Jump to content

goel

Members
  • Content Count

    59
  • Joined

  • Last visited

About goel

  • Rank
    Member

Profile Information

  • Gender
    Male

Previous Fields

  • System Specifications:
    FUJITSU LIFEBOOK LH531 Intel Core i7-2640M CPU @2.80GHz, 8 GB RAM OS: Windows 7 Home Premium SP1 x64
  • TechExpress Link:
    http://www.pcpitstop.com/betapit/sec.asp?conid=24822315
  • Teams:
    Nothing Selected
  1. Hello Please look at the event log of my notebook --- there are so many errors & warnings - and the performance has fallen abysimally. WHat is causing these errors & warnings? Thanks Level Date and Time Source Event ID Task Category Warning 07/03/2012 10:28:42 Microsoft-Windows-Diagnostics-Performance 101 Boot Performance Monitoring "This application took longer than usual to start up, resulting in a performance degradation in the system startup process: File Name : Skype.exe Friendly Name : Skype Version : 5.8.0.158 Total Time : 10832ms Degradation Time : 5832ms Incident Time (UTC) : ‎2012‎-‎03‎-‎07T02:25:48.640400200Z" Error 07/03/2012 10:28:42 Microsoft-Windows-Diagnostics-Performance 100 Boot Performance Monitoring "Windows has started up: Boot Duration : 109752ms IsDegradation : false Incident Time (UTC) : ‎2012‎-‎03‎-‎07T02:25:48.640400200Z" Warning 07/03/2012 07:18:12 Microsoft-Windows-Diagnostics-Performance 103 Boot Performance Monitoring "This startup service took longer than expected to startup, resulting in a performance degradation in the system start up process: File Name : windefend Friendly Name : Service Module Version : 6.1.7600.16385 (win7_rtm.090713-1255) Total Time : 6550ms Degradation Time : 4550ms Incident Time (UTC) : ‎2012‎-‎03‎-‎06T23:14:44.624800200Z" Warning 07/03/2012 07:18:12 Microsoft-Windows-Diagnostics-Performance 101 Boot Performance Monitoring "This application took longer than usual to start up, resulting in a performance degradation in the system startup process: File Name : SearchIndexer.exe Friendly Name : Microsoft Windows Search Indexer Version : 7.00.7600.16385 (win7_rtm.090713-1255) Total Time : 10216ms Degradation Time : 7716ms Incident Time (UTC) : ‎2012‎-‎03‎-‎06T23:14:44.624800200Z" Critical 07/03/2012 07:18:12 Microsoft-Windows-Diagnostics-Performance 100 Boot Performance Monitoring "Windows has started up: Boot Duration : 155298ms IsDegradation : false Incident Time (UTC) : ‎2012‎-‎03‎-‎06T23:14:44.624800200Z" Error 07/03/2012 06:21:06 Microsoft-Windows-Diagnostics-Performance 351 Standby Performance Monitoring "This driver responded slower than expected to the resume request while servicing this device: Driver File Name : DriverACPI Driver Friendly Name : ACPI Driver for NT Driver Version : 6.1.7600.16385 (win7_rtm.090713-1255) Driver Total Time : 764ms Driver Degradation Time : 364ms Incident Time (UTC) : ‎2012‎-‎03‎-‎06T22:20:53.622846300Z Device Name : ACPI_HALPNP0C080 Device Friendly Name : Microsoft ACPI-Compliant System Device Total Time : 764ms Device Degradation Time : 364ms" Warning 07/03/2012 06:21:06 Microsoft-Windows-Diagnostics-Performance 350 Standby Performance Monitoring "Bios initialization time was greater than 250ms (logo requirement) during system resume: Name : S3BiosInitTime Total Time : 693ms Degradation Time : 193ms Incident Time (UTC) : ‎2012‎-‎03‎-‎06T22:20:53.622846300Z" Warning 07/03/2012 06:21:06 Microsoft-Windows-Diagnostics-Performance 309 Standby Performance Monitoring "Preparing core system for sleep was slower than expected: Name : PreSleepCallbacks Total Time : 150ms Degradation Time : 100ms Incident Time (UTC) : ‎2012‎-‎03‎-‎06T17:03:57.972624200Z" Warning 07/03/2012 06:21:06 Microsoft-Windows-Diagnostics-Performance 302 Standby Performance Monitoring "This driver caused a delay during standby while servicing a device: Driver File Name : Driverusbhub Driver Friendly Name : Default Hub Driver for USB Driver Version : 6.1.7600.16385 (win7_rtm.090713-1255) Driver Total Time : 201ms Driver Degradation Time : 101ms Incident Time (UTC) : ‎2012‎-‎03‎-‎06T17:03:57.972624200Z Device Name : USBVID_04F2&PID_B213SN0001 Device Friendly Name : USB Composite Device Device Total Time : 201ms Device Degradation Time : 101ms" Warning 07/03/2012 06:21:06 Microsoft-Windows-Diagnostics-Performance 302 Standby Performance Monitoring "This driver caused a delay during standby while servicing a device: Driver File Name : DriveriaStor Driver Friendly Name : Intel Rapid Storage Technology driver - x64 Driver Version : 10.1.2.1004 Driver Total Time : 684ms Driver Degradation Time : 284ms Incident Time (UTC) : ‎2012‎-‎03‎-‎06T17:03:57.972624200Z Device Name : PCIVEN_8086&DEV_1C03&SUBSYS_160A10CF&REV_053&11583659&0&FA Device Friendly Name : Intel® Mobile Express Chipset SATA AHCI Controller Device Total Time : 716ms Device Degradation Time : 316ms" Error 07/03/2012 06:21:06 Microsoft-Windows-Diagnostics-Performance 302 Standby Performance Monitoring "This driver caused a delay during standby while servicing a device: Driver File Name : DriverDisk Driver Friendly Name : PnP Disk Driver Driver Version : 6.1.7600.16385 (win7_rtm.090713-1255) Driver Total Time : 2013ms Driver Degradation Time : 1613ms Incident Time (UTC) : ‎2012‎-‎03‎-‎06T17:03:57.972624200Z Device Name : IDEDiskTOSHIBA_MK6461GSYN______________________MH000K__4&25735b12&0&0.0.0 Device Friendly Name : Disk drive Device Total Time : 2013ms Device Degradation Time : 1613ms" Warning 07/03/2012 06:21:06 Microsoft-Windows-Diagnostics-Performance 300 Standby Performance Monitoring "Windows has resumed from standby: Standby Duration : 4307ms Standby Incident Time (UTC) : ‎2012‎-‎03‎-‎06T17:03:57.972624200Z Resume Duration : 1745ms Resume Incident Time (UTC) : ‎2012‎-‎03‎-‎06T22:20:53.622846300Z IsDegradation : true" Warning 07/03/2012 00:32:35 Microsoft-Windows-Diagnostics-Performance 101 Boot Performance Monitoring "This application took longer than usual to start up, resulting in a performance degradation in the system startup process: File Name : explorer.exe Friendly Name : Windows Explorer Version : 6.1.7600.16385 (win7_rtm.090713-1255) Total Time : 2595ms Degradation Time : 95ms Incident Time (UTC) : ‎2012‎-‎03‎-‎06T16:30:05.609200200Z" Warning 07/03/2012 00:32:35 Microsoft-Windows-Diagnostics-Performance 101 Boot Performance Monitoring "This application took longer than usual to start up, resulting in a performance degradation in the system startup process: File Name : OUTLOOK.EXE Friendly Name : Microsoft Outlook Version : 14.0.4734.1000 Total Time : 12319ms Degradation Time : 7319ms Incident Time (UTC) : ‎2012‎-‎03‎-‎06T16:30:05.609200200Z" Error 07/03/2012 00:32:35 Microsoft-Windows-Diagnostics-Performance 100 Boot Performance Monitoring "Windows has started up: Boot Duration : 108668ms IsDegradation : true Incident Time (UTC) : ‎2012‎-‎03‎-‎06T16:30:05.609200200Z" Warning 07/03/2012 00:32:35 Microsoft-Windows-Diagnostics-Performance 203 Shutdown Performance Monitoring "This service caused a delay in the system shutdown process: File Name : p2psvc Friendly Name : Peer-to-Peer Services Version : 6.1.7600.16385 (win7_rtm.090713-1255) Total Time : 5021ms Degradation Time : 1021ms Incident Time (UTC) : ‎2012‎-‎03‎-‎06T15:29:19.862125600Z" Warning 07/03/2012 00:32:35 Microsoft-Windows-Diagnostics-Performance 203 Shutdown Performance Monitoring "This service caused a delay in the system shutdown process: File Name : PNRPsvc Friendly Name : PNRP Service Dll Version : 6.1.7600.16385 (win7_rtm.090713-1255) Total Time : 5021ms Degradation Time : 1021ms Incident Time (UTC) : ‎2012‎-‎03‎-‎06T15:29:19.862125600Z" Warning 07/03/2012 00:32:35 Microsoft-Windows-Diagnostics-Performance 201 Shutdown Performance Monitoring "This application caused a delay in the system shutdown process: File Name : RAVCpl64.exe Friendly Name : Realtek HD Audio Manager Version : 1, 0, 0, 607 Total Time : 2519ms Degradation Time : 1019ms Incident Time (UTC) : ‎2012‎-‎03‎-‎06T15:29:19.862125600Z" Critical 07/03/2012 00:32:35 Microsoft-Windows-Diagnostics-Performance 200 Shutdown Performance Monitoring "Windows has shutdown: Shutdown Duration : 3628606ms IsDegradation : false Incident Time (UTC) : ‎2012‎-‎03‎-‎06T15:29:19.862125600Z" Critical 06/03/2012 22:36:55 Microsoft-Windows-Diagnostics-Performance 106 Boot Performance Monitoring "Background optimizations (prefetching) took longer to complete, resulting in a performance degradation in the system start up process: Name : BackgroundPrefetchTime Total Time : 58988ms Degradation Time : 50717ms Incident Time (UTC) : ‎2012‎-‎03‎-‎06T14:34:25.640400200Z" Warning 06/03/2012 22:36:55 Microsoft-Windows-Diagnostics-Performance 102 Boot Performance Monitoring "This driver took longer to initialize, resulting in a performance degradation in the system start up process: File Name : SymNetS Friendly Name : Network Security Driver Version : 11.0.1.5 Total Time : 1803ms Degradation Time : 303ms Incident Time (UTC) : ‎2012‎-‎03‎-‎06T14:34:25.640400200Z" Warning 06/03/2012 22:36:55 Microsoft-Windows-Diagnostics-Performance 102 Boot Performance Monitoring "This driver took longer to initialize, resulting in a performance degradation in the system start up process: File Name : SRTSPX Friendly Name : Symantec AutoProtect Version : 12.2.0.25 Total Time : 3226ms Degradation Time : 1726ms Incident Time (UTC) : ‎2012‎-‎03‎-‎06T14:34:25.640400200Z" Warning 06/03/2012 22:36:55 Microsoft-Windows-Diagnostics-Performance 101 Boot Performance Monitoring "This application took longer than usual to start up, resulting in a performance degradation in the system startup process: File Name : svchost.exe Friendly Name : Host Process for Windows Services Version : 6.1.7600.16385 (win7_rtm.090713-1255) Total Time : 2518ms Degradation Time : 18ms Incident Time (UTC) : ‎2012‎-‎03‎-‎06T14:34:25.640400200Z" Warning 06/03/2012 22:36:55 Microsoft-Windows-Diagnostics-Performance 101 Boot Performance Monitoring "This application took longer than usual to start up, resulting in a performance degradation in the system startup process: File Name : ccSvcHst.exe Friendly Name : Symantec Service Framework Version : 10.0.1.8 Total Time : 3006ms Degradation Time : 506ms Incident Time (UTC) : ‎2012‎-‎03‎-‎06T14:34:25.640400200Z" Warning 06/03/2012 22:36:55 Microsoft-Windows-Diagnostics-Performance 101 Boot Performance Monitoring "This application took longer than usual to start up, resulting in a performance degradation in the system startup process: File Name : explorer.exe Friendly Name : Windows Explorer Version : 6.1.7600.16385 (win7_rtm.090713-1255) Total Time : 5685ms Degradation Time : 685ms Incident Time (UTC) : ‎2012‎-‎03‎-‎06T14:34:25.640400200Z" Error 06/03/2012 22:36:55 Microsoft-Windows-Diagnostics-Performance 100 Boot Performance Monitoring "Windows has started up: Boot Duration : 107178ms IsDegradation : true Incident Time (UTC) : ‎2012‎-‎03‎-‎06T14:34:25.640400200Z" Warning 06/03/2012 22:36:51 Microsoft-Windows-Diagnostics-Performance 201 Shutdown Performance Monitoring "This application caused a delay in the system shutdown process: File Name : nvvsvc.exe Friendly Name : NVIDIA Driver Helper Service, Version 266.40 Version : 8.17.12.6640 Total Time : 2059ms Degradation Time : 559ms Incident Time (UTC) : ‎2012‎-‎03‎-‎06T14:33:41.463701100Z" Warning 06/03/2012 22:36:51 Microsoft-Windows-Diagnostics-Performance 200 Shutdown Performance Monitoring "Windows has shutdown: Shutdown Duration : 15062ms IsDegradation : false Incident Time (UTC) : ‎2012‎-‎03‎-‎06T14:33:41.463701100Z" Warning 06/03/2012 22:32:58 Microsoft-Windows-Diagnostics-Performance 101 Boot Performance Monitoring "This application took longer than usual to start up, resulting in a performance degradation in the system startup process: File Name : svchost.exe Friendly Name : Host Process for Windows Services Version : 6.1.7600.16385 (win7_rtm.090713-1255) Total Time : 1726ms Degradation Time : 726ms Incident Time (UTC) : ‎2012‎-‎03‎-‎06T14:30:38.593600200Z" Warning 06/03/2012 22:32:58 Microsoft-Windows-Diagnostics-Performance 101 Boot Performance Monitoring "This application took longer than usual to start up, resulting in a performance degradation in the system startup process: File Name : explorer.exe Friendly Name : Windows Explorer Version : 6.1.7600.16385 (win7_rtm.090713-1255) Total Time : 3706ms Degradation Time : 1206ms Incident Time (UTC) : ‎2012‎-‎03‎-‎06T14:30:38.593600200Z" Warning 06/03/2012 22:32:58 Microsoft-Windows-Diagnostics-Performance 101 Boot Performance Monitoring "This application took longer than usual to start up, resulting in a performance degradation in the system startup process: File Name : GExc.exe Friendly Name : GExc Version : 3.1.0.2 Total Time : 13494ms Degradation Time : 8494ms Incident Time (UTC) : ‎2012‎-‎03‎-‎06T14:30:38.593600200Z" Critical 06/03/2012 22:32:58 Microsoft-Windows-Diagnostics-Performance 100 Boot Performance Monitoring "Windows has started up: Boot Duration : 127809ms IsDegradation : true Incident Time (UTC) : ‎2012‎-‎03‎-‎06T14:30:38.593600200Z" Warning 06/03/2012 22:32:57 Microsoft-Windows-Diagnostics-Performance 200 Shutdown Performance Monitoring "Windows has shutdown: Shutdown Duration : 15549ms IsDegradation : false Incident Time (UTC) : ‎2012‎-‎03‎-‎06T14:30:07.791030000Z" Warning 06/03/2012 22:20:44 Microsoft-Windows-Diagnostics-Performance 103 Boot Performance Monitoring "This startup service took longer than expected to startup, resulting in a performance degradation in the system start up process: File Name : audioendpointbuilder Friendly Name : Windows Audio Service Version : 6.1.7600.16385 (win7_rtm.090713-1255) Total Time : 3085ms Degradation Time : 496ms Incident Time (UTC) : ‎2012‎-‎03‎-‎06T14:18:09.640400200Z" Error 06/03/2012 22:20:44 Microsoft-Windows-Diagnostics-Performance 100 Boot Performance Monitoring "Windows has started up: Boot Duration : 97600ms IsDegradation : false Incident Time (UTC) : ‎2012‎-‎03‎-‎06T14:18:09.640400200Z" Error 01/04/2011 08:42:39 Microsoft-Windows-Diagnostics-Performance 110 Boot Performance Monitoring "Session manager initialization caused a slow down in the startup process: Name : SMSSInit Total Time : 25723ms Degradation Time : 12645ms Incident Time (UTC) : ‎2011‎-‎04‎-‎01T00:40:03.624800200Z" Error 01/04/2011 08:42:39 Microsoft-Windows-Diagnostics-Performance 100 Boot Performance Monitoring "Windows has started up: Boot Duration : 98864ms IsDegradation : true Incident Time (UTC) : ‎2011‎-‎04‎-‎01T00:40:03.624800200Z" Warning 01/04/2011 08:35:26 Microsoft-Windows-Diagnostics-Performance 100 Boot Performance Monitoring "Windows has started up: Boot Duration : 42595ms IsDegradation : false Incident Time (UTC) : ‎2011‎-‎04‎-‎01T00:33:29.671600300Z" Warning 01/04/2011 08:35:25 Microsoft-Windows-Diagnostics-Performance 200 Shutdown Performance Monitoring "Windows has shutdown: Shutdown Duration : 7977ms IsDegradation : false Incident Time (UTC) : ‎2011‎-‎04‎-‎01T00:03:47.959303900Z" Warning 01/04/2011 08:03:13 Microsoft-Windows-Diagnostics-Performance 103 Boot Performance Monitoring "This startup service took longer than expected to startup, resulting in a performance degradation in the system start up process: File Name : audiosrv Friendly Name : Windows Audio Service Version : 6.1.7600.16385 (win7_rtm.090713-1255) Total Time : 297ms Degradation Time : 271ms Incident Time (UTC) : ‎2011‎-‎04‎-‎01T00:00:35.671600300Z" Warning 01/04/2011 08:03:13 Microsoft-Windows-Diagnostics-Performance 101 Boot Performance Monitoring "This application took longer than usual to start up, resulting in a performance degradation in the system startup process: File Name : explorer.exe Friendly Name : Windows Explorer Version : 6.1.7600.16385 (win7_rtm.090713-1255) Total Time : 3637ms Degradation Time : 1137ms Incident Time (UTC) : ‎2011‎-‎04‎-‎01T00:00:35.671600300Z" Error 01/04/2011 08:03:13 Microsoft-Windows-Diagnostics-Performance 100 Boot Performance Monitoring "Windows has started up: Boot Duration : 94766ms IsDegradation : false Incident Time (UTC) : ‎2011‎-‎04‎-‎01T00:00:35.671600300Z" Warning 01/04/2011 08:03:12 Microsoft-Windows-Diagnostics-Performance 200 Shutdown Performance Monitoring "Windows has shutdown: Shutdown Duration : 6861ms IsDegradation : false Incident Time (UTC) : ‎2011‎-‎04‎-‎01T00:00:14.018532100Z" Warning 01/04/2011 07:58:21 Microsoft-Windows-Diagnostics-Performance 101 Boot Performance Monitoring "This application took longer than usual to start up, resulting in a performance degradation in the system startup process: File Name : explorer.exe Friendly Name : Windows Explorer Version : 6.1.7600.16385 (win7_rtm.090713-1255) Total Time : 3397ms Degradation Time : 897ms Incident Time (UTC) : ‎2011‎-‎03‎-‎31T23:55:23.624800200Z" Error 01/04/2011 07:58:21 Microsoft-Windows-Diagnostics-Performance 100 Boot Performance Monitoring "Windows has started up: Boot Duration : 114090ms IsDegradation : true Incident Time (UTC) : ‎2011‎-‎03‎-‎31T23:55:23.624800200Z" Warning 01/04/2011 07:58:20 Microsoft-Windows-Diagnostics-Performance 200 Shutdown Performance Monitoring "Windows has shutdown: Shutdown Duration : 7361ms IsDegradation : false Incident Time (UTC) : ‎2011‎-‎03‎-‎28T19:00:34.748321600Z" Warning 29/03/2011 02:57:56 Microsoft-Windows-Diagnostics-Performance 101 Boot Performance Monitoring "This application took longer than usual to start up, resulting in a performance degradation in the system startup process: File Name : explorer.exe Friendly Name : Windows Explorer Version : 6.1.7600.16385 (win7_rtm.090713-1255) Total Time : 3907ms Degradation Time : 1407ms Incident Time (UTC) : ‎2011‎-‎03‎-‎28T18:55:36.671600300Z" Error 29/03/2011 02:57:56 Microsoft-Windows-Diagnostics-Performance 100 Boot Performance Monitoring "Windows has started up: Boot Duration : 85456ms IsDegradation : true Incident Time (UTC) : ‎2011‎-‎03‎-‎28T18:55:36.671600300Z" Warning 29/03/2011 02:57:55 Microsoft-Windows-Diagnostics-Performance 200 Shutdown Performance Monitoring "Windows has shutdown: Shutdown Duration : 8626ms IsDegradation : false Incident Time (UTC) : ‎2011‎-‎03‎-‎28T18:55:13.111523900Z" Warning 29/03/2011 02:53:14 Microsoft-Windows-Diagnostics-Performance 100 Boot Performance Monitoring "Windows has started up: Boot Duration : 53858ms IsDegradation : false Incident Time (UTC) : ‎2011‎-‎03‎-‎28T18:51:00.624800200Z" Warning 29/03/2011 02:38:01 Microsoft-Windows-Diagnostics-Performance 100 Boot Performance Monitoring "Windows has started up: Boot Duration : 46174ms IsDegradation : false Incident Time (UTC) : ‎2011‎-‎03‎-‎28T18:36:07.656000300Z" Warning 29/03/2011 02:38:00 Microsoft-Windows-Diagnostics-Performance 200 Shutdown Performance Monitoring "Windows has shutdown: Shutdown Duration : 3907ms IsDegradation : false Incident Time (UTC) : ‎2011‎-‎03‎-‎28T18:35:50.910636700Z" Warning 04/03/2011 14:22:37 Microsoft-Windows-Diagnostics-Performance 200 Shutdown Performance Monitoring "Windows has shutdown: Shutdown Duration : 10671ms IsDegradation : true Incident Time (UTC) : ‎2011‎-‎03‎-‎04T06:20:00.241622000Z" Error 04/03/2011 14:22:37 Microsoft-Windows-Diagnostics-Performance 106 Boot Performance Monitoring "Background optimizations (prefetching) took longer to complete, resulting in a performance degradation in the system start up process: Name : BackgroundPrefetchTime Total Time : 51192ms Degradation Time : 67717ms Incident Time (UTC) : ‎2011‎-‎03‎-‎04T06:20:29.687200300Z" Warning 04/03/2011 14:22:37 Microsoft-Windows-Diagnostics-Performance 101 Boot Performance Monitoring "This application took longer than usual to start up, resulting in a performance degradation in the system startup process: File Name : explorer.exe Friendly Name : Windows Explorer Version : 6.1.7600.16385 (win7_rtm.090713-1255) Total Time : 2552ms Degradation Time : 52ms Incident Time (UTC) : ‎2011‎-‎03‎-‎04T06:20:29.687200300Z" Warning 04/03/2011 14:22:37 Microsoft-Windows-Diagnostics-Performance 100 Boot Performance Monitoring "Windows has started up: Boot Duration : 53558ms IsDegradation : false Incident Time (UTC) : ‎2011‎-‎03‎-‎04T06:20:29.687200300Z" Warning 04/03/2011 14:12:44 Microsoft-Windows-Diagnostics-Performance 100 Boot Performance Monitoring "Windows has started up: Boot Duration : 73820ms IsDegradation : true Incident Time (UTC) : ‎2011‎-‎03‎-‎04T06:10:24.640400200Z" Warning 04/03/2011 14:12:44 Microsoft-Windows-Diagnostics-Performance 200 Shutdown Performance Monitoring "Windows has shutdown: Shutdown Duration : 9774ms IsDegradation : true Incident Time (UTC) : ‎2011‎-‎03‎-‎04T06:09:55.435944300Z" Error 04/03/2011 14:05:41 Microsoft-Windows-Diagnostics-Performance 100 Boot Performance Monitoring "Windows has started up: Boot Duration : 124326ms IsDegradation : true Incident Time (UTC) : ‎2011‎-‎03‎-‎04T06:03:14.687200300Z" Warning 04/03/2011 14:05:41 Microsoft-Windows-Diagnostics-Performance 203 Shutdown Performance Monitoring "This service caused a delay in the system shutdown process: File Name : CryptSvc Friendly Name : Cryptographic Services Version : 6.1.7600.16385 (win7_rtm.090713-1255) Total Time : 4974ms Degradation Time : 974ms Incident Time (UTC) : ‎2011‎-‎03‎-‎04T06:02:27.347435200Z" Warning 04/03/2011 14:05:41 Microsoft-Windows-Diagnostics-Performance 203 Shutdown Performance Monitoring "This service caused a delay in the system shutdown process: File Name : UxSms Friendly Name : Microsoft User Experience Session Management Service Version : 6.1.7600.16385 (win7_rtm.090713-1255) Total Time : 5070ms Degradation Time : 1070ms Incident Time (UTC) : ‎2011‎-‎03‎-‎04T06:02:27.347435200Z" Error 04/03/2011 14:05:41 Microsoft-Windows-Diagnostics-Performance 203 Shutdown Performance Monitoring "This service caused a delay in the system shutdown process: File Name : Wlansvc Friendly Name : Windows WLAN AutoConfig Service DLL Version : 6.1.7600.16385 (win7_rtm.090713-1255) Total Time : 9394ms Degradation Time : 5394ms Incident Time (UTC) : ‎2011‎-‎03‎-‎04T06:02:27.347435200Z" Error 04/03/2011 14:05:41 Microsoft-Windows-Diagnostics-Performance 203 Shutdown Performance Monitoring "This service caused a delay in the system shutdown process: File Name : sppsvc Friendly Name : Microsoft Software Protection Platform Service Version : 6.1.7600.16385 (win7_rtm.090713-1255) Total Time : 10218ms Degradation Time : 6218ms Incident Time (UTC) : ‎2011‎-‎03‎-‎04T06:02:27.347435200Z" Error 04/03/2011 14:05:41 Microsoft-Windows-Diagnostics-Performance 203 Shutdown Performance Monitoring "This service caused a delay in the system shutdown process: File Name : WinDefend Friendly Name : Service Module Version : 6.1.7600.16385 (win7_rtm.090713-1255) Total Time : 12652ms Degradation Time : 8652ms Incident Time (UTC) : ‎2011‎-‎03‎-‎04T06:02:27.347435200Z" Critical 04/03/2011 14:05:41 Microsoft-Windows-Diagnostics-Performance 203 Shutdown Performance Monitoring "This service caused a delay in the system shutdown process: File Name : eventlog Friendly Name : Version : Total Time : 15928ms Degradation Time : 11928ms Incident Time (UTC) : ‎2011‎-‎03‎-‎04T06:02:27.347435200Z" Warning 04/03/2011 14:05:41 Microsoft-Windows-Diagnostics-Performance 201 Shutdown Performance Monitoring "This application caused a delay in the system shutdown process: File Name : lsass.exe Friendly Name : Local Security Authority Process Version : 6.1.7600.16385 (win7_rtm.090713-1255) Total Time : 533ms Degradation Time : 33ms Incident Time (UTC) : ‎2011‎-‎03‎-‎04T06:02:27.347435200Z" Warning 04/03/2011 14:05:41 Microsoft-Windows-Diagnostics-Performance 201 Shutdown Performance Monitoring "This application caused a delay in the system shutdown process: File Name : taskhost.exe Friendly Name : Host Process for Windows Tasks Version : 6.1.7600.16385 (win7_rtm.090713-1255) Total Time : 2230ms Degradation Time : 730ms Incident Time (UTC) : ‎2011‎-‎03‎-‎04T06:02:27.347435200Z" Error 04/03/2011 14:05:41 Microsoft-Windows-Diagnostics-Performance 201 Shutdown Performance Monitoring "This application caused a delay in the system shutdown process: File Name : explorer.exe Friendly Name : Windows Explorer Version : 6.1.7600.16385 (win7_rtm.090713-1255) Total Time : 5720ms Degradation Time : 4220ms Incident Time (UTC) : ‎2011‎-‎03‎-‎04T06:02:27.347435200Z" Warning 04/03/2011 14:05:41 Microsoft-Windows-Diagnostics-Performance 200 Shutdown Performance Monitoring "Windows has shutdown: Shutdown Duration : 27297ms IsDegradation : true Incident Time (UTC) : ‎2011‎-‎03‎-‎04T06:02:27.347435200Z" Critical 04/03/2011 13:51:12 Microsoft-Windows-Diagnostics-Performance 100 Boot Performance Monitoring "Windows has started up: Boot Duration : 164533ms IsDegradation : false Incident Time (UTC) : ‎2011‎-‎03‎-‎04T05:48:21.702800300Z"
  2. While Malwarebytes did not find anything, PCPiststop scanner detected meredrop trojan, but could not remove it. how to proceed? thanks
  3. Sure, will remove it now. But it has not been used when the problem emerged.
  4. Thanks for reply. No, I am not downloading stuff and though installed, it is not running.
  5. Hello I recently bought a FUJITSU LIFEBOOK LH531 (Intel Core i7-2640M CPU @2.80GHz, 8 GB RAM running Windows 7 Home Premium SP1 x64) 2 months ago. TechExpress Link: http://www.pcpitstop.com/betapit/sec.asp?conid=24822315 1) Since 2 days the notebook has become too slow. The boot process is now taking 2-3 times longer. After booting opening any program takes ages. EVen when I click on START, the menu takes time to come. If I open a directory, the list of files takes a while to be populated. Webpages take their time to open. Even if I type, it is a while before the letter appears on the screen. I did not instal any new hardware or software when the problem started. Also I did a NOD32 antivirus check today, nothing detected. 2) Did the TechExpress test, link as above. What freaks me out is the disk performance - the disk data transfer rate is 4 MB/sec, which is rated in the bottom 1%. Please could experts help. Regards Goel
  6. Dear JonTom As I mentioned in my last post, I reinstalled FF - as you suggested - and all is OK now. Thanks for your help.
  7. Dear JonTom I re-installed the Firefox and all is good now. However: Enclosed ComboFix log & a screenshot of what appears when I search from the addressbar with FireFox. Screen shot: http://postimage.org/image/jf2s89k4/ Many thanks for your help. ComboFix 11-05-12.02 - SJGOEL 13/05/2011 9:35.2.2 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.44.1033.18.4027.2531 [GMT 3:00] Running from: c:\users\SJGOEL\Desktop\ComboFix.exe AV: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1} SP: ESET NOD32 Antivirus 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((( Files Created from 2011-04-13 to 2011-05-13 ))))))))))))))))))))))))))))))) . . 2011-05-13 06:42 . 2011-05-13 06:42 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-05-13 06:21 . 2011-04-11 08:21 8802128 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FA1FA434-890C-47BE-AFD0-52DE1CCE990E}\mpengine.dll 2011-05-11 20:56 . 2011-05-12 03:16 -------- d-----w- c:\programdata\Kaspersky Lab 2011-05-11 07:28 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe 2011-05-11 07:28 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe 2011-05-11 07:19 . 2011-04-09 07:02 5562240 ----a-w- c:\windows\system32\ntoskrnl.exe 2011-05-11 07:19 . 2011-04-09 06:02 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2011-05-11 07:19 . 2011-04-09 06:02 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2011-05-11 07:18 . 2011-03-25 03:29 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys 2011-05-11 07:18 . 2011-03-25 03:29 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2011-05-11 07:18 . 2011-03-25 03:29 325120 ----a-w- c:\windows\system32\drivers\usbport.sys 2011-05-11 07:18 . 2011-03-25 03:29 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys 2011-05-11 07:18 . 2011-03-25 03:29 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys 2011-05-11 07:18 . 2011-03-25 03:29 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys 2011-05-11 07:18 . 2011-03-25 03:28 7936 ----a-w- c:\windows\system32\drivers\usbd.sys 2011-05-08 12:55 . 2011-05-08 12:55 -------- d-----w- c:\program files (x86)\Common Files\Java 2011-05-03 23:37 . 2011-05-03 23:37 -------- d-----w- C:\_OTL 2011-05-01 21:41 . 2011-05-01 21:41 -------- d-----w- c:\users\SJGOEL\AppData\Roaming\Yahoo! 2011-05-01 21:40 . 2011-05-01 21:40 -------- d-----w- c:\programdata\Yahoo! 2011-04-30 09:02 . 2011-04-30 09:02 -------- d-----w- c:\program files\JL_Cmder 2011-04-30 08:55 . 2011-04-30 08:55 413696 ----a-r- c:\users\SJGOEL\AppData\Roaming\Microsoft\Installer\{38D218CF-2D27-4A35-8344-B17C269F08DE}\BlackBerry.exe 2011-04-30 04:51 . 2011-04-30 04:51 -------- d-----w- c:\users\SJGOEL\AppData\Roaming\Malwarebytes 2011-04-30 04:51 . 2010-12-20 15:09 38224 ------w- c:\windows\SysWow64\drivers\mbamswissarmy.sys 2011-04-30 04:51 . 2011-04-30 04:51 -------- d-----w- c:\programdata\Malwarebytes 2011-04-30 04:51 . 2011-04-30 05:50 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2011-04-30 04:51 . 2010-12-20 15:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-04-27 19:45 . 2011-04-27 19:45 -------- d-----w- c:\program files (x86)\Research In Motion Limited 2011-04-27 17:08 . 2011-04-27 17:10 -------- d-----w- c:\program files (x86)\Network Stumbler 2011-04-27 10:18 . 2011-04-27 10:18 -------- d-----w- c:\program files (x86)\Trend Micro 2011-04-16 08:52 . 2011-04-16 08:52 -------- d-----w- c:\program files (x86)\DiskInternals 2011-04-16 08:50 . 2011-02-24 06:15 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2011-04-16 08:50 . 2011-02-24 05:38 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll 2011-04-15 10:29 . 2011-04-15 10:29 135568 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll 2011-04-14 18:55 . 2011-04-16 08:44 -------- d-----w- c:\program files (x86)\WebSite X5 v8 - Evolution 2011-04-13 22:40 . 2011-04-13 22:40 4284416 ------w- c:\windows\SysWow64\GPhotos.scr . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-05-08 12:54 . 2010-12-23 16:41 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2011-03-11 06:34 . 2011-04-12 18:30 1359872 ----a-w- c:\windows\system32\mfc42u.dll 2011-03-11 06:34 . 2011-04-12 18:30 1395712 ----a-w- c:\windows\system32\mfc42.dll 2011-03-11 05:33 . 2011-04-12 18:30 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll 2011-03-11 05:33 . 2011-04-12 18:30 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll 2011-03-10 07:13 . 2010-06-24 09:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2011-03-08 06:29 . 2011-04-12 18:29 976896 ----a-w- c:\windows\system32\inetcomm.dll 2011-03-08 05:28 . 2011-04-12 18:29 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll 2011-03-07 06:31 . 2011-04-12 18:30 1188864 ----a-w- c:\windows\system32\wininet.dll 2011-03-07 05:33 . 2011-04-12 18:30 981504 ----a-w- c:\windows\SysWow64\wininet.dll 2011-03-07 04:24 . 2011-04-12 18:30 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2011-03-07 03:52 . 2011-04-12 18:30 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb 2011-03-04 06:19 . 2011-04-28 06:17 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2011-03-04 06:19 . 2011-04-28 06:17 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2011-03-03 06:24 . 2011-04-12 18:30 183296 ----a-w- c:\windows\system32\dnsrslvr.dll 2011-03-03 06:21 . 2011-04-12 18:30 30208 ----a-w- c:\windows\system32\dnscacheugc.exe 2011-03-03 05:36 . 2011-04-12 18:30 28672 ----a-w- c:\windows\SysWow64\dnscacheugc.exe 2011-03-03 03:52 . 2011-04-12 18:29 3135488 ----a-w- c:\windows\system32\win32k.sys 2011-02-24 15:21 . 2011-04-10 04:48 2753512 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys 2011-02-23 08:36 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll 2011-02-23 08:36 . 2009-07-14 02:36 152576 ------w- c:\windows\SysWow64\msclmd.dll 2011-02-23 04:56 . 2011-04-12 18:29 158208 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-02-23 04:56 . 2011-04-12 18:29 467456 ----a-w- c:\windows\system32\drivers\srv.sys 2011-02-23 04:56 . 2011-04-12 18:29 411648 ----a-w- c:\windows\system32\drivers\srv2.sys 2011-02-23 04:55 . 2011-04-12 18:29 167936 ----a-w- c:\windows\system32\drivers\srvnet.sys 2011-02-23 04:55 . 2011-04-12 18:29 287744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2011-02-23 04:55 . 2011-04-12 18:29 128000 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2011-02-23 04:55 . 2011-04-12 18:29 90624 ----a-w- c:\windows\system32\drivers\bowser.sys 2011-02-22 12:52 . 2011-04-10 04:48 2075712 ----a-w- c:\windows\system32\FMAPO64.dll 2011-02-22 10:20 . 2011-04-10 04:48 820224 ----a-w- c:\windows\system32\RCoRes64.dat 2011-02-22 08:16 . 2011-04-10 04:48 2369128 ----a-w- c:\windows\system32\RtPgEx64.dll 2011-02-19 12:05 . 2011-03-09 07:19 1139200 ----a-w- c:\windows\system32\FntCache.dll 2011-02-19 12:04 . 2011-03-09 07:19 1544192 ----a-w- c:\windows\system32\DWrite.dll 2011-02-19 12:04 . 2011-03-09 07:19 902656 ----a-w- c:\windows\system32\d2d1.dll 2011-02-19 12:03 . 2011-04-12 18:29 46080 ----a-w- c:\windows\system32\atmlib.dll 2011-02-19 09:00 . 2011-04-12 18:29 367616 ----a-w- c:\windows\system32\atmfd.dll 2011-02-19 06:30 . 2011-03-09 07:19 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll 2011-02-19 06:30 . 2011-03-09 07:19 739840 ----a-w- c:\windows\SysWow64\d2d1.dll 2011-02-19 06:30 . 2011-04-12 18:29 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2011-02-19 04:34 . 2011-04-12 18:29 294912 ----a-w- c:\windows\SysWow64\atmfd.dll 2011-02-18 10:56 . 2011-04-12 18:29 613376 ----a-w- c:\windows\system32\vbscript.dll 2011-02-18 07:49 . 2011-04-10 04:48 2839656 ----a-w- c:\windows\system32\RtkAPO64.dll 2011-02-18 05:43 . 2011-04-12 18:29 428032 ----a-w- c:\windows\SysWow64\vbscript.dll 2011-02-17 11:03 . 2011-04-10 04:48 648296 ----a-w- c:\windows\system32\RtkApi64.dll 2011-02-16 15:23 . 2011-02-16 15:23 74240 ----a-w- c:\windows\system32\drivers\RimUsb_AMD64.sys 2011-02-16 10:11 . 2011-04-10 04:48 84072 ----a-w- c:\windows\system32\RCoInst64.dll 2011-02-12 11:34 . 2011-04-12 18:29 267776 ----a-w- c:\windows\system32\FXSCOVER.exe . . ((((((((((((((((((((((((((((( [email protected]_21.28.19 ))))))))))))))))))))))))))))))))))))))))) . - 2009-07-14 04:54 . 2011-05-01 21:27 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:54 . 2011-05-13 06:19 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:54 . 2011-05-13 06:19 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2011-05-01 21:27 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2011-05-01 21:27 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2011-05-13 06:19 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-12-24 14:03 . 2011-05-13 06:21 51492 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2011-05-13 06:21 50520 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2010-12-24 13:37 . 2011-05-13 06:21 16964 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1663252896-55141104-3457757757-1003_UserData.bin + 2009-07-14 05:30 . 2011-05-11 07:22 86016 c:\windows\system32\DriverStore\infpub.dat - 2009-07-14 05:30 . 2011-04-30 12:33 86016 c:\windows\system32\DriverStore\infpub.dat + 2011-05-11 07:18 . 2011-03-25 03:29 30720 c:\windows\system32\DriverStore\FileRepository\usbport.inf_amd64_neutral_189259810882aaea\usbuhci.sys + 2011-05-11 07:18 . 2011-03-25 03:29 25600 c:\windows\system32\DriverStore\FileRepository\usbport.inf_amd64_neutral_189259810882aaea\usbohci.sys + 2011-05-11 07:18 . 2011-03-25 03:29 52736 c:\windows\system32\DriverStore\FileRepository\usbport.inf_amd64_neutral_189259810882aaea\usbehci.sys + 2011-05-11 07:18 . 2011-03-25 03:29 98816 c:\windows\system32\DriverStore\FileRepository\usb.inf_amd64_neutral_153b489118ee37b8\usbccgp.sys - 2010-12-24 12:48 . 2011-05-01 11:10 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-12-24 12:48 . 2011-05-11 07:23 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-05-08 13:14 . 2011-05-11 07:23 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2011-05-01 11:10 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2011-05-11 07:23 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2010-12-25 08:10 . 2011-05-01 21:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-12-25 08:10 . 2011-05-13 06:22 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-12-25 08:10 . 2011-05-01 21:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-12-25 08:10 . 2011-05-13 06:22 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2011-01-09 19:22 . 2011-05-08 04:46 4092 c:\windows\system32\wdi\ERCQueuedResolutions.dat + 2011-05-11 07:18 . 2011-03-25 03:28 7936 c:\windows\system32\DriverStore\FileRepository\usbport.inf_amd64_neutral_189259810882aaea\usbd.sys + 2011-05-13 06:19 . 2011-05-13 06:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2011-05-01 21:27 . 2011-05-01 21:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2011-05-01 21:27 . 2011-05-01 21:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2011-05-13 06:19 . 2011-05-13 06:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2011-03-11 07:21 . 2011-03-11 07:21 157472 c:\windows\SysWOW64\javaws.exe + 2011-05-08 12:55 . 2011-05-08 12:54 157472 c:\windows\SysWOW64\javaws.exe - 2011-03-11 07:21 . 2011-03-11 07:21 145184 c:\windows\SysWOW64\javaw.exe + 2011-05-08 12:55 . 2011-05-08 12:54 145184 c:\windows\SysWOW64\javaw.exe - 2011-03-11 07:21 . 2011-03-11 07:21 145184 c:\windows\SysWOW64\java.exe + 2011-05-08 12:55 . 2011-05-08 12:54 145184 c:\windows\SysWOW64\java.exe + 2011-01-02 14:51 . 2011-05-08 04:16 250412 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin + 2010-12-24 14:52 . 2011-05-12 13:35 361682 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin - 2009-07-14 02:36 . 2011-05-01 21:10 634048 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2011-05-13 06:25 634048 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2011-05-13 06:25 112666 c:\windows\system32\perfc009.dat - 2009-07-14 02:36 . 2011-05-01 21:10 112666 c:\windows\system32\perfc009.dat - 2009-07-14 05:30 . 2011-04-30 12:33 239616 c:\windows\system32\DriverStore\infstrng.dat + 2009-07-14 05:30 . 2011-05-11 07:22 239616 c:\windows\system32\DriverStore\infstrng.dat + 2009-07-14 05:30 . 2011-05-11 07:22 143360 c:\windows\system32\DriverStore\infstor.dat - 2009-07-14 05:30 . 2011-04-30 08:55 143360 c:\windows\system32\DriverStore\infstor.dat + 2011-05-11 07:18 . 2011-03-25 03:29 325120 c:\windows\system32\DriverStore\FileRepository\usbport.inf_amd64_neutral_189259810882aaea\usbport.sys + 2011-05-11 07:18 . 2011-03-25 03:29 343040 c:\windows\system32\DriverStore\FileRepository\usbport.inf_amd64_neutral_189259810882aaea\usbhub.sys + 2011-05-11 07:18 . 2011-03-25 03:29 343040 c:\windows\system32\DriverStore\FileRepository\usb.inf_amd64_neutral_153b489118ee37b8\usbhub.sys + 2009-07-14 05:31 . 2011-05-11 07:22 399360 c:\windows\system32\DriverStore\drvindex.dat - 2009-07-14 05:31 . 2011-04-28 06:35 399360 c:\windows\system32\DriverStore\drvindex.dat - 2009-07-14 05:12 . 2011-05-01 11:10 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat + 2009-07-14 05:12 . 2011-05-08 13:14 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat + 2009-07-14 04:46 . 2011-05-12 03:22 104400 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat - 2009-07-14 04:46 . 2011-04-30 19:24 104400 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat + 2009-07-14 05:01 . 2011-05-12 15:39 492876 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2009-07-14 05:01 . 2011-05-01 21:26 492876 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2011-05-08 12:55 . 2011-05-08 12:55 183808 c:\windows\Installer\6f7467.msi - 2009-07-14 04:45 . 2011-04-30 16:57 7378052 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat + 2009-07-14 04:45 . 2011-05-11 20:36 7378052 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat - 2010-12-24 00:12 . 2011-05-01 21:26 6250888 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat + 2010-12-24 00:12 . 2011-05-12 13:35 6250888 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat + 2009-07-14 02:34 . 2011-05-11 07:22 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat - 2009-07-14 02:34 . 2011-04-28 06:35 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat + 2011-01-12 08:07 . 2011-05-11 07:20 44548040 c:\windows\system32\MRT.exe + 2011-05-08 12:54 . 2011-05-08 12:54 12584960 c:\windows\Installer\6f7462.msi . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TouchFreeze"="c:\program files (x86)\TouchFreeze\TouchFreeze.exe" [2005-04-29 45056] "POP Peeper"="c:\program files (x86)\POP Peeper\POPPeeper.exe" [2010-09-09 1511424] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-12-20 443728] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "DisableCAD"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] 2009-07-14 09:15 98304 ------w- c:\windows\System32\VESWinlogon.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli c:\program files\Protector Suite\psqlpwd.dll Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-] "ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" . R1 SASDIFSV;SASDIFSV;c:\users\SJGOEL\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS [x] R1 SASKUTIL;SASKUTIL;c:\users\SJGOEL\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS [x] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 regi;regi;c:\windows\system32\drivers\regi.sys [x] R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x] R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x] R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x] R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x] R3 NETw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETw5v64.sys [x] R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [x] R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2009-01-17 110376] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x] S0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\DRIVERS\shpf.sys [x] S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x] S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x] S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2010-11-04 810144] S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x] S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136] S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [x] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-12-20 363344] S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2010-09-16 80896] S2 QDLService;Qualcomm Gobi Download Service;c:\qualcomm\QDLService\QDLService.exe [2009-08-06 345336] S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [2010-11-03 199272] S2 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-07-17 120104] S2 SOHDBSvr;VAIO Media plus Database Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-07-17 70952] S2 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-07-17 427304] S2 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-07-17 75048] S2 SOHPlMgr;VAIO Media plus Playlist Manager;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-07-17 91432] S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-07-22 642920] S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [x] S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-11-11 539248] S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x] S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y62x64.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x] S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x] S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [x] S3 SPI;Sony Programmable I/O Control Device;c:\windows\system32\DRIVERS\SonyPI.sys [x] S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-01-20 394536] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x] . . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay] @="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}" [HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}] 2009-06-12 21:22 5943048 ----a-w- c:\program files\Protector Suite\farchns.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen] @="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}" [HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}] 2009-06-12 21:22 5943048 ----a-w- c:\program files\Protector Suite\farchns.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2010-11-03 1833576] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-11-04 2919168] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-02-24 11780712] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-30 387608] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT mLocal Page = c:\windows\SysWOW64\blank.htm IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105 IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm LSP: c:\program files (x86)\VMware\VMware Workstation\vsocklib.dll FF - ProfilePath - c:\users\SJGOEL\AppData\Roaming\Mozilla\Firefox\Profiles\5u6g3uzl.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://search.hotspotshield.com/g/results.php?c=s&q= FF - prefs.js: network.proxy.type - 0 FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} FF - Ext: Exch: {a2e6849b-7584-11da-8cd6-0800200c9a66} - %profile%\extensions\{a2e6849b-7584-11da-8cd6-0800200c9a66} FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} FF - Ext: Table2Clipboard: {9ab67d74-ec41-4cb2-b417-df5d93ba1beb} - %profile%\extensions\{9ab67d74-ec41-4cb2-b417-df5d93ba1beb} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000001 "MSCurrentCountry"=dword:0000002d . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2011-05-13 09:44:26 ComboFix-quarantined-files.txt 2011-05-13 06:44 ComboFix2.txt 2011-05-01 21:32 . Pre-Run: 115,316,293,632 bytes free Post-Run: 115,007,373,312 bytes free . - - End Of File - - 8308AF3904287DCCAC03D5F49D8A2A8F
  8. Dear JonTom Kaspersky Virus Removal Tool scan yielded nothing. Below is the report: Autoscan: completed 6 hours ago (events: 2, objects: 7845, time: 00:13:50) 11/05/2011 23:57:42 Task started 12/05/2011 00:11:32 Task completed System as earlier. Thanks for help.
  9. Dear JonTom Please see the logs below. To add - after the above mentioned actions, the situation is unchanged. All processes killed ========== OTL ========== No active process named explorer.exe was found! ADS C:\ProgramData\TEMP:1CE11B51 deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes User: SJGOEL ->Temp folder emptied: 985687 bytes ->Temporary Internet Files folder emptied: 10366934 bytes ->Java cache emptied: 2023 bytes ->FireFox cache emptied: 147993044 bytes ->Opera cache emptied: 0 bytes ->Flash cache emptied: 6767 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 46094 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 152.00 mb [EMPTYFLASH] User: All Users User: Default ->Flash cache emptied: 0 bytes User: Default User ->Flash cache emptied: 0 bytes User: Public User: SJGOEL ->Flash cache emptied: 0 bytes Total Flash Files Cleaned = 0.00 mb OTL by OldTimer - Version 3.2.22.3 log created on 05082011_155943 Files\Folders moved on Reboot... C:\Users\SJGOEL\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-2352.log moved successfully. Registry entries deleted on Reboot... ************************** Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6531 Windows 6.1.7601 Service Pack 1 Internet Explorer 8.0.7601.17514 08/05/2011 17:04:19 mbam-log-2011-05-08 (17-04-19).txt Scan type: Full scan (C:\|) Objects scanned: 340925 Time elapsed: 51 minute(s), 29 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) **************************
  10. Dear JonTom Below is the OTL log. For some reason, only 1 file - OTL.txt was created. I looked on c: but did not find the other file, you had earlier mentioned. Thanks for help. OTL logfile created on: 08/05/2011 07:19:17 - Run 2 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\SJGOEL\Desktop 64bit- An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 59.00% Memory free 8.00 Gb Paging File | 6.00 Gb Available in Paging File | 76.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 286.59 Gb Total Space | 107.35 Gb Free Space | 37.46% Space Free | Partition Type: NTFS Computer Name: SJGOEL-PC | User Name: SJGOEL | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011/05/08 07:18:33 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\SJGOEL\Desktop\OTL.exe PRC - [2011/05/03 20:16:47 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2010/12/20 18:08:58 | 000,363,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2010/12/20 18:08:56 | 000,443,728 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2010/11/11 14:48:32 | 000,334,448 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe PRC - [2010/11/11 14:48:28 | 000,404,080 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe PRC - [2010/11/11 14:47:22 | 000,113,264 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe PRC - [2010/11/11 13:31:44 | 000,539,248 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe PRC - [2010/11/04 18:15:50 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe PRC - [2010/09/16 15:06:22 | 000,080,896 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe PRC - [2010/09/10 01:09:36 | 001,511,424 | ---- | M] (Mortal Universe) -- C:\Program Files (x86)\POP Peeper\POPPeeper.exe PRC - [2010/08/12 16:15:34 | 000,081,296 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Care\VCSpt.exe PRC - [2009/08/06 12:19:52 | 000,345,336 | ---- | M] (QUALCOMM, Inc.) -- C:\QUALCOMM\QDLService\QDLService.exe PRC - [2009/07/23 11:39:38 | 000,313,264 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe PRC - [2009/07/23 11:39:36 | 000,206,336 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe PRC - [2009/07/22 16:03:04 | 000,642,920 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe PRC - [2009/07/17 12:31:28 | 000,427,304 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe PRC - [2009/07/17 12:31:28 | 000,091,432 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe PRC - [2009/07/17 12:31:28 | 000,075,048 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe PRC - [2009/07/17 12:31:26 | 000,120,104 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe PRC - [2009/07/17 12:31:26 | 000,070,952 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe PRC - [2009/07/14 12:15:12 | 000,204,648 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe PRC - [2009/07/14 12:15:12 | 000,112,488 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe PRC - [2009/06/04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2009/01/20 03:43:04 | 000,394,536 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe PRC - [2007/01/05 06:48:50 | 000,112,152 | ---- | M] (InterVideo) -- c:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe PRC - [2005/04/29 17:15:40 | 000,045,056 | ---- | M] () -- C:\Program Files (x86)\TouchFreeze\TouchFreeze.exe ========== Modules (SafeList) ========== MOD - [2011/05/08 07:18:33 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\SJGOEL\Desktop\OTL.exe MOD - [2010/11/20 14:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010/11/04 18:18:12 | 000,042,360 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv) SRV:64bit: - [2010/11/04 18:15:50 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn) SRV:64bit: - [2010/11/03 18:30:40 | 000,199,272 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe -- (RtkAudioService) SRV:64bit: - [2010/10/25 09:42:10 | 000,164,008 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel® PROSet Monitoring Service) SRV:64bit: - [2009/07/14 04:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009/07/14 04:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2009/07/01 19:54:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV:64bit: - [2009/05/21 17:11:20 | 001,462,544 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV:64bit: - [2009/05/21 15:31:30 | 000,830,224 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV:64bit: - [2009/01/20 03:43:04 | 000,394,536 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr) SRV:64bit: - [2009/01/17 08:59:12 | 000,110,376 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper) SRV - [2010/12/24 19:42:04 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010/12/20 18:08:58 | 000,363,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2010/11/11 14:48:32 | 000,334,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP) SRV - [2010/11/11 14:48:28 | 000,404,080 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service) SRV - [2010/11/11 14:47:22 | 000,113,264 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService) SRV - [2010/11/11 13:31:44 | 000,539,248 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService) SRV - [2010/09/16 15:06:22 | 000,080,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service) SRV - [2010/08/19 14:57:14 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60) SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/08/06 12:19:52 | 000,345,336 | ---- | M] (QUALCOMM, Inc.) [Auto | Running] -- C:\QUALCOMM\QDLService\QDLService.exe -- (QDLService) SRV - [2009/08/01 04:09:14 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService) SRV - [2009/07/23 11:39:38 | 000,313,264 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw) SRV - [2009/07/23 11:39:38 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service) SRV - [2009/07/23 11:39:36 | 000,206,336 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc) SRV - [2009/07/22 16:03:04 | 000,642,920 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw) SRV - [2009/07/17 12:31:28 | 000,427,304 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms) SRV - [2009/07/17 12:31:28 | 000,091,432 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe -- (SOHPlMgr) SRV - [2009/07/17 12:31:28 | 000,075,048 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs) SRV - [2009/07/17 12:31:26 | 000,120,104 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp) SRV - [2009/07/17 12:31:26 | 000,070,952 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe -- (SOHDBSvr) SRV - [2009/07/14 12:15:12 | 000,204,648 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service) SRV - [2009/06/11 00:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/06/04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel® SRV - [2007/01/05 06:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- c:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011/03/11 09:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 09:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/02/16 18:23:46 | 000,074,240 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb) DRV:64bit: - [2011/01/30 12:34:45 | 007,370,176 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011/01/12 00:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010/12/20 18:08:40 | 000,024,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2010/11/20 16:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 14:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/11 14:49:12 | 000,081,008 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci) DRV:64bit: - [2010/11/11 14:49:00 | 000,068,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86) DRV:64bit: - [2010/11/11 14:47:12 | 000,031,856 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd) DRV:64bit: - [2010/11/11 14:47:00 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif) DRV:64bit: - [2010/11/11 13:31:32 | 000,038,512 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon) DRV:64bit: - [2010/11/11 11:04:52 | 000,045,104 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge) DRV:64bit: - [2010/11/11 11:04:52 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb) DRV:64bit: - [2010/11/11 11:04:52 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter) DRV:64bit: - [2010/11/08 20:16:36 | 008,500,736 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel® DRV:64bit: - [2010/09/22 22:19:02 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss) DRV:64bit: - [2010/09/03 07:13:46 | 000,170,104 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm) DRV:64bit: - [2010/08/16 16:31:18 | 000,019,936 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdrvio.sys -- (pwdrvio) DRV:64bit: - [2010/08/16 16:31:16 | 000,013,280 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdspio.sys -- (pwdspio) DRV:64bit: - [2010/07/29 13:31:26 | 000,141,264 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv) DRV:64bit: - [2010/07/29 13:31:26 | 000,126,320 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr) DRV:64bit: - [2010/07/26 05:20:50 | 000,012,032 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP) DRV:64bit: - [2010/07/21 17:59:28 | 000,045,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64) DRV:64bit: - [2010/06/25 17:08:10 | 000,036,928 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot) DRV:64bit: - [2010/04/14 02:01:44 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt) DRV:64bit: - [2010/04/07 16:04:00 | 000,290,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y62x64.sys -- (e1yexpress) Intel® DRV:64bit: - [2010/01/13 19:37:16 | 007,675,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel® DRV:64bit: - [2009/12/08 16:36:00 | 000,064,016 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tcusb.sys -- (TcUsb) DRV:64bit: - [2009/11/01 20:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64) DRV:64bit: - [2009/09/24 17:31:14 | 000,076,288 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsn64.sys -- (risdptsk) DRV:64bit: - [2009/09/03 19:59:28 | 000,054,784 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk) DRV:64bit: - [2009/09/03 17:56:06 | 005,435,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5v64.sys -- (NETw5v64) Intel® DRV:64bit: - [2009/09/01 13:27:40 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2009/09/01 13:27:40 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2009/09/01 13:27:40 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2009/09/01 13:27:32 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2009/08/01 04:09:14 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio) DRV:64bit: - [2009/08/01 04:09:10 | 001,485,824 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV) DRV:64bit: - [2009/08/01 04:09:06 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf) DRV:64bit: - [2009/08/01 04:09:06 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL) DRV:64bit: - [2009/07/30 18:55:46 | 000,025,120 | ---- | M] (Sony Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\shpf.sys -- (shpf) DRV:64bit: - [2009/07/14 04:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 04:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 04:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/14 03:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM) DRV:64bit: - [2009/07/14 02:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM) DRV:64bit: - [2009/06/10 23:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs) DRV:64bit: - [2009/06/10 23:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2009/06/10 23:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 23:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 23:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 23:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/20 04:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2009/01/09 17:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort) DRV:64bit: - [2008/12/08 23:00:15 | 000,017,536 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SonyPI.sys -- (SPI) DRV:64bit: - [2008/10/02 03:00:24 | 000,193,072 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService) DRV:64bit: - [2008/09/06 03:00:59 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk) DRV:64bit: - [2008/05/28 13:23:40 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV - [2010/08/19 14:56:38 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Hotspot Shield Private Search" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.startup.homepage: "http://www.google.com/" FF - prefs.js..extensions.enabledItems: {a2e6849b-7584-11da-8cd6-0800200c9a66}:1.4.5 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2 FF - prefs.js..extensions.enabledItems: {9ab67d74-ec41-4cb2-b417-df5d93ba1beb}:1.5.3 FF - prefs.js..extensions.enabledItems: {7102aba3-045c-4ec2-b921-46d87636d84b}:2.10 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "http://search.hotspotshield.com/g/results.php?c=s&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/05/07 03:47:29 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/05/03 20:16:47 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010/12/24 15:50:25 | 000,000,000 | ---D | M] [2010/12/24 20:04:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SJGOEL\AppData\Roaming\Mozilla\Extensions [2011/05/07 03:57:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SJGOEL\AppData\Roaming\Mozilla\Firefox\Profiles\5u6g3uzl.default\extensions [2011/03/31 09:34:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SJGOEL\AppData\Roaming\Mozilla\Firefox\Profiles\5u6g3uzl.default\extensions\{7102aba3-045c-4ec2-b921-46d87636d84b} [2011/05/04 19:19:03 | 000,000,000 | ---D | M] (Table2Clipboard) -- C:\Users\SJGOEL\AppData\Roaming\Mozilla\Firefox\Profiles\5u6g3uzl.default\extensions\{9ab67d74-ec41-4cb2-b417-df5d93ba1beb} [2010/12/24 20:08:21 | 000,000,000 | ---D | M] (Exch) -- C:\Users\SJGOEL\AppData\Roaming\Mozilla\Firefox\Profiles\5u6g3uzl.default\extensions\{a2e6849b-7584-11da-8cd6-0800200c9a66} [2011/04/07 19:25:09 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\SJGOEL\AppData\Roaming\Mozilla\Firefox\Profiles\5u6g3uzl.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2011/03/13 18:57:36 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\SJGOEL\AppData\Roaming\Mozilla\Firefox\Profiles\5u6g3uzl.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} [2010/12/24 18:45:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SJGOEL\AppData\Roaming\Mozilla\Firefox\Profiles\ff2f5h3i.default\extensions [2010/12/24 18:45:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SJGOEL\AppData\Roaming\Mozilla\Firefox\Profiles\ff2f5h3i.default\extensions\{7102aba3-045c-4ec2-b921-46d87636d84b} [2010/12/24 18:45:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SJGOEL\AppData\Roaming\Mozilla\Firefox\Profiles\ff2f5h3i.default\extensions\{9ab67d74-ec41-4cb2-b417-df5d93ba1beb} [2010/12/24 18:45:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SJGOEL\AppData\Roaming\Mozilla\Firefox\Profiles\ff2f5h3i.default\extensions\{a2e6849b-7584-11da-8cd6-0800200c9a66} [2011/05/07 03:57:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2011/03/11 10:21:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2010/12/24 15:52:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2011/03/11 10:21:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll [2008/12/23 13:06:38 | 000,072,960 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll O1 HOSTS File: ([2011/05/04 02:37:54 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKCU..\Run: [POP Peeper] C:\Program Files (x86)\POP Peeper\POPPeeper.exe (Mortal Universe) O4 - HKCU..\Run: [TouchFreeze] C:\Program Files (x86)\TouchFreeze\TouchFreeze.exe () O4:64bit: - HKLM..\RunOnce: [WinSATRestorePower] C:\Windows\SysNative\powercfg.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.) O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} http://esupport.sony.com/VaioInfo.CAB (VaioInfo.CMClass) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://active.macromedia.com/flash2/cabs/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.67.222.123 208.67.220.123 192.168.10.254 O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20:64bit: - Winlogon\Notify\psfus: DllName - Reg Error: Key error. - C:\Program Files\Protector Suite\psqlpwd.dll (UPEK Inc.) O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation) O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011/05/08 07:18:23 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\SJGOEL\Desktop\OTL.exe [2011/05/04 02:37:54 | 000,000,000 | ---D | C] -- C:\_OTL [2011/05/02 00:41:08 | 000,000,000 | ---D | C] -- C:\Users\SJGOEL\AppData\Roaming\Yahoo! [2011/05/02 00:40:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! [2011/05/02 00:28:17 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2011/05/02 00:17:29 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2011/05/02 00:17:29 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2011/05/02 00:17:29 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2011/05/02 00:17:24 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011/05/02 00:17:09 | 000,000,000 | ---D | C] -- C:\Qoobox [2011/05/02 00:16:53 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe [2011/05/02 00:16:51 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW [2011/04/30 12:02:41 | 000,000,000 | ---D | C] -- C:\Program Files\JL_Cmder [2011/04/30 11:57:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BB Boss [2011/04/30 11:57:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrackMem [2011/04/30 07:51:37 | 000,000,000 | ---D | C] -- C:\Users\SJGOEL\AppData\Roaming\Malwarebytes [2011/04/30 07:51:31 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2011/04/30 07:51:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011/04/30 07:51:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011/04/30 07:51:25 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2011/04/30 07:51:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011/04/29 21:37:50 | 000,000,000 | ---D | C] -- C:\Users\SJGOEL\Documents\Outlook Files [2011/04/29 16:16:51 | 000,000,000 | ---D | C] -- C:\Users\SJGOEL\Desktop\Regn file [2011/04/28 09:17:58 | 002,871,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe [2011/04/28 09:17:57 | 002,616,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe [2011/04/28 09:17:55 | 001,465,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll [2011/04/28 09:17:55 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll [2011/04/28 09:17:27 | 002,565,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll [2011/04/28 09:17:27 | 001,699,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll [2011/04/28 09:17:27 | 000,189,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys [2011/04/28 09:17:27 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsutil.exe [2011/04/28 09:17:26 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys [2011/04/28 09:17:26 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe [2011/04/28 09:17:26 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys [2011/04/28 09:17:20 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prevhost.exe [2011/04/28 09:17:20 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prevhost.exe [2011/04/27 22:45:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Research In Motion Limited [2011/04/27 20:08:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Network Stumbler [2011/04/27 13:18:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro [2011/04/16 11:52:35 | 000,000,000 | ---D | C] -- C:\Users\SJGOEL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DiskInternals [2011/04/16 11:52:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DiskInternals [2011/04/16 11:50:07 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll [2011/04/16 11:50:07 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll [2011/04/14 21:55:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WebSite X5 v8 - Evolution [2011/04/14 01:40:10 | 004,284,416 | ---- | C] (Google Inc.) -- C:\Windows\SysWow64\GPhotos.scr [2011/04/12 21:30:18 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2011/04/12 21:30:18 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2011/04/12 21:30:05 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42.dll [2011/04/12 21:30:05 | 001,359,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42u.dll [2011/04/12 21:30:04 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll [2011/04/12 21:30:04 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll [2011/04/12 21:30:03 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll [2011/04/12 21:30:02 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnscacheugc.exe [2011/04/12 21:30:02 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe [2011/04/12 21:30:01 | 000,605,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe [2011/04/12 21:30:01 | 000,566,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi [2011/04/12 21:30:01 | 000,518,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe [2011/04/12 21:30:01 | 000,019,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd1394.dll [2011/04/12 21:30:00 | 000,642,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi [2011/04/12 21:30:00 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdusb.dll [2011/04/12 21:30:00 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdcom.dll [2011/04/12 21:29:48 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2011/04/12 21:29:48 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2011/04/12 21:29:48 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2011/04/12 21:29:48 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2011/04/12 21:29:47 | 000,919,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2011/04/12 21:29:47 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2011/04/12 21:29:47 | 000,613,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2011/04/12 21:29:42 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FXSCOVER.exe [2011/04/12 12:15:43 | 000,000,000 | ---D | C] -- C:\Users\SJGOEL\AppData\Roaming\Opera [2011/04/12 12:15:43 | 000,000,000 | ---D | C] -- C:\Users\SJGOEL\AppData\Local\Opera [2011/04/12 12:15:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera [2011/04/10 08:07:36 | 002,152,552 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvencodemft.dll [2011/04/10 08:07:31 | 001,734,248 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll [2011/04/10 08:07:25 | 000,183,912 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcod173.dll [2011/04/10 08:07:13 | 000,930,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpinst.exe [2011/04/10 08:07:13 | 000,106,008 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\difx64.exe [2011/04/10 07:48:28 | 000,064,016 | ---- | C] (UPEK Inc.) -- C:\Windows\SysNative\drivers\tcusb.sys [2011/04/10 07:48:27 | 002,578,576 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll [2011/04/10 07:48:27 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll [2011/04/10 07:48:27 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll [2011/04/10 07:48:27 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll [2011/04/10 07:48:27 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll [2011/04/10 07:48:27 | 000,121,744 | ---- | C] (Sony Corporation) -- C:\Windows\SysNative\SFSS_APO.dll [2011/04/10 07:48:27 | 000,090,112 | ---- | C] (Sony Corporation) -- C:\Windows\SysNative\snymsico.dll [2011/04/10 07:48:27 | 000,076,288 | ---- | C] (REDC) -- C:\Windows\SysNative\drivers\risdsn64.sys [2011/04/10 07:48:27 | 000,054,784 | ---- | C] (REDC) -- C:\Windows\SysNative\drivers\rimspx64.sys [2011/04/10 07:48:26 | 002,369,128 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll [2011/04/10 07:48:26 | 001,146,984 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl [2011/04/10 07:48:26 | 000,220,496 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFNHK64.dll [2011/04/10 07:48:26 | 000,081,232 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFCOM64.dll [2011/04/10 07:48:26 | 000,078,160 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysNative\SFAPO64.dll [2011/04/10 07:48:26 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll [2011/04/10 07:48:25 | 002,839,656 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll [2011/04/10 07:48:25 | 000,648,296 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll [2011/04/10 07:48:25 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll [2011/04/10 07:48:25 | 000,332,392 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll [2011/04/10 07:48:25 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll [2011/04/10 07:48:25 | 000,149,608 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll [2011/04/10 07:48:25 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll [2011/04/10 07:48:25 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll [2011/04/10 07:48:24 | 001,247,848 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll [2011/04/10 07:48:24 | 000,820,224 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoRes64.dat [2011/04/10 07:48:24 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll [2011/04/10 07:48:24 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll [2011/04/10 07:48:24 | 000,084,072 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInst64.dll [2011/04/10 07:48:23 | 001,718,616 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll [2011/04/10 07:48:22 | 001,868,944 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll [2011/04/10 07:48:22 | 000,421,720 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll [2011/04/10 07:48:22 | 000,334,680 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll [2011/04/10 07:48:22 | 000,127,832 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll [2011/04/10 07:48:22 | 000,108,888 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll [2011/04/10 07:48:22 | 000,074,584 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll [2011/04/10 07:48:21 | 002,197,264 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll [2011/04/10 07:48:21 | 002,075,712 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll [2011/04/10 07:48:21 | 001,327,208 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll [2011/04/10 07:48:21 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll [2011/04/10 07:48:21 | 000,475,752 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll [2011/04/10 07:48:21 | 000,341,336 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll [2011/04/10 07:48:21 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll [2011/04/10 07:48:20 | 001,179,752 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll [2011/04/10 07:48:20 | 001,111,656 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll [2011/04/10 07:48:20 | 000,504,936 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll [2011/04/10 07:48:20 | 000,317,032 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll [2011/04/10 07:48:20 | 000,269,928 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll [2011/04/10 07:48:20 | 000,266,856 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll [2011/04/10 07:48:20 | 000,200,800 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll [2011/04/10 07:48:20 | 000,126,056 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll [2011/04/10 07:48:20 | 000,125,544 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll [2011/04/10 07:48:20 | 000,125,032 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll [2011/04/10 07:48:20 | 000,108,960 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll [2011/04/10 07:48:00 | 008,500,736 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\NETwNs64.sys [2011/04/10 07:47:59 | 002,750,464 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\NETwNr64.dll [2011/04/10 07:47:59 | 000,799,232 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\NETwNc64.dll [2011/04/10 07:47:59 | 000,439,320 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\iaStor.sys [2011/04/10 07:47:59 | 000,436,736 | ---- | C] (Conexant Systems, Inc.) -- C:\Windows\SysWow64\XAudio64.dll [2011/04/10 07:47:59 | 000,010,240 | ---- | C] (Conexant Systems, Inc.) -- C:\Windows\SysNative\drivers\XAudio64.sys [2011/04/10 07:47:58 | 001,485,824 | ---- | C] (Conexant Systems, Inc.) -- C:\Windows\SysNative\drivers\CAX_DPV.sys [2011/04/10 07:47:58 | 000,740,864 | ---- | C] (Conexant Systems, Inc.) -- C:\Windows\SysNative\drivers\CAX_CNXT.sys [2011/04/10 07:47:58 | 000,394,752 | ---- | C] (Conexant Systems, Inc.) -- C:\Windows\SysNative\UCI64M41.dll [2011/04/10 07:47:58 | 000,292,864 | ---- | C] (Conexant Systems, Inc.) -- C:\Windows\SysNative\drivers\CAXHWAZL.sys [2011/04/10 07:29:12 | 000,000,000 | ---D | C] -- C:\Users\SJGOEL\Documents\My Drivers [2011/04/10 07:29:12 | 000,000,000 | ---D | C] -- C:\Users\SJGOEL\AppData\Local\Innovative Solutions [2011/04/10 07:29:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Innovative Solutions [2011/04/10 07:29:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverMax [2011/04/10 07:29:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Innovative Solutions [2011/04/08 14:48:58 | 000,000,000 | ---D | C] -- C:\Users\SJGOEL\Documents\InterVideo [2011/04/08 14:46:06 | 000,000,000 | ---D | C] -- C:\Users\SJGOEL\AppData\Roaming\InterVideo ========== Files - Modified Within 30 Days ========== [2011/05/08 07:18:33 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\SJGOEL\Desktop\OTL.exe [2011/05/07 15:25:04 | 000,011,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011/05/07 15:25:04 | 000,011,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011/05/07 15:23:58 | 000,734,596 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011/05/07 15:23:58 | 000,634,048 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011/05/07 15:23:58 | 000,112,666 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011/05/07 15:17:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011/05/07 15:17:33 | 3166,826,496 | -HS- | M] () -- C:\hiberfil.sys [2011/05/04 02:37:54 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts [2011/04/30 09:22:21 | 000,000,227 | ---- | M] () -- C:\Windows\WININIT.INI [2011/04/29 15:58:38 | 000,689,341 | ---- | M] () -- C:\Users\SJGOEL\Desktop\1941_001.pdf [2011/04/28 10:42:13 | 000,129,664 | ---- | M] () -- C:\test.xml [2011/04/22 21:33:37 | 026,958,557 | ---- | M] () -- C:\Users\SJGOEL\Documents\LoaderBackup-(2011-04-22).ipd [2011/04/21 10:05:09 | 000,023,040 | ---- | M] () -- C:\Users\SJGOEL\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/04/19 11:12:01 | 000,106,345 | ---- | M] () -- C:\Users\SJGOEL\Desktop\merck.pdf [2011/04/14 01:40:10 | 004,284,416 | ---- | M] (Google Inc.) -- C:\Windows\SysWow64\GPhotos.scr [2011/04/12 21:40:21 | 002,385,832 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011/04/11 12:02:41 | 027,382,347 | ---- | M] () -- C:\Users\SJGOEL\Documents\LoaderBackup-(2011-04-11).ipd ========== Files Created - No Company Name ========== [2011/05/02 00:17:29 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe [2011/05/02 00:17:29 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2011/05/02 00:17:29 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe [2011/05/02 00:17:29 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2011/05/02 00:17:29 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011/04/29 15:58:06 | 000,689,341 | ---- | C] () -- C:\Users\SJGOEL\Desktop\1941_001.pdf [2011/04/25 23:40:32 | 031,751,259 | ---- | C] () -- C:\Use
  11. Dear JonTom FInally I was agan able to check - and there is no change. The search results still come from www.search-results.com. If we cannot get to the bottom of this, is this a problem? Thanks
  12. Dear JonTom Thanks for advice. Enquiry did not result in anything, probably language issues. Please keep the topic alive for 2-3 days when I will be back & check from our normal location - and update you. Regards
  13. Dear JonTom I had posted the log earlier. The situation is: now when I try a search term in the address bar, the browser tries to connect to some http://search.hotspotshield.com and after some time gives a message: The connection has timed out The server at search.hotspotshield.com is taking too long to respond. I am not sure if this is imporvement because earlier I was gettong connectedto search-results.com, but now the ffort is to connect to hotspotshield. Maybe it is the hotel IP policy, where I am now Regards
  14. Dear JonTom Thanks for your help. I am ow in China, so IP is correct. I enclose the log, but cannot check computer behavior because my hotel IP policy does not allow this. Will try to check in few hours from outside. All processes killed ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully. Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully. Starting removal of ActiveX control {7530BFB8-7293-4D34-9923-61A11451AFC5} C:\Windows\Downloaded Program Files\OnlineScanner.inf moved successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found. ADS C:\ProgramData\TEMP:1CE11B51 deleted successfully. ADS C:\ProgramData\TEMP:07BF512B deleted successfully. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->Flash cache emptied: 56502 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes User: SJGOEL ->Temp folder emptied: 398171 bytes ->Temporary Internet Files folder emptied: 58572346 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 123686278 bytes ->Opera cache emptied: 2346453 bytes ->Flash cache emptied: 47562 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 23377 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 70538 bytes RecycleBin emptied: 4644816 bytes Total Files Cleaned = 181.00 mb [EMPTYFLASH] User: All Users User: Default ->Flash cache emptied: 0 bytes User: Default User ->Flash cache emptied: 0 bytes User: Public User: SJGOEL ->Flash cache emptied: 0 bytes Total Flash Files Cleaned = 0.00 mb OTL by OldTimer - Version 3.2.22.3 log created on 05042011_023754 Files\Folders moved on Reboot... C:\Users\SJGOEL\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-2560.log moved successfully. Registry entries deleted on Reboot...
×
×
  • Create New...