Jump to content

Mwbytes keeps on trying to block suspicious websites allthough scanner can't find the source


andyk5

Recommended Posts

I have ran malwarebytes, flash,quick and full scan under regular windows 7 home edition and its safe mode. I have deleted everything it marked as a threat.

Couple issues, some of the tracking cookies and other stuff that I don't know keep coming back. If Mwbytes instant protection is running, it gives the mwbytes successfully blocked access to a potentially malicious website followed by a random ip address.

I could re-format the whole drive and start over again, but I'd rather not. There is huge amounts of data in the drive, that is not backed up and I dont trust backing them up in this current state. Also I'd rather try to clean the infection to leanr how to get rid of them and prevent them from coming back.

Here is the DDS copy paste. I have attached ark.txt and attach.txt and the last malwarebytes protection and scan log are also pasted below the DDS.

DDS (Ver_10-10-21.02) - NTFS_AMD64

Run by Andy at 10:23:02.02 on Sun 10/24/2010

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6126.4004 [GMT -7:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe

C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe

C:\Program Files\Sony\VAIO Care\VAIOCareService.exe

C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe

C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Program Files\Apoint\Apoint.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe

C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe

C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe

C:\Windows\SysWOW64\vmnat.exe

C:\Windows\SysWOW64\DllHost.exe

C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\uTorrent\uTorrent.exe

C:\Program Files (x86)\Stardock\Impulse\Now\ImpulseNow.exe

C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe

C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe

C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe

C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Windows\SysWOW64\vmnetdhcp.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe

C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe

C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe

C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe

C:\Program Files\Sony\VAIO Power Management\SPMService.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Apoint\ApMsgFwd.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Apoint\Apvfb.exe

C:\Program Files\Apoint\Apntex.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Sony\VAIO Care\VCsystray.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\sqlservr.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\Andy\Downloads\dds.scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Bar = Preserve

uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT

uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT

mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT

uInternet Settings,ProxyOverride = <local>;*.local

uInternet Settings,ProxyServer = http=127.0.0.1:5555

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"

mRun: [smartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup

mRun: [iSBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"

mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe

mRun: [sHTtray.exe] C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe

mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [a-squared] "C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2guard.exe" /d=60

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

StartupFolder: C:\Users\Andy\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\IMPULS~1.LNK - C:\Program Files (x86)\Stardock\Impulse\Now\ImpulseNow.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

LSP: C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll

DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} - hxxp://esupport.sony.com/VaioInfo.CAB

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Notify: VESWinlogon - VESWinlogon.dll

BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll

BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

mRun-x64: [iAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe

mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

mRun-x64: [Apoint] %ProgramFiles%\Apoint\Apoint.exe

mRun-x64: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

mRun-x64: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\s3v1q7ie.default\

FF - component: C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\s3v1q7ie.default\extensions\{6e098d65-7d2d-46d4-ada0-2f882a29f795}\platform\WINNT_x86-msvc\components\libchm.dll

FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll

FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll

FF - plugin: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\s3v1q7ie.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll

FF - plugin: C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\s3v1q7ie.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll

FF - plugin: C:\Windows\system32\Macromed\Flash\NPSWF32old.dll

FF - plugin: C:\Windows\system32\TVUAx\npTVUAx.dll

FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional

C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified

C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);

C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);

C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);

C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);

C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional

C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-12-9 55856]

R1 a2injectiondriver;a2injectiondriver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [2010-10-23 48216]

R1 a2util;a-squared Malware-IDS utility driver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [2010-10-23 14720]

R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2010-4-29 121936]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]

R2 a2AntiMalware;Emsisoft Anti-Malware 5.0 - Service;C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [2010-10-23 2806000]

R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2010-4-29 20048]

R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2010-4-29 61008]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-10-23 40384]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2010-9-23 1355928]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-4-29 304464]

R2 Oasis2Service;Oasis2Service;C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe [2010-6-24 46080]

R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]

R2 regi;regi;C:\Windows\System32\drivers\regi.sys [2009-12-9 14112]

R2 rimspci;rimspci;C:\Windows\System32\drivers\rimssne64.sys [2009-11-23 93696]

R2 risdsnpe;risdsnpe;C:\Windows\System32\drivers\risdsne64.sys [2009-11-23 75776]

R2 Sentinel64;Sentinel64;C:\Windows\System32\drivers\sentinel64.sys [2010-7-13 142120]

R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2009-12-9 104960]

R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-5-20 539184]

R3 a2acc;a2acc;C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys [2010-10-23 84752]

R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\System32\drivers\ArcSoftKsUFilter.sys [2009-12-9 19968]

R3 avast! Mail Scanner;avast! Mail Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-10-23 40384]

R3 avast! Web Scanner;avast! Web Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-10-23 40384]

R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2010-9-23 16928]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2010-4-29 24664]

R3 MSSQL$DDNI;SQL Server (DDNI);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\sqlservr.exe [2009-3-30 43010392]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2009-11-23 84512]

R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2009-11-23 11392]

R3 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2009-12-9 571248]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-11-23 393216]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-12-9 135664]

S3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2009-11-23 52264]

S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2009-11-23 35104]

S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2009-11-23 151040]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2009-10-29 30603640]

S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2009-8-28 21504]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2009-9-26 4924336]

S3 pnetmdm;PdaNet Modem;C:\Windows\System32\drivers\pnetmdm64.sys [2010-3-8 17920]

S3 SampleCollector;Intel® Sample Collector;C:\Program Files\Sony\VAIO Care\collsvc.exe [2009-12-9 167424]

S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 TVICHW64;TVICHW64;C:\Windows\System32\drivers\TVicHW64.sys [2010-7-6 21200]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-4-19 50688]

S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2009-12-9 110960]

S3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update 5\VUAgent.exe [2009-12-9 1223024]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-3-2 1255736]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-3-30 47128]

S4 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-12-9 120104]

S4 SOHDBSvr;VAIO Media plus Database Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-12-9 70952]

S4 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-12-9 427304]

S4 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-12-9 75048]

S4 SOHPlMgr;VAIO Media plus Playlist Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-12-9 91432]

S4 SQLAgent$DDNI;SQL Server Agent (DDNI);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 366936]

S4 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-9-14 642416]

S4 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-12-9 480624]

S4 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2009-12-9 361840]

=============== Created Last 30 ================

2010-10-24 16:51:07 15880 ----a-w- C:\Windows\System32\lsdelete.exe

2010-10-24 16:04:16 -------- d-----w- C:\Users\Andy\AppData\Local\Sunbelt Software

2010-10-24 16:03:53 -------- dc-h--w- C:\PROGRA~3\{E961CE1B-C3EA-4882-9F67-F859B555D097}

2010-10-24 16:03:39 -------- d-----w- C:\Program Files (x86)\Lavasoft

2010-10-23 23:06:54 -------- d-----w- C:\Program Files (x86)\Emsisoft Anti-Malware

2010-10-23 19:01:45 3972 ------w- C:\Windows\SysWow64\drivers\PciBus.sys

2010-10-23 19:01:45 20400 ------w- C:\Windows\SysWow64\drivers\Entech.sys

2010-10-23 19:01:45 -------- d-----w- C:\Windows\SysWow64\Futuremark

2010-10-23 19:01:30 -------- d-----w- C:\Program Files (x86)\Futuremark

2010-10-23 19:01:20 696320 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll

2010-10-23 19:01:20 57344 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll

2010-10-23 19:01:20 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe

2010-10-23 19:01:20 282756 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll

2010-10-23 19:01:20 237568 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll

2010-10-23 19:01:20 163972 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll

2010-10-23 19:01:20 155648 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll

2010-10-23 17:00:04 8006480 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{FD6D56BB-4B67-41B3-9A8A-763B02E249A7}\mpengine.dll

2010-10-22 01:38:32 1536 ----a-w- C:\Windows\SysWow64\bcevent.dll

2010-10-21 23:34:53 -------- d-----w- C:\Program Files (x86)\World of Warcraft

2010-10-21 01:47:08 8006480 ------w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\Updates\mpengine.dll

2010-10-19 02:33:54 -------- d-----w- C:\Program Files (x86)\Combined Community Codec Pack

2010-10-17 23:04:17 3123712 ----a-w- C:\Windows\System32\win32k.sys

2010-10-15 16:53:10 -------- d-----w- C:\Users\Andy\AppData\Roaming\Steinberg

2010-10-15 16:46:30 87040 ----a-w- C:\Windows\SysWow64\ra32sipr.dll

2010-10-15 16:46:30 81920 ----a-w- C:\Windows\SysWow64\ra3214_4.dll

2010-10-15 16:46:30 72704 ----a-w- C:\Windows\SysWow64\ra3228_8.dll

2010-10-15 16:46:30 487936 ----a-w- C:\Windows\SysWow64\rmbe3260.dll

2010-10-15 16:46:30 21504 ----a-w- C:\Windows\SysWow64\ra32dnet.dll

2010-10-15 16:46:29 85504 ----a-w- C:\Windows\SysWow64\encdnet.dll

2010-10-15 16:46:29 61952 ----a-w- C:\Windows\SysWow64\decdnet.dll

2010-10-15 16:46:29 352768 ----a-w- C:\Windows\SysWow64\pngu3263.dll

2010-10-15 16:46:29 131072 ----a-w- C:\Windows\SysWow64\pneng50.dll

2010-10-15 16:46:29 130560 ----a-w- C:\Windows\SysWow64\pnc3250.dll

2010-10-15 16:44:19 21888 ----a-w- C:\Windows\SysWow64\drivers\synUSB64.sys

2010-10-15 16:44:15 401462 ----a-w- C:\Windows\SysWow64\temp.000

2010-10-13 01:17:39 -------- d-----w- C:\Users\Andy\AppData\Local\AjiReader

2010-10-13 01:16:59 -------- d-----w- C:\Program Files (x86)\Aji Reader Service

2010-10-12 05:36:42 -------- d-----w- C:\Users\Andy\AppData\Roaming\Guitar Pro 6

2010-10-12 05:36:42 -------- d-----w- C:\PROGRA~3\Guitar Pro 6

2010-10-08 05:43:20 -------- d-----w- C:\PROGRA~3\dbg

2010-09-30 03:25:05 -------- d-----w- C:\Users\Andy\AppData\Local\SKIDROW

2010-09-25 22:40:04 -------- d-----w- C:\Program Files\iPod

2010-09-25 22:40:03 -------- d-----w- C:\Program Files\iTunes

2010-09-25 22:40:03 -------- d-----w- C:\Program Files (x86)\iTunes

2010-09-25 22:37:28 -------- d-----w- C:\Program Files\Bonjour

2010-09-25 22:37:28 -------- d-----w- C:\Program Files (x86)\Bonjour

==================== Find3M ====================

2010-10-19 18:41:44 270720 ------w- C:\Windows\System32\MpSigStub.exe

2010-09-15 11:50:37 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2010-09-08 18:17:46 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx

2010-09-08 18:17:46 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts

2010-09-08 05:36:17 1192960 ----a-w- C:\Windows\System32\wininet.dll

2010-09-08 05:34:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll

2010-09-08 04:30:04 978432 ----a-w- C:\Windows\SysWow64\wininet.dll

2010-09-08 04:28:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll

2010-09-08 04:16:38 482816 ----a-w- C:\Windows\System32\html.iec

2010-09-08 03:35:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2010-09-08 03:22:31 386048 ----a-w- C:\Windows\SysWow64\html.iec

2010-09-08 02:48:16 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2010-09-07 15:12:17 38848 ----a-w- C:\Windows\avastSS.scr

2010-09-07 14:47:33 61008 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys

2010-09-04 08:30:57 98304 ----a-w- C:\Windows\SysWow64\qttask.exe

2010-09-01 05:12:09 12625920 ----a-w- C:\Windows\System32\wmploc.DLL

2010-09-01 04:23:49 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL

2010-08-31 04:32:30 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll

2010-08-31 04:32:30 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll

2010-08-27 06:14:02 236032 ----a-w- C:\Windows\System32\srvsvc.dll

2010-08-27 05:46:48 9728 ----a-w- C:\Windows\SysWow64\sscore.dll

2010-08-27 03:38:04 463360 ----a-w- C:\Windows\System32\drivers\srv.sys

2010-08-27 03:37:48 402944 ----a-w- C:\Windows\System32\drivers\srv2.sys

2010-08-27 03:37:26 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys

2010-08-26 05:27:28 148992 ----a-w- C:\Windows\System32\t2embed.dll

2010-08-26 04:39:58 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll

2010-08-21 06:38:47 1024512 ----a-w- C:\Windows\System32\wmpmde.dll

2010-08-21 06:36:49 340992 ----a-w- C:\Windows\System32\schannel.dll

2010-08-21 06:31:06 633856 ----a-w- C:\Windows\System32\comctl32.dll

2010-08-21 06:29:47 558592 ----a-w- C:\Windows\System32\spoolsv.exe

2010-08-21 05:36:33 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll

2010-08-21 05:36:24 224256 ----a-w- C:\Windows\SysWow64\schannel.dll

2010-08-21 05:33:24 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll

2010-08-12 04:07:46 55856 ------w- C:\Windows\System32\drivers\PxHlpa64.sys

2010-08-12 04:07:46 133616 ------w- C:\Windows\SysWow64\pxafs.dll

2010-08-12 04:07:46 126448 ------w- C:\Windows\SysWow64\pxinsi64.exe

2010-07-29 06:30:34 82944 ----a-w- C:\Windows\SysWow64\iccvid.dll

2010-07-28 01:55:50 95520 ----a-w- C:\Windows\System32\dnssd.dll

2010-07-28 01:55:50 119584 ----a-w- C:\Windows\System32\dns-sd.exe

2010-07-28 01:44:10 91424 ----a-w- C:\Windows\SysWow64\dnssd.dll

2010-07-28 01:44:10 107808 ----a-w- C:\Windows\SysWow64\dns-sd.exe

============= FINISH: 10:24:52.06 ===============

MWBYTES Scan log

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4930

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

10/24/2010 10:48:07 AM

mbam-log-2010-10-24 (10-48-07).txt

Scan type: Quick scan

Objects scanned: 148480

Time elapsed: 6 minute(s), 20 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

MWbytes IP-Block LOG

08:31:32 Andy IP-BLOCK 60.190.162.118

08:32:44 Andy IP-BLOCK 212.117.160.204

08:35:17 Andy IP-BLOCK 60.190.162.118

08:37:41 Andy IP-BLOCK 85.234.174.188

08:39:26 Andy IP-BLOCK 62.45.86.129

08:41:34 Andy IP-BLOCK 95.143.192.214

08:42:14 Andy IP-BLOCK 94.96.16.148

08:42:15 Andy IP-BLOCK 94.96.16.148

08:42:23 Andy IP-BLOCK 94.96.16.148

08:42:47 Andy IP-BLOCK 193.107.16.156

08:43:27 Andy IP-BLOCK 94.228.210.41

08:45:11 Andy IP-BLOCK 67.215.246.203

08:48:00 Andy IP-BLOCK 195.216.175.7

08:48:00 Andy IP-BLOCK 195.216.175.7

08:48:08 Andy IP-BLOCK 195.216.175.7

08:49:37 Andy IP-BLOCK 195.216.175.7

08:49:45 Andy IP-BLOCK 195.216.175.7

08:49:53 Andy IP-BLOCK 195.216.175.7

08:51:29 Andy IP-BLOCK 60.190.162.118

08:51:45 Andy IP-BLOCK 89.28.114.3

08:51:45 Andy IP-BLOCK 83.128.53.129

08:52:09 Andy IP-BLOCK 94.96.238.47

08:53:06 Andy IP-BLOCK 195.216.175.7

08:53:38 Andy IP-BLOCK 222.64.7.135

08:54:10 Andy IP-BLOCK 195.216.175.7

08:54:10 Andy IP-BLOCK 95.211.72.26

08:54:10 Andy IP-BLOCK 195.216.175.7

08:54:18 Andy IP-BLOCK 94.228.210.93

08:54:18 Andy IP-BLOCK 195.216.175.7

08:58:43 Andy IP-BLOCK 95.143.192.214

08:58:51 Andy IP-BLOCK 222.68.159.127

08:58:51 Andy IP-BLOCK 193.107.16.156

09:00:35 Andy IP-BLOCK 94.96.194.38

09:03:16 Andy IP-BLOCK 94.96.228.121

09:04:14 Andy IP-BLOCK 193.107.16.156

09:04:38 Andy IP-BLOCK 89.28.20.104

09:04:46 Andy IP-BLOCK 94.228.210.47

09:04:54 Andy IP-BLOCK 94.96.16.148

09:05:27 Andy IP-BLOCK 60.190.162.118

09:06:23 Andy IP-BLOCK 95.143.192.214

09:06:31 Andy IP-BLOCK 94.228.210.41

09:06:31 Andy IP-BLOCK 193.107.16.156

09:07:35 Andy IP-BLOCK 192.251.226.205

09:08:31 Andy IP-BLOCK 206.53.54.187

09:09:27 Andy IP-BLOCK 195.216.175.7

09:09:27 Andy IP-BLOCK 195.216.175.7

09:09:35 Andy IP-BLOCK 195.216.175.7

09:12:09 Andy IP-BLOCK 195.216.175.7

09:12:09 Andy IP-BLOCK 195.216.175.7

09:12:09 Andy IP-BLOCK 195.216.175.7

09:12:50 Andy IP-BLOCK 95.154.199.10

09:14:02 Andy IP-BLOCK 195.216.175.7

09:14:02 Andy IP-BLOCK 195.216.175.7

09:14:02 Andy IP-BLOCK 195.216.175.7

09:16:19 Andy IP-BLOCK 95.154.199.10

09:16:19 Andy IP-BLOCK 95.154.199.10

09:16:27 Andy IP-BLOCK 95.154.199.10

09:17:55 Andy IP-BLOCK 94.96.47.29

09:20:13 Andy IP-BLOCK 83.128.96.244

09:20:37 Andy IP-BLOCK 60.190.162.118

09:24:18 Andy IP-BLOCK 95.143.192.214

09:24:34 Andy IP-BLOCK 89.149.223.177

09:25:39 Andy IP-BLOCK 193.107.16.156

09:26:04 Andy IP-BLOCK 95.211.72.26

09:26:04 Andy IP-BLOCK 95.211.72.26

09:26:12 Andy IP-BLOCK 95.211.72.26

09:26:12 Andy IP-BLOCK 94.228.210.41

09:26:20 Andy IP-BLOCK 95.211.72.26

09:26:36 Andy IP-BLOCK 95.211.72.26

09:26:36 Andy IP-BLOCK 95.211.72.26

09:26:44 Andy IP-BLOCK 95.211.72.26

09:26:52 Andy IP-BLOCK 95.211.72.26

09:28:05 Andy IP-BLOCK 195.216.175.7

09:28:05 Andy IP-BLOCK 195.216.175.7

09:28:13 Andy IP-BLOCK 195.216.175.7

09:28:37 Andy IP-BLOCK 95.154.199.10

09:28:37 Andy IP-BLOCK 95.154.199.10

09:28:38 Andy IP-BLOCK 95.154.199.10

09:29:42 Andy IP-BLOCK 195.216.175.7

09:29:42 Andy IP-BLOCK 195.216.175.7

09:29:42 Andy IP-BLOCK 195.216.175.7

09:30:18 Andy MESSAGE IP Protection stopped

09:39:30 Andy MESSAGE Protection started successfully

09:39:35 Andy MESSAGE IP Protection started successfully

09:39:42 Andy IP-BLOCK 95.143.192.214

09:39:50 Andy IP-BLOCK 94.228.210.93

09:39:50 Andy IP-BLOCK 193.107.16.156

09:39:58 Andy IP-BLOCK 95.143.192.214

09:40:07 Andy IP-BLOCK 94.228.210.47

09:40:07 Andy IP-BLOCK 193.107.16.156

09:40:15 Andy IP-BLOCK 94.228.210.41

09:40:31 Andy IP-BLOCK 95.143.192.214

09:40:31 Andy IP-BLOCK 94.228.210.47

09:40:40 Andy IP-BLOCK 193.107.16.156

09:40:48 Andy IP-BLOCK 94.228.210.41

09:41:30 Andy MESSAGE IP Protection stopped

09:57:10 Andy MESSAGE IP Protection started successfully

09:57:19 Andy IP-BLOCK 192.251.226.205

09:57:51 Andy IP-BLOCK 192.251.226.205

09:57:51 Andy IP-BLOCK 192.251.226.205

09:58:16 Andy IP-BLOCK 192.251.226.205

09:58:16 Andy IP-BLOCK 192.251.226.205

09:59:24 Andy IP-BLOCK 192.251.226.205

10:00:19 Andy IP-BLOCK 192.251.226.205

10:02:28 Andy IP-BLOCK 95.211.72.26

10:03:57 Andy IP-BLOCK 222.68.159.127

10:05:18 Andy IP-BLOCK 188.72.250.127

10:05:57 Andy MESSAGE IP Protection stopped

10:17:32 Andy MESSAGE Protection started successfully

10:17:36 Andy MESSAGE IP Protection started successfully

10:17:51 Andy IP-BLOCK 91.188.38.44

10:18:00 Andy IP-BLOCK 94.228.210.41

10:18:24 Andy IP-BLOCK 121.11.219.235

10:19:20 Andy IP-BLOCK 94.228.210.41

10:20:09 Andy IP-BLOCK 95.143.192.214

10:20:17 Andy IP-BLOCK 193.107.16.156

10:20:25 Andy IP-BLOCK 95.143.192.214

10:20:33 Andy IP-BLOCK 193.107.16.156

10:20:49 Andy IP-BLOCK 95.143.192.214

10:20:57 Andy IP-BLOCK 193.107.16.156

10:21:46 Andy IP-BLOCK 95.143.192.214

10:21:46 Andy IP-BLOCK 193.107.16.156

10:22:02 Andy IP-BLOCK 67.215.246.203

10:22:10 Andy IP-BLOCK 94.228.210.41

10:23:16 Andy IP-BLOCK 95.143.192.214

10:23:52 Andy MESSAGE IP Protection stopped

10:29:53 Andy MESSAGE IP Protection started successfully

10:32:01 Andy IP-BLOCK 94.228.210.93

10:34:18 Andy IP-BLOCK 95.154.199.10

10:34:51 Andy IP-BLOCK 124.217.239.34

10:34:59 Andy IP-BLOCK 89.28.53.101

10:36:36 Andy IP-BLOCK 94.96.69.168

10:36:36 Andy IP-BLOCK 94.96.69.168

10:36:44 Andy IP-BLOCK 94.96.69.168

10:37:32 Andy IP-BLOCK 222.68.159.127

10:37:32 Andy IP-BLOCK 94.228.210.47

10:37:32 Andy IP-BLOCK 222.68.159.127

10:38:21 Andy IP-BLOCK 94.228.210.41

10:38:29 Andy IP-BLOCK 222.68.159.127

10:38:29 Andy IP-BLOCK 222.68.159.127

10:38:37 Andy IP-BLOCK 222.68.159.127

10:39:09 Andy IP-BLOCK 94.96.69.168

10:39:09 Andy IP-BLOCK 94.96.69.168

10:39:09 Andy IP-BLOCK 213.174.157.2

10:39:09 Andy IP-BLOCK 94.96.69.168

10:39:58 Andy IP-BLOCK 195.216.175.7

10:44:01 Andy IP-BLOCK 94.96.49.22

10:44:17 Andy IP-BLOCK 94.228.210.93

10:44:41 Andy IP-BLOCK 94.228.210.41

10:44:49 Andy IP-BLOCK 193.107.16.156

10:45:05 Andy IP-BLOCK 193.107.16.156

10:45:05 Andy IP-BLOCK 94.228.210.41

10:45:38 Andy IP-BLOCK 193.107.16.156

10:45:46 Andy IP-BLOCK 94.96.69.168

10:45:46 Andy IP-BLOCK 94.96.69.168

10:45:46 Andy IP-BLOCK 94.96.69.168

10:45:54 Andy IP-BLOCK 94.228.210.47

10:46:26 Andy IP-BLOCK 94.96.23.194

10:46:26 Andy IP-BLOCK 193.107.16.156

10:47:15 Andy IP-BLOCK 94.228.210.93

10:47:55 Andy IP-BLOCK 193.107.16.156

10:48:20 Andy IP-BLOCK 94.228.210.47

10:48:44 Andy IP-BLOCK 95.143.192.214

10:49:08 Andy IP-BLOCK 95.143.192.214

10:49:32 Andy IP-BLOCK 95.143.192.214

10:49:57 Andy IP-BLOCK 94.228.210.93

10:50:13 Andy IP-BLOCK 95.143.192.214

10:50:45 Andy IP-BLOCK 193.107.16.156

10:51:17 Andy IP-BLOCK 89.28.43.145

Link to post
Share on other sites

post-32477-1261866970.gif

It appears MBAM is doing it's job.

uInternet Settings,ProxyServer = http=127.0.0.1:5555

Open Internet Explorer. Click on tools, then Internet Options. Then click on the Connect tab.

Then press the Lan Settings button and uncheck the Use a proxy server checkbox. Then press OK until you are out of the options screen.

check some settings on your system:

  1. Enter your Control Panel and double-click on Network Connections
  2. Then right click on your Default Connection
    • Usually Local Area Connection for Cable and DSL, or AOL Connection.

[*]Left click on Properties

[*]Double-Click on the Internet Protocol (TCP/IP) item

[*]Select the radio dial that says Obtain DNS Servers Automatically

[*]Press OK twice to get out of the properties screen

Link to post
Share on other sites

Copy and paste these lines in Notepad.

@Echo on

pushd\windows\system32\drivers\etc

attrib -h -s -r hosts

echo 127.0.0.1 localhost>HOSTS

attrib +r +h +s hosts

popd

ipconfig /release

ipconfig /renew

ipconfig /flushdns

netsh winsock reset all

netsh int ip reset all

shutdown -r -t 1

del %0

Save as flush.bat to your desktop. Double click to run.

*** note: Win Vista and Win 7 need to right click and choose to "run as Administrator" .. the computer will reboot itself.

Post a new DDS scan.

Link to post
Share on other sites

Copy and paste these lines in Notepad.

@Echo on

pushd\windows\system32\drivers\etc

attrib -h -s -r hosts

echo 127.0.0.1 localhost>HOSTS

attrib +r +h +s hosts

popd

ipconfig /release

ipconfig /renew

ipconfig /flushdns

netsh winsock reset all

netsh int ip reset all

shutdown -r -t 1

del %0

Save as flush.bat to your desktop. Double click to run.

*** note: Win Vista and Win 7 need to right click and choose to "run as Administrator" .. the computer will reboot itself.

Post a new DDS scan.

Did that ran it as admin, computer did not restart itself, so I am not sure if it worked or not so I didn't run the DDS test.

Link to post
Share on other sites

Rebbot and run the DDS.

We're after this setting.

uInternet Settings,ProxyServer = http=127.0.0.1:5555

Ok ran DDS after reboot, here are the results

DDS (Ver_10-10-21.02) - NTFS_AMD64

Run by Andy at 14:09:08.25 on Sun 10/24/2010

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6126.4509 [GMT -7:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe

C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe

C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe

C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe

C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe

C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe

C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe

C:\Windows\SysWOW64\vmnat.exe

C:\Windows\SysWOW64\vmnetdhcp.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Windows\SysWOW64\DllHost.exe

C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe

C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Sony\VAIO Care\VAIOCareService.exe

C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Apoint\Apoint.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\uTorrent\uTorrent.exe

C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe

C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe

C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe

C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe

C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Sony\VAIO Survey\VAIO Sat Survey.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Sony\VAIO Care\VCsystray.exe

C:\Program Files\Sony\First Experience\OOBEFcdRegistration.exe

C:\Program Files\Sony\VAIO Power Management\SPMService.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Apoint\ApMsgFwd.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Apoint\Apvfb.exe

C:\Program Files\Apoint\Apntex.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

C:\Users\Andy\Downloads\dds.scr

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\sppsvc.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Bar = Preserve

uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT

uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT

mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT

uInternet Settings,ProxyOverride = <local>;*.local

uInternet Settings,ProxyServer = http=127.0.0.1:5555

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"

mRun: [smartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup

mRun: [iSBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"

mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe

mRun: [sHTtray.exe] C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe

mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

LSP: C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll

DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} - hxxp://esupport.sony.com/VaioInfo.CAB

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Notify: VESWinlogon - VESWinlogon.dll

BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll

BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

mRun-x64: [iAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe

mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

mRun-x64: [Apoint] %ProgramFiles%\Apoint\Apoint.exe

mRun-x64: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

mRun-x64: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\s3v1q7ie.default\

FF - component: C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\s3v1q7ie.default\extensions\{6e098d65-7d2d-46d4-ada0-2f882a29f795}\platform\WINNT_x86-msvc\components\libchm.dll

FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll

FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll

FF - plugin: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\s3v1q7ie.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll

FF - plugin: C:\Windows\system32\Macromed\Flash\NPSWF32old.dll

FF - plugin: C:\Windows\system32\TVUAx\npTVUAx.dll

FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional

C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified

C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);

C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);

C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);

C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);

C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional

C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-12-9 55856]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]

R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2010-10-24 81072]

R2 regi;regi;C:\Windows\System32\drivers\regi.sys [2009-12-9 14112]

R2 rimspci;rimspci;C:\Windows\System32\drivers\rimssne64.sys [2009-11-23 93696]

R2 risdsnpe;risdsnpe;C:\Windows\System32\drivers\risdsne64.sys [2009-11-23 75776]

R2 Sentinel64;Sentinel64;C:\Windows\System32\drivers\sentinel64.sys [2010-7-13 142120]

R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\System32\drivers\ArcSoftKsUFilter.sys [2009-12-9 19968]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2010-4-29 24664]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2009-11-23 84512]

R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2009-11-23 11392]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-11-23 393216]

S3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2009-11-23 52264]

S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2009-11-23 35104]

S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2009-11-23 151040]

S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2009-8-28 21504]

S3 pnetmdm;PdaNet Modem;C:\Windows\System32\drivers\pnetmdm64.sys [2010-3-8 17920]

S3 TVICHW64;TVICHW64;C:\Windows\System32\drivers\TVicHW64.sys [2010-7-6 21200]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-4-19 50688]

=============== Created Last 30 ================

2010-10-24 18:23:05 81072 ----a-w- C:\Windows\System32\drivers\avgntflt.sys

2010-10-24 18:23:05 -------- d-----w- C:\Program Files (x86)\Avira

2010-10-24 18:23:05 -------- d-----w- C:\PROGRA~3\Avira

2010-10-24 16:04:16 -------- d-----w- C:\Users\Andy\AppData\Local\Sunbelt Software

2010-10-23 19:01:45 3972 ------w- C:\Windows\SysWow64\drivers\PciBus.sys

2010-10-23 19:01:45 20400 ------w- C:\Windows\SysWow64\drivers\Entech.sys

2010-10-23 19:01:45 -------- d-----w- C:\Windows\SysWow64\Futuremark

2010-10-23 19:01:30 -------- d-----w- C:\Program Files (x86)\Futuremark

2010-10-23 19:01:20 696320 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll

2010-10-23 19:01:20 57344 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll

2010-10-23 19:01:20 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe

2010-10-23 19:01:20 282756 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll

2010-10-23 19:01:20 237568 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll

2010-10-23 19:01:20 163972 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll

2010-10-23 19:01:20 155648 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll

2010-10-23 17:00:04 8006480 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{FD6D56BB-4B67-41B3-9A8A-763B02E249A7}\mpengine.dll

2010-10-22 01:38:32 1536 ----a-w- C:\Windows\SysWow64\bcevent.dll

2010-10-21 23:34:53 -------- d-----w- C:\Program Files (x86)\World of Warcraft

2010-10-21 01:47:08 8006480 ------w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\Updates\mpengine.dll

2010-10-19 02:33:54 -------- d-----w- C:\Program Files (x86)\Combined Community Codec Pack

2010-10-17 23:04:17 3123712 ----a-w- C:\Windows\System32\win32k.sys

2010-10-15 16:53:10 -------- d-----w- C:\Users\Andy\AppData\Roaming\Steinberg

2010-10-15 16:46:30 87040 ----a-w- C:\Windows\SysWow64\ra32sipr.dll

2010-10-15 16:46:30 81920 ----a-w- C:\Windows\SysWow64\ra3214_4.dll

2010-10-15 16:46:30 72704 ----a-w- C:\Windows\SysWow64\ra3228_8.dll

2010-10-15 16:46:30 487936 ----a-w- C:\Windows\SysWow64\rmbe3260.dll

2010-10-15 16:46:30 21504 ----a-w- C:\Windows\SysWow64\ra32dnet.dll

2010-10-15 16:46:29 85504 ----a-w- C:\Windows\SysWow64\encdnet.dll

2010-10-15 16:46:29 61952 ----a-w- C:\Windows\SysWow64\decdnet.dll

2010-10-15 16:46:29 352768 ----a-w- C:\Windows\SysWow64\pngu3263.dll

2010-10-15 16:46:29 131072 ----a-w- C:\Windows\SysWow64\pneng50.dll

2010-10-15 16:46:29 130560 ----a-w- C:\Windows\SysWow64\pnc3250.dll

2010-10-15 16:44:19 21888 ----a-w- C:\Windows\SysWow64\drivers\synUSB64.sys

2010-10-15 16:44:15 401462 ----a-w- C:\Windows\SysWow64\temp.000

2010-10-13 01:17:39 -------- d-----w- C:\Users\Andy\AppData\Local\AjiReader

2010-10-13 01:16:59 -------- d-----w- C:\Program Files (x86)\Aji Reader Service

2010-10-12 05:36:42 -------- d-----w- C:\Users\Andy\AppData\Roaming\Guitar Pro 6

2010-10-12 05:36:42 -------- d-----w- C:\PROGRA~3\Guitar Pro 6

2010-10-08 05:43:20 -------- d-----w- C:\PROGRA~3\dbg

2010-09-30 03:25:05 -------- d-----w- C:\Users\Andy\AppData\Local\SKIDROW

2010-09-25 22:40:04 -------- d-----w- C:\Program Files\iPod

2010-09-25 22:40:03 -------- d-----w- C:\Program Files\iTunes

2010-09-25 22:40:03 -------- d-----w- C:\Program Files (x86)\iTunes

2010-09-25 22:37:28 -------- d-----w- C:\Program Files\Bonjour

2010-09-25 22:37:28 -------- d-----w- C:\Program Files (x86)\Bonjour

==================== Find3M ====================

2010-10-19 18:41:44 270720 ------w- C:\Windows\System32\MpSigStub.exe

2010-09-15 11:50:37 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2010-09-08 18:17:46 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx

2010-09-08 18:17:46 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts

2010-09-08 05:36:17 1192960 ----a-w- C:\Windows\System32\wininet.dll

2010-09-08 05:34:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll

2010-09-08 04:30:04 978432 ----a-w- C:\Windows\SysWow64\wininet.dll

2010-09-08 04:28:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll

2010-09-08 04:16:38 482816 ----a-w- C:\Windows\System32\html.iec

2010-09-08 03:35:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2010-09-08 03:22:31 386048 ----a-w- C:\Windows\SysWow64\html.iec

2010-09-08 02:48:16 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2010-09-04 08:30:57 98304 ----a-w- C:\Windows\SysWow64\qttask.exe

2010-09-01 05:12:09 12625920 ----a-w- C:\Windows\System32\wmploc.DLL

2010-09-01 04:23:49 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL

2010-08-31 04:32:30 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll

2010-08-31 04:32:30 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll

2010-08-27 06:14:02 236032 ----a-w- C:\Windows\System32\srvsvc.dll

2010-08-27 05:46:48 9728 ----a-w- C:\Windows\SysWow64\sscore.dll

2010-08-27 03:38:04 463360 ----a-w- C:\Windows\System32\drivers\srv.sys

2010-08-27 03:37:48 402944 ----a-w- C:\Windows\System32\drivers\srv2.sys

2010-08-27 03:37:26 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys

2010-08-26 05:27:28 148992 ----a-w- C:\Windows\System32\t2embed.dll

2010-08-26 04:39:58 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll

2010-08-21 06:38:47 1024512 ----a-w- C:\Windows\System32\wmpmde.dll

2010-08-21 06:36:49 340992 ----a-w- C:\Windows\System32\schannel.dll

2010-08-21 06:31:06 633856 ----a-w- C:\Windows\System32\comctl32.dll

2010-08-21 06:29:47 558592 ----a-w- C:\Windows\System32\spoolsv.exe

2010-08-21 05:36:33 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll

2010-08-21 05:36:24 224256 ----a-w- C:\Windows\SysWow64\schannel.dll

2010-08-21 05:33:24 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll

2010-08-12 04:07:46 55856 ------w- C:\Windows\System32\drivers\PxHlpa64.sys

2010-08-12 04:07:46 133616 ------w- C:\Windows\SysWow64\pxafs.dll

2010-08-12 04:07:46 126448 ------w- C:\Windows\SysWow64\pxinsi64.exe

2010-07-29 06:30:34 82944 ----a-w- C:\Windows\SysWow64\iccvid.dll

2010-07-28 01:55:50 95520 ----a-w- C:\Windows\System32\dnssd.dll

2010-07-28 01:55:50 119584 ----a-w- C:\Windows\System32\dns-sd.exe

2010-07-28 01:44:10 91424 ----a-w- C:\Windows\SysWow64\dnssd.dll

2010-07-28 01:44:10 107808 ----a-w- C:\Windows\SysWow64\dns-sd.exe

============= FINISH: 14:16:14.79 ===============

Link to post
Share on other sites

It's still there.

http://support.microsoft.com/kb/972034

Try Fix it.

ok I did the fixit

DDS results

DDS (Ver_10-10-21.02) - NTFS_AMD64

Run by Andy at 14:28:58.77 on Sun 10/24/2010

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6126.4661 [GMT -7:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe

C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe

C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Sony\VAIO Care\VAIOCareService.exe

C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe

C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe

C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe

C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe

C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe

C:\Windows\SysWOW64\vmnat.exe

C:\Windows\SysWOW64\vmnetdhcp.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe

C:\Windows\SysWOW64\DllHost.exe

C:\Program Files\Apoint\Apoint.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe

C:\Program Files\Sony\VAIO Power Management\SPMService.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Apoint\ApMsgFwd.exe

C:\Program Files (x86)\uTorrent\uTorrent.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe

C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe

C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe

C:\Program Files\Apoint\Apvfb.exe

C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Apoint\Apntex.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe

C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe

C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Sony\VAIO Care\VCsystray.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Sony\First Experience\OOBEFcdRegistration.exe

C:\Program Files\Sony\First Experience\OOBESendInfo.exe

C:\Program Files (x86)\Sony\VAIO Survey\VAIO Sat Survey.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Users\Andy\Downloads\dds.scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

============== Pseudo HJT Report ===============

uSearch Bar = Preserve

uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT

uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT

mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT

uInternet Settings,ProxyOverride = <local>;*.local

uInternet Settings,ProxyServer = http=127.0.0.1:5555

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"

mRun: [smartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup

mRun: [iSBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"

mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe

mRun: [sHTtray.exe] C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe

mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

LSP: C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll

DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} - hxxp://esupport.sony.com/VaioInfo.CAB

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Notify: VESWinlogon - VESWinlogon.dll

BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll

BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

mRun-x64: [iAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe

mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

mRun-x64: [Apoint] %ProgramFiles%\Apoint\Apoint.exe

mRun-x64: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

mRun-x64: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\s3v1q7ie.default\

FF - component: C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\s3v1q7ie.default\extensions\{6e098d65-7d2d-46d4-ada0-2f882a29f795}\platform\WINNT_x86-msvc\components\libchm.dll

FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll

FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll

FF - plugin: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\s3v1q7ie.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll

FF - plugin: C:\Windows\system32\Macromed\Flash\NPSWF32old.dll

FF - plugin: C:\Windows\system32\TVUAx\npTVUAx.dll

FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional

C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified

C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);

C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);

C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);

C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);

C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional

C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-12-9 55856]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2010-10-24 135336]

R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2010-10-24 267432]

R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2010-10-24 81072]

R2 Oasis2Service;Oasis2Service;C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe [2010-6-24 46080]

R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]

R2 regi;regi;C:\Windows\System32\drivers\regi.sys [2009-12-9 14112]

R2 rimspci;rimspci;C:\Windows\System32\drivers\rimssne64.sys [2009-11-23 93696]

R2 risdsnpe;risdsnpe;C:\Windows\System32\drivers\risdsne64.sys [2009-11-23 75776]

R2 Sentinel64;Sentinel64;C:\Windows\System32\drivers\sentinel64.sys [2010-7-13 142120]

R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2009-12-9 104960]

R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-5-20 539184]

R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\System32\drivers\ArcSoftKsUFilter.sys [2009-12-9 19968]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2009-11-23 84512]

R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2009-11-23 11392]

R3 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2009-12-9 571248]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-11-23 393216]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-12-9 135664]

S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-4-29 304464]

S3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2009-11-23 52264]

S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2009-11-23 35104]

S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2009-11-23 151040]

S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2010-4-29 24664]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2009-10-29 30603640]

S3 MSSQL$DDNI;SQL Server (DDNI);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\sqlservr.exe [2009-3-30 43010392]

S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2009-8-28 21504]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2009-9-26 4924336]

S3 pnetmdm;PdaNet Modem;C:\Windows\System32\drivers\pnetmdm64.sys [2010-3-8 17920]

S3 SampleCollector;Intel® Sample Collector;C:\Program Files\Sony\VAIO Care\collsvc.exe [2009-12-9 167424]

S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 TVICHW64;TVICHW64;C:\Windows\System32\drivers\TVicHW64.sys [2010-7-6 21200]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-4-19 50688]

S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2009-12-9 110960]

S3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update 5\VUAgent.exe [2009-12-9 1223024]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-3-2 1255736]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-3-30 47128]

S4 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-12-9 120104]

S4 SOHDBSvr;VAIO Media plus Database Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-12-9 70952]

S4 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-12-9 427304]

S4 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-12-9 75048]

S4 SOHPlMgr;VAIO Media plus Playlist Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-12-9 91432]

S4 SQLAgent$DDNI;SQL Server Agent (DDNI);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 366936]

S4 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-9-14 642416]

S4 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-12-9 480624]

S4 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2009-12-9 361840]

=============== Created Last 30 ================

2010-10-24 18:23:05 81072 ----a-w- C:\Windows\System32\drivers\avgntflt.sys

2010-10-24 18:23:05 -------- d-----w- C:\Program Files (x86)\Avira

2010-10-24 18:23:05 -------- d-----w- C:\PROGRA~3\Avira

2010-10-24 16:04:16 -------- d-----w- C:\Users\Andy\AppData\Local\Sunbelt Software

2010-10-23 19:01:45 3972 ------w- C:\Windows\SysWow64\drivers\PciBus.sys

2010-10-23 19:01:45 20400 ------w- C:\Windows\SysWow64\drivers\Entech.sys

2010-10-23 19:01:45 -------- d-----w- C:\Windows\SysWow64\Futuremark

2010-10-23 17:00:04 8006480 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{FD6D56BB-4B67-41B3-9A8A-763B02E249A7}\mpengine.dll

2010-10-22 01:38:32 1536 ----a-w- C:\Windows\SysWow64\bcevent.dll

2010-10-21 23:34:53 -------- d-----w- C:\Program Files (x86)\World of Warcraft

2010-10-21 01:47:08 8006480 ------w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\Updates\mpengine.dll

2010-10-19 02:33:54 -------- d-----w- C:\Program Files (x86)\Combined Community Codec Pack

2010-10-17 23:04:17 3123712 ----a-w- C:\Windows\System32\win32k.sys

2010-10-15 16:53:10 -------- d-----w- C:\Users\Andy\AppData\Roaming\Steinberg

2010-10-15 16:46:30 87040 ----a-w- C:\Windows\SysWow64\ra32sipr.dll

2010-10-15 16:46:30 81920 ----a-w- C:\Windows\SysWow64\ra3214_4.dll

2010-10-15 16:46:30 72704 ----a-w- C:\Windows\SysWow64\ra3228_8.dll

2010-10-15 16:46:30 487936 ----a-w- C:\Windows\SysWow64\rmbe3260.dll

2010-10-15 16:46:30 21504 ----a-w- C:\Windows\SysWow64\ra32dnet.dll

2010-10-15 16:46:29 85504 ----a-w- C:\Windows\SysWow64\encdnet.dll

2010-10-15 16:46:29 61952 ----a-w- C:\Windows\SysWow64\decdnet.dll

2010-10-15 16:46:29 352768 ----a-w- C:\Windows\SysWow64\pngu3263.dll

2010-10-15 16:46:29 131072 ----a-w- C:\Windows\SysWow64\pneng50.dll

2010-10-15 16:46:29 130560 ----a-w- C:\Windows\SysWow64\pnc3250.dll

2010-10-15 16:44:19 21888 ----a-w- C:\Windows\SysWow64\drivers\synUSB64.sys

2010-10-15 16:44:15 401462 ----a-w- C:\Windows\SysWow64\temp.000

2010-10-13 01:17:39 -------- d-----w- C:\Users\Andy\AppData\Local\AjiReader

2010-10-13 01:16:59 -------- d-----w- C:\Program Files (x86)\Aji Reader Service

2010-10-12 05:36:42 -------- d-----w- C:\Users\Andy\AppData\Roaming\Guitar Pro 6

2010-10-12 05:36:42 -------- d-----w- C:\PROGRA~3\Guitar Pro 6

2010-10-08 05:43:20 -------- d-----w- C:\PROGRA~3\dbg

2010-09-30 03:25:05 -------- d-----w- C:\Users\Andy\AppData\Local\SKIDROW

2010-09-25 22:40:04 -------- d-----w- C:\Program Files\iPod

2010-09-25 22:40:03 -------- d-----w- C:\Program Files\iTunes

2010-09-25 22:40:03 -------- d-----w- C:\Program Files (x86)\iTunes

2010-09-25 22:37:28 -------- d-----w- C:\Program Files\Bonjour

2010-09-25 22:37:28 -------- d-----w- C:\Program Files (x86)\Bonjour

==================== Find3M ====================

2010-10-19 18:41:44 270720 ------w- C:\Windows\System32\MpSigStub.exe

2010-09-15 11:50:37 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2010-09-08 18:17:46 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx

2010-09-08 18:17:46 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts

2010-09-08 05:36:17 1192960 ----a-w- C:\Windows\System32\wininet.dll

2010-09-08 05:34:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll

2010-09-08 04:30:04 978432 ----a-w- C:\Windows\SysWow64\wininet.dll

2010-09-08 04:28:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll

2010-09-08 04:16:38 482816 ----a-w- C:\Windows\System32\html.iec

2010-09-08 03:35:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2010-09-08 03:22:31 386048 ----a-w- C:\Windows\SysWow64\html.iec

2010-09-08 02:48:16 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2010-09-04 08:30:57 98304 ----a-w- C:\Windows\SysWow64\qttask.exe

2010-09-01 05:12:09 12625920 ----a-w- C:\Windows\System32\wmploc.DLL

2010-09-01 04:23:49 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL

2010-08-31 04:32:30 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll

2010-08-31 04:32:30 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll

2010-08-27 06:14:02 236032 ----a-w- C:\Windows\System32\srvsvc.dll

2010-08-27 05:46:48 9728 ----a-w- C:\Windows\SysWow64\sscore.dll

2010-08-27 03:38:04 463360 ----a-w- C:\Windows\System32\drivers\srv.sys

2010-08-27 03:37:48 402944 ----a-w- C:\Windows\System32\drivers\srv2.sys

2010-08-27 03:37:26 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys

2010-08-26 05:27:28 148992 ----a-w- C:\Windows\System32\t2embed.dll

2010-08-26 04:39:58 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll

2010-08-21 06:38:47 1024512 ----a-w- C:\Windows\System32\wmpmde.dll

2010-08-21 06:36:49 340992 ----a-w- C:\Windows\System32\schannel.dll

2010-08-21 06:31:06 633856 ----a-w- C:\Windows\System32\comctl32.dll

2010-08-21 06:29:47 558592 ----a-w- C:\Windows\System32\spoolsv.exe

2010-08-21 05:36:33 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll

2010-08-21 05:36:24 224256 ----a-w- C:\Windows\SysWow64\schannel.dll

2010-08-21 05:33:24 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll

2010-08-12 04:07:46 55856 ------w- C:\Windows\System32\drivers\PxHlpa64.sys

2010-08-12 04:07:46 133616 ------w- C:\Windows\SysWow64\pxafs.dll

2010-08-12 04:07:46 126448 ------w- C:\Windows\SysWow64\pxinsi64.exe

2010-07-29 06:30:34 82944 ----a-w- C:\Windows\SysWow64\iccvid.dll

2010-07-28 01:55:50 95520 ----a-w- C:\Windows\System32\dnssd.dll

2010-07-28 01:55:50 119584 ----a-w- C:\Windows\System32\dns-sd.exe

2010-07-28 01:44:10 91424 ----a-w- C:\Windows\SysWow64\dnssd.dll

2010-07-28 01:44:10 107808 ----a-w- C:\Windows\SysWow64\dns-sd.exe

============= FINISH: 14:30:18.08 ===============

Link to post
Share on other sites

Still there.

Try the manual fix.

http://support.microsoft.com/kb/972034

To reset the hosts file back to the default, follow these steps:

Did a manual fix, created brand new hosts file, copied the info from the windows website saved it as hosts.bak, restarted comp and ran DDS.

DDS (Ver_10-10-21.02) - NTFS_AMD64

Run by Andy at 14:40:42.06 on Sun 10/24/2010

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6126.4375 [GMT -7:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe

C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe

C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe

C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe

C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe

C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe

C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe

C:\Windows\SysWOW64\vmnat.exe

C:\Windows\SysWOW64\vmnetdhcp.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Windows\SysWOW64\DllHost.exe

C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe

C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\userinit.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\Sony\VAIO Care\VAIOCareService.exe

C:\Program Files\Sony\VAIO Power Management\SPMgr.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Sony\VAIO Power Management\SPMService.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Apoint\Apoint.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\uTorrent\uTorrent.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Apoint\ApMsgFwd.exe

C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe

C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe

C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe

C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\Apoint\Apvfb.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Apoint\Apntex.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe

C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Users\Andy\Downloads\dds.scr

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uSearch Bar = Preserve

uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT

uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT

mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT

uInternet Settings,ProxyOverride = <local>;*.local

uInternet Settings,ProxyServer = http=127.0.0.1:5555

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"

mRun: [smartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup

mRun: [iSBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"

mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe

mRun: [sHTtray.exe] C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe

mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

LSP: C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll

DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} - hxxp://esupport.sony.com/VaioInfo.CAB

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Notify: VESWinlogon - VESWinlogon.dll

BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll

BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

mRun-x64: [iAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe

mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

mRun-x64: [Apoint] %ProgramFiles%\Apoint\Apoint.exe

mRun-x64: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

mRun-x64: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\s3v1q7ie.default\

FF - component: C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\s3v1q7ie.default\extensions\{6e098d65-7d2d-46d4-ada0-2f882a29f795}\platform\WINNT_x86-msvc\components\libchm.dll

FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll

FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll

FF - plugin: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\s3v1q7ie.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll

FF - plugin: C:\Windows\system32\Macromed\Flash\NPSWF32old.dll

FF - plugin: C:\Windows\system32\TVUAx\npTVUAx.dll

FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional

C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified

C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);

C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);

C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);

C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);

C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional

C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-12-9 55856]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2010-10-24 135336]

R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2010-10-24 267432]

R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2010-10-24 81072]

R2 Oasis2Service;Oasis2Service;C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe [2010-6-24 46080]

R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]

R2 regi;regi;C:\Windows\System32\drivers\regi.sys [2009-12-9 14112]

R2 rimspci;rimspci;C:\Windows\System32\drivers\rimssne64.sys [2009-11-23 93696]

R2 risdsnpe;risdsnpe;C:\Windows\System32\drivers\risdsne64.sys [2009-11-23 75776]

R2 Sentinel64;Sentinel64;C:\Windows\System32\drivers\sentinel64.sys [2010-7-13 142120]

R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2009-12-9 104960]

R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-5-20 539184]

R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\System32\drivers\ArcSoftKsUFilter.sys [2009-12-9 19968]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2009-11-23 84512]

R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2009-11-23 11392]

R3 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2009-12-9 571248]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-11-23 393216]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-12-9 135664]

S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-4-29 304464]

S3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2009-11-23 52264]

S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2009-11-23 35104]

S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2009-11-23 151040]

S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2010-4-29 24664]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2009-10-29 30603640]

S3 MSSQL$DDNI;SQL Server (DDNI);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\sqlservr.exe [2009-3-30 43010392]

S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2009-8-28 21504]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2009-9-26 4924336]

S3 pnetmdm;PdaNet Modem;C:\Windows\System32\drivers\pnetmdm64.sys [2010-3-8 17920]

S3 SampleCollector;Intel® Sample Collector;C:\Program Files\Sony\VAIO Care\collsvc.exe [2009-12-9 167424]

S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 TVICHW64;TVICHW64;C:\Windows\System32\drivers\TVicHW64.sys [2010-7-6 21200]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-4-19 50688]

S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2009-12-9 110960]

S3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update 5\VUAgent.exe [2009-12-9 1223024]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-3-2 1255736]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-3-30 47128]

S4 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-12-9 120104]

S4 SOHDBSvr;VAIO Media plus Database Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-12-9 70952]

S4 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-12-9 427304]

S4 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-12-9 75048]

S4 SOHPlMgr;VAIO Media plus Playlist Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-12-9 91432]

S4 SQLAgent$DDNI;SQL Server Agent (DDNI);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.DDNI\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 366936]

S4 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-9-14 642416]

S4 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-12-9 480624]

S4 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2009-12-9 361840]

=============== Created Last 30 ================

2010-10-24 18:23:05 81072 ----a-w- C:\Windows\System32\drivers\avgntflt.sys

2010-10-24 18:23:05 -------- d-----w- C:\Program Files (x86)\Avira

2010-10-24 18:23:05 -------- d-----w- C:\PROGRA~3\Avira

2010-10-24 16:04:16 -------- d-----w- C:\Users\Andy\AppData\Local\Sunbelt Software

2010-10-23 19:01:45 3972 ------w- C:\Windows\SysWow64\drivers\PciBus.sys

2010-10-23 19:01:45 20400 ------w- C:\Windows\SysWow64\drivers\Entech.sys

2010-10-23 19:01:45 -------- d-----w- C:\Windows\SysWow64\Futuremark

2010-10-23 17:00:04 8006480 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{FD6D56BB-4B67-41B3-9A8A-763B02E249A7}\mpengine.dll

2010-10-22 01:38:32 1536 ----a-w- C:\Windows\SysWow64\bcevent.dll

2010-10-21 23:34:53 -------- d-----w- C:\Program Files (x86)\World of Warcraft

2010-10-21 01:47:08 8006480 ------w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\Updates\mpengine.dll

2010-10-19 02:33:54 -------- d-----w- C:\Program Files (x86)\Combined Community Codec Pack

2010-10-17 23:04:17 3123712 ----a-w- C:\Windows\System32\win32k.sys

2010-10-15 16:53:10 -------- d-----w- C:\Users\Andy\AppData\Roaming\Steinberg

2010-10-15 16:46:30 87040 ----a-w- C:\Windows\SysWow64\ra32sipr.dll

2010-10-15 16:46:30 81920 ----a-w- C:\Windows\SysWow64\ra3214_4.dll

2010-10-15 16:46:30 72704 ----a-w- C:\Windows\SysWow64\ra3228_8.dll

2010-10-15 16:46:30 487936 ----a-w- C:\Windows\SysWow64\rmbe3260.dll

2010-10-15 16:46:30 21504 ----a-w- C:\Windows\SysWow64\ra32dnet.dll

2010-10-15 16:46:29 85504 ----a-w- C:\Windows\SysWow64\encdnet.dll

2010-10-15 16:46:29 61952 ----a-w- C:\Windows\SysWow64\decdnet.dll

2010-10-15 16:46:29 352768 ----a-w- C:\Windows\SysWow64\pngu3263.dll

2010-10-15 16:46:29 131072 ----a-w- C:\Windows\SysWow64\pneng50.dll

2010-10-15 16:46:29 130560 ----a-w- C:\Windows\SysWow64\pnc3250.dll

2010-10-15 16:44:19 21888 ----a-w- C:\Windows\SysWow64\drivers\synUSB64.sys

2010-10-15 16:44:15 401462 ----a-w- C:\Windows\SysWow64\temp.000

2010-10-13 01:17:39 -------- d-----w- C:\Users\Andy\AppData\Local\AjiReader

2010-10-13 01:16:59 -------- d-----w- C:\Program Files (x86)\Aji Reader Service

2010-10-12 05:36:42 -------- d-----w- C:\Users\Andy\AppData\Roaming\Guitar Pro 6

2010-10-12 05:36:42 -------- d-----w- C:\PROGRA~3\Guitar Pro 6

2010-10-08 05:43:20 -------- d-----w- C:\PROGRA~3\dbg

2010-09-30 03:25:05 -------- d-----w- C:\Users\Andy\AppData\Local\SKIDROW

2010-09-25 22:40:04 -------- d-----w- C:\Program Files\iPod

2010-09-25 22:40:03 -------- d-----w- C:\Program Files\iTunes

2010-09-25 22:40:03 -------- d-----w- C:\Program Files (x86)\iTunes

2010-09-25 22:37:28 -------- d-----w- C:\Program Files\Bonjour

2010-09-25 22:37:28 -------- d-----w- C:\Program Files (x86)\Bonjour

==================== Find3M ====================

2010-10-19 18:41:44 270720 ------w- C:\Windows\System32\MpSigStub.exe

2010-09-15 11:50:37 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2010-09-08 18:17:46 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx

2010-09-08 18:17:46 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts

2010-09-08 05:36:17 1192960 ----a-w- C:\Windows\System32\wininet.dll

2010-09-08 05:34:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll

2010-09-08 04:30:04 978432 ----a-w- C:\Windows\SysWow64\wininet.dll

2010-09-08 04:28:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll

2010-09-08 04:16:38 482816 ----a-w- C:\Windows\System32\html.iec

2010-09-08 03:35:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2010-09-08 03:22:31 386048 ----a-w- C:\Windows\SysWow64\html.iec

2010-09-08 02:48:16 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2010-09-04 08:30:57 98304 ----a-w- C:\Windows\SysWow64\qttask.exe

2010-09-01 05:12:09 12625920 ----a-w- C:\Windows\System32\wmploc.DLL

2010-09-01 04:23:49 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL

2010-08-31 04:32:30 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll

2010-08-31 04:32:30 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll

2010-08-27 06:14:02 236032 ----a-w- C:\Windows\System32\srvsvc.dll

2010-08-27 05:46:48 9728 ----a-w- C:\Windows\SysWow64\sscore.dll

2010-08-27 03:38:04 463360 ----a-w- C:\Windows\System32\drivers\srv.sys

2010-08-27 03:37:48 402944 ----a-w- C:\Windows\System32\drivers\srv2.sys

2010-08-27 03:37:26 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys

2010-08-26 05:27:28 148992 ----a-w- C:\Windows\System32\t2embed.dll

2010-08-26 04:39:58 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll

2010-08-21 06:38:47 1024512 ----a-w- C:\Windows\System32\wmpmde.dll

2010-08-21 06:36:49 340992 ----a-w- C:\Windows\System32\schannel.dll

2010-08-21 06:31:06 633856 ----a-w- C:\Windows\System32\comctl32.dll

2010-08-21 06:29:47 558592 ----a-w- C:\Windows\System32\spoolsv.exe

2010-08-21 05:36:33 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll

2010-08-21 05:36:24 224256 ----a-w- C:\Windows\SysWow64\schannel.dll

2010-08-21 05:33:24 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll

2010-08-12 04:07:46 55856 ------w- C:\Windows\System32\drivers\PxHlpa64.sys

2010-08-12 04:07:46 133616 ------w- C:\Windows\SysWow64\pxafs.dll

2010-08-12 04:07:46 126448 ------w- C:\Windows\SysWow64\pxinsi64.exe

2010-07-29 06:30:34 82944 ----a-w- C:\Windows\SysWow64\iccvid.dll

2010-07-28 01:55:50 95520 ----a-w- C:\Windows\System32\dnssd.dll

2010-07-28 01:55:50 119584 ----a-w- C:\Windows\System32\dns-sd.exe

2010-07-28 01:44:10 91424 ----a-w- C:\Windows\SysWow64\dnssd.dll

2010-07-28 01:44:10 107808 ----a-w- C:\Windows\SysWow64\dns-sd.exe

============= FINISH: 14:42:07.32 ===============

Link to post
Share on other sites

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download OTL to your desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Custom Scan box paste this in:
    netsvcs
    drivers32 /all
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\system32\*.wt
    %systemroot%\system32\*.ruy
    %systemroot%\Fonts\*.com
    %systemroot%\system32\spool\prtprocs\w32x86\*.tmp
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\system32\user32.dll /md5
    %systemroot%\system32\ws2_32.dll /md5
    %systemroot%\system32\ws2help.dll /md5
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and include them in your next post.

Please include the following in your next post:

  • OTL and Extras logs

Use Copy/Paste to post the OTL log

Link to post
Share on other sites

OTL log

OTL logfile created on: 10/24/2010 2:50:37 PM - Run 1

OTL by OldTimer - Version 3.2.17.1 Folder = C:\Users\Andy\Desktop

64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 70.00% Memory free

12.00 Gb Paging File | 10.00 Gb Available in Paging File | 83.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 457.00 Gb Total Space | 133.59 Gb Free Space | 29.23% Space Free | Partition Type: NTFS

Computer Name: ANDY-VAIO | User Name: Andy | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Andy\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

PRC - C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)

PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

PRC - C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe ()

PRC - C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)

PRC - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.)

PRC - C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)

PRC - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)

PRC - C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe (Avid Technology, Inc.)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe (Avira GmbH)

PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)

PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation)

PRC - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)

PRC - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)

PRC - C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)

PRC - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe (Sony Corporation)

PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)

PRC - C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe ()

PRC - C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe ()

PRC - C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe ()

PRC - C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe ()

PRC - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)

PRC - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)

PRC - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)

PRC - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)

========== Modules (SafeList) ==========

MOD - C:\Users\Andy\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV:64bit: - (VMware NAT Service) -- C:\Windows\SysNative\vmnat.exe File not found

SRV:64bit: - (VMnetDHCP) -- C:\Windows\SysNative\vmnetdhcp.exe File not found

SRV:64bit: - (VUAgent) -- C:\Program Files\Sony\VAIO Update 5\VUAgent.exe (Sony Corporation)

SRV:64bit: - (VAIO Power Management) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)

SRV:64bit: - (SampleCollector) -- C:\Program Files\Sony\VAIO Care\collsvc.exe (Intel Corporation)

SRV:64bit: - (VcmIAlzMgr) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)

SRV:64bit: - (VcmXmlIfHelper) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe (Sony Corporation)

SRV:64bit: - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)

SRV:64bit: - (VcmINSMgr) -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe (Sony Corporation)

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)

SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)

SRV - (Oasis2Service) -- C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe ()

SRV - (VMnetDHCP) -- C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)

SRV - (VMAuthdService) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.)

SRV - (VMware NAT Service) -- C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)

SRV - (VMUSBArbService) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)

SRV - (DigiRefresh) -- C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe (Avid Technology, Inc.)

SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (ufad-ws60) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe (VMware, Inc.)

SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)

SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)

SRV - (VAIO Event Service) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)

SRV - (PMBDeviceInfoProvider) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)

SRV - (SOHDms) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation)

SRV - (SOHPlMgr) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe (Sony Corporation)

SRV - (SOHDs) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation)

SRV - (SOHCImp) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation)

SRV - (SOHDBSvr) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe (Sony Corporation)

SRV - (IAANTMON) Intel® -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)

SRV - (VzCdbSvc) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)

SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)

SRV - (VCFw) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (uCamMonitor) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)

SRV - (PSI_SVC_2) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)

SRV - (IviRegMgr) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)

========== Driver Services (SafeList) ==========

DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)

DRV:64bit: - (TVICHW64) -- C:\Windows\SysNative\drivers\TVicHW64.sys (EnTech Taiwan)

DRV:64bit: - (vmci) -- C:\Windows\SysNative\drivers\vmci.sys (VMware, Inc.)

DRV:64bit: - (vmx86) -- C:\Windows\SysNative\drivers\vmx86.sys (VMware, Inc.)

DRV:64bit: - (vmkbd) -- C:\Windows\SysNative\drivers\VMkbd.sys (VMware, Inc.)

DRV:64bit: - (VMnetuserif) -- C:\Windows\SysNative\drivers\vmnetuserif.sys (VMware, Inc.)

DRV:64bit: - (hcmon) -- C:\Windows\SysNative\drivers\hcmon.sys (VMware, Inc.)

DRV:64bit: - (vmusb) -- C:\Windows\SysNative\drivers\vmusb.sys (VMware, Inc.)

DRV:64bit: - (VMnetBridge) -- C:\Windows\SysNative\drivers\vmnetbridge.sys (VMware, Inc.)

DRV:64bit: - (VMnetAdapter) -- C:\Windows\SysNative\drivers\vmnetadapter.sys (VMware, Inc.)

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)

DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)

DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)

DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)

DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()

DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)

DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)

DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)

DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)

DRV:64bit: - (btusbflt) -- C:\Windows\SysNative\drivers\btusbflt.sys (Broadcom Corporation.)

DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)

DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)

DRV:64bit: - (rimspci) -- C:\Windows\SysNative\drivers\rimssne64.sys (REDC)

DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)

DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)

DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)

DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)

DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)

DRV:64bit: - (risdsnpe) -- C:\Windows\SysNative\drivers\risdsne64.sys (REDC)

DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.)

DRV:64bit: - (SFEP) -- C:\Windows\SysNative\drivers\SFEP.sys (Sony Corporation)

DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (ArcSoftKsUFilter) -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)

DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)

DRV:64bit: - (Sentinel64) -- C:\Windows\SysNative\drivers\sentinel64.sys (SafeNet, Inc.)

DRV:64bit: - (regi) -- C:\Windows\SysNative\drivers\regi.sys (InterVideo)

DRV:64bit: - (pnetmdm) -- C:\Windows\SysNative\drivers\pnetmdm64.sys (June Fabrics Technology)

DRV - (vstor2-ws60) -- C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys (VMware, Inc.)

DRV - (regi) -- C:\Windows\SysWOW64\drivers\regi.sys (InterVideo)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?br...T&bmod=SNNT

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?br...T&bmod=SNNT

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?br...T&bmod=SNNT

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?br...T&bmod=SNNT

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2

FF - prefs.js..extensions.enabledItems: 4

FF - prefs.js..extensions.enabledItems: 9

FF - prefs.js..extensions.enabledItems: 1

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {6e098d65-7d2d-46d4-ada0-2f882a29f795}:0.2.3

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: multilinks@plugin:2.0.0.17

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/10/21 14:19:41 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/10/21 14:19:41 | 000,000,000 | ---D | M]

[2010/02/16 10:07:27 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Mozilla\Extensions

[2010/10/24 12:06:14 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\s3v1q7ie.default\extensions

[2010/07/07 23:33:02 | 000,000,000 | ---D | M] (CHM Reader) -- C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\s3v1q7ie.default\extensions\{6e098d65-7d2d-46d4-ada0-2f882a29f795}

[2010/02/20 21:57:48 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\s3v1q7ie.default\extensions\firefox@tvunetworks.com

[2010/10/06 19:27:00 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\s3v1q7ie.default\extensions\multilinks@plugin

[2010/10/14 11:23:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2010/07/13 16:35:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010/08/10 16:37:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

[2010/10/14 11:23:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

Hosts file not found

O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll File not found

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll File not found

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)

O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)

O4:64bit: - HKLM..\Run: [iAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [iSBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)

O4 - HKLM..\Run: [sHTtray.exe] C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe (Sony Corporation)

O4 - HKLM..\Run: [smartWiHelper] C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe (Sony Electronics Corporation)

O4 - HKLM..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)

O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)

O13 - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} http://esupport.sony.com/VaioInfo.CAB (VaioInfo.CMClass)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found

O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found

O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - File not found

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - File not found

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - File not found

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - File not found

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O29:64bit: - HKLM SecurityProviders - (credssp.dll) - File not found

O29 - HKLM SecurityProviders - (credssp.dll) - File not found

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{d4d3e8b9-1df3-11df-965d-005056c00008}\Shell - "" = AutoRun

O33 - MountPoints2\{d4d3e8b9-1df3-11df-965d-005056c00008}\Shell\AutoRun\command - "" = D:\AUTORUN.EXE -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

Drivers32:64bit: aux - File not found

Drivers32:64bit: aux1 - File not found

Drivers32:64bit: aux2 - File not found

Drivers32:64bit: midi - File not found

Drivers32:64bit: midi1 - File not found

Drivers32:64bit: midi2 - File not found

Drivers32:64bit: midi3 - File not found

Drivers32:64bit: midi6 - File not found

Drivers32:64bit: midi7 - File not found

Drivers32:64bit: midi8 - File not found

Drivers32:64bit: midi9 - File not found

Drivers32:64bit: midimapper - File not found

Drivers32:64bit: mixer - File not found

Drivers32:64bit: mixer1 - File not found

Drivers32:64bit: mixer2 - File not found

Drivers32:64bit: mixer3 - File not found

Drivers32:64bit: mixer6 - File not found

Drivers32:64bit: mixer7 - File not found

Drivers32:64bit: mixer8 - File not found

Drivers32:64bit: mixer9 - File not found

Drivers32:64bit: msacm.imaadpcm - File not found

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32:64bit: msacm.msadpcm - File not found

Drivers32:64bit: msacm.msg711 - File not found

Drivers32:64bit: msacm.msgsm610 - File not found

Drivers32:64bit: MSVideo8 - File not found

Drivers32:64bit: VIDC.FPS1 - File not found

Drivers32:64bit: vidc.i420 - File not found

Drivers32:64bit: VIDC.IYUV - File not found

Drivers32:64bit: vidc.mrle - File not found

Drivers32:64bit: vidc.msvc - File not found

Drivers32:64bit: VIDC.UYVY - File not found

Drivers32:64bit: VIDC.YUY2 - File not found

Drivers32:64bit: VIDC.YVU9 - File not found

Drivers32:64bit: VIDC.YVYU - File not found

Drivers32:64bit: wave - File not found

Drivers32:64bit: wave1 - File not found

Drivers32:64bit: wave2 - File not found

Drivers32:64bit: wave3 - File not found

Drivers32:64bit: wave6 - File not found

Drivers32:64bit: wave7 - File not found

Drivers32:64bit: wave8 - File not found

Drivers32:64bit: wave9 - File not found

Drivers32:64bit: wavemapper - File not found

Drivers32: aux - wdmaud.drv File not found

Drivers32: aux1 - wdmaud.drv File not found

Drivers32: aux2 - wdmaud.drv File not found

Drivers32: midi - wdmaud.drv File not found

Drivers32: midi1 - wdmaud.drv File not found

Drivers32: midi2 - wdmaud.drv File not found

Drivers32: midi3 - wdmaud.drv File not found

Drivers32: midi6 - wdmaud.drv File not found

Drivers32: midi7 - wdmaud.drv File not found

Drivers32: midi8 - wdmaud.drv File not found

Drivers32: midi9 - wdmaud.drv File not found

Drivers32: midimapper - midimap.dll File not found

Drivers32: mixer - wdmaud.drv File not found

Drivers32: mixer1 - wdmaud.drv File not found

Drivers32: mixer2 - wdmaud.drv File not found

Drivers32: mixer3 - wdmaud.drv File not found

Drivers32: mixer6 - wdmaud.drv File not found

Drivers32: mixer7 - wdmaud.drv File not found

Drivers32: mixer8 - wdmaud.drv File not found

Drivers32: mixer9 - wdmaud.drv File not found

Drivers32: msacm.iac2 - C:\Windows\SysWOW64\iac25_32.ax (Intel Corporation)

Drivers32: msacm.imaadpcm - imaadp32.acm File not found

Drivers32: msacm.l3acm - l3codeca.acm File not found

Drivers32: msacm.msadpcm - msadp32.acm File not found

Drivers32: msacm.msg711 - msg711.acm File not found

Drivers32: msacm.msgsm610 - msgsm32.acm File not found

Drivers32: msacm.siren - sirenacm.dll File not found

Drivers32: vidc.cvid - iccvid.dll File not found

Drivers32: vidc.DIVX - DivX.dll File not found

Drivers32: VIDC.FFDS - C:\Program Files (x86)\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()

Drivers32: VIDC.FPS1 - frapsvid.dll File not found

Drivers32: vidc.iv31 - ir32_32.dll File not found

Drivers32: vidc.iv32 - ir32_32.dll File not found

Drivers32: vidc.iv41 - ir41_32.ax File not found

Drivers32: vidc.iv50 - ir50_32.dll File not found

Drivers32: vidc.iyuv - iyuv_32.dll File not found

Drivers32: vidc.mrle - msrle32.dll File not found

Drivers32: vidc.msvc - msvidc32.dll File not found

Drivers32: vidc.uyvy - msyuv.dll File not found

Drivers32: VIDC.VMnc - vmnc.dll File not found

Drivers32: vidc.XVID - xvidvfw.dll File not found

Drivers32: vidc.yuy2 - msyuv.dll File not found

Drivers32: vidc.yv12 - DivX.dll File not found

Drivers32: vidc.yvu9 - tsbyuv.dll File not found

Drivers32: vidc.yvyu - msyuv.dll File not found

Drivers32: wave - wdmaud.drv File not found

Drivers32: wave1 - wdmaud.drv File not found

Drivers32: wave2 - wdmaud.drv File not found

Drivers32: wave3 - wdmaud.drv File not found

Drivers32: wave6 - wdmaud.drv File not found

Drivers32: wave7 - wdmaud.drv File not found

Drivers32: wave8 - wdmaud.drv File not found

Drivers32: wave9 - wdmaud.drv File not found

Drivers32: wavemapper - msacm32.drv File not found

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/10/24 14:49:12 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Andy\Desktop\OTL.exe

[2010/10/24 14:46:46 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Roaming\Avira

[2010/10/24 11:23:05 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys

[2010/10/24 11:23:05 | 000,081,072 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys

[2010/10/24 11:23:05 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntdd.sys

[2010/10/24 11:23:05 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntmgr.sys

[2010/10/24 11:23:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira

[2010/10/24 11:23:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira

[2010/10/24 10:24:38 | 000,000,000 | ---D | C] -- C:\Users\Andy\Desktop\malw

[2010/10/24 09:04:16 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Local\Sunbelt Software

[2010/10/24 09:03:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft

[2010/10/23 16:06:54 | 000,000,000 | ---D | C] -- C:\Users\Andy\Documents\Anti-Malware

[2010/10/23 12:01:45 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Futuremark

[2010/10/21 16:34:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\World of Warcraft

[2010/10/18 19:33:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Combined Community Codec Pack

[2010/10/16 11:17:20 | 000,000,000 | ---D | C] -- C:\Users\Andy\Desktop\Iphoneadd

[2010/10/15 20:04:47 | 000,000,000 | ---D | C] -- C:\Users\Andy\Desktop\Roidripper 3.3.2.6

[2010/10/15 09:53:10 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Roaming\Steinberg

[2010/10/15 09:44:19 | 000,021,888 | ---- | C] (Syncrosoft GmbH) -- C:\Windows\SysWow64\drivers\synUSB64.sys

[2010/10/12 18:17:39 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Local\AjiReader

[2010/10/12 18:16:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Aji Reader Service

[2010/10/11 22:36:42 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Roaming\Guitar Pro 6

[2010/10/11 22:36:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Guitar Pro 6

[2010/10/07 22:43:20 | 000,000,000 | ---D | C] -- C:\ProgramData\dbg

[2010/09/29 20:25:05 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Local\SKIDROW

[2010/09/25 15:40:04 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2010/09/25 15:40:03 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2010/09/25 15:40:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes

[2010/09/25 15:38:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime

[2010/09/25 15:37:28 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour

[2010/09/25 15:37:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour

[2009/11/10 19:57:44 | 000,315,392 | ---- | C] ( ) -- C:\Windows\SysWow64\sbcrreag.dll

========== Files - Modified Within 30 Days ==========

[2010/10/24 14:49:12 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Andy\Desktop\OTL.exe

[2010/10/24 14:47:23 | 000,010,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2010/10/24 14:47:23 | 000,010,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2010/10/24 14:40:20 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2010/10/24 14:39:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/10/24 14:39:36 | 522,768,383 | -HS- | M] () -- C:\hiberfil.sys

[2010/10/24 14:37:14 | 000,000,833 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.bak

[2010/10/24 14:33:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2010/10/24 14:04:05 | 000,000,021 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.old

[2010/10/24 10:16:45 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job

[2010/10/23 15:41:09 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt

[2010/10/22 00:43:43 | 000,266,797 | ---- | M] () -- C:\test.xml

[2010/10/21 18:35:15 | 000,001,536 | ---- | M] () -- C:\Windows\SysWow64\bcevent.dll

[2010/10/21 16:44:49 | 000,001,064 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk

[2010/10/19 11:10:34 | 005,031,000 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2010/10/18 18:25:41 | 000,000,600 | ---- | M] () -- C:\Users\Andy\AppData\Roaming\winscp.rnd

[2010/10/05 21:26:46 | 000,020,992 | ---- | M] () -- C:\Users\Andy\Desktop\aphack.exe

========== Files Created - No Company Name ==========

[2010/10/24 10:16:45 | 000,000,394 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job

[2010/10/23 12:01:45 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys

[2010/10/21 18:38:32 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\bcevent.dll

[2010/10/21 16:34:53 | 000,001,064 | ---- | C] () -- C:\Users\Public\Desktop\World of Warcraft.lnk

[2010/09/21 21:34:55 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll

[2010/09/21 21:34:55 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll

[2010/09/21 15:01:32 | 000,000,091 | ---- | C] () -- C:\Windows\CIV.INI

[2010/07/31 21:09:23 | 000,000,090 | ---- | C] () -- C:\Windows\WININIT.INI

[2010/07/24 10:44:46 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll

[2010/07/24 10:44:46 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll

[2010/07/24 10:44:46 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll

[2010/07/13 19:23:06 | 008,923,610 | ---- | C] () -- C:\Users\Andy\AppData\Roaming\MediaComposer_Install.log

[2010/07/13 19:21:57 | 000,186,640 | ---- | C] () -- C:\Users\Andy\AppData\Roaming\FlamethrowerDriver_Install.log

[2010/07/13 19:21:37 | 000,183,290 | ---- | C] () -- C:\Users\Andy\AppData\Roaming\DXDriver_Install.log

[2010/07/13 19:20:56 | 000,192,492 | ---- | C] () -- C:\Users\Andy\AppData\Roaming\PACEDrivers_Install.log

[2010/05/13 10:18:33 | 000,000,092 | ---- | C] () -- C:\Users\Andy\AppData\Local\fusioncache.dat

[2010/04/12 18:13:26 | 000,000,000 | ---- | C] () -- C:\Users\Andy\AppData\Local\prvlcl.dat

[2010/03/05 18:45:46 | 000,000,584 | ---- | C] () -- C:\Users\Andy\AppData\Roaming\myMPQ.ini

[2010/02/16 00:16:56 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini

[2010/02/15 23:43:57 | 000,000,600 | ---- | C] () -- C:\Users\Andy\AppData\Roaming\winscp.rnd

[2009/12/09 21:41:20 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\SonyVideoProcessor.dll

[2009/12/09 21:21:17 | 000,835,912 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2009/10/05 15:09:42 | 001,658,973 | ---- | C] () -- C:\Windows\SysWow64\libmmd.dll

[2009/10/05 15:09:42 | 000,122,880 | ---- | C] () -- C:\Windows\SysWow64\PtSSE2.dll

[2009/10/05 15:09:42 | 000,019,968 | ---- | C] () -- C:\Windows\SysWow64\cpuinf32.dll

[2009/08/03 00:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll

[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll

[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll

[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll

[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll

[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll

[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll

[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll

[2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll

[2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll

[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010/03/23 21:52:37 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Auslogics

[2010/07/13 19:59:33 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Avid

[2010/07/02 19:26:29 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\BOXEE

[2010/06/26 14:26:34 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Cegyz

[2010/07/19 02:58:53 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2010/02/20 00:51:24 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\DAEMON Tools Lite

[2010/08/19 02:47:24 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\EVEMon

[2010/10/15 19:47:43 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Guitar Pro 6

[2010/04/29 21:10:59 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\My Games

[2010/06/22 22:59:32 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Notepad++

[2010/07/13 19:53:25 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\PACE Anti-Piracy

[2010/03/23 18:27:14 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\ProxyCap

[2010/08/02 00:19:39 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Publish Providers

[2010/08/02 00:27:43 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Sony

[2010/02/20 00:16:08 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Stardock

[2010/10/15 09:53:54 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Steinberg

[2010/06/25 10:32:37 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\TS3Client

[2010/05/13 10:19:11 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Turbine

[2010/05/18 11:18:17 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\UDC Profiles

[2010/10/24 14:53:16 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\uTorrent

[2010/10/04 23:25:39 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\W

[2010/09/01 21:56:19 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\wargaming.net

[2010/06/28 10:42:21 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Xiowuw

[2010/10/24 10:16:45 | 000,000,394 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job

[2010/07/07 16:30:28 | 000,032,636 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >

[2010/10/24 10:14:31 | 000,000,445 | ---- | M] () -- C:\aaw7boot.log

[2010/10/24 14:39:36 | 522,768,383 | -HS- | M] () -- C:\hiberfil.sys

[2010/10/24 14:39:43 | 2128,683,007 | -HS- | M] () -- C:\pagefile.sys

[2010/08/11 19:32:07 | 000,002,333 | ---- | M] () -- C:\RHDSetup.log

[2010/10/22 00:43:43 | 000,266,797 | ---- | M] () -- C:\test.xml

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >

[2009/07/13 22:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont

[2009/07/13 22:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont

[2009/07/13 22:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont

[2009/07/13 22:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >

[2009/06/10 13:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\system32\user32.dll /md5 >

[2009/07/13 18:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >

[2009/07/13 18:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\SysWOW64\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >

[2009/07/13 18:11:26 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=808AABDF9337312195CAFF76D1804786 -- C:\Windows\SysWOW64\ws2help.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 997 bytes -> C:\ProgramData\Microsoft:W6SURRULHUukClHyAPhDiA

@Alternate Data Stream - 1033 bytes -> C:\ProgramData\Microsoft:EV3lP73QWOmYFuRwg0EeDXU

< End of report >

Extras

OTL Extras logfile created on: 10/24/2010 2:50:37 PM - Run 1

OTL by OldTimer - Version 3.2.17.1 Folder = C:\Users\Andy\Desktop

64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 70.00% Memory free

12.00 Gb Paging File | 10.00 Gb Available in Paging File | 83.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 457.00 Gb Total Space | 133.59 Gb Free Space | 29.23% Space Free | Partition Type: NTFS

Computer Name: ANDY-VAIO | User Name: Andy | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

.reg [@ = regfile] -- regedit.exe "%1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

.reg [@ = regfile] -- regedit.exe "%1"

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %* File not found

cmdfile [open] -- "%1" %* File not found

comfile [open] -- "%1" %* File not found

exefile [open] -- "%1" %* File not found

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found

http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %* File not found

regfile [open] -- regedit.exe "%1" File not found

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1" File not found

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found

scrfile [open] -- "%1" /S File not found

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found

Directory [bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)

Directory [cmd] -- cmd.exe /s /k pushd "%V" File not found

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [open] -- regedit.exe "%1"

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)

Directory [cmd] -- cmd.exe /s /k pushd "%V"

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0826F9E4-787E-481D-83E0-BC6A57B056D5}" = Microsoft SQL Server VSS Writer

"{104FB32A-7CE3-4C4B-B2AA-70C613FF9DFA}" = iTunes

"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64

"{20140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 (Beta)

"{20140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010 (Beta)

"{20140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Beta)

"{26A24AE4-039D-4CA4-87B4-2F86416017FF}" = Java 6 Update 17 (64-bit)

"{2F227ACA-204C-4529-BA33-D095C42C72DB}" = Avid Audio Drivers (x64)

"{33EB1061-ABF1-4470-A540-32E97A610536}" = Apple Mobile Device Support

"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll

"{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour

"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel

Link to post
Share on other sites

OTL Fix

Run OTL.exe

  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
    :OTL

    :IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555


    :Commands
    [EmptyFlash]
    [EmptyTemp]
    [RESETHOSTS]
    [purity]
    [start explorer]
    [Reboot]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, it will reboot when it is done and produce a log

Also let me know if you're still getting redirects

Link to post
Share on other sites

Here is the log, if you mean the malicious website blocked warnings by redirects, yes I am still getting them.

[

All processes killed

========== OTL ==========

Error: Unable to interpret <:IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555> in the current context!

Error: Unable to interpret <IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555> in the current context!

========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Andy

->Flash cache emptied: 264428 bytes

User: Default

->Flash cache emptied: 41620 bytes

User: Default User

->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

[EMPTYTEMP]

User: All Users

User: Andy

->Temp folder emptied: 1703564582 bytes

->Temporary Internet Files folder emptied: 138133297 bytes

->Java cache emptied: 20913578 bytes

->FireFox cache emptied: 44010982 bytes

->Google Chrome cache emptied: 364567152 bytes

->Flash cache emptied: 0 bytes

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 155791546 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 287724 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 2,315.00 mb

HOSTS file reset successfully

OTL by OldTimer - Version 3.2.17.1 log created on 10242010_152043

Files\Folders moved on Reboot...

C:\Users\Andy\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-2164.log moved successfully.

Registry entries deleted on Reboot...

Link to post
Share on other sites

Lets try that again.

OTL Fix

Run OTL.exe

  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
    :OTL

    :Reg
    HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

    :Commands
    [EmptyFlash]
    [EmptyTemp]
    [RESETHOSTS]
    [purity]
    [start explorer]
    [Reboot]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, it will reboot when it is done and produce a log

Link to post
Share on other sites

All processes killed

========== OTL ==========

========== REGISTRY ==========

\\HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http|127.0.0.1:5555 /E :invalid edit format. No such root key.

========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Andy

->Flash cache emptied: 456 bytes

User: Default

->Flash cache emptied: 0 bytes

User: Default User

->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

[EMPTYTEMP]

User: All Users

User: Andy

->Temp folder emptied: 890 bytes

->Temporary Internet Files folder emptied: 886382 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 0 bytes

->Google Chrome cache emptied: 6966535 bytes

->Flash cache emptied: 0 bytes

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 2031 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 82054 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 8.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

OTL by OldTimer - Version 3.2.17.1 log created on 10242010_154542

Files\Folders moved on Reboot...

C:\Users\Andy\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-2084.log moved successfully.

Registry entries deleted on Reboot...

Link to post
Share on other sites

OK. I have the correct OTL script:

OTL Fix

Run OTL.exe

  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
    :OTL
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

    :Commands
    [start explorer]
    [Reboot]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, it will reboot when it is done and produce a log

Link to post
Share on other sites

Ran OTL with these settings

netsvcs

drivers32 /all

%SYSTEMDRIVE%\*.*

%systemroot%\system32\Spool\prtprocs\w32x86\*.dll

%systemroot%\system32\*.wt

%systemroot%\system32\*.ruy

%systemroot%\Fonts\*.com

%systemroot%\system32\spool\prtprocs\w32x86\*.tmp

%systemroot%\*. /mp /s

CREATERESTOREPOINT

%systemroot%\system32\*.dll /lockedfiles

%systemroot%\Tasks\*.job /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\Fonts\*.dll

%systemroot%\Fonts\*.ini

%systemroot%\Fonts\*.ini2

%systemroot%\system32\user32.dll /md5

%systemroot%\system32\ws2_32.dll /md5

%systemroot%\system32\ws2help.dll /md5

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

Results:

OTL.txt

OTL logfile created on: 10/26/2010 11:39:32 AM - Run 2

OTL by OldTimer - Version 3.2.17.1 Folder = C:\Users\Andy\Desktop\malw

64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 73.00% Memory free

12.00 Gb Paging File | 10.00 Gb Available in Paging File | 84.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 457.00 Gb Total Space | 115.59 Gb Free Space | 25.29% Space Free | Partition Type: NTFS

Computer Name: ANDY-VAIO | User Name: Andy | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Andy\Desktop\malw\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

PRC - C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)

PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

PRC - C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe ()

PRC - C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)

PRC - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.)

PRC - C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)

PRC - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)

PRC - C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe (Avid Technology, Inc.)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)

PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation)

PRC - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)

PRC - C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)

PRC - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe (Sony Corporation)

PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)

PRC - C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe ()

PRC - C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWi.exe ()

PRC - C:\Program Files (x86)\Sony\SmartWi Connection Utility\PowerManager.exe ()

PRC - C:\Program Files (x86)\Sony\SmartWi Connection Utility\ThirdPartyAppMgr.exe ()

PRC - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)

PRC - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)

PRC - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)

PRC - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)

========== Modules (SafeList) ==========

MOD - C:\Users\Andy\Desktop\malw\OTL.exe (OldTimer Tools)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV:64bit: - (VMware NAT Service) -- C:\Windows\SysNative\vmnat.exe File not found

SRV:64bit: - (VMnetDHCP) -- C:\Windows\SysNative\vmnetdhcp.exe File not found

SRV:64bit: - (VUAgent) -- C:\Program Files\Sony\VAIO Update 5\VUAgent.exe (Sony Corporation)

SRV:64bit: - (VAIO Power Management) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)

SRV:64bit: - (SampleCollector) -- C:\Program Files\Sony\VAIO Care\collsvc.exe (Intel Corporation)

SRV:64bit: - (VcmIAlzMgr) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)

SRV:64bit: - (VcmXmlIfHelper) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe (Sony Corporation)

SRV:64bit: - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)

SRV:64bit: - (VcmINSMgr) -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe (Sony Corporation)

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)

SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)

SRV - (Oasis2Service) -- C:\Program Files (x86)\DDNi\Oasis2Service 1.0\Oasis2Service.exe ()

SRV - (VMnetDHCP) -- C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)

SRV - (VMAuthdService) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.)

SRV - (VMware NAT Service) -- C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)

SRV - (VMUSBArbService) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe (VMware, Inc.)

SRV - (DigiRefresh) -- C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe (Avid Technology, Inc.)

SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (ufad-ws60) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe (VMware, Inc.)

SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)

SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)

SRV - (VAIO Event Service) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)

SRV - (PMBDeviceInfoProvider) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)

SRV - (SOHDms) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation)

SRV - (SOHPlMgr) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe (Sony Corporation)

SRV - (SOHDs) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation)

SRV - (SOHCImp) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation)

SRV - (SOHDBSvr) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe (Sony Corporation)

SRV - (IAANTMON) Intel® -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)

SRV - (VzCdbSvc) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)

SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)

SRV - (VCFw) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (uCamMonitor) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)

SRV - (PSI_SVC_2) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)

SRV - (IviRegMgr) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)

========== Driver Services (SafeList) ==========

DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)

DRV:64bit: - (TVICHW64) -- C:\Windows\SysNative\drivers\TVicHW64.sys (EnTech Taiwan)

DRV:64bit: - (vmci) -- C:\Windows\SysNative\drivers\vmci.sys (VMware, Inc.)

DRV:64bit: - (vmx86) -- C:\Windows\SysNative\drivers\vmx86.sys (VMware, Inc.)

DRV:64bit: - (vmkbd) -- C:\Windows\SysNative\drivers\VMkbd.sys (VMware, Inc.)

DRV:64bit: - (VMnetuserif) -- C:\Windows\SysNative\drivers\vmnetuserif.sys (VMware, Inc.)

DRV:64bit: - (hcmon) -- C:\Windows\SysNative\drivers\hcmon.sys (VMware, Inc.)

DRV:64bit: - (vmusb) -- C:\Windows\SysNative\drivers\vmusb.sys (VMware, Inc.)

DRV:64bit: - (VMnetBridge) -- C:\Windows\SysNative\drivers\vmnetbridge.sys (VMware, Inc.)

DRV:64bit: - (VMnetAdapter) -- C:\Windows\SysNative\drivers\vmnetadapter.sys (VMware, Inc.)

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)

DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)

DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)

DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)

DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()

DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)

DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)

DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)

DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)

DRV:64bit: - (btusbflt) -- C:\Windows\SysNative\drivers\btusbflt.sys (Broadcom Corporation.)

DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)

DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)

DRV:64bit: - (rimspci) -- C:\Windows\SysNative\drivers\rimssne64.sys (REDC)

DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)

DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)

DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)

DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)

DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)

DRV:64bit: - (risdsnpe) -- C:\Windows\SysNative\drivers\risdsne64.sys (REDC)

DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.)

DRV:64bit: - (SFEP) -- C:\Windows\SysNative\drivers\SFEP.sys (Sony Corporation)

DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\drivers\rootmdm.sys (Microsoft Corporation)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (ArcSoftKsUFilter) -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)

DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)

DRV:64bit: - (Sentinel64) -- C:\Windows\SysNative\drivers\sentinel64.sys (SafeNet, Inc.)

DRV:64bit: - (regi) -- C:\Windows\SysNative\drivers\regi.sys (InterVideo)

DRV:64bit: - (pnetmdm) -- C:\Windows\SysNative\drivers\pnetmdm64.sys (June Fabrics Technology)

DRV - (vstor2-ws60) -- C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys (VMware, Inc.)

DRV - (regi) -- C:\Windows\SysWOW64\drivers\regi.sys (InterVideo)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?br...T&bmod=SNNT

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?br...T&bmod=SNNT

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?br...T&bmod=SNNT

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?br...T&bmod=SNNT

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "DAEMON Search"

FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2

FF - prefs.js..extensions.enabledItems: 4

FF - prefs.js..extensions.enabledItems: 9

FF - prefs.js..extensions.enabledItems: 1

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {6e098d65-7d2d-46d4-ada0-2f882a29f795}:0.2.3

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: multilinks@plugin:2.0.0.17

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.2.0185

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/10/21 14:19:41 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/10/21 14:19:41 | 000,000,000 | ---D | M]

[2010/02/16 10:07:27 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Mozilla\Extensions

[2010/10/25 18:31:27 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\s3v1q7ie.default\extensions

[2010/07/07 23:33:02 | 000,000,000 | ---D | M] (CHM Reader) -- C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\s3v1q7ie.default\extensions\{6e098d65-7d2d-46d4-ada0-2f882a29f795}

[2010/10/24 15:52:50 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\s3v1q7ie.default\extensions\DTToolbar@toolbarnet.com

[2010/02/20 21:57:48 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\s3v1q7ie.default\extensions\firefox@tvunetworks.com

[2010/10/06 19:27:00 | 000,000,000 | ---D | M] -- C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\s3v1q7ie.default\extensions\multilinks@plugin

[2010/10/24 15:52:42 | 000,002,055 | ---- | M] () -- C:\Users\Andy\AppData\Roaming\Mozilla\Firefox\Profiles\s3v1q7ie.default\searchplugins\daemon-search.xml

[2010/10/14 11:23:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2010/07/13 16:35:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010/08/10 16:37:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

[2010/10/14 11:23:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/10/24 15:46:00 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll File not found

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll File not found

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()

O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()

O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()

O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()

O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)

O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)

O4:64bit: - HKLM..\Run: [iAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [iSBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)

O4 - HKLM..\Run: [sHTtray.exe] C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe (Sony Corporation)

O4 - HKLM..\Run: [smartWiHelper] C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe (Sony Electronics Corporation)

O4 - HKLM..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)

O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)

O13 - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} http://esupport.sony.com/VaioInfo.CAB (VaioInfo.CMClass)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found

O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found

O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - File not found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - File not found

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - File not found

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - File not found

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - File not found

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O29:64bit: - HKLM SecurityProviders - (credssp.dll) - File not found

O29 - HKLM SecurityProviders - (credssp.dll) - File not found

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

Drivers32:64bit: aux - File not found

Drivers32:64bit: aux1 - File not found

Drivers32:64bit: aux2 - File not found

Drivers32:64bit: midi - File not found

Drivers32:64bit: midi1 - File not found

Drivers32:64bit: midi2 - File not found

Drivers32:64bit: midi3 - File not found

Drivers32:64bit: midi6 - File not found

Drivers32:64bit: midi7 - File not found

Drivers32:64bit: midi8 - File not found

Drivers32:64bit: midi9 - File not found

Drivers32:64bit: midimapper - File not found

Drivers32:64bit: mixer - File not found

Drivers32:64bit: mixer1 - File not found

Drivers32:64bit: mixer2 - File not found

Drivers32:64bit: mixer3 - File not found

Drivers32:64bit: mixer6 - File not found

Drivers32:64bit: mixer7 - File not found

Drivers32:64bit: mixer8 - File not found

Drivers32:64bit: mixer9 - File not found

Drivers32:64bit: msacm.imaadpcm - File not found

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32:64bit: msacm.msadpcm - File not found

Drivers32:64bit: msacm.msg711 - File not found

Drivers32:64bit: msacm.msgsm610 - File not found

Drivers32:64bit: MSVideo8 - File not found

Drivers32:64bit: VIDC.FPS1 - File not found

Drivers32:64bit: vidc.i420 - File not found

Drivers32:64bit: VIDC.IYUV - File not found

Drivers32:64bit: vidc.mrle - File not found

Drivers32:64bit: vidc.msvc - File not found

Drivers32:64bit: VIDC.UYVY - File not found

Drivers32:64bit: VIDC.YUY2 - File not found

Drivers32:64bit: VIDC.YVU9 - File not found

Drivers32:64bit: VIDC.YVYU - File not found

Drivers32:64bit: wave - File not found

Drivers32:64bit: wave1 - File not found

Drivers32:64bit: wave2 - File not found

Drivers32:64bit: wave3 - File not found

Drivers32:64bit: wave6 - File not found

Drivers32:64bit: wave7 - File not found

Drivers32:64bit: wave8 - File not found

Drivers32:64bit: wave9 - File not found

Drivers32:64bit: wavemapper - File not found

Drivers32: aux - wdmaud.drv File not found

Drivers32: aux1 - wdmaud.drv File not found

Drivers32: aux2 - wdmaud.drv File not found

Drivers32: midi - wdmaud.drv File not found

Drivers32: midi1 - wdmaud.drv File not found

Drivers32: midi2 - wdmaud.drv File not found

Drivers32: midi3 - wdmaud.drv File not found

Drivers32: midi6 - wdmaud.drv File not found

Drivers32: midi7 - wdmaud.drv File not found

Drivers32: midi8 - wdmaud.drv File not found

Drivers32: midi9 - wdmaud.drv File not found

Drivers32: midimapper - midimap.dll File not found

Drivers32: mixer - wdmaud.drv File not found

Drivers32: mixer1 - wdmaud.drv File not found

Drivers32: mixer2 - wdmaud.drv File not found

Drivers32: mixer3 - wdmaud.drv File not found

Drivers32: mixer6 - wdmaud.drv File not found

Drivers32: mixer7 - wdmaud.drv File not found

Drivers32: mixer8 - wdmaud.drv File not found

Drivers32: mixer9 - wdmaud.drv File not found

Drivers32: msacm.iac2 - C:\Windows\SysWOW64\iac25_32.ax (Intel Corporation)

Drivers32: msacm.imaadpcm - imaadp32.acm File not found

Drivers32: msacm.l3acm - l3codeca.acm File not found

Drivers32: msacm.msadpcm - msadp32.acm File not found

Drivers32: msacm.msg711 - msg711.acm File not found

Drivers32: msacm.msgsm610 - msgsm32.acm File not found

Drivers32: msacm.siren - sirenacm.dll File not found

Drivers32: vidc.cvid - iccvid.dll File not found

Drivers32: vidc.DIVX - DivX.dll File not found

Drivers32: VIDC.FFDS - C:\Program Files (x86)\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()

Drivers32: VIDC.FPS1 - frapsvid.dll File not found

Drivers32: vidc.iv31 - ir32_32.dll File not found

Drivers32: vidc.iv32 - ir32_32.dll File not found

Drivers32: vidc.iv41 - ir41_32.ax File not found

Drivers32: vidc.iv50 - ir50_32.dll File not found

Drivers32: vidc.iyuv - iyuv_32.dll File not found

Drivers32: vidc.mrle - msrle32.dll File not found

Drivers32: vidc.msvc - msvidc32.dll File not found

Drivers32: vidc.uyvy - msyuv.dll File not found

Drivers32: VIDC.VMnc - vmnc.dll File not found

Drivers32: vidc.XVID - xvidvfw.dll File not found

Drivers32: vidc.yuy2 - msyuv.dll File not found

Drivers32: vidc.yv12 - DivX.dll File not found

Drivers32: vidc.yvu9 - tsbyuv.dll File not found

Drivers32: vidc.yvyu - msyuv.dll File not found

Drivers32: wave - wdmaud.drv File not found

Drivers32: wave1 - wdmaud.drv File not found

Drivers32: wave2 - wdmaud.drv File not found

Drivers32: wave3 - wdmaud.drv File not found

Drivers32: wave6 - wdmaud.drv File not found

Drivers32: wave7 - wdmaud.drv File not found

Drivers32: wave8 - wdmaud.drv File not found

Drivers32: wave9 - wdmaud.drv File not found

Drivers32: wavemapper - msacm32.drv File not found

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/10/24 15:52:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Toolbar

[2010/10/24 15:52:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite

[2010/10/24 15:51:40 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Local\FalloutNV

[2010/10/24 15:38:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bethesda Softworks

[2010/10/24 15:20:43 | 000,000,000 | ---D | C] -- C:\_OTL

[2010/10/24 14:46:46 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Roaming\Avira

[2010/10/24 11:23:05 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys

[2010/10/24 11:23:05 | 000,081,072 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys

[2010/10/24 11:23:05 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntdd.sys

[2010/10/24 11:23:05 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntmgr.sys

[2010/10/24 11:23:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira

[2010/10/24 11:23:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira

[2010/10/24 10:24:38 | 000,000,000 | ---D | C] -- C:\Users\Andy\Desktop\malw

[2010/10/24 09:04:16 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Local\Sunbelt Software

[2010/10/24 09:03:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft

[2010/10/23 22:12:54 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSFEEDSSYNC.EXE

[2010/10/23 16:06:54 | 000,000,000 | ---D | C] -- C:\Users\Andy\Documents\Anti-Malware

[2010/10/23 12:01:45 | 000,020,400 | ---- | C] (EnTech Taiwan) -- C:\Windows\SysWow64\drivers\Entech.sys

[2010/10/23 12:01:45 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Futuremark

[2010/10/21 16:34:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\World of Warcraft

[2010/10/18 19:33:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Combined Community Codec Pack

[2010/10/17 16:05:53 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll

[2010/10/17 16:05:51 | 002,085,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll

[2010/10/17 16:05:44 | 001,024,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll

[2010/10/17 16:05:44 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll

[2010/10/17 16:05:37 | 000,702,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll

[2010/10/17 16:05:34 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll

[2010/10/17 16:05:32 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll

[2010/10/17 16:05:31 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll

[2010/10/17 16:05:31 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2010/10/17 16:05:31 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2010/10/17 16:05:31 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2010/10/17 16:05:31 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll

[2010/10/17 16:05:30 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll

[2010/10/17 16:05:30 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2010/10/17 16:05:29 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec

[2010/10/17 16:05:29 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec

[2010/10/17 16:05:29 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe

[2010/10/17 16:05:28 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll

[2010/10/17 16:05:28 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll

[2010/10/17 16:05:28 | 000,483,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\StructuredQuery.dll

[2010/10/17 16:05:27 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll

[2010/10/17 16:05:20 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll

[2010/10/17 16:05:20 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll

[2010/10/17 16:05:06 | 014,627,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll

[2010/10/17 16:05:04 | 011,406,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll

[2010/10/17 16:05:01 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL

[2010/10/17 16:05:01 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL

[2010/10/16 11:17:20 | 000,000,000 | ---D | C] -- C:\Users\Andy\Desktop\Iphoneadd

[2010/10/15 20:04:47 | 000,000,000 | ---D | C] -- C:\Users\Andy\Desktop\Roidripper 3.3.2.6

[2010/10/15 09:53:10 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Roaming\Steinberg

[2010/10/15 09:46:30 | 000,487,936 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmbe3260.dll

[2010/10/15 09:46:30 | 000,087,040 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\ra32sipr.dll

[2010/10/15 09:46:30 | 000,081,920 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\ra3214_4.dll

[2010/10/15 09:46:30 | 000,072,704 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\ra3228_8.dll

[2010/10/15 09:46:30 | 000,021,504 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\ra32dnet.dll

[2010/10/15 09:46:29 | 000,352,768 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pngu3263.dll

[2010/10/15 09:46:29 | 000,273,408 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pncrt.dll

[2010/10/15 09:46:29 | 000,131,072 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pneng50.dll

[2010/10/15 09:46:29 | 000,130,560 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pnc3250.dll

[2010/10/15 09:46:29 | 000,085,504 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\encdnet.dll

[2010/10/15 09:46:29 | 000,061,952 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\decdnet.dll

[2010/10/15 09:44:19 | 000,021,888 | ---- | C] (Syncrosoft GmbH) -- C:\Windows\SysWow64\drivers\synUSB64.sys

[2010/10/15 09:44:15 | 000,401,462 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.000

[2010/10/14 11:23:56 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe

[2010/10/14 11:23:56 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe

[2010/10/14 11:23:56 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe

[2010/10/12 18:17:39 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Local\AjiReader

[2010/10/12 18:16:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Aji Reader Service

[2010/10/11 22:36:42 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Roaming\Guitar Pro 6

[2010/10/11 22:36:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Guitar Pro 6

[2010/10/07 22:43:20 | 000,000,000 | ---D | C] -- C:\ProgramData\dbg

[2010/09/29 20:25:05 | 000,000,000 | ---D | C] -- C:\Users\Andy\AppData\Local\SKIDROW

[2009/11/10 19:57:44 | 000,315,392 | ---- | C] ( ) -- C:\Windows\SysWow64\sbcrreag.dll

========== Files - Modified Within 30 Days ==========

[2010/10/26 11:38:35 | 000,010,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2010/10/26 11:38:35 | 000,010,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2010/10/26 11:35:49 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2010/10/26 11:35:20 | 000,822,906 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2010/10/26 11:35:20 | 000,692,124 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2010/10/26 11:35:20 | 000,132,860 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2010/10/26 11:33:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2010/10/26 11:31:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/10/26 11:30:54 | 522,768,383 | -HS- | M] () -- C:\hiberfil.sys

[2010/10/24 15:46:00 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts

[2010/10/24 15:45:20 | 000,002,268 | ---- | M] () -- C:\Users\Public\Desktop\Fallout New Vegas.lnk

[2010/10/24 14:37:14 | 000,000,833 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.bak

[2010/10/24 14:04:05 | 000,000,021 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.old

[2010/10/24 10:16:45 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job

[2010/10/23 22:12:54 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MSFEEDSSYNC.EXE

[2010/10/23 15:41:09 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt

[2010/10/22 00:43:43 | 000,266,797 | ---- | M] () -- C:\test.xml

[2010/10/21 18:35:15 | 000,001,536 | ---- | M] () -- C:\Windows\SysWow64\bcevent.dll

[2010/10/21 16:44:49 | 000,001,064 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk

[2010/10/19 11:10:34 | 005,031,000 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2010/10/18 18:25:41 | 000,000,600 | ---- | M] () -- C:\Users\Andy\AppData\Roaming\winscp.rnd

[2010/10/05 21:26:46 | 000,020,992 | ---- | M] () -- C:\Users\Andy\Desktop\aphack.exe

========== Files Created - No Company Name ==========

[2010/10/24 15:45:20 | 000,002,268 | ---- | C] () -- C:\Users\Public\Desktop\Fallout New Vegas.lnk

[2010/10/24 10:16:45 | 000,000,394 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job

[2010/10/23 12:01:45 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys

[2010/10/21 18:38:32 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\bcevent.dll

[2010/10/21 16:34:53 | 000,001,064 | ---- | C] () -- C:\Users\Public\Desktop\World of Warcraft.lnk

[2010/09/21 21:34:55 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll

[2010/09/21 21:34:55 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll

[2010/09/21 15:01:32 | 000,000,091 | ---- | C] () -- C:\Windows\CIV.INI

[2010/07/31 21:09:23 | 000,000,090 | ---- | C] () -- C:\Windows\WININIT.INI

[2010/07/24 10:44:46 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll

[2010/07/24 10:44:46 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll

[2010/07/24 10:44:46 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll

[2010/07/13 19:23:06 | 008,923,610 | ---- | C] () -- C:\Users\Andy\AppData\Roaming\MediaComposer_Install.log

[2010/07/13 19:21:57 | 000,186,640 | ---- | C] () -- C:\Users\Andy\AppData\Roaming\FlamethrowerDriver_Install.log

[2010/07/13 19:21:37 | 000,183,290 | ---- | C] () -- C:\Users\Andy\AppData\Roaming\DXDriver_Install.log

[2010/07/13 19:20:56 | 000,192,492 | ---- | C] () -- C:\Users\Andy\AppData\Roaming\PACEDrivers_Install.log

[2010/05/13 10:18:33 | 000,000,092 | ---- | C] () -- C:\Users\Andy\AppData\Local\fusioncache.dat

[2010/04/12 18:13:26 | 000,000,000 | ---- | C] () -- C:\Users\Andy\AppData\Local\prvlcl.dat

[2010/03/05 18:45:46 | 000,000,584 | ---- | C] () -- C:\Users\Andy\AppData\Roaming\myMPQ.ini

[2010/02/16 00:16:56 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini

[2010/02/15 23:43:57 | 000,000,600 | ---- | C] () -- C:\Users\Andy\AppData\Roaming\winscp.rnd

[2009/12/09 21:41:20 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\SonyVideoProcessor.dll

[2009/12/09 21:21:17 | 000,835,912 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2009/10/05 15:09:42 | 001,658,973 | ---- | C] () -- C:\Windows\SysWow64\libmmd.dll

[2009/10/05 15:09:42 | 000,122,880 | ---- | C] () -- C:\Windows\SysWow64\PtSSE2.dll

[2009/10/05 15:09:42 | 000,019,968 | ---- | C] () -- C:\Windows\SysWow64\cpuinf32.dll

[2009/08/03 00:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll

[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll

[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll

[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll

[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll

[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll

[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll

[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll

[2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll

[2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll

[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >

[2010/10/24 10:14:31 | 000,000,445 | ---- | M] () -- C:\aaw7boot.log

[2010/10/26 11:30:54 | 522,768,383 | -HS- | M] () -- C:\hiberfil.sys

[2010/10/26 11:31:00 | 2128,683,007 | -HS- | M] () -- C:\pagefile.sys

[2010/08/11 19:32:07 | 000,002,333 | ---- | M] () -- C:\RHDSetup.log

[2010/10/22 00:43:43 | 000,266,797 | ---- | M] () -- C:\test.xml

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >

[2009/07/13 22:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont

[2009/07/13 22:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont

[2009/07/13 22:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont

[2009/07/13 22:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >

[2009/06/10 13:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\system32\user32.dll /md5 >

[2009/07/13 18:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >

[2009/07/13 18:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\SysWOW64\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >

[2009/07/13 18:11:26 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=808AABDF9337312195CAFF76D1804786 -- C:\Windows\SysWOW64\ws2help.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 997 bytes -> C:\ProgramData\Microsoft:W6SURRULHUukClHyAPhDiA

@Alternate Data Stream - 1033 bytes -> C:\ProgramData\Microsoft:EV3lP73QWOmYFuRwg0EeDXU

< End of report >

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.