{C0482AA0-9CDF-49B4-9B39-551FD1A7A7E6}" = VAIO Movie Story 1.5 Upgrade
"{C1555BC5-88B1-466B-BC79-062B5715DF92}" = VAIO Content Metadata XML Interface Library
"{C62AEA0E-90B0-4049-9780-8499A18A34D7}" = VAIO Content Metadata Manager Setting
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{CD7E6232-D41D-4E5B-ABE1-0264B6260309}" = VAIO Content Metadata Intelligent Analyzing Manager
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF0F8D1B-5FB9-468D-BD88-E6239906D2B7}" = Click to Disc
"{D03D02D8-AB64-4785-A48E-5AA8B0FB8C14}" = Sony Home Network Library
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{D613E659-6503-42A8-9617-4F599061EAD5}" = VAIO MusicBox
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3453B1B-C91B-4C48-B046-8DF635DD46F2}" = VAIO Content Metadata XML Interface Library
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EADE97A7-E7AA-43FD-A042-92A68E0187A6}" = VAIO Content Metadata Manager Setting
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD0}" = Paint.NET v3.5.5
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" =
"{F88A7EB0-90F4-4012-9194-33AF2F1C5BF1}" = VAIO Movie Story 1.5 Upgrade
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Easy Media Creator Home
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"dt icon module" =
"EMDB_is1" = EMDB 1.33
"EMOBILE Manager" = EMOBILE HW Utility
"FLV Player" = FLV Player 2.0 (build 25)
"Google Desktop" = Google Desktop
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Home'Bank Light_is1" = Home'Bank Light 3.3.3
"Home'Bank Off-line services_is1" = Home'Bank Off-line services 5.11
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"Kanji Gold_is1" = Kanji Gold 2.10
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"MFU Module" =
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Totally Party" = Totally Spies! Totally Party
"VAIO Help and Support" =
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3181071557-3652069577-897653104-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle For PC" = Amazon Kindle For PC v1.1
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 20/08/2011 23:09:19 | Computer Name = SonyNS30E | Source = WinMgmt | ID = 10
Description =

Error - 21/08/2011 07:55:33 | Computer Name = SonyNS30E | Source = VzCdbSvc | ID = 7
Description = Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error
code = 0x80042019)

Error - 21/08/2011 07:55:34 | Computer Name = SonyNS30E | Source = WinMgmt | ID = 10
Description =

Error - 22/08/2011 18:26:54 | Computer Name = SonyNS30E | Source = VzCdbSvc | ID = 7
Description = Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error
code = 0x80042019)

Error - 22/08/2011 18:27:02 | Computer Name = SonyNS30E | Source = WinMgmt | ID = 10
Description =

Error - 23/08/2011 09:05:22 | Computer Name = SonyNS30E | Source = VzCdbSvc | ID = 7
Description = Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error
code = 0x80042019)

Error - 23/08/2011 09:05:30 | Computer Name = SonyNS30E | Source = WinMgmt | ID = 10
Description =

Error - 23/08/2011 17:19:47 | Computer Name = SonyNS30E | Source = VzCdbSvc | ID = 7
Description = Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error
code = 0x80042019)

Error - 23/08/2011 17:19:47 | Computer Name = SonyNS30E | Source = WinMgmt | ID = 10
Description =

Error - 26/08/2011 19:32:42 | Computer Name = SonyNS30E | Source = VSS | ID = 8194
Description =

[ OSession Events ]
Error - 13/04/2010 18:21:16 | Computer Name = SonyNS30E | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 14415
seconds with 120 seconds of active time. This session ended with a crash.

Error - 07/01/2011 09:10:33 | Computer Name = SonyNS30E | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 310
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 26/08/2011 19:27:17 | Computer Name = SonyNS30E | Source = Dhcp | ID = 1002
Description = The IP address lease 10.208.3.219 for the Network Card with network
address 001E101F35C2 has been denied by the DHCP server 10.209.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 26/08/2011 19:31:50 | Computer Name = SonyNS30E | Source = DCOM | ID = 10005
Description =

Error - 26/08/2011 19:31:50 | Computer Name = SonyNS30E | Source = Service Control Manager | ID = 7009
Description =

Error - 26/08/2011 19:31:50 | Computer Name = SonyNS30E | Source = Service Control Manager | ID = 7000
Description =

Error - 26/08/2011 20:38:47 | Computer Name = SonyNS30E | Source = Dhcp | ID = 1002
Description = The IP address lease 10.209.1.3 for the Network Card with network
address 001E101F35C2 has been denied by the DHCP server 10.209.0.169 (The DHCP Server
sent a DHCPNACK message).

Error - 26/08/2011 20:51:36 | Computer Name = SonyNS30E | Source = Dhcp | ID = 1002
Description = The IP address lease 10.209.0.172 for the Network Card with network
address 001E101F35C2 has been denied by the DHCP server 10.209.3.121 (The DHCP
Server sent a DHCPNACK message).

Error - 26/08/2011 21:19:31 | Computer Name = SonyNS30E | Source = Dhcp | ID = 1002
Description = The IP address lease 10.209.3.122 for the Network Card with network
address 001E101F35C2 has been denied by the DHCP server 10.209.2.97 (The DHCP Server
sent a DHCPNACK message).

Error - 26/08/2011 21:23:28 | Computer Name = SonyNS30E | Source = Service Control Manager | ID = 7011
Description =

Error - 26/08/2011 21:28:13 | Computer Name = SonyNS30E | Source = Dhcp | ID = 1002
Description = The IP address lease 10.209.2.104 for the Network Card with network
address 001E101F4EC0 has been denied by the DHCP server 10.208.3.26 (The DHCP Server
sent a DHCPNACK message).

Error - 26/08/2011 21:52:50 | Computer Name = SonyNS30E | Source = Dhcp | ID = 1002
Description = The IP address lease 10.208.3.25 for the Network Card with network
address 001E101F4EC0 has been denied by the DHCP server 10.209.1.1 (The DHCP Server
sent a DHCPNACK message).


< End of report >
juliend
Regular Member
 
Posts: 17
Joined: March 27th, 2010, 10:01 am

Re: Internet seems to be hijacked on my computer

Unread postby askey127 » August 27th, 2011, 8:10 am

juliend,
--------------------------------------------
TDSSKiller - Rootkit Removal Tool
Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!
  1. Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    (Vista - W7 users: Right-click and select "Run As Administrator")
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com).
    If you don't see file extensions, please see: How to change the file extension.
  2. Click the Start Scan button. Do not use the computer during the scan!
  3. If the scan completes with nothing found, click Close to exit.
  4. If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Ensure Cure (default) is selected... then click Continue > Reboot now to finish the cleaning process.
    • If Cure is not offered as an option, choose Skip.
  5. A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the main directory of C:
    (the dd.mm.yyyy_hh.mm.ss numbers in the filename represent the time/date stamp)
  6. Copy and paste the contents of that file in your next reply.

If, for some reason,you can't locate the text file to paste into your reply, just tell me, but DO NOT run the program a second time.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Internet seems to be hijacked on my computer

Unread postby juliend » August 27th, 2011, 8:28 pm

Hi askey127,

I have run the TDSSKiller.exe and there was no Threats Found.

Note:
1 - when looking for the txt report, I see that I had already run the tool before
There is a log named TDSSKiller.2.4.21.0_20.04.2011_18.27.11_log (I am not copying the contents except if you ask for it)
2 - Avira has a message telling me it has found a malware
"A virus or unwanted program 'TR/Swisyn.bsgf.1' was found in file 'C:\Users\Home\AppData\Local\Google\...\f_0014b1'.
Access to this file was denied.
Please select a further action"

I hope this helps.
Please find the text report of the scan I have just run below, as requested.


2011/08/28 09:21:15.0366 3748 TDSS rootkit removing tool 2.5.17.0 Aug 22 2011 15:46:57
2011/08/28 09:21:15.0404 3748 ================================================================================
2011/08/28 09:21:15.0404 3748 SystemInfo:
2011/08/28 09:21:15.0404 3748
2011/08/28 09:21:15.0405 3748 OS Version: 6.0.6002 ServicePack: 2.0
2011/08/28 09:21:15.0405 3748 Product type: Workstation
2011/08/28 09:21:15.0405 3748 ComputerName: SONYNS30E
2011/08/28 09:21:15.0405 3748 UserName: Home
2011/08/28 09:21:15.0405 3748 Windows directory: C:\Windows
2011/08/28 09:21:15.0405 3748 System windows directory: C:\Windows
2011/08/28 09:21:15.0405 3748 Processor architecture: Intel x86
2011/08/28 09:21:15.0405 3748 Number of processors: 2
2011/08/28 09:21:15.0405 3748 Page size: 0x1000
2011/08/28 09:21:15.0405 3748 Boot type: Normal boot
2011/08/28 09:21:15.0405 3748 ================================================================================
2011/08/28 09:21:15.0927 3748 Initialize success
2011/08/28 09:21:18.0889 2688 ================================================================================
2011/08/28 09:21:18.0889 2688 Scan started
2011/08/28 09:21:18.0889 2688 Mode: Manual;
2011/08/28 09:21:18.0889 2688 ================================================================================
2011/08/28 09:21:19.0689 2688 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/08/28 09:21:19.0843 2688 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/08/28 09:21:20.0029 2688 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/08/28 09:21:20.0180 2688 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/08/28 09:21:20.0308 2688 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/08/28 09:21:20.0528 2688 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
2011/08/28 09:21:20.0686 2688 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/08/28 09:21:20.0808 2688 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/08/28 09:21:20.0949 2688 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/08/28 09:21:21.0088 2688 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/08/28 09:21:21.0201 2688 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/08/28 09:21:21.0373 2688 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/08/28 09:21:21.0482 2688 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/08/28 09:21:21.0650 2688 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/08/28 09:21:21.0789 2688 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/08/28 09:21:21.0901 2688 ArcSoftKsUFilter (857b48965a0503b7ab795d4bfe7cbd8b) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
2011/08/28 09:21:22.0026 2688 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/08/28 09:21:22.0142 2688 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
2011/08/28 09:21:22.0294 2688 athr (1ea05449220e3d755477ce517a83846b) C:\Windows\system32\DRIVERS\athr.sys
2011/08/28 09:21:22.0823 2688 atikmdag (9f66d1ba97911731133e46212539a08d) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/08/28 09:21:23.0517 2688 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/08/28 09:21:23.0662 2688 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
2011/08/28 09:21:23.0814 2688 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/08/28 09:21:23.0964 2688 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/08/28 09:21:24.0107 2688 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/08/28 09:21:24.0244 2688 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/08/28 09:21:24.0363 2688 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/08/28 09:21:24.0500 2688 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/08/28 09:21:24.0615 2688 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/08/28 09:21:24.0733 2688 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/08/28 09:21:24.0857 2688 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/08/28 09:21:24.0988 2688 BthEnum (cce53afc28347cc18ea139972e5b5e5a) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/08/28 09:21:25.0141 2688 BTHMODEM (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/08/28 09:21:25.0275 2688 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
2011/08/28 09:21:25.0409 2688 BTHPORT (ac8a1689d5efc4d214201155a78d8f4b) C:\Windows\system32\Drivers\BTHport.sys
2011/08/28 09:21:25.0570 2688 BTHUSB (288c1f74e3e2eed6c7b54eb3aac70856) C:\Windows\system32\Drivers\BTHUSB.sys
2011/08/28 09:21:25.0705 2688 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/08/28 09:21:25.0831 2688 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/08/28 09:21:25.0947 2688 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/08/28 09:21:26.0061 2688 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/08/28 09:21:26.0204 2688 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/08/28 09:21:26.0318 2688 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/08/28 09:21:26.0438 2688 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/08/28 09:21:26.0555 2688 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/08/28 09:21:26.0683 2688 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/08/28 09:21:26.0852 2688 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
2011/08/28 09:21:27.0016 2688 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/08/28 09:21:27.0162 2688 DMICall (f206e28ed74c491fd5d7c0a1119ce37f) C:\Windows\system32\DRIVERS\DMICall.sys
2011/08/28 09:21:27.0307 2688 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/08/28 09:21:27.0440 2688 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/08/28 09:21:27.0585 2688 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/08/28 09:21:27.0753 2688 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/08/28 09:21:27.0930 2688 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/08/28 09:21:28.0083 2688 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/08/28 09:21:28.0222 2688 ewusbnet (e1556af3fb0284c32896b9ac8494d9c2) C:\Windows\system32\DRIVERS\ewusbnet.sys
2011/08/28 09:21:28.0360 2688 ew_hwusbdev (57c171ea22f0a7f068fcb0caedd1e8e7) C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
2011/08/28 09:21:28.0472 2688 ew_usbenumfilter (61a973f60e94a551ba7b15f3460444fb) C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys
2011/08/28 09:21:28.0600 2688 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/08/28 09:21:28.0734 2688 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/08/28 09:21:28.0859 2688 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/08/28 09:21:29.0003 2688 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/08/28 09:21:29.0106 2688 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/08/28 09:21:29.0219 2688 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/08/28 09:21:29.0364 2688 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/08/28 09:21:29.0529 2688 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
2011/08/28 09:21:29.0653 2688 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/08/28 09:21:29.0781 2688 FTDIBUS (47b9cf937ac479046da289bd5a769ce9) C:\Windows\system32\drivers\ftdibus.sys
2011/08/28 09:21:29.0901 2688 FTSER2K (216b9a2191676034999785c7f94fa5d6) C:\Windows\system32\drivers\ftser2k.sys
2011/08/28 09:21:30.0016 2688 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/08/28 09:21:30.0055 2688 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/08/28 09:21:30.0240 2688 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/08/28 09:21:30.0399 2688 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/08/28 09:21:30.0516 2688 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/08/28 09:21:30.0631 2688 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/08/28 09:21:30.0751 2688 HidUsb (e2b5bd48afcc0f0974fb44641b223250) C:\Windows\system32\DRIVERS\hidusb.sys
2011/08/28 09:21:30.0871 2688 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/08/28 09:21:31.0006 2688 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2011/08/28 09:21:31.0151 2688 HSF_DPV (7bc42c65b5c6281777c1a7605b253ba8) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2011/08/28 09:21:31.0293 2688 HSXHWAZL (9ebf2d102ccbb6bcdfbf1b7922f8ba2e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2011/08/28 09:21:31.0447 2688 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/08/28 09:21:31.0570 2688 huawei_enumerator (92548543d50c9bccdb31ffb7ec39249d) C:\Windows\system32\DRIVERS\ew_jubusenum.sys
2011/08/28 09:21:31.0727 2688 hwdatacard (a89423d0132c8ab69ba621b6ce191714) C:\Windows\system32\DRIVERS\ewusbmdm.sys
2011/08/28 09:21:31.0879 2688 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/08/28 09:21:32.0011 2688 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/08/28 09:21:32.0140 2688 iaStor (db0cc620b27a928d968c1a1e9cd9cb87) C:\Windows\system32\DRIVERS\iaStor.sys
2011/08/28 09:21:32.0236 2688 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/08/28 09:21:32.0432 2688 igfx (ce5ff5d5e3f4ca974e36dc24c15474d0) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/08/28 09:21:32.0599 2688 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/08/28 09:21:32.0792 2688 IntcAzAudAddService (3aa1f82efa2b0454af163124c9920d16) C:\Windows\system32\drivers\RTKVHDA.sys
2011/08/28 09:21:32.0972 2688 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/08/28 09:21:33.0097 2688 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/08/28 09:21:33.0240 2688 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/08/28 09:21:33.0458 2688 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/08/28 09:21:33.0572 2688 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/08/28 09:21:33.0693 2688 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/08/28 09:21:33.0804 2688 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/08/28 09:21:33.0941 2688 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/08/28 09:21:34.0058 2688 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/08/28 09:21:34.0176 2688 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/08/28 09:21:34.0301 2688 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/08/28 09:21:34.0415 2688 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\drivers\kbdhid.sys
2011/08/28 09:21:34.0549 2688 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/08/28 09:21:34.0713 2688 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/08/28 09:21:34.0855 2688 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/08/28 09:21:34.0980 2688 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/08/28 09:21:35.0097 2688 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/08/28 09:21:35.0220 2688 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/08/28 09:21:35.0351 2688 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/08/28 09:21:35.0488 2688 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/08/28 09:21:35.0613 2688 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/08/28 09:21:35.0767 2688 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/08/28 09:21:35.0881 2688 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/08/28 09:21:35.0990 2688 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/08/28 09:21:36.0184 2688 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/08/28 09:21:36.0331 2688 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/08/28 09:21:36.0451 2688 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/08/28 09:21:36.0591 2688 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/08/28 09:21:36.0729 2688 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/08/28 09:21:36.0867 2688 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/08/28 09:21:37.0010 2688 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/08/28 09:21:37.0137 2688 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/08/28 09:21:37.0231 2688 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/08/28 09:21:37.0363 2688 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
2011/08/28 09:21:37.0482 2688 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/08/28 09:21:37.0643 2688 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/08/28 09:21:37.0762 2688 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/08/28 09:21:37.0895 2688 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/08/28 09:21:37.0995 2688 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/08/28 09:21:38.0096 2688 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/08/28 09:21:38.0239 2688 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/08/28 09:21:38.0351 2688 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/08/28 09:21:38.0474 2688 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/08/28 09:21:38.0591 2688 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/08/28 09:21:38.0737 2688 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/08/28 09:21:38.0882 2688 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/08/28 09:21:39.0015 2688 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/08/28 09:21:39.0123 2688 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/08/28 09:21:39.0259 2688 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/08/28 09:21:39.0362 2688 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/08/28 09:21:39.0474 2688 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/08/28 09:21:39.0549 2688 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/08/28 09:21:39.0684 2688 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/08/28 09:21:39.0794 2688 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/08/28 09:21:39.0867 2688 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/08/28 09:21:40.0054 2688 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/08/28 09:21:40.0226 2688 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/08/28 09:21:40.0337 2688 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/08/28 09:21:40.0430 2688 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/08/28 09:21:40.0495 2688 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/08/28 09:21:40.0563 2688 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/08/28 09:21:40.0789 2688 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/08/28 09:21:40.0928 2688 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/08/28 09:21:41.0003 2688 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/08/28 09:21:41.0122 2688 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/08/28 09:21:41.0189 2688 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/08/28 09:21:41.0290 2688 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2011/08/28 09:21:41.0405 2688 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/08/28 09:21:41.0564 2688 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/08/28 09:21:41.0784 2688 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/08/28 09:21:41.0891 2688 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/08/28 09:21:42.0040 2688 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/08/28 09:21:42.0149 2688 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
2011/08/28 09:21:42.0309 2688 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/08/28 09:21:42.0523 2688 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/08/28 09:21:42.0684 2688 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/08/28 09:21:42.0796 2688 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/08/28 09:21:42.0859 2688 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/08/28 09:21:42.0973 2688 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/08/28 09:21:43.0112 2688 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/08/28 09:21:43.0244 2688 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/08/28 09:21:43.0338 2688 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/08/28 09:21:43.0444 2688 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/08/28 09:21:43.0561 2688 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/08/28 09:21:43.0708 2688 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/08/28 09:21:43.0822 2688 regi (001b4278407f4303efc902a2b16f2453) C:\Windows\system32\drivers\regi.sys
2011/08/28 09:21:43.0950 2688 RFCOMM (23f486726da7a9b2f3ec7326421a9c36) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/08/28 09:21:44.0069 2688 rimsptsk (f7d9ecf41ebd3cf6c65944368150f66b) C:\Windows\system32\DRIVERS\rimsptsk.sys
2011/08/28 09:21:44.0161 2688 risdptsk (1be6c42767a7c67ba31ae32b293b37a3) C:\Windows\system32\DRIVERS\risdptsk.sys
2011/08/28 09:21:44.0275 2688 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/08/28 09:21:44.0390 2688 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/08/28 09:21:44.0531 2688 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
2011/08/28 09:21:44.0642 2688 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/08/28 09:21:44.0697 2688 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\DRIVERS\serenum.sys
2011/08/28 09:21:44.0810 2688 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/08/28 09:21:44.0934 2688 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/08/28 09:21:45.0116 2688 SFEP (8b7c1768d2cde2e02e09a66563ddfd16) C:\Windows\system32\DRIVERS\SFEP.sys
2011/08/28 09:21:45.0216 2688 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/08/28 09:21:45.0250 2688 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/08/28 09:21:45.0302 2688 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/08/28 09:21:45.0409 2688 sfloppy (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/08/28 09:21:45.0486 2688 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/08/28 09:21:45.0600 2688 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/08/28 09:21:45.0712 2688 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/08/28 09:21:45.0873 2688 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/08/28 09:21:46.0057 2688 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/08/28 09:21:46.0183 2688 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/08/28 09:21:46.0315 2688 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
2011/08/28 09:21:46.0454 2688 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
2011/08/28 09:21:46.0597 2688 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/08/28 09:21:46.0720 2688 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/08/28 09:21:46.0838 2688 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/08/28 09:21:46.0945 2688 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/08/28 09:21:47.0056 2688 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/08/28 09:21:47.0196 2688 SynTP (99da94793332aadbb17bbb521ae56e21) C:\Windows\system32\DRIVERS\SynTP.sys
2011/08/28 09:21:47.0390 2688 Tcpip (2756186e287139310997090797e0182b) C:\Windows\system32\drivers\tcpip.sys
2011/08/28 09:21:47.0567 2688 Tcpip6 (2756186e287139310997090797e0182b) C:\Windows\system32\DRIVERS\tcpip.sys
2011/08/28 09:21:47.0689 2688 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/08/28 09:21:47.0797 2688 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/08/28 09:21:47.0903 2688 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/08/28 09:21:48.0038 2688 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/08/28 09:21:48.0164 2688 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/08/28 09:21:48.0319 2688 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/08/28 09:21:48.0438 2688 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/08/28 09:21:48.0478 2688 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/08/28 09:21:48.0587 2688 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/08/28 09:21:48.0739 2688 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/08/28 09:21:48.0977 2688 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/08/28 09:21:49.0102 2688 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/08/28 09:21:49.0234 2688 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/08/28 09:21:49.0371 2688 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/08/28 09:21:49.0527 2688 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/08/28 09:21:49.0670 2688 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/08/28 09:21:49.0773 2688 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/08/28 09:21:49.0903 2688 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/08/28 09:21:50.0034 2688 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/08/28 09:21:50.0140 2688 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/08/28 09:21:50.0207 2688 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/08/28 09:21:50.0327 2688 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/08/28 09:21:50.0449 2688 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/08/28 09:21:50.0552 2688 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/08/28 09:21:50.0683 2688 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/08/28 09:21:50.0916 2688 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/08/28 09:21:51.0019 2688 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/08/28 09:21:51.0157 2688 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/08/28 09:21:51.0321 2688 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/08/28 09:21:51.0440 2688 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/08/28 09:21:51.0484 2688 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/08/28 09:21:51.0630 2688 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/08/28 09:21:51.0772 2688 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/08/28 09:21:51.0902 2688 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/08/28 09:21:52.0071 2688 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/08/28 09:21:52.0177 2688 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/28 09:21:52.0209 2688 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/28 09:21:52.0336 2688 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/08/28 09:21:52.0456 2688 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/08/28 09:21:52.0623 2688 WimFltr (090a2b8f055343815556a01f725f6c35) C:\Windows\system32\DRIVERS\wimfltr.sys
2011/08/28 09:21:52.0767 2688 winachsf (5a77ac34a0ffb70ce8b35b524fede9ba) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/08/28 09:21:52.0972 2688 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
2011/08/28 09:21:53.0154 2688 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/08/28 09:21:53.0312 2688 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/08/28 09:21:53.0449 2688 XAudio (88af537264f2b818da15479ceeaf5d7c) C:\Windows\system32\DRIVERS\xaudio.sys
2011/08/28 09:21:53.0602 2688 yukonwlh (7d4cca3659fa0780603206e3d12a993f) C:\Windows\system32\DRIVERS\yk60x86.sys
2011/08/28 09:21:53.0711 2688 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
2011/08/28 09:21:53.0736 2688 Boot (0x1200) (a2859e95bafbc61a14f77f71dd76243a) \Device\Harddisk0\DR0\Partition0
2011/08/28 09:21:53.0752 2688 ================================================================================
2011/08/28 09:21:53.0753 2688 Scan finished
2011/08/28 09:21:53.0753 2688 ================================================================================
2011/08/28 09:21:53.0775 2944 Detected object count: 0
2011/08/28 09:21:53.0775 2944 Actual detected object count: 0
juliend
Regular Member
 
Posts: 17
Joined: March 27th, 2010, 10:01 am

Re: Internet seems to be hijacked on my computer

Unread postby askey127 » August 28th, 2011, 8:37 am

juliend,
I notice the Hauwei software.
Tell me what is your relation or use of the company.

----------------------------------------------
Perform a Custom Fix with OTL
Run OTL (Right click and choose "Run as administrator" in Vista/Win7)
  • Under the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box:
    Code: Select all
    :processes
    killallprocesses
    
    :OTL
    IE - HKU\S-1-5-21-3181071557-3652069577-897653104-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain ... &bmod=EU01
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Home\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Home\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
    O3 - HKU\S-1-5-21-3181071557-3652069577-897653104-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
    [Reboot]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
--------------------------------------------------------
Download and Install the newest version of Adobe Reader for reading pdf files, due to the vulnerabilities in earlier versions.
All versions numbered lower than 10.0 are vulnerable.
Go HERE and click on AdbeRdr1001_en_US.exe to download the latest version of Adobe Acrobat Reader.
Save this file to your desktop and run it to install the latest version of Adobe Reader.

After the new Reader is installed, Open Adobe Reader X. (Right click and Run as administrator in Vista/Win7)
OK the license.
Click on Edit and select Preferences.
On the Left, click on the Javascript category and Uncheck Enable Acrobat Javascript.
Click on the Security (Enhanced) category and Uncheck Automatically trust sites from my Win OS security zones.
Click on the Trust Manager category and Uncheck Allow opening of non-PDF file attachments with external applications.
Click the OK button
When it finishes, you can remove the Installer from your desktop.
-----------------------------------------------
Update and Scan with Antivir
Right click the red umbrella icon and choose Start Antivir.
When the window comes up click Start Update.
When the update is complete, click on Scan System Now.
This full scan could take a hour or more.
It will ask what to do with any item it finds.
IMPORTANT >> tell it to DELETE or QUARANTINE any items it finds.
-----------------------------------------------
Get Last Avira Report
Right click the red umbrella icon in the system tray and click Start Antivir
In the left pane, click Overview, then click Reports
There wil be reports titled Update and reports titled Scan. Find the most recent report in the list titled Scan
Click on the Report File button, or Right click the report and choose Display Report.
The report contents will come up in Notepad. Highlight the entire report (Ctrl+A) and copy to the clipboard (Ctrl+C).
Paste the contents (Ctrl+V) into your next reply.

So we are looking for info about Hauwei, The latest log OTL.txt, and the Avira log.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Internet seems to be hijacked on my computer

Unread postby juliend » August 28th, 2011, 9:48 am

askey127,

I have one question before I proceed to the OTL actions: should I leave the defaults options as they are, or should I use the same options as previously mentioned (scan all users...)?
I noticed that OTL reverted to defaults options when I started it again.

Thank you for your confirmation!
juliend
Regular Member
 
Posts: 17
Joined: March 27th, 2010, 10:01 am

Re: Internet seems to be hijacked on my computer

Unread postby askey127 » August 28th, 2011, 10:26 am

After you do the "Run Fix", you can just do a Quick Scan, and don't need to check anything else.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Internet seems to be hijacked on my computer

Unread postby juliend » August 29th, 2011, 9:11 am

askey127,

I tried many times from Chrome and Internet Explorer, but could not access the link to Adobe ftp as instructed.

I went through the official Adobe website
http://get.adobe.com/reader/download/?i ... ser=Chrome

and downloaded the installer automatically presented to me by Adobe:
install_reader10_en_air_mssd_aih.exe

Could you please confirm this is OK to install, or should I try another method?

I apologize for the mutliple questions - I prefer to make sure I follow your instructions as close as possible.
juliend
Regular Member
 
Posts: 17
Joined: March 27th, 2010, 10:01 am

Re: Internet seems to be hijacked on my computer

Unread postby askey127 » August 29th, 2011, 1:27 pm

Ask whatever questions you want. That's why we are here.

It's OK to use that installer.
Be careful to UNCHECK any extra items offered as optional in the installation.

That's the only difference in the two links. The one I gave you first has only the installer for Reader, with no extras.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Internet seems to be hijacked on my computer

Unread postby juliend » August 30th, 2011, 3:43 pm

askey127
sorry for keeping you waiting, it took time but I did all the steps.

Huawei
This is my internet connection, called EMOBILE, a device plugged in by USB
Huawei Mobile Connect is a 3G network card.

OTL.txt

OTL logfile created on: 29/08/2011 07:19:10 - Run 3
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Users\Home\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.87 Gb Total Physical Memory | 1.81 Gb Available Physical Memory | 63.00% Memory free
5.96 Gb Paging File | 4.96 Gb Available in Paging File | 83.28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.11 Gb Total Space | 113.40 Gb Free Space | 50.83% Space Free | Partition Type: NTFS
Drive H: | 34.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: SONYNS30E | User Name: Home | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/27 10:55:11 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Home\Desktop\OTL.exe
PRC - [2011/07/13 20:03:38 | 000,664,192 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Japanese Input\GoogleIMEJaCacheService.exe
PRC - [2011/07/09 17:43:15 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/03/28 16:15:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/03/28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/28 16:15:29 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/09/01 18:04:12 | 005,517,312 | ---- | M] (ExtraSpy Software) -- C:\Program Files\True Time Tracker\TTT.exe
PRC - [2010/04/09 13:37:34 | 001,459,568 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
PRC - [2010/04/09 13:37:34 | 000,722,288 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update 5\VUAgent.exe
PRC - [2010/03/05 00:00:00 | 000,843,264 | ---- | M] (CITIZEN SYSTEMS JAPAN Co.,Ltd.) -- C:\Program Files\CITIZEN-SYSTEMS\pebNote\bin\PEBCOM.exe
PRC - [2009/04/11 15:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/06 03:47:40 | 000,313,264 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2009/03/06 03:47:40 | 000,192,512 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2009/03/06 03:47:40 | 000,069,632 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
PRC - [2009/03/06 03:41:58 | 005,189,992 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
PRC - [2009/01/20 08:43:04 | 000,394,536 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
PRC - [2009/01/20 04:49:20 | 000,203,624 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2009/01/20 04:49:20 | 000,112,488 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2008/12/22 13:55:06 | 000,303,104 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Network Utility\NSUService.exe
PRC - [2008/12/20 07:02:08 | 001,771,368 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
PRC - [2008/12/20 07:02:08 | 000,415,592 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe
PRC - [2008/12/19 02:53:50 | 000,317,288 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\ISB Utility\ISBMgr.exe
PRC - [2008/09/19 02:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
PRC - [2008/01/21 11:24:05 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iashost.exe


========== Modules (No Company Name) ==========

MOD - [2011/08/20 13:56:40 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\2ba816b41a3f13685fd28d2ad50970ec\System.IdentityModel.Selectors.ni.dll
MOD - [2011/08/20 13:56:38 | 001,070,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\21c45e88bbc379aaed3baadd0bd14a8b\System.IdentityModel.ni.dll
MOD - [2011/08/20 13:56:37 | 002,346,496 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\9ea6cff5cccb649eb8ad7cc6e3f03c88\System.Runtime.Serialization.ni.dll
MOD - [2011/08/20 13:56:33 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\ca54e016986a14796591228eaa80cce1\SMDiagnostics.ni.dll
MOD - [2011/08/20 13:56:32 | 017,404,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\beab37721e12fef7fc1e8f2ff130fa31\System.ServiceModel.ni.dll
MOD - [2011/08/20 13:55:00 | 011,804,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5aa9131000876de66160ff713b543d99\System.Web.ni.dll
MOD - [2011/08/20 13:54:09 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\29c6ef7f07d89496c72a1bbf718aed5d\System.Configuration.ni.dll
MOD - [2011/08/20 09:00:17 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\4c3cda96b8f12220da20f2f8d1b9439c\System.Xml.ni.dll
MOD - [2011/08/20 08:59:45 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c50d9d540acecdef29c31201e203a331\System.Windows.Forms.ni.dll
MOD - [2011/08/20 08:59:33 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\d8d83838f9840bde901df516ba3de588\System.Drawing.ni.dll
MOD - [2011/08/20 08:58:05 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b9ea0d414c4861120bfb7365d8ec0939\System.ni.dll
MOD - [2011/08/19 03:07:13 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f6deb187f24bb3185841092b89fbfdbb\mscorlib.ni.dll
MOD - [2010/04/02 18:03:56 | 000,321,536 | ---- | M] () -- C:\Program Files\True Time Tracker\sqlite36_engine.dll
MOD - [2009/03/05 06:35:58 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\SPMDam\3.1.0.6020__1b3c579b6925895f\SPMDam.dll
MOD - [2009/03/05 06:35:56 | 000,086,016 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\SPMCommon\3.1.0.6020__e3c7096ba83f9295\SPMCommon.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/07/13 20:03:38 | 000,664,192 | ---- | M] (Google Inc.) [Auto | Running] -- C:\Program Files\Google\Google Japanese Input\GoogleIMEJaCacheService.exe -- (GoogleIMEJaCacheService)
SRV - [2011/07/09 17:43:15 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/03/28 16:15:40 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/04/22 02:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/04/22 02:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/04/09 13:37:34 | 000,722,288 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Update 5\VUAgent.exe -- (VUAgent)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/04/11 15:28:17 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2009/03/06 03:47:40 | 000,313,264 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2009/03/06 03:47:40 | 000,192,512 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2009/03/06 03:47:40 | 000,069,632 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2009/03/06 03:41:58 | 005,189,992 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2009/01/21 03:56:06 | 000,120,104 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2009/01/21 03:52:18 | 000,091,432 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe -- (SOHPlMgr)
SRV - [2009/01/21 03:51:48 | 000,075,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2009/01/21 03:51:18 | 000,390,440 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)
SRV - [2009/01/21 03:50:48 | 000,070,952 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe -- (SOHDBSvr)
SRV - [2009/01/20 08:43:04 | 000,394,536 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2009/01/20 04:49:20 | 000,203,624 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2009/01/17 13:59:08 | 000,083,240 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper)
SRV - [2008/12/22 13:55:06 | 000,303,104 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\Network Utility\NSUService.exe -- (NSUService)
SRV - [2008/12/20 07:02:08 | 000,415,592 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV - [2008/09/19 02:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2008/01/21 11:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/06/07 09:50:14 | 000,538,096 | ---- | M] ( ) [Disabled | Stopped] -- C:\Windows\System32\dlbtcoms.exe -- (dlbt_device)
SRV - [2007/01/05 11:48:50 | 000,112,152 | ---- | M] (InterVideo) [Disabled | Stopped] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV - [2011/07/09 17:43:16 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/07/09 17:43:16 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/08/27 13:53:46 | 000,116,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2010/08/07 17:48:42 | 000,106,880 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2010/07/27 15:25:48 | 000,072,832 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2010/07/27 09:52:02 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/03/20 12:06:58 | 000,011,136 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_usbenumfilter.sys -- (ew_usbenumfilter)
DRV - [2009/01/07 05:14:38 | 003,847,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/11/25 16:41:52 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
DRV - [2008/11/19 09:08:46 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
DRV - [2008/10/23 09:02:29 | 000,937,984 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/10/23 09:02:23 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\risdptsk.sys -- (risdptsk)
DRV - [2008/10/23 09:02:02 | 000,068,608 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008/06/07 09:02:55 | 000,131,000 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2008/04/25 06:06:40 | 000,017,920 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV - [2008/03/12 20:51:52 | 000,057,536 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2008/03/12 20:50:02 | 000,072,000 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2008/01/25 11:14:25 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/04/18 12:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Home\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Home\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Home\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)



O1 HOSTS File: ([2011/04/20 20:52:56 | 000,000,734 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [PEBCOM] C:\Program Files\CITIZEN-SYSTEMS\pebNote\bin\PEBCOM.exe (CITIZEN SYSTEMS JAPAN Co.,Ltd.)
O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] File not found
O4 - HKCU..\Run: [Mobile Partner] C:\Program Files\EMOBILE HW Utility\EMOBILE HW Utility.exe ()
O4 - HKCU..\Run: [PTT] C:\Program Files\True Time Tracker\ttt.exe (ExtraSpy Software)
O4 - HKCU..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O8 - Extra context menu item: Add to Evernote - C:\Program Files\Evernote\Evernote3\enbar.dll (Evernote Corporation)
O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Program Files\Evernote\Evernote3\enbar.dll (Evernote Corporation)
O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Program Files\Evernote\Evernote3\enbar.dll (Evernote Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: thebigword.com ([citrix2] https in Trusted sites)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.56.4.52
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Users\Home\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Home\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 06:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/08/20 01:43:30 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.) - H:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2008/07/30 19:53:02 | 000,000,045 | R--- | M] () - H:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{14d4212b-5d22-11e0-a18b-dbc2a410f651}\Shell - "" = AutoRun
O33 - MountPoints2\{14d4212b-5d22-11e0-a18b-dbc2a410f651}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{1e773af7-75d2-11df-b6fa-001dbaf2c4f7}\Shell - "" = AutoRun
O33 - MountPoints2\{1e773af7-75d2-11df-b6fa-001dbaf2c4f7}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{1e773b03-75d2-11df-b6fa-001dbaf2c4f7}\Shell - "" = AutoRun
O33 - MountPoints2\{1e773b03-75d2-11df-b6fa-001dbaf2c4f7}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{32bd8a29-4f65-11e0-99aa-81095e46ae6f}\Shell - "" = AutoRun
O33 - MountPoints2\{32bd8a29-4f65-11e0-99aa-81095e46ae6f}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{348cebbf-4f6b-11e0-b493-cbcffc501f69}\Shell - "" = AutoRun
O33 - MountPoints2\{348cebbf-4f6b-11e0-b493-cbcffc501f69}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{348cebc7-4f6b-11e0-b493-cbcffc501f69}\Shell - "" = AutoRun
O33 - MountPoints2\{348cebc7-4f6b-11e0-b493-cbcffc501f69}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{4454023d-4f62-11e0-aabb-ea4d24e9dc6f}\Shell - "" = AutoRun
O33 - MountPoints2\{4454023d-4f62-11e0-aabb-ea4d24e9dc6f}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{52f28007-006a-11e0-8bbe-001dbaf2c4f7}\Shell\AutoRun\command - "" = G:\wubi.exe --cdmenu
O33 - MountPoints2\{560cd788-4de8-11e0-b1ef-fb48cbbb4e6c}\Shell - "" = AutoRun
O33 - MountPoints2\{560cd788-4de8-11e0-b1ef-fb48cbbb4e6c}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{560cd798-4de8-11e0-b1ef-fb48cbbb4e6c}\Shell - "" = AutoRun
O33 - MountPoints2\{560cd798-4de8-11e0-b1ef-fb48cbbb4e6c}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{5e7b60fa-9a0f-11de-9d82-001dbaf2c4f7}\Shell\AutoRun\command - "" = G:\Supercharge.bat
O33 - MountPoints2\{5e7b60fa-9a0f-11de-9d82-001dbaf2c4f7}\Shell\TGSC\command - "" = G:\Supercharge.bat
O33 - MountPoints2\{6842c48d-4ee2-11e0-97c3-a0e7db342d54}\Shell - "" = AutoRun
O33 - MountPoints2\{6842c48d-4ee2-11e0-97c3-a0e7db342d54}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{69b3efcb-5db8-11e0-9762-ad0ed5c1d5f6}\Shell - "" = AutoRun
O33 - MountPoints2\{69b3efcb-5db8-11e0-9762-ad0ed5c1d5f6}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{74a7a545-8b76-11e0-8ee0-dad57e0a6f96}\Shell - "" = AutoRun
O33 - MountPoints2\{74a7a545-8b76-11e0-8ee0-dad57e0a6f96}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{78a01ebf-4f72-11e0-9059-8a48478e3a69}\Shell - "" = AutoRun
O33 - MountPoints2\{78a01ebf-4f72-11e0-9059-8a48478e3a69}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{c7ed10e3-8057-11df-a319-001dbaf2c4f7}\Shell - "" = AutoRun
O33 - MountPoints2\{c7ed10e3-8057-11df-a319-001dbaf2c4f7}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{d7b57073-69f5-11df-bcfd-86ebcb39b94b}\Shell - "" = AutoRun
O33 - MountPoints2\{d7b57073-69f5-11df-bcfd-86ebcb39b94b}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{d7b57075-69f5-11df-bcfd-86ebcb39b94b}\Shell - "" = AutoRun
O33 - MountPoints2\{d7b57075-69f5-11df-bcfd-86ebcb39b94b}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{f7cb6fd2-67fc-11df-8517-001dbaf2c4f7}\Shell - "" = AutoRun
O33 - MountPoints2\{f7cb6fd2-67fc-11df-8517-001dbaf2c4f7}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{f7cb6fee-67fc-11df-8517-001dbaf2c4f7}\Shell - "" = AutoRun
O33 - MountPoints2\{f7cb6fee-67fc-11df-8517-001dbaf2c4f7}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{fd4ff810-5c1a-11e0-a009-8d1c78125e6f}\Shell - "" = AutoRun
O33 - MountPoints2\{fd4ff810-5c1a-11e0-a009-8d1c78125e6f}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{fd4ff83c-5c1a-11e0-a009-9d7832926a48}\Shell - "" = AutoRun
O33 - MountPoints2\{fd4ff83c-5c1a-11e0-a009-9d7832926a48}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- [2010/08/20 01:43:30 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/29 07:09:26 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/08/28 19:30:37 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{63B3064D-4D5D-4BDB-995F-C923D03CCD4F}
[2011/08/28 19:30:27 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{16312C9E-B838-4357-A8E3-4EAB23832B4C}
[2011/08/28 09:04:09 | 001,406,768 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Home\Desktop\tdsskiller.exe
[2011/08/27 10:54:54 | 000,000,000 | ---D | C] -- C:\Users\Home\Desktop\Wrong
[2011/08/27 10:36:14 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Home\Desktop\OTL.exe
[2011/08/27 08:31:30 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/08/21 21:01:12 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\Windows Live Writer
[2011/08/21 21:01:12 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\Windows Live Writer
[2011/08/21 21:01:09 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{014FBF81-6C2F-4E64-97B9-F13CE7A05380}
[2011/08/21 09:13:30 | 000,607,017 | R--- | C] (Swearware) -- C:\Users\Home\Desktop\dds.scr
[2011/08/20 12:57:45 | 000,000,000 | ---D | C] -- C:\Users\Home\Documents\EMDB
[2011/08/20 12:57:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EMDB
[2011/08/20 12:57:42 | 000,000,000 | ---D | C] -- C:\Program Files\EMDB
[2011/08/20 12:57:13 | 000,000,000 | ---D | C] -- C:\Users\Home\emdb
[2011/08/20 12:36:25 | 000,000,000 | ---D | C] -- C:\Users\Home\Desktop\ToRead
[2011/08/01 10:31:15 | 000,000,000 | ---D | C] -- C:\Users\Home\M
[2011/07/31 22:41:19 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Local\{38048B5C-CD6C-4C28-847A-B4E99A6DEB53}
[2007/06/07 09:50:16 | 000,386,544 | ---- | C] ( ) -- C:\Windows\System32\dlbtih.exe
[2007/06/07 09:50:14 | 000,538,096 | ---- | C] ( ) -- C:\Windows\System32\dlbtcoms.exe
[2007/06/07 09:50:12 | 000,382,448 | ---- | C] ( ) -- C:\Windows\System32\dlbtcfg.exe
[2007/01/30 22:47:52 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\dlbtpmui.dll
[2007/01/30 22:46:00 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\dlbtserv.dll
[2007/01/30 22:38:18 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\dlbtcomm.dll
[2007/01/30 22:36:30 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\dlbtlmpm.dll
[2007/01/30 22:35:00 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\dlbtiesc.dll
[2007/01/30 22:32:06 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\dlbtpplc.dll
[2007/01/30 22:31:08 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\dlbtcomc.dll
[2007/01/30 22:30:30 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\dlbtprox.dll
[2007/01/30 22:22:32 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\dlbtinpa.dll
[2007/01/30 22:21:46 | 000,995,328 | ---- | C] ( ) -- C:\Windows\System32\dlbtusb1.dll
[2007/01/30 22:17:02 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\dlbthbn3.dll
[2 C:\Users\Home\AppData\Local\*.tmp files -> C:\Users\Home\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/29 07:19:06 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/29 07:12:52 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/29 07:12:32 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/29 07:12:32 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/29 07:12:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/29 07:10:42 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/08/29 07:09:05 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3181071557-3652069577-897653104-1000UA.job
[2011/08/28 22:32:14 | 000,858,542 | ---- | M] () -- C:\Users\Home\Desktop\do-your-work-dont-be-stupid-%21-1920x1200.jpg
[2011/08/28 22:22:29 | 000,729,354 | ---- | M] () -- C:\Users\Home\Desktop\body-language-attractiveness-lg.jpg
[2011/08/28 09:04:14 | 001,406,768 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Home\Desktop\tdsskiller.exe
[2011/08/28 08:59:39 | 000,002,609 | ---- | M] () -- C:\Users\Home\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2007.lnk
[2011/08/28 07:36:34 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3181071557-3652069577-897653104-1000Core.job
[2011/08/27 21:13:06 | 000,058,118 | ---- | M] () -- C:\Users\Home\Desktop\nel-75c.jpg
[2011/08/27 21:12:36 | 000,035,700 | ---- | M] () -- C:\Users\Home\Desktop\gundam-rose.jpg
[2011/08/27 20:29:20 | 003,721,078 | ---- | M] () -- C:\Users\Home\Desktop\Hey There Cthulhu- The Photomontage Video.mp3
[2011/08/27 20:23:37 | 007,033,405 | ---- | M] () -- C:\Users\Home\Desktop\download2 (1).php
[2011/08/27 20:22:40 | 007,033,405 | ---- | M] () -- C:\Users\Home\Desktop\download2.php
[2011/08/27 20:14:54 | 016,885,022 | ---- | M] () -- C:\Users\Home\Desktop\Blame Halo 3 - Spoof of Akon Sorry, Blame It On Me.flv
[2011/08/27 20:06:02 | 001,860,146 | ---- | M] () -- C:\Users\Home\Desktop\Japanese Anti Piracy Ad 2.flv
[2011/08/27 20:04:14 | 002,362,709 | ---- | M] () -- C:\Users\Home\Desktop\Japanese Anti Piracy Ad 1.flv
[2011/08/27 10:55:11 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Home\Desktop\OTL.exe
[2011/08/27 10:16:55 | 006,074,525 | ---- | M] () -- C:\Users\Home\Desktop\Hamlet.mp3.php
[2011/08/27 07:40:30 | 002,799,478 | ---- | M] () -- C:\Users\Home\Desktop\White Christmas Song Parody.mp3
[2011/08/27 07:24:24 | 003,317,747 | ---- | M] () -- C:\Users\Home\Desktop\Weird Al Yankovic.mp3
[2011/08/27 07:21:26 | 000,389,557 | ---- | M] () -- C:\Users\Home\Desktop\image.png
[2011/08/26 07:10:37 | 000,002,037 | ---- | M] () -- C:\Users\Home\Desktop\Google Chrome.lnk
[2011/08/26 07:10:37 | 000,001,999 | ---- | M] () -- C:\Users\Home\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/08/26 07:09:51 | 000,048,537 | ---- | M] () -- C:\Users\Home\Desktop\DSK_image.jpg
[2011/08/23 22:11:46 | 000,637,256 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/08/23 22:11:46 | 000,116,034 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/08/23 08:08:54 | 000,867,747 | ---- | M] () -- C:\Users\Home\Desktop\62848471-kanji-2.pdf
[2011/08/21 21:29:28 | 000,002,651 | ---- | M] () -- C:\Users\Home\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
[2011/08/21 15:07:29 | 000,208,171 | ---- | M] () -- C:\Users\Home\Desktop\AF102692134.PDF
[2011/08/21 15:07:23 | 000,193,804 | ---- | M] () -- C:\Users\Home\Desktop\AF102692116.PDF
[2011/08/21 15:07:14 | 000,290,935 | ---- | M] () -- C:\Users\Home\Desktop\AF102692107.PDF
[2011/08/21 09:13:38 | 000,607,017 | R--- | M] (Swearware) -- C:\Users\Home\Desktop\dds.scr
[2011/08/21 07:51:37 | 000,331,280 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/08/20 12:57:43 | 000,000,704 | ---- | M] () -- C:\Users\Home\Desktop\EMDB.lnk
[2011/08/12 02:16:47 | 000,097,280 | ---- | M] () -- C:\Users\Home\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/01 00:09:19 | 001,414,034 | ---- | M] () -- C:\Users\Home\Desktop\NetProspex_SocialBusinessReport_Summer2011.pdf
[2 C:\Users\Home\AppData\Local\*.tmp files -> C:\Users\Home\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/28 22:32:15 | 000,858,542 | ---- | C] () -- C:\Users\Home\Desktop\do-your-work-dont-be-stupid-%21-1920x1200.jpg
[2011/08/28 22:22:31 | 000,729,354 | ---- | C] () -- C:\Users\Home\Desktop\body-language-attractiveness-lg.jpg
[2011/08/27 21:13:07 | 000,058,118 | ---- | C] () -- C:\Users\Home\Desktop\nel-75c.jpg
[2011/08/27 21:12:39 | 000,035,700 | ---- | C] () -- C:\Users\Home\Desktop\gundam-rose.jpg
[2011/08/27 20:27:37 | 003,721,078 | ---- | C] () -- C:\Users\Home\Desktop\Hey There Cthulhu- The Photomontage Video.mp3
[2011/08/27 20:23:37 | 007,033,405 | ---- | C] () -- C:\Users\Home\Desktop\download2 (1).php
[2011/08/27 20:21:05 | 007,033,405 | ---- | C] () -- C:\Users\Home\Desktop\download2.php
[2011/08/27 20:09:27 | 016,885,022 | ---- | C] () -- C:\Users\Home\Desktop\Blame Halo 3 - Spoof of Akon Sorry, Blame It On Me.flv
[2011/08/27 20:05:54 | 001,860,146 | ---- | C] () -- C:\Users\Home\Desktop\Japanese Anti Piracy Ad 2.flv
[2011/08/27 20:04:05 | 002,362,709 | ---- | C] () -- C:\Users\Home\Desktop\Japanese Anti Piracy Ad 1.flv
[2011/08/27 10:11:38 | 006,074,525 | ---- | C] () -- C:\Users\Home\Desktop\Hamlet.mp3.php
[2011/08/27 07:40:16 | 002,799,478 | ---- | C] () -- C:\Users\Home\Desktop\White Christmas Song Parody.mp3
[2011/08/27 07:23:42 | 003,317,747 | ---- | C] () -- C:\Users\Home\Desktop\Weird Al Yankovic.mp3
[2011/08/27 07:21:24 | 000,389,557 | ---- | C] () -- C:\Users\Home\Desktop\image.png
[2011/08/26 07:09:55 | 000,048,537 | ---- | C] () -- C:\Users\Home\Desktop\DSK_image.jpg
[2011/08/23 08:08:50 | 000,867,747 | ---- | C] () -- C:\Users\Home\Desktop\62848471-kanji-2.pdf
[2011/08/21 15:07:30 | 000,208,171 | ---- | C] () -- C:\Users\Home\Desktop\AF102692134.PDF
[2011/08/21 15:07:23 | 000,193,804 | ---- | C] () -- C:\Users\Home\Desktop\AF102692116.PDF
[2011/08/21 15:07:16 | 000,290,935 | ---- | C] () -- C:\Users\Home\Desktop\AF102692107.PDF
[2011/08/20 12:57:43 | 000,000,704 | ---- | C] () -- C:\Users\Home\Desktop\EMDB.lnk
[2011/08/01 00:09:19 | 001,414,034 | ---- | C] () -- C:\Users\Home\Desktop\NetProspex_SocialBusinessReport_Summer2011.pdf
[2011/07/27 08:03:04 | 000,000,000 | ---- | C] () -- C:\Users\Home\AppData\Local\{7D902F3A-A7A0-4C37-8F91-681CC155B979}
[2011/06/15 07:29:14 | 000,000,000 | ---- | C] () -- C:\Users\Home\AppData\Local\{C0D80EB7-07E5-4EC6-A3F2-6C561B495077}
[2011/04/16 09:56:15 | 000,007,168 | ---- | C] () -- C:\Windows\System32\Dtctrace.dll
[2011/01/13 23:30:05 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010/03/27 08:36:15 | 000,000,036 | ---- | C] () -- C:\Users\Home\AppData\Local\housecall.guid.cache
[2010/03/22 03:06:22 | 000,000,680 | ---- | C] () -- C:\Users\Home\AppData\Local\d3d9caps.dat
[2009/10/26 04:49:29 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2009/09/29 16:50:59 | 000,716,058 | ---- | C] () -- C:\Windows\System32\unins000.exe
[2009/09/29 16:50:59 | 000,032,024 | ---- | C] () -- C:\Windows\System32\unins000.dat
[2009/09/12 11:30:02 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/12 11:30:02 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/12 07:15:09 | 000,097,280 | ---- | C] () -- C:\Users\Home\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/10 06:19:50 | 000,024,206 | ---- | C] () -- C:\Users\Home\AppData\Roaming\UserTile.png
[2009/09/07 00:55:43 | 000,000,000 | ---- | C] () -- C:\Windows\ka.ini
[2009/09/06 20:45:24 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/08/03 23:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 23:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/03/31 06:52:01 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2009/03/05 02:47:58 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/03/05 01:57:25 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/03/05 01:31:17 | 002,192,024 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2009/03/05 01:31:17 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1511.dll
[2009/03/05 01:31:16 | 000,492,496 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2009/03/05 01:31:16 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2009/03/05 01:30:31 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2009/03/05 01:30:25 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2009/03/05 01:30:25 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2009/03/05 01:30:24 | 000,174,819 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009/03/05 01:30:24 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2007/02/19 15:20:28 | 000,106,496 | ---- | C] () -- C:\Windows\System32\dlbtinsr.dll
[2007/02/19 15:20:24 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dlbtcur.dll
[2007/02/19 15:20:02 | 000,135,168 | ---- | C] () -- C:\Windows\System32\dlbtjswr.dll
[2007/02/19 15:17:06 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dlbtinsb.dll
[2007/02/19 15:17:00 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dlbtcub.dll
[2007/02/19 15:16:52 | 000,073,728 | ---- | C] () -- C:\Windows\System32\dlbtcu.dll
[2007/02/19 15:16:48 | 000,159,744 | ---- | C] () -- C:\Windows\System32\dlbtins.dll
[2007/02/19 15:15:34 | 000,434,176 | ---- | C] () -- C:\Windows\System32\dlbtutil.dll
[2007/02/08 01:57:16 | 000,344,064 | ---- | C] () -- C:\Windows\System32\dlbtcoin.dll
[2007/01/22 15:18:28 | 000,069,632 | ---- | C] () -- C:\Windows\System32\dlbtcfg.dll
[2006/11/02 21:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 21:47:37 | 000,331,280 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 21:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 19:33:01 | 000,637,256 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 19:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 19:33:01 | 000,116,034 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 19:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 19:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 17:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 17:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 16:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 16:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005/08/18 18:26:46 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dlbtvs.dll
[2005/05/25 21:07:26 | 000,061,440 | ---- | C] () -- C:\Windows\System32\dlbtcnv4.dll

========== LOP Check ==========

[2010/10/23 04:18:28 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Amazon
[2010/10/28 22:55:46 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\app.jbbres.com
[2011/06/12 21:21:48 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Audacity
[2010/03/24 07:52:54 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\AVG9
[2011/02/03 00:22:22 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\com.focusboosterapp.focusbooster.8E5F79C899747AD22E21DB62AA496926DA6BBC64.1
[2010/04/03 03:17:29 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Desktopicon
[2011/01/13 23:40:15 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\DiskSpaceFan
[2010/10/28 21:34:03 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\HamsterSoft
[2009/10/30 08:21:12 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\ICAClient
[2009/09/10 06:19:49 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\PeerNetworking
[2010/08/29 19:57:58 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2011/08/21 21:01:12 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\Windows Live Writer
[2011/08/29 07:10:42 | 000,032,532 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >



Avira log.



Avira AntiVir Personal
Report file date: 30 August 2011 07:41

Scanning for 3310245 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows Vista
Windows version : (Service Pack 2) [6.0.6002]
Boot mode : Normally booted
Username : SYSTEM
Computer name : SONYNS30E

Version information:
BUILD.DAT : 10.2.0.700 35934 Bytes 21/07/2011 17:12:00
AVSCAN.EXE : 10.3.0.7 484008 Bytes 09/07/2011 08:43:15
AVSCAN.DLL : 10.0.5.0 47464 Bytes 09/07/2011 08:43:15
LUKE.DLL : 10.3.0.5 45416 Bytes 09/07/2011 08:43:16
LUKERES.DLL : 10.0.0.1 12648 Bytes 10/02/2010 15:40:49
AVSCPLR.DLL : 10.3.0.7 119656 Bytes 09/07/2011 08:43:16
AVREG.DLL : 10.3.0.9 88833 Bytes 17/07/2011 11:06:20
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 01:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 07:15:47
VBASE002.VDF : 7.11.3.0 1950720 Bytes 09/02/2011 07:15:47
VBASE003.VDF : 7.11.5.225 1980416 Bytes 07/04/2011 10:26:53
VBASE004.VDF : 7.11.8.178 2354176 Bytes 31/05/2011 12:36:16
VBASE005.VDF : 7.11.10.251 1788416 Bytes 07/07/2011 08:43:15
VBASE006.VDF : 7.11.13.60 6411776 Bytes 16/08/2011 14:24:06
VBASE007.VDF : 7.11.13.61 2048 Bytes 16/08/2011 14:24:06
VBASE008.VDF : 7.11.13.62 2048 Bytes 16/08/2011 14:24:06
VBASE009.VDF : 7.11.13.63 2048 Bytes 16/08/2011 14:24:06
VBASE010.VDF : 7.11.13.64 2048 Bytes 16/08/2011 14:24:07
VBASE011.VDF : 7.11.13.65 2048 Bytes 16/08/2011 14:24:07
VBASE012.VDF : 7.11.13.66 2048 Bytes 16/08/2011 14:24:07
VBASE013.VDF : 7.11.13.95 166400 Bytes 17/08/2011 14:24:09
VBASE014.VDF : 7.11.13.125 209920 Bytes 18/08/2011 03:38:39
VBASE015.VDF : 7.11.13.157 184832 Bytes 22/08/2011 22:39:12
VBASE016.VDF : 7.11.13.201 128000 Bytes 24/08/2011 22:39:13
VBASE017.VDF : 7.11.13.234 160768 Bytes 25/08/2011 22:39:14
VBASE018.VDF : 7.11.13.235 2048 Bytes 25/08/2011 22:39:14
VBASE019.VDF : 7.11.13.236 2048 Bytes 25/08/2011 22:39:14
VBASE020.VDF : 7.11.13.237 2048 Bytes 25/08/2011 22:39:15
VBASE021.VDF : 7.11.13.238 2048 Bytes 25/08/2011 22:39:15
VBASE022.VDF : 7.11.13.239 2048 Bytes 25/08/2011 22:39:16
VBASE023.VDF : 7.11.13.240 2048 Bytes 25/08/2011 22:39:16
VBASE024.VDF : 7.11.13.241 2048 Bytes 25/08/2011 22:39:16
VBASE025.VDF : 7.11.13.242 2048 Bytes 25/08/2011 22:39:17
VBASE026.VDF : 7.11.13.243 2048 Bytes 25/08/2011 22:39:17
VBASE027.VDF : 7.11.13.244 2048 Bytes 25/08/2011 22:39:18
VBASE028.VDF : 7.11.13.245 2048 Bytes 25/08/2011 22:39:18
VBASE029.VDF : 7.11.13.246 2048 Bytes 25/08/2011 22:39:18
VBASE030.VDF : 7.11.13.247 2048 Bytes 25/08/2011 22:39:19
VBASE031.VDF : 7.11.14.14 138240 Bytes 29/08/2011 22:39:20
Engineversion : 8.2.6.50
AEVDF.DLL : 8.1.2.1 106868 Bytes 28/03/2011 07:15:27
AESCRIPT.DLL : 8.1.3.76 1626490 Bytes 29/08/2011 22:39:29
AESCN.DLL : 8.1.7.2 127349 Bytes 28/03/2011 07:15:27
AESBX.DLL : 8.2.1.34 323957 Bytes 02/06/2011 12:36:39
AERDL.DLL : 8.1.9.13 639349 Bytes 17/07/2011 11:06:13
AEPACK.DLL : 8.2.10.9 684406 Bytes 29/08/2011 22:39:28
AEOFFICE.DLL : 8.1.2.13 201083 Bytes 28/07/2011 22:45:19
AEHEUR.DLL : 8.1.2.161 3641720 Bytes 29/08/2011 22:39:27
AEHELP.DLL : 8.1.17.7 254327 Bytes 28/07/2011 22:44:44
AEGEN.DLL : 8.1.5.9 401780 Bytes 29/08/2011 22:39:23
AEEMU.DLL : 8.1.3.0 393589 Bytes 28/03/2011 07:15:19
AECORE.DLL : 8.1.23.0 196983 Bytes 29/08/2011 22:39:22
AEBB.DLL : 8.1.1.0 53618 Bytes 28/03/2011 07:15:19
AVWINLL.DLL : 10.0.0.0 19304 Bytes 28/03/2011 07:15:31
AVPREF.DLL : 10.0.3.2 44904 Bytes 09/07/2011 08:43:15
AVREP.DLL : 10.0.0.10 174120 Bytes 18/05/2011 15:00:43
AVARKT.DLL : 10.0.26.1 255336 Bytes 09/07/2011 08:43:15
AVEVTLOG.DLL : 10.0.0.9 203112 Bytes 09/07/2011 08:43:15
SQLITE3.DLL : 3.6.19.0 355688 Bytes 17/06/2010 06:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 28/03/2011 07:15:30
NETNT.DLL : 10.0.0.0 11624 Bytes 28/03/2011 07:15:39
RCIMAGE.DLL : 10.0.0.35 2589544 Bytes 09/07/2011 08:43:15
RCTEXT.DLL : 10.0.64.0 97640 Bytes 09/07/2011 08:43:15

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: Default
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: Advanced

Start of the scan: 30 August 2011 07:41

Starting search for hidden objects.

The scan of running processes will be started
Scan process 'svchost.exe' - '30' Module(s) have been scanned
Scan process 'vssvc.exe' - '49' Module(s) have been scanned
Scan process 'avscan.exe' - '82' Module(s) have been scanned
Scan process 'avscan.exe' - '28' Module(s) have been scanned
Scan process 'avnotify.exe' - '98' Module(s) have been scanned
Scan process 'avcenter.exe' - '73' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '60' Module(s) have been scanned
Scan process 'conime.exe' - '25' Module(s) have been scanned
Scan process 'NOTEPAD.EXE' - '31' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '64' Module(s) have been scanned
Scan process 'wmpnscfg.exe' - '34' Module(s) have been scanned
Scan process 'svchost.exe' - '21' Module(s) have been scanned
Scan process 'TTT.exe' - '63' Module(s) have been scanned
Scan process 'avgnt.exe' - '66' Module(s) have been scanned
Scan process 'PEBCOM.exe' - '48' Module(s) have been scanned
Scan process 'ISBMgr.exe' - '39' Module(s) have been scanned
Scan process 'hkcmd.exe' - '28' Module(s) have been scanned
Scan process 'igfxpers.exe' - '29' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '33' Module(s) have been scanned
Scan process 'VAIOUpdt.exe' - '55' Module(s) have been scanned
Scan process 'taskeng.exe' - '29' Module(s) have been scanned
Scan process 'SPMgr.exe' - '88' Module(s) have been scanned
Scan process 'Explorer.EXE' - '168' Module(s) have been scanned
Scan process 'igfxsrvc.exe' - '25' Module(s) have been scanned
Scan process 'taskeng.exe' - '85' Module(s) have been scanned
Scan process 'Dwm.exe' - '32' Module(s) have been scanned
Scan process 'taskeng.exe' - '49' Module(s) have been scanned
Scan process 'iashost.exe' - '37' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '33' Module(s) have been scanned
Scan process 'WUDFHost.exe' - '33' Module(s) have been scanned
Scan process 'WLIDSvcM.exe' - '16' Module(s) have been scanned
Scan process 'WLIDSVC.EXE' - '72' Module(s) have been scanned
Scan process 'svchost.exe' - '37' Module(s) have been scanned
Scan process 'VzCdbSvc.exe' - '29' Module(s) have been scanned
Scan process 'VUAgent.exe' - '39' Module(s) have been scanned
Scan process 'VCSW.exe' - '39' Module(s) have been scanned
Scan process 'VcmIAlzMgr.exe' - '49' Module(s) have been scanned
Scan process 'VCFw.exe' - '68' Module(s) have been scanned
Scan process 'igfxsrvc.exe' - '25' Module(s) have been scanned
Scan process 'igfxext.exe' - '19' Module(s) have been scanned
Scan process 'DllHost.exe' - '31' Module(s) have been scanned
Scan process 'VESMgrSub.exe' - '65' Module(s) have been scanned
Scan process 'DllHost.exe' - '31' Module(s) have been scanned
Scan process 'SPMService.exe' - '91' Module(s) have been scanned
Scan process 'VESMgr.exe' - '72' Module(s) have been scanned
Scan process 'VzHardwareResourceManager.exe' - '20' Module(s) have been scanned
Scan process 'uCamMonitor.exe' - '26' Module(s) have been scanned
Scan process 'svchost.exe' - '49' Module(s) have been scanned
Scan process 'svchost.exe' - '42' Module(s) have been scanned
Scan process 'avshadow.exe' - '33' Module(s) have been scanned
Scan process 'NSUService.exe' - '70' Module(s) have been scanned
Scan process 'GoogleIMEJaCacheService.exe' - '17' Module(s) have been scanned
Scan process 'svchost.exe' - '30' Module(s) have been scanned
Scan process 'svchost.exe' - '44' Module(s) have been scanned
Scan process 'avguard.exe' - '75' Module(s) have been scanned
Scan process 'svchost.exe' - '57' Module(s) have been scanned
Scan process 'sched.exe' - '56' Module(s) have been scanned
Scan process 'spoolsv.exe' - '91' Module(s) have been scanned
Scan process 'svchost.exe' - '97' Module(s) have been scanned
Scan process 'svchost.exe' - '87' Module(s) have been scanned
Scan process 'SLsvc.exe' - '23' Module(s) have been scanned
Scan process 'svchost.exe' - '37' Module(s) have been scanned
Scan process 'svchost.exe' - '165' Module(s) have been scanned
Scan process 'svchost.exe' - '116' Module(s) have been scanned
Scan process 'svchost.exe' - '64' Module(s) have been scanned
Scan process 'svchost.exe' - '35' Module(s) have been scanned
Scan process 'svchost.exe' - '40' Module(s) have been scanned
Scan process 'winlogon.exe' - '30' Module(s) have been scanned
Scan process 'lsm.exe' - '22' Module(s) have been scanned
Scan process 'lsass.exe' - '60' Module(s) have been scanned
Scan process 'services.exe' - '33' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'wininit.exe' - '26' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '630' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\Users\Home\AppData\Local\Microsoft\WLSetup\wlt5819.tmp
[0] Archive type: CAB (Microsoft)
--> WriterProdLang.7z
[1] Archive type: 7-Zip
--> WriterProdLang.cab
[2] Archive type: CAB (Microsoft)
--> writerprodlang.msi
[WARNING] The file could not be read!


End of the scan: 30 August 2011 10:16
Used time: 2:35:22 Hour(s)

The scan has been done completely.

21693 Scanned directories
446346 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
446346 Files not concerned
6669 Archives were scanned
1 Warnings
0 Notes
706848 Objects were scanned with rootkit scan
0 Hidden objects were found
juliend
Regular Member
 
Posts: 17
Joined: March 27th, 2010, 10:01 am

Re: Internet seems to be hijacked on my computer

Unread postby askey127 » August 30th, 2011, 5:57 pm

Looks pretty good to me.
How is it running?
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13906
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Internet seems to be hijacked on my computer

Unread postby juliend » August 31st, 2011, 9:30 am

Thank you indeed askey127, it seems to be running well now :-)

Do you have an idea what is the warning of Avira?
Begin scan in 'C:\'
C:\Users\Home\AppData\Local\Microsoft\WLSetup\wlt5819.tmp
[0] Archive type: CAB (Microsoft)
--> WriterProdLang.7z
[1] Archive type: 7-Zip
--> WriterProdLang.cab
[2] Archive type: CAB (Microsoft)
--> writerprodlang.msi
[WARNING] The file could not be read!
juliend
Regular Member
 
Posts: 17
Joined: March 27th, 2010, 10:01 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 85 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware