Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

computer stuck on FBI moneypak virus screen [Solved]


  • This topic is locked This topic is locked

#106
Maya_k

Maya_k

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
OK so it is only going to restore the drive c: because the boxes for boot and recovery options were grayed out. It is performing it right now. Just wanted to let you know
  • 0

Advertisements


#107
Maya_k

Maya_k

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
I have got an error saying the following:

“The System restore didn't complete successfully.your computers system files and settings were not changed.

Details:
System restore failed due to an unspecified error.
Cannot create a file when that file already exists.(0x800700B7}


You might want to try system restore again and choose a different point."


I selected the very first point
  • 0

#108
Maya_k

Maya_k

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
Oh sorry I just read your last post. Thank you so much for all of your help, time, and energy. I really appreciate it!!!
Hello, essesxboy :)

Edited by Maya_k, 05 September 2012 - 02:03 PM.

  • 0

#109
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi just been reading all the bits you have done so far and it appears that the sticking point is the inability to replace the services.exe file

First I will use FRST to see if I can force a restore point

Failing that I will locate a fresh services.exe file for Vista
Use a Linux based system to get you to your desktop and then manually copy the file across

Download the attached fixlist.txt to the same USB drive as FRST

Restart the computer as before to the recovery console
Run FRST and click Fix
Posted Image
A log will be generated on the USB drive

Reboot to normal windows if possible
  • 0

#110
Maya_k

Maya_k

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
Hello,
I have no idea how this happened but I was a little too late to hit any key for it to boot from CD/DVD and it just started normally on it's own. I logged into my account. I am just going to leave it turned on and wait for you to reply just in case it won't start up again.
  • 0

#111
Maya_k

Maya_k

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
Oh no, it's logging me off.
"you are about to be logged off.
Windows has encountered a critical problem and will restart automatically in one minute. Please save your work."
  • 0

#112
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Let me know if it reboots normally please, or if you have safe mode available again
  • 0

#113
Maya_k

Maya_k

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
It automatically booted from the CD. Should I click on command prompt and run FRST?I already have the USB drive plugged in with the file you gave me.

Edited by Maya_k, 05 September 2012 - 02:58 PM.

  • 0

#114
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
No hold off for a second remove the CD and see if it boots normally or to safe mode

If it does we will proceed from there

If not then run the FRST fix
  • 0

#115
Maya_k

Maya_k

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
OK after I removed the CD, it started normally and has finished loading everything. I have spybot-search and destroy installed on my computer. A message has popped up asking me to allow or deny a change.

"Category: system startup user entry
change: valude added
entry: WMPNSCFG
New data: c:\program files\windows media player\WMPNSCFG.exe"

Please advise.

Edited by Maya_k, 05 September 2012 - 03:17 PM.

  • 0

Advertisements


#116
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Deny that please ... So my long distance Voodoo worked :rofl:

OK delete your current copy of OTL please and download the latest version

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    Posted Image
  • Select All Users
  • Under the Custom Scan box paste this in:

    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    qmgr.dll
    /md5stop
    %systemdrive%\$Recycle.Bin|@;true;true;true
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS /s
    CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Just one log this time

EDIT: Mike will be miffed :lol:
  • 0

#117
Maya_k

Maya_k

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
lol it sure did. After I denied it, another message popped up from the same program.

Category: System Startup Global entry
Change: Value deleted
Entry: Malwarebytes Anti-Malware (cleanup)
old data: rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes'Anti-Malware\cleanup.dll",ProcessCleanupScript

Should I allow or deny that?

Also, I cannot find OTL on my computer right now. Couple other programs I was told to download are missing too. I am not sure if it's because of the system restore. So should I go ahead and download it?

Edited by Maya_k, 05 September 2012 - 03:51 PM.

  • 0

#118
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Allow malwarebytes, yes download a fresh copy of OTL.. I believe the partial restore enabled the system to get back to a degree of normality
  • 0

#119
Maya_k

Maya_k

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
Morning,
It is running right now. What did you mean by "just one log this time"?
Thanks!

It finished the scan and I have the two files.

OTL.txt


OTL logfile created on: 9/6/2012 10:57:21 AM - Run 1
OTL by OldTimer - Version 3.2.61.0 Folder = C:\Users\AFSHEEN KHAN\Documents\Downloads
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.93 Gb Total Physical Memory | 1.30 Gb Available Physical Memory | 44.37% Memory free
6.07 Gb Paging File | 4.19 Gb Available in Paging File | 69.01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 291.70 Gb Total Space | 71.52 Gb Free Space | 24.52% Space Free | Partition Type: NTFS
Drive E: | 3.74 Gb Total Space | 1.07 Gb Free Space | 28.76% Space Free | Partition Type: FAT32

Computer Name: AFSHEENKHAN-PC | User Name: AFSHEEN KHAN | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/06 10:54:02 | 000,599,040 | ---- | M] (OldTimer Tools) -- C:\Users\AFSHEEN KHAN\Documents\Downloads\OTL.exe
PRC - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/07/21 12:24:57 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/02 10:25:14 | 002,232,504 | ---- | M] (Giraffic) -- C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe
PRC - [2012/07/02 10:24:54 | 003,790,504 | ---- | M] (Giraffic) -- C:\Program Files\Giraffic\Veoh_Giraffic.exe
PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
PRC - [2011/11/29 21:58:56 | 000,021,392 | ---- | M] () -- C:\Program Files\SAMSUNG\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2011/11/29 21:58:46 | 003,508,624 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\SAMSUNG\Kies\KiesTrayAgent.exe
PRC - [2011/09/15 13:06:04 | 000,088,576 | ---- | M] () -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2011/08/12 20:32:39 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/07/19 17:42:16 | 000,866,576 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2010/07/19 17:23:28 | 000,477,456 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2010/02/05 16:19:46 | 000,065,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
PRC - [2010/02/05 16:19:44 | 001,141,112 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\winss.exe
PRC - [2010/02/05 16:19:42 | 000,026,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
PRC - [2010/01/15 07:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/07/11 00:10:44 | 000,182,112 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2008/07/11 00:10:44 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2008/07/09 17:05:22 | 000,018,704 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
PRC - [2008/06/23 15:22:58 | 000,040,960 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\PowerManager.exe
PRC - [2008/06/23 15:22:58 | 000,028,672 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\ThirdPartyAppMgr.exe
PRC - [2008/06/13 04:00:20 | 002,058,776 | ---- | M] (Intel Corporation) -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe
PRC - [2008/06/13 03:59:57 | 000,174,616 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\LMS.exe
PRC - [2008/06/02 15:37:52 | 000,094,208 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\SmartWi.exe
PRC - [2008/06/02 15:37:52 | 000,028,672 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\CCP.exe
PRC - [2008/06/02 15:37:50 | 000,065,536 | ---- | M] (Sony Electronics, Inc.) -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\UIManager.exe
PRC - [2008/05/27 19:57:02 | 001,771,360 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
PRC - [2008/05/27 19:57:02 | 000,411,488 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe
PRC - [2008/04/03 22:03:38 | 000,317,280 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\ISB Utility\ISBMgr.exe
PRC - [2008/04/03 15:59:12 | 000,045,056 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\upeksvr.exe
PRC - [2008/04/03 15:42:54 | 000,053,512 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\psqltray.exe
PRC - [2008/03/31 16:25:04 | 000,059,232 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\USB Access Restriction Setting\USB Access Restriction.exe
PRC - [2008/01/22 20:16:14 | 000,550,752 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
PRC - [2008/01/11 20:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/11/12 23:59:54 | 000,020,480 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2007/10/30 13:04:08 | 001,804,840 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2007/10/30 13:04:08 | 000,748,072 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2007/01/04 22:48:52 | 000,112,152 | R--- | M] (InterVideo) -- c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/21 12:24:56 | 002,003,424 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/06/13 03:37:41 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\508b444db523c5cf20ff12c7f440837b\System.Web.ni.dll
MOD - [2012/06/13 03:35:42 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012/06/13 03:35:35 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012/06/13 03:35:23 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7343fbab1ba137db2f8b284047ef3f3c\PresentationFramework.ni.dll
MOD - [2012/06/13 03:34:57 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b6293b0c23321c255c2530aea8e32bb\PresentationCore.ni.dll
MOD - [2012/06/13 03:11:59 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\3971e166cf827b6726e142f344061dc9\System.Windows.Forms.ni.dll
MOD - [2012/06/13 03:06:03 | 018,000,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\199683f6e79076b634ee6cc0a82c0654\PresentationFramework.ni.dll
MOD - [2012/06/13 03:05:50 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e7dc084827f8df2dbdc819db5c633a0d\PresentationCore.ni.dll
MOD - [2012/06/13 03:05:38 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\21f37f9f5162af7efb52169012bd111e\WindowsBase.ni.dll
MOD - [2012/06/13 03:05:36 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\8c40f40ef36622109793788049fbe9ab\System.Drawing.ni.dll
MOD - [2012/05/13 01:35:37 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\75df548d77c2833a48c5da51424c93f1\System.IdentityModel.Selectors.ni.dll
MOD - [2012/05/13 01:35:36 | 001,070,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\32983e3f4c5c20053e6673f37a58a874\System.IdentityModel.ni.dll
MOD - [2012/05/13 01:35:34 | 002,346,496 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\1619144e1a9eaca847e53b952b21820b\System.Runtime.Serialization.ni.dll
MOD - [2012/05/13 01:35:32 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\521fb04fdfbb0039a34cc91111d11804\SMDiagnostics.ni.dll
MOD - [2012/05/13 01:35:30 | 017,404,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\1dac5ff29f483e19c77b23b00ba533f9\System.ServiceModel.ni.dll
MOD - [2012/05/12 13:11:30 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll
MOD - [2012/05/12 13:11:12 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012/05/12 13:11:07 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\1b337cf9a031145849bc48c11b2cfe58\Accessibility.ni.dll
MOD - [2012/05/12 13:09:40 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012/05/12 13:09:01 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c8c3ab08933fef9fb6657da871395c46\PresentationFramework.Aero.ni.dll
MOD - [2012/05/12 13:08:37 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll
MOD - [2012/05/12 13:08:34 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012/05/12 13:08:28 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2012/05/11 03:50:08 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\0c2b0d52156447592f33edf4116b7e7d\System.Management.ni.dll
MOD - [2012/05/11 03:15:51 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\65f0d70169a0e73b45307dddbd86f92b\System.Runtime.Remoting.ni.dll
MOD - [2012/05/11 03:15:29 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\d234eceae699d070b5a5712ce776c01f\System.Xaml.ni.dll
MOD - [2012/05/11 03:12:21 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\a5fa2a1cfc6e9fdc39d9a8f2baa57bc9\PresentationFramework.Aero.ni.dll
MOD - [2012/05/11 03:06:34 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\ed91b57205429a23bb91f4499059a459\System.Core.ni.dll
MOD - [2012/05/11 03:06:22 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90fe9f658661389e2\System.Xml.ni.dll
MOD - [2012/05/11 03:06:17 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll
MOD - [2012/05/11 03:06:09 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll
MOD - [2012/04/23 06:01:12 | 000,630,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2012/03/22 06:02:38 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2012/02/19 21:07:03 | 000,115,137 | ---- | M] () -- C:\Users\AFSHEEN KHAN\AppData\Local\Temp\8aefdf3f-82dc-462e-be91-2ca1c43911cf\CliSecureRT.dll
MOD - [2012/01/03 05:58:08 | 003,186,688 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2011/11/29 21:58:56 | 000,021,392 | ---- | M] () -- C:\Program Files\SAMSUNG\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2011/07/28 18:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/11/21 09:54:34 | 000,094,208 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
MOD - [2009/04/11 01:28:22 | 000,223,232 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2009/04/11 01:28:22 | 000,223,232 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll
MOD - [2009/03/29 23:42:20 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2009/03/29 23:42:19 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2008/07/31 14:14:08 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\SPMDam\3.0.0.4140__1b3c579b6925895f\SPMDam.dll
MOD - [2008/07/31 14:14:07 | 000,086,016 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\SPMCommon\3.0.0.4140__e3c7096ba83f9295\SPMCommon.dll
MOD - [2008/06/23 15:22:58 | 000,040,960 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\PowerManager.exe
MOD - [2008/06/23 15:22:58 | 000,040,960 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.BtPower.dll
MOD - [2008/06/23 15:22:58 | 000,036,864 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.Generic.dll
MOD - [2008/06/23 15:22:58 | 000,028,672 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\ThirdPartyAppMgr.exe
MOD - [2008/06/23 15:22:58 | 000,024,576 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.TosBtThirdPartyApp.dll
MOD - [2008/06/23 15:22:58 | 000,024,576 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.NativeWifiThirdPartyApp.dll
MOD - [2008/06/23 15:22:58 | 000,020,480 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.WlanPower.dll
MOD - [2008/06/23 15:22:58 | 000,016,384 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.ThirdPartyApp.dll
MOD - [2008/06/23 15:22:58 | 000,016,384 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\Kinoubi.Plugins.Plugin.Generic.dll
MOD - [2008/06/02 15:37:52 | 000,094,208 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\SmartWi.exe
MOD - [2008/06/02 15:37:52 | 000,028,672 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\CCP.exe
MOD - [2008/06/02 15:37:50 | 000,024,576 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\SWBTH.dll
MOD - [2008/06/02 15:37:50 | 000,016,384 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\SWDEV.dll
MOD - [2008/06/02 15:37:48 | 000,053,248 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\SWLAN.dll
MOD - [2008/06/02 15:37:48 | 000,036,864 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\SWTSK.dll
MOD - [2008/06/02 15:37:48 | 000,020,480 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\SWSET.dll
MOD - [2008/06/02 15:37:42 | 000,028,672 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\SharedInterfaces.dll
MOD - [2008/06/02 15:37:42 | 000,020,480 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\SWCommon.dll
MOD - [2008/06/02 15:37:42 | 000,020,480 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\DebugMsg.dll
MOD - [2008/06/02 15:37:42 | 000,016,384 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\Kinoubi.Plugins.PluginManager.Power.dll
MOD - [2008/06/02 15:37:40 | 000,118,784 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\SonyCommonLib.dll
MOD - [2008/04/17 04:00:02 | 000,016,384 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\SWGadgetInterface.dll
MOD - [2008/04/17 03:59:52 | 000,024,576 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\MessageXML.dll
MOD - [2008/04/17 03:59:52 | 000,020,480 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\Resources.dll
MOD - [2008/04/17 03:59:50 | 000,028,672 | ---- | M] () -- C:\Program Files\Sony Corporation\SmartWi Connection Utility\DictionaryLookup.dll
MOD - [2007/10/30 12:57:58 | 000,126,976 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2007/10/30 12:44:52 | 000,393,216 | ---- | M] () -- C:\Windows\System32\btwhidcs.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - File not found [Auto | Stopped] -- C:\Windows\system32\FastUserSwitchingCompatibilityex.dll -- (FastUserSwitchingCompatibility)
SRV - [2012/09/05 17:43:01 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/27 15:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/21 12:24:56 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/07/02 10:25:14 | 002,232,504 | ---- | M] (Giraffic) [Auto | Running] -- C:\Program Files\Giraffic\Veoh_GirafficWatchdog.exe -- (Giraffic)
SRV - [2011/09/15 13:06:04 | 000,088,576 | ---- | M] () [Auto | Running] -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2010/07/19 17:42:16 | 000,866,576 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2010/07/19 17:23:28 | 000,477,456 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/02/05 16:19:44 | 001,141,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Windows OneCare Live\winss.exe -- (winss)
SRV - [2010/02/05 16:19:42 | 000,026,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe -- (OcHealthMon)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008/07/11 00:10:44 | 000,182,112 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2008/07/09 17:05:22 | 000,018,704 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe -- (OneCareMP)
SRV - [2008/06/13 04:00:20 | 002,058,776 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe -- (UNS)
SRV - [2008/06/13 03:59:57 | 000,174,616 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS)
SRV - [2008/05/27 19:57:02 | 000,411,488 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV - [2008/03/31 16:25:04 | 000,059,232 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\USB Access Restriction Setting\USB Access Restriction.exe -- (USB Access Restriction)
SRV - [2008/01/11 20:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/11/27 22:45:02 | 000,869,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe -- (msfwsvc)
SRV - [2007/11/12 23:59:54 | 000,020,480 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2007/05/31 10:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 10:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/05/24 10:08:44 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2007/01/04 22:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\NETw5v32.sys -- (NETw5v32)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\anvsoftf2v.sys -- (anvsoftf2v)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Users\AFSHEE~1\AppData\Local\Temp\5762.sys -- (5762)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/11/29 17:38:04 | 000,020,032 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2011/10/26 20:25:54 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudserd.sys -- (ssudserd)
DRV - [2011/10/26 20:25:54 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2011/10/26 20:25:54 | 000,078,136 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2011/10/26 20:25:52 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2011/10/26 20:25:52 | 000,110,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdserd.sys -- (sscdserd)
DRV - [2011/10/26 20:25:52 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus)
DRV - [2011/10/26 20:25:52 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2011/06/23 14:32:44 | 000,020,552 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hitmanpro35.sys -- (hitmanpro35)
DRV - [2010/07/14 04:34:16 | 006,680,064 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwNv32.sys -- (NETwNv32)
DRV - [2010/06/23 11:23:46 | 000,023,040 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\htcnprot.sys -- (htcnprot)
DRV - [2009/12/18 11:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009/10/27 02:28:48 | 000,160,400 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTUMWVsp.sys -- (PTUMWVsp)
DRV - [2009/10/27 02:28:36 | 000,115,216 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTUMWNET.sys -- (PTUMWNET)
DRV - [2009/10/27 02:28:30 | 000,160,400 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTUMWMdm.sys -- (PTUMWMdm)
DRV - [2009/10/27 02:28:24 | 000,012,048 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTUMWFLT.sys -- (PTUMWFLT)
DRV - [2009/10/27 02:28:12 | 000,022,032 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTUMWCDF.sys -- (PTUMWCDF)
DRV - [2009/10/27 02:28:02 | 000,054,544 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PTUMWBus.sys -- (PTUMWBus)
DRV - [2009/04/24 17:39:22 | 000,022,656 | ---- | M] (Bytemobile, Inc.) [Kernel | Boot | Unknown] -- C:\Windows\System32\drivers\BMLoad.sys -- (BMLoad)
DRV - [2009/04/24 17:39:20 | 000,018,816 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2009/04/10 23:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2009/03/27 01:16:28 | 000,012,672 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz132_x32.sys -- (cpuz132)
DRV - [2009/01/24 02:37:20 | 000,103,424 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HtcVComV32.sys -- (HtcVCom32)
DRV - [2008/04/29 07:03:19 | 000,046,592 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\risdptsk.sys -- (risdptsk)
DRV - [2008/04/28 07:08:38 | 000,224,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1y6032.sys -- (e1yexpress)
DRV - [2008/04/22 17:43:36 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
DRV - [2008/04/14 08:08:44 | 000,068,096 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008/01/24 09:27:38 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2008/01/20 21:23:51 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2007/12/16 21:45:48 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
DRV - [2007/11/27 22:45:00 | 000,091,200 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\msfwdrv.sys -- (MSFWDrv)
DRV - [2007/11/27 22:44:54 | 000,037,440 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\msfwhlpr.sys -- (MSFWHLPR)
DRV - [2007/10/09 07:19:55 | 000,021,408 | ---- | M] (Sony Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\shpf.sys -- (shpf)
DRV - [2007/05/24 19:36:21 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2007/04/17 23:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1340476193-1627373412-1124528107-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
IE - HKU\S-1-5-21-1340476193-1627373412-1124528107-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1340476193-1627373412-1124528107-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.sony.com/vaiopeople
IE - HKU\S-1-5-21-1340476193-1627373412-1124528107-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1340476193-1627373412-1124528107-1003\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found
IE - HKU\S-1-5-21-1340476193-1627373412-1124528107-1003\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-1340476193-1627373412-1124528107-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1340476193-1627373412-1124528107-1003\..\SearchScopes\{0B4B8EF6-1D53-446B-96E8-5D5E8B285225}: "URL" = http://slirsredirect...y={searchTerms}
IE - HKU\S-1-5-21-1340476193-1627373412-1124528107-1003\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask...2B-C596E238AD93
IE - HKU\S-1-5-21-1340476193-1627373412-1124528107-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7ADFA_en
IE - HKU\S-1-5-21-1340476193-1627373412-1124528107-1003\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg....pr&d=2012-07-26 00:36:47&v=12.1.0.21&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-1340476193-1627373412-1124528107-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1340476193-1627373412-1124528107-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledAddons: {3DB5ABE1-407D-458F-AD5D-8D89BD625CCC}:1.2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:1.2.1
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.660: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.660: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.660: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\AFSHEEN KHAN\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\AFSHEEN KHAN\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\AFSHEEN KHAN\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\AFSHEEN KHAN\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Cricket Broadband Connect\Bytemobile\addon\ [2012/09/05 17:41:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2012/09/05 17:39:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/09/05 17:42:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/09/05 17:41:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/05 17:41:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/05 16:22:14 | 000,000,000 | ---D | M]

[2010/07/11 22:58:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\AFSHEEN KHAN\AppData\Roaming\Mozilla\Extensions
[2012/07/04 12:37:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\AFSHEEN KHAN\AppData\Roaming\Mozilla\Firefox\Profiles\x3dpi6oh.default\extensions
[2012/09/05 17:42:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\AFSHEEN KHAN\AppData\Roaming\Mozilla\Firefox\Profiles\x3dpi6oh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/09/05 17:42:33 | 000,000,000 | ---D | M] (Veehd Plugin) -- C:\Users\AFSHEEN KHAN\AppData\Roaming\Mozilla\Firefox\Profiles\x3dpi6oh.default\extensions\{3DB5ABE1-407D-458F-AD5D-8D89BD625CCC}
[2012/04/27 23:12:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/09/05 17:41:50 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/07/21 12:24:57 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/03/27 18:06:04 | 000,067,032 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npContribute.dll
[2012/04/06 12:58:56 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/07/26 00:36:12 | 000,003,750 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/06/17 21:09:29 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/17 21:09:29 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.83\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\AFSHEEN KHAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Adobe Contribute CS5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npContribute.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealNetworks™ RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\AFSHEEN KHAN\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\AFSHEEN KHAN\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\AFSHEEN KHAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\AFSHEEN KHAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: We-Care Reminder = C:\Users\AFSHEEN KHAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ippkomaaonokjnfjoikaemidanojkfmm\1.0.0.25_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\AFSHEEN KHAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Skype Click to Call = C:\Users\AFSHEEN KHAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
CHR - Extension: BitTorrentBar = C:\Users\AFSHEEN KHAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhfdcmehmjcclgopdodkjdicohagipid\2.3.15.10_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\AFSHEEN KHAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: Gmail = C:\Users\AFSHEEN KHAN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/07/26 04:03:43 | 000,000,761 | RHS- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (no name) - {11111111-1111-1111-1111-110011501160} - No CLSID value found.
O2 - BHO: (no name) - {21608B66-026F-4DCB-9244-0DACA328DCED} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll File not found
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (VideoFileDownload) - {47CEEE9C-3B9B-492C-95CA-1AC3A99D154C} - C:\Program Files\OApps\bho_project.dll (VideoFileDownload)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKU\S-1-5-21-1340476193-1627373412-1124528107-1003\..\Toolbar\WebBrowser: (no name) - {1921F97A-D9D4-418D-97CF-1F2CB1EE2CD6} - No CLSID value found.
O3 - HKU\S-1-5-21-1340476193-1627373412-1124528107-1003\..\Toolbar\WebBrowser: (no name) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No CLSID value found.
O3 - HKU\S-1-5-21-1340476193-1627373412-1124528107-1003\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\S-1-5-21-1340476193-1627373412-1124528107-1003\..\Toolbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No CLSID value found.
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Athan] C:\Program Files\Athan\Athan.exe (www.IslamicFinder.org)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\SAMSUNG\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [OneCareUI] C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe (Microsoft Corporation)
O4 - HKLM..\Run: [picon] C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe (Intel Corporation)
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmartWiHelper] C:\Program Files\Sony Corporation\SmartWi Connection Utility\SmartWiHelper.exe (Sony Electronics Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VAIO Help and Support Demo] C:\Program Files\Sony\VAIO Help and Support Demo\LaunchVHSD.exe ()
O4 - HKLM..\Run: [VWLASU] C:\Program Files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe (Sony Electronics, Inc.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1340476193-1627373412-1124528107-1003..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-1340476193-1627373412-1124528107-1003..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKU\S-1-5-21-1340476193-1627373412-1124528107-1003..\Run: [KiesPDLR] C:\Program Files\SAMSUNG\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-21-1340476193-1627373412-1124528107-1003..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-21-1340476193-1627373412-1124528107-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKU\S-1-5-21-1340476193-1627373412-1124528107-1003..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - HKU\S-1-5-21-1340476193-1627373412-1124528107-1003..\Run: [Xvid] C:\Program Files\Xvid\CheckUpdate.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-1340476193-1627373412-1124528107-1003\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-1340476193-1627373412-1124528107-1003\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-1340476193-1627373412-1124528107-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000034 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000036 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000037 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000038 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000039 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000040 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000041 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000042 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000043 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} Reg Error: Value error. (Microsoft Office Template and Media Control)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zon...wn.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} Reg Error: Value error. (SysInfo Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{36F78B4E-AAF9-42E8-A0AB-AE99B8AE2D89}: DhcpNameServer = 192.168.43.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AB107EE1-7DFA-4692-97C3-50198513D960}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FD4BDE7C-15C0-41B5-A334-C999ABD104CD}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll File not found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\System32\vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\psfus: DllName - (C:\Windows\system32\psqlpwd.dll) - C:\Windows\System32\psqlpwd.dll (UPEK Inc.)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img4.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img4.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{004274da-c91f-11df-b594-001e3df2f74f}\Shell\AutoRun\command - "" = G:\setupSNK.exe
O33 - MountPoints2\{004274dd-c91f-11df-b594-001e3df2f74f}\Shell - "" = AutoRun
O33 - MountPoints2\{004274dd-c91f-11df-b594-001e3df2f74f}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{3e633ad9-b3ec-11df-86d9-001e3df2f74f}\Shell - "" = AutoRun
O33 - MountPoints2\{3e633ad9-b3ec-11df-86d9-001e3df2f74f}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{40fd63fd-9852-11df-97ed-001dbafc44e0}\Shell - "" = AutoRun
O33 - MountPoints2\{40fd63fd-9852-11df-97ed-001dbafc44e0}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{735f8dbe-a584-11df-9f9b-001e3df2f74f}\Shell - "" = AutoRun
O33 - MountPoints2\{735f8dbe-a584-11df-9f9b-001e3df2f74f}\Shell\AutoRun\command - "" = G:\Start.exe
O33 - MountPoints2\{735f8dbe-a584-11df-9f9b-001e3df2f74f}\Shell\menu1\command - "" = G:\Start.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - C:\Windows\system32\FastUserSwitchingCompatibilityex.dll File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Sharedaccess - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: wuauserv - File not found
NetSvcs: BITS - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/09/06 10:44:58 | 000,000,000 | ---D | C] -- C:\Users\AFSHEEN KHAN\AppData\Local\{9DA6C90C-EA4A-4242-9237-8FE182666D27}
[2012/09/05 16:19:49 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/09/05 16:15:40 | 000,000,000 | ---D | C] -- C:\Users\AFSHEEN KHAN\AppData\Local\{266CE196-CC36-4A12-B8C9-D960A7D5E36E}
[2012/09/05 15:53:02 | 000,000,000 | -H-D | C] -- C:\Windows\Application Data
[2012/09/05 15:53:01 | 000,000,000 | ---D | C] -- C:\HTC
[2012/09/04 00:33:34 | 000,000,000 | ---D | C] -- C:\FRST
[2012/08/26 13:33:03 | 000,000,000 | ---D | C] -- C:\Users\AFSHEEN KHAN\AppData\Local\{F8FB9F80-BCE1-4110-A67E-884F9C2A21D9}
[2012/08/26 11:55:00 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight(20166)
[2012/08/26 01:17:37 | 000,000,000 | ---D | C] -- C:\Users\AFSHEEN KHAN\AppData\Local\{32BE119F-92C0-47B5-B108-7AF5E9B76A0D}
[2012/08/26 00:57:51 | 000,000,000 | ---D | C] -- C:\Users\AFSHEEN KHAN\Documents\BatmanBeginsAllLanguages
[2012/08/26 00:54:14 | 000,000,000 | ---D | C] -- C:\Users\AFSHEEN KHAN\Documents\A.Reham Sudais + Urdu Translation 2.1 GB
[2012/08/26 00:50:45 | 000,000,000 | ---D | C] -- C:\Users\AFSHEEN KHAN\Documents\Batman.Begins.2005.720p.BluRay.DTS.x264-ESiR [PublicHD]
[2012/08/25 23:02:51 | 000,000,000 | ---D | C] -- C:\Users\AFSHEEN KHAN\AppData\Local\{2CF69A43-AA04-49BF-88F9-776447113F55}
[2012/08/24 12:55:37 | 000,000,000 | ---D | C] -- C:\Users\AFSHEEN KHAN\AppData\Local\{9EE67DB5-CB89-4725-998F-F1001F99E4F1}
[2012/08/24 00:23:45 | 000,000,000 | ---D | C] -- C:\Users\AFSHEEN KHAN\AppData\Local\{67930A5B-DA90-13E6-12CD-D566F2A4AE3E}
[2012/08/23 15:24:33 | 000,000,000 | ---D | C] -- C:\Users\AFSHEEN KHAN\AppData\Local\{78977124-8428-5D2A-0C81-D825EC4EB62D}
[2012/08/23 13:39:54 | 000,000,000 | ---D | C] -- C:\Users\AFSHEEN KHAN\AppData\Local\{A84F220C-F631-0CC7-F8FF-2079D8D5A6B4}
[2012/08/23 13:11:39 | 000,000,000 | ---D | C] -- C:\Users\AFSHEEN KHAN\AppData\Local\{66A564E9-DF55-407A-8DDB-4F35CEAB2DB3}
[2012/08/22 19:38:09 | 000,000,000 | ---D | C] -- C:\Users\AFSHEEN KHAN\AppData\Local\{95503354-C031-4499-A3FF-95BB1AA199EF}
[2012/08/22 16:42:40 | 000,000,000 | ---D | C] -- C:\Users\AFSHEEN KHAN\AppData\Local\{5728EEBD-5C83-41E5-8015-998F936082FA}
[2012/08/21 22:37:37 | 000,000,000 | ---D | C] -- C:\Users\AFSHEEN KHAN\AppData\Local\{80E0AF51-BB4E-42D2-95F3-9892BAB2F1D5}
[2012/08/21 03:02:02 | 000,000,000 | ---D | C] -- C:\Users\AFSHEEN KHAN\AppData\Local\{D2AD190F-5AC9-4C0C-8459-F79D227C6B4A}
[2012/08/17 18:56:46 | 000,000,000 | ---D | C] -- C:\Users\AFSHEEN KHAN\AppData\Local\{77DB4F6D-96E2-43A5-AE15-066717451B1A}
[2012/08/17 18:56:11 | 000,000,000 | ---D | C] -- C:\Users\AFSHEEN KHAN\AppData\Local\{2DF3CE21-19E1-4B5F-A1CB-35CF1A37D2EF}
[2012/08/16 12:09:59 | 000,000,000 | ---D | C] -- C:\Users\AFSHEEN KHAN\AppData\Local\{115A89D5-FEB4-495B-8D29-1F870C6C388E}
[2012/08/16 12:09:21 | 000,000,000 | ---D | C] -- C:\Users\AFSHEEN KHAN\AppData\Local\{A1A997FB-6B34-4113-AEE0-914619D53BB0}
[2012/08/14 12:03:31 | 000,000,000 | ---D | C] -- C:\Users\AFSHEEN KHAN\AppData\Local\{ED060A17-67AC-4602-A0C4-1B3AE0C0D5F4}
[2012/08/14 12:02:55 | 000,000,000 | ---D | C] -- C:\Users\AFSHEEN KHAN\AppData\Local\{8B1FD8BD-3958-4FFE-96F5-D98736C6F95F}
[2012/08/12 15:26:50 | 000,000,000 | ---D | C] -- C:\Users\AFSHEEN KHAN\AppData\Local\{89F0B8D8-83A5-4406-A44D-E96095C75930}
[2012/08/12 15:26:11 | 000,000,000 | ---D | C] -- C:\Users\AFSHEEN KHAN\AppData\Local\{3855079B-F2B0-4517-90B9-BF52FA29742D}
[2012/08/11 13:38:24 | 000,000,000 | ---D | C] -- C:\Users\AFSHEEN KHAN\AppData\Local\{049966C3-A8A9-4216-85BF-103D45D87EB3}
[2012/08/11 13:37:26 | 000,000,000 | ---D | C] -- C:\Users\AFSHEEN KHAN\AppData\Local\{3601E2C7-06F1-431E-B316-14DF225DE662}
[2012/08/10 02:29:33 | 000,000,000 | ---D | C] -- C:\Users\AFSHEEN KHAN\AppData\Local\{DAF11C1E-ABBB-F52E-2427-D20D0408BB92}
[2012/08/10 01:07:28 | 000,000,000 | R--D | C] -- C:\Users\AFSHEEN KHAN\Dropbox
[2012/08/10 01:05:25 | 000,000,000 | ---D | C] -- C:\Users\AFSHEEN KHAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2012/08/10 01:02:55 | 000,000,000 | ---D | C] -- C:\Users\AFSHEEN KHAN\AppData\Roaming\Dropbox
[2012/08/09 17:50:30 | 000,000,000 | ---D | C] -- C:\Users\AFSHEEN KHAN\AppData\Local\{076B2363-4C75-49F2-9A3D-195A6D0296E4}
[2012/08/09 17:49:56 | 000,000,000 | ---D | C] -- C:\Users\AFSHEEN KHAN\AppData\Local\{6025605F-19CF-4C9E-B93F-A1235AAFB20B}
[2012/08/08 22:07:52 | 000,000,000 | ---D | C] -- C:\Users\AFSHEEN KHAN\AppData\Local\{F17F1C53-F7AE-47CB-9D96-1815496BD1FA}
[2012/08/08 22:07:21 | 000,000,000 | ---D | C] -- C:\Users\AFSHEEN KHAN\AppData\Local\{5ABB6E50-104F-4D77-A77C-CE4B55EE33A6}
[2012/08/08 15:04:18 | 000,000,000 | ---D | C] -- C:\Users\AFSHEEN KHAN\AppData\Local\{BBAB8E51-E2A3-40F1-8FBA-DF426F7D40EC}
[2012/08/08 03:54:13 | 000,000,000 | ---D | C] -- C:\Users\AFSHEEN KHAN\AppData\Local\{57F90403-0617-4E3E-AA36-1529F9D3882A}
[2012/08/08 03:53:22 | 000,000,000 | ---D | C] -- C:\Users\AFSHEEN KHAN\AppData\Local\{283993B8-4D9E-441E-8E2E-A817A05B3617}
[2012/08/08 00:15:06 | 000,000,000 | ---D | C] -- C:\Users\AFSHEEN KHAN\AppData\Local\{C5CC97C8-5BA0-C72D-5E0E-B9FC3DE5BF96}
[2012/08/07 21:52:52 | 000,000,000 | ---D | C] -- C:\Users\AFSHEEN KHAN\AppData\Local\{E76C31F5-78A8-7AA5-0586-9BF0E54876E8}
[2012/08/07 12:00:03 | 000,000,000 | ---D | C] -- C:\Users\AFSHEEN KHAN\AppData\Local\{41AC36AB-CC84-4785-8498-F3BF6479393A}
[2012/08/07 11:57:54 | 000,000,000 | ---D | C] -- C:\Users\AFSHEEN KHAN\AppData\Local\{9A050CA2-9EF4-4B39-94FE-2A291395A61E}
[2012/08/07 11:57:17 | 000,000,000 | ---D | C] -- C:\Users\AFSHEEN KHAN\AppData\Local\{31F45EB9-0A8F-4548-A07D-FC6BBEB0FF8B}
[2010/08/13 22:59:47 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpeAB79.dll
[1 C:\Users\AFSHEEN KHAN\Documents\*.tmp files -> C:\Users\AFSHEEN KHAN\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/06 11:01:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/06 10:53:04 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1340476193-1627373412-1124528107-1003UA.job
[2012/09/06 10:46:07 | 000,667,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/09/06 10:46:06 | 000,127,622 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/09/06 10:42:57 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/09/06 10:41:13 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/06 10:39:40 | 000,003,744 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/06 10:39:39 | 000,003,744 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/06 10:39:34 | 000,000,318 | -HS- | M] () -- C:\Windows\tasks\Thnqb.job
[2012/09/06 10:39:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/06 10:39:29 | 3149,901,824 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/05 19:44:12 | 000,002,140 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/09/05 18:53:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1340476193-1627373412-1124528107-1003Core.job
[2012/09/05 15:50:46 | 000,137,216 | ---- | M] () -- C:\Users\AFSHEEN KHAN\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/09/05 15:47:09 | 148,029,187 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/08/28 21:38:58 | 000,310,374 | ---- | M] () -- C:\Users\AFSHEEN KHAN\Scr_sht_3.jpg
[2012/08/28 21:38:14 | 000,307,052 | ---- | M] () -- C:\Users\AFSHEEN KHAN\Scr_sht_2.jpg
[2012/08/28 21:37:29 | 000,294,331 | ---- | M] () -- C:\Users\AFSHEEN KHAN\Scr_sht_1.jpg
[2012/08/27 15:07:59 | 000,001,356 | ---- | M] () -- C:\Users\AFSHEEN KHAN\AppData\Local\d3d9caps.dat
[2012/08/26 13:40:26 | 007,805,548 | ---- | M] () -- C:\Users\AFSHEEN KHAN\Desktop\FreeVector-Ants-Vector.zip
[2012/08/26 13:40:11 | 015,339,346 | ---- | M] () -- C:\Users\AFSHEEN KHAN\Desktop\outdoor_travel_theme_icon_vector_153217.zip
[2012/08/21 03:53:02 | 000,065,835 | ---- | M] () -- C:\Users\AFSHEEN KHAN\Desktop\mehndi-design-8.jpg
[2012/08/20 15:58:36 | 000,023,654 | ---- | M] () -- C:\Users\AFSHEEN KHAN\Desktop\400549_10151035020968127_1726734149_n.jpg
[2012/08/20 15:01:05 | 000,129,392 | ---- | M] () -- C:\Users\AFSHEEN KHAN\Desktop\Eid-mehndi-designs-2012.jpg
[2012/08/20 14:14:54 | 000,237,002 | ---- | M] () -- C:\Users\AFSHEEN KHAN\Desktop\1341829880_412078242_1-Pictures-of--Mehndi-Designs-2012.jpg.gif
[2012/08/11 15:47:18 | 117,117,376 | ---- | M] () -- C:\Users\AFSHEEN KHAN\Desktop\BBQ_Invitation_1.avi
[2012/08/10 03:43:14 | 036,556,435 | ---- | M] () -- C:\Users\AFSHEEN KHAN\Desktop\Serenity-Podcast-Overcoming-Hardships.mp3
[2012/08/10 03:30:06 | 052,143,193 | ---- | M] () -- C:\Users\AFSHEEN KHAN\Desktop\anger-management.mp3
[2012/08/09 23:42:27 | 000,055,790 | ---- | M] () -- C:\Users\AFSHEEN KHAN\Desktop\56gRY.jpg
[2012/08/09 23:42:11 | 000,080,571 | ---- | M] () -- C:\Users\AFSHEEN KHAN\Desktop\Kamdani-Collection-2010-8.jpg
[2012/08/09 19:53:07 | 000,481,252 | ---- | M] () -- C:\Users\AFSHEEN KHAN\Desktop\Untitled.png
[2012/08/09 00:27:10 | 001,560,670 | ---- | M] () -- C:\Users\AFSHEEN KHAN\Desktop\Tickets.ai
[2012/08/08 18:20:19 | 003,585,527 | ---- | M] () -- C:\Users\AFSHEEN KHAN\Desktop\dinner flyer.ai
[2012/08/08 17:52:09 | 003,941,299 | ---- | M] () -- C:\Users\AFSHEEN KHAN\Desktop\Final_Poster.jpg.dwg
[2012/08/08 15:27:39 | 000,120,943 | ---- | M] () -- C:\Users\AFSHEEN KHAN\Desktop\label.jpg
[2012/08/08 15:27:31 | 001,422,193 | ---- | M] () -- C:\Users\AFSHEEN KHAN\Desktop\label.ai
[2012/08/07 16:34:58 | 001,543,982 | ---- | M] () -- C:\Users\AFSHEEN KHAN\Desktop\realistic_water.rar
[1 C:\Users\AFSHEEN KHAN\Documents\*.tmp files -> C:\Users\AFSHEEN KHAN\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/05 16:10:33 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{8aae17e6-5e51-4061-d77f-f0b85161e693}\U\[email protected]
[2012/09/05 16:10:29 | 000,013,312 | ---- | C] () -- C:\Windows\Installer\{8aae17e6-5e51-4061-d77f-f0b85161e693}\U\[email protected]
[2012/09/05 16:10:28 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{8aae17e6-5e51-4061-d77f-f0b85161e693}\U\[email protected]
[2012/09/05 16:10:28 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{8aae17e6-5e51-4061-d77f-f0b85161e693}\U\[email protected]
[2012/09/05 15:48:53 | 000,090,624 | ---- | C] () -- C:\Windows\Installer\{8aae17e6-5e51-4061-d77f-f0b85161e693}\U\[email protected]
[2012/09/05 15:47:16 | 3149,901,824 | -HS- | C] () -- C:\hiberfil.sys
[2012/08/28 21:38:56 | 000,310,374 | ---- | C] () -- C:\Users\AFSHEEN KHAN\Scr_sht_3.jpg
[2012/08/28 21:38:13 | 000,307,052 | ---- | C] () -- C:\Users\AFSHEEN KHAN\Scr_sht_2.jpg
[2012/08/28 21:37:29 | 000,294,331 | ---- | C] () -- C:\Users\AFSHEEN KHAN\Scr_sht_1.jpg
[2012/08/21 03:53:00 | 000,065,835 | ---- | C] () -- C:\Users\AFSHEEN KHAN\Desktop\mehndi-design-8.jpg
[2012/08/20 15:58:33 | 000,023,654 | ---- | C] () -- C:\Users\AFSHEEN KHAN\Desktop\400549_10151035020968127_1726734149_n.jpg
[2012/08/20 14:14:54 | 000,237,002 | ---- | C] () -- C:\Users\AFSHEEN KHAN\Desktop\1341829880_412078242_1-Pictures-of--Mehndi-Designs-2012.jpg.gif
[2012/08/19 23:14:31 | 000,129,392 | ---- | C] () -- C:\Users\AFSHEEN KHAN\Desktop\Eid-mehndi-designs-2012.jpg
[2012/08/10 03:41:48 | 036,556,435 | ---- | C] () -- C:\Users\AFSHEEN KHAN\Desktop\Serenity-Podcast-Overcoming-Hardships.mp3
[2012/08/09 23:42:26 | 000,055,790 | ---- | C] () -- C:\Users\AFSHEEN KHAN\Desktop\56gRY.jpg
[2012/08/09 23:42:11 | 000,080,571 | ---- | C] () -- C:\Users\AFSHEEN KHAN\Desktop\Kamdani-Collection-2010-8.jpg
[2012/08/09 23:23:02 | 052,143,193 | ---- | C] () -- C:\Users\AFSHEEN KHAN\Desktop\anger-management.mp3
[2012/08/09 19:53:04 | 000,481,252 | ---- | C] () -- C:\Users\AFSHEEN KHAN\Desktop\Untitled.png
[2012/08/09 00:24:37 | 001,560,670 | ---- | C] () -- C:\Users\AFSHEEN KHAN\Desktop\Tickets.ai
[2012/08/08 17:51:56 | 003,941,299 | ---- | C] () -- C:\Users\AFSHEEN KHAN\Desktop\Final_Poster.jpg.dwg
[2012/08/07 23:52:49 | 000,120,943 | ---- | C] () -- C:\Users\AFSHEEN KHAN\Desktop\label.jpg
[2012/08/07 21:40:29 | 003,585,527 | ---- | C] () -- C:\Users\AFSHEEN KHAN\Desktop\dinner flyer.ai
[2012/08/07 17:43:47 | 001,422,193 | ---- | C] () -- C:\Users\AFSHEEN KHAN\Desktop\label.ai
[2012/08/07 16:41:21 | 001,543,982 | ---- | C] () -- C:\Users\AFSHEEN KHAN\Desktop\realistic_water.rar
[2012/08/06 03:53:50 | 003,629,820 | ---- | C] () -- C:\Users\AFSHEEN KHAN\Untitled-1.ai
[2012/07/26 13:20:27 | 002,846,240 | ---- | C] () -- C:\Users\AFSHEEN KHAN\(001)alfatiha.mp3
[2012/07/26 13:20:27 | 000,000,987 | ---- | C] () -- C:\Users\AFSHEEN KHAN\systemlog
[2012/07/24 13:01:11 | 000,000,087 | -HS- | C] () -- C:\Users\AFSHEEN KHAN\AppData\Roaming\winset.ini
[2012/07/24 13:01:08 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{8aae17e6-5e51-4061-d77f-f0b85161e693}\L\[email protected]
[2012/07/18 14:41:24 | 000,000,140 | ---- | C] () -- C:\Windows\winamp.ini
[2012/06/29 12:58:08 | 000,000,132 | ---- | C] () -- C:\Users\AFSHEEN KHAN\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/06/26 00:04:42 | 000,000,038 | ---- | C] () -- C:\Windows\camcodec100.ini
[2012/06/25 23:31:10 | 000,000,067 | ---- | C] () -- C:\Windows\swf2avi.INI
[2012/05/16 20:58:56 | 000,000,132 | ---- | C] () -- C:\Users\AFSHEEN KHAN\AppData\Roaming\Adobe Targa Format CS5 Prefs
[2012/05/04 00:03:49 | 000,001,456 | ---- | C] () -- C:\Users\AFSHEEN KHAN\AppData\Local\Adobe Save for Web 12.0 Prefs
[2012/04/11 12:33:13 | 000,184,988 | ---- | C] () -- C:\Windows\System32\mlfcache.dat
[2012/01/11 15:35:15 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{8aae17e6-5e51-4061-d77f-f0b85161e693}\@
[2011/11/29 17:38:18 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011/11/29 17:38:12 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011/11/29 17:38:12 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011/11/29 17:38:12 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011/11/29 17:38:12 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011/10/16 19:59:36 | 000,000,056 | ---- | C] () -- C:\Windows\System32\ezsidmv.dat
[2011/07/08 01:16:15 | 000,169,545 | ---- | C] () -- C:\Users\AFSHEEN KHAN\hm samreen.jpg
[2011/06/18 00:39:23 | 000,020,552 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/06/12 22:35:52 | 000,758,018 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/06/12 22:35:52 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/06/05 13:04:24 | 000,000,000 | ---- | C] () -- C:\Users\AFSHEEN KHAN\AppData\Local\{53F0DBB1-96B9-4FDF-BBDF-92CEC6E51544}
[2011/04/19 11:01:32 | 000,000,146 | ---- | C] () -- C:\Windows\WININIT.INI
[2011/03/22 01:00:19 | 000,000,023 | ---- | C] () -- C:\Windows\System32\sysmwwod.dll
[2010/08/31 00:23:57 | 000,001,356 | ---- | C] () -- C:\Users\AFSHEEN KHAN\AppData\Local\d3d9caps.dat
[2010/08/10 14:01:51 | 000,002,734 | ---- | C] () -- C:\Users\AFSHEEN KHAN\.recently-used.xbel
[2010/08/04 03:42:13 | 000,137,216 | ---- | C] () -- C:\Users\AFSHEEN KHAN\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2012/03/24 16:59:07 | 000,000,000 | ---D | M] -- C:\Users\AFSHEEN KHAN\AppData\Roaming\Aiseesoft Studio
[2011/10/22 19:08:22 | 000,000,000 | ---D | M] -- C:\Users\AFSHEEN KHAN\AppData\Roaming\AnvSoft
[2012/09/05 17:42:26 | 000,000,000 | ---D | M] -- C:\Users\AFSHEEN KHAN\AppData\Roaming\Audacity
[2012/09/05 17:42:26 | 000,000,000 | ---D | M] -- C:\Users\AFSHEEN KHAN\AppData\Roaming\BitTorrent
[2012/05/04 12:32:47 | 000,000,000 | ---D | M] -- C:\Users\AFSHEEN KHAN\AppData\Roaming\Blender Foundation
[2010/08/15 15:26:34 | 000,000,000 | ---D | M] -- C:\Users\AFSHEEN KHAN\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/05/31 22:00:33 | 000,000,000 | ---D | M] -- C:\Users\AFSHEEN KHAN\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2010/10/26 15:16:57 | 000,000,000 | ---D | M] -- C:\Users\AFSHEEN KHAN\AppData\Roaming\com.adobe.ExMan
[2011/09/01 22:27:14 | 000,000,000 | ---D | M] -- C:\Users\AFSHEEN KHAN\AppData\Roaming\com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1
[2011/10/11 00:59:09 | 000,000,000 | ---D | M] -- C:\Users\AFSHEEN KHAN\AppData\Roaming\Digiarty
[2012/08/26 13:32:53 | 000,000,000 | ---D | M] -- C:\Users\AFSHEEN KHAN\AppData\Roaming\Dropbox
[2011/05/28 23:35:58 | 000,000,000 | ---D | M] -- C:\Users\AFSHEEN KHAN\AppData\Roaming\DVDVideoSoft
[2010/12/13 20:47:58 | 000,000,000 | ---D | M] -- C:\Users\AFSHEEN KHAN\AppData\Roaming\FileZilla
[2011/09/12 22:45:17 | 000,000,000 | ---D | M] -- C:\Users\AFSHEEN KHAN\AppData\Roaming\Fingerfox (SE)
[2012/09/05 17:42:32 | 000,000,000 | ---D | M] -- C:\Users\AFSHEEN KHAN\AppData\Roaming\FreeFLVConverter
[2012/09/05 17:42:32 | 000,000,000 | ---D | M] -- C:\Users\AFSHEEN KHAN\AppData\Roaming\FreeVideoConverter
[2012/09/05 17:42:32 | 000,000,000 | ---D | M] -- C:\Users\AFSHEEN KHAN\AppData\Roaming\gtk-2.0
[2012/06/25 17:27:26 | 000,000,000 | ---D | M] -- C:\Users\AFSHEEN KHAN\AppData\Roaming\HandBrake
[2012/02/20 13:09:22 | 000,000,000 | ---D | M] -- C:\Users\AFSHEEN KHAN\AppData\Roaming\HTC
[2012/02/20 13:09:40 | 000,000,000 | ---D | M] -- C:\Users\AFSHEEN KHAN\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2010/08/02 22:59:25 | 000,000,000 | ---D | M] -- C:\Users\AFSHEEN KHAN\AppData\Roaming\InterVideo
[2012/05/25 12:37:55 | 000,000,000 | ---D | M] -- C:\Users\AFSHEEN KHAN\AppData\Roaming\OfficeRecovery
[2012/02/02 00:07:32 | 000,000,000 | ---D | M] -- C:\Users\AFSHEEN KHAN\AppData\Roaming\OpenCandy
[2012/07/04 12:35:56 | 000,000,000 | ---D | M] -- C:\Users\AFSHEEN KHAN\AppData\Roaming\PerformerSoft
[2012/07/30 14:14:09 | 000,000,000 | ---D | M] -- C:\Users\AFSHEEN KHAN\AppData\Roaming\Roaming
[2012/02/19 21:06:44 | 000,000,000 | ---D | M] -- C:\Users\AFSHEEN KHAN\AppData\Roaming\Samsung
[2010/10/16 14:44:24 | 000,000,000 | ---D | M] -- C:\Users\AFSHEEN KHAN\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/09/05 17:42:34 | 000,000,000 | ---D | M] -- C:\Users\AFSHEEN KHAN\AppData\Roaming\SystemRequirementsLab
[2012/09/05 17:42:34 | 000,000,000 | ---D | M] -- C:\Users\AFSHEEN KHAN\AppData\Roaming\W Photo Studio Viewer
[2010/08/10 13:45:42 | 000,000,000 | ---D | M] -- C:\Users\AFSHEEN KHAN\AppData\Roaming\WeatherBug
[2011/06/04 02:18:43 | 000,000,000 | ---D | M] -- C:\Users\AFSHEEN KHAN\AppData\Roaming\WhiteSmoke
[2011/04/19 11:16:17 | 000,000,000 | ---D | M] -- C:\Users\AFSHEEN KHAN\AppData\Roaming\WinAVI
[2011/04/27 16:24:17 | 000,000,000 | ---D | M] -- C:\Users\AFSHEEN KHAN\AppData\Roaming\Windows Live Writer
[2012/06/25 14:10:44 | 000,000,000 | ---D | M] -- C:\Users\AFSHEEN KHAN\AppData\Roaming\Xilisoft
[2012/03/02 23:16:39 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\HTC
[2012/09/05 19:44:13 | 000,032,526 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/09/06 10:39:34 | 000,000,318 | -HS- | M] () -- C:\Windows\Tasks\Thnqb.job
[2010/12/17 04:47:39 | 000,000,432 | ---- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{8B2A41AD-B2C7-4928-8E73-9E3A198035B5}.job

========== Purity Check ==========



========== Custom Scans ==========

========== Base Services ==========
SRV - [2006/11/02 04:46:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2008/01/20 21:24:43 | 000,033,280 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appinfo.dll -- (Appinfo)
SRV - [2008/01/20 21:24:42 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\alg.exe -- (ALG)
No service found with a name of BITS
No service found with a name of BFE
SRV - [2011/11/16 09:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\lsass.exe -- (KeyIso)
SRV - [2009/04/11 01:28:19 | 000,268,800 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\es.dll -- (EventSystem)
SRV - [2008/01/20 21:24:58 | 000,081,920 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\browser.dll -- (Browser)
SRV - [2012/04/23 11:00:53 | 000,133,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2009/04/11 01:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (DcomLaunch)
SRV - [2009/04/11 01:28:18 | 000,204,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcsvc.dll -- (Dhcp)
SRV - [2011/03/02 10:44:27 | 000,086,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2008/01/20 21:25:28 | 000,057,344 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\eapsvc.dll -- (EapHost)
SRV - [2009/04/11 01:28:19 | 000,026,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\hidserv.dll -- (hidserv)
No service found with a name of SharedAccess
SRV - [2009/04/11 01:28:20 | 000,364,032 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV - [2009/04/11 01:28:24 | 000,311,808 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\swprv.dll -- (swprv)
SRV - [2008/01/20 21:25:20 | 000,045,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\mmcss.dll -- (MMCSS)
SRV - [2008/01/20 21:24:39 | 000,274,432 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\netman.dll -- (Netman)
SRV - [2008/01/20 21:24:49 | 000,237,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\netprofm.dll -- (netprofm)
SRV - [2008/01/20 21:24:11 | 000,168,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nlasvc.dll -- (NlaSvc)
SRV - [2008/01/20 21:25:11 | 000,018,432 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\nsisvc.dll -- (nsi)
SRV - [2009/04/11 01:28:25 | 000,222,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2010/08/17 09:11:37 | 000,128,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\spoolsv.exe -- (Spooler)
SRV - [2011/11/16 09:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\lsass.exe -- (ProtectedStorage)
SRV - [2009/04/11 01:28:19 | 000,564,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\emdmgmt.dll -- (EMDMgmt)
SRV - [2008/01/20 21:24:45 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\rasauto.dll -- (RasAuto)
SRV - [2009/04/11 01:28:24 | 000,262,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\rasmans.dll -- (RasMan)
SRV - [2009/04/11 01:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\rpcss.dll -- (RpcSs)
SRV - [2008/01/20 21:24:57 | 000,019,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2011/11/16 09:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lsass.exe -- (SamSs)
No service found with a name of wscsvc
SRV - [2010/09/06 11:20:29 | 000,125,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\srvsvc.dll -- (LanmanServer)
SRV - [2009/07/10 06:47:42 | 000,247,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (ShellHWDetection)
SRV - [2009/04/11 01:27:49 | 003,408,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\SLsvc.exe -- (slsvc)
SRV - [2010/11/04 13:55:12 | 000,601,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\schedsvc.dll -- (Schedule)
SRV - [2009/04/11 01:28:24 | 000,242,688 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\tapisrv.dll -- (TapiSrv)
SRV - [2009/07/10 06:47:42 | 000,247,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\shsvcs.dll -- (Themes)
SRV - [2009/04/11 01:28:23 | 000,153,088 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\profsvc.dll -- (ProfSvc)
SRV - [2009/04/11 01:28:10 | 001,055,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\VSSVC.exe -- (VSS)
SRV - [2009/04/11 01:28:18 | 000,315,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (Audiosrv)
SRV - [2009/04/11 01:28:18 | 000,315,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2008/01/20 21:23:52 | 000,104,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sdrsvc.dll -- (SDRSVC)
No service found with a name of WinDefend
SRV - [2009/04/11 01:28:25 | 001,017,856 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wevtsvc.dll -- (Eventlog)
No service found with a name of MpsSvc
SRV - [2009/04/11 01:28:25 | 000,453,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wiaservc.dll -- (stisvc)
SRV - [2009/04/11 01:27:45 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver)
SRV - [2009/04/11 01:28:25 | 000,162,304 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wbem\WMIsvc.dll -- (Winmgmt)
No service found with a name of wuauserv
SRV - [2009/04/11 01:28:18 | 000,175,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\dot3svc.dll -- (dot3svc)
SRV - [2009/07/11 14:01:42 | 000,513,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wlansvc.dll -- (Wlansvc)
SRV - [2009/06/10 06:42:23 | 000,160,256 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\wkssvc.dll -- (LanmanWorkstation)

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2008/10/29 01:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 22:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 21:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/20 21:24:50 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: QMGR.DLL >
[2008/01/20 21:25:26 | 000,758,272 | ---- | M] (Microsoft Corporation) MD5=02ED7B4DBC2A3232A389106DA7515C3D -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6001.18000_none_2390c4ecf9720b8c\qmgr.dll
[2009/04/11 01:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation) MD5=93952506C6D67330367F7E7934B6A02F -- C:\Windows\System32\qmgr.dll
[2009/04/11 01:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation) MD5=93952506C6D67330367F7E7934B6A02F -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6002.18005_none_257c3df8f693d6d8\qmgr.dll

< MD5 for: SERVICES >
[2006/09/18 16:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\System32\drivers\etc\services
[2006/09/18 16:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\services

< MD5 for: SERVICES.AIP >
[2010/04/07 20:47:20 | 000,132,544 | ---- | M] (Adobe Systems Incorporated) MD5=3E69B3D98D1B184EA96CFBC18CE07CA5 -- C:\Program Files\Adobe\Adobe Illustrator CS5\Plug-ins\Extensions\Services.aip

< MD5 for: SERVICES.CFG >
[2012/07/27 15:51:34 | 000,586,083 | ---- | M] () MD5=6DE4EA437EC1FE6DB27CADB0A7EA8DC2 -- C:\Program Files\Adobe\Reader 10.0\Reader\Services\Services.cfg
[2011/06/06 12:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg

< MD5 for: SERVICES.CSS >
[2005/06/29 17:48:58 | 000,014,339 | ---- | M] () MD5=9D415BDEF74ADF7B0CD791E40A911A38 -- C:\Program Files\Intuit\QuickBooks 2008\Components\Services\services.css

< MD5 for: SERVICES.EXE >
[2008/01/20 21:25:14 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2009/04/11 01:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=8737764F4FD36D6808EE80578409C843 -- C:\Windows\System32\services.exe
[2009/04/11 01:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe

< MD5 for: SERVICES.EXE.MUI >
[2006/11/02 07:40:57 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\System32\en-US\services.exe.mui
[2006/11/02 07:40:57 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_en-us_67c6851b290a1ced\services.exe.mui

< MD5 for: SERVICES.EXE.ND_ >
[2012/08/01 23:27:51 | 000,000,014 | ---- | M] () MD5=FE5FA426A55F4129162E83DBE20864A8 -- C:\ComboFix\services.exe.ND_

< MD5 for: SERVICES.HTML >
[2012/05/29 14:14:14 | 000,009,366 | ---- | M] () MD5=DDC171A812EB510824FBE6499653EB96 -- C:\Users\AFSHEEN KHAN\Documents\NWLC\Services.html

< MD5 for: SERVICES.JPG >
[2012/05/23 20:01:59 | 000,037,384 | ---- | M] () MD5=0351D58D6AF2927F4E2AB6D1E43C59EC -- C:\Users\AFSHEEN KHAN\Documents\A&B project\images\images\services.jpg
[2012/05/24 12:16:36 | 000,036,414 | ---- | M] () MD5=93A9EA33FF930FC2FD93CEE7B510BA58 -- C:\Users\AFSHEEN KHAN\Documents\NWLC\Imgaes\services.jpg

< MD5 for: SERVICES.LNK >
[2008/01/20 21:43:37 | 000,001,688 | ---- | M] () MD5=9C74E1C0BE27F175EA61E9B409C34145 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/20 21:43:37 | 000,001,688 | ---- | M] () MD5=9C74E1C0BE27F175EA61E9B409C34145 -- C:\Users\AFSHEEN KHAN\AppData\Local\Temp\smtmp\1\Programs\Administrative Tools\services.lnk
[2008/01/20 21:43:37 | 000,001,688 | ---- | M] () MD5=9C74E1C0BE27F175EA61E9B409C34145 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

< MD5 for: SERVICES.MOCHIADS.COM.SOL >
[2012/08/09 19:14:15 | 000,000,498 | ---- | M] () MD5=F2208C4A16D42285C8FEC7F86B61140D -- C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3H84A5H5\mochiads.com\services.mochiads.com.sol

< MD5 for: SERVICES.MOF >
[2006/09/18 16:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2006/09/18 16:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.mof
[2006/09/18 16:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.mof

< MD5 for: SERVICES.MSC >
[2006/11/02 07:41:32 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
[2006/09/18 16:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2006/11/02 07:41:32 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.0.6000.16386_en-us_a2085506ff73b6e0\services.msc
[2006/09/18 16:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6001.18000_none_cf63e2a445bae4e3\services.msc

< MD5 for: SERVICES.SBS >
[2010/08/17 00:32:22 | 000,033,779 | ---- | M] () MD5=8473C9C8ED1EF13CEC2AB1A3A9F1AB4E -- C:\Program Files\Spybot - Search & Destroy\Includes\Services.sbs

< MD5 for: SVCHOST.EXE >
[2008/01/20 21:24:10 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/20 21:24:10 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/20 21:25:16 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/20 21:25:16 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/01/20 21:25:17 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< %systemdrive%\$Recycle.Bin|@;true;true;true >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\AFSHEEN KHAN\Desktop\BBQ_Invitation_1.avi:TOC.WMV
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A66A990E

< End of report >




Extras.txt

OTL Extras logfile created on: 9/6/2012 10:57:21 AM - Run 1
OTL by OldTimer - Version 3.2.61.0 Folder = C:\Users\AFSHEEN KHAN\Documents\Downloads
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.93 Gb Total Physical Memory | 1.30 Gb Available Physical Memory | 44.37% Memory free
6.07 Gb Paging File | 4.19 Gb Available in Paging File | 69.01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 291.70 Gb Total Space | 71.52 Gb Free Space | 24.52% Space Free | Partition Type: NTFS
Drive E: | 3.74 Gb Total Space | 1.07 Gb Free Space | 28.76% Space Free | Partition Type: FAT32

Computer Name: AFSHEENKHAN-PC | User Name: AFSHEEN KHAN | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1340476193-1627373412-1124528107-1003\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.1.0.2200
"{055FD05B-BF37-4DA8-9504-88E46552CF43}" = QuickTime SDK
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F5ADA2F-C0B2-4AD6-8FF7-7DFA9D6B4CBA}" = FreeUndelete 2.1.36867.1
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{151CB4B7-FC63-4C72-8A21-5E87EB419DBB}" = Protector Suite QL 5.6
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1B500D37-E7CF-480B-8054-8A563594EC4E}" = VAIO OOBE and Welcome Center
"{1C336D20-A089-4818-9C56-96AD81BF5A11}" = PANTECH USB Modem V2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2018C019-30D9-4240-8C01-0865C10DCF5A}" = VAIO Presentation Support
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{247C5DDA-FFD7-44E0-8BF7-79BC80A0BF87}" = Windows Live Family Safety
"{2656D0AB-9EA4-4C58-A117-635F3CED8B93}" = Microsoft UI Engine
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{288DB08D-0708-4A94-B055-55B99E39EB62}" = Adobe Creative Suite 5 Master Collection
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2AD89908-0987-4B9E-8AB4-905899E4D754}_is1" = Next Video Converter 3.51
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2B3DC7D4-7AC4-40E7-B1E7-40B760B6BB2D}" = USB Access Restriction Setting
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{2F839384-6AB0-449B-8772-25E607036357}" = VAIO Help and Support
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{3273F0D8-3204-4DE5-BE34-AA6613B0E844}" = Mobile PhoneTools
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3851147E-5A91-4469-BA4D-13FFFCC8A920}" = Microsoft Windows OneCare Live v2.5.2900.30 Idcrl Install
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{48820099-ED7D-424B-890C-9A82EF00656D}" = VAIO Update 3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E0B21EE-F414-412A-B916-19CBDEA5EF64}_is1" = Smart Diary Suite 4
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5660022E-F3F2-4126-8CC5-9726C47150EB}" = Microsoft Windows Live OneCare Resources v2.5.2900.30
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5C5EE8F2-0B38-4C13-AE4E-A87A237FE718}" =
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5F5867F0-2D23-4338-A206-01A76C823924}" = VAIO Power Management
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{6336C0CC-BA32-4949-9D3D-C86B76147CCA}" = Cricket Broadband Connect
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6513E869-647F-40FD-A55D-CFC92579B9BA}" = PX Engine
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{686695ED-BB3F-415D-B0DB-18CF535F7B50}" = Driver Manager
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6D12EC75-E7D3-4EAD-AB10-E1F3AFF94AA6}" = AVG 2012
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B21B9EF-6DBF-4F63-8CC7-9F6A56D1EE8E}" = GTOneCare
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8ECB8220-F419-4BEB-9596-97033C533702}" = QuickBooks Simple Start 2008
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROHYBRIDR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROHYBRIDR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{96334581-5554-3E5F-8BC9-924C3C3AC5BE}" = Google Talk Plugin
"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" =
"{9866E5F0-121F-E018-E2D1-2E1770847ABF}" = Adobe Download Assistant
"{9973498D-EA29-4A68-BE0B-C88D6E03E928}" = ArcSoft WebCam Companion 2
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B5F85CA-90D4-4AFC-BB37-32477FD0D2B9}" = SmartWi Connection Utility
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E4B37D6-D7F8-4067-B900-3F314C709916}" = Intel® PROSet/Wireless WiFi Software
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A127C3C0-055E-38CF-B38F-1E85F8BBBFFE}" = Adobe Community Help
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB77DFDE-9949-4AEF-B180-BE322C3E65D0}" = HTC Sync
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BCED773C-99EE-48DD-8915-25733F69F0A8}" = VAIO Wireless Wizard
"{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser
"{C292B622-B639-42F9-ADDE-CF9EB42B71C0}" = 3DCrafter
"{C34C7BE6-51B7-4DE5-A341-F4AA684EC594}" = ASPCA Tri Reminder by We-Care.com v4.0.13.5
"{C5DA59CF-2BB8-48D5-8E5B-17F2E0F0FEE4}" = System Requirements Lab for Intel
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C615B4A6-DDE8-4325-BCF8-E53E913D95E9}_is1" = AMR to MP3 Converter 1.4
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{C79312BD-3E76-4474-A10C-1435D1856A4B}" = Adobe Dreamweaver CS5
"{CA85ED96-9F52-4163-9249-2A0C1A111B32}" = VAIO OOBE and Welcome Center
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF6B515D-D99A-4B02-8C92-9EA255035A3D}" = Mobile PhoneTools
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D07A8E7E-D324-4945-BA8C-E532AD008FF3}" = Microsoft Windows OneCare Live v2.5.2900.30
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{D7BF3B76-EEF9-4868-9B2B-42ABF60B279A}" = Microsoft_VC80_CRT_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E26B83D1-C0BB-41BC-8F44-31D5354DD6AF}" = Microsoft Windows OneCare Live AntiSpyware and AntiVirus
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile Device Center Driver Update
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3B58D4E-7324-44E4-A6B3-65D2DB8D1FE9}" = Microsoft Protection Service
"{F402DFCC-74A8-4f97-BE5B-D839AA290420}_is1" = Aiseesoft MKV Converter 6.2.16
"{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" =
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.65
"AC3Filter" = AC3Filter (remove only)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AnvSoft Flash to Video Converter_is1" = AnvSoft Flash to Video Converter 1.2.2
"Athan" = Athan Basic 3.9
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"Audacity_is1" = Audacity 1.2.6
"AviSynth" = AviSynth 2.5
"BitTorrent" = BitTorrent
"Blender" = Blender
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"camcodec" = CamStudio Lossless Codec
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser
"CPUID HWMonitor_is1" = CPUID HWMonitor 1.15
"CSS3 Menu" = CSS3 Menu
"DivX Setup" = DivX Setup
"Expstudio Audio Editor FREE" = Expstudio Audio Editor FREE
"ExtractNow_is1" = ExtractNow
"FileZilla Client" = FileZilla Client 3.3.5.1
"Free 3GP Video Converter_is1" = Free 3GP Video Converter version 3.7.25.524
"Free FLV Converter_is1" = Free FLV Converter V 7.4.0
"Giraffic" = Veoh Giraffic Video Accelerator
"Google Chrome" = Google Chrome
"HDMI" = Intel® Graphics Media Accelerator Driver
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"iWisoft Flash SWF to Video Converter_is1" = iWisoft Flash SWF to Video Converter 3.4
"Magic Music Editor_is1" = Magic Music Editor v8.11.1.2219
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"MESOL" = Intel® Active Management Technology
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Picasa 3" = Picasa 3
"PROHYBRIDR" = 2007 Microsoft Office system
"ProInst" = Intel PROSet Wireless
"PROR" = Microsoft Office Professional 2007
"RealPlayer 12.0" = RealPlayer
"SAMSUNG CDMA Modem" = SAMSUNG CDMA Modem Driver Set
"Stories of The Prophets 1.5_is1" = Stories of The Prophets 1.5
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Veoh Web Player Beta" = Veoh Web Player
"Vista Buttons" = Vista Buttons
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WinSS" = Windows Live OneCare
"WinX DVD Ripper Platinum_is1" = WinX DVD Ripper Platinum 6.3.8
"Xilisoft SWF Converter 6" = Xilisoft SWF Converter 6
"Xvid Video Codec 1.3.1" = Xvid Video Codec
"Xvid_is1" = Xvid 1.1.3 final uninstall

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1340476193-1627373412-1124528107-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/28/2012 2:46:26 PM | Computer Name = AFSHEENKHAN-PC | Source = WinMgmt | ID = 10
Description =

Error - 9/5/2012 4:47:36 PM | Computer Name = AFSHEENKHAN-PC | Source = LMS | ID = 2
Description = LMS Service cannot connect to HECI driver

Error - 9/5/2012 4:47:37 PM | Computer Name = AFSHEENKHAN-PC | Source = LMS | ID = 2
Description = Failed to unregister for device notifications

Error - 9/5/2012 4:48:18 PM | Computer Name = AFSHEENKHAN-PC | Source = WinMgmt | ID = 10
Description =

Error - 9/5/2012 4:48:54 PM | Computer Name = AFSHEENKHAN-PC | Source = ESENT | ID = 455
Description = Catalog Database (1524) Catalog Database: Error -1811 occurred while
opening logfile C:\Windows\system32\CatRoot2\edb0016F.log.

Error - 9/5/2012 4:48:54 PM | Computer Name = AFSHEENKHAN-PC | Source = Microsoft-Windows-CAPI2 | ID = 131329
Description =

Error - 9/5/2012 5:08:17 PM | Computer Name = AFSHEENKHAN-PC | Source = LMS | ID = 2
Description = LMS Service cannot connect to HECI driver

Error - 9/5/2012 5:08:18 PM | Computer Name = AFSHEENKHAN-PC | Source = LMS | ID = 2
Description = Failed to unregister for device notifications

Error - 9/5/2012 5:09:35 PM | Computer Name = AFSHEENKHAN-PC | Source = WinMgmt | ID = 10
Description =

Error - 9/6/2012 11:39:40 AM | Computer Name = AFSHEENKHAN-PC | Source = LMS | ID = 2
Description = LMS Service cannot connect to HECI driver

Error - 9/6/2012 11:39:41 AM | Computer Name = AFSHEENKHAN-PC | Source = LMS | ID = 2
Description = Failed to unregister for device notifications

Error - 9/6/2012 11:40:18 AM | Computer Name = AFSHEENKHAN-PC | Source = WinMgmt | ID = 10
Description =

[ MSFWSVC Events ]
Error - 8/1/2012 11:37:07 PM | Computer Name = AFSHEENKHAN-PC | Source = MSFWSVC | ID = 1080
Description = OneCare Firewall failed while executing the following method: WSALookupServiceBegin.
Error Code: 0x80070057, Error Message: The parameter is incorrect. .

Error - 8/1/2012 11:37:08 PM | Computer Name = AFSHEENKHAN-PC | Source = MSFWSVC | ID = 1078
Description = OneCare Firewall was unable to enforce policies during startup. Component
Specific Message: An exception occurred in the storage component, Error Message:
Unknown Error, Error Code: 0x8E5EFDDA. Default policy is enforce

Error - 8/1/2012 11:37:08 PM | Computer Name = AFSHEENKHAN-PC | Source = MSFWSVC | ID = 1079
Description = OneCare Firewall failed on startup. Component Specific Message: ,
Error Message: The service startup threw a runtime exception. , Error Code: 0x8067021

Error - 8/1/2012 11:37:10 PM | Computer Name = AFSHEENKHAN-PC | Source = MSFWSVC | ID = 1080
Description = OneCare Firewall failed while executing the following method: WSALookupServiceBegin.
Error Code: 0x80070057, Error Message: The parameter is incorrect. .

Error - 8/1/2012 11:37:11 PM | Computer Name = AFSHEENKHAN-PC | Source = MSFWSVC | ID = 1078
Description = OneCare Firewall was unable to enforce policies during startup. Component
Specific Message: An exception occurred in the storage component, Error Message:
Unknown Error, Error Code: 0x8E5EFDDA. Default policy is enforce

Error - 8/1/2012 11:37:11 PM | Computer Name = AFSHEENKHAN-PC | Source = MSFWSVC | ID = 1079
Description = OneCare Firewall failed on startup. Component Specific Message: ,
Error Message: The service startup threw a runtime exception. , Error Code: 0x8067021

Error - 8/1/2012 11:37:12 PM | Computer Name = AFSHEENKHAN-PC | Source = MSFWSVC | ID = 1080
Description = OneCare Firewall failed while executing the following method: WSALookupServiceBegin.
Error Code: 0x80070057, Error Message: The parameter is incorrect. .

Error - 8/1/2012 11:37:13 PM | Computer Name = AFSHEENKHAN-PC | Source = MSFWSVC | ID = 1078
Description = OneCare Firewall was unable to enforce policies during startup. Component
Specific Message: An exception occurred in the storage component, Error Message:
Unknown Error, Error Code: 0x8E5EFDDA. Default policy is enforce

Error - 8/1/2012 11:37:13 PM | Computer Name = AFSHEENKHAN-PC | Source = MSFWSVC | ID = 1079
Description = OneCare Firewall failed on startup. Component Specific Message: ,
Error Message: The service startup threw a runtime exception. , Error Code: 0x8067021

Error - 8/1/2012 11:37:15 PM | Computer Name = AFSHEENKHAN-PC | Source = MSFWSVC | ID = 1080
Description = OneCare Firewall failed while executing the following method: WSALookupServiceBegin.
Error Code: 0x80070057, Error Message: The parameter is incorrect. .

[ System Events ]
Error - 9/6/2012 11:40:19 AM | Computer Name = AFSHEENKHAN-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 9/6/2012 11:40:19 AM | Computer Name = AFSHEENKHAN-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 9/6/2012 11:40:41 AM | Computer Name = AFSHEENKHAN-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume .

Error - 9/6/2012 11:41:28 AM | Computer Name = AFSHEENKHAN-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 9/6/2012 11:41:28 AM | Computer Name = AFSHEENKHAN-PC | Source = Service Control Manager | ID = 7003
Description =

Error - 9/6/2012 11:42:54 AM | Computer Name = AFSHEENKHAN-PC | Source = WMPNetworkSvc | ID = 866293
Description =

Error - 9/6/2012 12:00:42 PM | Computer Name = AFSHEENKHAN-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume .

Error - 9/6/2012 12:02:11 PM | Computer Name = AFSHEENKHAN-PC | Source = DCOM | ID = 10005
Description =

Error - 9/6/2012 12:02:11 PM | Computer Name = AFSHEENKHAN-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 9/6/2012 12:02:11 PM | Computer Name = AFSHEENKHAN-PC | Source = Service Control Manager | ID = 7000
Description =

[ Windows OneCare Events ]
Error - 8/20/2012 11:54:28 PM | Computer Name = AFSHEENKHAN-PC | Source = WinSS | ID = 7001
Description = Failed executing wireless security check process. Error Code = 0x80020005.

Error - 8/21/2012 4:01:18 AM | Computer Name = AFSHEENKHAN-PC | Source = WinSS | ID = 7001
Description = Failed executing wireless security check process. Error Code = 0x80020005.

Error - 8/22/2012 5:40:46 PM | Computer Name = AFSHEENKHAN-PC | Source = WinSS | ID = 7001
Description = Failed executing wireless security check process. Error Code = 0x80020005.

Error - 8/22/2012 8:36:31 PM | Computer Name = AFSHEENKHAN-PC | Source = WinSS | ID = 7001
Description = Failed executing wireless security check process. Error Code = 0x80020005.

Error - 8/23/2012 2:08:25 PM | Computer Name = AFSHEENKHAN-PC | Source = WinSS | ID = 7001
Description = Failed executing wireless security check process. Error Code = 0x80020005.

Error - 8/23/2012 5:19:09 PM | Computer Name = AFSHEENKHAN-PC | Source = WinSS | ID = 7001
Description = Failed executing wireless security check process. Error Code = 0x80020005.

Error - 8/23/2012 8:26:20 PM | Computer Name = AFSHEENKHAN-PC | Source = WinSS | ID = 7001
Description = Failed executing wireless security check process. Error Code = 0x80020005.

Error - 8/24/2012 1:53:09 PM | Computer Name = AFSHEENKHAN-PC | Source = WinSS | ID = 7001
Description = Failed executing wireless security check process. Error Code = 0x80020005.

Error - 8/26/2012 2:15:36 AM | Computer Name = AFSHEENKHAN-PC | Source = WinSS | ID = 7001
Description = Failed executing wireless security check process. Error Code = 0x80020005.

Error - 8/26/2012 2:31:55 PM | Computer Name = AFSHEENKHAN-PC | Source = WinSS | ID = 7001
Description = Failed executing wireless security check process. Error Code = 0x80020005.


< End of report >

Edited by Maya_k, 06 September 2012 - 10:16 AM.

  • 0

#120
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK that tells me that the system restore actually worked

We will need to do a few repairs to your registry once we have killed this bad boy

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image

    :OTL
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (no name) - {11111111-1111-1111-1111-110011501160} - No CLSID value found.
    O2 - BHO: (no name) - {21608B66-026F-4DCB-9244-0DACA328DCED} - No CLSID value found.
    O2 - BHO: (WeCareReminder Class) - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll (We-Care.com)
    O3 - HKU\S-1-5-21-1340476193-1627373412-1124528107-1003\..\Toolbar\WebBrowser: (no name) - {1921F97A-D9D4-418D-97CF-1F2CB1EE2CD6} - No CLSID value found.
    O3 - HKU\S-1-5-21-1340476193-1627373412-1124528107-1003\..\Toolbar\WebBrowser: (no name) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No CLSID value found.
    O3 - HKU\S-1-5-21-1340476193-1627373412-1124528107-1003\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O3 - HKU\S-1-5-21-1340476193-1627373412-1124528107-1003\..\Toolbar\WebBrowser: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No CLSID value found.
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O7 - HKU\S-1-5-21-1340476193-1627373412-1124528107-1003\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} Reg Error: Value error. (Microsoft Office Template and Media Control)
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} Reg Error: Value error. (Reg Error: Key error.)
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} Reg Error: Value error. (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
    O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} Reg Error: Value error. (SysInfo Class)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
    [2012/09/06 10:39:34 | 000,000,318 | -HS- | M] () -- C:\Windows\Tasks\Thnqb.job
    
    :Reg
    [HKEY_CLASSES_ROOT\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InprocServer32] 
    ""="%systemroot%\system32\wbem\wbemess.dll" 
    [-HKCU\Software\Classes\clsid\{12d0253a-7c96-815c-11e0-3034bbd97cc0}] 
    
    :Files
    C:\Windows\Installer\{8aae17e6-5e51-4061-d77f-f0b85161e693}
    ipconfig /flushdns /c
    netsh int ip reset c:\resetlog.txt  /c
    ipconfig /release /c
    ipconfig /renew /c
    
    :Commands
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

  • Download RogueKiller and save it on your desktop.
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan
Posted Image
  • Wait for the end of the scan.
  • The report has been created on the desktop.
  • Click on the Delete button.
Posted Image
  • The report has been created on the desktop.

  • Next click on the ShortcutsFix
    Posted Image
  • The report has been created on the desktop.

Please post: All RKreport.txt text files located on your desktop.

FINALLY

run farbar service scanner

Posted Image

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP