Jump to content
Sign in to follow this  
goel

Fiefox Browser Hijacked

Recommended Posts

Hello

 

I have a SONY-VAIO VGN-Z750D laptop, running Windows 7 pro, 64 bit.

 

When I search using the Firefox address bar, the search results appear, not from google.com but from www.search-results.com. Search-results.com does not exist in the list of my search providers.

 

However if I search using the Internet Explorer address bar, then the results appear from google.com.

 

Also laptop seems to be running slow.

 

HJT log & DDS results are as below. Please help.

 

Thanks

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:18:21, on 27/04/2011

Platform: Unknown Windows (WinNT 6.01.3505 SP1)

MSIE: Internet Explorer v8.00 (8.00.7601.17514)

Boot mode: Normal

 

Running processes:

C:\Program Files\Sony\VAIO Care\VCSpt.exe

C:\Program Files (x86)\TouchFreeze\TouchFreeze.exe

C:\Program Files (x86)\POP Peeper\POPPeeper.exe

C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe

O1 - Hosts: ::1 localhost

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O4 - HKCU\..\Run: [TouchFreeze] C:\Program Files (x86)\TouchFreeze\TouchFreeze.exe

O4 - HKCU\..\Run: [POP Peeper] "C:\Program Files (x86)\POP Peeper\POPPeeper.exe" -min

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware workstation\vsocklib.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware workstation\vsocklib.dll

O13 - Gopher Prefix:

O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

O23 - Service: Intel® PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing)

O23 - Service: IviRegMgr - InterVideo - c:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Qualcomm Gobi Download Service (QDLService) - QUALCOMM, Inc. - C:\QUALCOMM\QDLService\QDLService.exe

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe

O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe

O23 - Service: VAIO Media plus Database Manager (SOHDBSvr) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe

O23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe

O23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe

O23 - Service: VAIO Media plus Playlist Manager (SOHPlMgr) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe

O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe

O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe

O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe

O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe

O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe

O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe

O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe

O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

 

--

End of file - 13265 bytes

 

 

*******************************************************

 

.

DDS (Ver_11-03-05.01) - NTFS_AMD64

Run by SJGOEL at 13:44:09.51 on 27/04/2011

Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_24

Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.4027.2083 [GMT 3:00]

.

AV: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}

SP: ESET NOD32 Antivirus 4.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Protector Suite\upeksvr.exe

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k HsfXAudioService

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Windows\system32\IProsetMonitor.exe

c:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe

C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe

C:\QUALCOMM\QDLService\QDLService.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe

C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe

C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe

C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\SysWOW64\vmnat.exe

C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe

C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe

C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe

C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe

C:\Windows\SysWOW64\vmnetdhcp.exe

C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe

C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Sony\VAIO Care\VCSpt.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\Program Files (x86)\TouchFreeze\TouchFreeze.exe

C:\Program Files (x86)\POP Peeper\POPPeeper.exe

C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Sony\VAIO Care\VCsystray.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\notepad.exe

C:\Windows\splwow64.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\SJGOEL\Desktop\dds.scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT

uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT

mWinlogon: Userinit=userinit.exe

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

uRun: [TouchFreeze] C:\Program Files (x86)\TouchFreeze\TouchFreeze.exe

uRun: [POP Peeper] "C:\Program Files (x86)\POP Peeper\POPPeeper.exe" -min

mRun: [<NO NAME>]

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

mPolicies-system: DisableCAD = 1 (0x1)

IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105

IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

LSP: C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll

DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} - hxxp://esupport.sony.com/VaioInfo.CAB

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://active.macromedia.com/flash2/cabs/swflash.cab

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

Notify: VESWinlogon - VESWinlogon.dll

LSA: Notification Packages = scecli psqlpwd C:\Program Files\Protector Suite\psqlpwd.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

mRun-x64: [skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe

mRun-x64: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\SJGOEL\AppData\Roaming\Mozilla\Firefox\Profiles\5u6g3uzl.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://search.hotspotshield.com/g/results.php?c=s&q=

FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll

FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

FF - Ext: Exch: {a2e6849b-7584-11da-8cd6-0800200c9a66} - %profile%\extensions\{a2e6849b-7584-11da-8cd6-0800200c9a66}

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}

FF - Ext: Table2Clipboard: {9ab67d74-ec41-4cb2-b417-df5d93ba1beb} - %profile%\extensions\{9ab67d74-ec41-4cb2-b417-df5d93ba1beb}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

.

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-12-24 55280]

R0 shpf;Sony HDD Protection Filter Driver;C:\Windows\System32\drivers\shpf.sys [2010-12-24 25120]

R1 VWiFiFlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-14 59904]

R2 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2010-9-3 170104]

R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2010-11-4 810144]

R2 epfwwfpr;epfwwfpr;C:\Windows\System32\drivers\epfwwfpr.sys [2010-7-29 126320]

R2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-14 27136]

R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2011-1-13 164008]

R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2010-9-16 80896]

R2 QDLService;Qualcomm Gobi Download Service;C:\QUALCOMM\QDLService\QDLService.exe [2009-8-6 345336]

R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2011-4-10 199272]

R2 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-12-24 120104]

R2 SOHDBSvr;VAIO Media plus Database Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2010-12-24 70952]

R2 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-12-24 427304]

R2 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-12-24 75048]

R2 SOHPlMgr;VAIO Media plus Playlist Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2010-12-24 91432]

R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2010-12-24 104960]

R2 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-7-22 642920]

R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-11-11 539248]

R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\System32\drivers\ArcSoftKsUFilter.sys [2010-12-24 19968]

R3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2011-4-10 292864]

R3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y62x64.sys [2010-4-7 290008]

R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETwNs64.sys [2011-4-10 8500736]

R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2010-7-26 12032]

R3 SPI;Sony Programmable I/O Control Device;C:\Windows\System32\drivers\SonyPI.sys [2009-4-22 17536]

R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-12-24 394536]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-14 17920]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 Roxio Upnp Server 10;Roxio Upnp Server 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-6-26 362992]

S3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2010-4-14 54824]

S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-12-26 35104]

S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\ANDROIDUSB.sys [2009-11-1 33736]

S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\System32\drivers\htcnprot.sys [2010-6-25 36928]

S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-1-25 7675392]

S3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw5v64.sys [2010-12-24 5435904]

S3 pwdrvio;pwdrvio;C:\Windows\System32\pwdrvio.sys [2011-2-13 19936]

S3 pwdspio;pwdspio;C:\Windows\System32\pwdspio.sys [2011-2-13 13280]

S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-6-26 313840]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-2-23 59392]

S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-12-24 110376]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-12-24 1255736]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; [x]

.

=============== Created Last 30 ================

.

2011-04-27 10:18:05 -------- d-----w- C:\Program Files (x86)\Trend Micro

2011-04-23 04:13:40 8802128 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{CB553591-1402-4DC1-81D9-6D9C92BC6A6C}\mpengine.dll

2011-04-22 18:17:17 69632 ----a-r- C:\Users\SJGOEL\AppData\Roaming\Microsoft\Installer\{8BE666F4-DEFF-4FB7-9938-A7F808C82EF7}\BlackBerry.exe

2011-04-16 08:52:34 -------- d-----w- C:\Program Files (x86)\DiskInternals

2011-04-16 08:50:07 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll

2011-04-16 08:50:07 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll

2011-04-15 10:29:52 135568 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll

2011-04-14 18:55:02 -------- d-----w- C:\Program Files (x86)\WebSite X5 v8 - Evolution

2011-04-13 22:40:10 4284416 ----a-w- C:\Windows\SysWow64\GPhotos.scr

2011-04-12 18:29:53 467456 ----a-w- C:\Windows\System32\drivers\srv.sys

2011-04-12 09:15:43 -------- d-----w- C:\Users\SJGOEL\AppData\Local\Opera

2011-04-10 05:07:36 2152552 ----a-w- C:\Windows\System32\nvencodemft.dll

2011-04-10 05:07:31 1734248 ----a-w- C:\Windows\System32\nvcuvenc.dll

2011-04-10 05:07:25 183912 ----a-w- C:\Windows\System32\nvcod173.dll

2011-04-10 05:07:13 930272 ----a-w- C:\Windows\System32\dpinst.exe

2011-04-10 05:07:13 106008 ----a-w- C:\Windows\System32\difx64.exe

2011-04-10 04:47:59 799232 ----a-w- C:\Windows\System32\NETwNc64.dll

2011-04-10 04:47:59 439320 ----a-w- C:\Windows\System32\drivers\iaStor.sys

2011-04-10 04:47:59 436736 ----a-w- C:\Windows\SysWow64\XAudio64.dll

2011-04-10 04:47:59 2750464 ----a-w- C:\Windows\System32\NETwNr64.dll

2011-04-10 04:47:59 10240 ----a-w- C:\Windows\System32\drivers\XAudio64.sys

2011-04-10 04:47:58 740864 ----a-w- C:\Windows\System32\drivers\CAX_CNXT.sys

2011-04-10 04:47:58 394752 ----a-w- C:\Windows\System32\UCI64M41.dll

2011-04-10 04:47:58 292864 ----a-w- C:\Windows\System32\drivers\CAXHWAZL.sys

2011-04-10 04:47:58 1485824 ----a-w- C:\Windows\System32\drivers\CAX_DPV.sys

2011-04-10 04:29:12 -------- d-----w- C:\Users\SJGOEL\AppData\Local\Innovative Solutions

2011-04-10 04:29:12 -------- d-----w- C:\PROGRA~3\Innovative Solutions

2011-04-10 04:29:07 -------- d-----w- C:\Program Files (x86)\Innovative Solutions

2011-04-05 12:34:50 -------- d-----w- C:\Windows\XSxS

2011-04-05 12:31:35 -------- d-----w- C:\Program Files\Adobe Illustrator Lite

2011-04-05 11:33:37 -------- d-----w- C:\Users\SJGOEL\.webrenderer

2011-04-04 18:05:07 -------- d-----w- C:\Users\SJGOEL\AppData\Roaming\SUPERAntiSpyware.com

2011-04-04 18:05:07 -------- d-----w- C:\PROGRA~3\SUPERAntiSpyware.com

2011-04-01 13:06:12 -------- d-----w- C:\Users\SJGOEL\AppData\Roaming\CoreFTP

2011-04-01 13:05:35 -------- d-----w- C:\Program Files (x86)\CoreFTP

2011-04-01 12:24:56 -------- d-----w- C:\Program Files (x86)\Chami

2011-04-01 11:56:21 -------- d-----w- C:\Users\SJGOEL\AppData\Roaming\Nvu

2011-04-01 11:47:27 -------- d-----w- C:\Users\SJGOEL\AppData\Local\ESET

2011-03-31 06:36:25 552376 ----a-w- C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe

2011-03-31 06:36:25 25048 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browserdirprovider.dll

2011-03-31 06:36:25 140248 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\brwsrcmp.dll

.

==================== Find3M ====================

.

2011-03-11 07:21:24 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2011-03-11 06:34:51 1359872 ----a-w- C:\Windows\System32\mfc42u.dll

2011-03-11 06:34:50 1395712 ----a-w- C:\Windows\System32\mfc42.dll

2011-03-11 05:33:59 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll

2011-03-11 05:33:59 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll

2011-03-08 06:29:32 976896 ----a-w- C:\Windows\System32\inetcomm.dll

2011-03-08 05:28:29 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll

2011-03-07 06:31:44 1188864 ----a-w- C:\Windows\System32\wininet.dll

2011-03-07 05:33:13 981504 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-03-07 04:24:34 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2011-03-07 03:52:25 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-03-03 06:24:16 183296 ----a-w- C:\Windows\System32\dnsrslvr.dll

2011-03-03 06:21:57 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe

2011-03-03 05:36:16 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe

2011-03-03 03:52:08 3135488 ----a-w- C:\Windows\System32\win32k.sys

2011-02-24 15:21:10 2753512 ----a-w- C:\Windows\System32\drivers\RTKVHD64.sys

2011-02-23 08:36:22 175616 ----a-w- C:\Windows\System32\msclmd.dll

2011-02-23 08:36:22 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll

2011-02-23 04:56:31 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys

2011-02-23 04:56:03 411648 ----a-w- C:\Windows\System32\drivers\srv2.sys

2011-02-23 04:55:47 167936 ----a-w- C:\Windows\System32\drivers\srvnet.sys

2011-02-23 04:55:12 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys

2011-02-23 04:55:12 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys

2011-02-23 04:55:04 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys

2011-02-22 12:52:00 2075712 ----a-w- C:\Windows\System32\FMAPO64.dll

2011-02-22 10:20:24 820224 ----a-w- C:\Windows\System32\RCoRes64.dat

2011-02-22 08:16:26 2369128 ----a-w- C:\Windows\System32\RtPgEx64.dll

2011-02-19 12:05:15 1139200 ----a-w- C:\Windows\System32\FntCache.dll

2011-02-19 12:04:37 1544192 ----a-w- C:\Windows\System32\DWrite.dll

2011-02-19 12:04:17 902656 ----a-w- C:\Windows\System32\d2d1.dll

2011-02-19 12:03:46 46080 ----a-w- C:\Windows\System32\atmlib.dll

2011-02-19 09:00:32 367616 ----a-w- C:\Windows\System32\atmfd.dll

2011-02-19 06:30:51 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll

2011-02-19 06:30:50 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll

2011-02-19 06:30:46 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2011-02-19 04:34:54 294912 ----a-w- C:\Windows\SysWow64\atmfd.dll

2011-02-18 10:56:44 613376 ----a-w- C:\Windows\System32\vbscript.dll

2011-02-18 07:49:40 2839656 ----a-w- C:\Windows\System32\RtkAPO64.dll

2011-02-18 05:43:28 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll

2011-02-17 11:03:54 648296 ----a-w- C:\Windows\System32\RtkApi64.dll

2011-02-16 15:23:46 74240 ----a-w- C:\Windows\System32\drivers\RimUsb_AMD64.sys

2011-02-16 10:11:28 84072 ----a-w- C:\Windows\System32\RCoInst64.dll

2011-02-12 11:34:16 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe

2011-02-11 11:39:00 1247848 ----a-w- C:\Windows\System32\RTCOM64.dll

2011-02-05 17:10:16 642944 ----a-w- C:\Windows\System32\winload.efi

2011-02-05 17:10:08 20352 ----a-w- C:\Windows\System32\kdusb.dll

2011-02-05 17:10:08 19328 ----a-w- C:\Windows\System32\kd1394.dll

2011-02-05 17:10:08 17792 ----a-w- C:\Windows\System32\kdcom.dll

2011-02-05 17:06:41 605552 ----a-w- C:\Windows\System32\winload.exe

2011-02-05 17:06:41 566208 ----a-w- C:\Windows\System32\winresume.efi

2011-02-05 17:06:41 518672 ----a-w- C:\Windows\System32\winresume.exe

2011-02-02 15:11:20 270720 ------w- C:\Windows\System32\MpSigStub.exe

.

============= FINISH: 13:44:56.21 ===============

 

***************

Share this post


Link to post
Share on other sites

Hello goel and :wp:

 

My name is JonTom

 

  • Malware Logs can sometimes take a lot of time to research and interpret.

  • Please be patient while I try to assist with your problem. If at any time you do not understand what is required, please ask for further explanation.

  • Please note that there is no "Quick Fix" to modern malware infections and we may need to use several different approaches to get your system clean.

  • Read every reply you receive carefully and thoroughly before carrying out the instructions. You may also find it helpful to print out the instructions you receive, as in some instances you may have to disconnect your computer from the Internet.

  • PLEASE NOTE: If you do not reply after 5 days your thread will be closed.

When you scanned your system with DDS, two logs would have been produced. You have posted the DDS.txt, but I also need to see the attach.txt.

 

Lets begin with the following:

 

  • Please download GooredFix by JPShortstuff

     

     

    • Please download GooredFix from one of the locations below and save it to your Desktop.

    Download Mirror #1

    Download Mirror #2

     

    • Ensure all Firefox windows are closed.
    • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista/Win7).
    • When prompted to run the scan, click Yes.
    • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

  • Please perform the following scan:

     

     

    • Please download MalwareBytes AntiMalware by clicking here and save the file (called mbam-setup.exe) to your desktop.

    • Right click on the mbam-setup.exe icon and select "Run as Administrator" to install the program.
    • Follow the prompts during installation and have the Installation Wizzard create a desktop icon.
    • Once installed, double click on the MalwareBytes AntiMalware icon to launch the program.
    • Click on the "Update" tab and then on "Check for Updates".
    • The program will now install the latest Malware definition files.
    • Once complete, click on the "Scanner" tab, select "Perform Quick Scan"and then click on "Scan".
    • Once the program has scanned your computer, a log file will be created in Notepad.
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.

     

    • If the scan detects any Malware-related objects, make sure that everything is checked, and click "Remove Selected" <– Very Important.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to restart your computer.
    • The log is automatically saved by MBAM and can be viewed by clicking the "Logs" tab.
    • Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart your computer, please do so immediately.
    • Come back here to this thread and Paste the log in your next reply.

    Please post the attach.txt, the GooredFix log and the MBAM log in your next reply.

Share this post


Link to post
Share on other sites

Dear JonTom,

 

Thanks for your help. Below are the various logs:

 

Malwarebytes found 'Spyware.Banker' which was removed. Problem persists.

 

Thanks

 

DDS ATTACH

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_11-03-05.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 24/12/2010 15:26:58

System Uptime: 30/04/2011 07:59:25 (1 hours ago)

.

Motherboard: Sony Corporation | | VAIO

Processor: Intel® Core2 Duo CPU P8800 @ 2.66GHz | N/A | 2667/266mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 287 GiB total, 109.536 GiB free.

D: is CDROM ()

E: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: SASDIFSV

Device ID: ROOT\LEGACY_SASDIFSV\0000

Manufacturer:

Name: SASDIFSV

PNP Device ID: ROOT\LEGACY_SASDIFSV\0000

Service: SASDIFSV

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: SASKUTIL

Device ID: ROOT\LEGACY_SASKUTIL\0000

Manufacturer:

Name: SASKUTIL

PNP Device ID: ROOT\LEGACY_SASKUTIL\0000

Service: SASKUTIL

.

Class GUID:

Description: Bluetooth Peripheral Device

Device ID: BTHENUM\{00001132-0000-1000-8000-00805F9B34FB}_LOCALMFG&000F\7&1D73BD4E&0&2CA8354BB0A6_C00000000

Manufacturer:

Name: Bluetooth Peripheral Device

PNP Device ID: BTHENUM\{00001132-0000-1000-8000-00805F9B34FB}_LOCALMFG&000F\7&1D73BD4E&0&2CA8354BB0A6_C00000000

Service:

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Bluetooth Device (Personal Area Network)

Device ID: BTH\MS_BTHPAN\6&B8D5841&0&2

Manufacturer: Microsoft

Name: Bluetooth Device (Personal Area Network)

PNP Device ID: BTH\MS_BTHPAN\6&B8D5841&0&2

Service: BthPan

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Bluetooth Device (RFCOMM Protocol TDI)

Device ID: BTH\MS_RFCOMM\6&B8D5841&0&0

Manufacturer: Microsoft

Name: Bluetooth Device (RFCOMM Protocol TDI)

PNP Device ID: BTH\MS_RFCOMM\6&B8D5841&0&0

Service: RFCOMM

.

==== System Restore Points ===================

.

RP241: 27/04/2011 20:10:04 - Before uninstalling Network Stumbler 0.4.0 (remove only)

RP242: 27/04/2011 20:11:17 - Before uninstalling HijackThis 2.0.2

RP243: 27/04/2011 20:11:41 - Installed inSSIDer 2.0

RP244: 27/04/2011 21:23:53 - Before uninstalling inSSIDer 2.0

RP245: 27/04/2011 21:24:04 - Removed inSSIDer 2.0

RP246: 27/04/2011 22:44:52 - Installed BlackBerry App World Browser Plugin

RP247: 28/04/2011 09:14:13 - Windows Update

RP248: 28/04/2011 09:27:33 - Windows Update

.

==== Installed Programs ======================

.

.

Adobe Acrobat X Pro - English, Français, Deutsch

Adobe AIR

Adobe Anchor Service CS3

Adobe Asset Services CS3

Adobe Bridge CS3

Adobe Bridge Start Meeting

Adobe Camera Raw 4.0

Adobe CMaps

Adobe Color - Photoshop Specific

Adobe Color Common Settings

Adobe Color EU Extra Settings

Adobe Color JA Extra Settings

Adobe Color NA Recommended Settings

Adobe Default Language CS3

Adobe Device Central CS3

Adobe ExtendScript Toolkit 2

Adobe Flash Player 10 Plugin

Adobe Fonts All

Adobe Help Viewer CS3

Adobe Linguistics CS3

Adobe PDF Library Files

Adobe Photoshop CS3

Adobe Setup

Adobe Stock Photos CS3

Adobe Type Support

Adobe Update Manager CS3

Adobe Version Cue CS3 Client

Adobe WinSoft Linguistics Plugin

Adobe XMP Panels CS3

Angry Birds

Application Manager for VAIO

ArcSoft Magic-i Visual Effects 2

ArcSoft WebCam Companion 2

Ashampoo Burning Studio 10.0.7

µTorrent

Auslogics BoostSpeed

BB Boss version 2.2

BlackBerry App World Browser Plugin

BlackBerry Desktop Software 6.0.2

BlackBerry Device Software v6.0.0 for the BlackBerry 9700 smartphone

BS.Player PRO

Click to Disc

Click to Disc Editor

CrackMem

Create Recovery Disc Reminder

D3DX10

Definition update for Microsoft Office 2010 (KB982726)

DreamBoxEdit -- The one and only settings editor for your Dreambox

DriverMax 5

ExtractNow

Foxit Creator

Foxit Reader

Google Talk (remove only)

HD Call Recorder for Skype 4.0.5

HTC BMP USB Driver

HTC Driver Installer

HTC Sync

Intel AppUp(SM) center

IrfanView (remove only)

Java Auto Updater

Java 6 Update 24

Junk Mail filter update

K-Lite Mega Codec Pack 6.6.0

Kundli 5.0

LeechFTP

Localphone 2.09 Free

Malwarebytes' Anti-Malware

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft SQL Server Setup Support Files (English)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable - KB2467175

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Mirage Driver 1.1

Mozilla Firefox (3.6.16)

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

MSXML 4.0 SP3 Parser

MSXML 4.0 SP3 Parser (KB973685)

Music Transfer

Opera 11.10

PDF Settings

Picasa 3

POP Peeper

PowerISO

Primo

Qualcomm Gobi Driver Package for Sony

Qualcomm Gobi Images for Sony

Realtek High Definition Audio Driver

Roxio Central Audio

Roxio Central Copy

Roxio Central Core

Roxio Central Data

Roxio Central Tools

Roxio Easy Media Creator 10 LJ

Roxio Easy Media Creator Home

Runtime

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Setting Utility Series

Skype™ 5.1

Sony Download Taxi 1.5.0.0

Sony Home Network Library

Sony Picture Utility

SupportSoft Assisted Service

tools-freebsd

tools-linux

tools-netware

tools-solaris

tools-windows

tools-winPre2k

TouchFreeze

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft Office 2010 (KB2494150)

VAIO BD Menu Data

VAIO Care

VAIO Care Update

VAIO Content Metadata Intelligent Analyzing Manager

VAIO Content Metadata Manager Setting

VAIO Content Metadata XML Interface Library

VAIO Control Center

VAIO Data Restore Tool

VAIO DVD Menu Data Basic

VAIO Entertainment Platform

VAIO Event Service

VAIO Help and Support

VAIO Media plus

VAIO Media plus Opening Movie

VAIO Movie Story

VAIO Movie Story Template Data

VAIO MusicBox Sample Music

VAIO My Memory Center

VAIO Original Function Settings

VAIO Recovery Center

VAIO Startup Assistant

VAIO Survey

VAIO Update 4

VAIO Wallpaper Contents

VideoLAN VLC media player 0.8.6d

VMware Workstation

VZAccess Manager for Sony

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Media Player Firefox Plugin

WinDVD for VAIO

Yahoo! Messenger

Your Uninstaller! 2010

.

==== Event Viewer Messages From Past Week ========

.

30/04/2011 07:59:53, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SASDIFSV SASKUTIL

30/04/2011 07:59:46, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Roxio Upnp Server 10 service to connect.

30/04/2011 07:59:46, Error: Service Control Manager [7000] - The regi service failed to start due to the following error: The system cannot find the file specified.

29/04/2011 11:19:33, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR6.

29/04/2011 11:02:36, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.

28/04/2011 11:44:12, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.10.103. The computer with the IP address 192.168.10.10 did not allow the name to be claimed by this computer.

28/04/2011 09:18:08, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.103.468.0).

27/04/2011 20:09:26, Error: Service Control Manager [7000] - The NSNDIS5 NDIS Protocol Driver service failed to start due to the following error: The system cannot find the file specified.

24/04/2011 10:31:17, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

.

==== End Of File ===========================

 

 

GOOREDFIX

 

GooredFix by jpshortstuff (03.07.10.1)

Log created at 07:46 on 30/04/2011 (SJGOEL)

Firefox version 3.6.16 (en-US)

 

========== GooredScan ==========

 

 

========== GooredLog ==========

 

C:\Program Files (x86)\Mozilla Firefox\extensions\

{972ce4c6-7e08-4474-a285-3208198ce6fd} [06:36 31/03/2011]

{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [07:21 11/03/2011]

 

C:\Users\SJGOEL\Application Data\Mozilla\Firefox\Profiles\5u6g3uzl.default\extensions\

{7102aba3-045c-4ec2-b921-46d87636d84b} [06:34 31/03/2011]

{9ab67d74-ec41-4cb2-b417-df5d93ba1beb} [06:34 31/03/2011]

{a2e6849b-7584-11da-8cd6-0800200c9a66} [17:08 24/12/2010]

{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [16:25 07/04/2011]

{DDC359D1-844A-42a7-9AA1-88A850A938A8} [15:57 13/03/2011]

 

C:\Users\SJGOEL\Application Data\Mozilla\Firefox\Profiles\ff2f5h3i.default\extensions\

{7102aba3-045c-4ec2-b921-46d87636d84b} [16:51 23/12/2010]

{9ab67d74-ec41-4cb2-b417-df5d93ba1beb} [16:51 23/12/2010]

{a2e6849b-7584-11da-8cd6-0800200c9a66} [16:51 23/12/2010]

 

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]

"{20a82645-c095-46ed-80e3-08825760534b}"="c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [05:03 24/12/2010]

 

-=E.O.F=-

 

 

MALWAREBYTES

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

 

Database version: 6476

 

Windows 6.1.7601 Service Pack 1

Internet Explorer 8.0.7601.17514

 

30/04/2011 07:58:31

mbam-log-2011-04-30 (07-58-31).txt

 

Scan type: Quick scan

Objects scanned: 162236

Time elapsed: 5 minute(s), 22 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

(No malicious items detected)

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

c:\Windows\KMSAct.exe (Spyware.Banker) -> Quarantined and deleted successfully.

Share this post


Link to post
Share on other sites

Hello goel

 

Thank you for the logs.

 

  • P2P Programs:

     

     

  • P2P programs are a major source of Malware infections.
  • From your log I see you have µTorrent. We do not pass judgment on file-sharing, however we must inform you that engaging in this activity and having this kind of software installed on your system will always make you more susceptible to Malware infections.
  • The use of P2P programs may be contributing to your current situation, and you would certainly be doing yourself a favour by removing them.
  • If you wish to keep the program(s), please do not use them until your computer is cleaned.

     

  • Information regarding the risk of using these programs can be found from here and here.

     

  • It is strongly recommend that you uninstall any P2P programs you have on your system.

     

  • To do this, Click on the "Windows Orb" (bottom left hand corner of your screen), then on "Conrol Panel" and then on the "Programs and Features" tab.
  • A list of currently installed programs will be displayed.
  • Find the "µTorrent" program, click on it once and then click on the "Uninstall" button.
  • If you are prompted to re-boot your computer to complete the uninstall please do so.

     

     

    PLEASE NOTE:

  • Even if you are using a P2P program that is deemed safe, it is only the program that is safe. Any files that you receive using a "safe" P2P program may be infected with Malware. The malware writers use P2P file-sharing as a major conduit to spread infected files.

 

When I search using the Firefox address bar, the search results appear, not from google.com but from www.search-results.com

Just to clarify, when you open Firefox and type www.google.com into the address bar, the google search page does not appear, but instead you are taken to www.search-results.com? Is that correct?

 

Share this post


Link to post
Share on other sites

Dear JonTom

 

Thanks for reply.

 

- I hardly use the P2P software.

 

>> Just to clarify, when you open Firefox and type www.google.com into the address bar, the google search page does not appear, but instead you are taken to www.search-results.com? Is that correct?

 

When I open Firefox and type any search term in the address bar - the results earlier came from google.com - but now the results appear from www.search-results.com.

 

Thanks

Share this post


Link to post
Share on other sites

Hello goel

 

Lets see what the following scan reveals:

 

  • Please run the following scan

     

     

  • Note: You will need to use Internet Explorer for this scan.
  • Note for Vista/Windows 7 Users: ESET is compatible but Internet Explorer must be run as Administrator. To do this, right-click on your Internet Explorer icon and select "Run as Administrator".
  • Please disable your real time security programs before performing the scan.

 

  • Scan your system with Eset Online Scanner
  • Place a check mark in the box YES, I accept the Terms Of Use.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps).
  • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.

 

  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option to "Remove Found Threats" is UN checked.
  • Push the "Start" button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

Please post the ESET log in your next reply.

 

 

Share this post


Link to post
Share on other sites

Dear JonTom

 

Thanks for reply.

I checked using ESET - but nothing found. As a note, I have ESET NOD32 installed on my laptop.

 

Thanks

Share this post


Link to post
Share on other sites

Hello goel

 

Thanks for letting me know.

 

If ESET is clean that leave us with limited options.

 

Lets see what the following tool reports:

 

  • Combofix

     

     

  • Download ComboFix from one of the following locations:

     

    Link 1

    Link 2

  • VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

  • IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here .
  • Right click on ComboFix.exe and select "Run as Administrator" to rum the program. Follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

 

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

 

  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • Notes: Do not mouse-click Combofix's window while it is running. That may cause it to stall.
  • Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
  • Should there be issues with internet afterward:

     

    In IE: Tools Menu -> Internet Options -> Connections Tab -> Lan Settings -> uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

     

    In Firefox: Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection and uncheck the proxyserver, set it to No Proxy.

Share this post


Link to post
Share on other sites

Dear JonTom

 

Thanks for your help

 

The Comboflix log is enclosed:

 

ComboFix 11-04-30.06 - SJGOEL 02/05/2011 0:19.1.2 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.4027.2394 [GMT 3:00]

Running from: c:\users\SJGOEL\Desktop\ComboFix.exe

AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}

SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\Yahoo!

c:\programdata\Yahoo!\YUpdater\components.ini

c:\programdata\Yahoo!\YUpdater\yupdater.exe

c:\users\SJGOEL\AppData\Roaming\Yahoo!

c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\MANIFEST\plugin.properties

c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\resource\i18n\ar\i18n-resource.js

c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\resource\i18n\au\i18n-resource.js

c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\resource\i18n\br\i18n-resource.js

c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\resource\i18n\ca\i18n-resource.js

c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\resource\i18n\cf\i18n-resource.js

c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\resource\i18n\cl\i18n-resource.js

c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\resource\i18n\co\i18n-resource.js

c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\resource\i18n\de\i18n-resource.js

c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\resource\i18n\e1\i18n-resource.js

c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\resource\i18n\es\i18n-resource.js

c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\resource\i18n\fr\i18n-resource.js

c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\resource\i18n\hi\i18n-resource.js

c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\resource\i18n\hk\i18n-resource.js

c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\resource\i18n\id\i18n-resource.js

c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\resource\i18n\in\i18n-resource.js

c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\resource\i18n\it\i18n-resource.js

c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\resource\i18n\kr\i18n-resource.js

c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\resource\i18n\mx\i18n-resource.js

c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\resource\i18n\my\i18n-resource.js

c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\resource\i18n\pe\i18n-resource.js

c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\resource\i18n\ph\i18n-resource.js

c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\resource\i18n\sg\i18n-resource.js

c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\resource\i18n\th\i18n-resource.js

c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\resource\i18n\tw\i18n-resource.js

c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\resource\i18n\uk\i18n-resource.js

c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\resource\i18n\us\i18n-resource.js

c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\resource\i18n\ve\i18n-resource.js

c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\resource\i18n\vn\i18n-resource.js

c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\resource\language\de-DE\resource.js

c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\resource\language\en-GB\resource.js

c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\resource\language\en-IN\resource.js

c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\resource\language\en-MY\resource.js

c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\resource\language\en-PH\resource.js

c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\resource\language\en-SG\resource.js

c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\resource\language\en-US\resource.js

c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\resource\language\es-AR\resource.js

c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\resource\language\es-CL\resource.js

c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\resource\language\es-CO\resource.js

c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\resource\language\es-ES\resource.js

c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\resource\language\es-MX\resource.js

c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\resource\language\es-PE\resource.js

c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\resource\language\es-US\resource.js

c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\resource\language\es-VE\resource.js

c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\resource\language\fr-CA\resource.js

c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\resource\language\fr-FR\resource.js

c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\resource\language\id-ID\resource.js

c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\resource\language\it-IT\resource.js

c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\resource\language\ko-KR\resource.js

c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\resource\language\pt-BR\resource.js

c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\resource\language\th-TH\resource.js

c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\resource\language\vi-VN\resource.js

c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\resource\language\zh-Hant-HK\resource.js

c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\resource\language\zh-Hant-TW\resource.js

c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\vitality\images\16_alert_UH.GIF

c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\vitality\images\bub-bg.gif

c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\vitality\images\c1.gif

c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\vitality\images\c2.gif

c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\vitality\images\c3.gif

c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\vitality\images\c4.gif

c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\vitality\images\def_MenuButton.png

c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\vitality\images\dep_MenuButton.png

c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\vitality\images\down.png

c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\vitality\images\en-updates.png

c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\vitality\images\hov_MenuButton.png

c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\vitality\images\point.png

c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\vitality\images\spinner_big.gif

c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\vitality\images\sprite_pg_slate_20100524_ltr.png

c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\vitality\log\console.min.css

c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\vitality\log\console.min.js

c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\vitality\log\log.html

c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\vitality\vitality\emptyVitalityPromote.html

c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\vitality\vitality\emptyVitalityPromote.min.css

c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\vitality\vitality\emptyVitalityPromote.min.js

c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\vitality\vitality\styles.min.css

c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\vitality\vitality\vitality-options.html

c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\vitality\vitality\vitality-options.min.css

c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\vitality\vitality\vitality-options.min.js

c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\vitality\vitality\vitality.html

c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\16762d37-0eb1-40d0-5863-5fa5ade02675.yplugin\vitality\vitality\vitality.min.js

c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\4eb73995-f313-4f4a-49a5-1bc4d7c3ee68.yplugin\MANIFEST\plugin.properties

c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\A9F3DE8F9A983379801A53A198A32408.ini

c:\users\SJGOEL\AppData\Roaming\Yahoo!\Messenger\Plugin\D38511E5E680A096F5DCC51FB13ACFF3.ini

c:\windows\SysWow64\Ijl11.dll

c:\windows\SysWow64\MSMASK32.OCX

c:\windows\SysWow64\WINWORD.exe

c:\windows\XSxS

.

.

((((((((((((((((((((((((( Files Created from 2011-04-01 to 2011-05-01 )))))))))))))))))))))))))))))))

.

.

2011-05-01 21:25 . 2011-05-01 21:25 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-04-30 09:02 . 2011-04-30 09:02 -------- d-----w- c:\program files\JL_Cmder

2011-04-30 08:55 . 2011-04-30 08:55 413696 ----a-r- c:\users\SJGOEL\AppData\Roaming\Microsoft\Installer\{38D218CF-2D27-4A35-8344-B17C269F08DE}\BlackBerry.exe

2011-04-30 04:51 . 2011-04-30 04:51 -------- d-----w- c:\users\SJGOEL\AppData\Roaming\Malwarebytes

2011-04-30 04:51 . 2010-12-20 15:09 38224 ------w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-04-30 04:51 . 2011-04-30 04:51 -------- d-----w- c:\programdata\Malwarebytes

2011-04-30 04:51 . 2011-04-30 05:50 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-04-30 04:51 . 2010-12-20 15:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-04-30 04:43 . 2011-04-11 08:21 8802128 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7DF66A83-F2C2-4479-97FE-5805F4201640}\mpengine.dll

2011-04-27 19:45 . 2011-04-27 19:45 -------- d-----w- c:\program files (x86)\Research In Motion Limited

2011-04-27 17:08 . 2011-04-27 17:10 -------- d-----w- c:\program files (x86)\Network Stumbler

2011-04-27 10:18 . 2011-04-27 10:18 -------- d-----w- c:\program files (x86)\Trend Micro

2011-04-16 08:52 . 2011-04-16 08:52 -------- d-----w- c:\program files (x86)\DiskInternals

2011-04-16 08:50 . 2011-02-24 06:15 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2011-04-16 08:50 . 2011-02-24 05:38 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll

2011-04-15 10:29 . 2011-04-15 10:29 135568 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll

2011-04-14 18:55 . 2011-04-16 08:44 -------- d-----w- c:\program files (x86)\WebSite X5 v8 - Evolution

2011-04-13 22:40 . 2011-04-13 22:40 4284416 ------w- c:\windows\SysWow64\GPhotos.scr

2011-04-12 18:29 . 2011-02-23 04:56 467456 ----a-w- c:\windows\system32\drivers\srv.sys

2011-04-12 09:15 . 2011-04-12 09:15 -------- d-----w- c:\users\SJGOEL\AppData\Local\Opera

2011-04-12 09:15 . 2011-04-30 06:25 -------- d-----w- c:\program files (x86)\Opera

2011-04-10 05:07 . 2009-10-31 07:45 2152552 ----a-w- c:\windows\system32\nvencodemft.dll

2011-04-10 05:07 . 2009-10-31 07:45 1734248 ----a-w- c:\windows\system32\nvcuvenc.dll

2011-04-10 05:07 . 2009-10-31 07:45 183912 ----a-w- c:\windows\system32\nvcod173.dll

2011-04-10 05:07 . 2009-10-31 07:45 930272 ----a-w- c:\windows\system32\dpinst.exe

2011-04-10 05:07 . 2009-10-03 01:44 106008 ----a-w- c:\windows\system32\difx64.exe

2011-04-10 04:47 . 2011-01-11 21:51 439320 ----a-w- c:\windows\system32\drivers\iaStor.sys

2011-04-10 04:47 . 2010-05-18 12:32 2750464 ----a-w- c:\windows\system32\NETwNr64.dll

2011-04-10 04:47 . 2010-05-18 12:30 799232 ----a-w- c:\windows\system32\NETwNc64.dll

2011-04-10 04:47 . 2009-08-01 01:09 436736 ------w- c:\windows\SysWow64\XAudio64.dll

2011-04-10 04:47 . 2009-08-01 01:09 10240 ----a-w- c:\windows\system32\drivers\XAudio64.sys

2011-04-10 04:47 . 2009-08-01 01:09 394752 ----a-w- c:\windows\system32\UCI64M41.dll

2011-04-10 04:47 . 2009-08-01 01:09 1485824 ----a-w- c:\windows\system32\drivers\CAX_DPV.sys

2011-04-10 04:47 . 2009-08-01 01:09 740864 ----a-w- c:\windows\system32\drivers\CAX_CNXT.sys

2011-04-10 04:47 . 2009-08-01 01:09 292864 ----a-w- c:\windows\system32\drivers\CAXHWAZL.sys

2011-04-10 04:29 . 2011-04-10 04:29 -------- d-----w- c:\users\SJGOEL\AppData\Local\Innovative Solutions

2011-04-10 04:29 . 2011-04-10 04:29 -------- d-----w- c:\programdata\Innovative Solutions

2011-04-10 04:29 . 2011-04-10 04:29 -------- d-----w- c:\program files (x86)\Innovative Solutions

2011-04-08 11:46 . 2011-04-08 11:46 -------- d-----w- c:\users\SJGOEL\AppData\Roaming\InterVideo

2011-04-05 12:31 . 2011-04-05 12:34 -------- d-----w- c:\program files\Adobe Illustrator Lite

2011-04-05 11:33 . 2011-04-05 11:33 -------- d-----w- c:\users\SJGOEL\.webrenderer

2011-04-04 18:05 . 2011-04-04 18:05 -------- d-----w- c:\users\SJGOEL\AppData\Roaming\SUPERAntiSpyware.com

2011-04-04 18:05 . 2011-04-04 18:05 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-03-11 07:21 . 2010-12-23 16:41 472808 ------w- c:\windows\SysWow64\deployJava1.dll

2011-03-10 07:13 . 2010-06-24 09:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2011-03-04 06:19 . 2011-04-28 06:17 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2011-03-04 06:19 . 2011-04-28 06:17 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2011-02-23 08:36 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll

2011-02-23 08:36 . 2009-07-14 02:36 152576 ------w- c:\windows\SysWow64\msclmd.dll

2011-02-19 12:05 . 2011-03-09 07:19 1139200 ----a-w- c:\windows\system32\FntCache.dll

2011-02-19 12:04 . 2011-03-09 07:19 1544192 ----a-w- c:\windows\system32\DWrite.dll

2011-02-19 12:04 . 2011-03-09 07:19 902656 ----a-w- c:\windows\system32\d2d1.dll

2011-02-19 06:30 . 2011-03-09 07:19 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll

2011-02-19 06:30 . 2011-03-09 07:19 739840 ----a-w- c:\windows\SysWow64\d2d1.dll

2011-02-16 15:23 . 2011-02-16 15:23 74240 ----a-w- c:\windows\system32\drivers\RimUsb_AMD64.sys

2011-02-02 15:11 . 2010-12-23 19:11 270720 ------w- c:\windows\system32\MpSigStub.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TouchFreeze"="c:\program files (x86)\TouchFreeze\TouchFreeze.exe" [2005-04-29 45056]

"POP Peeper"="c:\program files (x86)\POP Peeper\POPPeeper.exe" [2010-09-09 1511424]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

"DisableCAD"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]

2009-07-14 09:15 98304 ------w- c:\windows\System32\VESWinlogon.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli c:\program files\Protector Suite\psqlpwd.dll

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]

"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe"

.

R1 SASDIFSV;SASDIFSV;c:\users\SJGOEL\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS [x]

R1 SASKUTIL;SASKUTIL;c:\users\SJGOEL\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 regi;regi;c:\windows\system32\drivers\regi.sys [x]

R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]

R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]

R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]

R3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw5v64.sys [x]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]

R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [x]

R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2009-01-17 110376]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; [x]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\DRIVERS\shpf.sys [x]

S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]

S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]

S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2010-11-04 810144]

S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]

S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]

S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [x]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-12-20 363344]

S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2010-09-16 80896]

S2 QDLService;Qualcomm Gobi Download Service;c:\qualcomm\QDLService\QDLService.exe [2009-08-06 345336]

S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [2010-11-03 199272]

S2 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-07-17 120104]

S2 SOHDBSvr;VAIO Media plus Database Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-07-17 70952]

S2 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-07-17 427304]

S2 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-07-17 75048]

S2 SOHPlMgr;VAIO Media plus Playlist Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-07-17 91432]

S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-07-22 642920]

S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [x]

S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-11-11 539248]

S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]

S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]

S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y62x64.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]

S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [x]

S3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\DRIVERS\SonyPI.sys [x]

S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-01-20 394536]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]

@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"

[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]

2009-06-12 21:22 5943048 ----a-w- c:\program files\Protector Suite\farchns.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]

@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"

[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]

2009-06-12 21:22 5943048 ----a-w- c:\program files\Protector Suite\farchns.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"combofix"="c:\combofix\CF27410.cfxxe" [X]

"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2010-11-03 1833576]

"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-11-04 2919168]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-02-24 11780712]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-30 387608]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

LSP: c:\program files (x86)\VMware\VMware Workstation\vsocklib.dll

FF - ProfilePath - c:\users\SJGOEL\AppData\Roaming\Mozilla\Firefox\Profiles\5u6g3uzl.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: keyword.URL - hxxp://search.hotspotshield.com/g/results.php?c=s&q=

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

FF - Ext: Exch: {a2e6849b-7584-11da-8cd6-0800200c9a66} - %profile%\extensions\{a2e6849b-7584-11da-8cd6-0800200c9a66}

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}

FF - Ext: Table2Clipboard: {9ab67d74-ec41-4cb2-b417-df5d93ba1beb} - %profile%\extensions\{9ab67d74-ec41-4cb2-b417-df5d93ba1beb}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000001

"MSCurrentCountry"=dword:0000002d

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Bonjour\mDNSResponder.exe

c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe

c:\program files (x86)\Sony\VAIO Event Service\VESMgr.exe

c:\windows\SysWOW64\vmnat.exe

c:\program files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

c:\windows\SysWOW64\DllHost.exe

c:\program files (x86)\Sony\VAIO Event Service\VESMgrSub.exe

c:\program files (x86)\VMware\VMware Workstation\vmware-authd.exe

c:\windows\SysWOW64\vmnetdhcp.exe

c:\program files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

c:\program files\Sony\VAIO Care\VCSpt.exe

.

**************************************************************************

.

Completion time: 2011-05-02 00:32:24 - machine was rebooted

ComboFix-quarantined-files.txt 2011-05-01 21:32

.

Pre-Run: 117,410,033,664 bytes free

Post-Run: 116,513,763,328 bytes free

.

- - End Of File - - 83A76D2FB2D37E3448174AA0D2D35E90

Share this post


Link to post
Share on other sites

Hello goel

 

How is the machine running now?

 

Dear JonTom

 

There is no change. The address bar search still returns results from search-results.com.

 

Thanks

Share this post


Link to post
Share on other sites

Hello goel

 

Lets take a look with the following scans:

 

  • MBRCheck

     

     

    • Please download MBRCheck by clicking here and save it to your desktop.
    • Be sure to disable your security programs.
    • Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt).
    • A window will open on your desktop.
    • If an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
    • If nothing unusual is found just press Enter.
    • A .txt file named MBRCheck_mm.dd.yy_hh.mm:filtered: should appear on your desktop.
    • Please post the contents of that file in your next reply.

  • Download and run OTL by Oldtimer

     

     

    • Please download OTL by Oldtimer by clicking here and save the file (called OTL.exe) to your desktop.
    • Close all open windows on your computer then Right click on the OTL.exe icon and select "Run as Administrator" to run the program.
    • Check the boxes beside "LOP Check" and "Purity Check".
    • Under Custom Scan paste this in:

    netsvcs

    %SYSTEMDRIVE%\*.*

    %systemroot%\Fonts\*.com

    %systemroot%\Fonts\*.dll

    %systemroot%\Fonts\*.ini

    %systemroot%\Fonts\*.ini2

    %systemroot%\Fonts\*.exe

    %systemroot%\system32\spool\prtprocs\w32x86\*.*

    %systemroot%\REPAIR\*.bak1

    %systemroot%\REPAIR\*.ini

    %systemroot%\system32\*.jpg

    %systemroot%\*.jpg

    %systemroot%\*.png

    %systemroot%\*.scr

    %systemroot%\*._sy

    %APPDATA%\Adobe\Update\*.*

    %ALLUSERSPROFILE%\Favorites\*.*

    %APPDATA%\Microsoft\*.*

    %PROGRAMFILES%\*.*

    %APPDATA%\Update\*.*

    %systemroot%\*. /mp /s

    CREATERESTOREPOINT

    %systemroot%\System32\config\*.sav

    %PROGRAMFILES%\bak. /s

    %systemroot%\system32\bak. /s

    %ALLUSERSPROFILE%\Start Menu\*.lîk /x

    %systemroot%\system32\config\systemprofile\*.dat /x

    %systemroot%\*.config

    %systemroot%\system32\*.db

    %PROGRAMFILES%\Internet Explorer\*.dat

    %APPDATA%\Mikzosoft\Internet Explorer\Quick Launch\*.lnk /x

    %USERPROFILE%\Deskuop\*.exe

    %PROGRAMFILES%\Common Files\*.*

    %systemroot%\*.src

    %systemroot%\install\*.*

    %systemroot%\system32\DLL\*.*

    %systemroot%\system32\HelpFiles\*.*

    %systemroot%\system32\rundll\*.*

    %systemroot%\winn32\*.*

    %systemroot%\Java\*.*

    %systemroot%\system32\test\*.*

    %systemroot%\system32\Rundll32\*.*

    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

    /md5start

    iexplore.*

    explorer.*

    winlogon.*

    dll

    zx.dll

    hlp.dat

    /md5stop

    • Click the "Run Scan" button. Do not change any settings unless specifically told to do so. The scan will not take long.

    • When the scan completes, it will open two notepad windows: OTL.Txt and Extras.Txt.
    • Note: These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
    • Please Copy and Paste the contents of both files in your next reply. You may need two posts to fit them both in.

Share this post


Link to post
Share on other sites

Dear JonTom,

 

Thanks for your help.

 

Here are the logs:

 

MBRCheck, version 1.2.3

© 2010, AD

 

Command-line:

Windows Version: Windows 7 Professional

Windows Information: Service Pack 1 (build 7601), 64-bit

Base Board Manufacturer: Sony Corporation

BIOS Manufacturer: INSYDE

System Manufacturer: Sony Corporation

System Product Name: VGN-Z750D

Logical Drives Mask: 0x0000001c

 

Kernel Drivers (total 219):

0x03064000 \SystemRoot\system32\ntoskrnl.exe

0x0301B000 \SystemRoot\system32\hal.dll

0x00BC4000 \SystemRoot\system32\kdcom.dll

0x00CC9000 \SystemRoot\system32\mcupdate_GenuineIntel.dll

0x00D18000 \SystemRoot\system32\PSHED.dll

0x00D2C000 \SystemRoot\system32\CLFS.SYS

0x00C00000 \SystemRoot\system32\CI.dll

0x00E1C000 \SystemRoot\system32\drivers\Wdf01000.sys

0x00EC0000 \SystemRoot\system32\drivers\WDFLDR.SYS

0x00ECF000 \SystemRoot\system32\drivers\ACPI.sys

0x00F26000 \SystemRoot\system32\drivers\WMILIB.SYS

0x00F2F000 \SystemRoot\system32\drivers\msisadrv.sys

0x00F39000 \SystemRoot\system32\drivers\pci.sys

0x00F6C000 \SystemRoot\system32\drivers\vdrvroot.sys

0x00F79000 \SystemRoot\System32\drivers\partmgr.sys

0x00F8E000 \SystemRoot\system32\DRIVERS\pcmcia.sys

0x00FC7000 \SystemRoot\system32\drivers\volmgr.sys

0x00D8A000 \SystemRoot\System32\drivers\volmgrx.sys

0x00FDC000 \SystemRoot\system32\DRIVERS\compbatt.sys

0x00FE5000 \SystemRoot\system32\DRIVERS\BATTC.SYS

0x00E00000 \SystemRoot\System32\drivers\mountmgr.sys

0x0100E000 \SystemRoot\system32\drivers\vmbus.sys

0x0104A000 \SystemRoot\system32\drivers\winhv.sys

0x0105E000 \SystemRoot\system32\DRIVERS\iaStor.sys

0x011B2000 \SystemRoot\system32\drivers\amdxata.sys

0x012CB000 \SystemRoot\system32\drivers\fltmgr.sys

0x01317000 \SystemRoot\system32\drivers\fileinfo.sys

0x0132B000 \SystemRoot\System32\Drivers\PxHlpa64.sys

0x01449000 \SystemRoot\System32\Drivers\Ntfs.sys

0x01337000 \SystemRoot\System32\Drivers\msrpc.sys

0x01400000 \SystemRoot\System32\Drivers\ksecdd.sys

0x01200000 \SystemRoot\System32\Drivers\cng.sys

0x0141B000 \SystemRoot\System32\drivers\pcw.sys

0x0142C000 \SystemRoot\System32\Drivers\Fs_Rec.sys

0x016E3000 \SystemRoot\system32\drivers\ndis.sys

0x01600000 \SystemRoot\system32\drivers\NETIO.SYS

0x01660000 \SystemRoot\System32\Drivers\ksecpkg.sys

0x018AB000 \SystemRoot\System32\drivers\tcpip.sys

0x01AAF000 \SystemRoot\System32\drivers\fwpkclnt.sys

0x01AF9000 \SystemRoot\system32\drivers\vmstorfl.sys

0x01B09000 \SystemRoot\system32\drivers\volsnap.sys

0x01B55000 \SystemRoot\System32\Drivers\spldr.sys

0x01B5D000 \SystemRoot\System32\drivers\rdyboost.sys

0x01B97000 \SystemRoot\system32\DRIVERS\shpf.sys

0x01BA0000 \SystemRoot\System32\Drivers\mup.sys

0x01BB2000 \SystemRoot\System32\drivers\hwpolicy.sys

0x01BBB000 \SystemRoot\System32\DRIVERS\fvevol.sys

0x01800000 \SystemRoot\system32\DRIVERS\disk.sys

0x01816000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS

0x03DC6000 \SystemRoot\system32\drivers\cdrom.sys

0x03DF0000 \SystemRoot\System32\Drivers\Null.SYS

0x03DF9000 \SystemRoot\System32\Drivers\Beep.SYS

0x03C00000 \SystemRoot\system32\DRIVERS\ehdrv.sys

0x03C25000 \SystemRoot\System32\drivers\vga.sys

0x03C33000 \SystemRoot\System32\drivers\VIDEOPRT.SYS

0x01854000 \SystemRoot\System32\drivers\watchdog.sys

0x01864000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0x0186D000 \SystemRoot\system32\drivers\rdpencdd.sys

0x01876000 \SystemRoot\system32\drivers\rdprefmp.sys

0x0187F000 \SystemRoot\System32\Drivers\Msfs.SYS

0x0188A000 \SystemRoot\System32\Drivers\Npfs.SYS

0x0168B000 \SystemRoot\system32\DRIVERS\tdx.sys

0x0189B000 \SystemRoot\system32\DRIVERS\TDI.SYS

0x02E4E000 \SystemRoot\system32\drivers\afd.sys

0x02ED7000 \SystemRoot\System32\DRIVERS\netbt.sys

0x02F1C000 \SystemRoot\system32\drivers\ws2ifsl.sys

0x02F27000 \SystemRoot\system32\DRIVERS\wfplwf.sys

0x02F30000 \SystemRoot\system32\DRIVERS\pacer.sys

0x02F56000 \SystemRoot\system32\DRIVERS\vwififlt.sys

0x02F6C000 \SystemRoot\system32\DRIVERS\netbios.sys

0x02F7B000 \SystemRoot\system32\DRIVERS\wanarp.sys

0x02F96000 \SystemRoot\system32\drivers\termdd.sys

0x02FAA000 \SystemRoot\System32\Drivers\SCDEmu.SYS

0x01272000 \SystemRoot\system32\DRIVERS\rdbss.sys

0x02FC4000 \SystemRoot\system32\drivers\nsiproxy.sys

0x02FD0000 \SystemRoot\system32\drivers\mssmbios.sys

0x02FDB000 \SystemRoot\System32\drivers\discache.sys

0x03E42000 \SystemRoot\system32\drivers\csc.sys

0x03EC5000 \SystemRoot\System32\Drivers\dfsc.sys

0x03EE3000 \SystemRoot\system32\DRIVERS\blbdrive.sys

0x03EF4000 \SystemRoot\system32\DRIVERS\tunnel.sys

0x03F1A000 \SystemRoot\system32\DRIVERS\intelppm.sys

0x03F30000 \SystemRoot\system32\DRIVERS\CmBatt.sys

0x0583D000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys

0x06346000 \SystemRoot\system32\DRIVERS\nvBridge.kmd

0x04AA8000 \SystemRoot\system32\DRIVERS\igdkmd64.sys

0x044B8000 \SystemRoot\System32\drivers\dxgkrnl.sys

0x045AC000 \SystemRoot\System32\drivers\dxgmms1.sys

0x04400000 \SystemRoot\system32\DRIVERS\e1y62x64.sys

0x0444A000 \SystemRoot\system32\DRIVERS\usbuhci.sys

0x04457000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0x051B0000 \SystemRoot\system32\DRIVERS\usbehci.sys

0x051C1000 \SystemRoot\system32\drivers\HDAudBus.sys

0x0663F000 \SystemRoot\system32\DRIVERS\NETwNs64.sys

0x06EAA000 \SystemRoot\system32\DRIVERS\vwifibus.sys

0x06EB7000 \SystemRoot\system32\drivers\1394ohci.sys

0x06EF5000 \SystemRoot\system32\DRIVERS\risdsn64.sys

0x06F0D000 \SystemRoot\system32\DRIVERS\rimspx64.sys

0x06F24000 \SystemRoot\system32\drivers\i8042prt.sys

0x06F42000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0x06F51000 \??\C:\Windows\system32\drivers\VMkbd.sys

0x06F5C000 \SystemRoot\system32\DRIVERS\Apfiltr.sys

0x06F8F000 \SystemRoot\system32\drivers\mouclass.sys

0x06F9E000 \SystemRoot\system32\DRIVERS\SonyPI.sys

0x06FA3000 \SystemRoot\system32\drivers\tpm.sys

0x06FB2000 \SystemRoot\system32\DRIVERS\SFEP.sys

0x06FB5000 \SystemRoot\system32\drivers\wmiacpi.sys

0x06FBE000 \SystemRoot\system32\drivers\CompositeBus.sys

0x06FCE000 \SystemRoot\System32\Drivers\RootMdm.sys

0x06FD6000 \SystemRoot\system32\drivers\modem.sys

0x06FE5000 \SystemRoot\system32\DRIVERS\AgileVpn.sys

0x06600000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0x06624000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0x04A00000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0x04A2F000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0x04A4A000 \SystemRoot\system32\DRIVERS\raspptp.sys

0x04A6B000 \SystemRoot\system32\DRIVERS\rassstp.sys

0x06630000 \SystemRoot\system32\DRIVERS\RimSerial_AMD64.sys

0x044AD000 \SystemRoot\system32\DRIVERS\rdpbus.sys

0x06638000 \SystemRoot\system32\drivers\swenum.sys

0x06348000 \SystemRoot\system32\drivers\ks.sys

0x04A85000 \SystemRoot\system32\drivers\umbus.sys

0x045F2000 \SystemRoot\system32\DRIVERS\vmnetadapter.sys

0x04A97000 \SystemRoot\system32\DRIVERS\VMNET.SYS

0x0638B000 \SystemRoot\system32\drivers\usbhub.sys

0x051E5000 \SystemRoot\System32\Drivers\NDProxy.SYS

0x08A63000 \SystemRoot\system32\drivers\RTKVHD64.sys

0x08D02000 \SystemRoot\system32\drivers\portcls.sys

0x08D3F000 \SystemRoot\system32\drivers\drmk.sys

0x08D61000 \SystemRoot\system32\drivers\ksthunk.sys

0x08D67000 \SystemRoot\system32\DRIVERS\CAXHWAZL.sys

0x09053000 \SystemRoot\system32\DRIVERS\CAX_DPV.sys

0x03F35000 \SystemRoot\system32\DRIVERS\CAX_CNXT.sys

0x00090000 \SystemRoot\System32\win32k.sys

0x091C7000 \SystemRoot\System32\drivers\Dxapi.sys

0x091D3000 \SystemRoot\System32\Drivers\crashdmp.sys

0x03C58000 \SystemRoot\System32\Drivers\dump_iaStor.sys

0x091E1000 \SystemRoot\System32\Drivers\dump_dumpfve.sys

0x09000000 \SystemRoot\System32\Drivers\tcusb.sys

0x09013000 \SystemRoot\System32\Drivers\USBD.SYS

0x09015000 \SystemRoot\system32\DRIVERS\usbccgp.sys

0x08DB9000 \SystemRoot\System32\Drivers\usbvideo.sys

0x023CC000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

0x023D5000 \SystemRoot\system32\DRIVERS\monitor.sys

0x00500000 \SystemRoot\System32\TSDDD.dll

0x00690000 \SystemRoot\System32\cdd.dll

0x00870000 \SystemRoot\System32\ATMFD.DLL

0x08A00000 \SystemRoot\system32\drivers\luafv.sys

0x024FA000 \SystemRoot\system32\DRIVERS\eamonm.sys

0x025D2000 \SystemRoot\system32\drivers\WudfPf.sys

0x02400000 \SystemRoot\system32\DRIVERS\vmnetbridge.sys

0x02410000 \SystemRoot\system32\DRIVERS\lltdio.sys

0x02425000 \SystemRoot\system32\DRIVERS\nwifi.sys

0x02478000 \SystemRoot\system32\DRIVERS\ndisuio.sys

0x0248B000 \SystemRoot\system32\DRIVERS\rspndr.sys

0x03638000 \SystemRoot\system32\drivers\HTTP.sys

0x03701000 \SystemRoot\system32\DRIVERS\bowser.sys

0x0371F000 \SystemRoot\System32\drivers\mpsdrv.sys

0x03737000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0x03764000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys

0x037B1000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys

0x037D5000 \??\C:\Windows\system32\drivers\hcmon.sys

0x037E1000 \??\C:\Windows\system32\drivers\vmci.sys

0x04884000 \??\C:\Windows\system32\drivers\vmx86.sys

0x0495A000 \SystemRoot\system32\DRIVERS\epfwwfpr.sys

0x0497B000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys

0x072DB000 \SystemRoot\system32\drivers\peauth.sys

0x07381000 \SystemRoot\System32\Drivers\secdrv.SYS

0x0738C000 \SystemRoot\System32\DRIVERS\srvnet.sys

0x073BD000 \SystemRoot\System32\drivers\tcpipreg.sys

0x073CF000 \??\C:\Windows\system32\drivers\vmnetuserif.sys

0x073D9000 \??\C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys

0x073E5000 \SystemRoot\system32\DRIVERS\vwifimp.sys

0x073EF000 \SystemRoot\system32\DRIVERS\xaudio64.sys

0x07200000 \SystemRoot\System32\DRIVERS\srv2.sys

0x09E90000 \SystemRoot\System32\DRIVERS\srv.sys

0x09F28000 \SystemRoot\system32\DRIVERS\WUDFRd.sys

0x09F59000 \SystemRoot\system32\DRIVERS\asyncmac.sys

0x09F64000 \??\C:\Windows\system32\drivers\mbam.sys

0x77520000 \Windows\System32\ntdll.dll

0x47920000 \Windows\System32\smss.exe

0xFF840000 \Windows\System32\apisetschema.dll

0xFF490000 \Windows\System32\autochk.exe

0xFF810000 \Windows\System32\imagehlp.dll

0xFF770000 \Windows\System32\msvcrt.dll

0x77420000 \Windows\System32\user32.dll

0xFF640000 \Windows\System32\wininet.dll

0xFF5C0000 \Windows\System32\difxapi.dll

0xFF520000 \Windows\System32\clbcatq.dll

0xFF510000 \Windows\System32\lpk.dll

0xFF500000 \Windows\System32\nsi.dll

0xFF2F0000 \Windows\System32\ole32.dll

0xFF2C0000 \Windows\System32\imm32.dll

0xFF2A0000 \Windows\System32\sechost.dll

0xFF230000 \Windows\System32\gdi32.dll

0xFF1B0000 \Windows\System32\shlwapi.dll

0xFF0D0000 \Windows\System32\oleaut32.dll

0xFF070000 \Windows\System32\Wldap32.dll

0xFEE90000 \Windows\System32\setupapi.dll

0x77300000 \Windows\System32\kernel32.dll

0xFEC30000 \Windows\System32\iertutil.dll

0xFEB00000 \Windows\System32\rpcrt4.dll

0xFEA60000 \Windows\System32\comdlg32.dll

0xFDCD0000 \Windows\System32\shell32.dll

0x776F0000 \Windows\System32\psapi.dll

0xFDBF0000 \Windows\System32\advapi32.dll

0xFDA70000 \Windows\System32\urlmon.dll

0xFD960000 \Windows\System32\msctf.dll

0xFD890000 \Windows\System32\usp10.dll

0xFD840000 \Windows\System32\ws2_32.dll

0x776E0000 \Windows\System32\normaliz.dll

0xFD800000 \Windows\System32\cfgmgr32.dll

0xFD790000 \Windows\System32\KernelBase.dll

0xFD6F0000 \Windows\System32\comctl32.dll

0xFD6B0000 \Windows\System32\wintrust.dll

0xFD690000 \Windows\System32\devobj.dll

0xFD520000 \Windows\System32\crypt32.dll

0xFD510000 \Windows\System32\msasn1.dll

0x753F0000 \Windows\SysWOW64\normaliz.dll

 

Processes (total 87):

0 System Idle Process

4 System

424 C:\Windows\System32\smss.exe

556 csrss.exe

620 C:\Windows\System32\wininit.exe

636 csrss.exe

668 C:\Windows\System32\services.exe

684 C:\Windows\System32\lsass.exe

692 C:\Windows\System32\lsm.exe

800 C:\Windows\System32\svchost.exe

860 C:\Windows\System32\nvvsvc.exe

888 C:\Windows\System32\svchost.exe

940 C:\Windows\System32\svchost.exe

992 C:\Windows\System32\svchost.exe

296 C:\Windows\System32\svchost.exe

756 C:\Windows\System32\svchost.exe

1032 C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe

1076 C:\Windows\System32\winlogon.exe

1196 C:\Windows\System32\svchost.exe

1316 C:\Windows\System32\wlanext.exe

1324 C:\Windows\System32\conhost.exe

1480 C:\Windows\System32\nvvsvc.exe

1544 C:\Windows\System32\spoolsv.exe

1580 C:\Windows\System32\svchost.exe

1612 C:\Program Files\Protector Suite\upeksvr.exe

1968 C:\Program Files (x86)\Bonjour\mDNSResponder.exe

1988 C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

1760 C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe

1796 C:\Program Files\Intel\WiFi\bin\EvtEng.exe

1924 C:\Windows\System32\svchost.exe

1028 C:\Windows\System32\svchost.exe

452 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe

1720 C:\Windows\System32\IPROSetMonitor.exe

1864 C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe

2144 C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe

2180 C:\QUALCOMM\QDLService\QDLService.exe

2240 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

2268 C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe

2292 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

2336 C:\Windows\System32\svchost.exe

2412 C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe

2532 dllhost.exe

2656 C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe

2716 C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe

2792 C:\Windows\SysWOW64\vmnat.exe

2836 C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

2916 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

2984 C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe

2492 C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe

2604 C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe

2648 C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe

3008 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

1296 C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe

3136 C:\Windows\SysWOW64\vmnetdhcp.exe

3160 C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe

3428 WmiPrvSE.exe

3532 C:\Windows\System32\taskhost.exe

2508 C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

3220 C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe

3740 C:\Windows\System32\svchost.exe

3792 C:\Windows\System32\dwm.exe

2480 C:\Windows\System32\svchost.exe

3888 C:\Windows\System32\taskeng.exe

3972 C:\Windows\explorer.exe

4356 WUDFHost.exe

4364 C:\Program Files\Sony\VAIO Care\VCSpt.exe

4612 C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

4644 C:\Windows\System32\hkcmd.exe

4672 C:\Program Files (x86)\TouchFreeze\TouchFreeze.exe

4680 C:\Program Files (x86)\POP Peeper\POPPeeper.exe

4848 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

3112 C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe

828 C:\Windows\System32\SearchIndexer.exe

1440 C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

2328 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

4772 C:\Windows\System32\svchost.exe

1192 C:\Program Files\Sony\VAIO Care\VCsystray.exe

5056 WmiPrvSE.exe

5724 C:\Program Files (x86)\Mozilla Firefox\firefox.exe

4816 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

5872 C:\PROGRA~2\MICROS~2\Office14\OUTLOOK.EXE

5144 C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE

5972 C:\Windows\System32\audiodg.exe

3268 C:\Windows\System32\SearchProtocolHost.exe

3680 C:\Windows\System32\SearchFilterHost.exe

4236 C:\Users\SJGOEL\Desktop\MBRCheck.exe

4708 C:\Windows\System32\conhost.exe

 

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`dfc00000 (NTFS)

 

PhysicalDrive0 Model Number: HitachiHTS723232L9SA60, Rev: FC4OC30F

 

Size Device Name MBR Status

--------------------------------------------

298 GB \\.\PhysicalDrive0 Windows 7 MBR code detected

SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79

 

Done!

 

 

***********************************************************

 

OTL Extras logfile created on: 03/05/2011 15:10:36 - Run 1

OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\SJGOEL\Desktop

64bit- An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

 

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free

8.00 Gb Paging File | 6.00 Gb Available in Paging File | 79.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 286.59 Gb Total Space | 108.34 Gb Free Space | 37.80% Space Free | Partition Type: NTFS

 

Computer Name: SJGOEL-PC | User Name: SJGOEL | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 

========== Shell Spawning ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %* File not found

cmdfile [open] -- "%1" %* File not found

comfile [open] -- "%1" %* File not found

exefile [open] -- "%1" %* File not found

helpfile [open] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %* File not found

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1" File not found

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found

scrfile [open] -- "%1" /S File not found

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found

Directory [AddToPlaylistVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

 

========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 

========== Firewall Settings ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant

"{21927AF8-8738-455F-AB98-7FF8FBFC6282}" = Intel® Network Connections 15.8.76.0

"{31753CDD-A7DA-4667-BEFC-B3EA3BDF366E}" = Foxit Phantom

"{563F041C-DFDB-437B-A1E8-E141E0906076}" = Microsoft IntelliPoint 8.0

"{72EEB695-388B-4835-8EA6-0C04545B06B9}" = Intel® PROSet/Wireless WiFi Software

"{79BF7CB8-1E09-489F-9547-DB3EE8EA3F16}" = Microsoft SQL Server Native Client

"{86177DAE-38B1-49DD-912E-35CB703AB779}" = Microsoft SQL Server VSS Writer

"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010

"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010

"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software

"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO

"{CB974C3D-D101-4411-8F54-DCDC58DED815}" = Protector Suite 2009.2

"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"CCleaner" = CCleaner

"CNXT_MODEM_HDA_HSF" = HDAUDIO SoftV92 Data Fax Modem with SmartCP

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"NVIDIA Drivers" = NVIDIA Drivers

"ProInst" = Intel PROSet Wireless

"PROSetDX" = Intel® Network Connections 15.8.76.0

"WinRAR archiver" = WinRAR archiver

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd

"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3

"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3

"{068F037B-2723-48E3-85F1-4D7D93A29D2A}" = VAIO Content Metadata Intelligent Analyzing Manager

"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo

"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin

"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser

"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

"{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO

"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java 6 Update 24

"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3

"{2E8631C2-72E6-4A95-A86E-CB912D8D1537}" = Sony Home Network Library

"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34B37A74-125E-4406-87BA-E4BD3D097AE5}" = VAIO Survey

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}" = VAIO Care

"{376DCC77-BFDA-4AC0-A57E-2CEB000D5E47}" = VAIO Content Metadata Intelligent Analyzing Manager

"{38D218CF-2D27-4A35-8344-B17C269F08DE}" = BlackBerry Device Software v6.0.0 for the BlackBerry 9700 smartphone

"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR

"{484D0DD1-57D3-4AE5-8B5A-40232C83B674}" = VAIO Entertainment Platform

"{48E91AD2-2A80-4E70-98E6-450A189F6048}" = VAIO Movie Story

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor

"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings

"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)

"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3

"{554E34DB-1EDD-4CE4-B63D-9E9973C6FFA5}" = VAIO Care

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool

"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic

"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service

"{5C5EE8F2-0B38-4C13-AE4E-A87A237FE718}" = Create Recovery Disc Reminder

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All

"{6AE6DB26-5646-41A6-9CE5-7AE53D48FD71}" = VZAccess Manager for Sony

"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform

"{6BF03C88-C06A-48DC-B9A1-FE72B24E5FA9}" = VAIO Media plus Opening Movie

"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer

"{6EB6A82E-4918-481F-9AF8-3129E6D29B7E}" = Sony Home Network Library

"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data

"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3

"{70991E0A-1108-437E-BA7D-085702C670C0}" =

"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK

"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center

"{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1" = Auslogics BoostSpeed

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{72B5983C-80C7-4225-BA72-E92AE1D59C62}" = VAIO My Memory Center

"{74656168-CF28-40BD-9D87-700B07BAF9B6}" = HTC Sync

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{78780A45-B180-4297-AE6D-12C45EC5AD35}" = VAIO Content Metadata Manager Setting

"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3

"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{83CDA18E-0BF3-4ACA-872C-B4CDABF2360E}" = VAIO Update 4

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{87DF5956-A327-4304-8338-8E2B0AAB843E}" = BlackBerry Desktop Software 6.0.2

"{87EEB1B4-EE40-4D74-9780-F266FA12F564}" = VAIO Care Update

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}" = VAIO Media plus

"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support

"{8F47B673-8D71-49E3-98B6-BCF547C82F57}" = Click to Disc

"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010

"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010

"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010

"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010

"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010

"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010

"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010

"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010

"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010

"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010

"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010

"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010

"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010

"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010

"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings

"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" =

"{98FC7A64-774B-49B5-B046-4B4EBC053FA9}" = VAIO MusicBox Sample Music

"{9973498D-EA29-4A68-BE0B-C88D6E03E928}" = ArcSoft WebCam Companion 2

"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175

"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps

"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific

"{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" = VMware Workstation

"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Function Settings

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series

"{A814E9FB-2272-4AC8-ABCD-DF399581B897}" = Qualcomm Gobi Driver Package for Sony

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris

"{AC30CF7C-2D62-4910-9147-3EC8EA5EB6D1}" = Angry Birds

"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings

"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch

"{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k

"{AFBA0609-EB70-43CB-B11C-294EDADFA101}" = VAIO Recovery Center

"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story

"{B2B30EC0-FB6A-43BB-9B38-0C3B32D75B40}_is1" = Sony Download Taxi 1.5.0.0

"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0

"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3

"{BFD85D24-D4F3-4CCC-B518-D7C4FC29C76D}" = VAIO Content Metadata Intelligent Analyzing Manager

"{C1555BC5-88B1-466B-BC79-062B5715DF92}" = VAIO Content Metadata XML Interface Library

"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service

"{CC2541A6-BC6A-4099-B711-7911C884AEB8}" = VAIO Content Metadata XML Interface Library

"{CD7E6232-D41D-4E5B-ABE1-0264B6260309}" = VAIO Content Metadata Intelligent Analyzing Manager

"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Music Transfer

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{CF3A3816-7E48-4556-8614-654377EDE1B5}" = BlackBerry App World Browser Plugin

"{D031E017-2434-40A7-A352-4DDD0199170D}" = TouchFreeze

"{D03D02D8-AB64-4785-A48E-5AA8B0FB8C14}" = Sony Home Network Library

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client

"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux

"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup

"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D47FE987-EA3D-424B-9886-B752501D7CE7}" = VAIO Help and Support

"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility

"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents

"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime

"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings

"{DB1C9CB7-DF65-4991-BD17-71BF9CD15BA0}" = VAIO Help and Support

"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DF0415CC-0563-407F-B560-9B7F277122C5}" = VAIO BD Menu Data

"{DFAA3C20-5968-46A3-B7B0-0AF72D758A59}" = HTC Sync

"{DFD0E9A9-F24A-492B-8975-8C938E32408F}" = VAIO Startup Assistant

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E3453B1B-C91B-4C48-B046-8DF635DD46F2}" = VAIO Content Metadata XML Interface Library

"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1

"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3

"{E97AA41D-A8D4-413A-97CF-2E2DD5D18E54}" = Qualcomm Gobi Images for Sony

"{EADE97A7-E7AA-43FD-A042-92A68E0187A6}" = VAIO Content Metadata Manager Setting

"{EB18E8A3-F008-4655-B425-A3B7F03FFCDD}_is1" = BB Boss version 2.2

"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F1432614-6183-49E6-98E8-674485463CFE}" = VAIO Original Function Settings

"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows

"Adobe AIR" = Adobe AIR

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3

"Application Manager for VAIO" = Application Manager for VAIO

"Ashampoo Burning Studio 10_is1" = Ashampoo Burning Studio 10.0.7

"BlackBerry_Desktop" = BlackBerry Desktop Software 6.0.2

"BSPlayerp" = BS.Player PRO

"CrackMem_is1" = CrackMem

"DMX5_is1" = DriverMax 5

"DreamBoxEdit" = DreamBoxEdit -- The one and only settings editor for your Dreambox

"ExtractNow_is1" = ExtractNow

"Foxit Creator" = Foxit Creator

"Foxit Reader" = Foxit Reader

"HD Call Recorder for Skype" = HD Call Recorder for Skype 4.0.5

"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO

"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor

"Intel AppUp(SM) center 17294" = Intel AppUp(SM) center

"IrfanView" = IrfanView (remove only)

"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 6.6.0

"Kundli 5.0_is1" = Kundli 5.0

"LeechFTP" = LeechFTP

"Localphone" = Localphone 2.09 Free

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Mirage Driver_is1" = Mirage Driver 1.1

"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)

"Office14.PROPLUS" = Microsoft Office Professional Plus 2010

"Picasa 3" = Picasa 3

"POP Peeper" = POP Peeper

"PowerISO" = PowerISO

"uTorrent" = µTorrent

"VLC media player" = VideoLAN VLC media player 0.8.6d

"VMware_Workstation" = VMware Workstation

"WinLiveSuite" = Windows Live Essentials

"Yahoo! Messenger" = Yahoo! Messenger

"YU2010_is1" = Your Uninstaller! 2010

 

========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)

 

========== Last 10 Event Log Errors ==========

 

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

 

< End of report >

Share this post


Link to post
Share on other sites

LOG continued:

 

OTL logfile created on: 03/05/2011 15:10:36 - Run 1

OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\SJGOEL\Desktop

64bit- An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

 

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free

8.00 Gb Paging File | 6.00 Gb Available in Paging File | 79.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 286.59 Gb Total Space | 108.34 Gb Free Space | 37.80% Space Free | Partition Type: NTFS

 

Computer Name: SJGOEL-PC | User Name: SJGOEL | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2011/05/03 15:09:07 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\SJGOEL\Desktop\OTL.exe

PRC - [2011/04/01 19:32:52 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

PRC - [2010/12/20 18:08:58 | 000,363,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2010/12/20 18:08:56 | 000,443,728 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2010/11/11 14:48:32 | 000,334,448 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe

PRC - [2010/11/11 14:48:28 | 000,404,080 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe

PRC - [2010/11/11 14:47:22 | 000,113,264 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe

PRC - [2010/11/11 13:31:44 | 000,539,248 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe

PRC - [2010/11/04 18:15:50 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe

PRC - [2010/09/16 15:06:22 | 000,080,896 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe

PRC - [2010/09/10 01:09:36 | 001,511,424 | ---- | M] (Mortal Universe) -- C:\Program Files (x86)\POP Peeper\POPPeeper.exe

PRC - [2010/08/12 16:15:34 | 000,081,296 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Care\VCSpt.exe

PRC - [2009/08/06 12:19:52 | 000,345,336 | ---- | M] (QUALCOMM, Inc.) -- C:\QUALCOMM\QDLService\QDLService.exe

PRC - [2009/07/23 11:39:38 | 000,313,264 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

PRC - [2009/07/23 11:39:36 | 000,206,336 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

PRC - [2009/07/22 16:03:04 | 000,642,920 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe

PRC - [2009/07/17 12:31:28 | 000,427,304 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe

PRC - [2009/07/17 12:31:28 | 000,091,432 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe

PRC - [2009/07/17 12:31:28 | 000,075,048 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe

PRC - [2009/07/17 12:31:26 | 000,120,104 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe

PRC - [2009/07/17 12:31:26 | 000,070,952 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe

PRC - [2009/07/14 12:15:12 | 000,204,648 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe

PRC - [2009/07/14 12:15:12 | 000,112,488 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe

PRC - [2009/06/04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe

PRC - [2009/01/20 03:43:04 | 000,394,536 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe

PRC - [2007/01/05 06:48:50 | 000,112,152 | ---- | M] (InterVideo) -- c:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe

PRC - [2005/04/29 17:15:40 | 000,045,056 | ---- | M] () -- C:\Program Files (x86)\TouchFreeze\TouchFreeze.exe

 

 

========== Modules (SafeList) ==========

 

MOD - [2011/05/03 15:09:07 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\SJGOEL\Desktop\OTL.exe

MOD - [2010/11/20 14:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll

 

 

========== Win32 Services (SafeList) ==========

 

SRV:64bit: - [2010/11/04 18:18:12 | 000,042,360 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)

SRV:64bit: - [2010/11/04 18:15:50 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)

SRV:64bit: - [2010/11/03 18:30:40 | 000,199,272 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe -- (RtkAudioService)

SRV:64bit: - [2010/10/25 09:42:10 | 000,164,008 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel® PROSet Monitoring Service)

SRV:64bit: - [2009/07/14 04:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009/07/14 04:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV:64bit: - [2009/07/01 19:54:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)

SRV:64bit: - [2009/05/21 17:11:20 | 001,462,544 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)

SRV:64bit: - [2009/05/21 15:31:30 | 000,830,224 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)

SRV:64bit: - [2009/01/20 03:43:04 | 000,394,536 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)

SRV:64bit: - [2009/01/17 08:59:12 | 000,110,376 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)

SRV - [2010/12/24 19:42:04 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2010/12/20 18:08:58 | 000,363,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2010/11/11 14:48:32 | 000,334,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)

SRV - [2010/11/11 14:48:28 | 000,404,080 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)

SRV - [2010/11/11 14:47:22 | 000,113,264 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)

SRV - [2010/11/11 13:31:44 | 000,539,248 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)

SRV - [2010/09/16 15:06:22 | 000,080,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)

SRV - [2010/08/19 14:57:14 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60)

SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/08/06 12:19:52 | 000,345,336 | ---- | M] (QUALCOMM, Inc.) [Auto | Running] -- C:\QUALCOMM\QDLService\QDLService.exe -- (QDLService)

SRV - [2009/08/01 04:09:14 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)

SRV - [2009/07/23 11:39:38 | 000,313,264 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)

SRV - [2009/07/23 11:39:38 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)

SRV - [2009/07/23 11:39:36 | 000,206,336 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)

SRV - [2009/07/22 16:03:04 | 000,642,920 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)

SRV - [2009/07/17 12:31:28 | 000,427,304 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)

SRV - [2009/07/17 12:31:28 | 000,091,432 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe -- (SOHPlMgr)

SRV - [2009/07/17 12:31:28 | 000,075,048 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)

SRV - [2009/07/17 12:31:26 | 000,120,104 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)

SRV - [2009/07/17 12:31:26 | 000,070,952 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe -- (SOHDBSvr)

SRV - [2009/07/14 12:15:12 | 000,204,648 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)

SRV - [2009/06/11 00:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009/06/04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®

SRV - [2007/01/05 06:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- c:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)

 

 

========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2011/03/11 09:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 09:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/02/16 18:23:46 | 000,074,240 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)

DRV:64bit: - [2011/01/30 12:34:45 | 007,370,176 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2011/01/12 00:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2010/12/20 18:08:40 | 000,024,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2010/11/20 16:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 14:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/11 14:49:12 | 000,081,008 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)

DRV:64bit: - [2010/11/11 14:49:00 | 000,068,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)

DRV:64bit: - [2010/11/11 14:47:12 | 000,031,856 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)

DRV:64bit: - [2010/11/11 14:47:00 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)

DRV:64bit: - [2010/11/11 13:31:32 | 000,038,512 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)

DRV:64bit: - [2010/11/11 11:04:52 | 000,045,104 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)

DRV:64bit: - [2010/11/11 11:04:52 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb)

DRV:64bit: - [2010/11/11 11:04:52 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)

DRV:64bit: - [2010/11/08 20:16:36 | 008,500,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel®

DRV:64bit: - [2010/09/22 22:19:02 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)

DRV:64bit: - [2010/09/03 07:13:46 | 000,170,104 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)

DRV:64bit: - [2010/08/16 16:31:18 | 000,019,936 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdrvio.sys -- (pwdrvio)

DRV:64bit: - [2010/08/16 16:31:16 | 000,013,280 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdspio.sys -- (pwdspio)

DRV:64bit: - [2010/07/29 13:31:26 | 000,141,264 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)

DRV:64bit: - [2010/07/29 13:31:26 | 000,126,320 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)

DRV:64bit: - [2010/07/26 05:20:50 | 000,012,032 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)

DRV:64bit: - [2010/07/21 17:59:28 | 000,045,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)

DRV:64bit: - [2010/06/25 17:08:10 | 000,036,928 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)

DRV:64bit: - [2010/04/14 02:01:44 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)

DRV:64bit: - [2010/04/07 16:04:00 | 000,290,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y62x64.sys -- (e1yexpress) Intel®

DRV:64bit: - [2010/01/13 19:37:16 | 007,675,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel®

DRV:64bit: - [2009/12/08 16:36:00 | 000,064,016 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tcusb.sys -- (TcUsb)

DRV:64bit: - [2009/11/01 20:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)

DRV:64bit: - [2009/09/24 17:31:14 | 000,076,288 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsn64.sys -- (risdptsk)

DRV:64bit: - [2009/09/03 19:59:28 | 000,054,784 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk)

DRV:64bit: - [2009/09/03 17:56:06 | 005,435,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5v64.sys -- (NETw5v64) Intel®

DRV:64bit: - [2009/09/01 13:27:40 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)

DRV:64bit: - [2009/09/01 13:27:40 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)

DRV:64bit: - [2009/09/01 13:27:40 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)

DRV:64bit: - [2009/09/01 13:27:32 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)

DRV:64bit: - [2009/08/01 04:09:14 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)

DRV:64bit: - [2009/08/01 04:09:10 | 001,485,824 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)

DRV:64bit: - [2009/08/01 04:09:06 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)

DRV:64bit: - [2009/08/01 04:09:06 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)

DRV:64bit: - [2009/07/30 18:55:46 | 000,025,120 | ---- | M] (Sony Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\shpf.sys -- (shpf)

DRV:64bit: - [2009/07/14 04:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/14 04:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/14 04:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/14 03:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)

DRV:64bit: - [2009/07/14 02:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)

DRV:64bit: - [2009/06/10 23:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)

DRV:64bit: - [2009/06/10 23:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)

DRV:64bit: - [2009/06/10 23:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 23:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 23:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 23:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/20 04:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)

DRV:64bit: - [2009/01/09 17:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)

DRV:64bit: - [2008/12/08 23:00:15 | 000,017,536 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SonyPI.sys -- (SPI)

DRV:64bit: - [2008/10/02 03:00:24 | 000,193,072 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)

DRV:64bit: - [2008/09/06 03:00:59 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)

DRV:64bit: - [2008/05/28 13:23:40 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)

DRV - [2010/08/19 14:56:38 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "Hotspot Shield Private Search"

FF - prefs.js..browser.search.suggest.enabled: false

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

FF - prefs.js..extensions.enabledItems: {a2e6849b-7584-11da-8cd6-0800200c9a66}:1.4.5

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6

FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2

FF - prefs.js..extensions.enabledItems: {9ab67d74-ec41-4cb2-b417-df5d93ba1beb}:1.5.2

FF - prefs.js..extensions.enabledItems: {7102aba3-045c-4ec2-b921-46d87636d84b}:2.10

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..keyword.URL: "http://search.hotspotshield.com/g/results.php?c=s&q="

 

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/04/01 19:33:05 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/04/27 10:03:43 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010/12/24 15:50:25 | 000,000,000 | ---D | M]

 

[2010/12/24 20:04:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SJGOEL\AppData\Roaming\Mozilla\Extensions

[2011/05/03 15:02:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SJGOEL\AppData\Roaming\Mozilla\Firefox\Profiles\5u6g3uzl.default\extensions

[2011/03/31 09:34:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SJGOEL\AppData\Roaming\Mozilla\Firefox\Profiles\5u6g3uzl.default\extensions\{7102aba3-045c-4ec2-b921-46d87636d84b}

[2011/03/31 09:34:45 | 000,000,000 | ---D | M] (Table2Clipboard) -- C:\Users\SJGOEL\AppData\Roaming\Mozilla\Firefox\Profiles\5u6g3uzl.default\extensions\{9ab67d74-ec41-4cb2-b417-df5d93ba1beb}

[2010/12/24 20:08:21 | 000,000,000 | ---D | M] (Exch) -- C:\Users\SJGOEL\AppData\Roaming\Mozilla\Firefox\Profiles\5u6g3uzl.default\extensions\{a2e6849b-7584-11da-8cd6-0800200c9a66}

[2011/04/07 19:25:09 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\SJGOEL\AppData\Roaming\Mozilla\Firefox\Profiles\5u6g3uzl.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2011/03/13 18:57:36 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\SJGOEL\AppData\Roaming\Mozilla\Firefox\Profiles\5u6g3uzl.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}

[2010/12/24 18:45:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SJGOEL\AppData\Roaming\Mozilla\Firefox\Profiles\ff2f5h3i.default\extensions

[2010/12/24 18:45:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SJGOEL\AppData\Roaming\Mozilla\Firefox\Profiles\ff2f5h3i.default\extensions\{7102aba3-045c-4ec2-b921-46d87636d84b}

[2010/12/24 18:45:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SJGOEL\AppData\Roaming\Mozilla\Firefox\Profiles\ff2f5h3i.default\extensions\{9ab67d74-ec41-4cb2-b417-df5d93ba1beb}

[2010/12/24 18:45:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SJGOEL\AppData\Roaming\Mozilla\Firefox\Profiles\ff2f5h3i.default\extensions\{a2e6849b-7584-11da-8cd6-0800200c9a66}

[2011/05/03 15:02:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2011/03/11 10:21:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

[2010/12/24 15:52:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

[2011/03/11 10:21:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

[2008/12/23 13:06:38 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

 

O1 HOSTS File: ([2011/05/02 00:28:14 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKCU..\Run: [POP Peeper] C:\Program Files (x86)\POP Peeper\POPPeeper.exe (Mortal Universe)

O4 - HKCU..\Run: [TouchFreeze] C:\Program Files (x86)\TouchFreeze\TouchFreeze.exe ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)

O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} http://esupport.sony.com/VaioInfo.CAB (VaioInfo.CMClass)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-beta/OnlineScanner.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://active.macromedia.com/flash2/cabs/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 202.96.104.27 202.96.209.133

O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O20:64bit: - Winlogon\Notify\psfus: DllName - Reg Error: Key error. - C:\Program Files\Protector Suite\psqlpwd.dll (UPEK Inc.)

O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)

O24 - Desktop WallPaper:

O24 - Desktop BackupWallPaper:

O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 

========== Files/Folders - Created Within 30 Days ==========

 

[2011/05/03 15:09:04 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\SJGOEL\Desktop\OTL.exe

[2011/05/02 00:41:08 | 000,000,000 | ---D | C] -- C:\Users\SJGOEL\AppData\Roaming\Yahoo!

[2011/05/02 00:40:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!

[2011/05/02 00:28:17 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN

[2011/05/02 00:17:29 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2011/05/02 00:17:29 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2011/05/02 00:17:29 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2011/05/02 00:17:24 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2011/05/02 00:17:09 | 000,000,000 | ---D | C] -- C:\Qoobox

[2011/05/02 00:16:53 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe

[2011/05/02 00:16:51 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW

[2011/04/30 12:02:41 | 000,000,000 | ---D | C] -- C:\Program Files\JL_Cmder

[2011/04/30 11:57:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BB Boss

[2011/04/30 11:57:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrackMem

[2011/04/30 07:51:37 | 000,000,000 | ---D | C] -- C:\Users\SJGOEL\AppData\Roaming\Malwarebytes

[2011/04/30 07:51:31 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

[2011/04/30 07:51:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/04/30 07:51:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011/04/30 07:51:25 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2011/04/30 07:51:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2011/04/29 21:37:50 | 000,000,000 | ---D | C] -- C:\Users\SJGOEL\Documents\Outlook Files

[2011/04/29 16:16:51 | 000,000,000 | ---D | C] -- C:\Users\SJGOEL\Desktop\Regn file

[2011/04/28 09:17:58 | 002,871,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe

[2011/04/28 09:17:57 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe

[2011/04/28 09:17:55 | 001,465,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll

[2011/04/28 09:17:55 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll

[2011/04/28 09:17:27 | 002,565,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll

[2011/04/28 09:17:27 | 001,699,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll

[2011/04/28 09:17:27 | 000,189,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys

[2011/04/28 09:17:27 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsutil.exe

[2011/04/28 09:17:26 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys

[2011/04/28 09:17:26 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe

[2011/04/28 09:17:26 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys

[2011/04/28 09:17:20 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prevhost.exe

[2011/04/28 09:17:20 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prevhost.exe

[2011/04/27 22:45:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Research In Motion Limited

[2011/04/27 20:08:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Network Stumbler

[2011/04/27 13:18:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro

[2011/04/16 11:52:35 | 000,000,000 | ---D | C] -- C:\Users\SJGOEL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DiskInternals

[2011/04/16 11:52:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DiskInternals

[2011/04/16 11:50:07 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll

[2011/04/16 11:50:07 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll

[2011/04/14 21:55:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WebSite X5 v8 - Evolution

[2011/04/14 01:40:10 | 004,284,416 | ---- | C] (Google Inc.) -- C:\Windows\SysWow64\GPhotos.scr

[2011/04/12 21:30:18 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2011/04/12 21:30:18 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2011/04/12 21:30:05 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42.dll

[2011/04/12 21:30:05 | 001,359,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42u.dll

[2011/04/12 21:30:04 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll

[2011/04/12 21:30:04 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll

[2011/04/12 21:30:03 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll

[2011/04/12 21:30:02 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnscacheugc.exe

[2011/04/12 21:30:02 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe

[2011/04/12 21:30:01 | 000,605,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe

[2011/04/12 21:30:01 | 000,566,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi

[2011/04/12 21:30:01 | 000,518,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe

[2011/04/12 21:30:01 | 000,019,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd1394.dll

[2011/04/12 21:30:00 | 000,642,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi

[2011/04/12 21:30:00 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdusb.dll

[2011/04/12 21:30:00 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdcom.dll

[2011/04/12 21:29:48 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll

[2011/04/12 21:29:48 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll

[2011/04/12 21:29:48 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll

[2011/04/12 21:29:48 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll

[2011/04/12 21:29:47 | 000,919,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2011/04/12 21:29:47 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2011/04/12 21:29:47 | 000,613,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll

[2011/04/12 21:29:42 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FXSCOVER.exe

[2011/04/12 12:15:43 | 000,000,000 | ---D | C] -- C:\Users\SJGOEL\AppData\Roaming\Opera

[2011/04/12 12:15:43 | 000,000,000 | ---D | C] -- C:\Users\SJGOEL\AppData\Local\Opera

[2011/04/12 12:15:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera

[2011/04/10 08:07:36 | 002,152,552 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvencodemft.dll

[2011/04/10 08:07:31 | 001,734,248 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll

[2011/04/10 08:07:25 | 000,183,912 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcod173.dll

[2011/04/10 08:07:13 | 000,930,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpinst.exe

[2011/04/10 08:07:13 | 000,106,008 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\difx64.exe

[2011/04/10 07:48:28 | 000,064,016 | ---- | C] (UPEK Inc.) -- C:\Windows\SysNative\drivers\tcusb.sys

[2011/04/10 07:48:27 | 002,578,576 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll

[2011/04/10 07:48:27 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll

[2011/04/10 07:48:27 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll

[2011/04/10 07:48:27 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll

[2011/04/10 07:48:27 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll

[2011/04/10 07:48:27 | 000,121,744 | ---- | C] (Sony Corporation) -- C:\Windows\SysNative\SFSS_APO.dll

[2011/04/10 07:48:27 | 000,090,112 | ---- | C] (Sony Corporation) -- C:\Windows\SysNative\snymsico.dll

[2011/04/10 07:48:27 | 000,076,288 | ---- | C] (REDC) -- C:\Windows\SysNative\drivers\risdsn64.sys

[2011/04/10 07:48:27 | 000,054,784 | ---- | C] (REDC) -- C:\Windows\SysNative\drivers\rimspx64.sys

[2011/04/10 07:48:26 | 002,369,128 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll

[2011/04/10 07:48:26 | 001,146,984 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl

[2011/04/10 07:48:26 | 000,220,496 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFNHK64.dll

[2011/04/10 07:48:26 | 000,081,232 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFCOM64.dll

[2011/04/10 07:48:26 | 000,078,160 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFAPO64.dll

[2011/04/10 07:48:26 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll

[2011/04/10 07:48:25 | 002,839,656 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll

[2011/04/10 07:48:25 | 000,648,296 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll

[2011/04/10 07:48:25 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll

[2011/04/10 07:48:25 | 000,332,392 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll

[2011/04/10 07:48:25 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll

[2011/04/10 07:48:25 | 000,149,608 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll

[2011/04/10 07:48:25 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll

[2011/04/10 07:48:25 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll

[2011/04/10 07:48:24 | 001,247,848 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll

[2011/04/10 07:48:24 | 000,820,224 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoRes64.dat

[2011/04/10 07:48:24 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll

[2011/04/10 07:48:24 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll

[2011/04/10 07:48:24 | 000,084,072 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInst64.dll

[2011/04/10 07:48:23 | 001,718,616 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll

[2011/04/10 07:48:22 | 001,868,944 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll

[2011/04/10 07:48:22 | 000,421,720 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll

[2011/04/10 07:48:22 | 000,334,680 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll

[2011/04/10 07:48:22 | 000,127,832 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll

[2011/04/10 07:48:22 | 000,108,888 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll

[2011/04/10 07:48:22 | 000,074,584 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll

[2011/04/10 07:48:21 | 002,197,264 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll

[2011/04/10 07:48:21 | 002,075,712 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll

[2011/04/10 07:48:21 | 001,327,208 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll

[2011/04/10 07:48:21 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll

[2011/04/10 07:48:21 | 000,475,752 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll

[2011/04/10 07:48:21 | 000,341,336 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll

[2011/04/10 07:48:21 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll

[2011/04/10 07:48:20 | 001,179,752 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll

[2011/04/10 07:48:20 | 001,111,656 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll

[2011/04/10 07:48:20 | 000,504,936 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll

[2011/04/10 07:48:20 | 000,317,032 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll

[2011/04/10 07:48:20 | 000,269,928 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll

[2011/04/10 07:48:20 | 000,266,856 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll

[2011/04/10 07:48:20 | 000,200,800 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll

[2011/04/10 07:48:20 | 000,126,056 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll

[2011/04/10 07:48:20 | 000,125,544 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll

[2011/04/10 07:48:20 | 000,125,032 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll

[2011/04/10 07:48:20 | 000,108,960 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll

[2011/04/10 07:48:00 | 008,500,736 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\NETwNs64.sys

[2011/04/10 07:47:59 | 002,750,464 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\NETwNr64.dll

[2011/04/10 07:47:59 | 000,799,232 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\NETwNc64.dll

[2011/04/10 07:47:59 | 000,439,320 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\iaStor.sys

[2011/04/10 07:47:59 | 000,436,736 | ---- | C] (Conexant Systems, Inc.) -- C:\Windows\SysWow64\XAudio64.dll

[2011/04/10 07:47:59 | 000,010,240 | ---- | C] (Conexant Systems, Inc.) -- C:\Windows\SysNative\drivers\XAudio64.sys

[2011/04/10 07:47:58 | 001,485,824 | ---- | C] (Conexant Systems, Inc.) -- C:\Windows\SysNative\drivers\CAX_DPV.sys

[2011/04/10 07:47:58 | 000,740,864 | ---- | C] (Conexant Systems, Inc.) -- C:\Windows\SysNative\drivers\CAX_CNXT.sys

[2011/04/10 07:47:58 | 000,394,752 | ---- | C] (Conexant Systems, Inc.) -- C:\Windows\SysNative\UCI64M41.dll

[2011/04/10 07:47:58 | 000,292,864 | ---- | C] (Conexant Systems, Inc.) -- C:\Windows\SysNative\drivers\CAXHWAZL.sys

[2011/04/10 07:29:12 | 000,000,000 | ---D | C] -- C:\Users\SJGOEL\Documents\My Drivers

[2011/04/10 07:29:12 | 000,000,000 | ---D | C] -- C:\Users\SJGOEL\AppData\Local\Innovative Solutions

[2011/04/10 07:29:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Innovative Solutions

[2011/04/10 07:29:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverMax

[2011/04/10 07:29:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Innovative Solutions

[2011/04/08 14:48:58 | 000,000,000 | ---D | C] -- C:\Users\SJGOEL\Documents\InterVideo

[2011/04/08 14:46:06 | 000,000,000 | ---D | C] -- C:\Users\SJGOEL\AppData\Roaming\InterVideo

[2011/04/05 15:31:35 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Illustrator Lite

[2011/04/05 14:33:39 | 000,000,000 | ---D | C] -- C:\Users\SJGOEL\Documents\Webcasts

[2011/04/05 14:33:37 | 000,000,000 | ---D | C] -- C:\Users\SJGOEL\.webrenderer

[2011/04/04 21:05:07 | 000,000,000 | ---D | C] -- C:\Users\SJGOEL\AppData\Roaming\SUPERAntiSpyware.com

[2011/04/04 21:05:07 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com

[2011/04/03 19:39:32 | 000,000,000 | ---D | C] -- C:\Users\SJGOEL\Desktop\ANU

 

========== Files - Modified Within 30 Days ==========

 

[2011/05/03 15:09:07 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\SJGOEL\Desktop\OTL.exe

[2011/05/03 15:06:55 | 000,080,384 | ---- | M] () -- C:\Users\SJGOEL\Desktop\MBRCheck.exe

[2011/05/03 02:03:15 | 000,734,596 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2011/05/03 02:03:15 | 000,634,048 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2011/05/03 02:03:15 | 000,112,666 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2011/05/03 02:03:10 | 000,011,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2011/05/03 02:03:10 | 000,011,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2011/05/03 01:55:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011/05/03 01:55:30 | 3166,826,496 | -HS- | M] () -- C:\hiberfil.sys

[2011/05/02 15:54:25 | 000,006,023 | ---- | M] () -- C:\Users\SJGOEL\Desktop\Extract Pages From Azerbaijani diplomatic missions abroad.pdf

[2011/05/02 00:28:14 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2011/05/02 00:16:41 | 004,334,469 | R--- | M] () -- C:\Users\SJGOEL\Desktop\ComboFix.exe

[2011/04/30 09:22:21 | 000,000,227 | ---- | M] () -- C:\Windows\WININIT.INI

[2011/04/29 15:58:38 | 000,689,341 | ---- | M] () -- C:\Users\SJGOEL\Desktop\1941_001.pdf

[2011/04/28 10:42:13 | 000,129,664 | ---- | M] () -- C:\test.xml

[2011/04/22 21:33:37 | 026,958,557 | ---- | M] () -- C:\Users\SJGOEL\Documents\LoaderBackup-(2011-04-22).ipd

[2011/04/21 10:05:09 | 000,023,040 | ---- | M] () -- C:\Users\SJGOEL\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/04/19 11:12:01 | 000,106,345 | ---- | M] () -- C:\Users\SJGOEL\Desktop\merck.pdf

[2011/04/14 01:40:10 | 004,284,416 | ---- | M] (Google Inc.) -- C:

Share this post


Link to post
Share on other sites

Hello goel

 

The mbr log looks okay. I can see no reference to search-results.com in any of your logs.

 

Can you confirm to me that your ISP resolves to the Zhejiang Telecom/China Beijing Chinanet Shanghai Province Network?

 

  • Please open OTL

     

     

    • Copy and paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL.

       

      :OTL
      O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
      O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
      @Alternate Data Stream - 169 bytes -> C:\ProgramData\TEMP:1CE11B51
      @Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:07BF512B
      
      :Commands
      [resethosts]
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
      

    • Once you have pasted the information into the Custom Scans/Fixes box, click the "Run Fix" button at the top.
    • Allow the program to run unhindered.
    • Your machine will re-start itself. This is normal.
    • A log will be created after your machine reboots. Please post the contents of the log in your next reply.

  • Please flush your DNS Cache

     

     

    • Click the Start logo in the bottom left corner of the screen.
    • Click on All Programs.
    • Click on Accessories.
    • RIGHT-click on Command Prompt.
    • Select "Run As Administrator".
    • In the command window, type the following or copy/paste and then press Enter: ipconfig /flushdns
    • NOTE: There is a space between the letter g in ipconfig and the slash(/) in /flushdns.
    • You should receive confirmation that you DNS cache has been flushed.

    Please post the OTL log in your next reply along with the answer to my question and let me know how the machine is running :)

Share this post


Link to post
Share on other sites

Dear JonTom

 

Thanks for your help.

 

I am ow in China, so IP is correct.

 

I enclose the log, but cannot check computer behavior because my hotel IP policy does not allow this. Will try to check in few hours from outside.

 

All processes killed

========== OTL ==========

Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.

Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.

Starting removal of ActiveX control {7530BFB8-7293-4D34-9923-61A11451AFC5}

C:\Windows\Downloaded Program Files\OnlineScanner.inf moved successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.

ADS C:\ProgramData\TEMP:1CE11B51 deleted successfully.

ADS C:\ProgramData\TEMP:07BF512B deleted successfully.

========== COMMANDS ==========

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

->Flash cache emptied: 56502 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Public

->Temp folder emptied: 0 bytes

 

User: SJGOEL

->Temp folder emptied: 398171 bytes

->Temporary Internet Files folder emptied: 58572346 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 123686278 bytes

->Opera cache emptied: 2346453 bytes

->Flash cache emptied: 47562 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 23377 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 70538 bytes

RecycleBin emptied: 4644816 bytes

 

Total Files Cleaned = 181.00 mb

 

 

[EMPTYFLASH]

 

User: All Users

 

User: Default

->Flash cache emptied: 0 bytes

 

User: Default User

->Flash cache emptied: 0 bytes

 

User: Public

 

User: SJGOEL

->Flash cache emptied: 0 bytes

 

Total Flash Files Cleaned = 0.00 mb

 

 

OTL by OldTimer - Version 3.2.22.3 log created on 05042011_023754

 

Files\Folders moved on Reboot...

C:\Users\SJGOEL\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-2560.log moved successfully.

 

Registry entries deleted on Reboot...

Share this post


Link to post
Share on other sites

Dear JonTom

 

 

I had posted the log earlier.

 

The situation is: now when I try a search term in the address bar, the browser tries to connect to some http://search.hotspotshield.com and after some time gives a message:

 

The connection has timed out

The server at search.hotspotshield.com is taking too long to respond.

 

I am not sure if this is imporvement because earlier I was gettong connectedto search-results.com, but now the ffort is to connect to hotspotshield. Maybe it is the hotel IP policy, where I am now

 

Regards

Share this post


Link to post
Share on other sites

Hello goel

 

Your situation has got me curious...

 

I am ow in China, so IP is correct

Thank you for letting me know

 

Maybe it is the hotel IP policy, where I am now

This may be one possible explanation (you could always ask them).

 

It is known that hotspotshield can be used in conjunction with insecure public networks to increase User safety (through data encryption - which fits with the possibility of the hotel IP policy, since it is in effect a public access point).

 

 

The reputations of both sites are not overly questionable (links provided are to the Web Of Trust scorecards):

 

search-results.com: http://www.mywot.com/en/scorecard/search-results.com

 

search.hotspotshield.com: http://www.mywot.com/en/scorecard/search.hotspotshield.com

 

 

I am not convinced (at this point in time) that it is definitely malicious so to be ultra cautious, I would enquire with the hotel as to whether they use HotSpotShield, then update your ESET NOD32 and run a full system scan and let me know if there are any other problems besides the connection issue.

 

Once you have done the above we will take it from there :)

Share this post


Link to post
Share on other sites

Dear JonTom

 

Thanks for advice.

 

Enquiry did not result in anything, probably language issues.

 

Please keep the topic alive for 2-3 days when I will be back & check from our normal location - and update you.

 

Regards

Share this post


Link to post
Share on other sites

Hello goel

 

Please keep the topic alive for 2-3 days

No problem :)

 

I have asked around and ss I suspected, HotSpotShield is not malicious although it can plug many additional features/advertisements during browsing which are not always wanted.

 

We should be able to remove it from your machine without too much trouble it you want rid of it - post a new OTL log when you get back to your normal location and we'll take things from there :)

Share this post


Link to post
Share on other sites

Dear JonTom

 

FInally I was agan able to check - and there is no change. The search results still come from www.search-results.com.

 

If we cannot get to the bottom of this, is this a problem?

 

Thanks

Share this post


Link to post
Share on other sites

Dear JonTom

 

Below is the OTL log. For some reason, only 1 file - OTL.txt was created. I looked on c: but did not find the other file, you had earlier mentioned.

 

Thanks for help.

 

OTL logfile created on: 08/05/2011 07:19:17 - Run 2

OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\SJGOEL\Desktop

64bit- An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

 

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 59.00% Memory free

8.00 Gb Paging File | 6.00 Gb Available in Paging File | 76.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 286.59 Gb Total Space | 107.35 Gb Free Space | 37.46% Space Free | Partition Type: NTFS

 

Computer Name: SJGOEL-PC | User Name: SJGOEL | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Processes (SafeList) ==========

 

PRC - [2011/05/08 07:18:33 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\SJGOEL\Desktop\OTL.exe

PRC - [2011/05/03 20:16:47 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

PRC - [2010/12/20 18:08:58 | 000,363,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2010/12/20 18:08:56 | 000,443,728 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2010/11/11 14:48:32 | 000,334,448 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe

PRC - [2010/11/11 14:48:28 | 000,404,080 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe

PRC - [2010/11/11 14:47:22 | 000,113,264 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe

PRC - [2010/11/11 13:31:44 | 000,539,248 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe

PRC - [2010/11/04 18:15:50 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe

PRC - [2010/09/16 15:06:22 | 000,080,896 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe

PRC - [2010/09/10 01:09:36 | 001,511,424 | ---- | M] (Mortal Universe) -- C:\Program Files (x86)\POP Peeper\POPPeeper.exe

PRC - [2010/08/12 16:15:34 | 000,081,296 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Care\VCSpt.exe

PRC - [2009/08/06 12:19:52 | 000,345,336 | ---- | M] (QUALCOMM, Inc.) -- C:\QUALCOMM\QDLService\QDLService.exe

PRC - [2009/07/23 11:39:38 | 000,313,264 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe

PRC - [2009/07/23 11:39:36 | 000,206,336 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe

PRC - [2009/07/22 16:03:04 | 000,642,920 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe

PRC - [2009/07/17 12:31:28 | 000,427,304 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe

PRC - [2009/07/17 12:31:28 | 000,091,432 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe

PRC - [2009/07/17 12:31:28 | 000,075,048 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe

PRC - [2009/07/17 12:31:26 | 000,120,104 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe

PRC - [2009/07/17 12:31:26 | 000,070,952 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe

PRC - [2009/07/14 12:15:12 | 000,204,648 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe

PRC - [2009/07/14 12:15:12 | 000,112,488 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe

PRC - [2009/06/04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe

PRC - [2009/01/20 03:43:04 | 000,394,536 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe

PRC - [2007/01/05 06:48:50 | 000,112,152 | ---- | M] (InterVideo) -- c:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe

PRC - [2005/04/29 17:15:40 | 000,045,056 | ---- | M] () -- C:\Program Files (x86)\TouchFreeze\TouchFreeze.exe

 

 

========== Modules (SafeList) ==========

 

MOD - [2011/05/08 07:18:33 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\SJGOEL\Desktop\OTL.exe

MOD - [2010/11/20 14:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll

 

 

========== Win32 Services (SafeList) ==========

 

SRV:64bit: - [2010/11/04 18:18:12 | 000,042,360 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)

SRV:64bit: - [2010/11/04 18:15:50 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)

SRV:64bit: - [2010/11/03 18:30:40 | 000,199,272 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe -- (RtkAudioService)

SRV:64bit: - [2010/10/25 09:42:10 | 000,164,008 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel® PROSet Monitoring Service)

SRV:64bit: - [2009/07/14 04:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009/07/14 04:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV:64bit: - [2009/07/01 19:54:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)

SRV:64bit: - [2009/05/21 17:11:20 | 001,462,544 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)

SRV:64bit: - [2009/05/21 15:31:30 | 000,830,224 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)

SRV:64bit: - [2009/01/20 03:43:04 | 000,394,536 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)

SRV:64bit: - [2009/01/17 08:59:12 | 000,110,376 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)

SRV - [2010/12/24 19:42:04 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2010/12/20 18:08:58 | 000,363,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2010/11/11 14:48:32 | 000,334,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)

SRV - [2010/11/11 14:48:28 | 000,404,080 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)

SRV - [2010/11/11 14:47:22 | 000,113,264 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)

SRV - [2010/11/11 13:31:44 | 000,539,248 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)

SRV - [2010/09/16 15:06:22 | 000,080,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)

SRV - [2010/08/19 14:57:14 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60)

SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/08/06 12:19:52 | 000,345,336 | ---- | M] (QUALCOMM, Inc.) [Auto | Running] -- C:\QUALCOMM\QDLService\QDLService.exe -- (QDLService)

SRV - [2009/08/01 04:09:14 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)

SRV - [2009/07/23 11:39:38 | 000,313,264 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)

SRV - [2009/07/23 11:39:38 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)

SRV - [2009/07/23 11:39:36 | 000,206,336 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)

SRV - [2009/07/22 16:03:04 | 000,642,920 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)

SRV - [2009/07/17 12:31:28 | 000,427,304 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)

SRV - [2009/07/17 12:31:28 | 000,091,432 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe -- (SOHPlMgr)

SRV - [2009/07/17 12:31:28 | 000,075,048 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)

SRV - [2009/07/17 12:31:26 | 000,120,104 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)

SRV - [2009/07/17 12:31:26 | 000,070,952 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe -- (SOHDBSvr)

SRV - [2009/07/14 12:15:12 | 000,204,648 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)

SRV - [2009/06/11 00:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009/06/04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®

SRV - [2007/01/05 06:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- c:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)

 

 

========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2011/03/11 09:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 09:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/02/16 18:23:46 | 000,074,240 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)

DRV:64bit: - [2011/01/30 12:34:45 | 007,370,176 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2011/01/12 00:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2010/12/20 18:08:40 | 000,024,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2010/11/20 16:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 14:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/11 14:49:12 | 000,081,008 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)

DRV:64bit: - [2010/11/11 14:49:00 | 000,068,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)

DRV:64bit: - [2010/11/11 14:47:12 | 000,031,856 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)

DRV:64bit: - [2010/11/11 14:47:00 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)

DRV:64bit: - [2010/11/11 13:31:32 | 000,038,512 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)

DRV:64bit: - [2010/11/11 11:04:52 | 000,045,104 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)

DRV:64bit: - [2010/11/11 11:04:52 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb)

DRV:64bit: - [2010/11/11 11:04:52 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)

DRV:64bit: - [2010/11/08 20:16:36 | 008,500,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel®

DRV:64bit: - [2010/09/22 22:19:02 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)

DRV:64bit: - [2010/09/03 07:13:46 | 000,170,104 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)

DRV:64bit: - [2010/08/16 16:31:18 | 000,019,936 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdrvio.sys -- (pwdrvio)

DRV:64bit: - [2010/08/16 16:31:16 | 000,013,280 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdspio.sys -- (pwdspio)

DRV:64bit: - [2010/07/29 13:31:26 | 000,141,264 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)

DRV:64bit: - [2010/07/29 13:31:26 | 000,126,320 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)

DRV:64bit: - [2010/07/26 05:20:50 | 000,012,032 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)

DRV:64bit: - [2010/07/21 17:59:28 | 000,045,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)

DRV:64bit: - [2010/06/25 17:08:10 | 000,036,928 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)

DRV:64bit: - [2010/04/14 02:01:44 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)

DRV:64bit: - [2010/04/07 16:04:00 | 000,290,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y62x64.sys -- (e1yexpress) Intel®

DRV:64bit: - [2010/01/13 19:37:16 | 007,675,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel®

DRV:64bit: - [2009/12/08 16:36:00 | 000,064,016 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tcusb.sys -- (TcUsb)

DRV:64bit: - [2009/11/01 20:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)

DRV:64bit: - [2009/09/24 17:31:14 | 000,076,288 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsn64.sys -- (risdptsk)

DRV:64bit: - [2009/09/03 19:59:28 | 000,054,784 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk)

DRV:64bit: - [2009/09/03 17:56:06 | 005,435,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5v64.sys -- (NETw5v64) Intel®

DRV:64bit: - [2009/09/01 13:27:40 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)

DRV:64bit: - [2009/09/01 13:27:40 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)

DRV:64bit: - [2009/09/01 13:27:40 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)

DRV:64bit: - [2009/09/01 13:27:32 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)

DRV:64bit: - [2009/08/01 04:09:14 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)

DRV:64bit: - [2009/08/01 04:09:10 | 001,485,824 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)

DRV:64bit: - [2009/08/01 04:09:06 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)

DRV:64bit: - [2009/08/01 04:09:06 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)

DRV:64bit: - [2009/07/30 18:55:46 | 000,025,120 | ---- | M] (Sony Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\shpf.sys -- (shpf)

DRV:64bit: - [2009/07/14 04:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/14 04:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/14 04:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/14 03:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)

DRV:64bit: - [2009/07/14 02:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)

DRV:64bit: - [2009/06/10 23:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)

DRV:64bit: - [2009/06/10 23:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)

DRV:64bit: - [2009/06/10 23:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 23:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 23:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 23:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/20 04:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)

DRV:64bit: - [2009/01/09 17:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)

DRV:64bit: - [2008/12/08 23:00:15 | 000,017,536 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SonyPI.sys -- (SPI)

DRV:64bit: - [2008/10/02 03:00:24 | 000,193,072 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)

DRV:64bit: - [2008/09/06 03:00:59 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)

DRV:64bit: - [2008/05/28 13:23:40 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)

DRV - [2010/08/19 14:56:38 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "Hotspot Shield Private Search"

FF - prefs.js..browser.search.suggest.enabled: false

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

FF - prefs.js..extensions.enabledItems: {a2e6849b-7584-11da-8cd6-0800200c9a66}:1.4.5

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6

FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2

FF - prefs.js..extensions.enabledItems: {9ab67d74-ec41-4cb2-b417-df5d93ba1beb}:1.5.3

FF - prefs.js..extensions.enabledItems: {7102aba3-045c-4ec2-b921-46d87636d84b}:2.10

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..keyword.URL: "http://search.hotspotshield.com/g/results.php?c=s&q="

 

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/05/07 03:47:29 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/05/03 20:16:47 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010/12/24 15:50:25 | 000,000,000 | ---D | M]

 

[2010/12/24 20:04:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SJGOEL\AppData\Roaming\Mozilla\Extensions

[2011/05/07 03:57:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SJGOEL\AppData\Roaming\Mozilla\Firefox\Profiles\5u6g3uzl.default\extensions

[2011/03/31 09:34:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SJGOEL\AppData\Roaming\Mozilla\Firefox\Profiles\5u6g3uzl.default\extensions\{7102aba3-045c-4ec2-b921-46d87636d84b}

[2011/05/04 19:19:03 | 000,000,000 | ---D | M] (Table2Clipboard) -- C:\Users\SJGOEL\AppData\Roaming\Mozilla\Firefox\Profiles\5u6g3uzl.default\extensions\{9ab67d74-ec41-4cb2-b417-df5d93ba1beb}

[2010/12/24 20:08:21 | 000,000,000 | ---D | M] (Exch) -- C:\Users\SJGOEL\AppData\Roaming\Mozilla\Firefox\Profiles\5u6g3uzl.default\extensions\{a2e6849b-7584-11da-8cd6-0800200c9a66}

[2011/04/07 19:25:09 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\SJGOEL\AppData\Roaming\Mozilla\Firefox\Profiles\5u6g3uzl.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2011/03/13 18:57:36 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\SJGOEL\AppData\Roaming\Mozilla\Firefox\Profiles\5u6g3uzl.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}

[2010/12/24 18:45:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SJGOEL\AppData\Roaming\Mozilla\Firefox\Profiles\ff2f5h3i.default\extensions

[2010/12/24 18:45:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SJGOEL\AppData\Roaming\Mozilla\Firefox\Profiles\ff2f5h3i.default\extensions\{7102aba3-045c-4ec2-b921-46d87636d84b}

[2010/12/24 18:45:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SJGOEL\AppData\Roaming\Mozilla\Firefox\Profiles\ff2f5h3i.default\extensions\{9ab67d74-ec41-4cb2-b417-df5d93ba1beb}

[2010/12/24 18:45:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SJGOEL\AppData\Roaming\Mozilla\Firefox\Profiles\ff2f5h3i.default\extensions\{a2e6849b-7584-11da-8cd6-0800200c9a66}

[2011/05/07 03:57:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2011/03/11 10:21:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

[2010/12/24 15:52:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

[2011/03/11 10:21:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

[2008/12/23 13:06:38 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

 

O1 HOSTS File: ([2011/05/04 02:37:54 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKCU..\Run: [POP Peeper] C:\Program Files (x86)\POP Peeper\POPPeeper.exe (Mortal Universe)

O4 - HKCU..\Run: [TouchFreeze] C:\Program Files (x86)\TouchFreeze\TouchFreeze.exe ()

O4:64bit: - HKLM..\RunOnce: [WinSATRestorePower] C:\Windows\SysNative\powercfg.exe (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)

O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} http://esupport.sony.com/VaioInfo.CAB (VaioInfo.CMClass)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://active.macromedia.com/flash2/cabs/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.67.222.123 208.67.220.123 192.168.10.254

O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O20:64bit: - Winlogon\Notify\psfus: DllName - Reg Error: Key error. - C:\Program Files\Protector Suite\psqlpwd.dll (UPEK Inc.)

O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)

O24 - Desktop WallPaper:

O24 - Desktop BackupWallPaper:

O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 

========== Files/Folders - Created Within 30 Days ==========

 

[2011/05/08 07:18:23 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\SJGOEL\Desktop\OTL.exe

[2011/05/04 02:37:54 | 000,000,000 | ---D | C] -- C:\_OTL

[2011/05/02 00:41:08 | 000,000,000 | ---D | C] -- C:\Users\SJGOEL\AppData\Roaming\Yahoo!

[2011/05/02 00:40:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!

[2011/05/02 00:28:17 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN

[2011/05/02 00:17:29 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2011/05/02 00:17:29 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2011/05/02 00:17:29 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2011/05/02 00:17:24 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2011/05/02 00:17:09 | 000,000,000 | ---D | C] -- C:\Qoobox

[2011/05/02 00:16:53 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe

[2011/05/02 00:16:51 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW

[2011/04/30 12:02:41 | 000,000,000 | ---D | C] -- C:\Program Files\JL_Cmder

[2011/04/30 11:57:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BB Boss

[2011/04/30 11:57:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrackMem

[2011/04/30 07:51:37 | 000,000,000 | ---D | C] -- C:\Users\SJGOEL\AppData\Roaming\Malwarebytes

[2011/04/30 07:51:31 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

[2011/04/30 07:51:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/04/30 07:51:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011/04/30 07:51:25 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2011/04/30 07:51:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2011/04/29 21:37:50 | 000,000,000 | ---D | C] -- C:\Users\SJGOEL\Documents\Outlook Files

[2011/04/29 16:16:51 | 000,000,000 | ---D | C] -- C:\Users\SJGOEL\Desktop\Regn file

[2011/04/28 09:17:58 | 002,871,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe

[2011/04/28 09:17:57 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe

[2011/04/28 09:17:55 | 001,465,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll

[2011/04/28 09:17:55 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll

[2011/04/28 09:17:27 | 002,565,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll

[2011/04/28 09:17:27 | 001,699,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll

[2011/04/28 09:17:27 | 000,189,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys

[2011/04/28 09:17:27 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsutil.exe

[2011/04/28 09:17:26 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys

[2011/04/28 09:17:26 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe

[2011/04/28 09:17:26 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys

[2011/04/28 09:17:20 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prevhost.exe

[2011/04/28 09:17:20 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prevhost.exe

[2011/04/27 22:45:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Research In Motion Limited

[2011/04/27 20:08:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Network Stumbler

[2011/04/27 13:18:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro

[2011/04/16 11:52:35 | 000,000,000 | ---D | C] -- C:\Users\SJGOEL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DiskInternals

[2011/04/16 11:52:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DiskInternals

[2011/04/16 11:50:07 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll

[2011/04/16 11:50:07 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll

[2011/04/14 21:55:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WebSite X5 v8 - Evolution

[2011/04/14 01:40:10 | 004,284,416 | ---- | C] (Google Inc.) -- C:\Windows\SysWow64\GPhotos.scr

[2011/04/12 21:30:18 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2011/04/12 21:30:18 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2011/04/12 21:30:05 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42.dll

[2011/04/12 21:30:05 | 001,359,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42u.dll

[2011/04/12 21:30:04 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll

[2011/04/12 21:30:04 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll

[2011/04/12 21:30:03 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll

[2011/04/12 21:30:02 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnscacheugc.exe

[2011/04/12 21:30:02 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe

[2011/04/12 21:30:01 | 000,605,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe

[2011/04/12 21:30:01 | 000,566,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi

[2011/04/12 21:30:01 | 000,518,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe

[2011/04/12 21:30:01 | 000,019,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd1394.dll

[2011/04/12 21:30:00 | 000,642,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi

[2011/04/12 21:30:00 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdusb.dll

[2011/04/12 21:30:00 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdcom.dll

[2011/04/12 21:29:48 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll

[2011/04/12 21:29:48 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll

[2011/04/12 21:29:48 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll

[2011/04/12 21:29:48 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll

[2011/04/12 21:29:47 | 000,919,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2011/04/12 21:29:47 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2011/04/12 21:29:47 | 000,613,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll

[2011/04/12 21:29:42 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FXSCOVER.exe

[2011/04/12 12:15:43 | 000,000,000 | ---D | C] -- C:\Users\SJGOEL\AppData\Roaming\Opera

[2011/04/12 12:15:43 | 000,000,000 | ---D | C] -- C:\Users\SJGOEL\AppData\Local\Opera

[2011/04/12 12:15:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera

[2011/04/10 08:07:36 | 002,152,552 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvencodemft.dll

[2011/04/10 08:07:31 | 001,734,248 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll

[2011/04/10 08:07:25 | 000,183,912 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcod173.dll

[2011/04/10 08:07:13 | 000,930,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpinst.exe

[2011/04/10 08:07:13 | 000,106,008 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\difx64.exe

[2011/04/10 07:48:28 | 000,064,016 | ---- | C] (UPEK Inc.) -- C:\Windows\SysNative\drivers\tcusb.sys

[2011/04/10 07:48:27 | 002,578,576 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll

[2011/04/10 07:48:27 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll

[2011/04/10 07:48:27 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll

[2011/04/10 07:48:27 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll

[2011/04/10 07:48:27 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll

[2011/04/10 07:48:27 | 000,121,744 | ---- | C] (Sony Corporation) -- C:\Windows\SysNative\SFSS_APO.dll

[2011/04/10 07:48:27 | 000,090,112 | ---- | C] (Sony Corporation) -- C:\Windows\SysNative\snymsico.dll

[2011/04/10 07:48:27 | 000,076,288 | ---- | C] (REDC) -- C:\Windows\SysNative\drivers\risdsn64.sys

[2011/04/10 07:48:27 | 000,054,784 | ---- | C] (REDC) -- C:\Windows\SysNative\drivers\rimspx64.sys

[2011/04/10 07:48:26 | 002,369,128 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll

[2011/04/10 07:48:26 | 001,146,984 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl

[2011/04/10 07:48:26 | 000,220,496 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFNHK64.dll

[2011/04/10 07:48:26 | 000,081,232 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFCOM64.dll

[2011/04/10 07:48:26 | 000,078,160 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFAPO64.dll

[2011/04/10 07:48:26 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll

[2011/04/10 07:48:25 | 002,839,656 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll

[2011/04/10 07:48:25 | 000,648,296 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll

[2011/04/10 07:48:25 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll

[2011/04/10 07:48:25 | 000,332,392 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll

[2011/04/10 07:48:25 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll

[2011/04/10 07:48:25 | 000,149,608 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll

[2011/04/10 07:48:25 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll

[2011/04/10 07:48:25 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll

[2011/04/10 07:48:24 | 001,247,848 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll

[2011/04/10 07:48:24 | 000,820,224 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoRes64.dat

[2011/04/10 07:48:24 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll

[2011/04/10 07:48:24 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll

[2011/04/10 07:48:24 | 000,084,072 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInst64.dll

[2011/04/10 07:48:23 | 001,718,616 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll

[2011/04/10 07:48:22 | 001,868,944 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll

[2011/04/10 07:48:22 | 000,421,720 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll

[2011/04/10 07:48:22 | 000,334,680 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll

[2011/04/10 07:48:22 | 000,127,832 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll

[2011/04/10 07:48:22 | 000,108,888 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll

[2011/04/10 07:48:22 | 000,074,584 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll

[2011/04/10 07:48:21 | 002,197,264 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll

[2011/04/10 07:48:21 | 002,075,712 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll

[2011/04/10 07:48:21 | 001,327,208 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll

[2011/04/10 07:48:21 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll

[2011/04/10 07:48:21 | 000,475,752 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll

[2011/04/10 07:48:21 | 000,341,336 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll

[2011/04/10 07:48:21 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll

[2011/04/10 07:48:20 | 001,179,752 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll

[2011/04/10 07:48:20 | 001,111,656 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll

[2011/04/10 07:48:20 | 000,504,936 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll

[2011/04/10 07:48:20 | 000,317,032 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll

[2011/04/10 07:48:20 | 000,269,928 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll

[2011/04/10 07:48:20 | 000,266,856 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll

[2011/04/10 07:48:20 | 000,200,800 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll

[2011/04/10 07:48:20 | 000,126,056 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll

[2011/04/10 07:48:20 | 000,125,544 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll

[2011/04/10 07:48:20 | 000,125,032 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll

[2011/04/10 07:48:20 | 000,108,960 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll

[2011/04/10 07:48:00 | 008,500,736 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\NETwNs64.sys

[2011/04/10 07:47:59 | 002,750,464 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\NETwNr64.dll

[2011/04/10 07:47:59 | 000,799,232 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\NETwNc64.dll

[2011/04/10 07:47:59 | 000,439,320 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\iaStor.sys

[2011/04/10 07:47:59 | 000,436,736 | ---- | C] (Conexant Systems, Inc.) -- C:\Windows\SysWow64\XAudio64.dll

[2011/04/10 07:47:59 | 000,010,240 | ---- | C] (Conexant Systems, Inc.) -- C:\Windows\SysNative\drivers\XAudio64.sys

[2011/04/10 07:47:58 | 001,485,824 | ---- | C] (Conexant Systems, Inc.) -- C:\Windows\SysNative\drivers\CAX_DPV.sys

[2011/04/10 07:47:58 | 000,740,864 | ---- | C] (Conexant Systems, Inc.) -- C:\Windows\SysNative\drivers\CAX_CNXT.sys

[2011/04/10 07:47:58 | 000,394,752 | ---- | C] (Conexant Systems, Inc.) -- C:\Windows\SysNative\UCI64M41.dll

[2011/04/10 07:47:58 | 000,292,864 | ---- | C] (Conexant Systems, Inc.) -- C:\Windows\SysNative\drivers\CAXHWAZL.sys

[2011/04/10 07:29:12 | 000,000,000 | ---D | C] -- C:\Users\SJGOEL\Documents\My Drivers

[2011/04/10 07:29:12 | 000,000,000 | ---D | C] -- C:\Users\SJGOEL\AppData\Local\Innovative Solutions

[2011/04/10 07:29:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Innovative Solutions

[2011/04/10 07:29:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverMax

[2011/04/10 07:29:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Innovative Solutions

[2011/04/08 14:48:58 | 000,000,000 | ---D | C] -- C:\Users\SJGOEL\Documents\InterVideo

[2011/04/08 14:46:06 | 000,000,000 | ---D | C] -- C:\Users\SJGOEL\AppData\Roaming\InterVideo

 

========== Files - Modified Within 30 Days ==========

 

[2011/05/08 07:18:33 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\SJGOEL\Desktop\OTL.exe

[2011/05/07 15:25:04 | 000,011,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2011/05/07 15:25:04 | 000,011,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2011/05/07 15:23:58 | 000,734,596 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2011/05/07 15:23:58 | 000,634,048 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2011/05/07 15:23:58 | 000,112,666 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2011/05/07 15:17:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011/05/07 15:17:33 | 3166,826,496 | -HS- | M] () -- C:\hiberfil.sys

[2011/05/04 02:37:54 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts

[2011/04/30 09:22:21 | 000,000,227 | ---- | M] () -- C:\Windows\WININIT.INI

[2011/04/29 15:58:38 | 000,689,341 | ---- | M] () -- C:\Users\SJGOEL\Desktop\1941_001.pdf

[2011/04/28 10:42:13 | 000,129,664 | ---- | M] () -- C:\test.xml

[2011/04/22 21:33:37 | 026,958,557 | ---- | M] () -- C:\Users\SJGOEL\Documents\LoaderBackup-(2011-04-22).ipd

[2011/04/21 10:05:09 | 000,023,040 | ---- | M] () -- C:\Users\SJGOEL\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/04/19 11:12:01 | 000,106,345 | ---- | M] () -- C:\Users\SJGOEL\Desktop\merck.pdf

[2011/04/14 01:40:10 | 004,284,416 | ---- | M] (Google Inc.) -- C:\Windows\SysWow64\GPhotos.scr

[2011/04/12 21:40:21 | 002,385,832 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2011/04/11 12:02:41 | 027,382,347 | ---- | M] () -- C:\Users\SJGOEL\Documents\LoaderBackup-(2011-04-11).ipd

 

========== Files Created - No Company Name ==========

 

[2011/05/02 00:17:29 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe

[2011/05/02 00:17:29 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2011/05/02 00:17:29 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe

[2011/05/02 00:17:29 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2011/05/02 00:17:29 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2011/04/29 15:58:06 | 000,689,341 | ---- | C] () -- C:\Users\SJGOEL\Desktop\1941_001.pdf

[2011/04/25 23:40:32 | 031,751,259 | ---- | C] () -- C:\Use

Share this post


Link to post
Share on other sites

Hello goel

 

First we had www.search-results.com, then hotspot, and now we are back to www.search-results.com?

 

For some reason, only 1 file - OTL.txt was created

Thats normal

 

 

  • Please open OTL

     

     

    • Copy and paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL.

       

      :OTL
      PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
      FF - prefs.js..browser.search.defaultenginename: "Hotspot Shield Private Search"
      FF - prefs.js..keyword.URL: "http://search.hotspotshield.com/g/results.php?c=s&q="
      @Alternate Data Stream - 169 bytes -> C:\ProgramData\TEMP:1CE11B51
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [start explorer]
      [Reboot]
      
      

    • Once you have pasted the information into the Custom Scans/Fixes box, click the "Run Fix" button at the top.
    • Allow the program to run unhindered.
    • Your machine will re-start itself. This is normal.
    • A log will be created after your machine reboots. Please post the contents of the log in your next reply.
  • Reset your browser proxies

     

     

    • For Firefox:
    • Open Firefox, click on "Tools" then "Options" and then on "Advanced".
    • Click on the "Network" tab, and then on the "Settings" button.
    • Please make sure that the "No Proxy" option is selected.
  • Please flush your DNS Cache

     

     

    • Click the Start logo in the bottom left corner of the screen.
    • Click on All Programs.
    • Click on Accessories.
    • RIGHT-click on Command Prompt.
    • Select "Run As Administrator".
    • In the command window, type the following or copy/paste and then press Enter: ipconfig /flushdns
    • NOTE: There is a space between the letter g in ipconfig and the slash(/) in /flushdns.
    • You should receive confirmation that you DNS cache has been flushed.

    If you are using a router please do the following:

  • Please reset your Router

     

     

    • This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router.
    • Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds).
    • If you don’t know the router's default password, you can look it up here
    • You also need to reconfigure any security settings you had in place prior to the reset.
    • You may also need to consult with your Internet service provider to find out which DNS servers your network should be using.

  • MalwareBytes AntiMalware:

     

     

    • I can see that you have MBAM installed.
    • Double click on your MalwareBytes AntiMalware icon to launch the program.
    • Click on the "Update" tab and then on "Check for Updates".
    • The program will now install the latest Malware definition files.
    • Once complete, click on the "Scanner" tab, select "Perform Full Scan"and then click on "Scan".
    • Once the program has scanned your computer, a log file will be created in Notepad.
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.

     

    • If the scan detects any Malware-related objects, make sure that everything is checked, and click "Remove Selected" <– Very Important.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to restart your computer.
    • The log is automatically saved by MBAM and can be viewed by clicking the "Logs" tab.
    • Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart your computer, please do so immediately.
    • Come back here to this thread and Paste the log in your next reply.

    If the above steps do not help, and since the problem only appears to be happening in FireFox, you could try uninstalling and then reinstalling the program.

     

     

    Please post the OTL and MBAM logs in your next reply.

     

    How is the machine running besides this issue? <==== Do let me know.

Share this post


Link to post
Share on other sites

Dear JonTom

 

Please see the logs below. To add - after the above mentioned actions, the situation is unchanged.

 

All processes killed

========== OTL ==========

No active process named explorer.exe was found!

ADS C:\ProgramData\TEMP:1CE11B51 deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Public

->Temp folder emptied: 0 bytes

 

User: SJGOEL

->Temp folder emptied: 985687 bytes

->Temporary Internet Files folder emptied: 10366934 bytes

->Java cache emptied: 2023 bytes

->FireFox cache emptied: 147993044 bytes

->Opera cache emptied: 0 bytes

->Flash cache emptied: 6767 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 46094 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 152.00 mb

 

 

[EMPTYFLASH]

 

User: All Users

 

User: Default

->Flash cache emptied: 0 bytes

 

User: Default User

->Flash cache emptied: 0 bytes

 

User: Public

 

User: SJGOEL

->Flash cache emptied: 0 bytes

 

Total Flash Files Cleaned = 0.00 mb

 

 

OTL by OldTimer - Version 3.2.22.3 log created on 05082011_155943

 

Files\Folders moved on Reboot...

C:\Users\SJGOEL\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-2352.log moved successfully.

 

Registry entries deleted on Reboot...

 

 

 

 

**************************

 

 

 

 

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

 

Database version: 6531

 

Windows 6.1.7601 Service Pack 1

Internet Explorer 8.0.7601.17514

 

08/05/2011 17:04:19

mbam-log-2011-05-08 (17-04-19).txt

 

Scan type: Full scan (C:\|)

Objects scanned: 340925

Time elapsed: 51 minute(s), 29 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

(No malicious items detected)

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

(No malicious items detected)

 

 

 

**************************

Edited by goel

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

Click here to Read Amazon Reviews!



×