Jump to content


Photo

Fiefox Browser Hijacked


  • This topic is locked This topic is locked
32 replies to this topic

#1 goel

goel

    Member

  • Members
  • 60 posts
  • Gender:Male



Posted 27 April 2011 - 05:56 AM

Hello I have a SONY-VAIO VGN-Z750D laptop, running Windows 7 pro, 64 bit. When I search using the Firefox address bar, the search results appear, not from google.com but from www.search-results.com. Search-results.com does not exist in the list of my search providers. However if I search using the Internet Explorer address bar, then the results appear from google.com. Also laptop seems to be running slow. HJT log & DDS results are as below. Please help. Thanks Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:18:21, on 27/04/2011 Platform: Unknown Windows (WinNT 6.01.3505 SP1) MSIE: Internet Explorer v8.00 (8.00.7601.17514) Boot mode: Normal Running processes: C:\Program Files\Sony\VAIO Care\VCSpt.exe C:\Program Files (x86)\TouchFreeze\TouchFreeze.exe C:\Program Files (x86)\POP Peeper\POPPeeper.exe C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O1 - Hosts: ::1 localhost O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O4 - HKCU\..\Run: [TouchFreeze] C:\Program Files (x86)\TouchFreeze\TouchFreeze.exe O4 - HKCU\..\Run: [POP Peeper] "C:\Program Files (x86)\POP Peeper\POPPeeper.exe" -min O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware workstation\vsocklib.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware workstation\vsocklib.dll O13 - Gopher Prefix: O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: Intel® PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing) O23 - Service: IviRegMgr - InterVideo - c:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Qualcomm Gobi Download Service (QDLService) - QUALCOMM, Inc. - C:\QUALCOMM\QDLService\QDLService.exe O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe O23 - Service: VAIO Media plus Database Manager (SOHDBSvr) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe O23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe O23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe O23 - Service: VAIO Media plus Playlist Manager (SOHPlMgr) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 13265 bytes ******************************************************* . DDS (Ver_11-03-05.01) - NTFS_AMD64 Run by SJGOEL at 13:44:09.51 on 27/04/2011 Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_24 Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.4027.2083 [GMT 3:00] . AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1} SP: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\Protector Suite\upeksvr.exe C:\Windows\system32\WLANExt.exe C:\Windows\system32\conhost.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Bonjour\mDNSResponder.exe C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k HsfXAudioService C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Windows\system32\IProsetMonitor.exe c:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe C:\QUALCOMM\QDLService\QDLService.exe C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe C:\Windows\SysWOW64\DllHost.exe C:\Windows\SysWOW64\vmnat.exe C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe C:\Windows\SysWOW64\vmnetdhcp.exe C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Sony\VAIO Care\VCSpt.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files (x86)\TouchFreeze\TouchFreeze.exe C:\Program Files (x86)\POP Peeper\POPPeeper.exe C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files\Sony\VAIO Care\VCsystray.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\system32\notepad.exe C:\Windows\splwow64.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\SJGOEL\Desktop\dds.scr C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT mWinlogon: Userinit=userinit.exe BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll uRun: [TouchFreeze] C:\Program Files (x86)\TouchFreeze\TouchFreeze.exe uRun: [POP Peeper] "C:\Program Files (x86)\POP Peeper\POPPeeper.exe" -min mRun: [<NO NAME>] mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) mPolicies-system: DisableCAD = 1 (0x1) IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll LSP: C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} - hxxp://esupport.sony.com/VaioInfo.CAB DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://active.macromedia.com/flash2/cabs/swflash.cab Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll Notify: VESWinlogon - VESWinlogon.dll LSA: Notification Packages = scecli psqlpwd C:\Program Files\Protector Suite\psqlpwd.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File mRun-x64: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe mRun-x64: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\SJGOEL\AppData\Roaming\Mozilla\Firefox\Profiles\5u6g3uzl.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://search.hotspotshield.com/g/results.php?c=s&q= FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} FF - Ext: Exch: {a2e6849b-7584-11da-8cd6-0800200c9a66} - %profile%\extensions\{a2e6849b-7584-11da-8cd6-0800200c9a66} FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} FF - Ext: Table2Clipboard: {9ab67d74-ec41-4cb2-b417-df5d93ba1beb} - %profile%\extensions\{9ab67d74-ec41-4cb2-b417-df5d93ba1beb} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension . ============= SERVICES / DRIVERS =============== . R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-12-24 55280] R0 shpf;Sony HDD Protection Filter Driver;C:\Windows\System32\drivers\shpf.sys [2010-12-24 25120] R1 VWiFiFlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904] R2 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2010-9-3 170104] R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2010-11-4 810144] R2 epfwwfpr;epfwwfpr;C:\Windows\System32\drivers\epfwwfpr.sys [2010-7-29 126320] R2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-14 27136] R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2011-1-13 164008] R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2010-9-16 80896] R2 QDLService;Qualcomm Gobi Download Service;C:\QUALCOMM\QDLService\QDLService.exe [2009-8-6 345336] R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2011-4-10 199272] R2 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-12-24 120104] R2 SOHDBSvr;VAIO Media plus Database Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2010-12-24 70952] R2 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-12-24 427304] R2 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-12-24 75048] R2 SOHPlMgr;VAIO Media plus Playlist Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2010-12-24 91432] R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2010-12-24 104960] R2 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-7-22 642920] R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-11-11 539248] R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\System32\drivers\ArcSoftKsUFilter.sys [2010-12-24 19968] R3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2011-4-10 292864] R3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y62x64.sys [2010-4-7 290008] R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETwNs64.sys [2011-4-10 8500736] R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2010-7-26 12032] R3 SPI;Sony Programmable I/O Control Device;C:\Windows\System32\drivers\SonyPI.sys [2009-4-22 17536] R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-12-24 394536] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-14 17920] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 Roxio Upnp Server 10;Roxio Upnp Server 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-6-26 362992] S3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2010-4-14 54824] S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-12-26 35104] S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-1 33736] S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\System32\drivers\htcnprot.sys [2010-6-25 36928] S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-1-25 7675392] S3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw5v64.sys [2010-12-24 5435904] S3 pwdrvio;pwdrvio;C:\Windows\System32\pwdrvio.sys [2011-2-13 19936] S3 pwdspio;pwdspio;C:\Windows\System32\pwdspio.sys [2011-2-13 13280] S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-6-26 313840] S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-2-23 59392] S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-12-24 110376] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-12-24 1255736] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; [x] . =============== Created Last 30 ================ . 2011-04-27 10:18:05 -------- d-----w- C:\Program Files (x86)\Trend Micro 2011-04-23 04:13:40 8802128 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{CB553591-1402-4DC1-81D9-6D9C92BC6A6C}\mpengine.dll 2011-04-22 18:17:17 69632 ----a-r- C:\Users\SJGOEL\AppData\Roaming\Microsoft\Installer\{8BE666F4-DEFF-4FB7-9938-A7F808C82EF7}\BlackBerry.exe 2011-04-16 08:52:34 -------- d-----w- C:\Program Files (x86)\DiskInternals 2011-04-16 08:50:07 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll 2011-04-16 08:50:07 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll 2011-04-15 10:29:52 135568 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll 2011-04-14 18:55:02 -------- d-----w- C:\Program Files (x86)\WebSite X5 v8 - Evolution 2011-04-13 22:40:10 4284416 ----a-w- C:\Windows\SysWow64\GPhotos.scr 2011-04-12 18:29:53 467456 ----a-w- C:\Windows\System32\drivers\srv.sys 2011-04-12 09:15:43 -------- d-----w- C:\Users\SJGOEL\AppData\Local\Opera 2011-04-10 05:07:36 2152552 ----a-w- C:\Windows\System32\nvencodemft.dll 2011-04-10 05:07:31 1734248 ----a-w- C:\Windows\System32\nvcuvenc.dll 2011-04-10 05:07:25 183912 ----a-w- C:\Windows\System32\nvcod173.dll 2011-04-10 05:07:13 930272 ----a-w- C:\Windows\System32\dpinst.exe 2011-04-10 05:07:13 106008 ----a-w- C:\Windows\System32\difx64.exe 2011-04-10 04:47:59 799232 ----a-w- C:\Windows\System32\NETwNc64.dll 2011-04-10 04:47:59 439320 ----a-w- C:\Windows\System32\drivers\iaStor.sys 2011-04-10 04:47:59 436736 ----a-w- C:\Windows\SysWow64\XAudio64.dll 2011-04-10 04:47:59 2750464 ----a-w- C:\Windows\System32\NETwNr64.dll 2011-04-10 04:47:59 10240 ----a-w- C:\Windows\System32\drivers\XAudio64.sys 2011-04-10 04:47:58 740864 ----a-w- C:\Windows\System32\drivers\CAX_CNXT.sys 2011-04-10 04:47:58 394752 ----a-w- C:\Windows\System32\UCI64M41.dll 2011-04-10 04:47:58 292864 ----a-w- C:\Windows\System32\drivers\CAXHWAZL.sys 2011-04-10 04:47:58 1485824 ----a-w- C:\Windows\System32\drivers\CAX_DPV.sys 2011-04-10 04:29:12 -------- d-----w- C:\Users\SJGOEL\AppData\Local\Innovative Solutions 2011-04-10 04:29:12 -------- d-----w- C:\PROGRA~3\Innovative Solutions 2011-04-10 04:29:07 -------- d-----w- C:\Program Files (x86)\Innovative Solutions 2011-04-05 12:34:50 -------- d-----w- C:\Windows\XSxS 2011-04-05 12:31:35 -------- d-----w- C:\Program Files\Adobe Illustrator Lite 2011-04-05 11:33:37 -------- d-----w- C:\Users\SJGOEL\.webrenderer 2011-04-04 18:05:07 -------- d-----w- C:\Users\SJGOEL\AppData\Roaming\SUPERAntiSpyware.com 2011-04-04 18:05:07 -------- d-----w- C:\PROGRA~3\SUPERAntiSpyware.com 2011-04-01 13:06:12 -------- d-----w- C:\Users\SJGOEL\AppData\Roaming\CoreFTP 2011-04-01 13:05:35 -------- d-----w- C:\Program Files (x86)\CoreFTP 2011-04-01 12:24:56 -------- d-----w- C:\Program Files (x86)\Chami 2011-04-01 11:56:21 -------- d-----w- C:\Users\SJGOEL\AppData\Roaming\Nvu 2011-04-01 11:47:27 -------- d-----w- C:\Users\SJGOEL\AppData\Local\ESET 2011-03-31 06:36:25 552376 ----a-w- C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe 2011-03-31 06:36:25 25048 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browserdirprovider.dll 2011-03-31 06:36:25 140248 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\brwsrcmp.dll . ==================== Find3M ==================== . 2011-03-11 07:21:24 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2011-03-11 06:34:51 1359872 ----a-w- C:\Windows\System32\mfc42u.dll 2011-03-11 06:34:50 1395712 ----a-w- C:\Windows\System32\mfc42.dll 2011-03-11 05:33:59 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll 2011-03-11 05:33:59 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll 2011-03-08 06:29:32 976896 ----a-w- C:\Windows\System32\inetcomm.dll 2011-03-08 05:28:29 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll 2011-03-07 06:31:44 1188864 ----a-w- C:\Windows\System32\wininet.dll 2011-03-07 05:33:13 981504 ----a-w- C:\Windows\SysWow64\wininet.dll 2011-03-07 04:24:34 1638912 ----a-w- C:\Windows\System32\mshtml.tlb 2011-03-07 03:52:25 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2011-03-03 06:24:16 183296 ----a-w- C:\Windows\System32\dnsrslvr.dll 2011-03-03 06:21:57 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe 2011-03-03 05:36:16 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe 2011-03-03 03:52:08 3135488 ----a-w- C:\Windows\System32\win32k.sys 2011-02-24 15:21:10 2753512 ----a-w- C:\Windows\System32\drivers\RTKVHD64.sys 2011-02-23 08:36:22 175616 ----a-w- C:\Windows\System32\msclmd.dll 2011-02-23 08:36:22 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll 2011-02-23 04:56:31 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys 2011-02-23 04:56:03 411648 ----a-w- C:\Windows\System32\drivers\srv2.sys 2011-02-23 04:55:47 167936 ----a-w- C:\Windows\System32\drivers\srvnet.sys 2011-02-23 04:55:12 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys 2011-02-23 04:55:12 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys 2011-02-23 04:55:04 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys 2011-02-22 12:52:00 2075712 ----a-w- C:\Windows\System32\FMAPO64.dll 2011-02-22 10:20:24 820224 ----a-w- C:\Windows\System32\RCoRes64.dat 2011-02-22 08:16:26 2369128 ----a-w- C:\Windows\System32\RtPgEx64.dll 2011-02-19 12:05:15 1139200 ----a-w- C:\Windows\System32\FntCache.dll 2011-02-19 12:04:37 1544192 ----a-w- C:\Windows\System32\DWrite.dll 2011-02-19 12:04:17 902656 ----a-w- C:\Windows\System32\d2d1.dll 2011-02-19 12:03:46 46080 ----a-w- C:\Windows\System32\atmlib.dll 2011-02-19 09:00:32 367616 ----a-w- C:\Windows\System32\atmfd.dll 2011-02-19 06:30:51 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll 2011-02-19 06:30:50 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll 2011-02-19 06:30:46 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll 2011-02-19 04:34:54 294912 ----a-w- C:\Windows\SysWow64\atmfd.dll 2011-02-18 10:56:44 613376 ----a-w- C:\Windows\System32\vbscript.dll 2011-02-18 07:49:40 2839656 ----a-w- C:\Windows\System32\RtkAPO64.dll 2011-02-18 05:43:28 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll 2011-02-17 11:03:54 648296 ----a-w- C:\Windows\System32\RtkApi64.dll 2011-02-16 15:23:46 74240 ----a-w- C:\Windows\System32\drivers\RimUsb_AMD64.sys 2011-02-16 10:11:28 84072 ----a-w- C:\Windows\System32\RCoInst64.dll 2011-02-12 11:34:16 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe 2011-02-11 11:39:00 1247848 ----a-w- C:\Windows\System32\RTCOM64.dll 2011-02-05 17:10:16 642944 ----a-w- C:\Windows\System32\winload.efi 2011-02-05 17:10:08 20352 ----a-w- C:\Windows\System32\kdusb.dll 2011-02-05 17:10:08 19328 ----a-w- C:\Windows\System32\kd1394.dll 2011-02-05 17:10:08 17792 ----a-w- C:\Windows\System32\kdcom.dll 2011-02-05 17:06:41 605552 ----a-w- C:\Windows\System32\winload.exe 2011-02-05 17:06:41 566208 ----a-w- C:\Windows\System32\winresume.efi 2011-02-05 17:06:41 518672 ----a-w- C:\Windows\System32\winresume.exe 2011-02-02 15:11:20 270720 ------w- C:\Windows\System32\MpSigStub.exe . ============= FINISH: 13:44:56.21 =============== ***************

#2 JonTom

JonTom

    Trusted Malware Tech

  • Trusted Malware Techs
  • 2,999 posts
  • Gender:Male
  • Location:UK


Posted 29 April 2011 - 05:22 PM

Hello goel and :wp:

My name is JonTom

  • Malware Logs can sometimes take a lot of time to research and interpret.
  • Please be patient while I try to assist with your problem. If at any time you do not understand what is required, please ask for further explanation.
  • Please note that there is no "Quick Fix" to modern malware infections and we may need to use several different approaches to get your system clean.
  • Read every reply you receive carefully and thoroughly before carrying out the instructions. You may also find it helpful to print out the instructions you receive, as in some instances you may have to disconnect your computer from the Internet.
  • PLEASE NOTE: If you do not reply after 5 days your thread will be closed.

When you scanned your system with DDS, two logs would have been produced. You have posted the DDS.txt, but I also need to see the attach.txt.

Lets begin with the following:

  • Please download GooredFix by JPShortstuff


    • Please download GooredFix from one of the locations below and save it to your Desktop.

    Download Mirror #1
    Download Mirror #2

    • Ensure all Firefox windows are closed.
    • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista/Win7).
    • When prompted to run the scan, click Yes.
    • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

  • Please perform the following scan:


    • Please download MalwareBytes AntiMalware by clicking here and save the file (called mbam-setup.exe) to your desktop.

    • Right click on the mbam-setup.exe icon and select "Run as Administrator" to install the program.
    • Follow the prompts during installation and have the Installation Wizzard create a desktop icon.
    • Once installed, double click on the MalwareBytes AntiMalware icon to launch the program.
    • Click on the "Update" tab and then on "Check for Updates".
    • The program will now install the latest Malware definition files.
    • Once complete, click on the "Scanner" tab, select "Perform Quick Scan"and then click on "Scan".
    • Once the program has scanned your computer, a log file will be created in Notepad.
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.


    • If the scan detects any Malware-related objects, make sure that everything is checked, and click "Remove Selected" <– Very Important.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to restart your computer.
    • The log is automatically saved by MBAM and can be viewed by clicking the "Logs" tab.
    • Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart your computer, please do so immediately.
    • Come back here to this thread and Paste the log in your next reply.

    Please post the attach.txt, the GooredFix log and the MBAM log in your next reply.

Member of ASAP and UNITE
Proud Graduate of the WTT Classroom

#3 goel

goel

    Member

  • Members
  • 60 posts
  • Gender:Male



Posted 30 April 2011 - 12:13 AM

Dear JonTom, Thanks for your help. Below are the various logs: Malwarebytes found 'Spyware.Banker' which was removed. Problem persists. Thanks DDS ATTACH . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_11-03-05.01) . Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume2 Install Date: 24/12/2010 15:26:58 System Uptime: 30/04/2011 07:59:25 (1 hours ago) . Motherboard: Sony Corporation | | VAIO Processor: Intel® Core™2 Duo CPU P8800 @ 2.66GHz | N/A | 2667/266mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 287 GiB total, 109.536 GiB free. D: is CDROM () E: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: SASDIFSV Device ID: ROOT\LEGACY_SASDIFSV\0000 Manufacturer: Name: SASDIFSV PNP Device ID: ROOT\LEGACY_SASDIFSV\0000 Service: SASDIFSV . Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: SASKUTIL Device ID: ROOT\LEGACY_SASKUTIL\0000 Manufacturer: Name: SASKUTIL PNP Device ID: ROOT\LEGACY_SASKUTIL\0000 Service: SASKUTIL . Class GUID: Description: Bluetooth Peripheral Device Device ID: BTHENUM\{00001132-0000-1000-8000-00805F9B34FB}_LOCALMFG&000F\7&1D73BD4E&0&2CA8354BB0A6_C00000000 Manufacturer: Name: Bluetooth Peripheral Device PNP Device ID: BTHENUM\{00001132-0000-1000-8000-00805F9B34FB}_LOCALMFG&000F\7&1D73BD4E&0&2CA8354BB0A6_C00000000 Service: . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Bluetooth Device (Personal Area Network) Device ID: BTH\MS_BTHPAN\6&B8D5841&0&2 Manufacturer: Microsoft Name: Bluetooth Device (Personal Area Network) PNP Device ID: BTH\MS_BTHPAN\6&B8D5841&0&2 Service: BthPan . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Bluetooth Device (RFCOMM Protocol TDI) Device ID: BTH\MS_RFCOMM\6&B8D5841&0&0 Manufacturer: Microsoft Name: Bluetooth Device (RFCOMM Protocol TDI) PNP Device ID: BTH\MS_RFCOMM\6&B8D5841&0&0 Service: RFCOMM . ==== System Restore Points =================== . RP241: 27/04/2011 20:10:04 - Before uninstalling Network Stumbler 0.4.0 (remove only) RP242: 27/04/2011 20:11:17 - Before uninstalling HijackThis 2.0.2 RP243: 27/04/2011 20:11:41 - Installed inSSIDer 2.0 RP244: 27/04/2011 21:23:53 - Before uninstalling inSSIDer 2.0 RP245: 27/04/2011 21:24:04 - Removed inSSIDer 2.0 RP246: 27/04/2011 22:44:52 - Installed BlackBerry App World Browser Plugin RP247: 28/04/2011 09:14:13 - Windows Update RP248: 28/04/2011 09:27:33 - Windows Update . ==== Installed Programs ====================== . . Adobe Acrobat X Pro - English, Français, Deutsch Adobe AIR Adobe Anchor Service CS3 Adobe Asset Services CS3 Adobe Bridge CS3 Adobe Bridge Start Meeting Adobe Camera Raw 4.0 Adobe CMaps Adobe Color - Photoshop Specific Adobe Color Common Settings Adobe Color EU Extra Settings Adobe Color JA Extra Settings Adobe Color NA Recommended Settings Adobe Default Language CS3 Adobe Device Central CS3 Adobe ExtendScript Toolkit 2 Adobe Flash Player 10 Plugin Adobe Fonts All Adobe Help Viewer CS3 Adobe Linguistics CS3 Adobe PDF Library Files Adobe Photoshop CS3 Adobe Setup Adobe Stock Photos CS3 Adobe Type Support Adobe Update Manager CS3 Adobe Version Cue CS3 Client Adobe WinSoft Linguistics Plugin Adobe XMP Panels CS3 Angry Birds Application Manager for VAIO ArcSoft Magic-i Visual Effects 2 ArcSoft WebCam Companion 2 Ashampoo Burning Studio 10.0.7 µTorrent Auslogics BoostSpeed BB Boss version 2.2 BlackBerry App World Browser Plugin BlackBerry Desktop Software 6.0.2 BlackBerry Device Software v6.0.0 for the BlackBerry 9700 smartphone BS.Player PRO Click to Disc Click to Disc Editor CrackMem Create Recovery Disc Reminder D3DX10 Definition update for Microsoft Office 2010 (KB982726) DreamBoxEdit -- The one and only settings editor for your Dreambox DriverMax 5 ExtractNow Foxit Creator Foxit Reader Google Talk (remove only) HD Call Recorder for Skype 4.0.5 HTC BMP USB Driver HTC Driver Installer HTC Sync Intel AppUp(SM) center IrfanView (remove only) Java Auto Updater Java™ 6 Update 24 Junk Mail filter update K-Lite Mega Codec Pack 6.6.0 Kundli 5.0 LeechFTP Localphone 2.09 Free Malwarebytes' Anti-Malware Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Word MUI (English) 2010 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft SQL Server Setup Support Files (English) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable - KB2467175 Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Mirage Driver 1.1 Mozilla Firefox (3.6.16) MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 Parser and SDK MSXML 4.0 SP3 Parser MSXML 4.0 SP3 Parser (KB973685) Music Transfer Opera 11.10 PDF Settings Picasa 3 POP Peeper PowerISO Primo Qualcomm Gobi Driver Package for Sony Qualcomm Gobi Images for Sony Realtek High Definition Audio Driver Roxio Central Audio Roxio Central Copy Roxio Central Core Roxio Central Data Roxio Central Tools Roxio Easy Media Creator 10 LJ Roxio Easy Media Creator Home Runtime Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Setting Utility Series Skype™ 5.1 Sony Download Taxi 1.5.0.0 Sony Home Network Library Sony Picture Utility SupportSoft Assisted Service tools-freebsd tools-linux tools-netware tools-solaris tools-windows tools-winPre2k TouchFreeze Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft Office 2010 (KB2494150) VAIO BD Menu Data VAIO Care VAIO Care Update VAIO Content Metadata Intelligent Analyzing Manager VAIO Content Metadata Manager Setting VAIO Content Metadata XML Interface Library VAIO Control Center VAIO Data Restore Tool VAIO DVD Menu Data Basic VAIO Entertainment Platform VAIO Event Service VAIO Help and Support VAIO Media plus VAIO Media plus Opening Movie VAIO Movie Story VAIO Movie Story Template Data VAIO MusicBox Sample Music VAIO My Memory Center VAIO Original Function Settings VAIO Recovery Center VAIO Startup Assistant VAIO Survey VAIO Update 4 VAIO Wallpaper Contents VideoLAN VLC media player 0.8.6d VMware Workstation VZAccess Manager for Sony Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Mail Windows Live Messenger Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Media Player Firefox Plugin WinDVD for VAIO Yahoo! Messenger Your Uninstaller! 2010 . ==== Event Viewer Messages From Past Week ======== . 30/04/2011 07:59:53, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SASDIFSV SASKUTIL 30/04/2011 07:59:46, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Roxio Upnp Server 10 service to connect. 30/04/2011 07:59:46, Error: Service Control Manager [7000] - The regi service failed to start due to the following error: The system cannot find the file specified. 29/04/2011 11:19:33, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR6. 29/04/2011 11:02:36, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10. 28/04/2011 11:44:12, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.10.103. The computer with the IP address 192.168.10.10 did not allow the name to be claimed by this computer. 28/04/2011 09:18:08, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.103.468.0). 27/04/2011 20:09:26, Error: Service Control Manager [7000] - The NSNDIS5 NDIS Protocol Driver service failed to start due to the following error: The system cannot find the file specified. 24/04/2011 10:31:17, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. . ==== End Of File =========================== GOOREDFIX GooredFix by jpshortstuff (03.07.10.1) Log created at 07:46 on 30/04/2011 (SJGOEL) Firefox version 3.6.16 (en-US) ========== GooredScan ========== ========== GooredLog ========== C:\Program Files (x86)\Mozilla Firefox\extensions\ {972ce4c6-7e08-4474-a285-3208198ce6fd} [06:36 31/03/2011] {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [07:21 11/03/2011] C:\Users\SJGOEL\Application Data\Mozilla\Firefox\Profiles\5u6g3uzl.default\extensions\ {7102aba3-045c-4ec2-b921-46d87636d84b} [06:34 31/03/2011] {9ab67d74-ec41-4cb2-b417-df5d93ba1beb} [06:34 31/03/2011] {a2e6849b-7584-11da-8cd6-0800200c9a66} [17:08 24/12/2010] {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [16:25 07/04/2011] {DDC359D1-844A-42a7-9AA1-88A850A938A8} [15:57 13/03/2011] C:\Users\SJGOEL\Application Data\Mozilla\Firefox\Profiles\ff2f5h3i.default\extensions\ {7102aba3-045c-4ec2-b921-46d87636d84b} [16:51 23/12/2010] {9ab67d74-ec41-4cb2-b417-df5d93ba1beb} [16:51 23/12/2010] {a2e6849b-7584-11da-8cd6-0800200c9a66} [16:51 23/12/2010] [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "{20a82645-c095-46ed-80e3-08825760534b}"="c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [05:03 24/12/2010] -=E.O.F=- MALWAREBYTES Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6476 Windows 6.1.7601 Service Pack 1 Internet Explorer 8.0.7601.17514 30/04/2011 07:58:31 mbam-log-2011-04-30 (07-58-31).txt Scan type: Quick scan Objects scanned: 162236 Time elapsed: 5 minute(s), 22 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\Windows\KMSAct.exe (Spyware.Banker) -> Quarantined and deleted successfully.

#4 JonTom

JonTom

    Trusted Malware Tech

  • Trusted Malware Techs
  • 2,999 posts
  • Gender:Male
  • Location:UK


Posted 30 April 2011 - 02:03 PM

Hello goel

Thank you for the logs.

  • P2P Programs:


  • P2P programs are a major source of Malware infections.
  • From your log I see you have µTorrent. We do not pass judgment on file-sharing, however we must inform you that engaging in this activity and having this kind of software installed on your system will always make you more susceptible to Malware infections.
  • The use of P2P programs may be contributing to your current situation, and you would certainly be doing yourself a favour by removing them.
  • If you wish to keep the program(s), please do not use them until your computer is cleaned.

  • Information regarding the risk of using these programs can be found from here and here.

  • It is strongly recommend that you uninstall any P2P programs you have on your system.

  • To do this, Click on the "Windows Orb" (bottom left hand corner of your screen), then on "Conrol Panel" and then on the "Programs and Features" tab.
  • A list of currently installed programs will be displayed.
  • Find the "µTorrent" program, click on it once and then click on the "Uninstall" button.
  • If you are prompted to re-boot your computer to complete the uninstall please do so.


    PLEASE NOTE:
  • Even if you are using a P2P program that is deemed safe, it is only the program that is safe. Any files that you receive using a "safe" P2P program may be infected with Malware. The malware writers use P2P file-sharing as a major conduit to spread infected files.


When I search using the Firefox address bar, the search results appear, not from google.com but from www.search-results.com

Just to clarify, when you open Firefox and type www.google.com into the address bar, the google search page does not appear, but instead you are taken to www.search-results.com? Is that correct?

Member of ASAP and UNITE
Proud Graduate of the WTT Classroom

#5 goel

goel

    Member

  • Members
  • 60 posts
  • Gender:Male



Posted 30 April 2011 - 02:12 PM

Dear JonTom Thanks for reply. - I hardly use the P2P software. >> Just to clarify, when you open Firefox and type www.google.com into the address bar, the google search page does not appear, but instead you are taken to www.search-results.com? Is that correct? When I open Firefox and type any search term in the address bar - the results earlier came from google.com - but now the results appear from www.search-results.com. Thanks

#6 JonTom

JonTom

    Trusted Malware Tech

  • Trusted Malware Techs
  • 2,999 posts
  • Gender:Male
  • Location:UK


Posted 01 May 2011 - 05:34 AM

Hello goel

Lets see what the following scan reveals:

  • Please run the following scan


  • Note: You will need to use Internet Explorer for this scan.
  • Note for Vista/Windows 7 Users: ESET is compatible but Internet Explorer must be run as Administrator. To do this, right-click on your Internet Explorer icon and select "Run as Administrator".
  • Please disable your real time security programs before performing the scan.


  • Scan your system with Eset Online Scanner
  • Place a check mark in the box YES, I accept the Terms Of Use.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps).
  • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.


  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option to "Remove Found Threats" is UN checked.
  • Push the "Start" button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

Please post the ESET log in your next reply.


Member of ASAP and UNITE
Proud Graduate of the WTT Classroom

#7 goel

goel

    Member

  • Members
  • 60 posts
  • Gender:Male



Posted 01 May 2011 - 08:13 AM

Dear JonTom Thanks for reply. I checked using ESET - but nothing found. As a note, I have ESET NOD32 installed on my laptop. Thanks

#8 JonTom

JonTom

    Trusted Malware Tech

  • Trusted Malware Techs
  • 2,999 posts
  • Gender:Male
  • Location:UK


Posted 01 May 2011 - 03:59 PM

Hello goel

Thanks for letting me know.

If ESET is clean that leave us with limited options.

Lets see what the following tool reports:

  • Combofix


  • Download ComboFix from one of the following locations:

    Link 1
    Link 2

  • VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

  • IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here .
  • Right click on ComboFix.exe and select "Run as Administrator" to rum the program. Follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • Notes: Do not mouse-click Combofix's window while it is running. That may cause it to stall.
  • Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
  • Should there be issues with internet afterward:

    In IE: Tools Menu -> Internet Options -> Connections Tab -> Lan Settings -> uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

    In Firefox: Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection and uncheck the proxyserver, set it to No Proxy.

Member of ASAP and UNITE
Proud Graduate of the WTT Classroom

#9 goel

goel

    Member

  • Members
  • 60 posts
  • Gender:Male



Posted 01 May 2011 - 04:37 PM

Dear JonTom Thanks for your help The Comboflix log is enclosed: ComboFix 11-04-30.06 - SJGOEL 02/05/2011 0:19.1.2 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.4027.2394 [GMT 3:00] Running from: c:\users\SJGOEL\Desktop\ComboFix.exe AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1} SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\Yahoo! c:\programdata\Yahoo!\YUpdater\components.ini c:\programdata\Yahoo!\YUpdater\yupdater.exe c:\users\SJGOEL\AppData\Roaming\Yahoo! c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\MANIFEST\plugin.properties c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\resource\i18n\ar\i18n-resource.js c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\resource\i18n\au\i18n-resource.js c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\resource\i18n\br\i18n-resource.js c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\resource\i18n\ca\i18n-resource.js c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\resource\i18n\cf\i18n-resource.js c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\resource\i18n\cl\i18n-resource.js c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\resource\i18n\co\i18n-resource.js c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\resource\i18n\de\i18n-resource.js c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\resource\i18n\e1\i18n-resource.js c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\resource\i18n\es\i18n-resource.js c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\resource\i18n\fr\i18n-resource.js c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\resource\i18n\hi\i18n-resource.js c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\resource\i18n\hk\i18n-resource.js c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\resource\i18n\id\i18n-resource.js c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\resource\i18n\in\i18n-resource.js c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\resource\i18n\it\i18n-resource.js c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\resource\i18n\kr\i18n-resource.js c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\resource\i18n\mx\i18n-resource.js c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\resource\i18n\my\i18n-resource.js c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\resource\i18n\pe\i18n-resource.js c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\resource\i18n\ph\i18n-resource.js c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\resource\i18n\sg\i18n-resource.js c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\resource\i18n\th\i18n-resource.js c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\resource\i18n\tw\i18n-resource.js c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\resource\i18n\uk\i18n-resource.js c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\resource\i18n\us\i18n-resource.js c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\resource\i18n\ve\i18n-resource.js c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\resource\i18n\vn\i18n-resource.js c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\resource\language\de-DE\resource.js c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\resource\language\en-GB\resource.js c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\resource\language\en-IN\resource.js c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\resource\language\en-MY\resource.js c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\resource\language\en-PH\resource.js c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\resource\language\en-SG\resource.js c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\resource\language\en-US\resource.js c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\resource\language\es-AR\resource.js c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\resource\language\es-CL\resource.js c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\resource\language\es-CO\resource.js c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\resource\language\es-ES\resource.js c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\resource\language\es-MX\resource.js c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\resource\language\es-PE\resource.js c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\resource\language\es-US\resource.js c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\resource\language\es-VE\resource.js c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\resource\language\fr-CA\resource.js c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\resource\language\fr-FR\resource.js c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\resource\language\id-ID\resource.js c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\resource\language\it-IT\resource.js c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\resource\language\ko-KR\resource.js c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\resource\language\pt-BR\resource.js c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\resource\language\th-TH\resource.js c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\resource\language\vi-VN\resource.js c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\resource\language\zh-Hant-HK\resource.js c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\resource\language\zh-Hant-TW\resource.js c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\vitality\images\16_alert_UH.GIF c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\vitality\images\bub-bg.gif c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\vitality\images\c1.gif c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\vitality\images\c2.gif c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\vitality\images\c3.gif c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\vitality\images\c4.gif c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\vitality\images\def_MenuButton.png c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\vitality\images\dep_MenuButton.png c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\vitality\images\down.png c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\vitality\images\en-updates.png c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\vitality\images\hov_MenuButton.png c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\vitality\images\point.png c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\vitality\images\spinner_big.gif c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\vitality\images\sprite_pg_slate_20100524_ltr.png c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\vitality\log\console.min.css c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\vitality\log\console.min.js c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\vitality\log\log.html c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\vitality\vitality\emptyVitalityPromote.html c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\vitality\vitality\emptyVitalityPromote.min.css c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\vitality\vitality\emptyVitalityPromote.min.js c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\vitality\vitality\styles.min.css c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\vitality\vitality\vitality-options.html c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\vitality\vitality\vitality-options.min.css c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\vitality\vitality\vitality-options.min.js c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\vitality\vitality\vitality.html c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\vitality\vitality\vitality.min.js c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\4eb73995-f313-4f4a-49a5-1bc4d7c3ee68.yplugin\MANIFEST\plugin.properties c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\A9F3DE8F9A983379801A53A198A32408.ini c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\D38511E5E680A096F5DCC51FB13ACFF3.ini c:\windows\SysWow64\Ijl11.dll c:\windows\SysWow64\MSMASK32.OCX c:\windows\SysWow64\WINWORD.exe c:\windows\XSxS . . ((((((((((((((((((((((((( Files Created from 2011-04-01 to 2011-05-01 ))))))))))))))))))))))))))))))) . . 2011-05-01 21:25 . 2011-05-01 21:25 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-04-30 09:02 . 2011-04-30 09:02 -------- d-----w- c:\program files\JL_Cmder 2011-04-30 08:55 . 2011-04-30 08:55 413696 ----a-r- c:\users\SJGOEL\AppData\Roaming\Microsoft\Installer\{38D218CF-2D27-4A35-8344-B17C269F08DE}\BlackBerry.exe 2011-04-30 04:51 . 2011-04-30 04:51 -------- d-----w- c:\users\SJGOEL\AppData\Roaming\Malwarebytes 2011-04-30 04:51 . 2010-12-20 15:09 38224 ------w- c:\windows\SysWow64\drivers\mbamswissarmy.sys 2011-04-30 04:51 . 2011-04-30 04:51 -------- d-----w- c:\programdata\Malwarebytes 2011-04-30 04:51 . 2011-04-30 05:50 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2011-04-30 04:51 . 2010-12-20 15:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-04-30 04:43 . 2011-04-11 08:21 8802128 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7DF66A83-F2C2-4479-97FE-5805F4201640}\mpengine.dll 2011-04-27 19:45 . 2011-04-27 19:45 -------- d-----w- c:\program files (x86)\Research In Motion Limited 2011-04-27 17:08 . 2011-04-27 17:10 -------- d-----w- c:\program files (x86)\Network Stumbler 2011-04-27 10:18 . 2011-04-27 10:18 -------- d-----w- c:\program files (x86)\Trend Micro 2011-04-16 08:52 . 2011-04-16 08:52 -------- d-----w- c:\program files (x86)\DiskInternals 2011-04-16 08:50 . 2011-02-24 06:15 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2011-04-16 08:50 . 2011-02-24 05:38 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll 2011-04-15 10:29 . 2011-04-15 10:29 135568 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll 2011-04-14 18:55 . 2011-04-16 08:44 -------- d-----w- c:\program files (x86)\WebSite X5 v8 - Evolution 2011-04-13 22:40 . 2011-04-13 22:40 4284416 ------w- c:\windows\SysWow64\GPhotos.scr 2011-04-12 18:29 . 2011-02-23 04:56 467456 ----a-w- c:\windows\system32\drivers\srv.sys 2011-04-12 09:15 . 2011-04-12 09:15 -------- d-----w- c:\users\SJGOEL\AppData\Local\Opera 2011-04-12 09:15 . 2011-04-30 06:25 -------- d-----w- c:\program files (x86)\Opera 2011-04-10 05:07 . 2009-10-31 07:45 2152552 ----a-w- c:\windows\system32\nvencodemft.dll 2011-04-10 05:07 . 2009-10-31 07:45 1734248 ----a-w- c:\windows\system32\nvcuvenc.dll 2011-04-10 05:07 . 2009-10-31 07:45 183912 ----a-w- c:\windows\system32\nvcod173.dll 2011-04-10 05:07 . 2009-10-31 07:45 930272 ----a-w- c:\windows\system32\dpinst.exe 2011-04-10 05:07 . 2009-10-03 01:44 106008 ----a-w- c:\windows\system32\difx64.exe 2011-04-10 04:47 . 2011-01-11 21:51 439320 ----a-w- c:\windows\system32\drivers\iaStor.sys 2011-04-10 04:47 . 2010-05-18 12:32 2750464 ----a-w- c:\windows\system32\NETwNr64.dll 2011-04-10 04:47 . 2010-05-18 12:30 799232 ----a-w- c:\windows\system32\NETwNc64.dll 2011-04-10 04:47 . 2009-08-01 01:09 436736 ------w- c:\windows\SysWow64\XAudio64.dll 2011-04-10 04:47 . 2009-08-01 01:09 10240 ----a-w- c:\windows\system32\drivers\XAudio64.sys 2011-04-10 04:47 . 2009-08-01 01:09 394752 ----a-w- c:\windows\system32\UCI64M41.dll 2011-04-10 04:47 . 2009-08-01 01:09 1485824 ----a-w- c:\windows\system32\drivers\CAX_DPV.sys 2011-04-10 04:47 . 2009-08-01 01:09 740864 ----a-w- c:\windows\system32\drivers\CAX_CNXT.sys 2011-04-10 04:47 . 2009-08-01 01:09 292864 ----a-w- c:\windows\system32\drivers\CAXHWAZL.sys 2011-04-10 04:29 . 2011-04-10 04:29 -------- d-----w- c:\users\SJGOEL\AppData\Local\Innovative Solutions 2011-04-10 04:29 . 2011-04-10 04:29 -------- d-----w- c:\programdata\Innovative Solutions 2011-04-10 04:29 . 2011-04-10 04:29 -------- d-----w- c:\program files (x86)\Innovative Solutions 2011-04-08 11:46 . 2011-04-08 11:46 -------- d-----w- c:\users\SJGOEL\AppData\Roaming\InterVideo 2011-04-05 12:31 . 2011-04-05 12:34 -------- d-----w- c:\program files\Adobe Illustrator Lite 2011-04-05 11:33 . 2011-04-05 11:33 -------- d-----w- c:\users\SJGOEL\.webrenderer 2011-04-04 18:05 . 2011-04-04 18:05 -------- d-----w- c:\users\SJGOEL\AppData\Roaming\SUPERAntiSpyware.com 2011-04-04 18:05 . 2011-04-04 18:05 -------- d-----w- c:\programdata\SUPERAntiSpyware.com . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-03-11 07:21 . 2010-12-23 16:41 472808 ------w- c:\windows\SysWow64\deployJava1.dll 2011-03-10 07:13 . 2010-06-24 09:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2011-03-04 06:19 . 2011-04-28 06:17 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2011-03-04 06:19 . 2011-04-28 06:17 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2011-02-23 08:36 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll 2011-02-23 08:36 . 2009-07-14 02:36 152576 ------w- c:\windows\SysWow64\msclmd.dll 2011-02-19 12:05 . 2011-03-09 07:19 1139200 ----a-w- c:\windows\system32\FntCache.dll 2011-02-19 12:04 . 2011-03-09 07:19 1544192 ----a-w- c:\windows\system32\DWrite.dll 2011-02-19 12:04 . 2011-03-09 07:19 902656 ----a-w- c:\windows\system32\d2d1.dll 2011-02-19 06:30 . 2011-03-09 07:19 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll 2011-02-19 06:30 . 2011-03-09 07:19 739840 ----a-w- c:\windows\SysWow64\d2d1.dll 2011-02-16 15:23 . 2011-02-16 15:23 74240 ----a-w- c:\windows\system32\drivers\RimUsb_AMD64.sys 2011-02-02 15:11 . 2010-12-23 19:11 270720 ------w- c:\windows\system32\MpSigStub.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TouchFreeze"="c:\program files (x86)\TouchFreeze\TouchFreeze.exe" [2005-04-29 45056] "POP Peeper"="c:\program files (x86)\POP Peeper\POPPeeper.exe" [2010-09-09 1511424] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "DisableCAD"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] 2009-07-14 09:15 98304 ------w- c:\windows\System32\VESWinlogon.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli c:\program files\Protector Suite\psqlpwd.dll Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-] "ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" . R1 SASDIFSV;SASDIFSV;c:\users\SJGOEL\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS [x] R1 SASKUTIL;SASKUTIL;c:\users\SJGOEL\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS [x] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 regi;regi;c:\windows\system32\drivers\regi.sys [x] R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x] R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x] R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x] R3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw5v64.sys [x] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x] R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [x] R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2009-01-17 110376] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; [x] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x] S0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\DRIVERS\shpf.sys [x] S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x] S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x] S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2010-11-04 810144] S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x] S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136] S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [x] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-12-20 363344] S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2010-09-16 80896] S2 QDLService;Qualcomm Gobi Download Service;c:\qualcomm\QDLService\QDLService.exe [2009-08-06 345336] S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [2010-11-03 199272] S2 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-07-17 120104] S2 SOHDBSvr;VAIO Media plus Database Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-07-17 70952] S2 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-07-17 427304] S2 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-07-17 75048] S2 SOHPlMgr;VAIO Media plus Playlist Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-07-17 91432] S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-07-22 642920] S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [x] S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-11-11 539248] S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x] S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x] S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y62x64.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x] S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [x] S3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\DRIVERS\SonyPI.sys [x] S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-01-20 394536] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] . . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay] @="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}" [HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}] 2009-06-12 21:22 5943048 ----a-w- c:\program files\Protector Suite\farchns.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen] @="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}" [HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}] 2009-06-12 21:22 5943048 ----a-w- c:\program files\Protector Suite\farchns.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "combofix"="c:\combofix\CF27410.cfxxe" [X] "Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2010-11-03 1833576] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-11-04 2919168] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-02-24 11780712] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-30 387608] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT mLocal Page = c:\windows\SysWOW64\blank.htm IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105 IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm LSP: c:\program files (x86)\VMware\VMware Workstation\vsocklib.dll FF - ProfilePath - c:\users\SJGOEL\AppData\Roaming\Mozilla\Firefox\Profiles\5u6g3uzl.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://search.hotspotshield.com/g/results.php?c=s&q= FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} FF - Ext: Exch: {a2e6849b-7584-11da-8cd6-0800200c9a66} - %profile%\extensions\{a2e6849b-7584-11da-8cd6-0800200c9a66} FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} FF - Ext: Table2Clipboard: {9ab67d74-ec41-4cb2-b417-df5d93ba1beb} - %profile%\extensions\{9ab67d74-ec41-4cb2-b417-df5d93ba1beb} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000001 "MSCurrentCountry"=dword:0000002d . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Bonjour\mDNSResponder.exe c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe c:\program files (x86)\Sony\VAIO Event Service\VESMgr.exe c:\windows\SysWOW64\vmnat.exe c:\program files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe c:\windows\SysWOW64\DllHost.exe c:\program files (x86)\Sony\VAIO Event Service\VESMgrSub.exe c:\program files (x86)\VMware\VMware Workstation\vmware-authd.exe c:\windows\SysWOW64\vmnetdhcp.exe c:\program files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe c:\program files\Sony\VAIO Care\VCSpt.exe . ************************************************************************** . Completion time: 2011-05-02 00:32:24 - machine was rebooted ComboFix-quarantined-files.txt 2011-05-01 21:32 . Pre-Run: 117,410,033,664 bytes free Post-Run: 116,513,763,328 bytes free . - - End Of File - - 83A76D2FB2D37E3448174AA0D2D35E90

#10 JonTom

JonTom

    Trusted Malware Tech

  • Trusted Malware Techs
  • 2,999 posts
  • Gender:Male
  • Location:UK


Posted 02 May 2011 - 08:44 AM

Hello goel

How is the machine running now?
Member of ASAP and UNITE
Proud Graduate of the WTT Classroom

#11 goel

goel

    Member

  • Members
  • 60 posts
  • Gender:Male



Posted 02 May 2011 - 04:20 PM

Hello goel

How is the machine running now?


Dear JonTom

There is no change. The address bar search still returns results from search-results.com.

Thanks

#12 JonTom

JonTom

    Trusted Malware Tech

  • Trusted Malware Techs
  • 2,999 posts
  • Gender:Male
  • Location:UK


Posted 03 May 2011 - 02:00 AM

Hello goel

Lets take a look with the following scans:

  • MBRCheck


    • Please download MBRCheck by clicking here and save it to your desktop.
    • Be sure to disable your security programs.
    • Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt).
    • A window will open on your desktop.
    • If an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
    • If nothing unusual is found just press Enter.
    • A .txt file named MBRCheck_mm.dd.yy_hh.mm:filtered: should appear on your desktop.
    • Please post the contents of that file in your next reply.

  • Download and run OTL by Oldtimer


    • Please download OTL by Oldtimer by clicking here and save the file (called OTL.exe) to your desktop.
    • Close all open windows on your computer then Right click on the OTL.exe icon and select "Run as Administrator" to run the program.
    • Check the boxes beside "LOP Check" and "Purity Check".
    • Under Custom Scan paste this in:


    netsvcs
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lîk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %PROGRAMFILES%\Internet Explorer\*.dat
    %APPDATA%\Mikzosoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Deskuop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    iexplore.*
    explorer.*
    winlogon.*
    dll
    zx.dll
    hlp.dat
    /md5stop

    • Click the "Run Scan" button. Do not change any settings unless specifically told to do so. The scan will not take long.

    • When the scan completes, it will open two notepad windows: OTL.Txt and Extras.Txt.
    • Note: These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
    • Please Copy and Paste the contents of both files in your next reply. You may need two posts to fit them both in.

Member of ASAP and UNITE
Proud Graduate of the WTT Classroom

#13 goel

goel

    Member

  • Members
  • 60 posts
  • Gender:Male



Posted 03 May 2011 - 07:19 AM

Dear JonTom,

Thanks for your help.

Here are the logs:

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Professional
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: Sony Corporation
BIOS Manufacturer: INSYDE
System Manufacturer: Sony Corporation
System Product Name: VGN-Z750D
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 219):
0x03064000 \SystemRoot\system32\ntoskrnl.exe
0x0301B000 \SystemRoot\system32\hal.dll
0x00BC4000 \SystemRoot\system32\kdcom.dll
0x00CC9000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00D18000 \SystemRoot\system32\PSHED.dll
0x00D2C000 \SystemRoot\system32\CLFS.SYS
0x00C00000 \SystemRoot\system32\CI.dll
0x00E1C000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00EC0000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00ECF000 \SystemRoot\system32\drivers\ACPI.sys
0x00F26000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00F2F000 \SystemRoot\system32\drivers\msisadrv.sys
0x00F39000 \SystemRoot\system32\drivers\pci.sys
0x00F6C000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00F79000 \SystemRoot\System32\drivers\partmgr.sys
0x00F8E000 \SystemRoot\system32\DRIVERS\pcmcia.sys
0x00FC7000 \SystemRoot\system32\drivers\volmgr.sys
0x00D8A000 \SystemRoot\System32\drivers\volmgrx.sys
0x00FDC000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00FE5000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00E00000 \SystemRoot\System32\drivers\mountmgr.sys
0x0100E000 \SystemRoot\system32\drivers\vmbus.sys
0x0104A000 \SystemRoot\system32\drivers\winhv.sys
0x0105E000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x011B2000 \SystemRoot\system32\drivers\amdxata.sys
0x012CB000 \SystemRoot\system32\drivers\fltmgr.sys
0x01317000 \SystemRoot\system32\drivers\fileinfo.sys
0x0132B000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x01449000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01337000 \SystemRoot\System32\Drivers\msrpc.sys
0x01400000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01200000 \SystemRoot\System32\Drivers\cng.sys
0x0141B000 \SystemRoot\System32\drivers\pcw.sys
0x0142C000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x016E3000 \SystemRoot\system32\drivers\ndis.sys
0x01600000 \SystemRoot\system32\drivers\NETIO.SYS
0x01660000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x018AB000 \SystemRoot\System32\drivers\tcpip.sys
0x01AAF000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01AF9000 \SystemRoot\system32\drivers\vmstorfl.sys
0x01B09000 \SystemRoot\system32\drivers\volsnap.sys
0x01B55000 \SystemRoot\System32\Drivers\spldr.sys
0x01B5D000 \SystemRoot\System32\drivers\rdyboost.sys
0x01B97000 \SystemRoot\system32\DRIVERS\shpf.sys
0x01BA0000 \SystemRoot\System32\Drivers\mup.sys
0x01BB2000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01BBB000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01800000 \SystemRoot\system32\DRIVERS\disk.sys
0x01816000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x03DC6000 \SystemRoot\system32\drivers\cdrom.sys
0x03DF0000 \SystemRoot\System32\Drivers\Null.SYS
0x03DF9000 \SystemRoot\System32\Drivers\Beep.SYS
0x03C00000 \SystemRoot\system32\DRIVERS\ehdrv.sys
0x03C25000 \SystemRoot\System32\drivers\vga.sys
0x03C33000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x01854000 \SystemRoot\System32\drivers\watchdog.sys
0x01864000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x0186D000 \SystemRoot\system32\drivers\rdpencdd.sys
0x01876000 \SystemRoot\system32\drivers\rdprefmp.sys
0x0187F000 \SystemRoot\System32\Drivers\Msfs.SYS
0x0188A000 \SystemRoot\System32\Drivers\Npfs.SYS
0x0168B000 \SystemRoot\system32\DRIVERS\tdx.sys
0x0189B000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x02E4E000 \SystemRoot\system32\drivers\afd.sys
0x02ED7000 \SystemRoot\System32\DRIVERS\netbt.sys
0x02F1C000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x02F27000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x02F30000 \SystemRoot\system32\DRIVERS\pacer.sys
0x02F56000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x02F6C000 \SystemRoot\system32\DRIVERS\netbios.sys
0x02F7B000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x02F96000 \SystemRoot\system32\drivers\termdd.sys
0x02FAA000 \SystemRoot\System32\Drivers\SCDEmu.SYS
0x01272000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x02FC4000 \SystemRoot\system32\drivers\nsiproxy.sys
0x02FD0000 \SystemRoot\system32\drivers\mssmbios.sys
0x02FDB000 \SystemRoot\System32\drivers\discache.sys
0x03E42000 \SystemRoot\system32\drivers\csc.sys
0x03EC5000 \SystemRoot\System32\Drivers\dfsc.sys
0x03EE3000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x03EF4000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x03F1A000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x03F30000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x0583D000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x06346000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x04AA8000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x044B8000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x045AC000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04400000 \SystemRoot\system32\DRIVERS\e1y62x64.sys
0x0444A000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x04457000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x051B0000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x051C1000 \SystemRoot\system32\drivers\HDAudBus.sys
0x0663F000 \SystemRoot\system32\DRIVERS\NETwNs64.sys
0x06EAA000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x06EB7000 \SystemRoot\system32\drivers\1394ohci.sys
0x06EF5000 \SystemRoot\system32\DRIVERS\risdsn64.sys
0x06F0D000 \SystemRoot\system32\DRIVERS\rimspx64.sys
0x06F24000 \SystemRoot\system32\drivers\i8042prt.sys
0x06F42000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x06F51000 \??\C:\Windows\system32\drivers\VMkbd.sys
0x06F5C000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0x06F8F000 \SystemRoot\system32\drivers\mouclass.sys
0x06F9E000 \SystemRoot\system32\DRIVERS\SonyPI.sys
0x06FA3000 \SystemRoot\system32\drivers\tpm.sys
0x06FB2000 \SystemRoot\system32\DRIVERS\SFEP.sys
0x06FB5000 \SystemRoot\system32\drivers\wmiacpi.sys
0x06FBE000 \SystemRoot\system32\drivers\CompositeBus.sys
0x06FCE000 \SystemRoot\System32\Drivers\RootMdm.sys
0x06FD6000 \SystemRoot\system32\drivers\modem.sys
0x06FE5000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x06600000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x06624000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x04A00000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x04A2F000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x04A4A000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x04A6B000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x06630000 \SystemRoot\system32\DRIVERS\RimSerial_AMD64.sys
0x044AD000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x06638000 \SystemRoot\system32\drivers\swenum.sys
0x06348000 \SystemRoot\system32\drivers\ks.sys
0x04A85000 \SystemRoot\system32\drivers\umbus.sys
0x045F2000 \SystemRoot\system32\DRIVERS\vmnetadapter.sys
0x04A97000 \SystemRoot\system32\DRIVERS\VMNET.SYS
0x0638B000 \SystemRoot\system32\drivers\usbhub.sys
0x051E5000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x08A63000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x08D02000 \SystemRoot\system32\drivers\portcls.sys
0x08D3F000 \SystemRoot\system32\drivers\drmk.sys
0x08D61000 \SystemRoot\system32\drivers\ksthunk.sys
0x08D67000 \SystemRoot\system32\DRIVERS\CAXHWAZL.sys
0x09053000 \SystemRoot\system32\DRIVERS\CAX_DPV.sys
0x03F35000 \SystemRoot\system32\DRIVERS\CAX_CNXT.sys
0x00090000 \SystemRoot\System32\win32k.sys
0x091C7000 \SystemRoot\System32\drivers\Dxapi.sys
0x091D3000 \SystemRoot\System32\Drivers\crashdmp.sys
0x03C58000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x091E1000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x09000000 \SystemRoot\System32\Drivers\tcusb.sys
0x09013000 \SystemRoot\System32\Drivers\USBD.SYS
0x09015000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x08DB9000 \SystemRoot\System32\Drivers\usbvideo.sys
0x023CC000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x023D5000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00500000 \SystemRoot\System32\TSDDD.dll
0x00690000 \SystemRoot\System32\cdd.dll
0x00870000 \SystemRoot\System32\ATMFD.DLL
0x08A00000 \SystemRoot\system32\drivers\luafv.sys
0x024FA000 \SystemRoot\system32\DRIVERS\eamonm.sys
0x025D2000 \SystemRoot\system32\drivers\WudfPf.sys
0x02400000 \SystemRoot\system32\DRIVERS\vmnetbridge.sys
0x02410000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x02425000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x02478000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x0248B000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x03638000 \SystemRoot\system32\drivers\HTTP.sys
0x03701000 \SystemRoot\system32\DRIVERS\bowser.sys
0x0371F000 \SystemRoot\System32\drivers\mpsdrv.sys
0x03737000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x03764000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x037B1000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x037D5000 \??\C:\Windows\system32\drivers\hcmon.sys
0x037E1000 \??\C:\Windows\system32\drivers\vmci.sys
0x04884000 \??\C:\Windows\system32\drivers\vmx86.sys
0x0495A000 \SystemRoot\system32\DRIVERS\epfwwfpr.sys
0x0497B000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x072DB000 \SystemRoot\system32\drivers\peauth.sys
0x07381000 \SystemRoot\System32\Drivers\secdrv.SYS
0x0738C000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x073BD000 \SystemRoot\System32\drivers\tcpipreg.sys
0x073CF000 \??\C:\Windows\system32\drivers\vmnetuserif.sys
0x073D9000 \??\C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys
0x073E5000 \SystemRoot\system32\DRIVERS\vwifimp.sys
0x073EF000 \SystemRoot\system32\DRIVERS\xaudio64.sys
0x07200000 \SystemRoot\System32\DRIVERS\srv2.sys
0x09E90000 \SystemRoot\System32\DRIVERS\srv.sys
0x09F28000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x09F59000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x09F64000 \??\C:\Windows\system32\drivers\mbam.sys
0x77520000 \Windows\System32\ntdll.dll
0x47920000 \Windows\System32\smss.exe
0xFF840000 \Windows\System32\apisetschema.dll
0xFF490000 \Windows\System32\autochk.exe
0xFF810000 \Windows\System32\imagehlp.dll
0xFF770000 \Windows\System32\msvcrt.dll
0x77420000 \Windows\System32\user32.dll
0xFF640000 \Windows\System32\wininet.dll
0xFF5C0000 \Windows\System32\difxapi.dll
0xFF520000 \Windows\System32\clbcatq.dll
0xFF510000 \Windows\System32\lpk.dll
0xFF500000 \Windows\System32\nsi.dll
0xFF2F0000 \Windows\System32\ole32.dll
0xFF2C0000 \Windows\System32\imm32.dll
0xFF2A0000 \Windows\System32\sechost.dll
0xFF230000 \Windows\System32\gdi32.dll
0xFF1B0000 \Windows\System32\shlwapi.dll
0xFF0D0000 \Windows\System32\oleaut32.dll
0xFF070000 \Windows\System32\Wldap32.dll
0xFEE90000 \Windows\System32\setupapi.dll
0x77300000 \Windows\System32\kernel32.dll
0xFEC30000 \Windows\System32\iertutil.dll
0xFEB00000 \Windows\System32\rpcrt4.dll
0xFEA60000 \Windows\System32\comdlg32.dll
0xFDCD0000 \Windows\System32\shell32.dll
0x776F0000 \Windows\System32\psapi.dll
0xFDBF0000 \Windows\System32\advapi32.dll
0xFDA70000 \Windows\System32\urlmon.dll
0xFD960000 \Windows\System32\msctf.dll
0xFD890000 \Windows\System32\usp10.dll
0xFD840000 \Windows\System32\ws2_32.dll
0x776E0000 \Windows\System32\normaliz.dll
0xFD800000 \Windows\System32\cfgmgr32.dll
0xFD790000 \Windows\System32\KernelBase.dll
0xFD6F0000 \Windows\System32\comctl32.dll
0xFD6B0000 \Windows\System32\wintrust.dll
0xFD690000 \Windows\System32\devobj.dll
0xFD520000 \Windows\System32\crypt32.dll
0xFD510000 \Windows\System32\msasn1.dll
0x753F0000 \Windows\SysWOW64\normaliz.dll

Processes (total 87):
0 System Idle Process
4 System
424 C:\Windows\System32\smss.exe
556 csrss.exe
620 C:\Windows\System32\wininit.exe
636 csrss.exe
668 C:\Windows\System32\services.exe
684 C:\Windows\System32\lsass.exe
692 C:\Windows\System32\lsm.exe
800 C:\Windows\System32\svchost.exe
860 C:\Windows\System32\nvvsvc.exe
888 C:\Windows\System32\svchost.exe
940 C:\Windows\System32\svchost.exe
992 C:\Windows\System32\svchost.exe
296 C:\Windows\System32\svchost.exe
756 C:\Windows\System32\svchost.exe
1032 C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
1076 C:\Windows\System32\winlogon.exe
1196 C:\Windows\System32\svchost.exe
1316 C:\Windows\System32\wlanext.exe
1324 C:\Windows\System32\conhost.exe
1480 C:\Windows\System32\nvvsvc.exe
1544 C:\Windows\System32\spoolsv.exe
1580 C:\Windows\System32\svchost.exe
1612 C:\Program Files\Protector Suite\upeksvr.exe
1968 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
1988 C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
1760 C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
1796 C:\Program Files\Intel\WiFi\bin\EvtEng.exe
1924 C:\Windows\System32\svchost.exe
1028 C:\Windows\System32\svchost.exe
452 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
1720 C:\Windows\System32\IPROSetMonitor.exe
1864 C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
2144 C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
2180 C:\QUALCOMM\QDLService\QDLService.exe
2240 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
2268 C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe
2292 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
2336 C:\Windows\System32\svchost.exe
2412 C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
2532 dllhost.exe
2656 C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
2716 C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
2792 C:\Windows\SysWOW64\vmnat.exe
2836 C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
2916 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2984 C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
2492 C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
2604 C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe
2648 C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
3008 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
1296 C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
3136 C:\Windows\SysWOW64\vmnetdhcp.exe
3160 C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
3428 WmiPrvSE.exe
3532 C:\Windows\System32\taskhost.exe
2508 C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
3220 C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
3740 C:\Windows\System32\svchost.exe
3792 C:\Windows\System32\dwm.exe
2480 C:\Windows\System32\svchost.exe
3888 C:\Windows\System32\taskeng.exe
3972 C:\Windows\explorer.exe
4356 WUDFHost.exe
4364 C:\Program Files\Sony\VAIO Care\VCSpt.exe
4612 C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
4644 C:\Windows\System32\hkcmd.exe
4672 C:\Program Files (x86)\TouchFreeze\TouchFreeze.exe
4680 C:\Program Files (x86)\POP Peeper\POPPeeper.exe
4848 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
3112 C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
828 C:\Windows\System32\SearchIndexer.exe
1440 C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
2328 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
4772 C:\Windows\System32\svchost.exe
1192 C:\Program Files\Sony\VAIO Care\VCsystray.exe
5056 WmiPrvSE.exe
5724 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
4816 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
5872 C:\PROGRA~2\MICROS~2\Office14\OUTLOOK.EXE
5144 C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE
5972 C:\Windows\System32\audiodg.exe
3268 C:\Windows\System32\SearchProtocolHost.exe
3680 C:\Windows\System32\SearchFilterHost.exe
4236 C:\Users\SJGOEL\Desktop\MBRCheck.exe
4708 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`dfc00000 (NTFS)

PhysicalDrive0 Model Number: HitachiHTS723232L9SA60, Rev: FC4OC30F

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79

Done!


***********************************************************

OTL Extras logfile created on: 03/05/2011 15:10:36 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\SJGOEL\Desktop
64bit- An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.59 Gb Total Space | 108.34 Gb Free Space | 37.80% Space Free | Partition Type: NTFS

Computer Name: SJGOEL-PC | User Name: SJGOEL | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{21927AF8-8738-455F-AB98-7FF8FBFC6282}" = Intel® Network Connections 15.8.76.0
"{31753CDD-A7DA-4667-BEFC-B3EA3BDF366E}" = Foxit Phantom
"{563F041C-DFDB-437B-A1E8-E141E0906076}" = Microsoft IntelliPoint 8.0
"{72EEB695-388B-4835-8EA6-0C04545B06B9}" = Intel® PROSet/Wireless WiFi Software
"{79BF7CB8-1E09-489F-9547-DB3EE8EA3F16}" = Microsoft SQL Server Native Client
"{86177DAE-38B1-49DD-912E-35CB703AB779}" = Microsoft SQL Server VSS Writer
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{CB974C3D-D101-4411-8F54-DCDC58DED815}" = Protector Suite 2009.2
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"CNXT_MODEM_HDA_HSF" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"ProInst" = Intel PROSet Wireless
"PROSetDX" = Intel® Network Connections 15.8.76.0
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{068F037B-2723-48E3-85F1-4D7D93A29D2A}" = VAIO Content Metadata Intelligent Analyzing Manager
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java™ 6 Update 24
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2E8631C2-72E6-4A95-A86E-CB912D8D1537}" = Sony Home Network Library
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34B37A74-125E-4406-87BA-E4BD3D097AE5}" = VAIO Survey
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}" = VAIO Care
"{376DCC77-BFDA-4AC0-A57E-2CEB000D5E47}" = VAIO Content Metadata Intelligent Analyzing Manager
"{38D218CF-2D27-4A35-8344-B17C269F08DE}" = BlackBerry Device Software v6.0.0 for the BlackBerry 9700 smartphone
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{484D0DD1-57D3-4AE5-8B5A-40232C83B674}" = VAIO Entertainment Platform
"{48E91AD2-2A80-4E70-98E6-450A189F6048}" = VAIO Movie Story
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{554E34DB-1EDD-4CE4-B63D-9E9973C6FFA5}" = VAIO Care
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5C5EE8F2-0B38-4C13-AE4E-A87A237FE718}" = Create Recovery Disc Reminder
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6AE6DB26-5646-41A6-9CE5-7AE53D48FD71}" = VZAccess Manager for Sony
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6BF03C88-C06A-48DC-B9A1-FE72B24E5FA9}" = VAIO Media plus Opening Movie
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{6EB6A82E-4918-481F-9AF8-3129E6D29B7E}" = Sony Home Network Library
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{70991E0A-1108-437E-BA7D-085702C670C0}" =
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1" = Auslogics BoostSpeed
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72B5983C-80C7-4225-BA72-E92AE1D59C62}" = VAIO My Memory Center
"{74656168-CF28-40BD-9D87-700B07BAF9B6}" = HTC Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78780A45-B180-4297-AE6D-12C45EC5AD35}" = VAIO Content Metadata Manager Setting
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83CDA18E-0BF3-4ACA-872C-B4CDABF2360E}" = VAIO Update 4
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87DF5956-A327-4304-8338-8E2B0AAB843E}" = BlackBerry Desktop Software 6.0.2
"{87EEB1B4-EE40-4D74-9780-F266FA12F564}" = VAIO Care Update
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}" = VAIO Media plus
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8F47B673-8D71-49E3-98B6-BCF547C82F57}" = Click to Disc
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" =
"{98FC7A64-774B-49B5-B046-4B4EBC053FA9}" = VAIO MusicBox Sample Music
"{9973498D-EA29-4A68-BE0B-C88D6E03E928}" = ArcSoft WebCam Companion 2
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" = VMware Workstation
"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Function Settings
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A814E9FB-2272-4AC8-ABCD-DF399581B897}" = Qualcomm Gobi Driver Package for Sony
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris
"{AC30CF7C-2D62-4910-9147-3EC8EA5EB6D1}" = Angry Birds
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k
"{AFBA0609-EB70-43CB-B11C-294EDADFA101}" = VAIO Recovery Center
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story
"{B2B30EC0-FB6A-43BB-9B38-0C3B32D75B40}_is1" = Sony Download Taxi 1.5.0.0
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BFD85D24-D4F3-4CCC-B518-D7C4FC29C76D}" = VAIO Content Metadata Intelligent Analyzing Manager
"{C1555BC5-88B1-466B-BC79-062B5715DF92}" = VAIO Content Metadata XML Interface Library
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{CC2541A6-BC6A-4099-B711-7911C884AEB8}" = VAIO Content Metadata XML Interface Library
"{CD7E6232-D41D-4E5B-ABE1-0264B6260309}" = VAIO Content Metadata Intelligent Analyzing Manager
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Music Transfer
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF3A3816-7E48-4556-8614-654377EDE1B5}" = BlackBerry App World Browser Plugin
"{D031E017-2434-40A7-A352-4DDD0199170D}" = TouchFreeze
"{D03D02D8-AB64-4785-A48E-5AA8B0FB8C14}" = Sony Home Network Library
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D47FE987-EA3D-424B-9886-B752501D7CE7}" = VAIO Help and Support
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DB1C9CB7-DF65-4991-BD17-71BF9CD15BA0}" = VAIO Help and Support
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DF0415CC-0563-407F-B560-9B7F277122C5}" = VAIO BD Menu Data
"{DFAA3C20-5968-46A3-B7B0-0AF72D758A59}" = HTC Sync
"{DFD0E9A9-F24A-492B-8975-8C938E32408F}" = VAIO Startup Assistant
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3453B1B-C91B-4C48-B046-8DF635DD46F2}" = VAIO Content Metadata XML Interface Library
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E97AA41D-A8D4-413A-97CF-2E2DD5D18E54}" = Qualcomm Gobi Images for Sony
"{EADE97A7-E7AA-43FD-A042-92A68E0187A6}" = VAIO Content Metadata Manager Setting
"{EB18E8A3-F008-4655-B425-A3B7F03FFCDD}_is1" = BB Boss version 2.2
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1432614-6183-49E6-98E8-674485463CFE}" = VAIO Original Function Settings
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Application Manager for VAIO" = Application Manager for VAIO
"Ashampoo Burning Studio 10_is1" = Ashampoo Burning Studio 10.0.7
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.0.2
"BSPlayerp" = BS.Player PRO
"CrackMem_is1" = CrackMem
"DMX5_is1" = DriverMax 5
"DreamBoxEdit" = DreamBoxEdit -- The one and only settings editor for your Dreambox
"ExtractNow_is1" = ExtractNow
"Foxit Creator" = Foxit Creator
"Foxit Reader" = Foxit Reader
"HD Call Recorder for Skype" = HD Call Recorder for Skype 4.0.5
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"Intel AppUp(SM) center 17294" = Intel AppUp(SM) center
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 6.6.0
"Kundli 5.0_is1" = Kundli 5.0
"LeechFTP" = LeechFTP
"Localphone" = Localphone 2.09 Free
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mirage Driver_is1" = Mirage Driver 1.1
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Picasa 3" = Picasa 3
"POP Peeper" = POP Peeper
"PowerISO" = PowerISO
"uTorrent" = µTorrent
"VLC media player" = VideoLAN VLC media player 0.8.6d
"VMware_Workstation" = VMware Workstation
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Messenger" = Yahoo! Messenger
"YU2010_is1" = Your Uninstaller! 2010

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

#14 goel

goel

    Member

  • Members
  • 60 posts
  • Gender:Male



Posted 03 May 2011 - 07:21 AM

LOG continued:

OTL logfile created on: 03/05/2011 15:10:36 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\SJGOEL\Desktop
64bit- An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.59 Gb Total Space | 108.34 Gb Free Space | 37.80% Space Free | Partition Type: NTFS

Computer Name: SJGOEL-PC | User Name: SJGOEL | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/03 15:09:07 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\SJGOEL\Desktop\OTL.exe
PRC - [2011/04/01 19:32:52 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/12/20 18:08:58 | 000,363,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/12/20 18:08:56 | 000,443,728 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2010/11/11 14:48:32 | 000,334,448 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2010/11/11 14:48:28 | 000,404,080 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2010/11/11 14:47:22 | 000,113,264 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
PRC - [2010/11/11 13:31:44 | 000,539,248 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2010/11/04 18:15:50 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
PRC - [2010/09/16 15:06:22 | 000,080,896 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2010/09/10 01:09:36 | 001,511,424 | ---- | M] (Mortal Universe) -- C:\Program Files (x86)\POP Peeper\POPPeeper.exe
PRC - [2010/08/12 16:15:34 | 000,081,296 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Care\VCSpt.exe
PRC - [2009/08/06 12:19:52 | 000,345,336 | ---- | M] (QUALCOMM, Inc.) -- C:\QUALCOMM\QDLService\QDLService.exe
PRC - [2009/07/23 11:39:38 | 000,313,264 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2009/07/23 11:39:36 | 000,206,336 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2009/07/22 16:03:04 | 000,642,920 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
PRC - [2009/07/17 12:31:28 | 000,427,304 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
PRC - [2009/07/17 12:31:28 | 000,091,432 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe
PRC - [2009/07/17 12:31:28 | 000,075,048 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
PRC - [2009/07/17 12:31:26 | 000,120,104 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
PRC - [2009/07/17 12:31:26 | 000,070,952 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe
PRC - [2009/07/14 12:15:12 | 000,204,648 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
PRC - [2009/07/14 12:15:12 | 000,112,488 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2009/06/04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/01/20 03:43:04 | 000,394,536 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
PRC - [2007/01/05 06:48:50 | 000,112,152 | ---- | M] (InterVideo) -- c:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2005/04/29 17:15:40 | 000,045,056 | ---- | M] () -- C:\Program Files (x86)\TouchFreeze\TouchFreeze.exe


========== Modules (SafeList) ==========

MOD - [2011/05/03 15:09:07 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\SJGOEL\Desktop\OTL.exe
MOD - [2010/11/20 14:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/11/04 18:18:12 | 000,042,360 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV:64bit: - [2010/11/04 18:15:50 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2010/11/03 18:30:40 | 000,199,272 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe -- (RtkAudioService)
SRV:64bit: - [2010/10/25 09:42:10 | 000,164,008 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel® PROSet Monitoring Service)
SRV:64bit: - [2009/07/14 04:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 04:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/01 19:54:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/05/21 17:11:20 | 001,462,544 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2009/05/21 15:31:30 | 000,830,224 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2009/01/20 03:43:04 | 000,394,536 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV:64bit: - [2009/01/17 08:59:12 | 000,110,376 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
SRV - [2010/12/24 19:42:04 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/12/20 18:08:58 | 000,363,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/11/11 14:48:32 | 000,334,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2010/11/11 14:48:28 | 000,404,080 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2010/11/11 14:47:22 | 000,113,264 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2010/11/11 13:31:44 | 000,539,248 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2010/09/16 15:06:22 | 000,080,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2010/08/19 14:57:14 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/08/06 12:19:52 | 000,345,336 | ---- | M] (QUALCOMM, Inc.) [Auto | Running] -- C:\QUALCOMM\QDLService\QDLService.exe -- (QDLService)
SRV - [2009/08/01 04:09:14 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)
SRV - [2009/07/23 11:39:38 | 000,313,264 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2009/07/23 11:39:38 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2009/07/23 11:39:36 | 000,206,336 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2009/07/22 16:03:04 | 000,642,920 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2009/07/17 12:31:28 | 000,427,304 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)
SRV - [2009/07/17 12:31:28 | 000,091,432 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe -- (SOHPlMgr)
SRV - [2009/07/17 12:31:28 | 000,075,048 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2009/07/17 12:31:26 | 000,120,104 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2009/07/17 12:31:26 | 000,070,952 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe -- (SOHDBSvr)
SRV - [2009/07/14 12:15:12 | 000,204,648 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2009/06/11 00:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2007/01/05 06:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- c:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/03/11 09:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 09:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/16 18:23:46 | 000,074,240 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2011/01/30 12:34:45 | 007,370,176 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/01/12 00:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/12/20 18:08:40 | 000,024,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2010/11/20 16:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 14:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/11 14:49:12 | 000,081,008 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2010/11/11 14:49:00 | 000,068,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2010/11/11 14:47:12 | 000,031,856 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2010/11/11 14:47:00 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2010/11/11 13:31:32 | 000,038,512 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2010/11/11 11:04:52 | 000,045,104 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2010/11/11 11:04:52 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb)
DRV:64bit: - [2010/11/11 11:04:52 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2010/11/08 20:16:36 | 008,500,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel®
DRV:64bit: - [2010/09/22 22:19:02 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2010/09/03 07:13:46 | 000,170,104 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2010/08/16 16:31:18 | 000,019,936 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdrvio.sys -- (pwdrvio)
DRV:64bit: - [2010/08/16 16:31:16 | 000,013,280 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdspio.sys -- (pwdspio)
DRV:64bit: - [2010/07/29 13:31:26 | 000,141,264 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2010/07/29 13:31:26 | 000,126,320 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2010/07/26 05:20:50 | 000,012,032 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV:64bit: - [2010/07/21 17:59:28 | 000,045,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2010/06/25 17:08:10 | 000,036,928 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2010/04/14 02:01:44 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2010/04/07 16:04:00 | 000,290,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y62x64.sys -- (e1yexpress) Intel®
DRV:64bit: - [2010/01/13 19:37:16 | 007,675,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel®
DRV:64bit: - [2009/12/08 16:36:00 | 000,064,016 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tcusb.sys -- (TcUsb)
DRV:64bit: - [2009/11/01 20:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009/09/24 17:31:14 | 000,076,288 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsn64.sys -- (risdptsk)
DRV:64bit: - [2009/09/03 19:59:28 | 000,054,784 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2009/09/03 17:56:06 | 005,435,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5v64.sys -- (NETw5v64) Intel®
DRV:64bit: - [2009/09/01 13:27:40 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/09/01 13:27:40 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/09/01 13:27:40 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/09/01 13:27:32 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009/08/01 04:09:14 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2009/08/01 04:09:10 | 001,485,824 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2009/08/01 04:09:06 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2009/08/01 04:09:06 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2009/07/30 18:55:46 | 000,025,120 | ---- | M] (Sony Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\shpf.sys -- (shpf)
DRV:64bit: - [2009/07/14 04:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 04:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 04:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 03:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/14 02:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/10 23:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 23:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 23:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 23:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 23:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 23:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/20 04:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/01/09 17:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2008/12/08 23:00:15 | 000,017,536 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SonyPI.sys -- (SPI)
DRV:64bit: - [2008/10/02 03:00:24 | 000,193,072 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2008/09/06 03:00:59 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV:64bit: - [2008/05/28 13:23:40 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2010/08/19 14:56:38 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=SNNT&bmod=SNNT
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Hotspot Shield Private Search"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {a2e6849b-7584-11da-8cd6-0800200c9a66}:1.4.5
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2
FF - prefs.js..extensions.enabledItems: {9ab67d74-ec41-4cb2-b417-df5d93ba1beb}:1.5.2
FF - prefs.js..extensions.enabledItems: {7102aba3-045c-4ec2-b921-46d87636d84b}:2.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://search.hotspo...lts.php?c=s&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/04/01 19:33:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/04/27 10:03:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010/12/24 15:50:25 | 000,000,000 | ---D | M]

[2010/12/24 20:04:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SJGOEL\AppData\Roaming\Mozilla\Extensions
[2011/05/03 15:02:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SJGOEL\AppData\Roaming\Mozilla\Firefox\Profiles\5u6g3uzl.default\extensions
[2011/03/31 09:34:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SJGOEL\AppData\Roaming\Mozilla\Firefox\Profiles\5u6g3uzl.default\extensions\{7102aba3-045c-4ec2-b921-46d87636d84b}
[2011/03/31 09:34:45 | 000,000,000 | ---D | M] (Table2Clipboard) -- C:\Users\SJGOEL\AppData\Roaming\Mozilla\Firefox\Profiles\5u6g3uzl.default\extensions\{9ab67d74-ec41-4cb2-b417-df5d93ba1beb}
[2010/12/24 20:08:21 | 000,000,000 | ---D | M] (Exch) -- C:\Users\SJGOEL\AppData\Roaming\Mozilla\Firefox\Profiles\5u6g3uzl.default\extensions\{a2e6849b-7584-11da-8cd6-0800200c9a66}
[2011/04/07 19:25:09 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\SJGOEL\AppData\Roaming\Mozilla\Firefox\Profiles\5u6g3uzl.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011/03/13 18:57:36 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\SJGOEL\AppData\Roaming\Mozilla\Firefox\Profiles\5u6g3uzl.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/12/24 18:45:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SJGOEL\AppData\Roaming\Mozilla\Firefox\Profiles\ff2f5h3i.default\extensions
[2010/12/24 18:45:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SJGOEL\AppData\Roaming\Mozilla\Firefox\Profiles\ff2f5h3i.default\extensions\{7102aba3-045c-4ec2-b921-46d87636d84b}
[2010/12/24 18:45:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SJGOEL\AppData\Roaming\Mozilla\Firefox\Profiles\ff2f5h3i.default\extensions\{9ab67d74-ec41-4cb2-b417-df5d93ba1beb}
[2010/12/24 18:45:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SJGOEL\AppData\Roaming\Mozilla\Firefox\Profiles\ff2f5h3i.default\extensions\{a2e6849b-7584-11da-8cd6-0800200c9a66}
[2011/05/03 15:02:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/03/11 10:21:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2010/12/24 15:52:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/03/11 10:21:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2008/12/23 13:06:38 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

O1 HOSTS File: ([2011/05/02 00:28:14 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [POP Peeper] C:\Program Files (x86)\POP Peeper\POPPeeper.exe (Mortal Universe)
O4 - HKCU..\Run: [TouchFreeze] C:\Program Files (x86)\TouchFreeze\TouchFreeze.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} http://esupport.sony.com/VaioInfo.CAB (VaioInfo.CMClass)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://active.macrom...abs/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 202.96.104.27 202.96.209.133
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\psfus: DllName - Reg Error: Key error. - C:\Program Files\Protector Suite\psqlpwd.dll (UPEK Inc.)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/05/03 15:09:04 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\SJGOEL\Desktop\OTL.exe
[2011/05/02 00:41:08 | 000,000,000 | ---D | C] -- C:\Users\SJGOEL\AppData\Roaming\Yahoo!
[2011/05/02 00:40:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2011/05/02 00:28:17 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/05/02 00:17:29 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/05/02 00:17:29 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/05/02 00:17:29 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/05/02 00:17:24 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/05/02 00:17:09 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/02 00:16:53 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/05/02 00:16:51 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2011/04/30 12:02:41 | 000,000,000 | ---D | C] -- C:\Program Files\JL_Cmder
[2011/04/30 11:57:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BB Boss
[2011/04/30 11:57:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrackMem
[2011/04/30 07:51:37 | 000,000,000 | ---D | C] -- C:\Users\SJGOEL\AppData\Roaming\Malwarebytes
[2011/04/30 07:51:31 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/04/30 07:51:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/30 07:51:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/04/30 07:51:25 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/04/30 07:51:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/04/29 21:37:50 | 000,000,000 | ---D | C] -- C:\Users\SJGOEL\Documents\Outlook Files
[2011/04/29 16:16:51 | 000,000,000 | ---D | C] -- C:\Users\SJGOEL\Desktop\Regn file
[2011/04/28 09:17:58 | 002,871,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2011/04/28 09:17:57 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2011/04/28 09:17:55 | 001,465,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011/04/28 09:17:55 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011/04/28 09:17:27 | 002,565,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll
[2011/04/28 09:17:27 | 001,699,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll
[2011/04/28 09:17:27 | 000,189,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2011/04/28 09:17:27 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsutil.exe
[2011/04/28 09:17:26 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys
[2011/04/28 09:17:26 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe
[2011/04/28 09:17:26 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys
[2011/04/28 09:17:20 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prevhost.exe
[2011/04/28 09:17:20 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prevhost.exe
[2011/04/27 22:45:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Research In Motion Limited
[2011/04/27 20:08:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Network Stumbler
[2011/04/27 13:18:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011/04/16 11:52:35 | 000,000,000 | ---D | C] -- C:\Users\SJGOEL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DiskInternals
[2011/04/16 11:52:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DiskInternals
[2011/04/16 11:50:07 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011/04/16 11:50:07 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2011/04/14 21:55:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WebSite X5 v8 - Evolution
[2011/04/14 01:40:10 | 004,284,416 | ---- | C] (Google Inc.) -- C:\Windows\SysWow64\GPhotos.scr
[2011/04/12 21:30:18 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/04/12 21:30:18 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/04/12 21:30:05 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42.dll
[2011/04/12 21:30:05 | 001,359,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42u.dll
[2011/04/12 21:30:04 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll
[2011/04/12 21:30:04 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll
[2011/04/12 21:30:03 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll
[2011/04/12 21:30:02 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnscacheugc.exe
[2011/04/12 21:30:02 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe
[2011/04/12 21:30:01 | 000,605,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe
[2011/04/12 21:30:01 | 000,566,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2011/04/12 21:30:01 | 000,518,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe
[2011/04/12 21:30:01 | 000,019,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd1394.dll
[2011/04/12 21:30:00 | 000,642,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2011/04/12 21:30:00 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdusb.dll
[2011/04/12 21:30:00 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdcom.dll
[2011/04/12 21:29:48 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2011/04/12 21:29:48 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2011/04/12 21:29:48 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2011/04/12 21:29:48 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2011/04/12 21:29:47 | 000,919,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/04/12 21:29:47 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/04/12 21:29:47 | 000,613,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011/04/12 21:29:42 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FXSCOVER.exe
[2011/04/12 12:15:43 | 000,000,000 | ---D | C] -- C:\Users\SJGOEL\AppData\Roaming\Opera
[2011/04/12 12:15:43 | 000,000,000 | ---D | C] -- C:\Users\SJGOEL\AppData\Local\Opera
[2011/04/12 12:15:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera
[2011/04/10 08:07:36 | 002,152,552 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvencodemft.dll
[2011/04/10 08:07:31 | 001,734,248 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2011/04/10 08:07:25 | 000,183,912 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcod173.dll
[2011/04/10 08:07:13 | 000,930,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpinst.exe
[2011/04/10 08:07:13 | 000,106,008 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\difx64.exe
[2011/04/10 07:48:28 | 000,064,016 | ---- | C] (UPEK Inc.) -- C:\Windows\SysNative\drivers\tcusb.sys
[2011/04/10 07:48:27 | 002,578,576 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2011/04/10 07:48:27 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2011/04/10 07:48:27 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2011/04/10 07:48:27 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2011/04/10 07:48:27 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2011/04/10 07:48:27 | 000,121,744 | ---- | C] (Sony Corporation) -- C:\Windows\SysNative\SFSS_APO.dll
[2011/04/10 07:48:27 | 000,090,112 | ---- | C] (Sony Corporation) -- C:\Windows\SysNative\snymsico.dll
[2011/04/10 07:48:27 | 000,076,288 | ---- | C] (REDC) -- C:\Windows\SysNative\drivers\risdsn64.sys
[2011/04/10 07:48:27 | 000,054,784 | ---- | C] (REDC) -- C:\Windows\SysNative\drivers\rimspx64.sys
[2011/04/10 07:48:26 | 002,369,128 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll
[2011/04/10 07:48:26 | 001,146,984 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl
[2011/04/10 07:48:26 | 000,220,496 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFNHK64.dll
[2011/04/10 07:48:26 | 000,081,232 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFCOM64.dll
[2011/04/10 07:48:26 | 000,078,160 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFAPO64.dll
[2011/04/10 07:48:26 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll
[2011/04/10 07:48:25 | 002,839,656 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll
[2011/04/10 07:48:25 | 000,648,296 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll
[2011/04/10 07:48:25 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2011/04/10 07:48:25 | 000,332,392 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll
[2011/04/10 07:48:25 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2011/04/10 07:48:25 | 000,149,608 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll
[2011/04/10 07:48:25 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2011/04/10 07:48:25 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2011/04/10 07:48:24 | 001,247,848 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll
[2011/04/10 07:48:24 | 000,820,224 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoRes64.dat
[2011/04/10 07:48:24 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2011/04/10 07:48:24 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2011/04/10 07:48:24 | 000,084,072 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInst64.dll
[2011/04/10 07:48:23 | 001,718,616 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll
[2011/04/10 07:48:22 | 001,868,944 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll
[2011/04/10 07:48:22 | 000,421,720 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll
[2011/04/10 07:48:22 | 000,334,680 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll
[2011/04/10 07:48:22 | 000,127,832 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll
[2011/04/10 07:48:22 | 000,108,888 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll
[2011/04/10 07:48:22 | 000,074,584 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll
[2011/04/10 07:48:21 | 002,197,264 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2011/04/10 07:48:21 | 002,075,712 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2011/04/10 07:48:21 | 001,327,208 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
[2011/04/10 07:48:21 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll
[2011/04/10 07:48:21 | 000,475,752 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
[2011/04/10 07:48:21 | 000,341,336 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll
[2011/04/10 07:48:21 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2011/04/10 07:48:20 | 001,179,752 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
[2011/04/10 07:48:20 | 001,111,656 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
[2011/04/10 07:48:20 | 000,504,936 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
[2011/04/10 07:48:20 | 000,317,032 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
[2011/04/10 07:48:20 | 000,269,928 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
[2011/04/10 07:48:20 | 000,266,856 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
[2011/04/10 07:48:20 | 000,200,800 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll
[2011/04/10 07:48:20 | 000,126,056 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
[2011/04/10 07:48:20 | 000,125,544 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
[2011/04/10 07:48:20 | 000,125,032 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll
[2011/04/10 07:48:20 | 000,108,960 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll
[2011/04/10 07:48:00 | 008,500,736 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\NETwNs64.sys
[2011/04/10 07:47:59 | 002,750,464 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\NETwNr64.dll
[2011/04/10 07:47:59 | 000,799,232 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\NETwNc64.dll
[2011/04/10 07:47:59 | 000,439,320 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\iaStor.sys
[2011/04/10 07:47:59 | 000,436,736 | ---- | C] (Conexant Systems, Inc.) -- C:\Windows\SysWow64\XAudio64.dll
[2011/04/10 07:47:59 | 000,010,240 | ---- | C] (Conexant Systems, Inc.) -- C:\Windows\SysNative\drivers\XAudio64.sys
[2011/04/10 07:47:58 | 001,485,824 | ---- | C] (Conexant Systems, Inc.) -- C:\Windows\SysNative\drivers\CAX_DPV.sys
[2011/04/10 07:47:58 | 000,740,864 | ---- | C] (Conexant Systems, Inc.) -- C:\Windows\SysNative\drivers\CAX_CNXT.sys
[2011/04/10 07:47:58 | 000,394,752 | ---- | C] (Conexant Systems, Inc.) -- C:\Windows\SysNative\UCI64M41.dll
[2011/04/10 07:47:58 | 000,292,864 | ---- | C] (Conexant Systems, Inc.) -- C:\Windows\SysNative\drivers\CAXHWAZL.sys
[2011/04/10 07:29:12 | 000,000,000 | ---D | C] -- C:\Users\SJGOEL\Documents\My Drivers
[2011/04/10 07:29:12 | 000,000,000 | ---D | C] -- C:\Users\SJGOEL\AppData\Local\Innovative Solutions
[2011/04/10 07:29:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Innovative Solutions
[2011/04/10 07:29:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverMax
[2011/04/10 07:29:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Innovative Solutions
[2011/04/08 14:48:58 | 000,000,000 | ---D | C] -- C:\Users\SJGOEL\Documents\InterVideo
[2011/04/08 14:46:06 | 000,000,000 | ---D | C] -- C:\Users\SJGOEL\AppData\Roaming\InterVideo
[2011/04/05 15:31:35 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Illustrator Lite
[2011/04/05 14:33:39 | 000,000,000 | ---D | C] -- C:\Users\SJGOEL\Documents\Webcasts
[2011/04/05 14:33:37 | 000,000,000 | ---D | C] -- C:\Users\SJGOEL\.webrenderer
[2011/04/04 21:05:07 | 000,000,000 | ---D | C] -- C:\Users\SJGOEL\AppData\Roaming\SUPERAntiSpyware.com
[2011/04/04 21:05:07 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/04/03 19:39:32 | 000,000,000 | ---D | C] -- C:\Users\SJGOEL\Desktop\ANU

========== Files - Modified Within 30 Days ==========

[2011/05/03 15:09:07 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\SJGOEL\Desktop\OTL.exe
[2011/05/03 15:06:55 | 000,080,384 | ---- | M] () -- C:\Users\SJGOEL\Desktop\MBRCheck.exe
[2011/05/03 02:03:15 | 000,734,596 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/05/03 02:03:15 | 000,634,048 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/05/03 02:03:15 | 000,112,666 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/05/03 02:03:10 | 000,011,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/03 02:03:10 | 000,011,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/03 01:55:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/03 01:55:30 | 3166,826,496 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/02 15:54:25 | 000,006,023 | ---- | M] () -- C:\Users\SJGOEL\Desktop\Extract Pages From Azerbaijani diplomatic missions abroad.pdf
[2011/05/02 00:28:14 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/05/02 00:16:41 | 004,334,469 | R--- | M] () -- C:\Users\SJGOEL\Desktop\ComboFix.exe
[2011/04/30 09:22:21 | 000,000,227 | ---- | M] () -- C:\Windows\WININIT.INI
[2011/04/29 15:58:38 | 000,689,341 | ---- | M] () -- C:\Users\SJGOEL\Desktop\1941_001.pdf
[2011/04/28 10:42:13 | 000,129,664 | ---- | M] () -- C:\test.xml
[2011/04/22 21:33:37 | 026,958,557 | ---- | M] () -- C:\Users\SJGOEL\Documents\LoaderBackup-(2011-04-22).ipd
[2011/04/21 10:05:09 | 000,023,040 | ---- | M] () -- C:\Users\SJGOEL\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/19 11:12:01 | 000,106,345 | ---- | M] () -- C:\Users\SJGOEL\Desktop\merck.pdf
[2011/04/14 01:40:10 | 004,284,416 | ---- | M] (Google Inc.) -- C:

#15 JonTom

JonTom

    Trusted Malware Tech

  • Trusted Malware Techs
  • 2,999 posts
  • Gender:Male
  • Location:UK


Posted 03 May 2011 - 04:41 PM

Hello goel

The mbr log looks okay. I can see no reference to search-results.com in any of your logs.

Can you confirm to me that your ISP resolves to the Zhejiang Telecom/China Beijing Chinanet Shanghai Province Network?

  • Please open OTL


    • Copy and paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL.

      :OTL
      O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
      O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
      @Alternate Data Stream - 169 bytes -> C:\ProgramData\TEMP:1CE11B51
      @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:07BF512B
      
      :Commands
      [resethosts]
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
      

    • Once you have pasted the information into the Custom Scans/Fixes box, click the "Run Fix" button at the top.
    • Allow the program to run unhindered.
    • Your machine will re-start itself. This is normal.
    • A log will be created after your machine reboots. Please post the contents of the log in your next reply.

  • Please flush your DNS Cache


    • Click the Start logo in the bottom left corner of the screen.
    • Click on All Programs.
    • Click on Accessories.
    • RIGHT-click on Command Prompt.
    • Select "Run As Administrator".
    • In the command window, type the following or copy/paste and then press Enter: ipconfig /flushdns
    • NOTE: There is a space between the letter g in ipconfig and the slash(/) in /flushdns.
    • You should receive confirmation that you DNS cache has been flushed.

    Please post the OTL log in your next reply along with the answer to my question and let me know how the machine is running :)

Member of ASAP and UNITE
Proud Graduate of the WTT Classroom

#16 goel

goel

    Member

  • Members
  • 60 posts
  • Gender:Male



Posted 03 May 2011 - 07:31 PM

Dear JonTom Thanks for your help. I am ow in China, so IP is correct. I enclose the log, but cannot check computer behavior because my hotel IP policy does not allow this. Will try to check in few hours from outside. All processes killed ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully. Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully. Starting removal of ActiveX control {7530BFB8-7293-4D34-9923-61A11451AFC5} C:\Windows\Downloaded Program Files\OnlineScanner.inf moved successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found. ADS C:\ProgramData\TEMP:1CE11B51 deleted successfully. ADS C:\ProgramData\TEMP:07BF512B deleted successfully. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->Flash cache emptied: 56502 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes User: SJGOEL ->Temp folder emptied: 398171 bytes ->Temporary Internet Files folder emptied: 58572346 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 123686278 bytes ->Opera cache emptied: 2346453 bytes ->Flash cache emptied: 47562 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 23377 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 70538 bytes RecycleBin emptied: 4644816 bytes Total Files Cleaned = 181.00 mb [EMPTYFLASH] User: All Users User: Default ->Flash cache emptied: 0 bytes User: Default User ->Flash cache emptied: 0 bytes User: Public User: SJGOEL ->Flash cache emptied: 0 bytes Total Flash Files Cleaned = 0.00 mb OTL by OldTimer - Version 3.2.22.3 log created on 05042011_023754 Files\Folders moved on Reboot... C:\Users\SJGOEL\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-2560.log moved successfully. Registry entries deleted on Reboot...

#17 goel

goel

    Member

  • Members
  • 60 posts
  • Gender:Male



Posted 04 May 2011 - 10:14 AM

Dear JonTom


I had posted the log earlier.

The situation is: now when I try a search term in the address bar, the browser tries to connect to some http://search.hotspotshield.com and after some time gives a message:

The connection has timed out
The server at search.hotspotshield.com is taking too long to respond.


I am not sure if this is imporvement because earlier I was gettong connectedto search-results.com, but now the ffort is to connect to hotspotshield. Maybe it is the hotel IP policy, where I am now

Regards

#18 JonTom

JonTom

    Trusted Malware Tech

  • Trusted Malware Techs
  • 2,999 posts
  • Gender:Male
  • Location:UK


Posted 05 May 2011 - 01:52 AM

Hello goel

Your situation has got me curious...

I am ow in China, so IP is correct

Thank you for letting me know

Maybe it is the hotel IP policy, where I am now

This may be one possible explanation (you could always ask them).

It is known that hotspotshield can be used in conjunction with insecure public networks to increase User safety (through data encryption - which fits with the possibility of the hotel IP policy, since it is in effect a public access point).


The reputations of both sites are not overly questionable (links provided are to the Web Of Trust scorecards):

search-results.com: http://www.mywot.com...rch-results.com

search.hotspotshield.com: http://www.mywot.com...tspotshield.com


I am not convinced (at this point in time) that it is definitely malicious so to be ultra cautious, I would enquire with the hotel as to whether they use HotSpotShield, then update your ESET NOD32 and run a full system scan and let me know if there are any other problems besides the connection issue.

Once you have done the above we will take it from there :)
Member of ASAP and UNITE
Proud Graduate of the WTT Classroom

#19 goel

goel

    Member

  • Members
  • 60 posts
  • Gender:Male



Posted 05 May 2011 - 11:37 AM

Dear JonTom Thanks for advice. Enquiry did not result in anything, probably language issues. Please keep the topic alive for 2-3 days when I will be back & check from our normal location - and update you. Regards

#20 JonTom

JonTom

    Trusted Malware Tech

  • Trusted Malware Techs
  • 2,999 posts
  • Gender:Male
  • Location:UK


Posted 05 May 2011 - 03:03 PM

Hello goel

Please keep the topic alive for 2-3 days

No problem :)

I have asked around and ss I suspected, HotSpotShield is not malicious although it can plug many additional features/advertisements during browsing which are not always wanted.

We should be able to remove it from your machine without too much trouble it you want rid of it - post a new OTL log when you get back to your normal location and we'll take things from there :)
Member of ASAP and UNITE
Proud Graduate of the WTT Classroom




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users