Solved Browser redirects to unknown websites using windows 7

Gil · Aug 29, 2011

Hello!

I just joined this forum and this is my first post. For about a week now I've been getting redirected to unknown websites everytime I do a web search. I have used Windows Explorer, Google, Google Chrome, Yahoo and Bing; but all act in the same troublesome manner. I am not computer oriented, although I can follow instructions very well. I have the current Norton Symantec running. I have also tried Malwarebytes, CCleaner and Combofix to no avail. Please help.

Broni · Aug 29, 2011

Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running tools or applying updates other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

Gil · Aug 29, 2011

reply to

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7582

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

8/29/2011 1:00:10 PM
mbam-log-2011-08-29 (13-00-10).txt

Scan type: Quick scan
Objects scanned: 189638
Time elapsed: 2 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-08-29 18:53:14
Windows 6.1.7601 Service Pack 1
Running: oeue5nmn.exe

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c6076a27abb
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c6076a27abb (not active ControlSet)

---- EOF - GMER 1.0.15 ----

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Gil at 19:28:19 on 2011-08-29
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3758.1917 [GMT -7:00]
.
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe
c:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Care\VCSpt.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Apoint\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Apoint\Apvfb.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Sony\VAIO Care\VCPerfService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe
C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe
C:\Users\Gil\AppData\Local\Temp\Google Toolbar\gtbF0D5.tmp.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
C:\Program Files\Sony\VAIO Care\VCsystray.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Sony\VAIO Update 5\VUAgent.exe
C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL
BHO: Partner BHO Class: {83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4} - C:\ProgramData\Partner\Partner.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SmartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup
mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun: [PMBVolumeWatcher] c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - c:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: DhcpNameServer = 205.171.3.25 205.171.2.25
TCP: Interfaces\{B7FF4B2E-5BD3-4E60-81C8-16AE717E3273} : DhcpNameServer = 205.171.3.25 205.171.2.25
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Partner BHO Class: {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SmartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup
mRun-x64: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun-x64: [PMBVolumeWatcher] c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20110812.001\BHDrvx64.sys [2011-8-12 1151096]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20110828.030\IDSviA64.sys [2011-8-29 488568]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1206000.01D\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1206000.01D\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-7-12 13336]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe [2011-8-26 130008]
R2 Oasis2Service;Oasis2Service;C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe [2011-3-14 47616]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-6-1 367456]
R2 rimspci;rimspci;C:\Windows\system32\drivers\rimssne64.sys --> C:\Windows\system32\drivers\rimssne64.sys [?]
R2 risdsnpe;risdsnpe;C:\Windows\system32\drivers\risdsne64.sys --> C:\Windows\system32\drivers\risdsne64.sys [?]
R2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2011-8-26 252416]
R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2011-8-26 104960]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-8-26 2320920]
R2 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2011-8-26 575856]
R2 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-6-17 851824]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys --> C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-8-26 136824]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\DRIVERS\SFEP.sys --> C:\Windows\system32\DRIVERS\SFEP.sys [?]
R3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2010-6-6 304496]
R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update 5\VUAgent.exe [2011-8-26 1021840]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
R3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-8-26 136176]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-8-26 136176]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-7-19 340240]
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
S3 Partner Service;Partner Service;C:\ProgramData\Partner\Partner.exe [2011-8-26 332272]
S3 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-6-20 108400]
S3 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-6-18 423280]
S3 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-6-20 67952]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-6-9 537456]
S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-6-9 384880]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-6-9 101232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-08-28 21:20:37 -------- d-sh--w- C:\$RECYCLE.BIN
2011-08-28 16:42:22 -------- d-----w- C:\ComboFix
2011-08-28 14:39:59 98816 ----a-w- C:\Windows\sed.exe
2011-08-28 14:39:59 518144 ----a-w- C:\Windows\SWREG.exe
2011-08-28 14:39:59 256000 ----a-w- C:\Windows\PEV.exe
2011-08-28 14:39:59 208896 ----a-w- C:\Windows\MBR.exe
2011-08-28 03:36:18 -------- d--h--w- C:\ProgramData\Common Files
2011-08-28 03:36:12 -------- d-----w- C:\ProgramData\MFAData
2011-08-28 03:26:08 -------- d-----w- C:\Users\Gil\AppData\Roaming\AVG10
2011-08-27 20:42:07 -------- d-----w- C:\Users\Gil\AppData\Local\CrashDumps
2011-08-26 23:40:42 -------- d-----w- C:\Windows\System32\SPReview
2011-08-26 23:39:33 -------- d-----w- C:\Windows\System32\EventProviders
2011-08-26 23:37:09 48976 ----a-w- C:\Windows\System32\netfxperf.dll
2011-08-26 23:37:09 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2011-08-26 23:37:03 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2011-08-26 23:35:59 67072 ----a-w- C:\Windows\splwow64.exe
2011-08-26 23:34:59 9728 ----a-w- C:\Windows\System32\spwmp.dll
2011-08-26 23:32:25 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
2011-08-26 23:32:25 244736 ----a-w- C:\Program Files\Windows Portable Devices\sqmapi.dll
2011-08-26 23:32:16 244736 ----a-w- C:\Windows\System32\sqmapi.dll
2011-08-26 23:27:08 902656 ----a-w- C:\Windows\System32\d2d1.dll
2011-08-26 23:27:08 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2011-08-26 23:27:08 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2011-08-26 23:27:08 1139200 ----a-w- C:\Windows\System32\FntCache.dll
2011-08-26 23:27:08 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll
2011-08-26 22:33:57 -------- d-----w- C:\Users\Gil\Roaming
2011-08-26 22:32:30 -------- d-----w- C:\Program Files (x86)\Cisco
2011-08-26 22:11:21 -------- d-----w- C:\Users\Gil\AppData\Roaming\Auslogics
2011-08-26 22:09:18 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2011-08-26 22:09:18 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys
2011-08-26 22:09:18 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2011-08-26 22:09:18 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2011-08-26 22:09:18 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2011-08-26 22:09:18 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2011-08-26 22:09:18 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2011-08-26 21:58:09 80384 ----a-w- C:\Windows\System32\drivers\BTHUSB.SYS
2011-08-26 21:58:09 552960 ----a-w- C:\Windows\System32\drivers\bthport.sys
2011-08-26 21:58:09 229376 ----a-w- C:\Windows\System32\fsquirt.exe
2011-08-26 21:58:02 -------- d-----w- C:\Update
2011-08-26 21:57:45 2565632 ----a-w- C:\Windows\System32\esent.dll
2011-08-26 21:57:45 1699328 ----a-w- C:\Windows\SysWow64\esent.dll
2011-08-26 21:57:45 1659776 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2011-08-26 21:57:44 96768 ----a-w- C:\Windows\System32\fsutil.exe
2011-08-26 21:57:44 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
2011-08-26 21:57:44 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
2011-08-26 21:57:44 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
2011-08-26 21:57:44 189824 ----a-w- C:\Windows\System32\drivers\storport.sys
2011-08-26 21:57:44 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
2011-08-26 21:57:44 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
2011-08-26 21:57:44 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
2011-08-26 21:53:59 -------- d-----w- C:\Windows\SysWow64\Wat
2011-08-26 21:53:59 -------- d-----w- C:\Windows\System32\Wat
2011-08-26 21:00:51 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2011-08-26 20:59:55 3137536 ----a-w- C:\Windows\System32\win32k.sys
2011-08-26 20:57:59 5561216 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-08-26 20:48:26 -------- d-----w- C:\Users\Gil\AppData\Local\Sony Corporation
2011-08-26 20:36:29 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-08-26 20:36:28 -------- d-----w- C:\ProgramData\Malwarebytes
2011-08-26 20:36:24 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-08-26 20:35:26 -------- dc-h--w- C:\ProgramData\{F77EE8EF-305B-4394-A018-C1A57D2D66B5}
2011-08-26 19:08:46 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2011-08-26 18:56:02 912504 ----a-w- C:\Windows\System32\drivers\NISx64\1206000.01D\symefa64.sys
2011-08-26 18:56:02 744568 ----a-w- C:\Windows\System32\drivers\NISx64\1206000.01D\srtsp64.sys
2011-08-26 18:56:02 450680 ----a-w- C:\Windows\System32\drivers\NISx64\1206000.01D\symds64.sys
2011-08-26 18:56:02 40568 ----a-w- C:\Windows\System32\drivers\NISx64\1206000.01D\srtspx64.sys
2011-08-26 18:56:02 386168 ----a-w- C:\Windows\System32\drivers\NISx64\1206000.01D\symnets.sys
2011-08-26 18:56:02 171128 ----a-w- C:\Windows\System32\drivers\NISx64\1206000.01D\ironx64.sys
2011-08-26 18:55:55 -------- d-----w- C:\Windows\System32\drivers\NISx64\1206000.01D
2011-08-26 18:33:48 -------- d-----w- C:\Program Files\CCleaner
2011-08-26 18:24:43 -------- d-----w- C:\Users\Gil\AppData\Local\Adobe
2011-08-26 17:56:21 -------- d-----w- C:\Users\Gil\AppData\Roaming\Malwarebytes
2011-08-26 17:34:45 174200 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2011-08-26 17:34:45 -------- d-----w- C:\Program Files\Symantec
2011-08-26 17:34:45 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2011-08-26 17:34:43 -------- d-----w- C:\Users\Gil\AppData\Roaming\Intel Corporation
2011-08-26 17:34:35 -------- d-----w- C:\Users\Gil\AppData\Roaming\Intel
2011-08-26 16:02:46 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll
2011-08-26 16:02:46 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll
2011-08-26 16:02:06 -------- d-----w- C:\Program Files (x86)\Microsoft
2011-08-26 16:01:48 -------- d-----w- C:\Program Files (x86)\Windows Live SkyDrive
2011-08-26 16:01:24 -------- d-----w- C:\Windows\PCHEALTH
2011-08-26 16:01:19 4927864 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\64d457a11cc6409\Silverlight.2.0.exe
2011-08-26 16:01:12 74520 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\607aff531cc6409\DSETUP.dll
2011-08-26 16:01:12 484632 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\607aff531cc6409\DXSETUP.exe
2011-08-26 16:01:12 1670936 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\607aff531cc6409\dsetup32.dll
2011-08-26 16:00:52 141399376 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\wlc259A.tmp
2011-08-26 16:00:47 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
2011-08-26 15:47:42 -------- d-----w- C:\VAIO Sample Contents
2011-08-26 15:33:33 -------- d-----w- C:\SPLASH.000
2011-08-26 15:33:18 -------- d-----w- C:\SPLASH.SYS
2011-08-26 15:33:05 -------- d-----w- C:\Program Files (x86)\Downloaded Installations
2011-08-26 15:17:55 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2011-08-26 15:17:50 5073256 ----a-w- C:\Windows\System32\d3dx9_35.dll
2011-08-26 15:12:31 499712 ----a-r- C:\Windows\SysWow64\msvcp71.dll
2011-08-26 15:12:31 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2011-08-26 15:12:31 245408 ----a-w- C:\Windows\SysWow64\unicows.dll
2011-08-26 15:12:30 212480 ----a-w- C:\Windows\SysWow64\PCDLIB32.DLL
2011-08-26 15:12:29 55808 ----a-w- C:\Windows\system\ArcSoftKsUFilter.dll
2011-08-26 15:12:29 19968 ----a-w- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys
2011-08-26 15:12:26 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2011-08-26 15:12:26 32768 ------w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2011-08-26 15:12:26 225280 ------w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
2011-08-26 15:12:26 176128 ------w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2011-08-26 15:12:25 614532 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2011-08-26 15:10:38 -------- d-----w- C:\Program Files (x86)\Evernote
2011-08-26 15:10:33 -------- d-----w- C:\ProgramData\Evernote
2011-08-26 15:10:00 -------- d-----w- C:\Documentation
2011-08-26 15:10:00 -------- d-----w- C:\_FS_SWRINFO
2011-08-26 15:09:08 114688 ----a-w- C:\Program Files (x86)\Windows Sidebar\Gadgets\eBayGadget.Gadget\Bin\eBayGadget.dll
2011-08-26 15:09:06 114688 ----a-w- C:\Program Files\Windows Sidebar\Gadgets\eBayGadget.Gadget\Bin\eBayGadget.dll
2011-08-26 15:09:05 -------- d-----w- C:\Program Files\Sony
2011-08-26 15:06:58 15360 ----a-w- C:\Windows\System32\drivers\en-US\pacer.sys.mui
2011-08-26 14:58:47 -------- d-----w- C:\Program Files (x86)\Sony
2011-08-26 14:57:42 -------- d-----r- C:\Program Files (x86)\Skype
2011-08-26 14:56:24 -------- d---a-w- C:\Program Files\Shutterfly
2011-08-26 14:54:21 -------- d-----w- C:\Program Files\PlayReady
2011-08-26 14:52:58 -------- d---a-w- C:\Nobu_Icon
2011-08-26 14:50:53 -------- d-----w- C:\Windows\System32\drivers\NISx64
2011-08-26 14:50:51 -------- d-----w- C:\ProgramData\Norton
2011-08-26 14:50:51 -------- d-----w- C:\Program Files (x86)\Norton Internet Security
2011-08-26 14:50:29 -------- d-----w- C:\ProgramData\NortonInstaller
2011-08-26 14:50:29 -------- d-----w- C:\Program Files (x86)\NortonInstaller
2011-08-26 14:44:24 411368 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-08-26 14:42:15 455680 ----a-w- C:\Windows\System32\deployJava1.dll
2011-08-26 14:40:01 -------- d-----w- C:\Program Files (x86)\Intel Corporation
2011-08-26 14:40:01 -------- d-----w- C:\Program Files (x86)\Common Files\Intel Corporation
2011-08-26 14:37:48 -------- d-----w- C:\ProgramData\Partner
2011-08-26 14:36:37 -------- d-----w- C:\Windows\Sonysys
2011-08-26 14:32:07 -------- d-----w- C:\Program Files (x86)\AccuWeather.com Cirrus
2011-08-26 14:29:45 -------- d-----w- C:\Program Files\Common Files\Sony Shared
2011-08-26 14:29:45 -------- d-----w- C:\Program Files (x86)\Common Files\Sony Shared
2011-08-26 14:28:37 749568 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2011-08-26 14:28:37 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2011-08-26 14:28:37 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2011-08-26 14:28:37 323716 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
2011-08-26 14:28:37 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2011-08-26 14:28:37 192644 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2011-08-26 14:28:37 180224 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2011-08-26 14:21:22 -------- d-----w- C:\Program Files\Apoint
2011-08-26 14:19:24 -------- d-----w- C:\Program Files (x86)\Common Files\postureAgent
2011-08-26 14:19:04 -------- d-----w- C:\Windows\SysWow64\RTCOM
2011-08-26 14:19:04 -------- d-----w- C:\Program Files\Realtek
2011-08-26 14:14:02 -------- d-----w- C:\ProgramData\DDNi
2011-08-26 14:14:02 -------- d-----w- C:\Program Files (x86)\DDNi
2011-08-26 14:14:00 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
2011-08-26 14:14:00 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2011-08-26 14:13:56 -------- d-sh--w- C:\Windows\Installer
.
==================== Find3M ====================
.
2011-08-26 23:46:59 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-08-26 23:46:59 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-08-26 15:07:04 2560 ----a-w- C:\Windows\SysWow64\drivers\en-US\qwavedrv.sys.mui
2011-08-26 15:07:01 25600 ----a-w- C:\Windows\SysWow64\drivers\en-US\bfe.dll.mui
2011-08-26 15:07:01 15360 ----a-w- C:\Windows\SysWow64\drivers\en-US\pacer.sys.mui
2011-08-26 15:06:55 2560 ----a-w- C:\Windows\SysWow64\drivers\en-US\scfilter.sys.mui
2011-08-26 15:06:54 5632 ----a-w- C:\Windows\SysWow64\drivers\en-US\ndiscap.sys.mui
2011-08-26 15:06:51 44032 ----a-w- C:\Windows\SysWow64\drivers\en-US\tcpip.sys.mui
2011-07-16 05:41:50 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-07-16 05:41:49 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-07-16 05:41:49 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-07-16 05:39:10 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-07-16 05:37:12 421888 ----a-w- C:\Windows\System32\KernelBase.dll
2011-07-16 04:29:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-07-16 04:26:00 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-07-16 04:25:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-07-16 04:24:23 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-07-16 04:24:22 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-07-16 02:21:44 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-07-16 02:21:41 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-07-16 02:17:19 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17:19 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17:19 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17:19 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-09 05:26:20 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-07-09 04:29:46 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-07-09 02:46:28 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-06-24 05:34:53 214528 ----a-w- C:\Windows\System32\winsrv.dll
2011-06-24 05:25:49 338432 ----a-w- C:\Windows\System32\conhost.exe
2011-06-23 04:33:57 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-06-23 04:33:57 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-06-21 06:34:00 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-06-15 10:02:23 212992 ----a-w- C:\Windows\System32\odbctrac.dll
2011-06-15 10:02:23 163840 ----a-w- C:\Windows\System32\odbccp32.dll
2011-06-15 10:02:23 106496 ----a-w- C:\Windows\System32\odbccu32.dll
2011-06-15 10:02:23 106496 ----a-w- C:\Windows\System32\odbccr32.dll
2011-06-15 08:55:19 86016 ----a-w- C:\Windows\SysWow64\odbccu32.dll
2011-06-15 08:55:19 81920 ----a-w- C:\Windows\SysWow64\odbccr32.dll
2011-06-15 08:55:19 319488 ----a-w- C:\Windows\SysWow64\odbcjt32.dll
2011-06-15 08:55:19 163840 ----a-w- C:\Windows\SysWow64\odbctrac.dll
2011-06-15 08:55:19 122880 ----a-w- C:\Windows\SysWow64\odbccp32.dll
.
============= FINISH: 19:36:07.26 ===============

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 8/26/2011 10:30:27 AM
System Uptime: 8/29/2011 2:03:39 PM (5 hours ago)
.
Motherboard: Sony Corporation | | VAIO
Processor: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz | N/A | 2399/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 455 GiB total, 416.827 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP9: 8/26/2011 3:57:35 PM - Windows Update
RP10: 8/26/2011 4:06:38 PM - VAIO Care Automatic Restore Point
RP11: 8/26/2011 4:39:05 PM - Windows Update
RP12: 8/26/2011 7:45:54 PM - VAIO Care Automatic Restore Point
RP13: 8/26/2011 7:53:44 PM - Windows Update
RP14: 8/26/2011 8:14:00 PM - VAIO Care Automatic Restore Point
RP15: 8/26/2011 8:23:21 PM - Windows Update
RP16: 8/26/2011 8:28:25 PM - Installed Remote Keyboard with PlayStation 3
RP17: 8/27/2011 1:11:56 PM - Installed HiJackThis
RP18: 8/27/2011 1:57:21 PM - Installed HiJackThis
RP19: 8/27/2011 8:42:56 PM - VAIO Care Automatic Restore Point
.
==== Installed Programs ======================
.
.
AccuWeather.com Cirrus
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.2
Application Manager for VAIO
ArcSoft Magic-i Visual Effects 2
ArcSoft WebCam Companion 3
Evernote
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Intel(R) Control Center
Intel(R) Graphics Media Accelerator Driver
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
Java Auto Updater
Java(TM) 6 Update 20
Junk Mail filter update
Malwarebytes' Anti-Malware version 1.51.1.1800
Media Gallery
Microsoft Choice Guard
Microsoft Office 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MSVCRT
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB973685)
Norton Internet Security
Oasis2Service 1.0
OOBE
PMB
PMB VAIO Edition Guide
PMB VAIO Edition plug-in (Click to Disc)
PMB VAIO Edition plug-in (VAIO Image Optimizer)
PMB VAIO Edition plug-in (VAIO Movie Story)
Realtek High Definition Audio Driver
Remote Keyboard
Remote Play with PlayStation 3
Remote Play with PlayStation®3
Skype™ 4.2
SmartWi Connection Utility
VAIO - Media Gallery
VAIO - PMB VAIO Edition Guide
VAIO - PMB VAIO Edition plug-in (Click to Disc)
VAIO - PMB VAIO Edition plug-in (VAIO Image Optimizer)
VAIO - PMB VAIO Edition plug-in (VAIO Movie Story)
VAIO - Remote Keyboard
VAIO Care
VAIO Control Center
VAIO Data Restore Tool
VAIO DVD Menu Data
VAIO Gate
VAIO Gate Default
VAIO Hardware Diagnostics
VAIO Help and Support
VAIO Manual
VAIO Media plus
VAIO Media plus Opening Movie
VAIO Messenger
VAIO Movie Story Template Data
VAIO Quick Web Access
VAIO Sample Contents
VAIO Survey
VAIO Transfer Support
VAIO Update
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
.
==== Event Viewer Messages From Past Week ========
.
8/28/2011 9:44:14 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
8/28/2011 9:39:11 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
8/28/2011 9:39:11 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
8/28/2011 9:39:10 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
8/28/2011 9:39:09 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/28/2011 9:39:03 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
8/28/2011 9:39:03 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
8/28/2011 9:38:52 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx64 DfsC discache eeCtrl IDSVia64 NetBIOS NetBT nsiproxy Psched rdbss spldr SRTSPX SymIRON SymNetS tdx vwififlt Wanarpv6 WfpLwf
8/28/2011 9:38:49 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/28/2011 9:38:49 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
8/28/2011 9:38:49 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
8/28/2011 9:38:49 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
8/28/2011 9:38:49 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
8/28/2011 9:38:49 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
8/28/2011 9:38:49 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/28/2011 9:38:49 AM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/28/2011 9:38:49 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/28/2011 9:38:49 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/28/2011 9:38:49 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
8/28/2011 6:19:02 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk0\DR0.
8/28/2011 3:12:54 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the DNS Client service, but this action failed with the following error: An instance of the service is already running.
8/28/2011 3:10:54 PM, Error: Service Control Manager [7031] - The Workstation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/28/2011 3:10:54 PM, Error: Service Control Manager [7031] - The Telephony service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
8/28/2011 3:10:54 PM, Error: Service Control Manager [7031] - The Remote Desktop Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/28/2011 3:10:54 PM, Error: Service Control Manager [7031] - The Network Location Awareness service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
8/28/2011 3:10:54 PM, Error: Service Control Manager [7031] - The DNS Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
8/28/2011 3:10:54 PM, Error: Service Control Manager [7031] - The Cryptographic Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/28/2011 2:19:08 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
8/28/2011 10:16:37 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
8/27/2011 3:34:57 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Oasis2Service service to connect.
8/27/2011 3:34:57 PM, Error: Service Control Manager [7000] - The Oasis2Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/26/2011 8:51:37 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
8/26/2011 8:51:35 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
8/26/2011 2:47:30 PM, Error: Service Control Manager [7023] -
8/26/2011 2:44:49 PM, Error: Service Control Manager [7000] - The VAIO Event Service service failed to start due to the following error: The pipe has been ended.
8/26/2011 2:44:46 PM, Error: Service Control Manager [7031] - The Intel(R) Management and Security Application Local Management Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
8/26/2011 2:44:44 PM, Error: Service Control Manager [7034] - The PMBDeviceInfoProvider service terminated unexpectedly. It has done this 1 time(s).
8/26/2011 2:44:44 PM, Error: Service Control Manager [7031] - The VAIO Event Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 3000 milliseconds: Restart the service.
8/26/2011 2:44:43 PM, Error: Service Control Manager [7034] - The CamMonitor service terminated unexpectedly. It has done this 1 time(s).
8/26/2011 2:44:39 PM, Error: Service Control Manager [7034] - The Oasis2Service service terminated unexpectedly. It has done this 1 time(s).
8/26/2011 2:44:25 PM, Error: Service Control Manager [7031] - The Norton Internet Security service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
8/26/2011 2:11:56 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft XML Core Services 4.0 Service Pack 3 for x64-based Systems (KB973685).
8/26/2011 12:00:51 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
8/26/2011 12:00:51 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================

Broni · Aug 29, 2011

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan:

On completion of the scan click "Save log", save it to your desktop and post in your next reply:

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

===============================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

Gil · Aug 30, 2011

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-08-29 20:28:50
-----------------------------
20:28:50.140 OS Version: Windows x64 6.1.7601 Service Pack 1
20:28:50.140 Number of processors: 4 586 0x2505
20:28:50.140 ComputerName: GIL-VAIO UserName: Gil
20:28:52.027 Initialize success
20:33:38.040 AVAST engine defs: 11082901
20:34:33.576 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:34:33.576 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
20:34:33.592 Disk 0 MBR read successfully
20:34:33.592 Disk 0 MBR scan
20:34:33.607 Disk 0 MBR:Alureon-I [Rtk]
20:34:33.607 Disk 0 TDL4@MBR code has been found
20:34:33.623 Disk 0 Windows 7 default MBR code found via API
20:34:33.623 Disk 0 MBR hidden
20:34:33.623 Disk 0 MBR [TDL4] **ROOTKIT**
20:34:33.623 Disk 0 trace - called modules:
20:34:33.638 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa800637f254]<<
20:34:33.638 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800636b790]
20:34:33.638 3 CLASSPNP.SYS[fffff88001dc943f] -> nt!IofCallDriver -> [0xfffffa800432c630]
20:34:33.654 5 ACPI.sys[fffff88000f877a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004331050]
20:34:33.654 \Driver\iaStor[0xfffffa800430acb0] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa800637f254
20:34:34.871 AVAST engine scan C:\Windows
20:34:39.052 AVAST engine scan C:\Windows\system32
20:36:26.427 AVAST engine scan C:\Windows\system32\drivers
20:36:40.872 AVAST engine scan C:\Users\Gil
20:38:38.091 AVAST engine scan C:\ProgramData
20:39:47.776 Scan finished successfully
20:44:42.305 Disk 0 MBR has been saved successfully to "C:\Users\Gil\Downloads\MBR.dat"
20:44:42.320 The log file has been saved successfully to "C:\Users\Gil\Downloads\aswMBR.txt"
20:45:30.552 Disk 0 MBR has been saved successfully to "C:\Users\Gil\Desktop\MBR.dat"
20:45:30.552 The log file has been saved successfully to "C:\Users\Gil\Desktop\aswMBR.txt"

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

ComboFix 11-08-29.03 - Gil 08/30/2011 7:09.4.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3758.2533 [GMT -7:00]
Running from: c:\users\Gil\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-07-28 to 2011-08-30 )))))))))))))))))))))))))))))))
.
.
2011-08-30 14:48 . 2011-08-30 14:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-28 03:36 . 2011-08-28 03:36 -------- d--h--w- c:\programdata\Common Files
2011-08-28 03:36 . 2011-08-28 03:36 -------- d-----w- c:\programdata\MFAData
2011-08-26 23:40 . 2011-08-26 23:40 -------- d-----w- c:\windows\system32\SPReview
2011-08-26 23:39 . 2011-08-26 23:39 -------- d-----w- c:\windows\system32\EventProviders
2011-08-26 23:37 . 2010-11-05 01:57 48976 ----a-w- c:\windows\system32\netfxperf.dll
2011-08-26 23:37 . 2010-11-05 01:57 1942856 ----a-w- c:\windows\system32\dfshim.dll
2011-08-26 23:37 . 2010-11-05 01:58 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2011-08-26 23:35 . 2010-11-20 13:27 303616 ----a-w- c:\windows\system32\scansetting.dll
2011-08-26 23:34 . 2010-11-20 13:27 5120 ----a-w- c:\windows\system32\msdxm.ocx
2011-08-26 23:32 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2011-08-26 23:32 . 2010-11-20 13:27 244736 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll
2011-08-26 23:32 . 2010-11-20 13:27 244736 ----a-w- c:\windows\system32\sqmapi.dll
2011-08-26 23:27 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
2011-08-26 23:27 . 2011-02-19 12:04 1544192 ----a-w- c:\windows\system32\DWrite.dll
2011-08-26 23:27 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-08-26 23:27 . 2011-02-19 06:30 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-08-26 23:27 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2011-08-26 22:33 . 2011-08-26 22:33 -------- d-----w- c:\users\Public\Roaming
2011-08-26 22:33 . 2011-08-26 22:33 -------- d-----w- c:\users\Default\Roaming
2011-08-26 22:33 . 2011-08-26 22:33 -------- d-----w- c:\programdata\Intel
2011-08-26 22:32 . 2011-08-26 22:32 -------- d-----w- c:\program files (x86)\Cisco
2011-08-26 22:09 . 2011-03-25 03:29 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-08-26 22:09 . 2011-03-25 03:29 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-08-26 22:09 . 2011-03-25 03:29 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-08-26 22:09 . 2011-03-25 03:29 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-08-26 22:09 . 2011-03-25 03:29 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-08-26 22:09 . 2011-03-25 03:29 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-08-26 22:09 . 2011-03-25 03:28 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
2011-08-26 21:58 . 2011-04-28 03:55 552960 ----a-w- c:\windows\system32\drivers\bthport.sys
2011-08-26 21:58 . 2011-04-28 03:54 80384 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2011-08-26 21:58 . 2010-11-20 13:24 229376 ----a-w- c:\windows\system32\fsquirt.exe
2011-08-26 21:58 . 2011-08-27 03:30 -------- d-----w- C:\Update
2011-08-26 21:57 . 2011-03-11 06:41 1659776 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-08-26 21:57 . 2011-03-11 06:33 2565632 ----a-w- c:\windows\system32\esent.dll
2011-08-26 21:57 . 2011-03-11 05:33 1699328 ----a-w- c:\windows\SysWow64\esent.dll
2011-08-26 21:57 . 2011-03-11 06:41 189824 ----a-w- c:\windows\system32\drivers\storport.sys
2011-08-26 21:57 . 2011-03-11 06:41 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys
2011-08-26 21:57 . 2011-03-11 06:41 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys
2011-08-26 21:57 . 2011-03-11 06:41 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2011-08-26 21:57 . 2011-03-11 06:41 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys
2011-08-26 21:57 . 2011-03-11 06:41 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys
2011-08-26 21:57 . 2011-03-11 06:30 96768 ----a-w- c:\windows\system32\fsutil.exe
2011-08-26 21:57 . 2011-03-11 05:31 74240 ----a-w- c:\windows\SysWow64\fsutil.exe
2011-08-26 21:53 . 2011-08-26 21:53 -------- d-----w- c:\windows\SysWow64\Wat
2011-08-26 21:53 . 2011-08-26 21:53 -------- d-----w- c:\windows\system32\Wat
2011-08-26 21:00 . 2011-02-25 06:22 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-26 20:59 . 2011-06-11 03:07 3137536 ----a-w- c:\windows\system32\win32k.sys
2011-08-26 20:57 . 2011-06-23 05:43 5561216 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-26 20:36 . 2011-07-07 02:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-08-26 20:36 . 2011-08-26 20:36 -------- d-----w- c:\programdata\Malwarebytes
2011-08-26 20:36 . 2011-08-26 20:36 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-08-26 20:35 . 2011-08-26 20:35 -------- dc-h--w- c:\programdata\{F77EE8EF-305B-4394-A018-C1A57D2D66B5}
2011-08-26 19:08 . 2011-08-26 19:08 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2011-08-26 18:33 . 2011-08-26 18:33 -------- d-----w- c:\program files\CCleaner
2011-08-26 17:34 . 2011-08-26 18:56 174200 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2011-08-26 17:34 . 2011-08-26 18:56 -------- d-----w- c:\program files\Symantec
2011-08-26 17:34 . 2011-08-26 17:34 -------- d-----w- c:\program files\Common Files\Symantec Shared
2011-08-26 17:31 . 2011-08-26 17:31 -------- d-----w- c:\users\Public\Symantec
2011-08-26 17:30 . 2011-08-26 17:30 -------- d-----w- c:\windows\SysWow64\VAIO Startup Setting Tool
2011-08-26 17:30 . 2011-08-27 03:50 -------- d-----w- c:\users\Gil
2011-08-26 16:03 . 2011-08-26 16:03 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2011-08-26 16:02 . 2006-11-29 20:06 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll
2011-08-26 16:02 . 2006-11-29 20:06 3426072 ----a-w- c:\windows\SysWow64\d3dx9_32.dll
2011-08-26 16:02 . 2011-08-26 16:02 -------- d-----w- c:\program files (x86)\Microsoft
2011-08-26 16:01 . 2011-08-26 16:01 -------- d-----w- c:\program files (x86)\Windows Live SkyDrive
2011-08-26 16:01 . 2011-08-26 16:01 -------- d-----w- c:\windows\PCHEALTH
2011-08-26 16:00 . 2011-08-26 16:00 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
2011-08-26 15:47 . 2011-08-26 15:47 -------- d-----w- C:\VAIO Sample Contents
2011-08-26 15:33 . 2011-08-26 15:33 -------- d-----w- C:\SPLASH.000
2011-08-26 15:33 . 2011-08-26 15:33 -------- d-----w- C:\SPLASH.SYS
2011-08-26 15:33 . 2011-08-26 15:33 -------- d-----w- c:\program files (x86)\Downloaded Installations
2011-08-26 15:17 . 2011-08-26 15:17 -------- d-----w- c:\program files (x86)\MSXML 4.0
2011-08-26 15:17 . 2007-07-20 01:14 5073256 ----a-w- c:\windows\system32\d3dx9_35.dll
2011-08-26 15:12 . 2005-04-27 23:36 245408 ----a-w- c:\windows\SysWow64\unicows.dll
2011-08-26 15:12 . 2003-03-19 05:14 499712 ----a-r- c:\windows\SysWow64\msvcp71.dll
2011-08-26 15:12 . 2003-02-21 11:42 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2011-08-26 15:12 . 1995-07-31 20:44 212480 ----a-w- c:\windows\SysWow64\PCDLIB32.DLL
2011-08-26 15:12 . 2011-08-26 15:52 -------- d-----w- c:\program files (x86)\ArcSoft
2011-08-26 15:12 . 2011-08-26 15:12 -------- d-----w- c:\program files (x86)\Common Files\ArcSoft
2011-08-26 15:12 . 2009-05-26 21:32 19968 ----a-w- c:\windows\system32\drivers\ArcSoftKsUFilter.sys
2011-08-26 15:12 . 2008-09-05 00:06 55808 ----a-w- c:\windows\system\ArcSoftKsUFilter.dll
2011-08-26 15:10 . 2011-08-26 15:10 -------- d-----w- c:\program files (x86)\Evernote
2011-08-26 15:10 . 2011-08-26 15:10 -------- d-----w- c:\programdata\Evernote
2011-08-26 15:10 . 2011-08-26 15:10 -------- d-----w- C:\Documentation
2011-08-26 15:10 . 2011-08-26 15:10 -------- d-----w- C:\_FS_SWRINFO
2011-08-26 15:09 . 2008-09-25 01:17 114688 ----a-w- c:\program files (x86)\Windows Sidebar\Gadgets\eBayGadget.Gadget\Bin\eBayGadget.dll
2011-08-26 15:09 . 2008-09-25 01:17 114688 ----a-w- c:\program files\Windows Sidebar\Gadgets\eBayGadget.Gadget\Bin\eBayGadget.dll
2011-08-26 15:09 . 2011-08-27 03:28 -------- d-----w- c:\program files\Sony
2011-08-26 15:08 . 2011-08-26 22:33 -------- d-----w- c:\users\boinc_master
2011-08-26 15:06 . 2011-08-26 17:33 -------- d-----w- c:\program files (x86)\BOINC
2011-08-26 15:06 . 2011-08-26 17:33 -------- d-----w- c:\programdata\BOINC
2011-08-26 15:06 . 2011-08-26 15:06 -------- d-----w- c:\windows\Downloaded Installations
2011-08-26 15:06 . 2011-08-26 16:03 -------- d-----w- c:\program files (x86)\Windows Live
2011-08-26 14:58 . 2011-08-27 03:28 -------- d-----w- c:\program files (x86)\Sony
2011-08-26 14:57 . 2011-08-26 14:57 -------- d-----w- c:\program files (x86)\Common Files\Skype
2011-08-26 14:57 . 2011-08-26 14:57 -------- d-----r- c:\program files (x86)\Skype
2011-08-26 14:57 . 2011-08-26 14:57 -------- d-----w- c:\programdata\Skype
2011-08-26 14:56 . 2011-08-26 14:56 -------- d---a-w- c:\program files\Shutterfly
2011-08-26 14:54 . 2011-08-26 14:54 -------- d-----w- c:\program files\PlayReady
2011-08-26 14:52 . 2011-08-26 14:52 -------- d---a-w- C:\Nobu_Icon
2011-08-26 14:50 . 2011-08-26 19:00 -------- d-----w- c:\windows\system32\drivers\NISx64
2011-08-26 14:50 . 2011-08-26 20:38 -------- d-----w- c:\programdata\Norton
2011-08-26 14:50 . 2011-08-26 14:50 -------- d-----w- c:\program files (x86)\Norton Internet Security
2011-08-26 14:50 . 2011-08-26 14:50 -------- d-----w- c:\program files (x86)\NortonInstaller
2011-08-26 14:44 . 2011-08-26 14:44 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-08-26 14:44 . 2011-08-26 14:44 411368 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-08-26 14:44 . 2011-08-26 14:44 -------- d-----w- c:\program files (x86)\Java
2011-08-26 14:42 . 2011-08-26 14:42 455680 ----a-w- c:\windows\system32\deployJava1.dll
2011-08-26 14:42 . 2011-08-26 14:42 -------- d-----w- c:\program files\Java
2011-08-26 14:40 . 2011-08-26 14:40 -------- d-----w- c:\program files (x86)\Common Files\Intel Corporation
2011-08-26 14:40 . 2011-08-26 14:40 -------- d-----w- c:\program files (x86)\Intel Corporation
2011-08-26 14:37 . 2011-08-26 14:37 -------- d-----w- c:\programdata\Partner
2011-08-26 14:37 . 2011-08-26 14:37 -------- d-----w- c:\program files\Google
2011-08-26 14:37 . 2011-08-26 14:37 -------- d-----w- c:\program files (x86)\Google
2011-08-26 14:36 . 2011-08-26 15:56 -------- d-----w- c:\windows\Sonysys
2011-08-26 14:34 . 2011-08-26 14:34 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2011-08-26 14:33 . 2011-08-26 14:33 -------- d-----w- c:\windows\SysWow64\Macromed
2011-08-26 14:32 . 2011-08-26 14:32 -------- d-----w- c:\program files (x86)\AccuWeather.com Cirrus
2011-08-26 14:30 . 2011-08-26 14:30 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2011-08-26 14:29 . 2011-08-26 15:13 -------- d-----w- c:\program files (x86)\Common Files\Sony Shared
2011-08-26 14:29 . 2011-08-26 15:13 -------- d-----w- c:\program files\Common Files\Sony Shared
2011-08-26 14:21 . 2011-08-26 14:21 -------- d-----w- c:\program files\Intel
2011-08-26 14:21 . 2011-08-26 14:21 -------- d-----w- c:\program files\Apoint
2011-08-26 14:19 . 2011-08-26 14:19 -------- d-----w- c:\program files (x86)\Common Files\postureAgent
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-26 23:46 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-08-26 23:46 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-08-26 15:07 . 2011-08-26 15:07 2560 ----a-w- c:\windows\SysWow64\drivers\en-US\qwavedrv.sys.mui
2011-08-26 15:07 . 2011-08-26 15:07 25600 ----a-w- c:\windows\SysWow64\drivers\en-US\bfe.dll.mui
2011-08-26 15:07 . 2011-08-26 15:07 15360 ----a-w- c:\windows\SysWow64\drivers\en-US\pacer.sys.mui
2011-08-26 15:06 . 2011-08-26 15:06 2560 ----a-w- c:\windows\SysWow64\drivers\en-US\scfilter.sys.mui
2011-08-26 15:06 . 2011-08-26 15:06 5632 ----a-w- c:\windows\SysWow64\drivers\en-US\ndiscap.sys.mui
2011-08-26 15:06 . 2011-08-26 15:06 44032 ----a-w- c:\windows\SysWow64\drivers\en-US\tcpip.sys.mui
2011-07-16 04:26 . 2011-08-26 20:57 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-28_15.17.21 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2011-08-27 13:52 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-08-29 19:46 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-08-27 13:52 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-08-29 19:46 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-08-27 13:52 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-08-29 19:46 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-07-12 20:27 . 2011-08-29 19:46 36324 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-08-30 13:59 32832 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-08-26 14:16 . 2011-08-30 14:03 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-08-26 14:16 . 2011-08-28 14:09 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-08-26 14:16 . 2011-08-30 14:03 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-08-26 14:16 . 2011-08-28 14:09 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-08-30 14:03 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-08-28 14:09 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-08-29 19:46 . 2011-08-29 19:46 25088 c:\windows\Installer\365f9.msi
+ 2011-08-26 20:22 . 2011-08-30 13:59 3794 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2241695237-3467037152-784942140-1005_UserData.bin
- 2011-08-28 14:02 . 2011-08-28 14:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-08-29 19:42 . 2011-08-30 13:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-08-29 19:42 . 2011-08-30 13:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-08-28 14:02 . 2011-08-28 14:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-08-27 02:26 . 2011-08-30 14:42 219286 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2011-08-30 14:02 615360 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-08-28 14:08 615360 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-08-30 14:02 103702 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-08-28 14:08 103702 c:\windows\system32\perfc009.dat
+ 2011-08-29 01:25 . 2011-08-29 01:26 299408 c:\windows\system32\FNTCACHE.DAT
- 2011-08-27 22:34 . 2011-08-27 22:34 299408 c:\windows\system32\FNTCACHE.DAT
+ 2011-08-26 14:27 . 2011-08-29 14:14 689448 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-08-26 14:27 . 2011-08-28 03:45 689448 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-07-14 05:01 . 2011-08-29 14:14 254900 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-08-28 03:45 254900 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-08-26 18:57 . 2011-08-29 14:14 1519856 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2241695237-3467037152-784942140-1005-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2011-08-26 14:37 433648 ----a-w- c:\programdata\Partner\Partner.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"SmartWiHelper"="c:\program files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" [2010-07-15 89080]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2010-06-01 673136]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-06-01 600928]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-26 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-26 136176]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-07-20 340240]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
R3 Partner Service;Partner Service;c:\programdata\Partner\Partner.exe [2011-08-26 332272]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-06-21 108400]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-06-18 423280]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-06-21 67952]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-06-09 537456]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-06-09 384880]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-06-09 101232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20110812.001\BHDrvx64.sys [2011-08-13 1151096]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20110828.030\IDSvia64.sys [2011-08-25 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1206000.01D\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe [2011-04-17 130008]
S2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe [2011-03-14 47616]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-06-01 367456]
S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [x]
S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys [x]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2010-05-25 252416]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-05-28 2320920]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2010-06-22 575856]
S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-06-17 851824]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-08-26 136824]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [x]
S3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2010-06-07 304496]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe [2011-04-20 1021840]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-26 14:37]
.
2011-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-26 14:37]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2011-08-26 14:37 750064 ----a-w- c:\programdata\Partner\Partner64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-05-31 10775584]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-05-31 2040352]
"Apoint"="c:\program files (x86)\Apoint\Apoint.exe" [BU]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-07-20 1931024]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=2000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-08-30 08:06:44
ComboFix-quarantined-files.txt 2011-08-30 15:06
ComboFix2.txt 2011-08-30 04:49
ComboFix3.txt 2011-08-28 17:34
ComboFix4.txt 2011-08-28 15:35
.
Pre-Run: 450,950,529,024 bytes free
Post-Run: 450,902,241,280 bytes free
.
- - End Of File - - 29490D737A1520BE1F9A5F367D7A41E9

Broni · Aug 30, 2011

You ran Combofix several times.
Never a good idea to do it on your own.

Open Windows Explorer, navigate to C:\Qoobox folder and post content of ComboFix2.txt file.

Gil · Aug 30, 2011

ComboFix 11-08-29.03 - Gil 08/29/2011 20:58:21.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3758.2108 [GMT -7:00]
Running from: c:\users\Gil\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-07-28 to 2011-08-30 )))))))))))))))))))))))))))))))
.
.
2011-08-30 04:30 . 2011-08-30 04:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-28 03:36 . 2011-08-28 03:36 -------- d--h--w- c:\programdata\Common Files
2011-08-28 03:36 . 2011-08-28 03:36 -------- d-----w- c:\programdata\MFAData
2011-08-26 23:40 . 2011-08-26 23:40 -------- d-----w- c:\windows\system32\SPReview
2011-08-26 23:39 . 2011-08-26 23:39 -------- d-----w- c:\windows\system32\EventProviders
2011-08-26 23:37 . 2010-11-05 01:57 48976 ----a-w- c:\windows\system32\netfxperf.dll
2011-08-26 23:37 . 2010-11-05 01:57 1942856 ----a-w- c:\windows\system32\dfshim.dll
2011-08-26 23:37 . 2010-11-05 01:58 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2011-08-26 23:35 . 2010-11-20 13:27 303616 ----a-w- c:\windows\system32\scansetting.dll
2011-08-26 23:34 . 2010-11-20 13:27 5120 ----a-w- c:\windows\system32\msdxm.ocx
2011-08-26 23:32 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2011-08-26 23:32 . 2010-11-20 13:27 244736 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll
2011-08-26 23:32 . 2010-11-20 13:27 244736 ----a-w- c:\windows\system32\sqmapi.dll
2011-08-26 23:27 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
2011-08-26 23:27 . 2011-02-19 12:04 1544192 ----a-w- c:\windows\system32\DWrite.dll
2011-08-26 23:27 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-08-26 23:27 . 2011-02-19 06:30 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-08-26 23:27 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2011-08-26 22:33 . 2011-08-26 22:33 -------- d-----w- c:\users\Public\Roaming
2011-08-26 22:33 . 2011-08-26 22:33 -------- d-----w- c:\users\Default\Roaming
2011-08-26 22:33 . 2011-08-26 22:33 -------- d-----w- c:\programdata\Intel
2011-08-26 22:32 . 2011-08-26 22:32 -------- d-----w- c:\program files (x86)\Cisco
2011-08-26 22:09 . 2011-03-25 03:29 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-08-26 22:09 . 2011-03-25 03:29 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-08-26 22:09 . 2011-03-25 03:29 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-08-26 22:09 . 2011-03-25 03:29 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-08-26 22:09 . 2011-03-25 03:29 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-08-26 22:09 . 2011-03-25 03:29 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-08-26 22:09 . 2011-03-25 03:28 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
2011-08-26 21:58 . 2011-04-28 03:55 552960 ----a-w- c:\windows\system32\drivers\bthport.sys
2011-08-26 21:58 . 2011-04-28 03:54 80384 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2011-08-26 21:58 . 2010-11-20 13:24 229376 ----a-w- c:\windows\system32\fsquirt.exe
2011-08-26 21:58 . 2011-08-27 03:30 -------- d-----w- C:\Update
2011-08-26 21:57 . 2011-03-11 06:41 1659776 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-08-26 21:57 . 2011-03-11 06:33 2565632 ----a-w- c:\windows\system32\esent.dll
2011-08-26 21:57 . 2011-03-11 05:33 1699328 ----a-w- c:\windows\SysWow64\esent.dll
2011-08-26 21:57 . 2011-03-11 06:41 189824 ----a-w- c:\windows\system32\drivers\storport.sys
2011-08-26 21:57 . 2011-03-11 06:41 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys
2011-08-26 21:57 . 2011-03-11 06:41 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys
2011-08-26 21:57 . 2011-03-11 06:41 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2011-08-26 21:57 . 2011-03-11 06:41 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys
2011-08-26 21:57 . 2011-03-11 06:41 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys
2011-08-26 21:57 . 2011-03-11 06:30 96768 ----a-w- c:\windows\system32\fsutil.exe
2011-08-26 21:57 . 2011-03-11 05:31 74240 ----a-w- c:\windows\SysWow64\fsutil.exe
2011-08-26 21:53 . 2011-08-26 21:53 -------- d-----w- c:\windows\SysWow64\Wat
2011-08-26 21:53 . 2011-08-26 21:53 -------- d-----w- c:\windows\system32\Wat
2011-08-26 21:00 . 2011-02-25 06:22 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-26 20:59 . 2011-06-11 03:07 3137536 ----a-w- c:\windows\system32\win32k.sys
2011-08-26 20:57 . 2011-06-23 05:43 5561216 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-26 20:36 . 2011-07-07 02:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-08-26 20:36 . 2011-08-26 20:36 -------- d-----w- c:\programdata\Malwarebytes
2011-08-26 20:36 . 2011-08-26 20:36 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-08-26 20:35 . 2011-08-26 20:35 -------- dc-h--w- c:\programdata\{F77EE8EF-305B-4394-A018-C1A57D2D66B5}
2011-08-26 19:08 . 2011-08-26 19:08 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2011-08-26 18:33 . 2011-08-26 18:33 -------- d-----w- c:\program files\CCleaner
2011-08-26 17:34 . 2011-08-26 18:56 174200 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2011-08-26 17:34 . 2011-08-26 18:56 -------- d-----w- c:\program files\Symantec
2011-08-26 17:34 . 2011-08-26 17:34 -------- d-----w- c:\program files\Common Files\Symantec Shared
2011-08-26 17:31 . 2011-08-26 17:31 -------- d-----w- c:\users\Public\Symantec
2011-08-26 17:30 . 2011-08-26 17:30 -------- d-----w- c:\windows\SysWow64\VAIO Startup Setting Tool
2011-08-26 17:30 . 2011-08-27 03:50 -------- d-----w- c:\users\Gil
2011-08-26 16:03 . 2011-08-26 16:03 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2011-08-26 16:02 . 2006-11-29 20:06 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll
2011-08-26 16:02 . 2006-11-29 20:06 3426072 ----a-w- c:\windows\SysWow64\d3dx9_32.dll
2011-08-26 16:02 . 2011-08-26 16:02 -------- d-----w- c:\program files (x86)\Microsoft
2011-08-26 16:01 . 2011-08-26 16:01 -------- d-----w- c:\program files (x86)\Windows Live SkyDrive
2011-08-26 16:01 . 2011-08-26 16:01 -------- d-----w- c:\windows\PCHEALTH
2011-08-26 16:00 . 2011-08-26 16:00 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
2011-08-26 15:47 . 2011-08-26 15:47 -------- d-----w- C:\VAIO Sample Contents
2011-08-26 15:33 . 2011-08-26 15:33 -------- d-----w- C:\SPLASH.000
2011-08-26 15:33 . 2011-08-26 15:33 -------- d-----w- C:\SPLASH.SYS
2011-08-26 15:33 . 2011-08-26 15:33 -------- d-----w- c:\program files (x86)\Downloaded Installations
2011-08-26 15:17 . 2011-08-26 15:17 -------- d-----w- c:\program files (x86)\MSXML 4.0
2011-08-26 15:17 . 2007-07-20 01:14 5073256 ----a-w- c:\windows\system32\d3dx9_35.dll
2011-08-26 15:12 . 2005-04-27 23:36 245408 ----a-w- c:\windows\SysWow64\unicows.dll
2011-08-26 15:12 . 2003-03-19 05:14 499712 ----a-r- c:\windows\SysWow64\msvcp71.dll
2011-08-26 15:12 . 2003-02-21 11:42 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2011-08-26 15:12 . 1995-07-31 20:44 212480 ----a-w- c:\windows\SysWow64\PCDLIB32.DLL
2011-08-26 15:12 . 2011-08-26 15:52 -------- d-----w- c:\program files (x86)\ArcSoft
2011-08-26 15:12 . 2011-08-26 15:12 -------- d-----w- c:\program files (x86)\Common Files\ArcSoft
2011-08-26 15:12 . 2009-05-26 21:32 19968 ----a-w- c:\windows\system32\drivers\ArcSoftKsUFilter.sys
2011-08-26 15:12 . 2008-09-05 00:06 55808 ----a-w- c:\windows\system\ArcSoftKsUFilter.dll
2011-08-26 15:10 . 2011-08-26 15:10 -------- d-----w- c:\program files (x86)\Evernote
2011-08-26 15:10 . 2011-08-26 15:10 -------- d-----w- c:\programdata\Evernote
2011-08-26 15:10 . 2011-08-26 15:10 -------- d-----w- C:\Documentation
2011-08-26 15:10 . 2011-08-26 15:10 -------- d-----w- C:\_FS_SWRINFO
2011-08-26 15:09 . 2008-09-25 01:17 114688 ----a-w- c:\program files (x86)\Windows Sidebar\Gadgets\eBayGadget.Gadget\Bin\eBayGadget.dll
2011-08-26 15:09 . 2008-09-25 01:17 114688 ----a-w- c:\program files\Windows Sidebar\Gadgets\eBayGadget.Gadget\Bin\eBayGadget.dll
2011-08-26 15:09 . 2011-08-27 03:28 -------- d-----w- c:\program files\Sony
2011-08-26 15:08 . 2011-08-26 22:33 -------- d-----w- c:\users\boinc_master
2011-08-26 15:06 . 2011-08-26 17:33 -------- d-----w- c:\program files (x86)\BOINC
2011-08-26 15:06 . 2011-08-26 17:33 -------- d-----w- c:\programdata\BOINC
2011-08-26 15:06 . 2011-08-26 15:06 -------- d-----w- c:\windows\Downloaded Installations
2011-08-26 15:06 . 2011-08-26 16:03 -------- d-----w- c:\program files (x86)\Windows Live
2011-08-26 14:58 . 2011-08-27 03:28 -------- d-----w- c:\program files (x86)\Sony
2011-08-26 14:57 . 2011-08-26 14:57 -------- d-----w- c:\program files (x86)\Common Files\Skype
2011-08-26 14:57 . 2011-08-26 14:57 -------- d-----r- c:\program files (x86)\Skype
2011-08-26 14:57 . 2011-08-26 14:57 -------- d-----w- c:\programdata\Skype
2011-08-26 14:56 . 2011-08-26 14:56 -------- d---a-w- c:\program files\Shutterfly
2011-08-26 14:54 . 2011-08-26 14:54 -------- d-----w- c:\program files\PlayReady
2011-08-26 14:52 . 2011-08-26 14:52 -------- d---a-w- C:\Nobu_Icon
2011-08-26 14:50 . 2011-08-26 19:00 -------- d-----w- c:\windows\system32\drivers\NISx64
2011-08-26 14:50 . 2011-08-26 20:38 -------- d-----w- c:\programdata\Norton
2011-08-26 14:50 . 2011-08-26 14:50 -------- d-----w- c:\program files (x86)\Norton Internet Security
2011-08-26 14:50 . 2011-08-26 14:50 -------- d-----w- c:\program files (x86)\NortonInstaller
2011-08-26 14:44 . 2011-08-26 14:44 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-08-26 14:44 . 2011-08-26 14:44 411368 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-08-26 14:44 . 2011-08-26 14:44 -------- d-----w- c:\program files (x86)\Java
2011-08-26 14:42 . 2011-08-26 14:42 455680 ----a-w- c:\windows\system32\deployJava1.dll
2011-08-26 14:42 . 2011-08-26 14:42 -------- d-----w- c:\program files\Java
2011-08-26 14:40 . 2011-08-26 14:40 -------- d-----w- c:\program files (x86)\Common Files\Intel Corporation
2011-08-26 14:40 . 2011-08-26 14:40 -------- d-----w- c:\program files (x86)\Intel Corporation
2011-08-26 14:37 . 2011-08-26 14:37 -------- d-----w- c:\programdata\Partner
2011-08-26 14:37 . 2011-08-26 14:37 -------- d-----w- c:\program files\Google
2011-08-26 14:37 . 2011-08-26 14:37 -------- d-----w- c:\program files (x86)\Google
2011-08-26 14:36 . 2011-08-26 15:56 -------- d-----w- c:\windows\Sonysys
2011-08-26 14:34 . 2011-08-26 14:34 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2011-08-26 14:33 . 2011-08-26 14:33 -------- d-----w- c:\windows\SysWow64\Macromed
2011-08-26 14:32 . 2011-08-26 14:32 -------- d-----w- c:\program files (x86)\AccuWeather.com Cirrus
2011-08-26 14:30 . 2011-08-26 14:30 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2011-08-26 14:29 . 2011-08-26 15:13 -------- d-----w- c:\program files (x86)\Common Files\Sony Shared
2011-08-26 14:29 . 2011-08-26 15:13 -------- d-----w- c:\program files\Common Files\Sony Shared
2011-08-26 14:21 . 2011-08-26 14:21 -------- d-----w- c:\program files\Intel
2011-08-26 14:21 . 2011-08-26 14:21 -------- d-----w- c:\program files\Apoint
2011-08-26 14:19 . 2011-08-26 14:19 -------- d-----w- c:\program files (x86)\Common Files\postureAgent
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-26 23:46 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-08-26 23:46 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-08-26 15:07 . 2011-08-26 15:07 2560 ----a-w- c:\windows\SysWow64\drivers\en-US\qwavedrv.sys.mui
2011-08-26 15:07 . 2011-08-26 15:07 25600 ----a-w- c:\windows\SysWow64\drivers\en-US\bfe.dll.mui
2011-08-26 15:07 . 2011-08-26 15:07 15360 ----a-w- c:\windows\SysWow64\drivers\en-US\pacer.sys.mui
2011-08-26 15:06 . 2011-08-26 15:06 2560 ----a-w- c:\windows\SysWow64\drivers\en-US\scfilter.sys.mui
2011-08-26 15:06 . 2011-08-26 15:06 5632 ----a-w- c:\windows\SysWow64\drivers\en-US\ndiscap.sys.mui
2011-08-26 15:06 . 2011-08-26 15:06 44032 ----a-w- c:\windows\SysWow64\drivers\en-US\tcpip.sys.mui
2011-07-16 04:26 . 2011-08-26 20:57 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-28_15.17.21 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2011-08-27 13:52 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-08-29 19:46 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-08-27 13:52 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-08-29 19:46 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-08-27 13:52 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-08-29 19:46 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-07-12 20:27 . 2011-08-29 19:46 36324 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-08-29 19:46 32816 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-08-26 14:16 . 2011-08-30 01:53 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-08-26 14:16 . 2011-08-28 14:09 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-08-26 14:16 . 2011-08-30 01:53 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-08-26 14:16 . 2011-08-28 14:09 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-08-30 01:53 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-08-28 14:09 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-08-29 19:46 . 2011-08-29 19:46 25088 c:\windows\Installer\365f9.msi
+ 2011-08-26 20:22 . 2011-08-29 01:28 3726 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2241695237-3467037152-784942140-1005_UserData.bin
- 2011-08-28 14:02 . 2011-08-28 14:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-08-29 19:42 . 2011-08-29 19:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-08-29 19:42 . 2011-08-29 19:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-08-28 14:02 . 2011-08-28 14:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-08-27 02:26 . 2011-08-30 04:24 206768 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2011-08-29 19:48 615360 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-08-28 14:08 615360 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-08-29 19:48 103702 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-08-28 14:08 103702 c:\windows\system32\perfc009.dat
+ 2011-08-29 01:25 . 2011-08-29 01:26 299408 c:\windows\system32\FNTCACHE.DAT
- 2011-08-27 22:34 . 2011-08-27 22:34 299408 c:\windows\system32\FNTCACHE.DAT
+ 2011-08-26 14:27 . 2011-08-29 14:14 689448 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-08-26 14:27 . 2011-08-28 03:45 689448 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-07-14 05:01 . 2011-08-29 14:14 254900 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-08-28 03:45 254900 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-08-26 18:57 . 2011-08-29 14:14 1519856 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2241695237-3467037152-784942140-1005-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2011-08-26 14:37 433648 ----a-w- c:\programdata\Partner\Partner.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"SmartWiHelper"="c:\program files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" [2010-07-15 89080]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2010-06-01 673136]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-06-01 600928]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-26 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-26 136176]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-07-20 340240]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
R3 Partner Service;Partner Service;c:\programdata\Partner\Partner.exe [2011-08-26 332272]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-06-21 108400]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-06-18 423280]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-06-21 67952]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-06-09 537456]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-06-09 384880]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-06-09 101232]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20110812.001\BHDrvx64.sys [2011-08-13 1151096]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20110828.030\IDSvia64.sys [2011-08-25 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1206000.01D\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe [2011-04-17 130008]
S2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe [2011-03-14 47616]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-06-01 367456]
S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [x]
S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys [x]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2010-05-25 252416]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-05-28 2320920]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2010-06-22 575856]
S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-06-17 851824]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-08-26 136824]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [x]
S3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2010-06-07 304496]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe [2011-04-20 1021840]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-26 14:37]
.
2011-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-26 14:37]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2011-08-26 14:37 750064 ----a-w- c:\programdata\Partner\Partner64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-05-31 10775584]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-05-31 2040352]
"Apoint"="c:\program files (x86)\Apoint\Apoint.exe" [BU]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-07-20 1931024]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
TCP: DhcpNameServer = 205.171.3.25 205.171.2.25
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=2000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-08-29 21:49:03
ComboFix-quarantined-files.txt 2011-08-30 04:48
ComboFix2.txt 2011-08-28 17:34
ComboFix3.txt 2011-08-28 15:35
.
Pre-Run: 447,444,492,288 bytes free
Post-Run: 451,048,468,480 bytes free
.
- - End Of File - - 5847ED6BACF69728294D9C6A58AEE65D

Broni · Aug 30, 2011

Download TDSSKiller and save it to your desktop.

Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

Gil · Aug 30, 2011

2011/08/30 18:16:04.0268 6364 TDSS rootkit removing tool 2.5.17.0 Aug 22 2011 15:46:57
2011/08/30 18:16:04.0845 6364 ================================================================================
2011/08/30 18:16:04.0845 6364 SystemInfo:
2011/08/30 18:16:04.0845 6364
2011/08/30 18:16:04.0845 6364 OS Version: 6.1.7601 ServicePack: 1.0
2011/08/30 18:16:04.0845 6364 Product type: Workstation
2011/08/30 18:16:04.0845 6364 ComputerName: GIL-VAIO
2011/08/30 18:16:04.0845 6364 UserName: Gil
2011/08/30 18:16:04.0845 6364 Windows directory: C:\Windows
2011/08/30 18:16:04.0845 6364 System windows directory: C:\Windows
2011/08/30 18:16:04.0845 6364 Running under WOW64
2011/08/30 18:16:04.0845 6364 Processor architecture: Intel x64
2011/08/30 18:16:04.0845 6364 Number of processors: 4
2011/08/30 18:16:04.0845 6364 Page size: 0x1000
2011/08/30 18:16:04.0845 6364 Boot type: Normal boot
2011/08/30 18:16:04.0845 6364 ================================================================================
2011/08/30 18:16:05.0360 6364 Initialize success
2011/08/30 18:16:10.0133 5620 ================================================================================
2011/08/30 18:16:10.0133 5620 Scan started
2011/08/30 18:16:10.0133 5620 Mode: Manual;
2011/08/30 18:16:10.0133 5620 ================================================================================
2011/08/30 18:16:11.0428 5620 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
2011/08/30 18:16:11.0553 5620 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
2011/08/30 18:16:11.0662 5620 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
2011/08/30 18:16:11.0802 5620 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
2011/08/30 18:16:11.0958 5620 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
2011/08/30 18:16:12.0114 5620 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
2011/08/30 18:16:12.0270 5620 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
2011/08/30 18:16:12.0380 5620 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
2011/08/30 18:16:12.0520 5620 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
2011/08/30 18:16:12.0598 5620 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
2011/08/30 18:16:12.0660 5620 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
2011/08/30 18:16:12.0801 5620 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
2011/08/30 18:16:12.0926 5620 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
2011/08/30 18:16:13.0035 5620 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
2011/08/30 18:16:13.0160 5620 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
2011/08/30 18:16:13.0206 5620 ApfiltrService (2d45f2dfbc3d8f53df7ebeffa8c9bc38) C:\Windows\system32\DRIVERS\Apfiltr.sys
2011/08/30 18:16:13.0300 5620 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
2011/08/30 18:16:13.0472 5620 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
2011/08/30 18:16:13.0628 5620 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
2011/08/30 18:16:13.0690 5620 ArcSoftKsUFilter (c130bc4a51b1382b2be8e44579ec4c0a) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
2011/08/30 18:16:13.0737 5620 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/08/30 18:16:13.0893 5620 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
2011/08/30 18:16:13.0971 5620 athr (cca705cdf038d5bc243203ce4416b345) C:\Windows\system32\DRIVERS\athrx.sys
2011/08/30 18:16:14.0267 5620 atikmdag (eaea2ce49de0cca80beb9134107e5dd7) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/08/30 18:16:14.0688 5620 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
2011/08/30 18:16:14.0751 5620 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/08/30 18:16:14.0813 5620 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/08/30 18:16:14.0969 5620 BHDrvx64 (c823adeedd3ae6f3db52b6152e5789cf) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20110812.001\BHDrvx64.sys
2011/08/30 18:16:15.0094 5620 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
2011/08/30 18:16:15.0125 5620 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
2011/08/30 18:16:15.0219 5620 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
2011/08/30 18:16:15.0266 5620 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
2011/08/30 18:16:15.0297 5620 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/08/30 18:16:15.0328 5620 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/08/30 18:16:15.0344 5620 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/08/30 18:16:15.0390 5620 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/08/30 18:16:15.0437 5620 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
2011/08/30 18:16:15.0484 5620 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
2011/08/30 18:16:15.0531 5620 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
2011/08/30 18:16:15.0578 5620 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
2011/08/30 18:16:15.0702 5620 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
2011/08/30 18:16:15.0765 5620 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/08/30 18:16:15.0827 5620 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
2011/08/30 18:16:15.0890 5620 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
2011/08/30 18:16:15.0936 5620 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/08/30 18:16:16.0014 5620 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
2011/08/30 18:16:16.0046 5620 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
2011/08/30 18:16:16.0108 5620 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
2011/08/30 18:16:16.0155 5620 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
2011/08/30 18:16:16.0202 5620 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
2011/08/30 18:16:16.0248 5620 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
2011/08/30 18:16:16.0326 5620 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
2011/08/30 18:16:16.0373 5620 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/08/30 18:16:16.0420 5620 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
2011/08/30 18:16:16.0482 5620 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/08/30 18:16:16.0545 5620 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
2011/08/30 18:16:16.0654 5620 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
2011/08/30 18:16:16.0857 5620 eeCtrl (5e3a50930447f464c66032e05a4632f5) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
2011/08/30 18:16:16.0982 5620 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
2011/08/30 18:16:17.0091 5620 EraserUtilRebootDrv (dcb76ecc6b50a266fdc16e1963ab98ce) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/08/30 18:16:17.0200 5620 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
2011/08/30 18:16:17.0309 5620 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/08/30 18:16:17.0403 5620 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/08/30 18:16:17.0450 5620 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
2011/08/30 18:16:17.0496 5620 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/08/30 18:16:17.0528 5620 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/08/30 18:16:17.0621 5620 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
2011/08/30 18:16:17.0715 5620 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
2011/08/30 18:16:17.0777 5620 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/08/30 18:16:17.0808 5620 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/08/30 18:16:17.0840 5620 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/08/30 18:16:17.0933 5620 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
2011/08/30 18:16:18.0042 5620 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/08/30 18:16:18.0089 5620 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
2011/08/30 18:16:18.0136 5620 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
2011/08/30 18:16:18.0152 5620 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
2011/08/30 18:16:18.0261 5620 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
2011/08/30 18:16:18.0308 5620 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
2011/08/30 18:16:18.0339 5620 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
2011/08/30 18:16:18.0386 5620 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
2011/08/30 18:16:18.0448 5620 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
2011/08/30 18:16:18.0510 5620 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
2011/08/30 18:16:18.0542 5620 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
2011/08/30 18:16:18.0573 5620 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
2011/08/30 18:16:18.0682 5620 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\drivers\iaStor.sys
2011/08/30 18:16:18.0744 5620 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
2011/08/30 18:16:18.0947 5620 IDSVia64 (0b97f1a640ad3d159a7b5d2164c42e50) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20110828.030\IDSvia64.sys
2011/08/30 18:16:19.0259 5620 igfx (31569a2e836c12014148bf7342716946) C:\Windows\system32\DRIVERS\igdkmd64.sys
2011/08/30 18:16:19.0556 5620 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
2011/08/30 18:16:19.0634 5620 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
2011/08/30 18:16:19.0712 5620 IntcAzAudAddService (526e482afb586cb1cdd687869decf686) C:\Windows\system32\drivers\RTKVHD64.sys
2011/08/30 18:16:19.0790 5620 IntcDAud (03c74719d48056a1078f3a51ceb76baa) C:\Windows\system32\DRIVERS\IntcDAud.sys
2011/08/30 18:16:19.0836 5620 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
2011/08/30 18:16:19.0883 5620 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/08/30 18:16:19.0914 5620 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/08/30 18:16:20.0008 5620 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
2011/08/30 18:16:20.0086 5620 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/08/30 18:16:20.0148 5620 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/08/30 18:16:20.0211 5620 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
2011/08/30 18:16:20.0273 5620 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
2011/08/30 18:16:20.0320 5620 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
2011/08/30 18:16:20.0367 5620 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
2011/08/30 18:16:20.0445 5620 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
2011/08/30 18:16:20.0492 5620 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
2011/08/30 18:16:20.0538 5620 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/08/30 18:16:20.0601 5620 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/08/30 18:16:20.0632 5620 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
2011/08/30 18:16:20.0663 5620 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
2011/08/30 18:16:20.0710 5620 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
2011/08/30 18:16:20.0741 5620 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
2011/08/30 18:16:20.0788 5620 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/08/30 18:16:20.0819 5620 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
2011/08/30 18:16:20.0866 5620 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
2011/08/30 18:16:20.0897 5620 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/08/30 18:16:20.0944 5620 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/08/30 18:16:20.0975 5620 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
2011/08/30 18:16:21.0053 5620 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\drivers\mouhid.sys
2011/08/30 18:16:21.0116 5620 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
2011/08/30 18:16:21.0162 5620 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
2011/08/30 18:16:21.0225 5620 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/08/30 18:16:21.0272 5620 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
2011/08/30 18:16:21.0350 5620 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/08/30 18:16:21.0365 5620 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/08/30 18:16:21.0412 5620 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/08/30 18:16:21.0443 5620 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
2011/08/30 18:16:21.0506 5620 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
2011/08/30 18:16:21.0599 5620 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/08/30 18:16:21.0630 5620 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/08/30 18:16:21.0740 5620 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
2011/08/30 18:16:21.0802 5620 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/08/30 18:16:21.0833 5620 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/08/30 18:16:21.0880 5620 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/08/30 18:16:21.0927 5620 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
2011/08/30 18:16:21.0974 5620 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
2011/08/30 18:16:22.0005 5620 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/08/30 18:16:22.0036 5620 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
2011/08/30 18:16:22.0083 5620 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/08/30 18:16:22.0114 5620 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/08/30 18:16:22.0223 5620 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20110830.001\ENG64.SYS
2011/08/30 18:16:22.0410 5620 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20110830.001\EX64.SYS
2011/08/30 18:16:22.0535 5620 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
2011/08/30 18:16:22.0582 5620 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/08/30 18:16:22.0613 5620 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/08/30 18:16:22.0660 5620 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/08/30 18:16:22.0691 5620 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/08/30 18:16:22.0722 5620 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
2011/08/30 18:16:22.0754 5620 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/08/30 18:16:22.0800 5620 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
2011/08/30 18:16:22.0988 5620 NETw5s64 (18555f48844c2861d9dce8f2b7223ae5) C:\Windows\system32\DRIVERS\NETw5s64.sys
2011/08/30 18:16:23.0456 5620 NETwNs64 (eb43840babf5589e33186d094de7381d) C:\Windows\system32\DRIVERS\NETwNs64.sys
2011/08/30 18:16:23.0721 5620 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
2011/08/30 18:16:23.0799 5620 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/08/30 18:16:23.0814 5620 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/08/30 18:16:23.0892 5620 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
2011/08/30 18:16:24.0017 5620 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/08/30 18:16:24.0064 5620 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
2011/08/30 18:16:24.0142 5620 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
2011/08/30 18:16:24.0204 5620 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
2011/08/30 18:16:24.0251 5620 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
2011/08/30 18:16:24.0314 5620 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
2011/08/30 18:16:24.0423 5620 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
2011/08/30 18:16:24.0470 5620 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
2011/08/30 18:16:24.0548 5620 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
2011/08/30 18:16:24.0626 5620 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
2011/08/30 18:16:24.0719 5620 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/08/30 18:16:24.0750 5620 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/08/30 18:16:24.0860 5620 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
2011/08/30 18:16:24.0906 5620 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
2011/08/30 18:16:25.0000 5620 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
2011/08/30 18:16:25.0062 5620 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
2011/08/30 18:16:25.0203 5620 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
2011/08/30 18:16:25.0265 5620 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/08/30 18:16:25.0296 5620 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/08/30 18:16:25.0359 5620 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/08/30 18:16:25.0390 5620 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/08/30 18:16:25.0421 5620 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/08/30 18:16:25.0437 5620 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/08/30 18:16:25.0484 5620 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
2011/08/30 18:16:25.0530 5620 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
2011/08/30 18:16:25.0577 5620 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/08/30 18:16:25.0593 5620 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/08/30 18:16:25.0608 5620 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/08/30 18:16:25.0655 5620 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
2011/08/30 18:16:25.0718 5620 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
2011/08/30 18:16:25.0780 5620 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/08/30 18:16:25.0827 5620 rimspci (fa6abc06b629da29634d31f1fe0347bd) C:\Windows\system32\drivers\rimssne64.sys
2011/08/30 18:16:25.0842 5620 risdsnpe (8f8539a7f5c117d4407b2985995671f2) C:\Windows\system32\drivers\risdsne64.sys
2011/08/30 18:16:25.0952 5620 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/08/30 18:16:26.0014 5620 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
2011/08/30 18:16:26.0092 5620 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
2011/08/30 18:16:26.0154 5620 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
2011/08/30 18:16:26.0186 5620 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/08/30 18:16:26.0248 5620 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
2011/08/30 18:16:26.0279 5620 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
2011/08/30 18:16:26.0342 5620 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
2011/08/30 18:16:26.0404 5620 SFEP (286d3889e6ab5589646ff8a63cb928ae) C:\Windows\system32\DRIVERS\SFEP.sys
2011/08/30 18:16:26.0451 5620 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
2011/08/30 18:16:26.0513 5620 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
2011/08/30 18:16:26.0544 5620 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
2011/08/30 18:16:26.0591 5620 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
2011/08/30 18:16:26.0700 5620 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
2011/08/30 18:16:26.0747 5620 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
2011/08/30 18:16:26.0778 5620 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/08/30 18:16:26.0841 5620 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/08/30 18:16:26.0950 5620 SRTSP (90ef30c3867bcde4579c01a6d6e75a7a) C:\Windows\System32\Drivers\NISx64\1206000.01D\SRTSP64.SYS
2011/08/30 18:16:27.0075 5620 SRTSPX (c513e8a5e7978da49077f5484344ee1b) C:\Windows\system32\drivers\NISx64\1206000.01D\SRTSPX64.SYS
2011/08/30 18:16:27.0184 5620 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
2011/08/30 18:16:27.0231 5620 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
2011/08/30 18:16:27.0262 5620 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
2011/08/30 18:16:27.0309 5620 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
2011/08/30 18:16:27.0371 5620 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
2011/08/30 18:16:27.0449 5620 SymDS (6160145c7a87fc7672e8e3b886888176) C:\Windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS
2011/08/30 18:16:27.0605 5620 SymEFA (96aeed40d4d3521568b42027687e69e0) C:\Windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS
2011/08/30 18:16:27.0730 5620 SymEvent (21a1c2d694c3cf962d31f5e873ab3d6f) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2011/08/30 18:16:27.0808 5620 SymIRON (bd0d711d8cbfcaa19ca123306eaf53a5) C:\Windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS
2011/08/30 18:16:27.0933 5620 SymNetS (a6adb3d83023f8daa0f7b6fda785d83b) C:\Windows\System32\Drivers\NISx64\1206000.01D\SYMNETS.SYS
2011/08/30 18:16:28.0089 5620 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys
2011/08/30 18:16:28.0292 5620 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys
2011/08/30 18:16:28.0338 5620 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
2011/08/30 18:16:28.0370 5620 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/08/30 18:16:28.0416 5620 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/08/30 18:16:28.0463 5620 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
2011/08/30 18:16:28.0510 5620 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
2011/08/30 18:16:28.0572 5620 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/08/30 18:16:28.0619 5620 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
2011/08/30 18:16:28.0682 5620 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
2011/08/30 18:16:28.0713 5620 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
2011/08/30 18:16:28.0806 5620 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
2011/08/30 18:16:28.0884 5620 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
2011/08/30 18:16:28.0931 5620 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
2011/08/30 18:16:28.0978 5620 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
2011/08/30 18:16:29.0103 5620 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
2011/08/30 18:16:29.0150 5620 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/08/30 18:16:29.0228 5620 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
2011/08/30 18:16:29.0274 5620 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
2011/08/30 18:16:29.0306 5620 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
2011/08/30 18:16:29.0415 5620 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
2011/08/30 18:16:29.0477 5620 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
2011/08/30 18:16:29.0508 5620 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/08/30 18:16:29.0540 5620 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
2011/08/30 18:16:29.0586 5620 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
2011/08/30 18:16:29.0664 5620 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
2011/08/30 18:16:29.0696 5620 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/08/30 18:16:29.0727 5620 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/08/30 18:16:29.0774 5620 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
2011/08/30 18:16:29.0820 5620 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
2011/08/30 18:16:29.0883 5620 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
2011/08/30 18:16:29.0914 5620 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
2011/08/30 18:16:29.0961 5620 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
2011/08/30 18:16:29.0992 5620 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
2011/08/30 18:16:30.0039 5620 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/08/30 18:16:30.0070 5620 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/08/30 18:16:30.0101 5620 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
2011/08/30 18:16:30.0132 5620 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
2011/08/30 18:16:30.0179 5620 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/30 18:16:30.0195 5620 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/30 18:16:30.0226 5620 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
2011/08/30 18:16:30.0273 5620 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/08/30 18:16:30.0320 5620 wdkmd (5b34e5938b9e76798977725e3f7847c4) C:\Windows\system32\DRIVERS\WDKMD.sys
2011/08/30 18:16:30.0366 5620 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/08/30 18:16:30.0398 5620 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/08/30 18:16:30.0476 5620 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
2011/08/30 18:16:30.0538 5620 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/08/30 18:16:30.0616 5620 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
2011/08/30 18:16:30.0741 5620 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/08/30 18:16:30.0819 5620 yukonw7 (5250193ef8e173aa7491250f00eb367f) C:\Windows\system32\DRIVERS\yk62x64.sys
2011/08/30 18:16:30.0866 5620 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/08/30 18:16:30.0897 5620 Boot (0x1200) (a3399f2283dc393e491f07fe5edce472) \Device\Harddisk0\DR0\Partition0
2011/08/30 18:16:30.0912 5620 Boot (0x1200) (d068a954fd7c10c3879566344970f87e) \Device\Harddisk0\DR0\Partition1
2011/08/30 18:16:30.0928 5620 ================================================================================
2011/08/30 18:16:30.0928 5620 Scan finished
2011/08/30 18:16:30.0928 5620 ================================================================================
2011/08/30 18:16:30.0928 1132 Detected object count: 0
2011/08/30 18:16:30.0928 1132 Actual detected object count: 0

Broni · Aug 30, 2011

Are you still getting redirected?

Delete your aswMBR file, download fresh one and post new log.

Gil · Aug 30, 2011

Broni, I'm still getting redirected

. I deleted and re-downloaded aswMBR. Here's the log you requested.

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-08-30 20:18:51
-----------------------------
20:18:51.281 OS Version: Windows x64 6.1.7601 Service Pack 1
20:18:51.281 Number of processors: 4 586 0x2505
20:18:51.281 ComputerName: GIL-VAIO UserName: Gil
20:18:54.432 Initialize success
20:18:58.410 AVAST engine defs: 11083002
20:20:50.262 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:20:50.262 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
20:20:50.309 Disk 0 MBR read successfully
20:20:50.309 Disk 0 MBR scan
20:20:50.325 Disk 0 MBR:Alureon-I [Rtk]
20:20:50.325 Disk 0 TDL4@MBR code has been found
20:20:50.325 Disk 0 Windows 7 default MBR code found via API
20:20:50.340 Disk 0 MBR hidden
20:20:50.340 Disk 0 MBR [TDL4] **ROOTKIT**
20:20:50.340 Disk 0 trace - called modules:
20:20:50.356 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa800639b254]<<
20:20:50.356 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006387790]
20:20:50.372 3 CLASSPNP.SYS[fffff88001a1743f] -> nt!IofCallDriver -> [0xfffffa800356e320]
20:20:50.372 5 ACPI.sys[fffff88000f6b7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004351050]
20:20:50.387 \Driver\iaStor[0xfffffa800430d760] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa800639b254
20:20:53.492 AVAST engine scan C:\Windows
20:20:58.468 AVAST engine scan C:\Windows\system32
20:23:00.164 AVAST engine scan C:\Windows\system32\drivers
20:23:21.630 AVAST engine scan C:\Users\Gil
20:25:09.145 AVAST engine scan C:\ProgramData
20:26:18.643 Scan finished successfully
20:27:34.054 Disk 0 MBR has been saved successfully to "C:\Users\Gil\Desktop\MBR.dat"
20:27:34.054 The log file has been saved successfully to "C:\Users\Gil\Desktop\aswMBR.txt"

Broni · Aug 30, 2011

Re-run aswMBR

Click Scan
On completion of the scan, click the FIX button,
There is a slight pause after clicking the 'Fix' button.
Wait for the tool to report 'Infection fixed successfully', now reboot the machine.
Rebooting the machine prematurely, before seeing this line will result in an incomplete fix.
- Note: After the 'Infection fixed successfully' message appears, the machine may became unresponsive. You may have to do a hard boot of your machine. That may be a side effect from the fix. All will be well after the reboot.
Save the log as before and post in your next reply.

Gil · Aug 31, 2011

i have not gotten 'Infection fixed successfully' message. The computer keeps restarting automatically and the startup repair window appears. It has been scanning since last post. what should I do?

Broni · Aug 31, 2011

Please Boot to the System Recovery Options
If you have Windows 7 installation disc, just insert a DVD to the drive, restart computer and it should load automatically (option two presented in the article).
It's possible also that your computer has a pre-installed recovery partition instead - in such a case use a method one (by pressing F8 before Windows starts loading)...

On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

Choose Command Prompt
You should see X:\SOURCES>...

Execute the following commands in bold.
Press Enter after every one of them.

bootrec /fixmbr (<--- there is a "space" after "bootrec")

exit

Gil · Sep 1, 2011

Broni, here is the log.

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-09-01 05:03:44
-----------------------------
05:03:44.529 OS Version: Windows x64 6.1.7600
05:03:44.529 Number of processors: 4 586 0x2505
05:03:44.529 ComputerName: GIL-VAIO UserName: Gil
05:03:46.011 Initialize success
05:08:28.202 AVAST engine defs: 11090100
05:08:53.193 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
05:08:53.193 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
05:08:53.209 Disk 0 MBR read successfully
05:08:53.209 Disk 0 MBR scan
05:08:53.224 Disk 0 MBR:Alureon-I [Rtk]
05:08:53.224 Disk 0 TDL4@MBR code has been found
05:08:53.224 Disk 0 Windows 7 default MBR code found via API
05:08:53.224 Disk 0 MBR hidden
05:08:53.224 Disk 0 MBR [TDL4] **ROOTKIT**
05:08:53.240 Disk 0 trace - called modules:
05:08:53.240 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80063ba254]<<
05:08:53.240 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80063a6790]
05:08:53.240 3 CLASSPNP.SYS[fffff8800108743f] -> nt!IofCallDriver -> [0xfffffa8004368400]
05:08:53.755 5 ACPI.sys[fffff88000f87781] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004369050]
05:08:53.755 \Driver\iaStor[0xfffffa800432c730] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa80063ba254
05:08:55.393 AVAST engine scan C:\Windows
05:08:58.014 AVAST engine scan C:\Windows\system32
05:10:09.555 AVAST engine scan C:\Windows\system32\drivers
05:10:17.948 AVAST engine scan C:\Users\Gil
05:10:43.470 AVAST engine scan C:\ProgramData
05:11:37.680 Scan finished successfully
05:12:36.820 Disk 0 MBR has been saved successfully to "C:\Users\Gil\Desktop\MBR.dat"
05:12:36.820 The log file has been saved successfully to "C:\Users\Gil\Desktop\aswMBR.txt"

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-09-01 05:31:22
-----------------------------
05:31:22.124 OS Version: Windows x64 6.1.7600
05:31:22.124 Number of processors: 4 586 0x2505
05:31:22.126 ComputerName: GIL-VAIO UserName: Gil
05:31:23.523 Initialize success
05:31:28.978 AVAST engine defs: 11090100
05:31:44.122 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
05:31:44.126 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
05:31:44.143 Disk 0 MBR read successfully
05:31:44.146 Disk 0 MBR scan
05:31:44.153 Disk 0 Windows 7 default MBR code
05:31:44.158 Service scanning
05:31:46.031 Modules scanning
05:31:46.038 Disk 0 trace - called modules:
05:31:46.075 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
05:31:46.083 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800461a790]
05:31:46.090 3 CLASSPNP.SYS[fffff8800100143f] -> nt!IofCallDriver -> [0xfffffa800433aa90]
05:31:46.098 5 ACPI.sys[fffff88000fa1781] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800433f050]
05:31:47.381 AVAST engine scan C:\Windows
05:31:51.374 AVAST engine scan C:\Windows\system32
05:33:16.548 AVAST engine scan C:\Windows\system32\drivers
05:33:24.182 AVAST engine scan C:\Users\Gil
05:33:47.137 AVAST engine scan C:\ProgramData
05:34:40.324 Scan finished successfully
05:35:13.670 Disk 0 MBR has been saved successfully to "C:\Users\Gil\Desktop\MBR.dat"
05:35:13.692 The log file has been saved successfully to "C:\Users\Gil\Desktop\aswMBR.txt"

Broni · Sep 1, 2011

Good job

How is redirection?

Post new Combofix log.

Gil · Sep 1, 2011

No redirections so far

Here's the ComboFix Log.

ComboFix 11-09-01.03 - Gil 09/01/2011 18:15:05.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3758.2107 [GMT -7:00]
Running from: c:\users\Gil\Downloads\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\mfc100deu.dll
E:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-08-02 to 2011-09-02 )))))))))))))))))))))))))))))))
.
.
2011-09-02 01:19 . 2011-09-02 01:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-01 20:26 . 2011-09-01 20:26 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2011-09-01 11:57 . 2011-09-01 11:57 -------- dc-h--w- c:\programdata\{F77EE8EF-305B-4394-A018-C1A57D2D66B5}
2011-09-01 11:13 . 2011-09-01 11:37 174200 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2011-09-01 11:13 . 2011-09-01 11:37 -------- d-----w- c:\program files\Symantec
2011-09-01 11:13 . 2011-09-01 11:13 -------- d-----w- c:\program files\Common Files\Symantec Shared
2011-09-01 11:09 . 2011-09-01 11:09 -------- d-----w- c:\users\Public\Symantec
2011-09-01 11:09 . 2011-09-01 11:09 -------- d-----w- c:\windows\SysWow64\VAIO Startup Setting Tool
2011-09-01 11:09 . 2011-09-01 11:13 -------- d-----w- c:\users\Gil
2011-09-01 10:45 . 2011-09-01 10:45 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2011-09-01 10:44 . 2006-11-29 20:06 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll
2011-09-01 10:44 . 2006-11-29 20:06 3426072 ----a-w- c:\windows\SysWow64\d3dx9_32.dll
2011-09-01 10:44 . 2011-09-01 10:44 -------- d-----w- c:\program files (x86)\Microsoft
2011-09-01 10:43 . 2011-09-01 10:43 -------- d-----w- c:\program files (x86)\Windows Live SkyDrive
2011-09-01 10:43 . 2011-09-01 10:43 -------- d-----w- c:\windows\PCHEALTH
2011-09-01 10:42 . 2011-09-01 10:42 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
2011-09-01 10:28 . 2011-09-01 10:28 -------- d-----w- C:\VAIO Sample Contents
2011-09-01 10:14 . 2011-09-01 10:14 -------- d-----w- C:\SPLASH.000
2011-09-01 10:14 . 2011-09-01 10:14 -------- d-----w- C:\SPLASH.SYS
2011-09-01 10:13 . 2011-09-01 10:13 -------- d-----w- c:\program files (x86)\Downloaded Installations
2011-09-01 09:56 . 2011-09-01 09:56 -------- d-----w- c:\program files (x86)\MSXML 4.0
2011-09-01 09:56 . 2007-07-20 01:14 5073256 ----a-w- c:\windows\system32\d3dx9_35.dll
2011-09-01 09:52 . 2009-09-05 00:44 73544 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2011-09-01 09:52 . 2009-09-05 00:44 69464 ----a-w- c:\windows\SysWow64\XAPOFX1_3.dll
2011-09-01 09:52 . 2009-09-05 00:44 517960 ----a-w- c:\windows\system32\XAudio2_5.dll
2011-09-01 09:52 . 2009-09-05 00:44 515416 ----a-w- c:\windows\SysWow64\XAudio2_5.dll
2011-09-01 09:51 . 2009-09-05 00:44 238936 ----a-w- c:\windows\SysWow64\xactengine3_5.dll
2011-09-01 09:51 . 2009-09-05 00:44 176968 ----a-w- c:\windows\system32\xactengine3_5.dll
2011-09-01 09:51 . 2009-09-05 00:29 1974616 ----a-w- c:\windows\SysWow64\D3DCompiler_42.dll
2011-09-01 09:51 . 2009-09-05 00:29 2582888 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2011-09-01 09:51 . 2009-09-05 00:29 5501792 ----a-w- c:\windows\SysWow64\d3dcsx_42.dll
2011-09-01 09:51 . 2009-09-05 00:29 5554512 ----a-w- c:\windows\system32\d3dcsx_42.dll
2011-09-01 09:51 . 2009-09-05 00:29 235344 ----a-w- c:\windows\SysWow64\d3dx11_42.dll
2011-09-01 09:51 . 2009-09-05 00:29 285024 ----a-w- c:\windows\system32\d3dx11_42.dll
2011-09-01 09:51 . 2009-09-05 00:29 453456 ----a-w- c:\windows\SysWow64\d3dx10_42.dll
2011-09-01 09:51 . 2009-09-05 00:29 523088 ----a-w- c:\windows\system32\d3dx10_42.dll
2011-09-01 09:51 . 2009-09-05 00:29 1892184 ----a-w- c:\windows\SysWow64\D3DX9_42.dll
2011-09-01 09:51 . 2009-09-05 00:29 2475352 ----a-w- c:\windows\system32\D3DX9_42.dll
2011-09-01 09:49 . 2005-04-27 23:36 245408 ----a-w- c:\windows\SysWow64\unicows.dll
2011-09-01 09:49 . 2003-03-19 05:14 499712 ----a-r- c:\windows\SysWow64\msvcp71.dll
2011-09-01 09:49 . 2003-02-21 11:42 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2011-09-01 09:49 . 2009-05-26 21:32 19968 ----a-w- c:\windows\system32\drivers\ArcSoftKsUFilter.sys
2011-09-01 09:49 . 2008-09-05 00:06 55808 ----a-w- c:\windows\system\ArcSoftKsUFilter.dll
2011-09-01 09:49 . 1995-07-31 20:44 212480 ----a-w- c:\windows\SysWow64\PCDLIB32.DLL
2011-09-01 09:49 . 2011-09-01 10:33 -------- d-----w- c:\program files (x86)\ArcSoft
2011-09-01 09:49 . 2011-09-01 09:49 -------- d-----w- c:\program files (x86)\Common Files\ArcSoft
2011-09-01 09:48 . 2011-09-01 11:12 -------- d-----w- c:\program files\Sony
2011-09-01 09:47 . 2011-09-01 09:47 -------- d-----w- c:\program files (x86)\Evernote
2011-09-01 09:47 . 2011-09-01 09:47 -------- d-----w- c:\programdata\Evernote
2011-09-01 09:47 . 2011-09-01 09:47 -------- d-----w- C:\_FS_SWRINFO
2011-09-01 09:47 . 2011-09-01 09:47 -------- d-----w- C:\Documentation
2011-09-01 09:45 . 2011-09-01 09:45 -------- d-----w- c:\users\boinc_master
2011-09-01 09:43 . 2011-09-01 11:12 -------- d-----w- c:\program files (x86)\BOINC
2011-09-01 09:43 . 2011-09-01 11:12 -------- d-----w- c:\programdata\BOINC
2011-09-01 09:43 . 2011-09-01 09:43 -------- d-----w- c:\windows\Downloaded Installations
2011-09-01 09:43 . 2011-09-01 10:45 -------- d-----w- c:\program files (x86)\Windows Live
2011-09-01 09:37 . 2011-09-01 10:47 -------- d-----w- c:\program files (x86)\Sony
2011-09-01 09:36 . 2011-09-01 09:36 -------- d-----w- c:\program files (x86)\Common Files\Skype
2011-09-01 09:36 . 2011-09-01 09:36 -------- d-----r- c:\program files (x86)\Skype
2011-09-01 09:36 . 2011-09-01 09:36 -------- d-----w- c:\programdata\Skype
2011-09-01 09:35 . 2011-09-01 09:35 -------- d---a-w- c:\program files\Shutterfly
2011-09-01 09:33 . 2011-09-01 09:33 -------- d-----w- c:\program files\PlayReady
2011-09-01 09:31 . 2011-09-01 09:31 -------- d---a-w- C:\Nobu_Icon
2011-09-01 09:29 . 2011-09-01 11:42 -------- d-----w- c:\windows\system32\drivers\NISx64
2011-09-01 09:29 . 2011-09-01 11:14 -------- d-----w- c:\programdata\Norton
2011-09-01 09:29 . 2011-09-01 09:29 -------- d-----w- c:\program files (x86)\Norton Internet Security
2011-09-01 09:29 . 2011-09-01 09:29 -------- d-----w- c:\program files (x86)\NortonInstaller
2011-09-01 09:23 . 2011-09-01 09:23 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-09-01 09:23 . 2011-09-01 09:23 411368 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-09-01 09:23 . 2011-09-01 09:23 -------- d-----w- c:\program files (x86)\Java
2011-09-01 09:21 . 2011-09-01 09:21 455680 ----a-w- c:\windows\system32\deployJava1.dll
2011-09-01 09:21 . 2011-09-01 09:21 -------- d-----w- c:\program files\Java
2011-09-01 09:19 . 2011-09-01 09:19 -------- d-----w- c:\program files (x86)\Common Files\Intel Corporation
2011-09-01 09:19 . 2011-09-01 09:19 -------- d-----w- c:\program files (x86)\Intel Corporation
2011-09-01 09:16 . 2011-09-01 09:16 -------- d-----w- c:\programdata\Partner
2011-09-01 09:16 . 2011-09-01 09:16 -------- d-----w- c:\program files\Google
2011-09-01 09:16 . 2011-09-01 09:16 -------- d-----w- c:\program files (x86)\Google
2011-09-01 09:15 . 2011-09-01 10:38 -------- d-----w- c:\windows\Sonysys
2011-09-01 09:13 . 2011-09-01 09:13 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2011-09-01 09:13 . 2011-09-01 09:13 -------- d-----w- c:\windows\SysWow64\Macromed
2011-09-01 09:11 . 2011-09-01 09:11 -------- d-----w- c:\program files (x86)\AccuWeather.com Cirrus
2011-09-01 09:09 . 2011-09-01 09:09 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2011-09-01 09:08 . 2011-09-01 09:51 -------- d-----w- c:\program files (x86)\Common Files\Sony Shared
2011-09-01 09:08 . 2011-09-01 09:50 -------- d-----w- c:\program files\Common Files\Sony Shared
2011-09-01 09:04 . 2010-06-19 07:05 213888 ----a-w- c:\windows\system32\drivers\rdyboost.sys
2011-09-01 09:00 . 2011-09-01 09:00 -------- d-----w- c:\program files (x86)\Cisco
2011-09-01 09:00 . 2011-09-01 09:00 -------- d-----w- c:\programdata\Intel
2011-09-01 09:00 . 2011-09-01 09:00 -------- d-----w- c:\program files\Intel
2011-09-01 09:00 . 2011-09-01 09:00 -------- d-----w- c:\program files\Apoint
2011-09-01 08:57 . 2011-09-01 09:49 -------- d-----w- c:\program files (x86)\Common Files\InstallShield
2011-09-01 08:55 . 2010-04-23 07:13 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-09-01 08:55 . 2010-04-23 07:11 2048 ----a-w- c:\windows\system32\tzres.dll
2011-09-01 08:53 . 2011-09-01 12:03 -------- d-----w- c:\program files (x86)\DDNi
2011-09-01 08:53 . 2011-09-01 11:57 -------- d-----w- c:\programdata\DDNi
2011-09-01 08:53 . 2011-09-01 10:44 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2011-09-01 08:53 . 2011-09-01 08:53 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2011-09-01 08:53 . 2011-09-01 12:03 -------- d-sh--w- c:\windows\Installer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-01 09:46 . 2011-09-01 09:46 2560 ----a-w- c:\windows\SysWow64\drivers\en-US\qwavedrv.sys.mui
2011-09-01 09:46 . 2011-09-01 09:46 25600 ----a-w- c:\windows\SysWow64\drivers\en-US\bfe.dll.mui
2011-09-01 09:46 . 2011-09-01 09:46 15360 ----a-w- c:\windows\SysWow64\drivers\en-US\pacer.sys.mui
2011-09-01 09:46 . 2011-09-01 09:46 2560 ----a-w- c:\windows\SysWow64\drivers\en-US\scfilter.sys.mui
2011-09-01 09:46 . 2011-09-01 09:46 5632 ----a-w- c:\windows\SysWow64\drivers\en-US\ndiscap.sys.mui
2011-09-01 09:46 . 2011-09-01 09:46 44032 ----a-w- c:\windows\SysWow64\drivers\en-US\tcpip.sys.mui
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2011-09-01 09:16 433648 ----a-w- c:\programdata\Partner\Partner.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"SmartWiHelper"="c:\program files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" [2010-07-15 89080]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2010-06-01 673136]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-06-01 600928]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-01 136176]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-03-05 340240]
R3 Partner Service;Partner Service;c:\programdata\Partner\Partner.exe [2011-09-01 332272]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-06-21 108400]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-06-18 423280]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-06-21 67952]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-06-09 537456]
R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-06-09 384880]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-06-09 101232]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20110812.001\BHDrvx64.sys [2011-08-13 1151096]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20110831.030\IDSvia64.sys [2011-08-31 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1206000.01D\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe [2011-04-17 130008]
S2 Oasis2Service;Oasis2Service;c:\program files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe [2011-03-14 47616]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-06-01 367456]
S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [x]
S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys [x]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2010-05-25 252416]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-05-28 2320920]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2010-06-22 575856]
S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-06-17 851824]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [x]
S3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2010-06-07 304496]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe [2010-06-01 1250160]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - EECTRL
*NewlyCreated* - ERASERUTILDRV11113
*Deregistered* - EraserUtilDrv11113
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-01 09:16]
.
2011-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-01 09:16]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2011-09-01 09:16 750064 ----a-w- c:\programdata\Partner\Partner64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-24 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-24 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-24 413208]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-05-31 10775584]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-05-31 2040352]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-03-05 1928976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
TCP: DhcpNameServer = 205.171.3.25 205.171.2.25
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-Apoint - c:\program files (x86)\Apoint\Apoint.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.6.0.29\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=2000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-09-01 18:20:55
ComboFix-quarantined-files.txt 2011-09-02 01:20
.
Pre-Run: 413,876,150,272 bytes free
Post-Run: 413,512,507,392 bytes free
.
- - End Of File - - 66FCE62A934613B86481EBAFBFF19A2A

Broni · Sep 1, 2011

Good news

Combofix log looks good

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Click the Scan All Users checkbox.
Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

Gil · Sep 1, 2011

Message 1 of 2 /// OTL.txt too long for one message:

OTL logfile created on: 9/1/2011 7:52:13 PM - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\Gil\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.67 Gb Total Physical Memory | 2.26 Gb Available Physical Memory | 61.67% Memory free
7.34 Gb Paging File | 5.84 Gb Available in Paging File | 79.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 455.40 Gb Total Space | 382.20 Gb Free Space | 83.93% Space Free | Partition Type: NTFS

Computer Name: GIL-VAIO | User Name: Gil | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/01 19:47:18 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Gil\Desktop\OTL.exe
PRC - [2011/04/16 17:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe
PRC - [2011/03/14 15:34:16 | 000,047,616 | ---- | M] () -- C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe
PRC - [2010/07/15 11:07:40 | 000,184,816 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe
PRC - [2010/07/15 11:07:40 | 000,040,952 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe
PRC - [2010/07/15 11:07:40 | 000,023,552 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
PRC - [2010/07/15 11:07:40 | 000,022,504 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe
PRC - [2010/06/17 12:44:10 | 000,851,824 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
PRC - [2010/06/01 03:01:56 | 000,367,456 | ---- | M] (Sony Corporation) -- c:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2010/06/01 03:01:54 | 000,600,928 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2010/05/31 19:18:32 | 000,217,968 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
PRC - [2010/05/31 19:18:32 | 000,120,176 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2010/05/31 17:01:52 | 000,673,136 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
PRC - [2010/05/28 13:02:57 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/05/28 13:02:38 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/05/26 10:08:08 | 000,055,152 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Care\VCSpt.exe
PRC - [2010/05/18 13:38:46 | 000,075,776 | ---- | M] (Sony of America Corporation) -- C:\Program Files\Sony\VAIO Care\listener.exe
PRC - [2010/03/03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/03/03 20:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
PRC - [2008/09/18 10:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe

========== Modules (No Company Name) ==========

MOD - [2011/03/29 15:31:57 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2011/03/29 15:31:53 | 004,550,656 | ---- | M] () -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
MOD - [2010/07/15 11:07:40 | 000,184,816 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe
MOD - [2010/07/15 11:07:40 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\SonyCommonLib.dll
MOD - [2010/07/15 11:07:40 | 000,109,568 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\DevicePanel.dll
MOD - [2010/07/15 11:07:40 | 000,040,952 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe
MOD - [2010/07/15 11:07:40 | 000,027,648 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.BtPower.dll
MOD - [2010/07/15 11:07:40 | 000,023,552 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe
MOD - [2010/07/15 11:07:40 | 000,023,040 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.Generic.dll
MOD - [2010/07/15 11:07:40 | 000,022,504 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe
MOD - [2010/07/15 11:07:40 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\DictionaryLookup.dll
MOD - [2010/07/15 11:07:40 | 000,015,872 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.NativeWifiThirdPartyApp.dll
MOD - [2010/07/15 11:07:40 | 000,015,360 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\SharedInterfaces.dll
MOD - [2010/07/15 11:07:40 | 000,011,264 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\Resources.dll
MOD - [2010/07/15 11:07:40 | 000,011,264 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\MessageXML.dll
MOD - [2010/07/15 11:07:40 | 000,009,728 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.TosBtThirdPartyApp.dll
MOD - [2010/07/15 11:07:40 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\DebugMsg.dll
MOD - [2010/07/15 11:07:40 | 000,006,656 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.WlanPower.dll
MOD - [2010/07/15 11:07:40 | 000,005,120 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.ThirdPartyApp.dll
MOD - [2010/07/15 11:07:40 | 000,005,120 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.Generic.dll
MOD - [2010/07/15 11:07:40 | 000,004,608 | ---- | M] () -- C:\Program Files (x86)\Sony\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.Power.dll
MOD - [2010/03/02 16:24:26 | 001,249,280 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
MOD - [2009/06/10 14:23:20 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2009/06/10 14:23:19 | 005,242,880 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
MOD - [2009/06/10 14:23:19 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2009/06/10 14:23:18 | 003,178,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2009/06/10 14:23:18 | 000,626,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2009/06/10 14:23:18 | 000,372,736 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
MOD - [2009/06/10 14:23:17 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2009/06/10 14:22:40 | 000,010,752 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/06/21 18:00:52 | 000,575,856 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV:64bit: - [2010/06/09 15:57:16 | 000,101,232 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
SRV:64bit: - [2010/06/09 15:56:02 | 000,384,880 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr)
SRV:64bit: - [2010/06/09 15:55:00 | 000,537,456 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV:64bit: - [2010/06/06 22:13:46 | 000,304,496 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe -- (SpfService)
SRV:64bit: - [2010/05/31 18:25:48 | 001,250,160 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Update 5\VUAgent.exe -- (VUAgent)
SRV:64bit: - [2010/05/25 05:23:52 | 000,252,416 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe -- (SampleCollector)
SRV:64bit: - [2010/03/05 10:26:38 | 001,425,168 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2010/03/05 10:07:58 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2010/03/05 10:06:22 | 000,831,760 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/09/01 02:16:55 | 000,332,272 | ---- | M] (Google Inc.) [On_Demand | Stopped] -- C:\ProgramData\Partner\Partner.exe -- (Partner Service)
SRV - [2011/04/16 17:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe -- (NIS)
SRV - [2011/03/14 15:34:16 | 000,047,616 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe -- (Oasis2Service)
SRV - [2010/06/20 21:47:18 | 000,108,400 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2010/06/20 21:47:16 | 000,067,952 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2010/06/18 07:07:12 | 000,423,280 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)
SRV - [2010/06/17 12:44:10 | 000,851,824 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2010/06/01 03:01:56 | 000,367,456 | ---- | M] (Sony Corporation) [Auto | Running] -- c:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2010/05/31 19:18:32 | 000,217,968 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2010/05/28 13:02:57 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010/05/28 13:02:38 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010/03/03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/09/18 10:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/09/01 04:37:29 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/07/08 17:45:12 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symnets.sys -- (SymNetS)
DRV:64bit: - [2011/03/30 20:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/03/30 20:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011/03/14 19:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011/01/26 23:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symds64.sys -- (SymDS)
DRV:64bit: - [2011/01/26 22:07:06 | 000,171,128 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/06/24 13:34:53 | 000,271,872 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010/06/24 13:33:43 | 010,326,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/06/24 13:06:24 | 006,107,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010/06/23 13:03:07 | 000,078,848 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsne64.sys -- (risdsnpe)
DRV:64bit: - [2010/06/23 13:02:59 | 000,094,208 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimssne64.sys -- (rimspci)
DRV:64bit: - [2010/05/31 14:36:54 | 000,299,568 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2010/05/31 14:36:48 | 000,402,720 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2010/05/31 14:36:41 | 001,573,888 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/05/31 12:05:06 | 007,689,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel(R)
DRV:64bit: - [2010/05/28 13:03:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/05/28 13:02:36 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2010/04/26 13:20:29 | 000,012,032 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV:64bit: - [2010/04/16 11:45:50 | 000,039,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
DRV:64bit: - [2010/03/03 19:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/10/09 19:41:20 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/07/13 18:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 18:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/26 14:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV - [2011/09/01 04:37:12 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20110901.017\EX64.SYS -- (NAVEX15)
DRV - [2011/09/01 04:37:12 | 000,481,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2011/09/01 04:37:12 | 000,136,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/09/01 04:37:12 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\VirusDefs\20110901.017\ENG64.SYS -- (NAVENG)
DRV - [2011/08/31 16:07:08 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\IPSDefs\20110831.030\IDSviA64.sys -- (IDSVia64)
DRV - [2011/08/12 23:21:56 | 001,151,096 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\Definitions\BASHDefs\20110812.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT

IE - HKU\S-1-5-21-3312632734-2759612296-4142556236-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3312632734-2759612296-4142556236-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files (x86)\Google\Update\1.2.183.23\npGoogleOneClick8.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\IPSFFPlgn\ [2011/09/01 13:25:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\coFFPlgn_2011_7_1_3 [2011/09/01 19:45:03 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2011/09/01 18:19:24 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg64.dll (Google Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O3:64bit: - HKU\S-1-5-21-3312632734-2759612296-4142556236-1005\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-3312632734-2759612296-4142556236-1005\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [SmartWiHelper] C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe (Sony Electronics Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3312632734-2759612296-4142556236-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3312632734-2759612296-4142556236-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - c:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - c:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 205.171.3.25 205.171.2.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0E3481E0-8F3F-4535-B061-5D68813F0D6E}: DhcpNameServer = 205.171.3.25 205.171.2.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC863AAA-54E2-4F05-A57B-5B003D0368DB}: DhcpNameServer = 205.171.3.25 205.171.2.25
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

Gil · Sep 1, 2011

Message 2 of 2/// OTL.txt:

[2011/09/01 19:47:14 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Users\Gil\Desktop\OTL.exe
[2011/09/01 19:12:46 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2011/09/01 19:12:46 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2011/09/01 18:24:31 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/09/01 18:20:56 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/09/01 18:13:54 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/09/01 18:13:54 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/09/01 18:13:54 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/09/01 18:13:49 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/09/01 18:12:16 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/09/01 18:11:16 | 004,192,529 | R--- | C] (Swearware) -- C:\Users\Gil\Desktop\ComboFix.exe
[2011/09/01 13:26:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2011/09/01 05:03:16 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Gil\Desktop\aswMBR.exe
[2011/09/01 04:57:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Messenger
[2011/09/01 04:57:32 | 000,000,000 | -H-D | C] -- C:\ProgramData\{F77EE8EF-305B-4394-A018-C1A57D2D66B5}
[2011/09/01 04:49:18 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/09/01 04:49:13 | 000,000,000 | ---D | C] -- C:\Users\Gil\AppData\Roaming\Adobe
[2011/09/01 04:37:28 | 000,912,504 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symefa64.sys
[2011/09/01 04:37:28 | 000,744,568 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtsp64.sys
[2011/09/01 04:37:28 | 000,450,680 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symds64.sys
[2011/09/01 04:37:28 | 000,386,168 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symnets.sys
[2011/09/01 04:37:28 | 000,171,128 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\ironx64.sys
[2011/09/01 04:37:28 | 000,040,568 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtspx64.sys
[2011/09/01 04:37:17 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D
[2011/09/01 04:19:58 | 000,000,000 | ---D | C] -- C:\Users\Gil\AppData\Roaming\Google
[2011/09/01 04:19:58 | 000,000,000 | ---D | C] -- C:\Users\Gil\AppData\Local\Google
[2011/09/01 04:13:49 | 000,000,000 | ---D | C] -- C:\Users\Gil\AppData\Roaming\Intel Corporation
[2011/09/01 04:13:48 | 000,174,200 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2011/09/01 04:13:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2011/09/01 04:13:48 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011/09/01 04:13:39 | 000,000,000 | ---D | C] -- C:\Users\Gil\AppData\Roaming\Intel
[2011/09/01 04:13:08 | 000,000,000 | R--D | C] -- C:\Users\Gil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/09/01 04:13:08 | 000,000,000 | R--D | C] -- C:\Users\Gil\Searches
[2011/09/01 04:13:08 | 000,000,000 | R--D | C] -- C:\Users\Gil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/09/01 04:13:08 | 000,000,000 | -H-D | C] -- C:\Users\Gil\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2011/09/01 04:12:58 | 000,000,000 | ---D | C] -- C:\Users\Gil\AppData\Roaming\Identities
[2011/09/01 04:12:57 | 000,000,000 | R--D | C] -- C:\Users\Gil\Contacts
[2011/09/01 04:09:40 | 000,000,000 | ---D | C] -- C:\Users\Gil\AppData\Local\VirtualStore
[2011/09/01 04:09:34 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\VAIO Startup Setting Tool
[2011/09/01 04:09:29 | 000,000,000 | ---D | C] -- C:\Users\Gil\AppData\Roaming\Sony Corporation
[2011/09/01 04:09:23 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/09/01 04:09:09 | 000,000,000 | -HSD | C] -- C:\Users\Gil\AppData\Local\Temporary Internet Files
[2011/09/01 04:09:09 | 000,000,000 | -HSD | C] -- C:\Users\Gil\Templates
[2011/09/01 04:09:09 | 000,000,000 | -HSD | C] -- C:\Users\Gil\Start Menu
[2011/09/01 04:09:09 | 000,000,000 | -HSD | C] -- C:\Users\Gil\SendTo
[2011/09/01 04:09:09 | 000,000,000 | -HSD | C] -- C:\Users\Gil\Recent
[2011/09/01 04:09:09 | 000,000,000 | -HSD | C] -- C:\Users\Gil\PrintHood
[2011/09/01 04:09:09 | 000,000,000 | -HSD | C] -- C:\Users\Gil\NetHood
[2011/09/01 04:09:09 | 000,000,000 | -HSD | C] -- C:\Users\Gil\Documents\My Videos
[2011/09/01 04:09:09 | 000,000,000 | -HSD | C] -- C:\Users\Gil\Documents\My Pictures
[2011/09/01 04:09:09 | 000,000,000 | -HSD | C] -- C:\Users\Gil\Documents\My Music
[2011/09/01 04:09:09 | 000,000,000 | -HSD | C] -- C:\Users\Gil\My Documents
[2011/09/01 04:09:09 | 000,000,000 | -HSD | C] -- C:\Users\Gil\Local Settings
[2011/09/01 04:09:09 | 000,000,000 | -HSD | C] -- C:\Users\Gil\AppData\Local\History
[2011/09/01 04:09:09 | 000,000,000 | -HSD | C] -- C:\Users\Gil\Cookies
[2011/09/01 04:09:09 | 000,000,000 | -HSD | C] -- C:\Users\Gil\Application Data
[2011/09/01 04:09:09 | 000,000,000 | -HSD | C] -- C:\Users\Gil\AppData\Local\Application Data
[2011/09/01 04:09:08 | 000,000,000 | --SD | C] -- C:\Users\Gil\AppData\Roaming\Microsoft
[2011/09/01 04:09:08 | 000,000,000 | R--D | C] -- C:\Users\Gil\Videos
[2011/09/01 04:09:08 | 000,000,000 | R--D | C] -- C:\Users\Gil\Saved Games
[2011/09/01 04:09:08 | 000,000,000 | R--D | C] -- C:\Users\Gil\Pictures
[2011/09/01 04:09:08 | 000,000,000 | R--D | C] -- C:\Users\Gil\Music
[2011/09/01 04:09:08 | 000,000,000 | R--D | C] -- C:\Users\Gil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/09/01 04:09:08 | 000,000,000 | R--D | C] -- C:\Users\Gil\Links
[2011/09/01 04:09:08 | 000,000,000 | R--D | C] -- C:\Users\Gil\Favorites
[2011/09/01 04:09:08 | 000,000,000 | R--D | C] -- C:\Users\Gil\Downloads
[2011/09/01 04:09:08 | 000,000,000 | R--D | C] -- C:\Users\Gil\Documents
[2011/09/01 04:09:08 | 000,000,000 | R--D | C] -- C:\Users\Gil\Desktop
[2011/09/01 04:09:08 | 000,000,000 | R--D | C] -- C:\Users\Gil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/09/01 04:09:08 | 000,000,000 | -H-D | C] -- C:\Users\Gil\AppData
[2011/09/01 04:09:08 | 000,000,000 | ---D | C] -- C:\Users\Gil\AppData\Local\Temp
[2011/09/01 04:09:08 | 000,000,000 | ---D | C] -- C:\Users\Gil\AppData\Local\Microsoft
[2011/09/01 04:09:08 | 000,000,000 | ---D | C] -- C:\Users\Gil\AppData\Roaming\Media Center Programs
[2011/09/01 04:09:08 | 000,000,000 | ---D | C] -- C:\Users\Gil\AppData\Roaming\Macromedia
[2011/09/01 03:45:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2011/09/01 03:44:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2011/09/01 03:43:52 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2011/09/01 03:43:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live SkyDrive
[2011/09/01 03:43:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2011/09/01 03:43:19 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2011/09/01 03:42:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2011/09/01 03:34:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft WebCam Companion 3
[2011/09/01 03:28:51 | 000,000,000 | ---D | C] -- C:\VAIO Sample Contents
[2011/09/01 03:16:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Care
[2011/09/01 03:14:43 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayStation Tools
[2011/09/01 03:14:18 | 000,000,000 | ---D | C] -- C:\SPLASH.000
[2011/09/01 03:14:02 | 000,000,000 | ---D | C] -- C:\SPLASH.SYS
[2011/09/01 03:13:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Downloaded Installations
[2011/09/01 02:56:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2011/09/01 02:56:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PMB
[2011/09/01 02:49:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Magic-i Visual Effects 2
[2011/09/01 02:49:49 | 000,212,480 | ---- | C] (Eastman Kodak) -- C:\Windows\SysWow64\PCDLIB32.DLL
[2011/09/01 02:49:49 | 000,055,808 | ---- | C] (ArcSoft, Inc.) -- C:\Windows\System\ArcSoftKsUFilter.dll
[2011/09/01 02:49:49 | 000,019,968 | ---- | C] (ArcSoft, Inc.) -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys
[2011/09/01 02:49:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ArcSoft
[2011/09/01 02:49:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ArcSoft
[2011/09/01 02:48:15 | 000,000,000 | ---D | C] -- C:\Program Files\Sony
[2011/09/01 02:47:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote for VAIO
[2011/09/01 02:47:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Evernote
[2011/09/01 02:47:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Evernote
[2011/09/01 02:47:19 | 000,000,000 | ---D | C] -- C:\_FS_SWRINFO
[2011/09/01 02:47:18 | 000,000,000 | ---D | C] -- C:\Documentation
[2011/09/01 02:46:54 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\winrm
[2011/09/01 02:46:54 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\UMDF
[2011/09/01 02:46:54 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\sysprep
[2011/09/01 02:46:54 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\slmgr
[2011/09/01 02:46:54 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\UMDF\en-US
[2011/09/01 02:46:54 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\en-US
[2011/09/01 02:46:54 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\en
[2011/09/01 02:46:54 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\0409
[2011/09/01 02:46:52 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\winrm
[2011/09/01 02:46:52 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\WCN
[2011/09/01 02:46:52 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\slmgr
[2011/09/01 02:46:52 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Printing_Admin_Scripts
[2011/09/01 02:46:52 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\en
[2011/09/01 02:46:52 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0409
[2011/09/01 02:46:51 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\WCN
[2011/09/01 02:46:51 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\en-US
[2011/09/01 02:46:50 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Printing_Admin_Scripts
[2011/09/01 02:46:10 | 000,010,240 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\en-US\BrSerId.sys.mui
[2011/09/01 02:46:10 | 000,010,240 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\en-US\BrSerIb.sys.mui
[2011/09/01 02:46:09 | 000,003,584 | ---- | C] (SCM Microsystems, Inc.) -- C:\Windows\SysNative\drivers\en-US\pscr.sys.mui
[2011/09/01 02:46:09 | 000,002,560 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\en-US\BrParwdm.sys.mui
[2011/09/01 02:43:49 | 000,000,000 | ---D | C] -- C:\ProgramData\BOINC
[2011/09/01 02:43:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BOINC
[2011/09/01 02:43:46 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2011/09/01 02:43:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2011/09/01 02:37:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony
[2011/09/01 02:37:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartWi Connection Utility
[2011/09/01 02:36:31 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2011/09/01 02:36:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/09/01 02:36:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2011/09/01 02:36:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2011/09/01 02:35:14 | 000,000,000 | ---D | C] -- C:\Program Files\Shutterfly
[2011/09/01 02:33:11 | 000,000,000 | ---D | C] -- C:\Program Files\PlayReady
[2011/09/01 02:31:49 | 000,000,000 | ---D | C] -- C:\Nobu_Icon
[2011/09/01 02:29:45 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64
[2011/09/01 02:29:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[2011/09/01 02:29:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Internet Security
[2011/09/01 02:29:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011/09/01 02:29:20 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2011/09/01 02:29:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2011/09/01 02:29:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2011/09/01 02:27:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2011/09/01 02:23:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/09/01 02:23:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/09/01 02:23:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2011/09/01 02:21:27 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/09/01 02:19:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Corporation
[2011/09/01 02:19:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel Corporation
[2011/09/01 02:19:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel Corporation
[2011/09/01 02:16:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Partner
[2011/09/01 02:16:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/09/01 02:16:22 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2011/09/01 02:16:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2011/09/01 02:16:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2011/09/01 02:15:40 | 000,000,000 | ---D | C] -- C:\Windows\Sonysys
[2011/09/01 02:13:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2011/09/01 02:13:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2011/09/01 02:13:02 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2011/09/01 02:11:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AccuWeather.com Cirrus
[2011/09/01 02:09:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2011/09/01 02:09:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2011/09/01 02:08:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Sony Shared
[2011/09/01 02:08:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sony Shared
[2011/09/01 02:00:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless
[2011/09/01 02:00:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel
[2011/09/01 02:00:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco
[2011/09/01 02:00:49 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2011/09/01 02:00:31 | 000,000,000 | ---D | C] -- C:\Program Files\Apoint
[2011/09/01 01:58:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\postureAgent
[2011/09/01 01:58:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2011/09/01 01:58:14 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2011/09/01 01:58:02 | 002,719,504 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2011/09/01 01:58:02 | 002,197,264 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2011/09/01 01:58:02 | 001,325,328 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
[2011/09/01 01:58:02 | 001,178,384 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
[2011/09/01 01:58:02 | 001,110,800 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
[2011/09/01 01:58:02 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2011/09/01 01:58:02 | 000,504,592 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
[2011/09/01 01:58:02 | 000,489,744 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll
[2011/09/01 01:58:02 | 000,474,896 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
[2011/09/01 01:58:02 | 000,372,936 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2011/09/01 01:58:02 | 000,330,656 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2011/09/01 01:58:02 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2011/09/01 01:58:02 | 000,315,152 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
[2011/09/01 01:58:02 | 000,307,920 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2011/09/01 01:58:02 | 000,307,920 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2011/09/01 01:58:02 | 000,268,560 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
[2011/09/01 01:58:02 | 000,265,488 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
[2011/09/01 01:58:02 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2011/09/01 01:58:02 | 000,201,928 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2011/09/01 01:58:02 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2011/09/01 01:58:02 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2011/09/01 01:58:02 | 000,123,664 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
[2011/09/01 01:58:02 | 000,123,152 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
[2011/09/01 01:58:02 | 000,122,128 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll
[2011/09/01 01:58:02 | 000,099,016 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2011/09/01 01:58:02 | 000,076,488 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2011/09/01 01:58:01 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2011/09/01 01:58:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2011/09/01 01:57:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2011/09/01 01:55:14 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2011/09/01 01:53:11 | 000,000,000 | ---D | C] -- C:\ProgramData\DDNi
[2011/09/01 01:53:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DDNi
[2011/09/01 01:53:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2011/09/01 01:53:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2011/09/01 01:53:06 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2011/09/01 01:48:50 | 000,000,000 | -HSD | C] -- C:\System Volume Information

========== Files - Modified Within 30 Days ==========

[2011/09/01 19:56:59 | 001,265,512 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\Cat.DB
[2011/09/01 19:52:13 | 000,013,936 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/01 19:52:13 | 000,013,936 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/01 19:47:18 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Gil\Desktop\OTL.exe
[2011/09/01 19:45:15 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/01 19:44:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/01 19:44:21 | 2955,485,184 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/01 19:23:13 | 000,299,408 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/09/01 18:48:12 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/09/01 18:48:12 | 000,615,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/09/01 18:48:12 | 000,103,702 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/09/01 18:21:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/01 18:19:24 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/09/01 18:11:42 | 004,192,529 | R--- | M] (Swearware) -- C:\Users\Gil\Desktop\ComboFix.exe
[2011/09/01 05:35:13 | 000,000,512 | ---- | M] () -- C:\Users\Gil\Desktop\MBR.dat
[2011/09/01 05:03:36 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Gil\Desktop\aswMBR.exe
[2011/09/01 04:41:48 | 000,002,449 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2011/09/01 04:37:29 | 000,174,200 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2011/09/01 04:37:29 | 000,007,488 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2011/09/01 04:37:29 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2011/09/01 04:19:55 | 000,001,401 | ---- | M] () -- C:\Users\Gil\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/09/01 04:12:47 | 000,000,000 | RH-- | M] () -- C:\Windows\SysWow64\drivers\104D_Sony_VPCEB33FX.mrk
[2011/09/01 04:12:47 | 000,000,000 | RH-- | M] () -- C:\Windows\SysNative\drivers\104D_Sony_VPCEB33FX.mrk
[2011/09/01 04:07:57 | 000,039,252 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2011/09/01 04:07:57 | 000,039,252 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2011/09/01 03:40:34 | 000,196,608 | ---- | M] () -- C:\Windows\ocsetup_install_OEMHelpCustomization.etl
[2011/09/01 03:38:42 | 000,001,468 | ---- | M] () -- C:\Users\Public\Desktop\Try a Free Photo Book.lnk
[2011/09/01 03:14:19 | 000,000,073 | -H-- | M] () -- C:\splash.idx
[2011/09/01 02:46:10 | 000,010,240 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\en-US\BrSerId.sys.mui
[2011/09/01 02:46:10 | 000,010,240 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\en-US\BrSerIb.sys.mui
[2011/09/01 02:46:09 | 000,003,584 | ---- | M] (SCM Microsystems, Inc.) -- C:\Windows\SysNative\drivers\en-US\pscr.sys.mui
[2011/09/01 02:46:09 | 000,002,560 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\en-US\BrParwdm.sys.mui
[2011/09/01 02:19:21 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WDKMD_01009.Wdf
[2011/09/01 02:16:44 | 000,002,255 | ---- | M] () -- C:\Users\Public\Desktop\Internet Browser.lnk
[2011/09/01 02:16:44 | 000,002,239 | ---- | M] () -- C:\Users\Gil\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/09/01 02:00:32 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_Apfiltr_01009.Wdf

========== Files Created - No Company Name ==========

[2011/09/01 18:13:54 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/09/01 18:13:54 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/09/01 18:13:54 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/09/01 18:13:54 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/09/01 18:13:54 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/09/01 05:12:36 | 000,000,512 | ---- | C] () -- C:\Users\Gil\Desktop\MBR.dat
[2011/09/01 04:40:14 | 001,260,240 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\Cat.DB
[2011/09/01 04:37:28 | 000,007,492 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\iron.cat
[2011/09/01 04:37:28 | 000,007,462 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtspx64.cat
[2011/09/01 04:37:28 | 000,007,460 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symefa64.cat
[2011/09/01 04:37:28 | 000,007,458 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symnet64.cat
[2011/09/01 04:37:28 | 000,007,458 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtsp64.cat
[2011/09/01 04:37:28 | 000,003,373 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symefa.inf
[2011/09/01 04:37:28 | 000,002,792 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symds.inf
[2011/09/01 04:37:28 | 000,001,446 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symnet.inf
[2011/09/01 04:37:28 | 000,001,438 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtsp64.inf
[2011/09/01 04:37:28 | 000,001,422 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtspx64.inf
[2011/09/01 04:37:28 | 000,000,772 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\iron.inf
[2011/09/01 04:37:19 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symds64.cat
[2011/09/01 04:37:17 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\isolate.ini
[2011/09/01 04:19:55 | 000,001,401 | ---- | C] () -- C:\Users\Gil\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/09/01 04:13:48 | 000,007,488 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2011/09/01 04:13:48 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2011/09/01 04:13:25 | 000,001,413 | ---- | C] () -- C:\Users\Gil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2011/09/01 04:13:11 | 000,001,407 | ---- | C] () -- C:\Users\Gil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/09/01 04:12:47 | 000,000,000 | RH-- | C] () -- C:\Windows\SysWow64\drivers\104D_Sony_VPCEB33FX.mrk
[2011/09/01 04:12:47 | 000,000,000 | RH-- | C] () -- C:\Windows\SysNative\drivers\104D_Sony_VPCEB33FX.mrk
[2011/09/01 04:12:36 | 000,001,965 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music Unlimited powered by Qriocity.lnk
[2011/09/01 04:09:09 | 000,002,239 | ---- | C] () -- C:\Users\Gil\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/09/01 04:09:08 | 000,000,290 | ---- | C] () -- C:\Users\Gil\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/09/01 04:09:08 | 000,000,272 | ---- | C] () -- C:\Users\Gil\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011/09/01 03:47:59 | 2955,485,184 | -HS- | C] () -- C:\hiberfil.sys
[2011/09/01 03:40:14 | 000,196,608 | ---- | C] () -- C:\Windows\ocsetup_install_OEMHelpCustomization.etl
[2011/09/01 03:38:42 | 000,001,468 | ---- | C] () -- C:\Users\Public\Desktop\Try a Free Photo Book.lnk
[2011/09/01 03:32:49 | 000,002,072 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Gate.lnk
[2011/09/01 03:31:43 | 000,001,235 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Transfer.lnk
[2011/09/01 03:23:31 | 000,001,230 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Media plus.lnk
[2011/09/01 03:20:35 | 000,000,988 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Data Restore Tool.lnk
[2011/09/01 02:56:04 | 000,000,985 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PMB.lnk
[2011/09/01 02:52:06 | 000,001,263 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Gallery.lnk
[2011/09/01 02:47:49 | 000,001,039 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk
[2011/09/01 02:47:20 | 000,001,955 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Manual.lnk
[2011/09/01 02:46:47 | 000,001,493 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Control Center.lnk
[2011/09/01 02:42:21 | 000,003,489 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warranty Registration.lnk
[2011/09/01 02:31:51 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Online Backup Trial.url
[2011/09/01 02:29:59 | 000,002,449 | ---- | C] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2011/09/01 02:27:55 | 000,002,435 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2010.lnk
[2011/09/01 02:25:25 | 000,000,869 | ---- | C] () -- C:\Windows\SysWow64\media_center.png
[2011/09/01 02:19:21 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WDKMD_01009.Wdf
[2011/09/01 02:19:07 | 000,002,112 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel(R) Wireless Display.lnk
[2011/09/01 02:16:44 | 000,002,255 | ---- | C] () -- C:\Users\Public\Desktop\Internet Browser.lnk
[2011/09/01 02:16:36 | 000,000,912 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/01 02:16:36 | 000,000,908 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/01 02:13:45 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011/09/01 02:11:10 | 000,001,027 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AccuWeather.com Cirrus.lnk
[2011/09/01 02:00:32 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_Apfiltr_01009.Wdf
[2011/09/01 01:50:03 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2011/09/01 01:50:01 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2010/07/12 15:11:37 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/07/12 13:27:34 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2010/07/12 13:27:34 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/07/12 13:27:34 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/07/12 13:27:33 | 000,104,636 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2010/07/12 13:27:32 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2010/07/12 13:27:25 | 000,028,732 | ---- | C] () -- C:\Windows\SysWow64\ativvsny.dat
[2010/07/12 13:27:25 | 000,026,936 | ---- | C] () -- C:\Windows\SysWow64\ativvsnl.dat
[2009/07/13 22:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 19:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 19:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 17:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2009/07/13 22:08:49 | 000,011,326 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2011/09/01 18:20:55 | 000,022,518 | ---- | M] () -- C:\ComboFix.txt
[2011/09/01 19:44:21 | 2955,485,184 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/01 03:14:28 | 000,315,658 | ---- | M] () -- C:\lv.log
[2011/09/01 19:44:23 | 3940,651,008 | -HS- | M] () -- C:\pagefile.sys
[2011/09/01 01:58:25 | 000,002,253 | ---- | M] () -- C:\RHDSetup.log
[2011/09/01 03:14:19 | 000,000,073 | -H-- | M] () -- C:\splash.idx
[2010/06/23 00:14:20 | 000,004,112 | -H-- | M] () -- C:\version

< %systemroot%\Fonts\*.com >
[2009/07/13 22:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/13 22:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/13 22:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/13 22:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 13:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/04/17 00:04:40 | 000,306,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/13 21:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/09/01 04:19:55 | 000,000,221 | -HS- | M] () -- C:\Users\Gil\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011/09/01 05:03:36 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Gil\Desktop\aswMBR.exe
[2011/09/01 18:11:42 | 004,192,529 | R--- | M] (Swearware) -- C:\Users\Gil\Desktop\ComboFix.exe
[2011/09/01 19:47:18 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Gil\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 14:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2011/09/01 04:13:22 | 000,000,402 | -HS- | M] () -- C:\Users\Gil\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

< >

< End of report >

Gil · Sep 1, 2011

Extras.txt log:

OTL Extras logfile created on: 9/1/2011 7:52:13 PM - Run 1
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Users\Gil\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.67 Gb Total Physical Memory | 2.26 Gb Available Physical Memory | 61.67% Memory free
7.34 Gb Paging File | 5.84 Gb Available in Paging File | 79.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 455.40 Gb Total Space | 382.20 Gb Free Space | 83.93% Space Free | Partition Type: NTFS

Computer Name: GIL-VAIO | User Name: Gil | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0D9917CE-1C77-4B58-A153-DCB5A854ED82}" = Intel(R) Wireless Display
"{10E14C74-0638-4996-ABAD-BBF7A6CF1FAA}" = PMB VAIO Edition plug-in (Click to Disc)
"{115B60D5-BBDB-490E-AF2E-064D37A3CE01}" = Media Gallery
"{1E37FC84-799E-481B-9462-3489861E36C9}" = PMB VAIO Edition plug-in (Click to Disc)
"{202B76AB-1B21-434E-A289-788D767D3A7C}" = Media Gallery
"{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java(TM) 6 Update 20 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4DABD2B3-B67A-41B0-86FE-C11AAF5D158A}" = PMB VAIO Edition plug-in (VAIO Movie Story)
"{5AC18E2C-7EAB-4F9E-BEEC-07FD722B28E3}" = PMB VAIO Edition plug-in (VAIO Movie Story)
"{5AFD1F5C-8FDA-413C-AF38-F1E7BD10D72F}" = VAIO Media plus
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{A3D964A6-411A-4817-9D58-5CB8808F494E}" = VAIO Media plus
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{D16A2127-B927-4379-B153-3DEC091E4EEB}" = Intel(R) PROSet/Wireless WiFi Software
"ProInst" = Intel PROSet Wireless

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07441A52-E208-478A-92B7-5C337CA8C131}" = Remote Play with PlayStation®3
"{0D0F662B-EBEA-4075-819E-74798AD42CDE}" = VAIO Care
"{177AF091-7854-4615-8327-AC7518F62782}" = VAIO Media plus
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1873FFC1-FDCB-47E1-B7C7-F418211E3530}" = PMB VAIO Edition plug-in (VAIO Image Optimizer)
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1B500D37-E7CF-480B-8054-8A563594EC4E}" = OOBE
"{1C5EC8F6-5C5F-421F-85BE-919B5D0CAD4C}" = Adobe Flash Player 10 Plugin
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20536917-E2DF-45D9-B41F-9AC0CAFFE48A}" = Media Gallery
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{2F9D63BE-A891-4E39-AFB3-7402D486800C}" = VAIO Hardware Diagnostics
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{34B37A74-125E-4406-87BA-E4BD3D097AE5}" = VAIO Survey
"{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}" = VAIO Care
"{3DB5EA77-4A14-4EC9-8BFC-73BC848BDE73}" = Media Gallery
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B9DA746-5AE1-4BA0-9087-BDB162242890}" = VAIO Media plus
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = PMB VAIO Edition plug-in (Click to Disc)
"{52F9CDDA-26F6-4499-90E0-6DDDE6D2259C}" = VAIO Media plus
"{547C9EB4-4CA6-402F-9D1B-8BD30DC71E44}" = VAIO Sample Contents
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data
"{5A92468F-3ED8-4F96-A9E1-4F176C80EC29}" = VAIO Quick Web Access
"{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update
"{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = VAIO Transfer Support
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6BF03C88-C06A-48DC-B9A1-FE72B24E5FA9}" = VAIO Media plus Opening Movie
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{70991E0A-1108-437E-BA7D-085702C670C0}" =
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{734B6C6C-4740-476F-BB0C-F7AF469EDBB2}" = Remote Play with PlayStation 3
"{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-i Visual Effects 2
"{803E4FA5-A940-4420-B89D-A8BC2E160247}" =
"{808625C0-412D-2343-CA00-9C19A9671101}" = AccuWeather.com Cirrus
"{8211C280-5B02-4E7E-B55F-845A207249BA}" = VAIO Data Restore Tool
"{82F09B1C-F602-4552-9C40-5BD5F8EAF750}" =
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{855DDD3C-131E-42A8-BCBD-F9581F80CACB}" =
"{88C252C8-A7EE-4B60-BF74-8E5919A8048F}" = PMB VAIO Edition Guide
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}" = VAIO Media plus
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B5F85CA-90D4-4AFC-BB37-32477FD0D2B9}" = SmartWi Connection Utility
"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A7C30414-2382-4086-B0D6-01A88ABA21C3}" = VAIO Gate
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" =
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{AD3E7141-A22E-40F1-A7A4-55E898AE35E3}" = VAIO Help and Support
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = PMB VAIO Edition plug-in (VAIO Movie Story)
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B7546697-2A80-4256-A24B-1C33163F535B}" = VAIO Gate Default
"{B941F34C-F36A-4A6F-A97C-50B5948E451F}" = VAIO Media plus
"{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}" = VAIO Manual
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" =
"{CFB66DB0-00AC-4CBC-B99D-99EFEB03743C}" = PMB VAIO Edition plug-in (Click to Disc)
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{D8FF4505-5977-4116-8DE4-2AF7174E70AC}" = Media Gallery
"{DD88F979-FA58-41AC-980C-A6E1A82B61D9}" = VAIO - Media Gallery
"{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}" = ArcSoft WebCam Companion 3
"{E50FC5DB-7CBD-407D-A46E-0C13E45BC386}" = Oasis2Service 1.0
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FB77DB0C-6951-47B6-9D80-A0FDBEE0334C}" =
"{FBB4411F-1328-4E36-A5B3-16AA8CFA8F9C}" = PMB VAIO Edition plug-in (VAIO Movie Story)
"{FFB768E4-E427-4553-BC36-A11F5E62A94D}" = Adobe Flash Player 10 ActiveX
"Adobe AIR" = Adobe AIR
"Application Manager for VAIO" = Application Manager for VAIO
"com.AccuWeather.sony.6AF67E59E785A9A644FCA43BED05A7731922EF40.1" = AccuWeather.com Cirrus
"Google Chrome" = Google Chrome
"InstallShield_{1873FFC1-FDCB-47E1-B7C7-F418211E3530}" = VAIO - PMB VAIO Edition plug-in (VAIO Image Optimizer)
"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = VAIO - PMB VAIO Edition plug-in (Click to Disc)
"InstallShield_{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"InstallShield_{88C252C8-A7EE-4B60-BF74-8E5919A8048F}" = VAIO - PMB VAIO Edition Guide
"InstallShield_{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO - PMB VAIO Edition plug-in (VAIO Movie Story)
"NIS" = Norton Internet Security
"splashtop" = VAIO Quick Web Access
"VAIO Messenger" = VAIO Messenger
"WinLiveSuite_Wave3" = Windows Live Essentials

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/1/2011 7:04:19 AM | Computer Name = WIN-0ERK9RKBM8I | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "C:\Program Files (x86)\Windows
Live\Photo Gallery\MovieMaker.Exe".Error in manifest or policy file "C:\Program
Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 9/1/2011 7:04:20 AM | Computer Name = WIN-0ERK9RKBM8I | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "C:\Program Files (x86)\Windows
Live\Photo Gallery\MovieMaker.Exe".Error in manifest or policy file "C:\Program
Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 9/1/2011 7:37:24 AM | Computer Name = Gil-VAIO | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files (x86)\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value
"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute
"version" in element "assemblyIdentity" is invalid.

Error - 9/1/2011 7:38:15 AM | Computer Name = Gil-VAIO | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "c:\program files (x86)\windows
live\photo gallery\MovieMaker.Exe".Error in manifest or policy file "c:\program
files (x86)\windows live\photo gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.

Error - 9/1/2011 8:13:57 AM | Computer Name = Gil-VAIO | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16385,
time stamp: 0x4a5bca42 Faulting module name: mshtml.dll, version: 8.0.7600.16588,
time stamp: 0x4be2bb63 Exception code: 0xc0000005 Fault offset: 0x0000000000240e78
Faulting
process id: 0x11fc Faulting application start time: 0x01cc689da7c0a908 Faulting application
path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: C:\Windows\System32\mshtml.dll
Report
Id: dde66bc6-d493-11e0-9c2a-54424972d0fe

[ System Events ]
Error - 9/1/2011 8:25:33 AM | Computer Name = Gil-VAIO | Source = EventLog | ID = 6008
Description = The previous system shutdown at 5:14:40 AM on ?9/?1/?2011 was unexpected.

Error - 9/1/2011 4:24:32 PM | Computer Name = Gil-VAIO | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate) service failed to start due to
the following error: %%109

Error - 9/1/2011 4:24:32 PM | Computer Name = Gil-VAIO | Source = Microsoft-Windows-Bits-Client | ID = 16392
Description = The BITS service failed to start. Error 2147942450.

Error - 9/1/2011 4:24:32 PM | Computer Name = Gil-VAIO | Source = Service Control Manager | ID = 7024
Description = The Background Intelligent Transfer Service service terminated with
service-specific error %%-2147024846.

Error - 9/1/2011 9:17:25 PM | Computer Name = Gil-VAIO | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 9/1/2011 9:18:49 PM | Computer Name = Gil-VAIO | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 9/1/2011 9:19:26 PM | Computer Name = Gil-VAIO | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 9/1/2011 9:46:21 PM | Computer Name = Gil-VAIO | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Update for Windows 7 for x64-based Systems (KB979538).

< End of report >

Broni · Sep 1, 2011

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts.

====================================================================

OTL log looks perfectly fine

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program
Tick the box next to YES, I accept the Terms of Use
Click Start
Accept any security warnings from your browser.
Check Scan archives
Click Start
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, push List of found threats
Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
NOTE. If Eset won't find any threats, it won't produce any log.

Gil · Sep 2, 2011

Here's the Security Check scan log. Will post ESET scan on next message.

Results of screen317's Security Check version 0.99.7
Windows 7 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Norton Internet Security
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
Java(TM) 6 Update 27
Out of date Java installed!
Adobe Flash Player
Adobe Reader 9.3.2
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Norton ccSvcHst.exe
``````````End of Log````````````

Broni · Sep 2, 2011

Update Adobe Reader

You can download it from https://www.techspot.com/downloads/2083-adobe-reader-dc.html
After installing the latest Adobe Reader, uninstall all previous versions.
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

Gil · Sep 2, 2011

ESET found no threats!

Solved Browser redirects to unknown websites using windows 7

Posts: 16 +0

Posts: 56,041 +516

Posts: 16 +0

Posts: 56,041 +516

Posts: 16 +0

Posts: 56,041 +516

Posts: 16 +0

Posts: 56,041 +516

Posts: 16 +0

Posts: 56,041 +516

Posts: 16 +0

Posts: 56,041 +516

Posts: 16 +0

Posts: 56,041 +516

Posts: 16 +0

Posts: 56,041 +516

Posts: 16 +0

Posts: 56,041 +516

Posts: 16 +0

Posts: 16 +0

Posts: 16 +0

Posts: 56,041 +516

Posts: 16 +0

Posts: 56,041 +516

Posts: 16 +0

Similar threads