Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Help needed in Removing Rootkit

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Help needed in Removing Rootkit

Unread postby Redhood » May 10th, 2013, 1:20 pm

Dear Sir,

I wish to bring to your notice about the Rootkit in my Netbook.This is my Home Netbook.
It sometimes shows something is Dumping ,BSOD (Blue Screen of Death) and OS not found.

Even while Shutting Down my Netbook, it shows Some Program is still functioning but actually its not. It is like some hidden program is running but iam not aware about it.

Please assist me.
This is my DDS from Notepad given below :

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16470
Run by Rakmo at 22:29:48 on 2013-05-10
Microsoft Windows 7 Starter 6.1.7601.1.1252.91.1033.18.1643.647 [GMT 5.5:30]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWASER.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWAgent.exe
c:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files\Google\Update\1.3.21.135\GoogleCrashHandler.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
C:\Program Files\Sony\VAIO Update\VUAgent.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Sony\VAIO Care\VCPerfService.exe
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
C:\Program Files\Sony\VAIO Care\VCsystray.exe
C:\Program Files\Sony\VAIO Care\VCService.exe
C:\Program Files\Sony\VAIO Care\VCAgent.exe
C:\Windows\System32\vds.exe
C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Sony\VAIO Care\Admload.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k regsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://sony.msn.com
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\microsoft\bingbar\7.1.391.0\BingExt.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [PMBVolumeWatcher] c:\program files\sony\pmb\PMBVolumeWatcher.exe
mRun: [ISBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.318\SSScheduler.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:153
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office12\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\mif5ba~1\office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{2BB2E6B0-3E62-4D03-B96E-ACC065BE53BA} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{84F2F33B-9D20-453B-AC8C-FD92DC073412}\37F6E697 : DHCPNameServer = 202.149.208.92 202.149.208.11
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\26.0.1410.64\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\rakmo\appdata\roaming\mozilla\firefox\profiles\l8j69jqh.default\
FF - plugin: c:\progra~1\mif5ba~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\mif5ba~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_180.dll
FF - ExtSQL: 2013-04-14 16:50; {e4a8a97b-f2ed-450b-b12d-ee082ba24781}; c:\users\rakmo\appdata\roaming\mozilla\firefox\profiles\l8j69jqh.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
FF - ExtSQL: 2013-05-10 15:55; wrc@avast.com; c:\program files\avast software\avast\webrep\FF
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys [2012-1-16 64128]
R0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys [2012-1-16 32384]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-5-10 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-5-10 361032]
R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ati technologies\ati.ace\fuel\Fuel.Service.exe [2011-5-25 294400]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-5-10 21256]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-5-10 58680]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-5-10 44808]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\sony\pmb\PMBDeviceInfoProvider.exe [2010-11-27 398176]
R2 SampleCollector;VAIO Care Performance Service;c:\program files\sony\vaio care\VCPerfService.exe [2013-3-2 189048]
R2 uCamMonitor;CamMonitor;c:\program files\arcsoft\magic-i visual effects 2\uCamMonitor.exe [2013-2-11 105024]
R3 amdiox86;AMD IO Driver;c:\windows\system32\drivers\amdiox86.sys [2013-2-12 37944]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\drivers\ArcSoftKsUFilter.sys [2013-2-11 17408]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2011-7-4 100880]
R3 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\7.1.391.0\SeaPort.EXE [2012-6-11 240208]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C62x86.sys [2010-11-1 68208]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2013-2-12 197224]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2010-6-2 9344]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2013-2-12 35968]
R3 VCService;VCService;c:\program files\sony\vaio care\VCService.exe [2013-3-2 44736]
R3 VUAgent;VUAgent;c:\program files\sony\vaio update\VUAgent.exe [2013-3-1 957056]
S2 BBSvc;BingBar Service;c:\program files\microsoft\bingbar\7.1.391.0\BBSvc.EXE [2012-6-11 193616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-19 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2013-2-12 297000]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2013-2-12 33320]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6032.sys [2009-7-14 214016]
S3 SOHCImp;VAIO Content Importer;c:\program files\common files\sony shared\sohlib\SOHCImp.exe [2011-2-22 113824]
S3 SOHDs;VAIO Device Searcher;c:\program files\common files\sony shared\sohlib\SOHDs.exe [2011-2-22 67232]
S3 SpfService;VAIO Entertainment Common Service;c:\program files\common files\sony shared\vaio entertainment platform\spf\SpfService.exe [2011-1-21 228056]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-21 52224]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 27264]
S3 VCFw;VAIO Content Folder Watcher;c:\program files\common files\sony shared\vaio content folder watcher\VCFw.exe [2011-1-21 887000]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe [2011-5-20 549616]
S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\sony\vcm intelligent network service manager\VcmINSMgr.exe [2011-2-19 385336]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper.exe [2011-2-19 83232]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-23 51040]
.
=============== Created Last 30 ================
.
2013-05-10 10:26:12 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-05-10 10:26:08 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-05-10 10:26:05 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-05-10 10:25:36 41224 ----a-w- c:\windows\avastSS.scr
2013-05-10 09:39:07 -------- d-sh--w- C:\$RECYCLE.BIN
2013-05-10 09:39:04 -------- d-----w- c:\users\rakmo\appdata\local\temp
.
==================== Find3M ====================
.
2013-03-13 16:32:48 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-13 16:32:47 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-13 15:41:06 5256944 ----a-w- c:\windows\uninst.exe
2013-02-12 03:32:45 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-11 08:17:01 472808 ----a-w- c:\windows\system32\deployJava1.dll
2013-02-11 08:16:00 0 ----a-w- c:\windows\ativpsrm.bin
2013-02-11 01:26:21 632064 ----a-w- c:\windows\system32\msvcr80.dll
2013-02-11 01:26:20 554240 ----a-w- c:\windows\system32\msvcp80.dll
2013-02-11 01:26:19 572928 ----a-w- c:\windows\system32\msvcp90.dll
2013-02-11 01:26:18 655872 ----a-w- c:\windows\system32\msvcr90.dll
2013-02-11 01:23:52 18162 ----a-w- c:\windows\winsbak.reg
2013-02-11 01:23:52 160308 ----a-w- c:\windows\winsbak2.reg
.
============= FINISH: 22:31:07.62 ===============

Thanks
Redhood
Regular Member
 
Posts: 20
Joined: May 10th, 2013, 12:53 pm
Advertisement
Register to Remove

Re: Help needed in Removing Rootkit

Unread postby melboy » May 10th, 2013, 2:16 pm

Hi and welcome to the MR forums. :)

I'm melboy and I am going to try to help you with your problem. Please take note of the following:

  1. I will be working on your Malware issues this may or may not solve other issues you have with your machine.
  2. The fixes are specific to your problem and should only be used for this issue on this machine.
  3. If you don't know or understand something, please don't hesitate to ask.
  4. Please refrain from making any further changes to your computer (Install/Uninstall programs, delete files, edit the registry, etc...)
  5. Please DO NOT run any other tools or scans whilst I am helping you.
  6. It is important that you reply to this thread. Do not start a new topic.
  7. DO NOT attach logs unless requested to. Please copy/paste all requested logs into your replies.
  8. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  9. Absence of symptoms does not mean that everything is clear.


NOTE: Please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.


IMPORTANT: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.



No Reply Within 3 Days Will Result In Your Topic Being Closed!! If you need more time, please inform me.


============================================


The symptoms you are experiencing may not necessarily be related to a rootkit.

Please post the contents of attach.txt from DDS
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Help needed in Removing Rootkit

Unread postby Redhood » May 10th, 2013, 3:00 pm

Thanks for your response.

I have seen the guidelines,rules as well as taken the backup of some files.

How shall we proceed ?

I have Attached File as you mentioned :


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Starter
Boot Device: \Device\HarddiskVolume2
Install Date: 11-02-2013 02:36:20 AM
System Uptime: 10-05-2013 08:15:58 PM (2 hours ago)
.
Motherboard: Sony Corporation | | VAIO
Processor: AMD E-450 APU with Radeon(tm) HD Graphics | N/A | 825/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 145 GiB total, 113.96 GiB free.
D: is FIXED (NTFS) - 71 GiB total, 69.345 GiB free.
E: is FIXED (NTFS) - 72 GiB total, 69.946 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP90: 26-03-2013 01:42:11 PM - Windows Update
RP91: 26-03-2013 01:59:56 PM - Windows Update
RP92: 27-03-2013 03:03:49 PM - Windows Update
RP93: 28-03-2013 12:38:05 PM - avast! Free Antivirus Setup
RP94: 28-03-2013 12:42:37 PM - avast! Free Antivirus Setup
RP95: 28-03-2013 12:42:58 PM - avast! Free Antivirus Setup
RP96: 28-03-2013 12:46:32 PM - avast! Free Antivirus Setup
RP97: 31-03-2013 04:35:29 PM - VAIO Care Automatic Restore Point
RP98: 31-03-2013 04:42:30 PM - VAIO Care Automatic Restore Point
RP99: 30-04-2013 03:46:22 PM - Scheduled Checkpoint
RP100: 10-05-2013 02:36:24 PM - avast! Free Antivirus Setup
RP102: 10-05-2013 03:54:49 PM - avast! Free Antivirus Setup

.
==== Installed Programs ======================
.
???? ??? Windows Live
???? Windows Live
??????? Windows Live Mesh ActiveX ??(????)
??????? Windows Live Mesh ActiveX ???
????????? ActiveX ?? Windows Live Mesh ????????????????????????? (???)
Ðiê`u khiê?n ActiveX Windows Live Mesh da`nh cho kê´t nô´i tu` xa
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X MUI
AMD APP SDK Runtime
AMD Fuel
AMD Media Foundation Decoders
AMD VISION Engine Control Center
ArcSoft Magic-i Visual Effects 2
ArcSoft WebCam Companion 4
ATI Catalyst Install Manager
avast! Free Antivirus
Bing Bar
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
Catalyst Control Center Profiles Mobile
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
D3DX10
Debugging Tools for Windows (x86)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Google Chrome
Google Drive
Google Update Helper
Java Auto Updater
Java(TM) 6 Update 22
Junk Mail filter update
Media Gallery
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Runtime (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Home and Student 2010
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2007
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2007
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2007
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (English) 2010
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2007
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Visual Studio 6.0 Enterprise Edition
Microsoft Web Publishing Wizard 1.53
Mozilla Firefox 20.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2758694)
PMB
PMB VAIO Edition Guide
PMB VAIO Edition Plug-in
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Remote Keyboard
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
SSLx86
Synaptics Pointing Device Driver
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2768024) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
VAIO - Media Gallery
VAIO - PMB VAIO Edition Guide
VAIO - PMB VAIO Edition Plug-in
VAIO - Remote Keyboard
VAIO Care
VAIO Control Center
VAIO Data Restore Tool
VAIO Easy Connect
VAIO Event Service
VAIO Gate
VAIO Gate Default
VAIO Hardware Diagnostics
VAIO Improvement
VAIO Manual
VAIO Sample Contents
VAIO Transfer Support
VAIO Update
VCCx86
VESx86
VIx86
VU5x86
VWSTx86
WIDCOMM Bluetooth Software
Windows Live ???
Windows Live ????
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinZip 17.0
.
==== Event Viewer Messages From Past Week ========
.
10-05-2013 12:16:35 PM, Error: Service Control Manager [7022] - The VAIO Care Performance Service service hung on starting.
10-05-2013 12:14:33 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
10-05-2013 12:14:33 PM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10-05-2013 08:16:24 PM, Error: Service Control Manager [7003] - The Windows Driver Foundation - User-mode Driver Framework service depends the following service: WudfPf. This service might not be installed.
10-05-2013 03:05:50 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
.
==== End Of File ===========================


Redhood
Last edited by Redhood on May 10th, 2013, 11:54 pm, edited 1 time in total.
Redhood
Regular Member
 
Posts: 20
Joined: May 10th, 2013, 12:53 pm

Re: Help needed in Removing Rootkit

Unread postby melboy » May 10th, 2013, 3:47 pm

Hi

Q. I notice you have Microsoft Office Enterprise 2007 installed. Please tell me how this software was obtained.


MGADiag

Download the diagnostic tool MGADiag and save it to your desktop.

  • Right click MGADiag.exe & choose Run as Administrator.
  • Allow if prompted by the UAC
  • Click Continue
  • The tool will run. When finished, click Copy.
  • Paste the report in your next reply.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Help needed in Removing Rootkit

Unread postby Redhood » May 10th, 2013, 11:54 pm

Hi

Yes i have installed Microsoft office 2007 since i wanted Microsoft Access for my Practical Exams. (In microsoft Office 2010,there was NO Microsoft Access 2010)

So i installed it from my College Computer Lab..

Few days back ,Sony Service people Assisted me at time of BSOD and OS not found Problem. They Told me to press ASSIST Button(Formatting) on my Netbook.

I have pressed the button 2-3 times as per the instruction given by SONY But the problem of BSOD and OS not Found is Recurrent. It doesn't Stop


Another thing i want to tell you is when i Just Open Firefox, Chrome Browser sometimes it just Hangs for 10-12 seconds.


Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: N/A, hr = 0xc004f012
Windows Product Key: *****-*****-9QJXP-Q3FVT-X8BQ7
Windows Product Key Hash: 08kKInHQmDp6zZlEGwLo7x/VWjo=
Windows Product ID: 00342-OEM-8992707-00016
Windows Product ID Type: 2
Windows License Type: OEM SLP
Windows OS version: 6.1.7601.2.00010300.1.0.011
ID: {0C0A2DE4-3F85-4FD6-BDC5-CBBB8B5A1941}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Starter
Architecture: 0x00000000
Build lab: 7601.win7sp1_gdr.130104-1431
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 100 Genuine
Microsoft Office Access Runtime (English) 2007 - 121
Microsoft Office Enterprise 2007 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 77F760FE-153-80070002_7E90FEE8-175-80070002_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_B4D0AA8B-920-80070057

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->
File Mismatch: C:\Windows\system32\wat\watadminsvc.exe[Hr = 0x80070003]
File Mismatch: C:\Windows\system32\wat\npwatweb.dll[Hr = 0x80070003]
File Mismatch: C:\Windows\system32\wat\watux.exe[Hr = 0x80070003]
File Mismatch: C:\Windows\system32\wat\watweb.dll[Hr = 0x80070003]

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{0C0A2DE4-3F85-4FD6-BDC5-CBBB8B5A1941}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010300.1.0.011</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-X8BQ7</PKey><PID>00342-OEM-8992707-00016</PID><PIDType>2</PIDType><SID>S-1-5-21-3991906835-1689340198-2424454428</SID><SYSTEM><Manufacturer>Sony Corporation</Manufacturer><Model>VPCYB35AN</Model></SYSTEM><BIOS><Manufacturer>Insyde Corp.</Manufacturer><Version>R0190Z7</Version><SMBIOSVersion major="2" minor="7"/><Date>20110909000000.000000+000</Date></BIOS><HWID>978B0300018400F2</HWID><UserLCID>4009</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>India Standard Time(GMT+05:30)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>Sony</OEMID><OEMTableID>VAIO</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90120000-001C-0409-0000-0000000FF1CE}"><LegitResult>121</LegitResult><Name>Microsoft Office Access Runtime (English) 2007</Name><Ver>12</Ver><Val>A6DF1BF2503CD6C</Val><Hash>dTTDvXHN4cR0t+IYAOhhFudJX58=</Hash><Pid>00000-694-0010114-62258</Pid><PidType>2</PidType></Product><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><PidType>19</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows(R) 7, Starter edition
Description: Windows Operating System - Windows(R) 7, OEM_SLP channel
Activation ID: 8be4a481-9b5c-4588-a5ec-5dad4b1f15da
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00342-00178-927-000016-02-2057-7601.0000-0412011
Installation ID: 003496840291934881692326494775074325563214030411849865
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: X8BQ7
License Status: Licensed
Remaining Windows rearm count: 3
Trusted time: 11-05-2013 09:17:53 AM

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: N/A
HealthStatus: 0x0000000000000000
Event Time Stamp: N/A
ActiveX: Not Registered - 0x80040154
Admin Service: Not Registered - 0x80040154
HealthStatus Bitmask Output:


HWID Data-->
HWID Hash Current: LAAAAAAAAQABAAEAAAACAAAAAgABAAEAJJQyCwZsFryoO2I9tBXC3fgeUF4=

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20001
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC Sony VAIO
FACP Sony VAIO
HPET Sony VAIO
BOOT Sony VAIO
MCFG Sony VAIO
SLIC Sony VAIO
SSDT AMD POWERNOW
SSDT AMD POWERNOW
Last edited by Redhood on May 12th, 2013, 1:49 am, edited 1 time in total.
Redhood
Regular Member
 
Posts: 20
Joined: May 10th, 2013, 12:53 pm

Re: Help needed in Removing Rootkit

Unread postby melboy » May 11th, 2013, 5:08 am

Hello.

Your use of the Office program without having purchased a license constitutes a violation of the terms of the EULA, therefore I must ask you remove it before we continue.

After removing the office software, please run OTL as below.

OTL

Download OTL by Old Timer and save it to your Desktop.

  • Double click on OTL.exe to run it.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Help needed in Removing Rootkit

Unread postby Redhood » May 12th, 2013, 1:25 am

Hi

Yes i have removed MS Office 2007 as per your instruction.

Files OTL.txt and Extras.txt are posted below.

OTL.txt :


OTL logfile created on: 12-05-2013 AM 10:24:12 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Rakmo\Downloads
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00004009 | Country: India | Language: ENN | Date Format: dd-MM-yyyy

1.60 Gb Total Physical Memory | 0.83 Gb Available Physical Memory | 51.54% Memory free
3.21 Gb Paging File | 2.29 Gb Available in Paging File | 71.25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 145.38 Gb Total Space | 116.91 Gb Free Space | 80.42% Space Free | Partition Type: NTFS
Drive D: | 71.41 Gb Total Space | 69.34 Gb Free Space | 97.11% Space Free | Partition Type: NTFS
Drive E: | 71.87 Gb Total Space | 69.95 Gb Free Space | 97.32% Space Free | Partition Type: NTFS

Computer Name: RAKMO-VAIO | User Name: Rakmo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013-05-12 10:18:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Rakmo\Downloads\OTL.exe
PRC - [2013-04-12 14:02:22 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013-02-22 09:27:40 | 000,213,384 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.135\GoogleCrashHandler.exe
PRC - [2012-11-23 08:18:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012-11-22 15:08:14 | 001,038,496 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
PRC - [2012-11-22 15:08:12 | 000,957,056 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update\VUAgent.exe
PRC - [2012-10-31 04:20:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012-10-31 04:20:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012-10-04 03:17:38 | 000,859,432 | ---- | M] (MicroWorld Technologies Inc.) -- C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE
PRC - [2012-10-04 03:17:34 | 001,378,600 | ---- | M] (MicroWorld Technologies Inc.) -- C:\Program Files\Common Files\MicroWorld\Agent\MWAGENT.EXE
PRC - [2012-06-11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.EXE
PRC - [2012-06-11 16:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.EXE
PRC - [2011-11-15 10:27:18 | 000,088,736 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Care\VCAgent.exe
PRC - [2011-05-28 00:17:58 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011-05-25 12:47:32 | 000,294,400 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
PRC - [2011-03-06 06:12:36 | 000,180,928 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2011-03-06 06:12:36 | 000,064,704 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2011-02-24 03:35:04 | 000,105,024 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
PRC - [2011-02-16 14:08:52 | 001,166,016 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Care\VCsystray.exe
PRC - [2011-02-16 01:17:02 | 002,757,312 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\ISB Utility\ISBMgr.exe
PRC - [2011-02-14 13:23:50 | 000,044,736 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Care\VCService.exe
PRC - [2011-01-29 05:36:18 | 000,189,048 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe
PRC - [2011-01-29 05:36:18 | 000,081,016 | ---- | M] (Sony of America Corporation) -- C:\Program Files\Sony\VAIO Care\listener.exe
PRC - [2010-11-27 14:25:42 | 000,648,032 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2010-11-27 14:25:42 | 000,398,176 | ---- | M] (Sony Corporation) -- c:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2010-07-30 08:15:48 | 000,836,896 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2010-07-30 08:15:48 | 000,656,672 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe


========== Modules (No Company Name) ==========

MOD - [2013-04-12 14:02:22 | 003,133,336 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013-03-25 19:04:21 | 001,358,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\f2dd9fea324ec56aa2e31c6840fb719b\System.WorkflowServices.ni.dll
MOD - [2013-03-25 19:02:46 | 001,707,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\aa1c0f607e0e674fc642c1b8fc0cf8dd\System.ServiceModel.Web.ni.dll
MOD - [2013-03-25 18:35:08 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\f680417196b32e5329c1b65de0617d7e\WindowsFormsIntegration.ni.dll
MOD - [2013-03-25 18:33:38 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\87fb0dbe6f9550b3e95f2aa0d124f726\System.Core.ni.dll
MOD - [2013-03-25 18:20:02 | 017,478,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\64c0903165647666cf22d311aa4c49d2\System.ServiceModel.ni.dll
MOD - [2013-03-25 18:19:01 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\5ad51f54de5df73f09eb6be16f3ca4ff\System.Runtime.Serialization.ni.dll
MOD - [2013-03-25 18:18:53 | 001,084,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\613a3a6fa3ca5b7367ccf690c0f07253\System.IdentityModel.ni.dll
MOD - [2013-03-25 18:18:29 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\d3b721c20d789414b8b5c19fc27ae959\SMDiagnostics.ni.dll
MOD - [2013-03-25 18:16:33 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f5fdab6574ba915d378620157d84727e\PresentationFramework.Aero.ni.dll
MOD - [2013-03-25 18:15:53 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\c73ee9d8c9fb5afcf3e0a90c33baa81b\System.Web.ni.dll
MOD - [2013-03-25 18:15:32 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b7cce39782300219e1130698e8fbc30c\System.Runtime.Remoting.ni.dll
MOD - [2013-03-25 18:14:24 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\4dc0c1f43d69069d8245efb77f971731\PresentationFramework.ni.dll
MOD - [2013-03-25 18:13:21 | 012,435,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e93fb76a459ddd1beedcf29edd96a250\System.Windows.Forms.ni.dll
MOD - [2013-03-25 18:12:56 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\287e0f73a2bb79d6ba7f6141d6914bab\System.Drawing.ni.dll
MOD - [2013-03-25 18:12:34 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\802842f94f331623b759edc5bdff47d4\PresentationCore.ni.dll
MOD - [2013-03-25 18:11:56 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\5937ee228d11266a0a60cffeac95fd07\WindowsBase.ni.dll
MOD - [2013-03-25 18:11:33 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\1a8cdc51e5752c5ef72b8677017df8c9\System.Xml.ni.dll
MOD - [2013-03-25 18:11:20 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\049768603c65e3c99bd34f2efabd37ba\System.Configuration.ni.dll
MOD - [2013-03-25 18:11:16 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\98b49167a3373cf333d4c89ac47dcefb\System.ni.dll
MOD - [2013-03-25 18:10:56 | 011,493,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2866646f2e764e809451219352b63ef0\mscorlib.ni.dll
MOD - [2011-05-25 13:20:44 | 000,243,712 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2011-05-25 12:47:38 | 000,095,232 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
MOD - [2011-03-15 03:51:10 | 000,016,384 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll


========== Services (SafeList) ==========

SRV - [2013-04-12 14:02:22 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013-03-13 22:02:50 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012-11-22 15:08:12 | 000,957,056 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Update\VUAgent.exe -- (VUAgent)
SRV - [2012-10-31 04:20:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012-10-04 03:17:38 | 000,859,432 | ---- | M] (MicroWorld Technologies Inc.) [Auto | Running] -- C:\Program Files\Common Files\MicroWorld\Agent\MWASER.EXE -- (MWAgent)
SRV - [2012-06-11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012-06-11 16:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.EXE -- (BBSvc)
SRV - [2011-05-25 12:47:32 | 000,294,400 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2011-05-20 08:45:44 | 000,549,616 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2011-03-06 06:12:36 | 000,064,704 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2011-02-24 03:35:04 | 000,105,024 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2011-02-22 02:25:08 | 000,113,824 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2011-02-22 02:25:08 | 000,067,232 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2011-02-19 11:45:04 | 000,083,232 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper)
SRV - [2011-02-19 11:32:08 | 000,385,336 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr)
SRV - [2011-02-14 13:23:50 | 000,044,736 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Care\VCService.exe -- (VCService)
SRV - [2011-01-29 05:36:18 | 000,189,048 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe -- (SampleCollector)
SRV - [2011-01-21 01:57:18 | 000,228,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe -- (SpfService)
SRV - [2011-01-21 01:46:26 | 000,887,000 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2010-11-27 14:25:42 | 000,398,176 | ---- | M] (Sony Corporation) [Auto | Running] -- c:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2010-07-30 08:15:48 | 000,656,672 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009-07-14 06:45:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [1998-06-06 00:00:00 | 000,034,036 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- E:\Tools\VS-Ent98\Vanalyzr\VARPC.EXE -- (Visual Studio Analyzer RPC bridge)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Rakmo\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012-10-31 04:21:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012-10-31 04:21:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012-10-31 04:21:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012-10-31 04:21:57 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012-10-31 04:21:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012-10-15 21:29:28 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2011-07-01 09:40:32 | 000,100,880 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2011-07-01 09:40:19 | 007,800,832 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011-07-01 09:40:19 | 000,245,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2011-03-28 14:24:52 | 000,197,224 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2011-02-17 23:30:18 | 000,032,384 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\amd_xata.sys -- (amd_xata)
DRV - [2011-02-17 23:30:17 | 000,064,128 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\amd_sata.sys -- (amd_sata)
DRV - [2011-01-07 11:57:50 | 000,035,968 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter)
DRV - [2010-11-21 02:59:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010-11-21 02:59:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010-11-01 08:50:30 | 001,800,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2010-11-01 08:47:29 | 000,068,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2010-04-27 01:50:29 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
DRV - [2010-02-18 22:48:22 | 000,037,944 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdiox86.sys -- (amdiox86)
DRV - [2009-07-14 03:32:52 | 000,214,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1y6032.sys -- (e1yexpress)
DRV - [2009-06-11 02:49:48 | 009,853,248 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009-05-27 04:02:02 | 000,017,408 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.sony.co.in/productcateg [Binary data over 200 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://sony.msn.com
IE - HKCU\..\SearchScopes,DefaultScope = {0BB4F369-DB9F-435E-9FF1-B33490821D60}
IE - HKCU\..\SearchScopes\{0BB4F369-DB9F-435E-9FF1-B33490821D60}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SNYADF&pc=MASP&src=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.8
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-05-10 15:55:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013-04-12 14:02:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013-04-12 14:02:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2013-02-12 13:50:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rakmo\AppData\Roaming\Mozilla\Extensions
[2013-04-14 16:50:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rakmo\AppData\Roaming\Mozilla\Firefox\Profiles\l8j69jqh.default\extensions
[2013-04-14 16:50:54 | 000,269,007 | ---- | M] () (No name found) -- C:\Users\Rakmo\AppData\Roaming\Mozilla\Firefox\Profiles\l8j69jqh.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2013-04-12 14:02:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013-04-12 14:02:22 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013-02-01 23:52:13 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013-02-20 13:19:11 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://sony.msn.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Enabled) = c:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - Extension: Google Docs = C:\Users\Rakmo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Rakmo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Rakmo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Rakmo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Tampermonkey = C:\Users\Rakmo\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo\2.12.3124.256_0\
CHR - Extension: Gmail = C:\Users\Rakmo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013-05-10 15:05:45 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] c:\Program Files\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2BB2E6B0-3E62-4D03-B96E-ACC065BE53BA}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-06-11 03:12:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013-05-12 10:15:13 | 000,000,000 | ---D | C] -- C:\Users\Rakmo\Desktop\New folder
[2013-05-11 09:18:13 | 000,000,000 | ---D | C] -- C:\MGADiagToolOutput
[2013-05-11 09:17:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2013-05-10 15:56:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013-05-10 15:56:16 | 000,361,032 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013-05-10 15:56:16 | 000,021,256 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013-05-10 15:56:12 | 000,044,784 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2013-05-10 15:56:10 | 000,054,232 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013-05-10 15:56:08 | 000,738,504 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013-05-10 15:56:05 | 000,058,680 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013-05-10 15:55:36 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013-05-10 15:09:07 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013-05-10 15:09:04 | 000,000,000 | ---D | C] -- C:\Users\Rakmo\AppData\Local\temp
[2013-05-10 14:53:37 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013-05-10 14:53:16 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013-04-12 14:02:07 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

========== Files - Modified Within 30 Days ==========

[2013-05-12 10:32:05 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013-05-12 10:23:26 | 000,001,358 | ---- | M] () -- C:\Users\Rakmo\Desktop\OTL - Shortcut.lnk
[2013-05-12 10:17:57 | 000,016,352 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013-05-12 10:17:57 | 000,016,352 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013-05-12 10:14:58 | 000,001,085 | ---- | M] () -- C:\Users\Rakmo\Desktop\MGADiag - S.lnk
[2013-05-12 10:08:49 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013-05-12 10:08:30 | 000,425,144 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013-05-12 10:08:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013-05-12 10:08:10 | 1292,029,952 | -HS- | M] () -- C:\hiberfil.sys
[2013-05-12 10:00:06 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013-05-11 01:11:17 | 000,675,512 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013-05-11 01:11:17 | 000,128,556 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013-05-10 15:56:17 | 000,002,115 | ---- | M] () -- C:\Users\Public\Desktop\avast! Antivirus.lnk
[2013-05-10 15:56:05 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013-05-10 15:05:45 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts

========== Files Created - No Company Name ==========

[2013-05-12 10:23:26 | 000,001,358 | ---- | C] () -- C:\Users\Rakmo\Desktop\OTL - Shortcut.lnk
[2013-05-12 10:14:58 | 000,001,085 | ---- | C] () -- C:\Users\Rakmo\Desktop\MGADiag - S.lnk
[2013-05-10 15:56:17 | 000,002,115 | ---- | C] () -- C:\Users\Public\Desktop\avast! Antivirus.lnk
[2013-03-03 00:24:12 | 000,000,126 | ---- | C] () -- C:\Windows\mdm.ini
[2013-03-03 00:24:02 | 000,001,470 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2013-03-03 00:24:02 | 000,000,288 | ---- | C] () -- C:\Windows\ODBC.INI
[2013-03-03 00:11:49 | 000,006,550 | ---- | C] () -- C:\Windows\jautoexp.dat
[2013-02-11 13:46:00 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013-02-11 06:49:58 | 000,293,896 | ---- | C] () -- C:\Windows\System32\curl.exe
[2013-02-11 06:49:57 | 000,408,072 | ---- | C] () -- C:\Windows\System32\wget.exe
[2013-02-11 06:49:57 | 000,172,040 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011-07-04 13:14:44 | 000,233,765 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011-07-04 13:14:44 | 000,003,929 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011-05-25 13:14:26 | 000,059,904 | ---- | C] () -- C:\Windows\System32\OVDecode.dll

========== ZeroAccess Check ==========

[2009-07-14 10:12:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012-06-09 10:11:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-21 02:59:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009-07-14 06:46:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013-03-07 19:32:43 | 000,000,000 | ---D | M] -- C:\Users\Rakmo\AppData\Roaming\Charles
[2013-02-11 06:56:03 | 000,000,000 | ---D | M] -- C:\Users\Rakmo\AppData\Roaming\MicroWorld
[2013-02-25 15:31:31 | 000,000,000 | ---D | M] -- C:\Users\Rakmo\AppData\Roaming\WinZip

========== Purity Check ==========



< End of report >



Extras.txt :


OTL Extras logfile created on: 12-05-2013 AM 10:24:12 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Rakmo\Downloads
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00004009 | Country: India | Language: ENN | Date Format: dd-MM-yyyy

1.60 Gb Total Physical Memory | 0.83 Gb Available Physical Memory | 51.54% Memory free
3.21 Gb Paging File | 2.29 Gb Available in Paging File | 71.25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 145.38 Gb Total Space | 116.91 Gb Free Space | 80.42% Space Free | Partition Type: NTFS
Drive D: | 71.41 Gb Total Space | 69.34 Gb Free Space | 97.11% Space Free | Partition Type: NTFS
Drive E: | 71.87 Gb Total Space | 69.95 Gb Free Space | 97.32% Space Free | Partition Type: NTFS

Computer Name: RAKMO-VAIO | User Name: Rakmo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{095CCC77-4D95-44CB-8F09-9D1C910660B8}" = lport=138 | protocol=17 | dir=in | app=system |
"{23B196B8-8DCF-44B0-8364-9F6B6874ADE2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{29DD1CFC-DDD4-4F9A-BF86-78FC839F24DD}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{2FBB920C-A069-404A-AAD6-EFBAF68C5079}" = rport=137 | protocol=17 | dir=out | app=system |
"{4DB8B833-0204-42D3-BCD0-C41F440FEC3B}" = rport=139 | protocol=6 | dir=out | app=system |
"{5709FE80-75F6-44DD-9AFF-E61343732529}" = lport=137 | protocol=17 | dir=in | app=system |
"{7A59E4DC-AB8E-4753-BC6D-D6084F7FF7B2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{836E107C-4D85-41E3-9DB5-F114ECF087CB}" = rport=445 | protocol=6 | dir=out | app=system |
"{885A20DA-8759-4311-926E-8EBE3D6643E3}" = lport=139 | protocol=6 | dir=in | app=system |
"{8CB9CF24-0877-4725-B2A2-A4B6405A29E6}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{A0FE3337-3B07-43CF-950A-388A2F8D21D6}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{BBFC668B-AC4D-449A-A3B4-F0C69E365D0D}" = lport=445 | protocol=6 | dir=in | app=system |
"{EE6932F5-6B48-4C5D-929C-79F49C891FDE}" = rport=138 | protocol=17 | dir=out | app=system |
"{F9093AF0-1415-482C-91A9-91ADE59BE6F4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{14D72E58-36DA-4D31-A11B-ED0271C1B3D9}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{4088A5F1-15D5-4991-A588-394650C6102D}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{5CD585A7-62CF-40BE-8BAC-2BE3EE2F9D1E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{69CB3ADF-3B6D-4486-B488-50BAB92AE5FA}" = protocol=17 | dir=in | app=c:\program files\common files\microworld\agent\mwagent.exe |
"{71A2A929-A44D-482D-B49C-FC6C35B3A9FD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{89AEA063-8513-4FC9-A907-A9A2BF6F2B40}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{8A939262-053B-4148-BA1C-F25A781BC604}" = protocol=6 | dir=in | app=c:\program files\common files\microworld\agent\mwagent.exe |
"{979758C7-A618-4755-A948-951C7B4D7C5A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{9B34FE94-D509-4F14-A745-F174D705E0CA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{A2401C24-7BC4-4A82-BD4F-203C1865177E}" = protocol=17 | dir=in | app=c:\program files\common files\microworld\agent\mwagent.exe |
"{AC1BA7AF-BEF6-4250-B086-735989065B44}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{C4284B84-D0D2-42AA-A6A8-759B56ADEE58}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{D2E01656-CAED-4F70-9CF4-940C52D93E29}" = protocol=6 | dir=in | app=c:\program files\common files\microworld\agent\mwagent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000F2A10-9CDF-47BF-9CF2-9AC87567B433}" = Windows Live Photo Common
"{00721C5E-5B17-494C-95E5-208415864F62}" =
"{00B03993-F5A1-47B1-9C54-EC8FBDDDE17E}" = VAIO Care
"{03241D8D-2217-42F7-9FCB-6A68D141C14D}" = Windows Live 软件包
"{046885A1-B4AE-4459-A0D1-8C93706698D6}" =
"{063CF438-A265-D88D-FA96-02F13D642018}" = CCC Help Japanese
"{065241D0-A178-4F24-8A09-691761A8957B}" = Windows Live Remote Service Resources
"{08D7BC86-7358-464C-8AD0-0D84B5F0A0C9}" = Remote Keyboard
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C99EF4B-8242-55C8-6BC6-66DB82C0E99D}" = Catalyst Control Center Localization All
"{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack
"{14C9BA5B-09ED-2367-6D15-1847F8564A0A}" = CCC Help French
"{1651B6EC-C0CF-E4E6-2ED6-1D38CB60B7DF}" = CCC Help Italian
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
"{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar
"{1C3DA126-D523-4089-BCCA-FA46FE34D6F8}" = Google Drive
"{1CD0C3C5-809D-4CFC-904A-1B67C6243637}" = Debugging Tools for Windows (x86)
"{1D69D439-D60C-1247-C2A0-B2265AF7B907}" = CCC Help Portuguese
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21B49B4A-BBC3-4A09-9C68-6C3CC0B1EA01}" = Windows Live Messenger
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{249EE21B-8EDD-4F36-8A23-E580E9DBE80A}" = Windows Live Mail
"{263C52B3-966A-47A7-91EA-6E53B5E64A6D}" = Windows Live Photo Gallery
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{270380EB-8812-42E1-8289-53700DB840D2}" = PMB VAIO Edition Plug-in
"{28E541B1-915C-A21A-68B4-46C76A723B49}" = AMD Fuel
"{28EE1E92-273D-20FE-211A-5A4D173F7E0E}" = CCC Help Hungarian
"{28F5289D-F7C3-478E-99D1-86F7392BD4F4}" = Windows Live Remote Service Resources
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{2AE032B3-9C08-48A3-AD30-43FC4DE7C2BC}" = Windows Live Writer Resources
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{2CC3F1D0-B4FD-DD06-2BF0-9268AF7D9604}" = AMD VISION Engine Control Center
"{2D457E06-4535-43DA-9B34-E9BF0786B705}" = Windows Live Mail
"{30E82CD5-6E97-4381-86EB-548202A6D5B7}" = Windows Live Remote Client Resources
"{317D56AC-0DB3-48F5-929A-42032DAC9AD7}" = Windows Live Writer
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{368BEC2C-B7A2-4762-9213-2D8465D533CA}" = Windows Live UX Platform Language Pack
"{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}" = VAIO Care
"{39889CAB-DE03-B341-CAC0-A6191D3962E1}" = CCC Help Chinese Standard
"{3A26D9BD-0F73-432D-B522-2BA18138F7EF}" = VAIO Improvement
"{3A94F54D-A8A4-4B82-B346-92B4D56A2708}" = VESx86
"{3B72C1E0-26A1-40F6-8516-D50C651DFB3C}" = Windows Live Essentials
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{437454B4-E8F4-6435-1B98-B23B5402B3D8}" = CCC Help German
"{443545C3-E73D-F98A-7682-0804B59ADE53}" = CCC Help Dutch
"{448702D4-83DD-4EFC-B09B-94AD6CA0D978}" = Windows Live Remote Service Resources
"{45CE286B-D094-69F2-FA5D-6A2614C3A5BD}" = CCC Help Swedish
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{49D43C8F-D7A3-78EC-AC96-70076927DE7A}" = CCC Help Norwegian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A48F20C-BEE3-4661-B55D-9280D06E5DA3}" = Điều khiển ActiveX Windows Live Mesh dành cho kết nối từ xa
"{4AB15610-70BC-195D-EE43-67521381D7F5}" = CCC Help Finnish
"{4CB33CC4-E13B-FB12-5254-AAC82D4A2236}" = CCC Help Chinese Traditional
"{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
"{4DB498FC-7174-49F9-B8D5-2522C397DA6D}" = Windows Live Messenger
"{4E1FC19F-0460-D618-9EF0-878291B562D2}" = Catalyst Control Center Profiles Mobile
"{4E4C7B91-EAC7-4CD5-807E-A90BDE680C67}" = Windows Live Remote Client Resources
"{547C9EB4-4CA6-402F-9D1B-8BD30DC71E44}" = VAIO Sample Contents
"{578401DB-5B21-FD5D-67EA-F1E271A10527}" = AMD Media Foundation Decoders
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{588CE0C0-860B-49A8-AFCF-3C69465B345F}" = Windows Live Mesh
"{592A32CB-BE54-4FEC-883B-C197A077DC96}" = Windows Live Essentials
"{5D90ABE5-8A35-4947-8269-6F40BCE47A95}" = Windows Live Messenger
"{5DA7D148-D2D2-4C67-8444-2F0F9BD88A06}" = Windows Live Writer
"{5DA8EF95-939A-111C-3439-B54A12F68A90}" = Catalyst Control Center Graphics Previews Common
"{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = VAIO Transfer Support
"{5F460157-3666-4CFD-9C24-6469E16BAFEB}" = Windows Live Movie Maker
"{61438020-DDD4-42FA-99A2-50225441980A}" = ArcSoft Magic-i Visual Effects 2
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{622DE1BE-9EDE-49D3-B349-29D64760342A}" = 適用遠端連線的 Windows Live Mesh ActiveX 控制項
"{63AE67AA-1AB1-4565-B4EF-ABBC5C841E8D}" = Windows Live Messenger
"{63C43435-F428-42BA-8E7B-5848749D9262}" = SSLx86
"{66081CDD-C1FE-415F-BB3A-F2622BA27461}" = PMB VAIO Edition Guide
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69CEB718-11A6-7757-29F2-3659AA8BB8D7}" = CCC Help Russian
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6F663FE6-3ED0-4ABF-816C-44744F7ACABA}" = Media Gallery
"{6FBD5341-533D-44D2-901F-07764025247F}" = Windows Live UX Platform Language Pack
"{70991E0A-1108-437E-BA7D-085702C670C0}" =
"{709E38A9-7F80-4598-96CC-44B0D553FECE}" = Windows Live Messenger
"{70EED410-697B-4193-A2CB-2F790F82B420}" = VAIO Data Restore Tool
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7115EEBC-DA7B-434C-B81C-EA5B26EA9A94}" = Windows Live Writer Resources
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{7327080F-6673-421F-BBD9-B618F357EEB3}" = Windows Live UX Platform Language Pack
"{7396FB15-9AB4-4B78-BDD8-24A9C15D2C65}" = VAIO - Remote Keyboard
"{73D8886A-D416-4687-B609-0D3836BA410C}" = VAIO Event Service
"{753F0A72-59C3-41CE-A36A-F2DF2079275C}" = Windows Live Mail
"{7612E28A-C4DB-4259-AA91-CB02B1BCF623}" = Windows Live Remote Service Resources
"{7846B719-862C-468A-9FD0-4769D2590535}" = Windows Live Remote Client Resources
"{79ACFD18-AD87-480B-88E0-CF74DD9BBA63}" = PMB VAIO Edition Plug-in
"{7B982EBD-D017-4527-BF1A-FC489EC6B100}" = Windows Live 照片库
"{7C2A3479-A5A0-412B-B0E6-6D64CBB9B251}" = Windows Live Photo Common
"{7C80D30A-AC02-4E3F-B95D-29F0E4FF937B}" = VAIO Easy Connect
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{8156F9E1-F231-4DF9-A81F-B1E4A26687EB}" = Windows Live Photo Common
"{81F81AE6-94F2-A647-747B-4EBC0CE213D9}" = CCC Help Danish
"{82F09B1C-F602-4552-9C40-5BD5F8EAF750}" =
"{8356CB97-A48F-44CB-837A-A12838DC4669}" = PMB VAIO Edition Plug-in
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
"{84CD9BCD-38B5-C34A-4A2C-6E26E3DE81BA}" = CCC Help Polish
"{855DDD3C-131E-42A8-BCBD-F9581F80CACB}" =
"{8604F8AF-08EE-F845-9529-D9997192DD27}" = CCC Help Greek
"{861B1145-7762-4794-B40C-3FF0A389DFE6}" = Windows Live Photo Gallery
"{87C83A79-608C-6DE0-F042-39C820A072EC}" = Catalyst Control Center InstallProxy
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E9CB7DE-8087-48A0-8280-1658F423AAEF}" = Windows Live Remote Service Resources
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{903EDF14-4E28-4463-AA5E-4AEE71C0263B}" = Windows Live Movie Maker
"{90968A90-5622-4C20-A7C1-20AD28F06A9C}" = Windows Live Writer
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{931292A9-7DE7-DCB7-0116-A6883373FCFB}" = CCC Help Korean
"{94865835-24E8-4A44-8602-6663577E776B}" = Windows Live Mesh
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9B088046-8A01-4355-99DD-8530C022F682}" = VCCx86
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D12A8B5-9D41-4465-BF11-70719EB0CD02}" = VU5x86
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E27F3D4-9BF7-7C5D-E761-054B80B7C812}" = CCC Help English
"{9F8E6025-423A-2A9F-3951-71E9BE2A85E7}" = ATI Catalyst Install Manager
"{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}" = VAIO Update
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A2EDAEEB-C981-46D5-8163-CF8F5F640EEE}" = ตัวควบคุม ActiveX ใน Windows Live Mesh สำหรับการเชื่อมต่อระยะไกล (ไทย)
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7C30414-2382-4086-B0D6-01A88ABA21C3}" = VAIO Gate
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB0B2113-5B96-4B95-8AD1-44613384911F}" = Windows Live Mesh
"{ABF3F2A9-5A4F-8851-05A9-B56E0E3862F7}" = CCC Help Thai
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X MUI
"{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B0F02BA9-4ED6-4818-B213-4CFDC1844E61}" = Catalyst Control Center - Branding
"{B512307E-543D-457E-B759-75E0D5B0BCDF}" = Windows Live Remote Client Resources
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B7546697-2A80-4256-A24B-1C33163F535B}" = VAIO Gate Default
"{B7EA9CFF-E16F-7C84-5C3C-50CE04189316}" = CCC Help Spanish
"{B8991D99-88FD-41F2-8C32-DB70278D5C30}" = VWSTx86
"{C5BD7D41-6F0A-9222-4DF7-DC5187EC786E}" = ccc-utility
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}" = VAIO Manual
"{C72E35E5-C5C6-4328-AD9A-BBCCC816A2E6}" = VAIO Hardware Diagnostics
"{C793AD32-2BB8-4CC4-ABD3-A1469C21593C}" = ArcSoft WebCam Companion 4
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240D8}" = WinZip 17.0
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D17C2A58-E0EA-4DD7-A2D6-C448FD25B6F6}" = VIx86
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6CBB3B2-F510-483D-AE0D-1CF3F43CF1EE}" = Windows Live Writer Resources
"{DDC1E1BD-7615-4186-89E1-F5F43F9B6491}" = Windows Live Movie Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{EAEA7ED1-22F0-4C1E-B001-E56F10E1A100}" = Windows Live Remote Client Resources
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EDB85C39-A68C-6EE2-B711-9ADF2653B574}" = CCC Help Turkish
"{EE533B4D-8D00-8841-D11F-CC466FE17F84}" = CCC Help Czech
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
"{F992409C-9D10-4AE2-BAEB-B5409AD3785E}" = 用于远程连接的 Windows Live Mesh ActiveX 控件(简体中文)
"{FA870BF1-44A1-4B7D-93E1-C101369AF0C1}" = VAIO - Media Gallery
"{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"Google Chrome" = Google Chrome
"InstallShield_{270380EB-8812-42E1-8289-53700DB840D2}" = VAIO - PMB VAIO Edition Plug-in
"InstallShield_{66081CDD-C1FE-415F-BB3A-F2622BA27461}" = VAIO - PMB VAIO Edition Guide
"InstallShield_{7C80D30A-AC02-4E3F-B95D-29F0E4FF937B}" = VAIO Easy Connect
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 20.0.1 (x86 en-US)" = Mozilla Firefox 20.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Visual Studio 6.0 Enterprise Edition" = Microsoft Visual Studio 6.0 Enterprise Edition
"WebPost" = Microsoft Web Publishing Wizard 1.53
"WinLiveSuite" = Windows Live 程式集

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 21-03-2013 PM 02:38:45 | Computer Name = Rakmo-VAIO | Source = WinMgmt | ID = 10
Description =

Error - 22-03-2013 PM 12:41:47 | Computer Name = Rakmo-VAIO | Source = WinMgmt | ID = 10
Description =

Error - 23-03-2013 AM 08:00:08 | Computer Name = Rakmo-VAIO | Source = WinMgmt | ID = 10
Description =

Error - 23-03-2013 AM 08:14:37 | Computer Name = Rakmo-VAIO | Source = WinMgmt | ID = 10
Description =

Error - 24-03-2013 AM 09:33:47 | Computer Name = Rakmo-VAIO | Source = WinMgmt | ID = 10
Description =

Error - 25-03-2013 AM 08:39:51 | Computer Name = Rakmo-VAIO | Source = WinMgmt | ID = 10
Description =

Error - 25-03-2013 AM 09:06:31 | Computer Name = Rakmo-VAIO | Source = .NET Runtime Optimization Service | ID = 1101
Description =

Error - 25-03-2013 AM 09:48:44 | Computer Name = Rakmo-VAIO | Source = WinMgmt | ID = 10
Description =

Error - 26-03-2013 AM 04:09:40 | Computer Name = Rakmo-VAIO | Source = WinMgmt | ID = 10
Description =

Error - 26-03-2013 AM 04:27:35 | Computer Name = Rakmo-VAIO | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 05-05-2013 AM 08:42:23 | Computer Name = Rakmo-VAIO | Source = DCOM | ID = 10010
Description =

Error - 06-05-2013 AM 02:50:55 | Computer Name = Rakmo-VAIO | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Google
Update Service (gupdate) service to connect.

Error - 06-05-2013 AM 02:50:55 | Computer Name = Rakmo-VAIO | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate) service failed to start due to
the following error: %%1053

Error - 06-05-2013 AM 05:50:24 | Computer Name = Rakmo-VAIO | Source = DCOM | ID = 10010
Description =

Error - 06-05-2013 AM 09:41:55 | Computer Name = Rakmo-VAIO | Source = EventLog | ID = 6008
Description = The previous system shutdown at 19:02:55 on ?06-?05-?2013 was unexpected.

Error - 06-05-2013 PM 02:43:44 | Computer Name = Rakmo-VAIO | Source = DCOM | ID = 10010
Description =

Error - 06-05-2013 PM 02:43:56 | Computer Name = Rakmo-VAIO | Source = DCOM | ID = 10010
Description =

Error - 07-05-2013 AM 12:05:19 | Computer Name = Rakmo-VAIO | Source = Service Control Manager | ID = 7022
Description = The VAIO Care Performance Service service hung on starting.

Error - 07-05-2013 AM 01:00:21 | Computer Name = Rakmo-VAIO | Source = DCOM | ID = 10010
Description =

Error - 07-05-2013 PM 01:06:57 | Computer Name = Rakmo-VAIO | Source = DCOM | ID = 10010
Description =


< End of report >
Redhood
Regular Member
 
Posts: 20
Joined: May 10th, 2013, 12:53 pm

Re: Help needed in Removing Rootkit

Unread postby melboy » May 12th, 2013, 3:51 am

Hi

Please allow OTL to reboot and produce it's log before running GMER.


OTL Script

We need to run an OTL Fix

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :commands
    [CREATERESTOREPOINT]
    
    :files
    sc stop MWAgent /c
    sc config MWAgent start= disabled /c
    
    :commands
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.



Gmer

Download GMER Rootkit Scanner from here.

  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection (Avast) so your security programs will not conflict with gmer's driver.
  • It is very important you do not use your computer while GMER is running
  • Right click the randomly named GMER Image icon & choose "Run as Administrator"
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan
  • If you receive a warning about rootkit activity and are asked to fully scan your system click NO
  • Please check the Quick scan box
  • Please uncheck the following:
    • IAT/EAT
    • Show All <<< Important
    Image
  • Click Scan
  • If you see a rootkit warning window click OK
  • When the scan is finished, Save the results to your desktop as gmer.log
  • Click Copy then paste the results in your reply
  • Exit GMER and be sure to re-enable your Antivirus, Firewall and any other security programs you had disabled
Note:
  • If you encounter any problems, try running GMER in Safe Mode
  • If GMER crashes or keeps resulting in a Blue Screen of Death, uncheck Devices on the right side before scanning
.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Help needed in Removing Rootkit

Unread postby Redhood » May 12th, 2013, 5:39 am

Hi

I tried what you said about OTL Fix. I copied the code as well as clicked Ok

Then it showed some Dialogue box stating that Cannot Copy C:\Drive\Rakmo\Download

then everything went away from the screen so i restarted the netbook.

After that there are 2 Desktop.ini Files created on my Desktop..

(File are Inactive/CUT)


so i opened those file in form of Notepad.


File 1 : Desktop.ini
[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21799




File 2 :desktop.ini

[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21769
IconResource=%SystemRoot%\system32\imageres.dll,-183


Thanks
Redhood
Regular Member
 
Posts: 20
Joined: May 10th, 2013, 12:53 pm

Re: Help needed in Removing Rootkit

Unread postby melboy » May 12th, 2013, 5:46 am

Hi

Look in the folder:

C:\_otl\movedfiles

There should be a *.log file in there.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Help needed in Removing Rootkit

Unread postby Redhood » May 12th, 2013, 5:55 am

Hi

It shows one Folder 05122013_143849

but the Folder is Empty.

Kindly Help
Redhood
Regular Member
 
Posts: 20
Joined: May 10th, 2013, 12:53 pm

Re: Help needed in Removing Rootkit

Unread postby melboy » May 12th, 2013, 6:06 am

Hi

Run the script again.

If OTL prompts to reboot, please click ok and allow OTL to reboot the machine - don't reboot the machine yourself
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Help needed in Removing Rootkit

Unread postby Redhood » May 12th, 2013, 6:12 am

Hi

Again showed the same Dialogue box after pasting the code.

so i logged off and again started.

I didnot reboot the machine this time.


Dialgue box shows:

Cannot Create File C:\Users\Rakmo\Download\cmd.bat


and IN C:DRIVE $Recycle.Bin Folder is also created.
Last edited by Redhood on May 12th, 2013, 6:22 am, edited 1 time in total.
Redhood
Regular Member
 
Posts: 20
Joined: May 10th, 2013, 12:53 pm

Re: Help needed in Removing Rootkit

Unread postby melboy » May 12th, 2013, 6:22 am

Hi

We'll try a different approach.


Stop Services

  • Open Notepad
  • Copy and Paste everything from the Code box into Notepad (Do Not include Code:)

    Code: Select all
    @echo off
    sc stop MWAgent 
    sc config MWAgent start= disabled
    sc query MWAgent >"%userprofile%\desktop\svc_look.txt" 2>&1
    Notepad.exe "%userprofile%\desktop\svc_look.txt"
    Del %0
    

  • Make sure there are NO blank lines before @echo off
  • Make sure there IS one blank line at the end of the file.
  • Go to File > Save As
  • Save File name as look.bat
  • Change Save as Type to All Files and save the file to your desktop.
  • Close Notepad
  • Right-click look.bat on your Desktop and choose "Run as Administrator"
  • Notepad will open. Post the contents in your next reply. It can also be found on your desktop, named svc_look.txt
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: Help needed in Removing Rootkit

Unread postby Redhood » May 12th, 2013, 6:32 am

Hi

I did what you said

In Notepad it shows :

SERVICE_NAME: MWAgent
TYPE : 10 WIN32_OWN_PROCESS
STATE : 4 RUNNING
(NOT_STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0

and also Command Prompt window is opened.

It shows :

[SC]control Service Failed 1052

The requested control is not valid for this service.

[SC]Changeserviceconfig Success
Redhood
Regular Member
 
Posts: 20
Joined: May 10th, 2013, 12:53 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 64 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware