Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

all flash disk files converted to a single shortcut


  • Please log in to reply

#1
mahi65

mahi65

    Member

  • Member
  • PipPip
  • 11 posts
Dear experts,

a new infection has come to my lap top from an infected external flash disk which makes all files on every external flash disk connected to my lap top to a single shortcut linked to rundll32.exe files on c:\windows\system32, beside this shortcut there are some hidden files such as "Autorun.inf , thumbs.db , desktop.ini , ~$WO.FAT32 " and another drive icon without any name.the following is OTL log file, please help me, i don't know how to recover my files from flash disk because that infection did these works two times on my flash disk files.


////////////////////////////////////////////////////////////////////////////////////////////////////////

OTL logfile created on: 4/26/2013 2:36:36 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\mahnaz\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 0.58 Gb Available Physical Memory | 31.03% Memory free
3.98 Gb Paging File | 2.32 Gb Available in Paging File | 58.28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 244.68 Gb Total Space | 31.71 Gb Free Space | 12.96% Space Free | Partition Type: NTFS
Drive G: | 19.53 Gb Total Space | 2.92 Gb Free Space | 14.95% Space Free | Partition Type: NTFS
Drive H: | 21.48 Gb Total Space | 3.04 Gb Free Space | 14.17% Space Free | Partition Type: NTFS

Computer Name: MAHNAZ-PC | User Name: mahnaz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/04/22 18:11:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\mahnaz\Desktop\OTL.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/11/22 16:08:14 | 001,038,496 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
PRC - [2012/11/22 16:08:12 | 000,957,056 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update\VUAgent.exe
PRC - [2012/03/07 16:40:34 | 000,913,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2012/03/07 16:40:28 | 003,117,344 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2011/12/13 15:06:29 | 002,984,832 | ---- | M] (TeamViewer GmbH) -- C:\Users\mahnaz\temp\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2011/09/14 23:51:29 | 003,241,312 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IDMan.exe
PRC - [2010/07/05 00:21:26 | 000,017,408 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2010/05/25 18:58:58 | 000,263,600 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe
PRC - [2009/10/22 06:00:04 | 000,395,824 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnat.exe
PRC - [2009/10/22 05:59:58 | 000,113,200 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
PRC - [2009/10/22 05:59:48 | 000,334,384 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnetdhcp.exe
PRC - [2009/10/22 04:47:54 | 000,563,760 | ---- | M] (VMware, Inc.) -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2009/05/21 14:28:38 | 000,874,768 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2009/05/21 13:04:14 | 000,473,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2009/02/05 04:31:30 | 000,538,472 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Mode Switch\VMSwitch.exe
PRC - [2009/01/24 22:01:26 | 000,559,656 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2009/01/21 21:37:42 | 000,313,264 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2009/01/21 21:37:42 | 000,192,512 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2009/01/20 04:13:04 | 000,394,536 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
PRC - [2009/01/20 00:19:20 | 000,203,624 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2009/01/20 00:19:20 | 000,112,488 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2009/01/15 01:08:38 | 005,184,872 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
PRC - [2009/01/06 06:34:54 | 000,109,088 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe
PRC - [2008/12/22 11:00:32 | 000,274,432 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Network Utility\LANUtil.exe
PRC - [2008/12/22 09:25:06 | 000,303,104 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Network Utility\NSUService.exe
PRC - [2008/12/20 01:32:08 | 001,771,368 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
PRC - [2008/12/20 01:32:08 | 000,415,592 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe
PRC - [2008/12/18 22:23:50 | 000,317,288 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\ISB Utility\ISBMgr.exe
PRC - [2008/10/29 10:59:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/09/18 22:29:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
PRC - [2008/09/16 23:33:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
PRC - [2008/08/07 12:19:38 | 000,088,064 | ---- | M] () -- C:\Program Files\AlilG\AliNEGAR\TrayAliNEGAR.exe
PRC - [2008/01/21 06:53:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/01/15 05:43:00 | 000,063,176 | ---- | M] (CANON INC.) -- C:\Windows\System32\CNAC4RPK.EXE
PRC - [2007/01/05 07:18:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe


========== Modules (No Company Name) ==========

MOD - [2013/04/09 13:27:07 | 000,390,096 | ---- | M] () -- C:\Users\mahnaz\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppgooglenaclpluginchrome.dll
MOD - [2013/04/09 13:27:05 | 004,050,896 | ---- | M] () -- C:\Users\mahnaz\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll
MOD - [2013/04/09 13:26:13 | 001,606,096 | ---- | M] () -- C:\Users\mahnaz\AppData\Local\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll
MOD - [2012/09/17 00:22:46 | 009,465,032 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_271.dll
MOD - [2011/12/04 20:04:39 | 001,356,288 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\cac78a264e7ac9299057eb2416c86000\System.WorkflowServices.ni.dll
MOD - [2011/12/04 20:04:00 | 001,706,496 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\5046de252a0e714c78207b5dd01a89bd\System.ServiceModel.Web.ni.dll
MOD - [2011/12/04 19:56:31 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\bf3b757c821a36e6a9c7c1988b39a15d\System.IdentityModel.Selectors.ni.dll
MOD - [2011/12/04 19:56:29 | 001,070,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\3fb6b9b320c78fa02be3fa8ce26b7559\System.IdentityModel.ni.dll
MOD - [2011/12/04 19:56:25 | 002,345,472 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\0393b1448497e28ae9bbfed9be19bd3e\System.Runtime.Serialization.ni.dll
MOD - [2011/12/04 19:56:19 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\06bb41fe681650a017fa2c99e197edf0\SMDiagnostics.ni.dll
MOD - [2011/12/04 19:56:17 | 017,403,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\0dd1924dbe8ac43b923a28409d351619\System.ServiceModel.ni.dll
MOD - [2011/12/04 19:53:02 | 001,712,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\1be8df00c8573200093245985e75a660\Microsoft.VisualBasic.ni.dll
MOD - [2011/12/04 19:51:40 | 011,800,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0a1195c6b5fab213527364c9e8b26ef0\System.Web.ni.dll
MOD - [2011/12/04 19:51:20 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1ba19f8efcff8ad7f972aa38ab9a15f5\System.Runtime.Remoting.ni.dll
MOD - [2011/12/04 19:50:56 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\aa3e053d433c48e1e8c3f436b4de1ed3\System.Configuration.ni.dll
MOD - [2011/12/04 19:23:23 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll
MOD - [2011/12/04 19:22:15 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll
MOD - [2011/12/04 19:21:33 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll
MOD - [2011/12/04 19:15:30 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll
MOD - [2011/12/04 19:14:40 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2010/07/05 02:02:38 | 000,010,752 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerCOM.dll
MOD - [2010/07/05 02:02:36 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll
MOD - [2010/07/05 00:21:26 | 000,017,408 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
MOD - [2010/06/21 16:45:36 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Diagnostics.ServiceModelSink\3.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Diagnostics.ServiceModelSink.dll
MOD - [2009/04/08 02:24:30 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\SPMDam\3.1.0.6020__1b3c579b6925895f\SPMDam.dll
MOD - [2009/04/08 02:24:29 | 000,086,016 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\SPMCommon\3.1.0.6020__e3c7096ba83f9295\SPMCommon.dll
MOD - [2009/01/20 00:19:22 | 000,010,752 | ---- | M] () -- C:\Program Files\Sony\VAIO Event Service\VESBasePS.dll
MOD - [2008/08/07 12:19:38 | 000,088,064 | ---- | M] () -- C:\Program Files\AlilG\AliNEGAR\TrayAliNEGAR.exe
MOD - [2007/09/20 19:34:58 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2001/08/10 14:23:14 | 000,388,608 | ---- | M] () -- C:\Program Files\TEXTware\QUICKfind\PlugIns\IEHelp.dll


========== Services (SafeList) ==========

SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/11/22 16:08:12 | 000,957,056 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Update\VUAgent.exe -- (VUAgent)
SRV - [2012/09/17 00:22:47 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/09 22:55:48 | 000,279,552 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Serviio\bin\ServiioService.exe -- (Serviio)
SRV - [2012/03/07 16:40:34 | 000,913,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2011/12/13 15:06:29 | 002,984,832 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Users\mahnaz\temp\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/10/22 06:00:04 | 000,395,824 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnat.exe -- (VMware NAT Service)
SRV - [2009/10/22 05:59:58 | 000,113,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2009/10/22 05:59:48 | 000,334,384 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2009/10/22 04:47:54 | 000,563,760 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2009/10/12 15:32:24 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60)
SRV - [2009/05/21 14:28:38 | 000,874,768 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2009/05/21 13:04:14 | 000,473,360 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2009/05/02 15:40:35 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/01/24 22:01:26 | 000,559,656 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/01/21 21:37:44 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2009/01/21 21:37:42 | 000,313,264 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2009/01/21 21:37:42 | 000,192,512 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2009/01/20 23:26:06 | 000,120,104 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2009/01/20 23:22:18 | 000,091,432 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe -- (SOHPlMgr)
SRV - [2009/01/20 23:21:48 | 000,075,048 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2009/01/20 23:21:18 | 000,390,440 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)
SRV - [2009/01/20 23:20:48 | 000,070,952 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe -- (SOHDBSvr)
SRV - [2009/01/20 04:13:04 | 000,394,536 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2009/01/20 00:19:20 | 000,203,624 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2009/01/17 09:29:08 | 000,083,240 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper)
SRV - [2009/01/15 01:08:38 | 005,184,872 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2009/01/08 11:40:32 | 000,114,688 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2009/01/06 06:34:54 | 000,109,088 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe -- (RtkAudioService)
SRV - [2008/12/22 09:25:06 | 000,303,104 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\Network Utility\NSUService.exe -- (NSUService)
SRV - [2008/12/20 01:32:08 | 000,415,592 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV - [2008/09/18 22:29:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2008/09/16 23:33:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)
SRV - [2008/01/21 06:53:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/11/07 08:58:18 | 003,004,416 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90)
SRV - [2007/01/05 07:18:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/03/14 09:40:04 | 000,148,504 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfw.sys -- (epfw)
DRV - [2012/03/14 09:40:02 | 000,169,080 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm)
DRV - [2012/03/14 09:40:02 | 000,120,152 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2012/03/14 09:40:02 | 000,050,624 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\epfwwfp.sys -- (epfwwfp)
DRV - [2012/03/14 09:40:02 | 000,033,656 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\EpfwLWF.sys -- (EpfwLWF)
DRV - [2011/10/04 10:14:35 | 000,195,968 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2010/07/26 18:55:42 | 000,068,240 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\idmwfp.sys -- (IDMWFP)
DRV - [2010/07/05 00:21:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2010/04/10 13:59:52 | 000,016,000 | ---- | M] (Xilinx, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\xpc4drvr.sys -- (XilinxPC4Driver)
DRV - [2009/10/22 06:00:46 | 000,853,936 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmx86.sys -- (vmx86)
DRV - [2009/10/22 06:00:44 | 000,070,704 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmci.sys -- (vmci)
DRV - [2009/10/22 06:00:44 | 000,026,288 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV - [2009/10/22 06:00:44 | 000,023,216 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMkbd.sys -- (vmkbd)
DRV - [2009/10/22 04:47:52 | 000,032,304 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hcmon.sys -- (hcmon)
DRV - [2009/10/22 01:13:36 | 000,031,280 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmusb.sys -- (vmusb)
DRV - [2009/10/22 01:13:32 | 000,036,400 | R--- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV - [2009/10/22 01:13:32 | 000,016,560 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2009/10/12 15:31:52 | 000,022,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2009/09/01 22:19:26 | 000,019,584 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\aticir.sys -- (AtiIrRcvr)
DRV - [2009/09/01 22:17:44 | 001,080,832 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atinavrr.sys -- (ATIAVPCI)
DRV - [2009/05/28 22:41:28 | 004,233,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2008/11/25 11:11:52 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
DRV - [2008/11/19 04:38:46 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
DRV - [2008/10/23 04:32:23 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\risdptsk.sys -- (risdptsk)
DRV - [2008/10/23 04:32:02 | 000,068,608 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008/08/26 04:31:46 | 000,023,712 | ---- | M] (Sony Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\shpf.sys -- (shpf)
DRV - [2008/07/08 14:02:48 | 000,029,568 | ---- | M] (Spectrum Digital Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sdusb2em.sys -- (sdusb2em)
DRV - [2008/06/07 04:32:55 | 000,131,000 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2008/04/25 01:36:40 | 000,017,920 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV - [2008/01/25 06:44:25 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2008/01/21 06:53:26 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2007/09/04 16:53:34 | 000,055,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Team Tools\Performance Tools\VSPerfDrv90.sys -- (VSPerfDrv90)
DRV - [2007/07/07 09:11:58 | 000,026,120 | ---- | M] (Rainbow Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SNTNLUSB.SYS -- (Sntnlusb)
DRV - [2007/04/18 07:39:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2006/11/10 16:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
DRV - [2005/09/05 22:30:22 | 000,028,743 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2005/08/16 11:23:10 | 000,038,422 | ---- | M] (Generic) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\StMp3Rec.sys -- (StMp3Rec)
DRV - [2004/10/22 07:58:48 | 000,028,296 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\xds560.sys -- (XDS560)
DRV - [2004/10/22 07:57:40 | 000,006,112 | ---- | M] (Texas Instruments Incorporated) [Kernel | Auto | Running] -- C:\Windows\System32\xdsfast1.sys -- (xdsfast1)
DRV - [2004/10/22 07:57:40 | 000,003,968 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drpkiont.sys -- (drpkiont)
DRV - [2004/05/26 21:56:58 | 000,003,200 | ---- | M] (Altium Limited) [Kernel | Auto | Running] -- C:\Windows\System32\altio.sys -- (altio)
DRV - [2001/03/01 02:15:00 | 000,006,144 | ---- | M] (Erik Salaj) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ioport.sys -- (IOPort)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://vaio-online.sony.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchPage =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {F08555B0-9CC3-11D2-AA8E-000000000567} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...c=browsersearch
IE - HKCU\..\SearchScopes\{8E13C345-C393-4DC1-ABDF-503E89EADC4F}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:8580


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\mahnaz\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\mahnaz\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\mahnaz\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\mahnaz\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012/11/29 22:13:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\mahnaz\AppData\Roaming\IDM\idmmzcc3 [2011/09/15 21:26:21 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Users\mahnaz\AppData\Roaming\IDM\idmmzcc3 [2011/09/15 21:26:21 | 000,000,000 | ---D | M]

[2012/03/29 19:15:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mahnaz\AppData\Roaming\Mozilla\Extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\mahnaz\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\mahnaz\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\mahnaz\AppData\Local\Google\Chrome\Application\26.0.1410.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\mahnaz\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Babylon Chrome Plugin (Enabled) = C:\Users\mahnaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.4_0\BabylonChromePI.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\mahnaz\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\mahnaz\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Users\mahnaz\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\mahnaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\mahnaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Gmail = C:\Users\mahnaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2010/05/24 23:23:44 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (QUICKfind BHO Object) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Program Files\TEXTware\QUICKfind\PlugIns\IEHelp.dll ()
O2 - BHO: (Microsoft Web Test Recorder 9.0 Helper) - {E31CE47F-C268-41ba-897B-B415E613947D} - C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO90.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" File not found
O4 - HKLM..\Run: [TrayAliNEGAR] C:\Program Files\AlilG\AliNEGAR\TrayAliNEGAR.exe ()
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [VMSwitch] C:\Program Files\Sony\VAIO Mode Switch\VMSwitch.exe (Sony Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" File not found
O4 - HKCU..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKCU..\Run: [NSUFloatingUI] C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation)
O4 - HKCU..\Run: [Windows Time] rundll32.exe "C:\ProgramData\AyrotsucVuml.dll",EntryPoint File not found
O4 - Startup: C:\Users\mahnaz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2 ()
F3 - HKCU WinNT: Load - (c:\users\mahnaz\dxsuie.exe) - c:\Users\mahnaz\dxsuie.exe (O^f_i*)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Simorgh Client - {afaf756a-600b-48df-a1d1-0a173eb5ec26} - C:\Program Files\Nosa\Simorgh\HTTPClient\SimWinClt.exe (Iran Software & Hardware Co. (NOSA))
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitd...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://ereg.ut.ac.ir/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3216F67A-F1D5-4887-9CF3-41A1042B3CAC}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\textwareilluminatorbase {CE5CD329-1650-414A-8DB0-4CBF72FAED87} - C:\Windows\System32\textwareilluminatorbaseProtocol.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - File not found
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Users\mahnaz\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\mahnaz\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 02:13:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0f2d3b14-5f64-11e0-a4f7-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{0f2d3b14-5f64-11e0-a4f7-005056c00008}\Shell\AutoRun\command - "" = I:\autorun.exe
O33 - MountPoints2\{0fc96c87-dbe7-11de-8ffb-00214ff8b58b}\Shell - "" = AutoRun
O33 - MountPoints2\{0fc96c87-dbe7-11de-8ffb-00214ff8b58b}\Shell\AutoRun\command - "" = "H:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{0fc96cc4-dbe7-11de-8ffb-00214ff8b58b}\Shell - "" = AutoRun
O33 - MountPoints2\{0fc96cc4-dbe7-11de-8ffb-00214ff8b58b}\Shell\AutoRun\command - "" = H:\start.exe
O33 - MountPoints2\{7a0665d1-8fd6-11df-a9e6-00214ff8b58b}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL I:\nvda\nvda.exe
O33 - MountPoints2\{7a0665d1-8fd6-11df-a9e6-00214ff8b58b}\Shell\nvda\command - "" = I:\nvda\nvda.exe
O33 - MountPoints2\{8e93a18e-c0c4-11de-8705-001dbab85ad7}\Shell - "" = AutoRun
O33 - MountPoints2\{8e93a18e-c0c4-11de-8705-001dbab85ad7}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{d1fee2b8-dee1-11df-9dd4-001dbab85ad7}\Shell - "" = AutoRun
O33 - MountPoints2\{d1fee2b8-dee1-11df-9dd4-001dbab85ad7}\Shell\AutoRun\command - "" = "J:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{e54952cc-f6a7-11de-a595-00214ff8b58b}\Shell\AutoRun\command - "" = G:\anoataly.exe
O33 - MountPoints2\{e54952cc-f6a7-11de-a595-00214ff8b58b}\Shell\open\Command - "" = G:\anoataly.exe
O33 - MountPoints2\{f1f3f098-d438-11df-9ae6-00214ff8b58b}\Shell\AutoRun\command - "" = I:\DIJAMANTE\\veciti.exe
O33 - MountPoints2\{f1f3f098-d438-11df-9ae6-00214ff8b58b}\Shell\explore\command - "" = I:\DIJAMANTE\\\veciti.exe
O33 - MountPoints2\{f1f3f098-d438-11df-9ae6-00214ff8b58b}\Shell\open\command - "" = I:\DIJAMANTE\\\veciti.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/22 19:04:38 | 000,000,000 | --SD | C] -- C:\Users\mahnaz\Documents\My Data Sources
[2013/04/22 18:11:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\mahnaz\Desktop\OTL.exe
[2013/04/21 19:15:02 | 000,000,000 | ---D | C] -- C:\Users\mahnaz\AppData\Roaming\Malwarebytes
[2013/04/21 19:14:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/04/21 19:14:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/04/21 19:14:07 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/04/21 19:14:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/04/18 00:44:08 | 000,000,000 | ---D | C] -- C:\Users\mahnaz\Desktop\bbbb
[2013/04/18 00:31:49 | 000,000,000 | ---D | C] -- C:\Users\mahnaz\Desktop\USB flash drive contents replaced with a single shortcut _ The Captain's Log_files
[2013/04/18 00:31:28 | 002,738,264 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\mahnaz\Desktop\procexp.exe
[2013/04/17 23:59:58 | 000,000,000 | ---D | C] -- C:\Users\mahnaz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
[2013/04/17 23:59:58 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2013/04/14 23:12:46 | 000,000,000 | ---D | C] -- C:\Users\mahnaz\Desktop\ax13.92
[2013/04/01 16:04:55 | 000,000,000 | ---D | C] -- C:\Users\mahnaz\Desktop\mohamad
[2008/01/21 06:54:27 | 000,075,776 | -HS- | C] (B&i) -- C:\Users\mahnaz\dxgtukh.exe
[2008/01/21 06:54:27 | 000,074,752 | -HS- | C] (O^f_i*) -- C:\Users\mahnaz\dxsuie.exe
[5 C:\Users\mahnaz\Desktop\*.tmp files -> C:\Users\mahnaz\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/04/26 14:30:02 | 000,000,270 | ---- | M] () -- C:\Windows\tasks\Check Updates for Windows Live Toolbar.job
[2013/04/26 14:20:20 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/26 14:20:19 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/26 14:06:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3233104117-2109178606-3299732699-1003UA.job
[2013/04/26 14:00:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/04/26 12:19:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/26 12:19:51 | 2008,064,000 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/25 23:24:49 | 000,015,972 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013/04/25 19:12:54 | 000,001,053 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Canon LBP5000 Status Window.lnk
[2013/04/22 19:06:01 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3233104117-2109178606-3299732699-1003Core.job
[2013/04/22 18:11:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\mahnaz\Desktop\OTL.exe
[2013/04/22 17:58:30 | 000,692,900 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/04/22 17:58:30 | 000,138,400 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/04/21 19:14:14 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/17 09:49:28 | 000,144,366 | ---- | M] () -- C:\Users\mahnaz\Desktop\USB flash drive contents replaced with a single shortcut _ The Captain's Log.htm
[2013/04/12 00:10:37 | 000,002,088 | ---- | M] () -- C:\Users\mahnaz\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[5 C:\Users\mahnaz\Desktop\*.tmp files -> C:\Users\mahnaz\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/04/21 19:14:14 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/18 00:31:49 | 000,144,366 | ---- | C] () -- C:\Users\mahnaz\Desktop\USB flash drive contents replaced with a single shortcut _ The Captain's Log.htm
[2013/01/31 13:04:36 | 000,000,034 | ---- | C] () -- C:\Windows\cvavr.ini
[2012/12/29 11:07:44 | 000,000,600 | ---- | C] () -- C:\Users\mahnaz\AppData\Local\PUTTY.RND
[2012/11/10 11:45:38 | 000,053,248 | ---- | C] () -- C:\Windows\System32\HPPMLVS.dll
[2012/08/23 13:03:29 | 000,000,502 | ---- | C] () -- C:\Windows\System32\CNCMFP34.INI
[2012/08/13 14:22:31 | 000,000,063 | ---- | C] () -- C:\Windows\TEXTware.ini
[2012/08/13 14:22:04 | 000,321,024 | ---- | C] () -- C:\Windows\System32\textwareilluminatorbaseProtocol.dll
[2012/08/13 14:22:03 | 000,113,288 | ---- | C] () -- C:\Windows\System32\bass.dll
[2012/08/13 14:22:02 | 000,147,456 | ---- | C] () -- C:\Windows\System32\Twavbx32.dll
[2012/08/13 14:22:02 | 000,018,432 | ---- | C] () -- C:\Windows\System32\TWAIED02.DLL
[2012/08/13 14:21:59 | 000,143,360 | ---- | C] () -- C:\Windows\System32\ILXTBS.DLL
[2012/04/17 21:46:00 | 000,000,411 | ---- | C] () -- C:\Users\mahnaz\Documents - Shortcut (2).lnk
[2012/02/01 13:10:09 | 000,000,042 | ---- | C] () -- C:\Windows\Narcis.INI
[2012/01/07 12:18:34 | 000,000,600 | ---- | C] () -- C:\Users\mahnaz\AppData\Roaming\winscp.rnd
[2011/10/30 16:31:53 | 000,018,410 | ---- | C] () -- C:\Users\mahnaz\report.pdf
[2011/10/30 16:31:53 | 000,003,383 | ---- | C] () -- C:\Users\mahnaz\report.synctex.gz
[2011/10/30 16:29:47 | 000,000,544 | ---- | C] () -- C:\Users\mahnaz\report.dvi
[2011/10/30 16:29:47 | 000,000,009 | ---- | C] () -- C:\Users\mahnaz\report.aux
[2011/10/30 16:29:27 | 000,001,171 | ---- | C] () -- C:\Users\mahnaz\report.tex
[2011/10/27 19:07:15 | 000,044,413 | ---- | C] () -- C:\Users\mahnaz\my first.pdf
[2011/10/27 19:07:14 | 000,000,084 | ---- | C] () -- C:\Users\mahnaz\my first.aux
[2011/10/27 19:06:05 | 000,000,699 | ---- | C] () -- C:\Users\mahnaz\my first.tex
[2011/05/14 23:56:51 | 000,000,411 | ---- | C] () -- C:\Users\mahnaz\Documents - Shortcut.lnk
[2011/05/14 20:50:33 | 000,000,126 | ---- | C] () -- C:\Windows\mdm.ini
[2011/05/14 20:50:27 | 000,000,535 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011/05/13 11:04:31 | 000,006,550 | ---- | C] () -- C:\Windows\jautoexp.dat
[2011/05/11 23:27:51 | 000,001,191 | ---- | C] () -- C:\Users\mahnaz\.opgalaxy7.vr
[2011/02/07 20:22:38 | 000,000,268 | ---- | C] () -- C:\Users\mahnaz\quartus2.ini
[2011/02/07 20:03:21 | 000,000,016 | -H-- | C] () -- C:\Users\mahnaz\1RHvwKQmejt
[2010/11/13 13:52:01 | 000,000,600 | ---- | C] () -- C:\Users\mahnaz\PUTTY.RND
[2010/05/24 08:43:44 | 000,001,356 | ---- | C] () -- C:\Users\mahnaz\AppData\Local\d3d9caps.dat
[2010/03/01 21:01:08 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/01/23 19:56:04 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/11/04 14:28:10 | 000,029,128 | ---- | C] () -- C:\Users\mahnaz\AppData\Roaming\UserTile.png
[2009/10/24 22:21:39 | 000,000,112 | ---- | C] () -- C:\ProgramData\wrWin.ini
[2009/10/22 11:57:25 | 000,106,496 | ---- | C] () -- C:\Users\mahnaz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2002/01/01 01:22:31 | 024,605,022 | ---- | C] () -- C:\Users\mahnaz\iAUDIO - Who.Let.The.Whores.Out.XXX.DVDrip.XviD-NOGRP.[www.torrentfive.com]1.avi

========== ZeroAccess Check ==========

[2006/11/02 17:24:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011/01/21 20:16:32 | 011,582,464 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/03/03 09:06:24 | 000,615,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/01/21 06:54:03 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/08/12 22:45:33 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Acapela Group
[2012/04/21 20:34:51 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\AlilG
[2013/04/25 00:00:05 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Altium2004_SP4
[2010/05/29 20:11:36 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\BitDefender
[2012/08/13 14:22:48 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Cambridge
[2012/08/23 13:23:23 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Canon
[2009/12/04 01:10:33 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\COWON
[2011/09/10 23:01:16 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Digiarty
[2011/10/30 12:51:32 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\DMCache
[2012/11/19 22:10:40 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\ESET
[2011/09/14 21:49:07 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\GetRightToGo
[2011/05/30 23:05:56 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\HDI
[2011/01/21 02:46:36 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Helios
[2010/04/10 14:36:06 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\hte
[2012/09/05 13:05:34 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\IDM
[2012/07/06 22:53:29 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Import Audio from Video
[2009/12/04 15:47:05 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\InterVideo
[2012/07/11 14:40:12 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Mp3 Audio Editor
[2010/05/03 14:01:36 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\MuPAD
[2012/01/07 12:49:44 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\NetSarang
[2012/11/30 09:16:34 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Notepad++
[2011/07/19 23:34:49 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\ooVoo Details
[2009/11/04 14:28:10 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\PeerNetworking
[2012/03/01 15:34:12 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\PixelPlanet
[2012/11/28 00:53:46 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Samsung
[2010/10/11 22:57:01 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\SystemRequirementsLab
[2012/02/21 18:55:33 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\TeamViewer
[2010/03/14 23:16:49 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Uniblue
[2012/11/30 23:01:43 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\uTorrent
[2012/09/23 23:26:33 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Xilinx
[2011/12/07 17:17:28 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Xilisoft Corporation
[2011/10/27 19:20:20 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\xm1
[2013/03/18 23:05:48 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\{9824CBCB-329D-487F-97B1-B09FEA68CA6C}
[2013/03/18 23:05:27 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\{AF7B0CE6-0629-4425-9E54-98864D50FAB1}

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2013/01/26 22:41:41 | 000,023,798 | ---- | C] ()(C:\Users\mahnaz\Desktop\????????.docx) -- C:\Users\mahnaz\Desktop\پرسشنامه.docx
[2012/08/12 22:10:08 | 000,023,798 | ---- | M] ()(C:\Users\mahnaz\Desktop\????????.docx) -- C:\Users\mahnaz\Desktop\پرسشنامه.docx

========== Alternate Data Streams ==========

@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:010ADD2C

< End of report >

Edited by mahi65, 26 April 2013 - 04:26 AM.

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
Not sure we can do much about the files on your drives but let's remove the malware and then see what we have.

Copy the text in the code box by highlighting and Ctrl + c

:OTL
DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys)
IE - HKCU\..\URLSearchHook: {F08555B0-9CC3-11D2-AA8E-000000000567} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...c=browsersearch
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:8580
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (QUICKfind BHO Object) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\Program Files\TEXTware\QUICKfind\PlugIns\IEHelp.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - No CLSID value found.
O4 - HKLM..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" File not found
O4 - HKLM..\Run: [TrayAliNEGAR] C:\Program Files\AlilG\AliNEGAR\TrayAliNEGAR.exe ()
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" File not found
O4 - HKCU..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKCU..\Run: [Windows Time] rundll32.exe "C:\ProgramData\AyrotsucVuml.dll",EntryPoint File not found
O4 - Startup: C:\Users\mahnaz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2 ()
F3 - HKCU WinNT: Load - (c:\users\mahnaz\dxsuie.exe) - c:\Users\mahnaz\dxsuie.exe (O^f_i*)
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O33 - MountPoints2\{0f2d3b14-5f64-11e0-a4f7-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{0f2d3b14-5f64-11e0-a4f7-005056c00008}\Shell\AutoRun\command - "" = I:\autorun.exe
O33 - MountPoints2\{7a0665d1-8fd6-11df-a9e6-00214ff8b58b}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL I:\nvda\nvda.exe
O33 - MountPoints2\{7a0665d1-8fd6-11df-a9e6-00214ff8b58b}\Shell\nvda\command - "" = I:\nvda\nvda.exe
O33 - MountPoints2\{d1fee2b8-dee1-11df-9dd4-001dbab85ad7}\Shell - "" = AutoRun
O33 - MountPoints2\{e54952cc-f6a7-11de-a595-00214ff8b58b}\Shell\AutoRun\command - "" = G:\anoataly.exe
O33 - MountPoints2\{e54952cc-f6a7-11de-a595-00214ff8b58b}\Shell\open\Command - "" = G:\anoataly.exe
O33 - MountPoints2\{f1f3f098-d438-11df-9ae6-00214ff8b58b}\Shell\AutoRun\command - "" = I:\DIJAMANTE\\veciti.exe
O33 - MountPoints2\{f1f3f098-d438-11df-9ae6-00214ff8b58b}\Shell\explore\command - "" = I:\DIJAMANTE\\\veciti.exe
O33 - MountPoints2\{f1f3f098-d438-11df-9ae6-00214ff8b58b}\Shell\open\command - "" = I:\DIJAMANTE\\\veciti.exe
[2008/01/21 06:54:27 | 000,075,776 | -HS- | C] (B&i) -- C:\Users\mahnaz\dxgtukh.exe
[2008/01/21 06:54:27 | 000,074,752 | -HS- | C] (O^f_i*) -- C:\Users\mahnaz\dxsuie.exe
[2011/02/07 20:03:21 | 000,000,016 | -H-- | C] () -- C:\Users\mahnaz\1RHvwKQmejt

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C

:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]


then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply.
It appears that Old Timer is now hiding the log in c:\_OTL\MovedFiles\04262013-some number.log so look there if you don't see it.



Download aswMBR.exe to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply

ComboFix

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Rightclick on ComboFix and select Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.


Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it by right clicking and Run As Admin.


If TDSSKiller alerts you that the system needs to reboot, please consent.

Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.



Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', make sure you check for updates. :!:
http://www.malwareby...lwarebytes_free

SAVE Malwarebytes' Anti-Malware to your desktop.

* Right-click mbam-setup.exe and select Run As Administrator to start the program.
* follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.


Download the adwCleaner

  • Run the Tool
    Windows Vista and Windows 7 users:
    Right click in the adwCleaner.exe and select the option
    Posted Image
  • Select the Delete button.
  • When the scan completes, it will open a notepad windows.
  • Please, copy the content of this file in your next reply.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc  /scannow



(Does this complain that it could not fix all of your files?)


Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application. VEW will overwrite the log at C:\vew.txt each time it runs so either post your System results before running VEW for Applications or copy the file c:\vew.txt to a new location.


Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemdrive%\$Recycle.Bin|@;true;true;true /fp
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.



Download, Save and Run (win 7 or Vista => Right click and Run as Admin.) farbar service scanner

Posted Image

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

Ron
  • 0

#3
mahi65

mahi65

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Dear RKinner, thanks for your suggestions, here are the reports you ordered:

OTL:

OTL logfile created on: 4/27/2013 8:09:32 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\mahnaz\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 0.90 Gb Available Physical Memory | 48.11% Memory free
3.98 Gb Paging File | 2.83 Gb Available in Paging File | 71.08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 244.68 Gb Total Space | 32.56 Gb Free Space | 13.31% Space Free | Partition Type: NTFS
Drive G: | 19.53 Gb Total Space | 2.92 Gb Free Space | 14.95% Space Free | Partition Type: NTFS
Drive H: | 21.48 Gb Total Space | 3.04 Gb Free Space | 14.17% Space Free | Partition Type: NTFS

Computer Name: MAHNAZ-PC | User Name: mahnaz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/04/26 16:07:37 | 000,192,000 | -HS- | M] () -- C:\Users\mahnaz\AppData\Local\Temp\1352570291.exe
PRC - [2013/04/22 18:11:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\mahnaz\Desktop\OTL.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/03/07 16:40:34 | 000,913,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2012/03/07 16:40:28 | 003,117,344 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2011/12/13 15:06:29 | 002,984,832 | ---- | M] (TeamViewer GmbH) -- C:\Users\mahnaz\temp\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2010/07/05 00:21:26 | 000,017,408 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2009/10/22 06:00:04 | 000,395,824 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnat.exe
PRC - [2009/10/22 05:59:58 | 000,113,200 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
PRC - [2009/10/22 05:59:48 | 000,334,384 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnetdhcp.exe
PRC - [2009/10/22 04:47:54 | 000,563,760 | ---- | M] (VMware, Inc.) -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2009/05/21 14:28:38 | 000,874,768 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2009/05/21 13:04:14 | 000,473,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2009/02/05 04:31:30 | 000,538,472 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Mode Switch\VMSwitch.exe
PRC - [2009/01/24 22:01:26 | 000,559,656 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2009/01/21 21:37:42 | 000,313,264 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2009/01/21 21:37:42 | 000,192,512 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2009/01/20 04:13:04 | 000,394,536 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
PRC - [2009/01/20 00:19:20 | 000,203,624 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2009/01/20 00:19:20 | 000,112,488 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2009/01/15 01:08:38 | 005,184,872 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
PRC - [2009/01/06 06:34:54 | 000,109,088 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe
PRC - [2008/12/22 11:00:32 | 000,274,432 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Network Utility\LANUtil.exe
PRC - [2008/12/22 09:25:06 | 000,303,104 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Network Utility\NSUService.exe
PRC - [2008/12/20 01:32:08 | 001,771,368 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
PRC - [2008/12/20 01:32:08 | 000,415,592 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe
PRC - [2008/12/18 22:23:50 | 000,317,288 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\ISB Utility\ISBMgr.exe
PRC - [2008/10/29 10:59:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/09/18 22:29:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
PRC - [2008/09/16 23:33:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
PRC - [2008/01/21 06:53:53 | 001,143,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wercon.exe
PRC - [2008/01/21 06:53:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/01/15 05:43:00 | 000,063,176 | ---- | M] (CANON INC.) -- C:\Windows\System32\CNAC4RPK.EXE
PRC - [2007/01/05 07:18:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe


========== Modules (No Company Name) ==========

MOD - [2013/04/26 16:07:37 | 000,192,000 | -HS- | M] () -- C:\Users\mahnaz\AppData\Local\Temp\1352570291.exe
MOD - [2011/12/04 20:04:39 | 001,356,288 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\cac78a264e7ac9299057eb2416c86000\System.WorkflowServices.ni.dll
MOD - [2011/12/04 20:04:00 | 001,706,496 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\5046de252a0e714c78207b5dd01a89bd\System.ServiceModel.Web.ni.dll
MOD - [2011/12/04 19:56:31 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\bf3b757c821a36e6a9c7c1988b39a15d\System.IdentityModel.Selectors.ni.dll
MOD - [2011/12/04 19:56:29 | 001,070,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\3fb6b9b320c78fa02be3fa8ce26b7559\System.IdentityModel.ni.dll
MOD - [2011/12/04 19:56:25 | 002,345,472 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\0393b1448497e28ae9bbfed9be19bd3e\System.Runtime.Serialization.ni.dll
MOD - [2011/12/04 19:56:19 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\06bb41fe681650a017fa2c99e197edf0\SMDiagnostics.ni.dll
MOD - [2011/12/04 19:56:17 | 017,403,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\0dd1924dbe8ac43b923a28409d351619\System.ServiceModel.ni.dll
MOD - [2011/12/04 19:51:40 | 011,800,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0a1195c6b5fab213527364c9e8b26ef0\System.Web.ni.dll
MOD - [2011/12/04 19:50:56 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\aa3e053d433c48e1e8c3f436b4de1ed3\System.Configuration.ni.dll
MOD - [2011/12/04 19:23:23 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll
MOD - [2011/12/04 19:22:15 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll
MOD - [2011/12/04 19:21:33 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll
MOD - [2011/12/04 19:15:30 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll
MOD - [2011/12/04 19:14:40 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2010/07/05 02:02:38 | 000,010,752 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerCOM.dll
MOD - [2010/07/05 02:02:36 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll
MOD - [2010/07/05 00:21:26 | 000,017,408 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
MOD - [2010/06/21 16:45:36 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Diagnostics.ServiceModelSink\3.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Diagnostics.ServiceModelSink.dll
MOD - [2009/04/08 02:24:30 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\SPMDam\3.1.0.6020__1b3c579b6925895f\SPMDam.dll
MOD - [2009/04/08 02:24:29 | 000,086,016 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\SPMCommon\3.1.0.6020__e3c7096ba83f9295\SPMCommon.dll
MOD - [2009/01/20 00:19:22 | 000,010,752 | ---- | M] () -- C:\Program Files\Sony\VAIO Event Service\VESBasePS.dll
MOD - [2007/09/20 19:34:58 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Services (SafeList) ==========

SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/11/22 16:08:12 | 000,957,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Update\VUAgent.exe -- (VUAgent)
SRV - [2012/09/17 00:22:47 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/09 22:55:48 | 000,279,552 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Serviio\bin\ServiioService.exe -- (Serviio)
SRV - [2012/03/07 16:40:34 | 000,913,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2011/12/13 15:06:29 | 002,984,832 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Users\mahnaz\temp\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/10/22 06:00:04 | 000,395,824 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnat.exe -- (VMware NAT Service)
SRV - [2009/10/22 05:59:58 | 000,113,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2009/10/22 05:59:48 | 000,334,384 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2009/10/22 04:47:54 | 000,563,760 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2009/10/12 15:32:24 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60)
SRV - [2009/05/21 14:28:38 | 000,874,768 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2009/05/21 13:04:14 | 000,473,360 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2009/05/02 15:40:35 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/01/24 22:01:26 | 000,559,656 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/01/21 21:37:44 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2009/01/21 21:37:42 | 000,313,264 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2009/01/21 21:37:42 | 000,192,512 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2009/01/20 23:26:06 | 000,120,104 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2009/01/20 23:22:18 | 000,091,432 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe -- (SOHPlMgr)
SRV - [2009/01/20 23:21:48 | 000,075,048 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2009/01/20 23:21:18 | 000,390,440 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)
SRV - [2009/01/20 23:20:48 | 000,070,952 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe -- (SOHDBSvr)
SRV - [2009/01/20 04:13:04 | 000,394,536 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2009/01/20 00:19:20 | 000,203,624 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2009/01/17 09:29:08 | 000,083,240 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper)
SRV - [2009/01/15 01:08:38 | 005,184,872 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2009/01/08 11:40:32 | 000,114,688 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2009/01/06 06:34:54 | 000,109,088 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe -- (RtkAudioService)
SRV - [2008/12/22 09:25:06 | 000,303,104 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\Network Utility\NSUService.exe -- (NSUService)
SRV - [2008/12/20 01:32:08 | 000,415,592 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV - [2008/09/18 22:29:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2008/09/16 23:33:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)
SRV - [2008/01/21 06:53:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/11/07 08:58:18 | 003,004,416 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90)
SRV - [2007/01/05 07:18:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/03/14 09:40:04 | 000,148,504 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfw.sys -- (epfw)
DRV - [2012/03/14 09:40:02 | 000,169,080 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm)
DRV - [2012/03/14 09:40:02 | 000,120,152 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2012/03/14 09:40:02 | 000,050,624 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\epfwwfp.sys -- (epfwwfp)
DRV - [2012/03/14 09:40:02 | 000,033,656 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\EpfwLWF.sys -- (EpfwLWF)
DRV - [2011/10/04 10:14:35 | 000,195,968 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2010/07/26 18:55:42 | 000,068,240 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\idmwfp.sys -- (IDMWFP)
DRV - [2010/07/05 00:21:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2010/04/10 13:59:52 | 000,016,000 | ---- | M] (Xilinx, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\xpc4drvr.sys -- (XilinxPC4Driver)
DRV - [2009/10/22 06:00:46 | 000,853,936 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmx86.sys -- (vmx86)
DRV - [2009/10/22 06:00:44 | 000,070,704 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmci.sys -- (vmci)
DRV - [2009/10/22 06:00:44 | 000,026,288 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV - [2009/10/22 06:00:44 | 000,023,216 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMkbd.sys -- (vmkbd)
DRV - [2009/10/22 04:47:52 | 000,032,304 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hcmon.sys -- (hcmon)
DRV - [2009/10/22 01:13:36 | 000,031,280 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmusb.sys -- (vmusb)
DRV - [2009/10/22 01:13:32 | 000,036,400 | R--- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV - [2009/10/22 01:13:32 | 000,016,560 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2009/10/12 15:31:52 | 000,022,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2009/09/01 22:19:26 | 000,019,584 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\aticir.sys -- (AtiIrRcvr)
DRV - [2009/09/01 22:17:44 | 001,080,832 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atinavrr.sys -- (ATIAVPCI)
DRV - [2009/05/28 22:41:28 | 004,233,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2008/11/25 11:11:52 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
DRV - [2008/11/19 04:38:46 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
DRV - [2008/10/23 04:32:23 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\risdptsk.sys -- (risdptsk)
DRV - [2008/10/23 04:32:02 | 000,068,608 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008/08/26 04:31:46 | 000,023,712 | ---- | M] (Sony Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\shpf.sys -- (shpf)
DRV - [2008/07/08 14:02:48 | 000,029,568 | ---- | M] (Spectrum Digital Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sdusb2em.sys -- (sdusb2em)
DRV - [2008/06/07 04:32:55 | 000,131,000 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2008/04/25 01:36:40 | 000,017,920 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV - [2008/01/25 06:44:25 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2008/01/21 06:53:26 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2007/09/04 16:53:34 | 000,055,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Team Tools\Performance Tools\VSPerfDrv90.sys -- (VSPerfDrv90)
DRV - [2007/07/07 09:11:58 | 000,026,120 | ---- | M] (Rainbow Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SNTNLUSB.SYS -- (Sntnlusb)
DRV - [2007/04/18 07:39:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2006/11/10 16:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
DRV - [2005/09/05 22:30:22 | 000,028,743 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2005/08/16 11:23:10 | 000,038,422 | ---- | M] (Generic) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\StMp3Rec.sys -- (StMp3Rec)
DRV - [2004/10/22 07:58:48 | 000,028,296 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\xds560.sys -- (XDS560)
DRV - [2004/10/22 07:57:40 | 000,006,112 | ---- | M] (Texas Instruments Incorporated) [Kernel | Auto | Running] -- C:\Windows\System32\xdsfast1.sys -- (xdsfast1)
DRV - [2004/10/22 07:57:40 | 000,003,968 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drpkiont.sys -- (drpkiont)
DRV - [2004/05/26 21:56:58 | 000,003,200 | ---- | M] (Altium Limited) [Kernel | Auto | Running] -- C:\Windows\System32\altio.sys -- (altio)
DRV - [2001/03/01 02:15:00 | 000,006,144 | ---- | M] (Erik Salaj) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ioport.sys -- (IOPort)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://vaio-online.sony.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchPage =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKCU\..\SearchScopes\{8E13C345-C393-4DC1-ABDF-503E89EADC4F}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\mahnaz\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\mahnaz\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\mahnaz\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\mahnaz\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012/11/29 22:13:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\mahnaz\AppData\Roaming\IDM\idmmzcc3 [2011/09/15 21:26:21 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Users\mahnaz\AppData\Roaming\IDM\idmmzcc3 [2011/09/15 21:26:21 | 000,000,000 | ---D | M]

[2012/03/29 19:15:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mahnaz\AppData\Roaming\Mozilla\Extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\mahnaz\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\mahnaz\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\mahnaz\AppData\Local\Google\Chrome\Application\26.0.1410.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\mahnaz\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Babylon Chrome Plugin (Enabled) = C:\Users\mahnaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.4_0\BabylonChromePI.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\mahnaz\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\mahnaz\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Users\mahnaz\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\mahnaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\mahnaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Gmail = C:\Users\mahnaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2010/05/24 23:23:44 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (Microsoft Web Test Recorder 9.0 Helper) - {E31CE47F-C268-41ba-897B-B415E613947D} - C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO90.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [VMSwitch] C:\Program Files\Sony\VAIO Mode Switch\VMSwitch.exe (Sony Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MSNetDDNowiz] C:\Users\mahnaz\AppData\Local\Temp\1352570291.exe ()
O4 - HKCU..\Run: [NSUFloatingUI] C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Simorgh Client - {afaf756a-600b-48df-a1d1-0a173eb5ec26} - C:\Program Files\Nosa\Simorgh\HTTPClient\SimWinClt.exe (Iran Software & Hardware Co. (NOSA))
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitd...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://ereg.ut.ac.ir/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3216F67A-F1D5-4887-9CF3-41A1042B3CAC}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\textwareilluminatorbase {CE5CD329-1650-414A-8DB0-4CBF72FAED87} - C:\Windows\System32\textwareilluminatorbaseProtocol.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - File not found
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Users\mahnaz\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\mahnaz\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 02:13:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0fc96c87-dbe7-11de-8ffb-00214ff8b58b}\Shell - "" = AutoRun
O33 - MountPoints2\{0fc96c87-dbe7-11de-8ffb-00214ff8b58b}\Shell\AutoRun\command - "" = "H:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{0fc96cc4-dbe7-11de-8ffb-00214ff8b58b}\Shell - "" = AutoRun
O33 - MountPoints2\{0fc96cc4-dbe7-11de-8ffb-00214ff8b58b}\Shell\AutoRun\command - "" = H:\start.exe
O33 - MountPoints2\{8e93a18e-c0c4-11de-8705-001dbab85ad7}\Shell - "" = AutoRun
O33 - MountPoints2\{8e93a18e-c0c4-11de-8705-001dbab85ad7}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/27 19:33:41 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/04/22 19:04:38 | 000,000,000 | --SD | C] -- C:\Users\mahnaz\Documents\My Data Sources
[2013/04/22 18:11:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\mahnaz\Desktop\OTL.exe
[2013/04/21 19:15:02 | 000,000,000 | ---D | C] -- C:\Users\mahnaz\AppData\Roaming\Malwarebytes
[2013/04/21 19:14:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/04/21 19:14:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/04/21 19:14:07 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/04/21 19:14:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/04/18 00:44:08 | 000,000,000 | ---D | C] -- C:\Users\mahnaz\Desktop\bbbb
[2013/04/18 00:31:49 | 000,000,000 | ---D | C] -- C:\Users\mahnaz\Desktop\USB flash drive contents replaced with a single shortcut _ The Captain's Log_files
[2013/04/18 00:31:28 | 002,738,264 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\mahnaz\Desktop\procexp.exe
[2013/04/17 23:59:58 | 000,000,000 | ---D | C] -- C:\Users\mahnaz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
[2013/04/17 23:59:58 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2013/04/14 23:12:46 | 000,000,000 | ---D | C] -- C:\Users\mahnaz\Desktop\ax13.92
[2013/04/01 16:04:55 | 000,000,000 | ---D | C] -- C:\Users\mahnaz\Desktop\mohamad
[5 C:\Users\mahnaz\Desktop\*.tmp files -> C:\Users\mahnaz\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/04/27 20:06:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3233104117-2109178606-3299732699-1003UA.job
[2013/04/27 20:00:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/04/27 19:52:57 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/27 19:52:57 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/27 19:52:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/27 19:52:51 | 2008,064,000 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/27 19:51:59 | 000,015,972 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013/04/27 19:34:40 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\mahnaz\Desktop\aswMBR.exe
[2013/04/27 19:30:13 | 000,000,270 | ---- | M] () -- C:\Windows\tasks\Check Updates for Windows Live Toolbar.job
[2013/04/25 19:12:54 | 000,001,053 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Canon LBP5000 Status Window.lnk
[2013/04/22 19:06:01 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3233104117-2109178606-3299732699-1003Core.job
[2013/04/22 18:11:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\mahnaz\Desktop\OTL.exe
[2013/04/22 17:58:30 | 000,692,900 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/04/22 17:58:30 | 000,138,400 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/04/21 19:14:14 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/17 09:49:28 | 000,144,366 | ---- | M] () -- C:\Users\mahnaz\Desktop\USB flash drive contents replaced with a single shortcut _ The Captain's Log.htm
[2013/04/12 00:10:37 | 000,002,088 | ---- | M] () -- C:\Users\mahnaz\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[5 C:\Users\mahnaz\Desktop\*.tmp files -> C:\Users\mahnaz\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/04/21 19:14:14 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/18 00:31:49 | 000,144,366 | ---- | C] () -- C:\Users\mahnaz\Desktop\USB flash drive contents replaced with a single shortcut _ The Captain's Log.htm
[2013/01/31 13:04:36 | 000,000,034 | ---- | C] () -- C:\Windows\cvavr.ini
[2012/12/29 11:07:44 | 000,000,600 | ---- | C] () -- C:\Users\mahnaz\AppData\Local\PUTTY.RND
[2012/11/10 11:45:38 | 000,053,248 | ---- | C] () -- C:\Windows\System32\HPPMLVS.dll
[2012/08/23 13:03:29 | 000,000,502 | ---- | C] () -- C:\Windows\System32\CNCMFP34.INI
[2012/08/13 14:22:31 | 000,000,063 | ---- | C] () -- C:\Windows\TEXTware.ini
[2012/08/13 14:22:04 | 000,321,024 | ---- | C] () -- C:\Windows\System32\textwareilluminatorbaseProtocol.dll
[2012/08/13 14:22:03 | 000,113,288 | ---- | C] () -- C:\Windows\System32\bass.dll
[2012/08/13 14:22:02 | 000,147,456 | ---- | C] () -- C:\Windows\System32\Twavbx32.dll
[2012/08/13 14:22:02 | 000,018,432 | ---- | C] () -- C:\Windows\System32\TWAIED02.DLL
[2012/08/13 14:21:59 | 000,143,360 | ---- | C] () -- C:\Windows\System32\ILXTBS.DLL
[2012/04/17 21:46:00 | 000,000,411 | ---- | C] () -- C:\Users\mahnaz\Documents - Shortcut (2).lnk
[2012/02/01 13:10:09 | 000,000,042 | ---- | C] () -- C:\Windows\Narcis.INI
[2012/01/07 12:18:34 | 000,000,600 | ---- | C] () -- C:\Users\mahnaz\AppData\Roaming\winscp.rnd
[2011/10/30 16:31:53 | 000,018,410 | ---- | C] () -- C:\Users\mahnaz\report.pdf
[2011/10/30 16:31:53 | 000,003,383 | ---- | C] () -- C:\Users\mahnaz\report.synctex.gz
[2011/10/30 16:29:47 | 000,000,544 | ---- | C] () -- C:\Users\mahnaz\report.dvi
[2011/10/30 16:29:47 | 000,000,009 | ---- | C] () -- C:\Users\mahnaz\report.aux
[2011/10/30 16:29:27 | 000,001,171 | ---- | C] () -- C:\Users\mahnaz\report.tex
[2011/10/27 19:07:15 | 000,044,413 | ---- | C] () -- C:\Users\mahnaz\my first.pdf
[2011/10/27 19:07:14 | 000,000,084 | ---- | C] () -- C:\Users\mahnaz\my first.aux
[2011/10/27 19:06:05 | 000,000,699 | ---- | C] () -- C:\Users\mahnaz\my first.tex
[2011/05/14 23:56:51 | 000,000,411 | ---- | C] () -- C:\Users\mahnaz\Documents - Shortcut.lnk
[2011/05/14 20:50:33 | 000,000,126 | ---- | C] () -- C:\Windows\mdm.ini
[2011/05/14 20:50:27 | 000,000,535 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011/05/13 11:04:31 | 000,006,550 | ---- | C] () -- C:\Windows\jautoexp.dat
[2011/05/11 23:27:51 | 000,001,191 | ---- | C] () -- C:\Users\mahnaz\.opgalaxy7.vr
[2011/02/07 20:22:38 | 000,000,268 | ---- | C] () -- C:\Users\mahnaz\quartus2.ini
[2010/11/13 13:52:01 | 000,000,600 | ---- | C] () -- C:\Users\mahnaz\PUTTY.RND
[2010/05/24 08:43:44 | 000,001,356 | ---- | C] () -- C:\Users\mahnaz\AppData\Local\d3d9caps.dat
[2010/03/01 21:01:08 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/01/23 19:56:04 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/11/04 14:28:10 | 000,029,128 | ---- | C] () -- C:\Users\mahnaz\AppData\Roaming\UserTile.png
[2009/10/24 22:21:39 | 000,000,112 | ---- | C] () -- C:\ProgramData\wrWin.ini
[2009/10/22 11:57:25 | 000,106,496 | ---- | C] () -- C:\Users\mahnaz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2002/01/01 01:22:31 | 024,605,022 | ---- | C] () -- C:\Users\mahnaz\iAUDIO - Who.Let.The.Whores.Out.XXX.DVDrip.XviD-NOGRP.[www.torrentfive.com]1.avi

========== ZeroAccess Check ==========

[2006/11/02 17:24:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011/01/21 20:16:32 | 011,582,464 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/03/03 09:06:24 | 000,615,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/01/21 06:54:03 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/08/12 22:45:33 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Acapela Group
[2012/04/21 20:34:51 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\AlilG
[2013/04/25 00:00:05 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Altium2004_SP4
[2010/05/29 20:11:36 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\BitDefender
[2012/08/13 14:22:48 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Cambridge
[2012/08/23 13:23:23 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Canon
[2009/12/04 01:10:33 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\COWON
[2011/09/10 23:01:16 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Digiarty
[2011/10/30 12:51:32 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\DMCache
[2012/11/19 22:10:40 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\ESET
[2011/09/14 21:49:07 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\GetRightToGo
[2011/05/30 23:05:56 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\HDI
[2011/01/21 02:46:36 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Helios
[2010/04/10 14:36:06 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\hte
[2012/09/05 13:05:34 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\IDM
[2012/07/06 22:53:29 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Import Audio from Video
[2009/12/04 15:47:05 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\InterVideo
[2012/07/11 14:40:12 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Mp3 Audio Editor
[2010/05/03 14:01:36 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\MuPAD
[2012/01/07 12:49:44 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\NetSarang
[2012/11/30 09:16:34 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Notepad++
[2011/07/19 23:34:49 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\ooVoo Details
[2009/11/04 14:28:10 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\PeerNetworking
[2012/03/01 15:34:12 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\PixelPlanet
[2012/11/28 00:53:46 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Samsung
[2010/10/11 22:57:01 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\SystemRequirementsLab
[2012/02/21 18:55:33 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\TeamViewer
[2010/03/14 23:16:49 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Uniblue
[2012/11/30 23:01:43 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\uTorrent
[2012/09/23 23:26:33 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Xilinx
[2011/12/07 17:17:28 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Xilisoft Corporation
[2011/10/27 19:20:20 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\xm1
[2013/03/18 23:05:48 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\{9824CBCB-329D-487F-97B1-B09FEA68CA6C}
[2013/03/18 23:05:27 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\{AF7B0CE6-0629-4425-9E54-98864D50FAB1}

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2013/01/26 22:41:41 | 000,023,798 | ---- | C] ()(C:\Users\mahnaz\Desktop\????????.docx) -- C:\Users\mahnaz\Desktop\پرسشنامه.docx
[2012/08/12 22:10:08 | 000,023,798 | ---- | M] ()(C:\Users\mahnaz\Desktop\????????.docx) -- C:\Users\mahnaz\Desktop\پرسشنامه.docx

========== Alternate Data Streams ==========

@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:010ADD2C

< End of report >

**
****************************************************************************************************************
aswMBr report :

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-04-27 20:20:20
-----------------------------
20:20:20.324 OS Version: Windows 6.0.6001 Service Pack 1
20:20:20.324 Number of processors: 2 586 0x170A
20:20:20.324 ComputerName: MAHNAZ-PC UserName: mahnaz
20:20:23.210 Initialize success
20:26:56.941 AVAST engine defs: 13042700
20:32:57.725 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:32:57.725 Disk 0 Vendor: Hitachi_ FB4O Size: 305245MB BusType: 3
20:32:57.725 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000085
20:32:57.725 Disk 1 Vendor: RICOH 01 Size: 305245MB BusType: 0
20:32:57.741 Disk 2 \Device\Harddisk2\DR2 -> \Device\00000086
20:32:57.741 Disk 2 Vendor: RICOH 02 Size: 305245MB BusType: 0
20:32:58.271 Disk 0 MBR read successfully
20:32:58.271 Disk 0 MBR scan
20:32:58.661 Disk 0 Windows VISTA default MBR code
20:32:58.739 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 12689 MB offset 2048
20:32:58.770 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 250554 MB offset 25989120
20:32:58.770 Disk 0 Partition - 00 0F Extended LBA 22000 MB offset 539125760
20:32:58.895 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 19999 MB offset 584181760
20:32:59.425 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 21999 MB offset 539127808
20:32:59.457 Disk 0 scanning sectors +625139712
20:32:59.644 Disk 0 scanning C:\Windows\system32\drivers
20:33:20.612 Service scanning
20:34:06.148 Modules scanning
20:34:42.663 AVAST engine scan C:\Windows
20:34:48.485 AVAST engine scan C:\Windows\system32
20:36:03.166 File: C:\Windows\system32\ND5202.OCX **INFECTED** Win32:Malware-gen
20:39:03.840 AVAST engine scan C:\Windows\system32\drivers
20:39:24.806 AVAST engine scan C:\Users\mahnaz
20:44:20.312 Disk 0 MBR has been saved successfully to "C:\Users\mahnaz\Desktop\MBR.dat"
20:44:20.327 The log file has been saved successfully to "C:\Users\mahnaz\Desktop\aswMBR.txt"


***************************************************************************************************

Combo report :


ComboFix 13-04-27.04 - mahnaz 04/27/2013 20:53:10.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1914.837 [GMT 4.5:30]
Running from: c:\users\mahnaz\Desktop\ComboFix.exe
AV: ESET Smart Security 5.2 *Disabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET Personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.2 *Disabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\prefs.js
c:\programdata\Roaming
c:\windows\system32\html
c:\windows\system32\html\calendar.html
c:\windows\system32\html\calendarbottom.html
c:\windows\system32\html\calendartop.html
c:\windows\system32\html\crystalexportdialog.htm
c:\windows\system32\html\crystalprinthost.html
c:\windows\system32\images
c:\windows\system32\images\toolbar\calendar.gif
c:\windows\system32\images\toolbar\crlogo.gif
c:\windows\system32\images\toolbar\export.gif
c:\windows\system32\images\toolbar\export_over.gif
c:\windows\system32\images\toolbar\exportd.gif
c:\windows\system32\images\toolbar\First.gif
c:\windows\system32\images\toolbar\first_over.gif
c:\windows\system32\images\toolbar\Firstd.gif
c:\windows\system32\images\toolbar\gotopage.gif
c:\windows\system32\images\toolbar\gotopage_over.gif
c:\windows\system32\images\toolbar\gotopaged.gif
c:\windows\system32\images\toolbar\grouptree.gif
c:\windows\system32\images\toolbar\grouptree_over.gif
c:\windows\system32\images\toolbar\grouptreed.gif
c:\windows\system32\images\toolbar\grouptreepressed.gif
c:\windows\system32\images\toolbar\Last.gif
c:\windows\system32\images\toolbar\last_over.gif
c:\windows\system32\images\toolbar\Lastd.gif
c:\windows\system32\images\toolbar\Next.gif
c:\windows\system32\images\toolbar\next_over.gif
c:\windows\system32\images\toolbar\Nextd.gif
c:\windows\system32\images\toolbar\Prev.gif
c:\windows\system32\images\toolbar\prev_over.gif
c:\windows\system32\images\toolbar\Prevd.gif
c:\windows\system32\images\toolbar\print.gif
c:\windows\system32\images\toolbar\print_over.gif
c:\windows\system32\images\toolbar\printd.gif
c:\windows\system32\images\toolbar\Refresh.gif
c:\windows\system32\images\toolbar\refresh_over.gif
c:\windows\system32\images\toolbar\refreshd.gif
c:\windows\system32\images\toolbar\Search.gif
c:\windows\system32\images\toolbar\search_over.gif
c:\windows\system32\images\toolbar\searchd.gif
c:\windows\system32\images\toolbar\up.gif
c:\windows\system32\images\toolbar\up_over.gif
c:\windows\system32\images\toolbar\upd.gif
c:\windows\system32\images\tree\begindots.gif
c:\windows\system32\images\tree\beginminus.gif
c:\windows\system32\images\tree\beginplus.gif
c:\windows\system32\images\tree\blank.gif
c:\windows\system32\images\tree\blankdots.gif
c:\windows\system32\images\tree\dots.gif
c:\windows\system32\images\tree\lastdots.gif
c:\windows\system32\images\tree\lastminus.gif
c:\windows\system32\images\tree\lastplus.gif
c:\windows\system32\images\tree\Magnify.gif
c:\windows\system32\images\tree\minus.gif
c:\windows\system32\images\tree\minusbox.gif
c:\windows\system32\images\tree\plus.gif
c:\windows\system32\images\tree\plusbox.gif
c:\windows\system32\images\tree\singleminus.gif
c:\windows\system32\images\tree\singleplus.gif
.
.
((((((((((((((((((((((((( Files Created from 2013-03-27 to 2013-04-27 )))))))))))))))))))))))))))))))
.
.
2013-04-27 16:41 . 2013-04-27 16:41 -------- d-----w- c:\users\mahnaz\AppData\Local\temp
2013-04-27 16:41 . 2013-04-27 16:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-27 15:03 . 2013-04-27 15:03 -------- d-----w- C:\_OTL
2013-04-26 08:12 . 2013-04-10 03:08 6906960 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F6E77386-1962-4C5D-ACF9-145BA894BBD1}\mpengine.dll
2013-04-21 14:45 . 2013-04-21 14:45 -------- d-----w- c:\users\mahnaz\AppData\Roaming\Malwarebytes
2013-04-21 14:44 . 2013-04-21 14:44 -------- d-----w- c:\programdata\Malwarebytes
2013-04-21 14:44 . 2013-04-21 14:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-04-21 14:44 . 2013-04-04 10:20 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-17 19:29 . 2013-04-17 19:37 -------- d-----w- c:\program files\Unlocker
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-11 20:40 . 2009-11-16 08:26 237088 ------w- c:\windows\system32\MpSigStub.exe
2013-01-31 08:34 . 2013-01-31 08:34 796672 ----a-w- c:\windows\GPInstall.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2010-07-26 12:09 70776 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2008-12-22 274432]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"IDMan"="c:\_otl\MovedFiles\04272013_193340\C_Program Files\Internet Download Manager\IDMan.exe" [2011-09-14 3241312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2008-12-18 317288]
"VMSwitch"="c:\program files\Sony\VAIO Mode Switch\VMSwitch.exe" [2009-02-05 538472]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-10 835584]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-01-06 6703648]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-11-29 145944]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-11-29 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-11-29 170520]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-12-03 35184]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2012-03-07 3117344]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Canon LBP5000 Status Window.lnk - c:\windows\System32\spool\drivers\w32x86\3\CNAC4LAK.EXE [2011-7-26 50848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-01-19 19:49 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Canon LBP5000 Status Window.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Canon LBP5000 Status Window.lnk
backup=c:\windows\pss\Canon LBP5000 Status Window.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Maximum Notifier.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Maximum Notifier.lnk
backup=c:\windows\pss\Maximum Notifier.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TMMonitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\TMMonitor.lnk
backup=c:\windows\pss\TMMonitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^mahnaz^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Audio Filter.lnk]
path=c:\users\mahnaz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Audio Filter.lnk
backup=c:\windows\pss\Audio Filter.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^mahnaz^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LingvoSoft Talking Dictionary 2008 (English-Persian (Farsi)).lnk]
path=c:\users\mahnaz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LingvoSoft Talking Dictionary 2008 (English-Persian (Farsi)).lnk
backup=c:\windows\pss\LingvoSoft Talking Dictionary 2008 (English-Persian (Farsi)).lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^mahnaz^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\mahnaz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^mahnaz^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Serviio.lnk]
path=c:\users\mahnaz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Serviio.lnk
backup=c:\windows\pss\Serviio.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-03-18 06:49 207360 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-06-24 15:36 136176 ----atw- c:\users\mahnaz\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- c:\users\mahnaz\AppData\Roaming\Google\Google Talk\googletalk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 08:14 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2012-05-25 00:55 6595928 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ooVoo.exe]
2011-05-18 04:55 22631608 ----a-w- c:\program files\ooVoo\ooVoo.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl11]
2011-08-24 01:13 230696 ------w- c:\program files\CyberLink\PowerDVD11\PDVD11Serv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2010-07-14 08:50 322352 ----a-w- c:\program files\uTorrent\uTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vmware-tray]
2009-10-22 01:29 129584 ----a-w- c:\program files\VMware\VMware Workstation\vmware-tray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Web Freer]
2012-04-24 01:05 1408512 ----a-w- c:\program files\WebFreer\webfreer.exe
.
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
bdx REG_MULTI_SZ sysagent
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-16 19:52]
.
2013-04-27 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 18:20]
.
2013-04-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3233104117-2109178606-3299732699-1003Core.job
- c:\users\mahnaz\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-24 15:36]
.
2013-04-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3233104117-2109178606-3299732699-1003UA.job
- c:\users\mahnaz\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-24 15:36]
.
2010-12-19 c:\windows\Tasks\User_Feed_Synchronization-{D34B2B1C-6357-4E46-A503-06D1B6884F01}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uInternet Settings,ProxyOverride = <local>
IE: Download all links with IDM - c:\_otl\MovedFiles\04272013_193340\C_Program Files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\_otl\MovedFiles\04272013_193340\C_Program Files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\_otl\MovedFiles\04272013_193340\C_Program Files\Internet Download Manager\IEExt.htm
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{afaf756a-600b-48df-a1d1-0a173eb5ec26} - c:\program files\Nosa\Simorgh\HTTPClient\SimWinClt.exe
LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll
TCP: DhcpNameServer = 192.168.1.1
Handler: ms-its51 - {F6F1E82D-DE4D-11D2-875C-0000F8105754} - c:\program files\Common Files\microsoft shared\Information Retrieval\itss51.dll
.
.
------- File Associations -------
.
.txt=TXT_File
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-Babylon Client - c:\program files\Babylon\Babylon-Pro\Babylon.exe
MSConfigStartUp-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
MSConfigStartUp-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
MSConfigStartUp-NeroFilterCheck - c:\program files\Common Files\Nero\Lib\NeroCheck.exe
MSConfigStartUp-SpyEmergency - c:\program files\NETGATE\Spy Emergency\SpyEmergency.exe
MSConfigStartUp-VMpTtray - c:\program files\Sony\VAIO Media plus\VMpTtray.exe
AddRemove-MTI ModelSim SE 6.1b Deinstall Key - c:\modeltech_6.1b\win32\Uninst.isu
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-04-27 21:11
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
*****************************************************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3233104117-2109178606-3299732699-1003_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):95,a4,b7,a0,e8,dc,be,f2,a4,80,68,c0,6f,74,bc,9d,1b,2e,b2,e2,35,
a8,fb,7a,f4,d4,6b,75,f1,c6,1b,69,88,59,3c,05,a1,73,53,25,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-3233104117-2109178606-3299732699-1003_Classes\CLSID\{79e6dc9d-4d1d-49c6-9954-3e572c0112f6}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000148
"Therad"=dword:00000016
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-3233104117-2109178606-3299732699-1003_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):9f,1e,05,11,b6,c4,66,ae,be,68,f4,e8,39,c1,22,30,89,e2,0f,8c,b2,
20,36,14,1b,45,f3,8a,fe,5b,ca,46,da,5c,31,df,21,f9,1c,39,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-3233104117-2109178606-3299732699-1003_Classes\CLSID\{8863a079-8457-401f-b3fb-92b7d5795e7b}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000b9
"Therad"=dword:00000023
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,8b,ad,e6,ed,fc,08,a4,c2,e4,3a,d3,41,b6,93,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0014\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2013-04-27 21:14:51
ComboFix-quarantined-files.txt 2013-04-27 16:44
.
Pre-Run: 35,342,249,984 bytes free
Post-Run: 46,073,806,848 bytes free
.
- - End Of File - - 12AE1D04E24544FA12424E5464BCF39E

**************************************************************************************************************

TDSSKiller report :

21:50:43.0765 4128 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
21:50:45.0793 4128 ============================================================
21:50:45.0793 4128 Current date / time: 2013/04/27 21:50:45.0793
21:50:45.0793 4128 SystemInfo:
21:50:45.0793 4128
21:50:45.0793 4128 OS Version: 6.0.6001 ServicePack: 1.0
21:50:45.0793 4128 Product type: Workstation
21:50:45.0793 4128 ComputerName: MAHNAZ-PC
21:50:45.0793 4128 UserName: mahnaz
21:50:45.0793 4128 Windows directory: C:\Windows
21:50:45.0793 4128 System windows directory: C:\Windows
21:50:45.0793 4128 Processor architecture: Intel x86
21:50:45.0793 4128 Number of processors: 2
21:50:45.0793 4128 Page size: 0x1000
21:50:45.0793 4128 Boot type: Normal boot
21:50:45.0793 4128 ============================================================
21:50:46.0449 4128 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:50:46.0480 4128 ============================================================
21:50:46.0480 4128 \Device\Harddisk0\DR0:
21:50:46.0495 4128 MBR partitions:
21:50:46.0495 4128 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x18C9000, BlocksNum 0x1E95D2A0
21:50:46.0527 4128 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x20227000, BlocksNum 0x2AF7800
21:50:46.0527 4128 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x22D1E800, BlocksNum 0x270F800
21:50:46.0527 4128 ============================================================
21:50:46.0698 4128 C: <-> \Device\Harddisk0\DR0\Partition1
21:50:47.0322 4128 G: <-> \Device\Harddisk0\DR0\Partition3
21:50:47.0509 4128 H: <-> \Device\Harddisk0\DR0\Partition2
21:50:47.0509 4128 ============================================================
21:50:47.0509 4128 Initialize success
21:50:47.0509 4128 ============================================================
21:50:51.0987 5448 ============================================================
21:50:51.0987 5448 Scan started
21:50:51.0987 5448 Mode: Manual;
21:50:51.0987 5448 ============================================================
21:50:52.0798 5448 ================ Scan system memory ========================
21:50:52.0798 5448 System memory - ok
21:50:52.0798 5448 ================ Scan services =============================
21:50:53.0047 5448 [ 1BFDC35DE9CC3F6F9CBDCDD0456005E4 ] ACDaemon C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
21:50:53.0047 5448 ACDaemon - ok
21:50:53.0297 5448 [ FCB8C7210F0135E24C6580F7F649C73C ] ACPI C:\Windows\system32\drivers\acpi.sys
21:50:53.0297 5448 ACPI - ok
21:50:53.0391 5448 [ 3FD8DC2C9735C2AA70155102CFB93EDA ] AdobeActiveFileMonitor7.0 C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
21:50:53.0391 5448 AdobeActiveFileMonitor7.0 - ok
21:50:53.0515 5448 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:50:53.0515 5448 AdobeFlashPlayerUpdateSvc - ok
21:50:53.0609 5448 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
21:50:53.0625 5448 adp94xx - ok
21:50:53.0640 5448 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
21:50:53.0640 5448 adpahci - ok
21:50:53.0671 5448 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
21:50:53.0671 5448 adpu160m - ok
21:50:53.0687 5448 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
21:50:53.0687 5448 adpu320 - ok
21:50:53.0749 5448 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:50:53.0749 5448 AeLookupSvc - ok
21:50:53.0812 5448 [ FE3EA6E9AFC1A78E6EDCA121E006AFB7 ] Afc C:\Windows\system32\drivers\Afc.sys
21:50:53.0812 5448 Afc - ok
21:50:53.0968 5448 [ 48EB99503533C27AC6135648E5474457 ] AFD C:\Windows\system32\drivers\afd.sys
21:50:53.0983 5448 AFD - ok
21:50:54.0061 5448 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
21:50:54.0061 5448 agp440 - ok
21:50:54.0077 5448 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
21:50:54.0077 5448 aic78xx - ok
21:50:54.0093 5448 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
21:50:54.0093 5448 ALG - ok
21:50:54.0108 5448 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
21:50:54.0108 5448 aliide - ok
21:50:54.0186 5448 [ 5E90A956526086634547BF8093FEB699 ] altio C:\Windows\system32\altio.sys
21:50:54.0186 5448 altio - ok
21:50:54.0202 5448 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
21:50:54.0202 5448 amdagp - ok
21:50:54.0217 5448 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
21:50:54.0217 5448 amdide - ok
21:50:54.0280 5448 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
21:50:54.0280 5448 AmdK7 - ok
21:50:54.0295 5448 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
21:50:54.0295 5448 AmdK8 - ok
21:50:54.0358 5448 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
21:50:54.0373 5448 Appinfo - ok
21:50:54.0436 5448 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
21:50:54.0451 5448 arc - ok
21:50:54.0514 5448 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
21:50:54.0514 5448 arcsas - ok
21:50:54.0529 5448 [ 857B48965A0503B7AB795D4BFE7CBD8B ] ArcSoftKsUFilter C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
21:50:54.0529 5448 ArcSoftKsUFilter - ok
21:50:54.0919 5448 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
21:50:54.0951 5448 aspnet_state - ok
21:50:55.0029 5448 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:50:55.0029 5448 AsyncMac - ok
21:50:55.0075 5448 [ 2D9C903DC76A66813D350A562DE40ED9 ] atapi C:\Windows\system32\drivers\atapi.sys
21:50:55.0075 5448 atapi - ok
21:50:55.0278 5448 [ 939C7B5F43096BE8511780D2EECCF6BE ] ATIAVPCI C:\Windows\system32\DRIVERS\atinavrr.sys
21:50:55.0356 5448 ATIAVPCI - ok
21:50:55.0419 5448 [ 7E963AFC33AC3A0E234F96FA5DDB4CFB ] AtiIrRcvr C:\Windows\system32\DRIVERS\aticir.sys
21:50:55.0419 5448 AtiIrRcvr - ok
21:50:55.0481 5448 [ 42076E29AAFA0830A2C5D4E310F58DD1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:50:55.0497 5448 AudioEndpointBuilder - ok
21:50:55.0497 5448 [ 42076E29AAFA0830A2C5D4E310F58DD1 ] Audiosrv C:\Windows\System32\Audiosrv.dll
21:50:55.0497 5448 Audiosrv - ok
21:50:55.0621 5448 [ 6163664C7E9CD110AF70180C126C3FDC ] BcmSqlStartupSvc C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
21:50:55.0621 5448 BcmSqlStartupSvc - ok
21:50:55.0699 5448 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
21:50:55.0699 5448 Beep - ok
21:50:55.0762 5448 [ 8582E233C346AEFE759833E8A30DD697 ] BFE C:\Windows\System32\bfe.dll
21:50:55.0762 5448 BFE - ok
21:50:55.0965 5448 [ 02ED7B4DBC2A3232A389106DA7515C3D ] BITS C:\Windows\system32\qmgr.dll
21:50:55.0980 5448 BITS - ok
21:50:56.0027 5448 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
21:50:56.0043 5448 blbdrive - ok
21:50:56.0105 5448 [ 8153396D5551276227FA146900F734E6 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:50:56.0105 5448 bowser - ok
21:50:56.0167 5448 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
21:50:56.0167 5448 BrFiltLo - ok
21:50:56.0167 5448 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
21:50:56.0167 5448 BrFiltUp - ok
21:50:56.0183 5448 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
21:50:56.0199 5448 Browser - ok
21:50:56.0245 5448 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
21:50:56.0245 5448 Brserid - ok
21:50:56.0261 5448 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
21:50:56.0261 5448 BrSerWdm - ok
21:50:56.0277 5448 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
21:50:56.0277 5448 BrUsbMdm - ok
21:50:56.0277 5448 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
21:50:56.0277 5448 BrUsbSer - ok
21:50:56.0339 5448 [ AE19CFBBBA41800F3D5343E21D2CA09F ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
21:50:56.0339 5448 BthEnum - ok
21:50:56.0355 5448 [ 5FFA6988FF9597986FF2ADA736CC90C0 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
21:50:56.0355 5448 BTHMODEM - ok
21:50:56.0386 5448 [ 5904EFA25F829BF84EA6FB045134A1D8 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
21:50:56.0386 5448 BthPan - ok
21:50:56.0448 5448 [ 75F19DF0BC62992D05FDD8A32D968531 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
21:50:56.0464 5448 BTHPORT - ok
21:50:56.0526 5448 [ FC930B47A83F5F61DFADC64A0719DE43 ] BthServ C:\Windows\System32\bthserv.dll
21:50:56.0526 5448 BthServ - ok
21:50:56.0526 5448 [ 4CE2A25C5936BC515357D60FEE73F221 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
21:50:56.0526 5448 BTHUSB - ok
21:50:56.0682 5448 [ 6E41621E03D91167CEAE555CE2B468B8 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
21:50:56.0698 5448 btwaudio - ok
21:50:56.0729 5448 [ 7E67B295081B33EA22C0FB04798B306C ] btwavdt C:\Windows\system32\drivers\btwavdt.sys
21:50:56.0729 5448 btwavdt - ok
21:50:56.0947 5448 [ 2C50A18375EF2571F09D9DAF83192762 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
21:50:56.0947 5448 btwdins - ok
21:50:57.0010 5448 [ 54C2EE0A3CEC586629035D771AACAE67 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
21:50:57.0010 5448 btwl2cap - ok
21:50:57.0057 5448 [ 4B4F992EE709C40EFD33BA4D2BAFA402 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
21:50:57.0057 5448 btwrchid - ok
21:50:57.0431 5448 catchme - ok
21:50:57.0509 5448 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:50:57.0509 5448 cdfs - ok
21:50:57.0587 5448 [ 1EC25CEA0DE6AC4718BF89F9E1778B57 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
21:50:57.0587 5448 cdrom - ok
21:50:57.0649 5448 [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] CertPropSvc C:\Windows\System32\certprop.dll
21:50:57.0665 5448 CertPropSvc - ok
21:50:57.0681 5448 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
21:50:57.0681 5448 circlass - ok
21:50:57.0696 5448 [ 465745561C832B29F7C48B488AAB3842 ] CLFS C:\Windows\system32\CLFS.sys
21:50:57.0696 5448 CLFS - ok
21:50:57.0790 5448 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:50:57.0805 5448 clr_optimization_v2.0.50727_32 - ok
21:50:57.0915 5448 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:50:57.0915 5448 clr_optimization_v4.0.30319_32 - ok
21:50:57.0993 5448 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
21:50:57.0993 5448 CmBatt - ok
21:50:57.0993 5448 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:50:57.0993 5448 cmdide - ok
21:50:58.0055 5448 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
21:50:58.0071 5448 Compbatt - ok
21:50:58.0071 5448 COMSysApp - ok
21:50:58.0102 5448 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
21:50:58.0102 5448 crcdisk - ok
21:50:58.0117 5448 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
21:50:58.0117 5448 Crusoe - ok
21:50:58.0180 5448 [ 6DE363F9F99334514C46AEC02D3E3678 ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:50:58.0180 5448 CryptSvc - ok
21:50:58.0258 5448 [ 301AE00E12408650BADDC04DBC832830 ] DcomLaunch C:\Windows\system32\rpcss.dll
21:50:58.0258 5448 DcomLaunch - ok
21:50:58.0351 5448 [ A3E9FA213F443AC77C7746119D13FEEC ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:50:58.0383 5448 DfsC - ok
21:50:58.0617 5448 [ FA3463F25F9CC9C3BCF1E7912FEFF099 ] DFSR C:\Windows\system32\DFSR.exe
21:50:58.0679 5448 DFSR - ok
21:50:58.0757 5448 [ 43A988A9C10333476CB5FB667CBD629D ] Dhcp C:\Windows\System32\dhcpcsvc.dll
21:50:58.0773 5448 Dhcp - ok
21:50:58.0851 5448 [ 64109E623ABD6955C8FB110B592E68B7 ] disk C:\Windows\system32\drivers\disk.sys
21:50:58.0851 5448 disk - ok
21:50:58.0913 5448 [ F206E28ED74C491FD5D7C0A1119CE37F ] DMICall C:\Windows\system32\DRIVERS\DMICall.sys
21:50:58.0913 5448 DMICall - ok
21:50:58.0960 5448 [ 4805D9A6D281C7A7DEFD9094DEC6AF7D ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:50:58.0960 5448 Dnscache - ok
21:50:58.0975 5448 [ 5AF620A08C614E24206B79E8153CF1A8 ] dot3svc C:\Windows\System32\dot3svc.dll
21:50:58.0975 5448 dot3svc - ok
21:50:59.0053 5448 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
21:50:59.0069 5448 DPS - ok
21:50:59.0100 5448 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:50:59.0100 5448 drmkaud - ok
21:50:59.0163 5448 [ 5B2410766376CB6B2BE95B6D6824B771 ] drpkiont C:\Windows\system32\drpkiont.sys
21:50:59.0163 5448 drpkiont - ok
21:50:59.0194 5448 [ 85F33880B8CFB554BD3D9CCDB486845A ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:50:59.0209 5448 DXGKrnl - ok
21:50:59.0256 5448 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
21:50:59.0256 5448 E1G60 - ok
21:50:59.0397 5448 [ 8A45015E85A4DCE0086B9973F0FD9A20 ] eamonm C:\Windows\system32\DRIVERS\eamonm.sys
21:50:59.0397 5448 eamonm - ok
21:50:59.0459 5448 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
21:50:59.0459 5448 EapHost - ok
21:50:59.0521 5448 [ DD2CD259D83D8B72C02C5F2331FF9D68 ] Ecache C:\Windows\system32\drivers\ecache.sys
21:50:59.0521 5448 Ecache - ok
21:50:59.0584 5448 [ 5412ED24FFFCA64E2F0168399B86C952 ] ehdrv C:\Windows\system32\DRIVERS\ehdrv.sys
21:50:59.0584 5448 ehdrv - ok
21:50:59.0662 5448 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:50:59.0677 5448 ehRecvr - ok
21:50:59.0693 5448 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
21:50:59.0693 5448 ehSched - ok
21:50:59.0693 5448 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
21:50:59.0693 5448 ehstart - ok
21:50:59.0818 5448 [ AD4FAADE819E0DA9933BEA7C01D2C763 ] ekrn C:\Program Files\ESET\ESET Smart Security\ekrn.exe
21:50:59.0818 5448 ekrn - ok
21:50:59.0896 5448 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
21:50:59.0911 5448 elxstor - ok
21:50:59.0943 5448 [ 70B1A86DF0C8EAD17D2BC332EDAE2C7C ] EMDMgmt C:\Windows\system32\emdmgmt.dll
21:50:59.0958 5448 EMDMgmt - ok
21:51:00.0067 5448 [ 774BABCB1144513DC86992003740B774 ] epfw C:\Windows\system32\DRIVERS\epfw.sys
21:51:00.0083 5448 epfw - ok
21:51:00.0083 5448 [ 2C22CC39309EE06AE870C183BF2A769D ] EpfwLWF C:\Windows\system32\DRIVERS\EpfwLWF.sys
21:51:00.0083 5448 EpfwLWF - ok
21:51:00.0161 5448 [ 2B4E5F01A4E786B422F4D617B51FA7D9 ] epfwwfp C:\Windows\system32\DRIVERS\epfwwfp.sys
21:51:00.0161 5448 epfwwfp - ok
21:51:00.0223 5448 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:51:00.0223 5448 ErrDev - ok
21:51:00.0301 5448 [ 3CB3343D720168B575133A0A20DC2465 ] EventSystem C:\Windows\system32\es.dll
21:51:00.0317 5448 EventSystem - ok
21:51:00.0442 5448 [ 791464A9E9ADE063327A29F1B3F1A86C ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
21:51:00.0442 5448 EvtEng - ok
21:51:00.0520 5448 [ 0D858EB20589A34EFB25695ACAA6AA2D ] exfat C:\Windows\system32\drivers\exfat.sys
21:51:00.0520 5448 exfat - ok
21:51:00.0551 5448 [ 3C489390C2E2064563727752AF8EAB9E ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:51:00.0551 5448 fastfat - ok
21:51:00.0645 5448 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
21:51:00.0660 5448 fdc - ok
21:51:00.0676 5448 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
21:51:00.0676 5448 fdPHost - ok
21:51:00.0691 5448 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
21:51:00.0707 5448 FDResPub - ok
21:51:00.0707 5448 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:51:00.0723 5448 FileInfo - ok
21:51:00.0723 5448 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:51:00.0723 5448 Filetrace - ok
21:51:00.0801 5448 [ F76D04F7413B07DAA029F6520B64B4E8 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
21:51:00.0801 5448 FLEXnet Licensing Service - ok
21:51:00.0832 5448 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
21:51:00.0847 5448 flpydisk - ok
21:51:00.0847 5448 [ 05EA53AFE985443011E36DAB07343B46 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:51:00.0847 5448 FltMgr - ok
21:51:00.0925 5448 [ C9BE08664611DDAF98E2331E9288B00B ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:51:00.0941 5448 FontCache3.0.0.0 - ok
21:51:00.0957 5448 [ 65EA8B77B5851854F0C55C43FA51A198 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:51:00.0957 5448 Fs_Rec - ok
21:51:00.0972 5448 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
21:51:00.0972 5448 gagp30kx - ok
21:51:01.0019 5448 [ D9F1113D9401185245573350712F92FC ] gpsvc C:\Windows\System32\gpsvc.dll
21:51:01.0019 5448 gpsvc - ok
21:51:01.0081 5448 [ 1F79859A8C1D7C14EF6207852F622ADD ] hcmon C:\Windows\system32\drivers\hcmon.sys
21:51:01.0081 5448 hcmon - ok
21:51:01.0175 5448 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:51:01.0191 5448 HdAudAddService - ok
21:51:01.0206 5448 [ C87B1EE051C0464491C1A7B03FA0BC99 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
21:51:01.0206 5448 HDAudBus - ok
21:51:01.0269 5448 [ 2FE6EF94B64D2DA60F400EB643086220 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
21:51:01.0269 5448 HidBth - ok
21:51:01.0284 5448 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
21:51:01.0284 5448 HidIr - ok
21:51:01.0315 5448 [ 8FA640195279ACE21BEA91396A0054FC ] hidserv C:\Windows\System32\hidserv.dll
21:51:01.0315 5448 hidserv - ok
21:51:01.0362 5448 [ E2B5BD48AFCC0F0974FB44641B223250 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
21:51:01.0362 5448 HidUsb - ok
21:51:01.0378 5448 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:51:01.0378 5448 hkmsvc - ok
21:51:01.0409 5448 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
21:51:01.0409 5448 HpCISSs - ok
21:51:01.0471 5448 [ 46D67209550973257601A533E2AC5785 ] HSFHWAZL C:\Windows\system32\DRIVERS\VSTAZL3.SYS
21:51:01.0487 5448 HSFHWAZL - ok
21:51:01.0581 5448 [ 7BC42C65B5C6281777C1A7605B253BA8 ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys
21:51:01.0596 5448 HSF_DPV - ok
21:51:01.0721 5448 [ 9EBF2D102CCBB6BCDFBF1B7922F8BA2E ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys
21:51:01.0721 5448 HSXHWAZL - ok
21:51:01.0815 5448 [ 96E241624C71211A79C84F50A8E71CAB ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:51:01.0815 5448 HTTP - ok
21:51:01.0846 5448 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
21:51:01.0846 5448 i2omp - ok
21:51:01.0908 5448 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
21:51:01.0908 5448 i8042prt - ok
21:51:01.0924 5448 [ DB0CC620B27A928D968C1A1E9CD9CB87 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
21:51:01.0924 5448 iaStor - ok
21:51:01.0939 5448 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
21:51:01.0955 5448 iaStorV - ok
21:51:02.0049 5448 [ 8FE13DC6828973E8B4326AD89A39B117 ] IDMWFP C:\Windows\system32\DRIVERS\idmwfp.sys
21:51:02.0049 5448 IDMWFP - ok
21:51:02.0189 5448 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
21:51:02.0205 5448 IDriverT - ok
21:51:02.0392 5448 [ 7B630ACAED64FEF0C3E1CF255CB56686 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:51:02.0407 5448 idsvc - ok
21:51:02.0517 5448 [ CE5FF5D5E3F4CA974E36DC24C15474D0 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
21:51:02.0595 5448 igfx - ok
21:51:02.0610 5448 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
21:51:02.0610 5448 iirsp - ok
21:51:02.0641 5448 [ A3BC480A2BF8AA8E4DABD2D5DCE0AFAC ] IKEEXT C:\Windows\System32\ikeext.dll
21:51:02.0657 5448 IKEEXT - ok
21:51:02.0922 5448 [ 3AA1F82EFA2B0454AF163124C9920D16 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
21:51:02.0969 5448 IntcAzAudAddService - ok
21:51:03.0000 5448 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
21:51:03.0016 5448 intelide - ok
21:51:03.0031 5448 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:51:03.0031 5448 intelppm - ok
21:51:03.0094 5448 [ F7C534DEF663B4E847E44F20927F5ED2 ] IOPort C:\Windows\system32\DRIVERS\IOPORT.SYS
21:51:03.0094 5448 IOPort - ok
21:51:03.0125 5448 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:51:03.0125 5448 IPBusEnum - ok
21:51:03.0141 5448 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:51:03.0141 5448 IpFilterDriver - ok
21:51:03.0203 5448 [ 6A35D233693EDC29A12742049BC5E37F ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:51:03.0219 5448 iphlpsvc - ok
21:51:03.0219 5448 IpInIp - ok
21:51:03.0250 5448 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
21:51:03.0250 5448 IPMIDRV - ok
21:51:03.0265 5448 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
21:51:03.0265 5448 IPNAT - ok
21:51:03.0281 5448 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:51:03.0281 5448 IRENUM - ok
21:51:03.0297 5448 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:51:03.0297 5448 isapnp - ok
21:51:03.0359 5448 [ F247EEC28317F6C739C16DE420097301 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
21:51:03.0359 5448 iScsiPrt - ok
21:51:03.0390 5448 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
21:51:03.0406 5448 iteatapi - ok
21:51:03.0421 5448 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
21:51:03.0421 5448 iteraid - ok
21:51:03.0484 5448 [ 213822072085B5BBAD9AF30AB577D817 ] IviRegMgr C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
21:51:03.0484 5448 IviRegMgr - ok
21:51:03.0515 5448 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
21:51:03.0515 5448 kbdclass - ok
21:51:03.0531 5448 [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
21:51:03.0531 5448 kbdhid - ok
21:51:03.0562 5448 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] KeyIso C:\Windows\system32\lsass.exe
21:51:03.0562 5448 KeyIso - ok
21:51:03.0593 5448 [ 7A0CF7908B6824D6A2A1D313E5AE3DCA ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:51:03.0593 5448 KSecDD - ok
21:51:03.0655 5448 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
21:51:03.0671 5448 KtmRm - ok
21:51:03.0733 5448 [ 1925E63C91CF1610AE41BFD539062079 ] LanmanServer C:\Windows\System32\srvsvc.dll
21:51:03.0749 5448 LanmanServer - ok
21:51:03.0780 5448 [ 2AE2E1628C5D3F1C0A46A67C9FA1DF15 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:51:03.0780 5448 LanmanWorkstation - ok
21:51:03.0811 5448 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:51:03.0811 5448 lltdio - ok
21:51:03.0843 5448 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:51:03.0843 5448 lltdsvc - ok
21:51:03.0874 5448 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
21:51:03.0874 5448 lmhosts - ok
21:51:03.0889 5448 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
21:51:03.0889 5448 LSI_FC - ok
21:51:03.0889 5448 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
21:51:03.0905 5448 LSI_SAS - ok
21:51:03.0921 5448 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
21:51:03.0921 5448 LSI_SCSI - ok
21:51:03.0936 5448 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
21:51:03.0936 5448 luafv - ok
21:51:03.0967 5448 [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
21:51:03.0967 5448 MBAMProtector - ok
21:51:04.0077 5448 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
21:51:04.0092 5448 MBAMScheduler - ok
21:51:04.0155 5448 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
21:51:04.0186 5448 MBAMService - ok
21:51:04.0217 5448 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:51:04.0248 5448 Mcx2Svc - ok
21:51:04.0279 5448 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
21:51:04.0279 5448 mdmxsdk - ok
21:51:04.0342 5448 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
21:51:04.0357 5448 megasas - ok
21:51:04.0373 5448 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
21:51:04.0373 5448 MegaSR - ok
21:51:04.0482 5448 [ 7C4C76B39D5525C4A465E0BE32528E19 ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
21:51:04.0498 5448 Microsoft Office Groove Audit Service - ok
21:51:04.0513 5448 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
21:51:04.0513 5448 MMCSS - ok
21:51:04.0529 5448 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
21:51:04.0529 5448 Modem - ok
21:51:04.0560 5448 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:51:04.0560 5448 monitor - ok
21:51:04.0560 5448 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
21:51:04.0560 5448 mouclass - ok
21:51:04.0591 5448 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:51:04.0591 5448 mouhid - ok
21:51:04.0591 5448 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
21:51:04.0591 5448 MountMgr - ok
21:51:04.0654 5448 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
21:51:04.0685 5448 mpio - ok
21:51:04.0716 5448 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:51:04.0716 5448 mpsdrv - ok
21:51:04.0747 5448 [ D1639BA315B0D79DEC49A4B0E1FB929B ] MpsSvc C:\Windows\system32\mpssvc.dll
21:51:04.0747 5448 MpsSvc - ok
21:51:04.0810 5448 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
21:51:04.0825 5448 Mraid35x - ok
21:51:04.0841 5448 [ AE3DE84536B6799D2267443CEC8EDBB9 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:51:04.0841 5448 MRxDAV - ok
21:51:04.0903 5448 [ 5734A0F2BE7E495F7D3ED6EFD4B9F5A1 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:51:04.0919 5448 mrxsmb - ok
21:51:04.0966 5448 [ 6B5FA5ADFACAC9DBBE0991F4566D7D55 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:51:04.0966 5448 mrxsmb10 - ok
21:51:04.0997 5448 [ 5C80D8159181C7ABF1B14BA703B01E0B ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:51:04.0997 5448 mrxsmb20 - ok
21:51:05.0044 5448 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys
21:51:05.0044 5448 msahci - ok
21:51:05.0059 5448 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:51:05.0059 5448 msdsm - ok
21:51:05.0091 5448 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
21:51:05.0091 5448 MSDTC - ok
21:51:05.0106 5448 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:51:05.0106 5448 Msfs - ok
21:51:05.0122 5448 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:51:05.0122 5448 msisadrv - ok
21:51:05.0137 5448 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:51:05.0153 5448 MSiSCSI - ok
21:51:05.0184 5448 msiserver - ok
21:51:05.0231 5448 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:51:05.0247 5448 MSKSSRV - ok
21:51:05.0293 5448 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:51:05.0309 5448 MSPCLOCK - ok
21:51:05.0325 5448 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:51:05.0325 5448 MSPQM - ok
21:51:05.0356 5448 [ B5614AECB05A9340AA0FB55BF561CC63 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:51:05.0356 5448 MsRPC - ok
21:51:05.0387 5448 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
21:51:05.0387 5448 mssmbios - ok
21:51:05.0434 5448 MSSQL$MSSMLBIZ - ok
21:51:05.0543 5448 [ C06EA83F6FC2959E897C117255B6B1D5 ] MSSQLServerADHelper C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
21:51:05.0543 5448 MSSQLServerADHelper - ok
21:51:05.0574 5448 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:51:05.0574 5448 MSTEE - ok
21:51:05.0933 5448 [ E514D0493C272AECBAC7C6C1DAC635D1 ] msvsmon90 C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe
21:51:05.0995 5448 msvsmon90 - ok
21:51:06.0027 5448 [ 6DFD1D322DE55B0B7DB7D21B90BEC49C ] Mup C:\Windows\system32\Drivers\mup.sys
21:51:06.0027 5448 Mup - ok
21:51:06.0058 5448 [ C43B25863FBD65B6D2A142AF3AE320CA ] napagent C:\Windows\system32\qagentRT.dll
21:51:06.0073 5448 napagent - ok
21:51:06.0120 5448 [ 3C21CE48FF529BB73DADB98770B54025 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:51:06.0120 5448 NativeWifiP - ok
21:51:06.0183 5448 [ 9BDC71790FA08F0A0B5F10462B1BD0B1 ] NDIS C:\Windows\system32\drivers\ndis.sys
21:51:06.0183 5448 NDIS - ok
21:51:06.0214 5448 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:51:06.0214 5448 NdisTapi - ok
21:51:06.0229 5448 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:51:06.0229 5448 Ndisuio - ok
21:51:06.0261 5448 [ 3D14C3B3496F88890D431E8AA022A411 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:51:06.0261 5448 NdisWan - ok
21:51:06.0276 5448 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:51:06.0276 5448 NDProxy - ok
21:51:06.0307 5448 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:51:06.0307 5448 NetBIOS - ok
21:51:06.0323 5448 [ 7C5FEE5B1C5728507CD96FB4A13E7A02 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
21:51:06.0323 5448 netbt - ok
21:51:06.0339 5448 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] Netlogon C:\Windows\system32\lsass.exe
21:51:06.0339 5448 Netlogon - ok
21:51:06.0385 5448 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
21:51:06.0385 5448 Netman - ok
21:51:06.0463 5448 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:51:06.0463 5448 NetMsmqActivator - ok
21:51:06.0463 5448 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:51:06.0479 5448 NetPipeActivator - ok
21:51:06.0510 5448 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
21:51:06.0510 5448 netprofm - ok
21:51:06.0526 5448 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:51:06.0526 5448 NetTcpActivator - ok
21:51:06.0526 5448 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:51:06.0526 5448 NetTcpPortSharing - ok
21:51:06.0697 5448 [ F0C42E0CDCE558D658FA53A222B4CCB1 ] NETw5v32 C:\Windows\system32\DRIVERS\NETw5v32.sys
21:51:06.0807 5448 NETw5v32 - ok
21:51:06.0822 5448 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
21:51:06.0822 5448 nfrd960 - ok
21:51:06.0853 5448 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
21:51:06.0853 5448 NlaSvc - ok
21:51:06.0900 5448 [ ECB5003F484F9ED6C608D6D6C7886CBB ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:51:06.0900 5448 Npfs - ok
21:51:06.0916 5448 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
21:51:06.0931 5448 nsi - ok
21:51:06.0947 5448 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:51:06.0947 5448 nsiproxy - ok
21:51:07.0025 5448 [ 276BFF84AD77DD23E1085E191F5A591F ] NSUService C:\Program Files\Sony\Network Utility\NSUService.exe
21:51:07.0025 5448 NSUService - ok
21:51:07.0103 5448 [ B4EFFE29EB4F15538FD8A9681108492D ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:51:07.0119 5448 Ntfs - ok
21:51:07.0165 5448 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
21:51:07.0165 5448 ntrigdigi - ok
21:51:07.0181 5448 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
21:51:07.0181 5448 Null - ok
21:51:07.0212 5448 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:51:07.0212 5448 nvraid - ok
21:51:07.0228 5448 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:51:07.0228 5448 nvstor - ok
21:51:07.0243 5448 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:51:07.0243 5448 nv_agp - ok
21:51:07.0243 5448 NwlnkFlt - ok
21:51:07.0243 5448 NwlnkFwd - ok
21:51:07.0493 5448 [ 1F0E05DFF4F5A833168E49BE1256F002 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:51:07.0509 5448 odserv - ok
21:51:07.0540 5448 [ 790E27C3DB53410B40FF9EF2FD10A1D9 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
21:51:07.0540 5448 ohci1394 - ok
21:51:07.0555 5448 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:51:07.0555 5448 ose - ok
21:51:07.0618 5448 [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2pimsvc C:\Windows\system32\p2psvc.dll
21:51:07.0618 5448 p2pimsvc - ok
21:51:07.0633 5448 [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2psvc C:\Windows\system32\p2psvc.dll
21:51:07.0649 5448 p2psvc - ok
21:51:07.0696 5448 [ B8040C5C1FC1FBBBE5C78CB9EDA343EC ] PACSPTISVR C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
21:51:07.0696 5448 PACSPTISVR - ok
21:51:07.0727 5448 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
21:51:07.0727 5448 Parport - ok
21:51:07.0743 5448 [ 3B38467E7C3DAED009DFE359E17F139F ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:51:07.0743 5448 partmgr - ok
21:51:07.0758 5448 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
21:51:07.0758 5448 Parvdm - ok
21:51:07.0774 5448 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
21:51:07.0774 5448 PcaSvc - ok
21:51:07.0836 5448 [ 01B94418DEB235DFF777CC80076354B4 ] pci C:\Windows\system32\drivers\pci.sys
21:51:07.0836 5448 pci - ok
21:51:07.0836 5448 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys
21:51:07.0836 5448 pciide - ok
21:51:07.0852 5448 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
21:51:07.0852 5448 pcmcia - ok
21:51:07.0930 5448 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:51:07.0930 5448 PEAUTH - ok
21:51:08.0008 5448 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
21:51:08.0039 5448 pla - ok
21:51:08.0055 5448 [ 78F975CB6D18265BE6F492EDB2D7BC7B ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:51:08.0070 5448 PlugPlay - ok
21:51:08.0086 5448 [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
21:51:08.0086 5448 PNRPAutoReg - ok
21:51:08.0101 5448 [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPsvc C:\Windows\system32\p2psvc.dll
21:51:08.0117 5448 PNRPsvc - ok
21:51:08.0148 5448 [ 47B8F37AA18B74D8C2E1BC1A7A2C8F8A ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:51:08.0148 5448 PolicyAgent - ok
21:51:08.0179 5448 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:51:08.0179 5448 PptpMiniport - ok
21:51:08.0195 5448 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
21:51:08.0195 5448 Processor - ok
21:51:08.0226 5448 [ B627E4FC8585E8843C5905D4D3587A90 ] ProfSvc C:\Windows\system32\profsvc.dll
21:51:08.0226 5448 ProfSvc - ok
21:51:08.0242 5448 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:51:08.0242 5448 ProtectedStorage - ok
21:51:08.0257 5448 [ BFEF604508A0ED1EAE2A73E872555FFB ] PSched C:\Windows\system32\DRIVERS\pacer.sys
21:51:08.0257 5448 PSched - ok
21:51:08.0273 5448 [ 153D02480A0A2F45785522E814C634B6 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
21:51:08.0273 5448 PxHelp20 - ok
21:51:08.0351 5448 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
21:51:08.0367 5448 ql2300 - ok
21:51:08.0398 5448 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
21:51:08.0398 5448 ql40xx - ok
21:51:08.0413 5448 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
21:51:08.0429 5448 QWAVE - ok
21:51:08.0429 5448 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:51:08.0445 5448 QWAVEdrv - ok
21:51:08.0445 5448 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:51:08.0445 5448 RasAcd - ok
21:51:08.0460 5448 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
21:51:08.0460 5448 RasAuto - ok
21:51:08.0491 5448 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:51:08.0491 5448 Rasl2tp - ok
21:51:08.0523 5448 [ AFB474438762F0418060653F7294D92C ] RasMan C:\Windows\System32\rasmans.dll
21:51:08.0523 5448 RasMan - ok
21:51:08.0538 5448 [ 3E9D9B048107B40D87B97DF2E48E0744 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:51:08.0538 5448 RasPppoe - ok
21:51:08.0538 5448 [ A7D141684E9500AC928A772ED8E6B671 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:51:08.0538 5448 RasSstp - ok
21:51:08.0569 5448 [ 6E1C5D0457622F9EE35F683110E93D14 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:51:08.0569 5448 rdbss - ok
21:51:08.0616 5448 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:51:08.0616 5448 RDPCDD - ok
21:51:08.0647 5448 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
21:51:08.0647 5448 rdpdr - ok
21:51:08.0663 5448 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:51:08.0663 5448 RDPENCDD - ok
21:51:08.0710 5448 [ E1C18F4097A5ABCEC941DC4B2F99DB7E ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:51:08.0710 5448 RDPWD - ok
21:51:08.0757 5448 [ 001B4278407F4303EFC902A2B16F2453 ] regi C:\Windows\system32\drivers\regi.sys
21:51:08.0757 5448 regi - ok
21:51:08.0850 5448 [ 636AAFAD77BEABE192D01E7E74F4A45B ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
21:51:08.0850 5448 RegSrvc - ok
21:51:08.0913 5448 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
21:51:08.0928 5448 RemoteAccess - ok
21:51:08.0959 5448 [ CC4E32400F3C7253400CF8F3F3A0B676 ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:51:08.0959 5448 RemoteRegistry - ok
21:51:09.0006 5448 [ 23F486726DA7A9B2F3EC7326421A9C36 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
21:51:09.0006 5448 RFCOMM - ok
21:51:09.0069 5448 [ F7D9ECF41EBD3CF6C65944368150F66B ] rimsptsk C:\Windows\system32\DRIVERS\rimsptsk.sys
21:51:09.0069 5448 rimsptsk - ok
21:51:09.0100 5448 [ 1BE6C42767A7C67BA31AE32B293B37A3 ] risdptsk C:\Windows\system32\DRIVERS\risdptsk.sys
21:51:09.0100 5448 risdptsk - ok
21:51:09.0147 5448 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
21:51:09.0147 5448 RpcLocator - ok
21:51:09.0162 5448 [ 301AE00E12408650BADDC04DBC832830 ] RpcSs C:\Windows\System32\rpcss.dll
21:51:09.0162 5448 RpcSs - ok
21:51:09.0209 5448 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:51:09.0209 5448 rspndr - ok
21:51:09.0287 5448 [ 4B3795EBECAE570DEF38BA7924C2A3DC ] RtkAudioService C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe
21:51:09.0287 5448 RtkAudioService - ok
21:51:09.0303 5448 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] SamSs C:\Windows\system32\lsass.exe
21:51:09.0303 5448 SamSs - ok
21:51:09.0318 5448 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:51:09.0318 5448 sbp2port - ok
21:51:09.0349 5448 [ 11387E32642269C7E62E8B52C060B3C6 ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:51:09.0349 5448 SCardSvr - ok
21:51:09.0412 5448 [ 7B587B8A6D4A99F79D2902D0385F29BD ] Schedule C:\Windows\system32\schedsvc.dll
21:51:09.0427 5448 Schedule - ok
21:51:09.0443 5448 [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] SCPolicySvc C:\Windows\System32\certprop.dll
21:51:09.0443 5448 SCPolicySvc - ok
21:51:09.0474 5448 [ 126EA89BCC413EE45E3004FB0764888F ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
21:51:09.0474 5448 sdbus - ok
21:51:09.0505 5448 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:51:09.0505 5448 SDRSVC - ok
21:51:09.0583 5448 [ 448658656535D0DE20882EFBC6315BB7 ] sdusb2em C:\Windows\system32\Drivers\sdusb2em.sys
21:51:09.0583 5448 sdusb2em - ok
21:51:09.0599 5448 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:51:09.0599 5448 secdrv - ok
21:51:09.0615 5448 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
21:51:09.0615 5448 seclogon - ok
21:51:09.0630 5448 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll
21:51:09.0630 5448 SENS - ok
21:51:09.0708 5448 [ A8CBE554D43136F0272ABA0F8B693BE1 ] Sentinel C:\Windows\System32\Drivers\SENTINEL.SYS
21:51:09.0708 5448 Sentinel - ok
21:51:09.0708 5448 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
21:51:09.0724 5448 Serenum - ok
21:51:09.0739 5448 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
21:51:09.0739 5448 Serial - ok
21:51:09.0771 5448 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
21:51:09.0771 5448 sermouse - ok
21:51:09.0911 5448 [ A9AF077DDB5AEB97BCC5C41504E27223 ] Serviio C:\Program Files\Serviio\bin\ServiioService.exe
21:51:09.0911 5448 Serviio - ok
21:51:09.0942 5448 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
21:51:09.0958 5448 SessionEnv - ok
21:51:09.0973 5448 [ 8B7C1768D2CDE2E02E09A66563DDFD16 ] SFEP C:\Windows\system32\DRIVERS\SFEP.sys
21:51:09.0973 5448 SFEP - ok
21:51:10.0036 5448 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
21:51:10.0036 5448 sffdisk - ok
21:51:10.0051 5448 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:51:10.0051 5448 sffp_mmc - ok
21:51:10.0067 5448 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
21:51:10.0067 5448 sffp_sd - ok
21:51:10.0083 5448 [ C33BFBD6E9E41FCD9FFEF9729E9FAED6 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
21:51:10.0083 5448 sfloppy - ok
21:51:10.0114 5448 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
21:51:10.0114 5448 SharedAccess - ok
21:51:10.0176 5448 [ 1E3FDB80E40A3CE645F229DFBDFB7694 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:51:10.0176 5448 ShellHWDetection - ok
21:51:10.0239 5448 [ 0E0E7ECAF83F793EFFA080685E24D2DB ] shpf C:\Windows\system32\DRIVERS\shpf.sys
21:51:10.0239 5448 shpf - ok
21:51:10.0270 5448 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
21:51:10.0270 5448 sisagp - ok
21:51:10.0285 5448 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
21:51:10.0285 5448 SiSRaid2 - ok
21:51:10.0301 5448 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
21:51:10.0301 5448 SiSRaid4 - ok
21:51:10.0395 5448 [ 0BA91E1358AD25236863039BB2609A2E ] slsvc C:\Windows\system32\SLsvc.exe
21:51:10.0457 5448 slsvc - ok
21:51:10.0488 5448 [ 7C6DC44CA0BFA6291629AB764200D1D4 ] SLUINotify C:\Windows\system32\SLUINotify.dll
21:51:10.0488 5448 SLUINotify - ok
21:51:10.0535 5448 [ 031E6BCD53C9B2B9ACE111EAFEC347B6 ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:51:10.0535 5448 Smb - ok
21:51:10.0566 5448 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:51:10.0566 5448 SNMPTRAP - ok
21:51:10.0644 5448 [ A1FF7D99B199CEA1F3DF371BA70D2780 ] Sntnlusb C:\Windows\system32\DRIVERS\SNTNLUSB.SYS
21:51:10.0644 5448 Sntnlusb - ok
21:51:10.0675 5448 [ 7B24EFA2A60BA7388FECDA63AB24560A ] SOHCImp C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe
21:51:10.0691 5448 SOHCImp - ok
21:51:10.0691 5448 [ 140FCF5FFAE4EFBA9740A9FD8B49E0BF ] SOHDBSvr C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe
21:51:10.0707 5448 SOHDBSvr - ok
21:51:10.0722 5448 [ D8C244121A06B581B097D9617D94CFF1 ] SOHDms C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDms.exe
21:51:10.0738 5448 SOHDms - ok
21:51:10.0753 5448 [ 2DB561887EA122B946BBE2821473EDD8 ] SOHDs C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe
21:51:10.0753 5448 SOHDs - ok
21:51:10.0769 5448 [ AB9EE246A1EB2C3C7C6CB16E0B9462F7 ] SOHPlMgr C:\Program Files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe
21:51:10.0769 5448 SOHPlMgr - ok
21:51:10.0800 5448 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
21:51:10.0800 5448 spldr - ok
21:51:10.0831 5448 [ 3665F79026A3F91FBCA63F2C65A09B19 ] Spooler C:\Windows\System32\spoolsv.exe
21:51:10.0847 5448 Spooler - ok
21:51:10.0878 5448 [ B2EC3E1DEAC5F0A764BD3486D213A0AF ] SQLBrowser C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
21:51:10.0878 5448 SQLBrowser - ok
21:51:10.0909 5448 [ D2F4F32B59440011174B4F8137AF4E0C ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
21:51:10.0909 5448 SQLWriter - ok
21:51:10.0972 5448 [ 2252AEF839B1093D16761189F45AF885 ] srv C:\Windows\system32\DRIVERS\srv.sys
21:51:10.0972 5448 srv - ok
21:51:11.0034 5448 [ B7FF59408034119476B00A81BB53D5D1 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:51:11.0034 5448 srv2 - ok
21:51:11.0050 5448 [ 2ACCC9B12AF02030F531E6CCA6F8B76E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:51:11.0065 5448 srvnet - ok
21:51:11.0081 5448 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:51:11.0081 5448 SSDPSRV - ok
21:51:11.0143 5448 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:51:11.0143 5448 SstpSvc - ok
21:51:11.0206 5448 [ 7DD08A597BC56051F320DA0BAF69E389 ] stisvc C:\Windows\System32\wiaservc.dll
21:51:11.0206 5448 stisvc - ok
21:51:11.0253 5448 [ C99010707441D2428C90EB8D0069E153 ] StMp3Rec C:\Windows\system32\Drivers\StMp3Rec.sys
21:51:11.0253 5448 StMp3Rec - ok
21:51:11.0268 5448 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
21:51:11.0268 5448 swenum - ok
21:51:11.0284 5448 [ B36C7CDB86F7F7A8E884479219766950 ] swprv C:\Windows\System32\swprv.dll
21:51:11.0284 5448 swprv - ok
21:51:11.0299 5448 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
21:51:11.0315 5448 Symc8xx - ok
21:51:11.0315 5448 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
21:51:11.0315 5448 Sym_hi - ok
21:51:11.0331 5448 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
21:51:11.0346 5448 Sym_u3 - ok
21:51:11.0424 5448 [ 99DA94793332AADBB17BBB521AE56E21 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
21:51:11.0424 5448 SynTP - ok
21:51:11.0455 5448 [ 8710A92D0024B03B5FB9540DF1F71F1D ] SysMain C:\Windows\system32\sysmain.dll
21:51:11.0471 5448 SysMain - ok
21:51:11.0487 5448 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:51:11.0487 5448 TabletInputService - ok
21:51:11.0502 5448 [ 680916BB09EE0F3A6ACA7C274B0D633F ] TapiSrv C:\Windows\System32\tapisrv.dll
21:51:11.0502 5448 TapiSrv - ok
21:51:11.0518 5448 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
21:51:11.0518 5448 TBS - ok
21:51:11.0580 5448 [ 782568AB6A43160A159B6215B70BCCE9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:51:11.0596 5448 Tcpip - ok
21:51:11.0611 5448 [ 782568AB6A43160A159B6215B70BCCE9 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
21:51:11.0611 5448 Tcpip6 - ok
21:51:11.0643 5448 [ D4A2E4A4B011F3A883AF77315A5AE76B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:51:11.0643 5448 tcpipreg - ok
21:51:11.0658 5448 [ 55FE712F574DA1A726AD74B20886A529 ] TcUsb C:\Windows\system32\Drivers\tcusb.sys
21:51:11.0658 5448 TcUsb - ok
21:51:11.0674 5448 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:51:11.0674 5448 TDPIPE - ok
21:51:11.0689 5448 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:51:11.0689 5448 TDTCP - ok
21:51:11.0705 5448 [ D09276B1FAB033CE1D40DCBDF303D10F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:51:11.0705 5448 tdx - ok
21:51:11.0970 5448 [ 0BB489BB768E4131B3EDBAE8FD7AE0B2 ] TeamViewer7 C:\Users\mahnaz\temp\TeamViewer\Version7\TeamViewer_Service.exe
21:51:11.0986 5448 TeamViewer7 - ok
21:51:12.0033 5448 [ A048056F5E1A96A9BF3071B91741A5AA ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
21:51:12.0033 5448 TermDD - ok
21:51:12.0064 5448 [ D605031E225AACCBCEB5B76A4F1603A6 ] TermService C:\Windows\System32\termsrv.dll
21:51:12.0079 5448 TermService - ok
21:51:12.0111 5448 [ 1E3FDB80E40A3CE645F229DFBDFB7694 ] Themes C:\Windows\system32\shsvcs.dll
21:51:12.0111 5448 Themes - ok
21:51:12.0142 5448 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
21:51:12.0157 5448 THREADORDER - ok
21:51:12.0220 5448 [ CB258C2F726F1BE73C507022BE33EBB3 ] TPM C:\Windows\system32\drivers\tpm.sys
21:51:12.0220 5448 TPM - ok
21:51:12.0235 5448 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
21:51:12.0235 5448 TrkWks - ok
21:51:12.0282 5448 [ 16613A1BAD034D4ECF957AF18B7C2FF5 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:51:12.0282 5448 TrustedInstaller - ok
21:51:12.0298 5448 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:51:12.0298 5448 tssecsrv - ok
21:51:12.0313 5448 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
21:51:12.0313 5448 tunmp - ok
21:51:12.0360 5448 [ 6042505FF6FA9AC1EF7684D0E03B6940 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:51:12.0376 5448 tunnel - ok
21:51:12.0407 5448 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
21:51:12.0407 5448 uagp35 - ok
21:51:12.0438 5448 [ 63F6D08C54D5B3C1B12A6172032055C7 ] uCamMonitor C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
21:51:12.0438 5448 uCamMonitor - ok
21:51:12.0469 5448 [ 8B5088058FA1D1CD897A2113CCFF6C58 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:51:12.0469 5448 udfs - ok
21:51:12.0563 5448 [ 3F2D08B07CF67CB37E669A93E59A508C ] ufad-ws60 C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
21:51:12.0579 5448 ufad-ws60 - ok
21:51:12.0610 5448 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:51:12.0610 5448 UI0Detect - ok
21:51:12.0641 5448 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:51:12.0657 5448 uliagpkx - ok
21:51:12.0672 5448 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
21:51:12.0672 5448 uliahci - ok
21:51:12.0688 5448 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
21:51:12.0688 5448 UlSata - ok
21:51:12.0703 5448 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
21:51:12.0703 5448 ulsata2 - ok
21:51:12.0719 5448 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
21:51:12.0719 5448 umbus - ok
21:51:12.0750 5448 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
21:51:12.0750 5448 upnphost - ok
21:51:12.0813 5448 [ A7CD5B4ADEA26765CAB06BDAB7B07B13 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:51:12.0813 5448 usbccgp - ok
21:51:12.0828 5448 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
21:51:12.0828 5448 usbcir - ok
21:51:12.0875 5448 [ 686D4188AE36254C3008B71FEDACADF3 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
21:51:12.0875 5448 usbehci - ok
21:51:12.0891 5448 [ 4E42F665A658F08D153F7FFFE7C83806 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:51:12.0906 5448 usbhub - ok
21:51:12.0922 5448 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
21:51:12.0922 5448 usbohci - ok
21:51:12.0969 5448 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
21:51:12.0969 5448 usbprint - ok
21:51:13.0015 5448 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
21:51:13.0015 5448 usbscan - ok
21:51:13.0031 5448 [ 87BA6B83C5D19B69160968D07D6E2982 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:51:13.0031 5448 USBSTOR - ok
21:51:13.0093 5448 [ 40F95A3D6D50D82F947F1D167C2EC39D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
21:51:13.0093 5448 usbuhci - ok
21:51:13.0140 5448 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
21:51:13.0156 5448 usbvideo - ok
21:51:13.0171 5448 [ 032A0ACC3909AE7215D524E29D536797 ] UxSms C:\Windows\System32\uxsms.dll
21:51:13.0171 5448 UxSms - ok
21:51:13.0218 5448 [ 4E7135D6D0127067E4CFEE12259F895D ] VAIO Entertainment TV Device Arbitration Service C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
21:51:13.0218 5448 VAIO Entertainment TV Device Arbitration Service - ok
21:51:13.0249 5448 [ 73328C784ECFE7072BD102F370076B50 ] VAIO Event Service C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
21:51:13.0249 5448 VAIO Event Service - ok
21:51:13.0296 5448 [ 45A9AE4768840830D0239B52DFDC806A ] VAIO Power Management C:\Program Files\Sony\VAIO Power Management\SPMService.exe
21:51:13.0296 5448 VAIO Power Management - ok
21:51:13.0437 5448 [ 0ED1D51DCEC67F96CC313D02A1741CF3 ] VCFw C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
21:51:13.0452 5448 VCFw - ok
21:51:13.0499 5448 [ 7295A2B5795E7B8AA128E5DF5A29B656 ] VcmIAlzMgr C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
21:51:13.0499 5448 VcmIAlzMgr - ok
21:51:13.0515 5448 [ 69C36D2A7B2169C336D9CE193C9B655E ] VcmXmlIfHelper C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
21:51:13.0530 5448 VcmXmlIfHelper - ok
21:51:13.0530 5448 Vcsw - ok
21:51:13.0546 5448 [ B13BC395B9D6116628F5AF47E0802AC4 ] vds C:\Windows\System32\vds.exe
21:51:13.0561 5448 vds - ok
21:51:13.0593 5448 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:51:13.0593 5448 vga - ok
21:51:13.0593 5448 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
21:51:13.0593 5448 VgaSave - ok
21:51:13.0608 5448 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
21:51:13.0608 5448 viaagp - ok
21:51:13.0624 5448 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
21:51:13.0624 5448 ViaC7 - ok
21:51:13.0639 5448 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
21:51:13.0639 5448 viaide - ok
21:51:13.0702 5448 [ 85A0E62AC295B2958070EBF60CED22BC ] VMAuthdService C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
21:51:13.0702 5448 VMAuthdService - ok
21:51:13.0749 5448 [ 2847315DE9AC17C7FF5FA3059D935C07 ] vmci C:\Windows\system32\Drivers\vmci.sys
21:51:13.0749 5448 vmci - ok
21:51:13.0811 5448 [ AAEEF4444A6C2BB2E741DE684F2A5E56 ] vmkbd C:\Windows\system32\drivers\VMkbd.sys
21:51:13.0811 5448 vmkbd - ok
21:51:13.0873 5448 [ E41704D8149992107B333CC7A52C07CC ] VMnetAdapter C:\Windows\system32\DRIVERS\vmnetadapter.sys
21:51:13.0873 5448 VMnetAdapter - ok
21:51:13.0873 5448 [ 462F2A31EA8B87A28962ACA998DF1869 ] VMnetBridge C:\Windows\system32\DRIVERS\vmnetbridge.sys
21:51:13.0873 5448 VMnetBridge - ok
21:51:13.0905 5448 [ 9FAD0F49EDA6E16EC61BF7DD1A5107B3 ] VMnetDHCP C:\Windows\system32\vmnetdhcp.exe
21:51:13.0905 5448 VMnetDHCP - ok
21:51:13.0936 5448 [ 386234C03F38FA9EAE752F4CCA7C8336 ] VMnetuserif C:\Windows\system32\drivers\vmnetuserif.sys
21:51:13.0936 5448 VMnetuserif - ok
21:51:14.0014 5448 [ AFB10AD9AA91D2F70C9F0E6BDA0D119B ] vmusb C:\Windows\system32\Drivers\vmusb.sys
21:51:14.0014 5448 vmusb - ok
21:51:14.0076 5448 [ 346AF8B2BE7E2E349B0FCA70C55CAC03 ] VMUSBArbService C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
21:51:14.0076 5448 VMUSBArbService - ok
21:51:14.0092 5448 [ D3ECFDBFAFD965AFDAC299DEBE71B4C7 ] VMware NAT Service C:\Windows\system32\vmnat.exe
21:51:14.0107 5448 VMware NAT Service - ok
21:51:14.0185 5448 [ CF8215484F00AE5268A1B3A46DD69E17 ] vmx86 C:\Windows\system32\Drivers\vmx86.sys
21:51:14.0201 5448 vmx86 - ok
21:51:14.0248 5448 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:51:14.0248 5448 volmgr - ok
21:51:14.0279 5448 [ 98F5FFE6316BD74E9E2C97206C190196 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:51:14.0295 5448 volmgrx - ok
21:51:14.0326 5448 [ D8B4A53DD2769F226B3EB374374987C9 ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:51:14.0326 5448 volsnap - ok
21:51:14.0341 5448 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
21:51:14.0341 5448 vsmraid - ok
21:51:14.0482 5448 [ 0BD123313159CB8963D7A0404F7D96A5 ] VSPerfDrv90 C:\Program Files\Microsoft Visual Studio 9.0\Team Tools\Performance Tools\VSPerfDrv90.sys
21:51:14.0497 5448 VSPerfDrv90 - ok
21:51:14.0544 5448 [ D5FB73D19C46ADE183F968E13F186B23 ] VSS C:\Windows\system32\vssvc.exe
21:51:14.0560 5448 VSS - ok
21:51:14.0622 5448 [ 476A052B3CE506ED63A94018F3E979D5 ] vstor2-ws60 C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys
21:51:14.0622 5448 vstor2-ws60 - ok
21:51:14.0763 5448 [ 3D47CC68B2F57796AC12EE2AA8BEE2CF ] VUAgent C:\Program Files\Sony\VAIO Update\VUAgent.exe
21:51:14.0763 5448 VUAgent - ok
21:51:14.0841 5448 [ 79EB419F4A694B4514249E0D3DB16ECF ] VzCdbSvc C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
21:51:14.0841 5448 VzCdbSvc - ok
21:51:14.0856 5448 [ 1CF9206966A8458CDA9A8B20DF8AB7D3 ] W32Time C:\Windows\system32\w32time.dll
21:51:14.0856 5448 W32Time - ok
21:51:14.0903 5448 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
21:51:14.0903 5448 WacomPen - ok
21:51:14.0919 5448 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
21:51:14.0919 5448 Wanarp - ok
21:51:14.0934 5448 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:51:14.0934 5448 Wanarpv6 - ok
21:51:14.0981 5448 [ F3A5C2E1A6533192B070D06ECF6BE796 ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:51:14.0981 5448 wcncsvc - ok
21:51:14.0997 5448 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:51:14.0997 5448 WcsPlugInService - ok
21:51:15.0028 5448 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
21:51:15.0028 5448 Wd - ok
21:51:15.0059 5448 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:51:15.0059 5448 Wdf01000 - ok
21:51:15.0075 5448 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:51:15.0075 5448 WdiServiceHost - ok
21:51:15.0075 5448 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:51:15.0090 5448 WdiSystemHost - ok
21:51:15.0106 5448 [ CF9A5F41789B642DB967021DE06A2713 ] WebClient C:\Windows\System32\webclnt.dll
21:51:15.0106 5448 WebClient - ok
21:51:15.0137 5448 [ 905214925A88311FCE52F66153DE7610 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:51:15.0137 5448 Wecsvc - ok
21:51:15.0168 5448 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:51:15.0168 5448 wercplsupport - ok
21:51:15.0184 5448 [ FD1965AAA112C6818A30AB02742D0461 ] WerSvc C:\Windows\System32\WerSvc.dll
21:51:15.0184 5448 WerSvc - ok
21:51:15.0215 5448 [ 090A2B8F055343815556A01F725F6C35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
21:51:15.0215 5448 WimFltr - ok
21:51:15.0277 5448 [ 5A77AC34A0FFB70CE8B35B524FEDE9BA ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys
21:51:15.0293 5448 winachsf - ok
21:51:15.0355 5448 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
21:51:15.0355 5448 WinDefend - ok
21:51:15.0449 5448 [ 0A597F84BC8AF4229B529F655BB2BA14 ] WinDriver6 C:\Windows\system32\drivers\windrvr6.sys
21:51:15.0449 5448 WinDriver6 - ok
21:51:15.0449 5448 WinHttpAutoProxySvc - ok
21:51:15.0496 5448 [ 00B79A7C984678F24CF052E5BEB3A2F5 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:51:15.0511 5448 Winmgmt - ok
21:51:15.0558 5448 [ 20FC93FDC916843CFDFCAA7A1B0DB16F ] WinRM C:\Windows\system32\WsmSvc.dll
21:51:15.0574 5448 WinRM - ok
21:51:15.0605 5448 [ 275F4346E569DF56CFB95243BD6F6FF0 ] Wlansvc C:\Windows\System32\wlansvc.dll
21:51:15.0621 5448 Wlansvc - ok
21:51:15.0683 5448 [ 94A85E956A065E23E0010A6A7826243B ] WLSetupSvc C:\Program Files\Windows Live\installer\WLSetupSvc.exe
21:51:15.0683 5448 WLSetupSvc - ok
21:51:15.0699 5448 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
21:51:15.0699 5448 WmiAcpi - ok
21:51:15.0730 5448 [ ABA4CF9F856D9A3A25F4DDD7690A6E9D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:51:15.0730 5448 wmiApSrv - ok
21:51:15.0808 5448 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
21:51:15.0823 5448 WMPNetworkSvc - ok
21:51:15.0839 5448 [ 5D94CD167751294962BA238D82DD1BB8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:51:15.0855 5448 WPCSvc - ok
21:51:15.0870 5448 [ 396D406292B0CD26E3504FFE82784702 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:51:15.0870 5448 WPDBusEnum - ok
21:51:15.0933 5448 [ 0CEC23084B51B8288099EB710224E955 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
21:51:15.0933 5448 WpdUsb - ok
21:51:16.0120 5448 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
21:51:16.0120 5448 WPFFontCache_v0400 - ok
21:51:16.0135 5448 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:51:16.0135 5448 ws2ifsl - ok
21:51:16.0167 5448 [ 683DD16B590372F2C9661D277F35E49C ] wscsvc C:\Windows\system32\wscsvc.dll
21:51:16.0167 5448 wscsvc - ok
21:51:16.0167 5448 WSearch - ok
21:51:16.0276 5448 [ 6298277B73C77FA99106B271A7525163 ] wuauserv C:\Windows\system32\wuaueng.dll
21:51:16.0307 5448 wuauserv - ok
21:51:16.0385 5448 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:51:16.0385 5448 WUDFRd - ok
21:51:16.0401 5448 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:51:16.0416 5448 wudfsvc - ok
21:51:16.0432 5448 [ 88AF537264F2B818DA15479CEEAF5D7C ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys
21:51:16.0432 5448 XAudio - ok
21:51:16.0447 5448 [ 15A317674A08DF26BE65164D959E9203 ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe
21:51:16.0447 5448 XAudioService - ok
21:51:16.0525 5448 [ BC861723BF67345DD5EFEED93190655E ] XDS560 C:\Windows\system32\DRIVERS\xds560.sys
21:51:16.0525 5448 XDS560 - ok
21:51:16.0557 5448 [ 1E4FA3DC572F348B2E6F71791871FD6C ] xdsfast1 C:\Windows\system32\xdsfast1.sys
21:51:16.0572 5448 xdsfast1 - ok
21:51:16.0635 5448 [ 6104F397127FEECCCE16BD16CD3843A6 ] XilinxPC4Driver C:\Windows\System32\drivers\xpc4drvr.sys
21:51:16.0635 5448 XilinxPC4Driver - ok
21:51:16.0681 5448 [ 67E3D2AF24C3873E6A0CAC89DE78D63B ] yukonwlh C:\Windows\system32\DRIVERS\yk60x86.sys
21:51:16.0681 5448 yukonwlh - ok
21:51:16.0697 5448 ================ Scan global ===============================
21:51:16.0728 5448 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
21:51:16.0775 5448 [ F42F8855CB5C22E203C6672B124F17FD ] C:\Windows\system32\winsrv.dll
21:51:16.0791 5448 [ F42F8855CB5C22E203C6672B124F17FD ] C:\Windows\system32\winsrv.dll
21:51:16.0822 5448 [ 2B336AB6286D6C81FA02CBAB914E3C6C ] C:\Windows\system32\services.exe
21:51:16.0822 5448 [Global] - ok
21:51:16.0822 5448 ================ Scan MBR ==================================
21:51:16.0837 5448 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
21:51:17.0134 5448 \Device\Harddisk0\DR0 - ok
21:51:17.0134 5448 ================ Scan VBR ==================================
21:51:17.0134 5448 [ 793A1D561BC2FE3A9991FE8A9BF0632F ] \Device\Harddisk0\DR0\Partition1
21:51:17.0134 5448 \Device\Harddisk0\DR0\Partition1 - ok
21:51:17.0165 5448 [ CD306696A0C0B5BB9CA6D8E9B32EF90E ] \Device\Harddisk0\DR0\Partition2
21:51:17.0165 5448 \Device\Harddisk0\DR0\Partition2 - ok
21:51:17.0181 5448 [ C1E5309BBF83C40AEE5CA6A209E9DBD8 ] \Device\Harddisk0\DR0\Partition3
21:51:17.0196 5448 \Device\Harddisk0\DR0\Partition3 - ok
21:51:17.0196 5448 ============================================================
21:51:17.0196 5448 Scan finished
21:51:17.0196 5448 ============================================================
21:51:17.0196 5456 Detected object count: 0
21:51:17.0196 5456 Actual detected object count: 0
21:57:28.0222 1964 Deinitialize success


*****************************************************************************************************


Malwarebyte report :

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.04.27.03

Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 7.0.6001.18000
mahnaz :: MAHNAZ-PC [administrator]

Protection: Disabled

4/27/2013 10:03:56 PM
mbam-log-2013-04-27 (22-03-56).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 229875
Time elapsed: 6 minute(s), 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

*************************************************************************************


Adwcleaner report :



# AdwCleaner v2.202 - Logfile created 04/27/2013 at 22:12:45
# Updated 23/04/2013 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 1 (32 bits)
# User : mahnaz - MAHNAZ-PC
# Boot Mode : Normal
# Running from : C:\Users\mahnaz\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files\Babylon
Folder Deleted : C:\Program Files\Ilivid
Folder Deleted : C:\ProgramData\Speedbit
Folder Deleted : C:\Users\mahnaz\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\mahnaz\AppData\LocalLow\ShoppingReport2
Folder Deleted : C:\Users\mahnaz\AppData\LocalLow\Toolbar4
Folder Deleted : C:\Users\mahnaz\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\@themediafinder.com
Folder Deleted : C:\Users\mahnaz\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ShoppingReport2
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{603C4CC9-5DC6-4C44-873F-8281509DF953}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ShoppingReport2
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FF7C3CF0-4B15-11D1-ABED-709549C10000}
Key Deleted : HKCU\Software\SpeedBit
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A1F1ECD3-4806-44C6-A869-F0DADF11C57C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1460988
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2542127
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3BCF582D-CA87-4C6F-AF3D-B3548A976AB3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{5C9A2304-70A5-11D5-AFB0-0050DAC67890}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{603C4CC9-5DC6-4C44-873F-8281509DF953}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\9908bf61cd0a9b71cdba29662861794c274135443
Key Deleted : HKLM\Software\SpeedBit

***** [Internet Browsers] *****

-\\ Internet Explorer v7.0.6001.18639

[OK] Registry is clean.

-\\ Google Chrome v26.0.1410.64

File : C:\Users\mahnaz\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [5805 octets] - [27/04/2013 22:12:45]

########## EOF - C:\AdwCleaner[S1].txt - [5865 octets] ##########

************************************************************************************************

VEW report :


Vino's Event Viewer v01c run on Windows Vista in English
Report run at 27/04/2013 10:56:36 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 16/06/2010 4:24:26 PM
Type: Error Category: 0
Event: 7 Source: disk
The device, \Device\Harddisk3\DR3, has a bad block.

Log: 'System' Date/Time: 16/06/2010 4:24:26 PM
Type: Error Category: 0
Event: 7 Source: disk
The device, \Device\Harddisk3\DR3, has a bad block.

Log: 'System' Date/Time: 16/06/2010 4:24:27 PM
Type: Error Category: 0
Event: 7 Source: disk
The device, \Device\Harddisk3\DR3, has a bad block.

Log: 'System' Date/Time: 16/06/2010 4:24:27 PM
Type: Error Category: 0
Event: 7 Source: disk
The device, \Device\Harddisk3\DR3, has a bad block.

Log: 'System' Date/Time: 16/06/2010 4:24:27 PM
Type: Error Category: 0
Event: 7 Source: disk
The device, \Device\Harddisk3\DR3, has a bad block.

Log: 'System' Date/Time: 16/06/2010 4:24:27 PM
Type: Error Category: 0
Event: 7 Source: disk
The device, \Device\Harddisk3\DR3, has a bad block.

Log: 'System' Date/Time: 16/06/2010 4:24:29 PM
Type: Error Category: 0
Event: 7 Source: disk
The device, \Device\Harddisk3\DR3, has a bad block.

Log: 'System' Date/Time: 16/06/2010 4:24:29 PM
Type: Error Category: 0
Event: 7 Source: disk
The device, \Device\Harddisk3\DR3, has a bad block.

Log: 'System' Date/Time: 16/06/2010 4:24:29 PM
Type: Error Category: 0
Event: 7 Source: disk
The device, \Device\Harddisk3\DR3, has a bad block.

Log: 'System' Date/Time: 16/06/2010 4:24:29 PM
Type: Error Category: 0
Event: 7 Source: disk
The device, \Device\Harddisk3\DR3, has a bad block.

Log: 'System' Date/Time: 16/06/2010 4:24:31 PM
Type: Error Category: 0
Event: 7 Source: disk
The device, \Device\Harddisk3\DR3, has a bad block.

Log: 'System' Date/Time: 16/06/2010 4:24:31 PM
Type: Error Category: 0
Event: 7 Source: disk
The device, \Device\Harddisk3\DR3, has a bad block.

Log: 'System' Date/Time: 16/06/2010 4:24:31 PM
Type: Error Category: 0
Event: 7 Source: disk
The device, \Device\Harddisk3\DR3, has a bad block.

Log: 'System' Date/Time: 16/06/2010 4:24:31 PM
Type: Error Category: 0
Event: 7 Source: disk
The device, \Device\Harddisk3\DR3, has a bad block.

Log: 'System' Date/Time: 16/06/2010 4:24:32 PM
Type: Error Category: 0
Event: 7 Source: disk
The device, \Device\Harddisk3\DR3, has a bad block.

Log: 'System' Date/Time: 16/06/2010 4:24:32 PM
Type: Error Category: 0
Event: 7 Source: disk
The device, \Device\Harddisk3\DR3, has a bad block.

Log: 'System' Date/Time: 16/06/2010 4:24:32 PM
Type: Error Category: 0
Event: 7 Source: disk
The device, \Device\Harddisk3\DR3, has a bad block.

Log: 'System' Date/Time: 16/06/2010 4:24:32 PM
Type: Error Category: 0
Event: 7 Source: disk
The device, \Device\Harddisk3\DR3, has a bad block.

Log: 'System' Date/Time: 16/06/2010 4:24:34 PM
Type: Error Category: 0
Event: 7 Source: disk
The device, \Device\Harddisk3\DR3, has a bad block.

Log: 'System' Date/Time: 16/06/2010 4:24:34 PM
Type: Error Category: 0
Event: 7 Source: disk
The device, \Device\Harddisk3\DR3, has a bad block.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 16/06/2010 6:26:22 PM
Type: Warning Category: 0
Event: 8004 Source: bowser
A request has been submitted to promote the computer to backup when it is already a master browser.

Log: 'System' Date/Time: 16/06/2010 6:26:52 PM
Type: Warning Category: 0
Event: 8004 Source: bowser
A request has been submitted to promote the computer to backup when it is already a master browser.

Log: 'System' Date/Time: 16/06/2010 6:27:22 PM
Type: Warning Category: 0
Event: 8004 Source: bowser
A request has been submitted to promote the computer to backup when it is already a master browser.

Log: 'System' Date/Time: 16/06/2010 6:27:52 PM
Type: Warning Category: 0
Event: 8004 Source: bowser
A request has been submitted to promote the computer to backup when it is already a master browser.

Log: 'System' Date/Time: 16/06/2010 6:28:52 PM
Type: Warning Category: 0
Event: 8004 Source: bowser
A request has been submitted to promote the computer to backup when it is already a master browser.

Log: 'System' Date/Time: 16/06/2010 6:35:45 PM
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0022FB56369C. The following error occurred: The semaphore timeout period has expired.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 16/06/2010 6:56:21 PM
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0022FB56369C. The following error occurred: The semaphore timeout period has expired.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 16/06/2010 8:38:09 PM
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0022FB56369C. The following error occurred: The semaphore timeout period has expired.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 16/06/2010 9:04:21 PM
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0022FB56369C. The following error occurred: The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 17/06/2010 7:01:16 AM
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0022FB56369C. The following error occurred: The semaphore timeout period has expired.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 17/06/2010 7:03:38 AM
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0022FB56369C. The following error occurred: The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 17/06/2010 7:04:09 AM
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0022FB56369C. The following error occurred: The semaphore timeout period has expired.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 17/06/2010 7:25:13 AM
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0022FB56369C. The following error occurred: The semaphore timeout period has expired.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 17/06/2010 7:26:14 AM
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0022FB56369C. The following error occurred: The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 17/06/2010 7:27:44 AM
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0022FB56369C. The following error occurred: The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 17/06/2010 9:24:20 AM
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0022FB56369C. The following error occurred: The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 17/06/2010 9:24:27 AM
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0022FB56369C. The following error occurred: The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 19/06/2010 2:37:30 PM
Type: Warning Category: 0
Event: 36 Source: Microsoft-Windows-Time-Service
The time service has not synchronized the system time for 86400 seconds because none of the time service providers provided a usable time stamp. The time service will not update the local system time until it is able to synchronize with a time source. If the local system is configured to act as a time server for clients, it will stop advertising as a time source to clients. The time service will continue to retry and sync time with its time sources. Check system event log for other W32time events for more details. Run 'w32tm /resync' to force an instant time synchronization.

Log: 'System' Date/Time: 19/06/2010 2:43:10 PM
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0022FB56369C. The following error occurred: The semaphore timeout period has expired.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

Log: 'System' Date/Time: 19/06/2010 3:21:49 PM
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0022FB56369C. The following error occurred: The semaphore timeout period has expired.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.



*****************************************************************************************

OTL1 (first OTL log) :

OTL logfile created on: 4/27/2013 10:59:01 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\mahnaz\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 0.77 Gb Available Physical Memory | 41.03% Memory free
3.98 Gb Paging File | 2.68 Gb Available in Paging File | 67.35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 244.68 Gb Total Space | 42.63 Gb Free Space | 17.42% Space Free | Partition Type: NTFS
Drive G: | 19.53 Gb Total Space | 2.92 Gb Free Space | 14.95% Space Free | Partition Type: NTFS
Drive H: | 21.48 Gb Total Space | 3.04 Gb Free Space | 14.17% Space Free | Partition Type: NTFS

Computer Name: MAHNAZ-PC | User Name: mahnaz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/04/22 18:11:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\mahnaz\Desktop\OTL.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/11/22 16:08:14 | 001,038,496 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
PRC - [2012/11/22 16:08:12 | 000,957,056 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update\VUAgent.exe
PRC - [2012/03/07 16:40:34 | 000,913,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2012/03/07 16:40:28 | 003,117,344 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2011/12/13 15:06:29 | 002,984,832 | ---- | M] (TeamViewer GmbH) -- C:\Users\mahnaz\temp\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2011/09/14 23:51:29 | 003,241,312 | ---- | M] (Tonec Inc.) -- C:\_OTL\MovedFiles\04272013_193340\C_Program Files\Internet Download Manager\IDMan.exe
PRC - [2010/07/05 00:21:26 | 000,017,408 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2009/10/22 06:00:04 | 000,395,824 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnat.exe
PRC - [2009/10/22 05:59:58 | 000,113,200 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
PRC - [2009/10/22 05:59:48 | 000,334,384 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnetdhcp.exe
PRC - [2009/10/22 04:47:54 | 000,563,760 | ---- | M] (VMware, Inc.) -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2009/05/21 14:28:38 | 000,874,768 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2009/05/21 13:04:14 | 000,473,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2009/02/05 04:31:30 | 000,538,472 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Mode Switch\VMSwitch.exe
PRC - [2009/01/24 22:01:26 | 000,559,656 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2009/01/21 21:37:42 | 000,313,264 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2009/01/21 21:37:42 | 000,192,512 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2009/01/20 04:13:04 | 000,394,536 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
PRC - [2009/01/20 00:19:20 | 000,203,624 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2009/01/20 00:19:20 | 000,112,488 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2009/01/15 01:08:38 | 005,184,872 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
PRC - [2009/01/06 06:34:54 | 000,109,088 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe
PRC - [2008/12/22 11:00:32 | 000,274,432 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Network Utility\LANUtil.exe
PRC - [2008/12/22 09:25:06 | 000,303,104 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Network Utility\NSUService.exe
PRC - [2008/12/20 01:32:08 | 001,771,368 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
PRC - [2008/12/20 01:32:08 | 000,415,592 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe
PRC - [2008/12/18 22:23:50 | 000,317,288 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\ISB Utility\ISBMgr.exe
PRC - [2008/10/29 10:59:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/09/18 22:29:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
PRC - [2008/09/16 23:33:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
PRC - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/01/15 05:43:00 | 000,063,176 | ---- | M] (CANON INC.) -- C:\Windows\System32\CNAC4RPK.EXE
PRC - [2007/01/05 07:18:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe


========== Modules (No Company Name) ==========

MOD - [2013/04/09 13:27:07 | 000,390,096 | ---- | M] () -- C:\Users\mahnaz\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppgooglenaclpluginchrome.dll
MOD - [2013/04/09 13:27:05 | 004,050,896 | ---- | M] () -- C:\Users\mahnaz\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll
MOD - [2013/04/09 13:26:13 | 001,606,096 | ---- | M] () -- C:\Users\mahnaz\AppData\Local\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll
MOD - [2011/12/04 20:04:39 | 001,356,288 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\cac78a264e7ac9299057eb2416c86000\System.WorkflowServices.ni.dll
MOD - [2011/12/04 20:04:00 | 001,706,496 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\5046de252a0e714c78207b5dd01a89bd\System.ServiceModel.Web.ni.dll
MOD - [2011/12/04 19:56:31 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\bf3b757c821a36e6a9c7c1988b39a15d\System.IdentityModel.Selectors.ni.dll
MOD - [2011/12/04 19:56:29 | 001,070,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\3fb6b9b320c78fa02be3fa8ce26b7559\System.IdentityModel.ni.dll
MOD - [2011/12/04 19:56:25 | 002,345,472 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\0393b1448497e28ae9bbfed9be19bd3e\System.Runtime.Serialization.ni.dll
MOD - [2011/12/04 19:56:19 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\06bb41fe681650a017fa2c99e197edf0\SMDiagnostics.ni.dll
MOD - [2011/12/04 19:56:17 | 017,403,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\0dd1924dbe8ac43b923a28409d351619\System.ServiceModel.ni.dll
MOD - [2011/12/04 19:51:40 | 011,800,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0a1195c6b5fab213527364c9e8b26ef0\System.Web.ni.dll
MOD - [2011/12/04 19:50:56 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\aa3e053d433c48e1e8c3f436b4de1ed3\System.Configuration.ni.dll
MOD - [2011/12/04 19:23:23 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll
MOD - [2011/12/04 19:22:15 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll
MOD - [2011/12/04 19:21:33 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll
MOD - [2011/12/04 19:15:30 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll
MOD - [2011/12/04 19:14:40 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2010/07/05 02:02:38 | 000,010,752 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerCOM.dll
MOD - [2010/07/05 02:02:36 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll
MOD - [2010/07/05 00:21:26 | 000,017,408 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
MOD - [2010/06/21 16:45:36 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Diagnostics.ServiceModelSink\3.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Diagnostics.ServiceModelSink.dll
MOD - [2009/04/08 02:24:30 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\SPMDam\3.1.0.6020__1b3c579b6925895f\SPMDam.dll
MOD - [2009/04/08 02:24:29 | 000,086,016 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\SPMCommon\3.1.0.6020__e3c7096ba83f9295\SPMCommon.dll
MOD - [2009/01/20 00:19:22 | 000,010,752 | ---- | M] () -- C:\Program Files\Sony\VAIO Event Service\VESBasePS.dll
MOD - [2008/05/08 09:03:46 | 000,417,792 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\AdobeXMP.dll
MOD - [2007/11/17 03:32:18 | 000,479,232 | R--- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\ccme_base.dll
MOD - [2007/11/17 03:32:18 | 000,401,408 | R--- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\cryptocme2.dll
MOD - [2007/09/20 19:34:58 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Services (SafeList) ==========

SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/11/22 16:08:12 | 000,957,056 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Update\VUAgent.exe -- (VUAgent)
SRV - [2012/09/17 00:22:47 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/09 22:55:48 | 000,279,552 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Serviio\bin\ServiioService.exe -- (Serviio)
SRV - [2012/03/07 16:40:34 | 000,913,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2011/12/13 15:06:29 | 002,984,832 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Users\mahnaz\temp\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/10/22 06:00:04 | 000,395,824 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnat.exe -- (VMware NAT Service)
SRV - [2009/10/22 05:59:58 | 000,113,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2009/10/22 05:59:48 | 000,334,384 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2009/10/22 04:47:54 | 000,563,760 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2009/10/12 15:32:24 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60)
SRV - [2009/05/21 14:28:38 | 000,874,768 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2009/05/21 13:04:14 | 000,473,360 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2009/05/02 15:40:35 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/01/24 22:01:26 | 000,559,656 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/01/21 21:37:44 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2009/01/21 21:37:42 | 000,313,264 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2009/01/21 21:37:42 | 000,192,512 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2009/01/20 23:26:06 | 000,120,104 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2009/01/20 23:22:18 | 000,091,432 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe -- (SOHPlMgr)
SRV - [2009/01/20 23:21:48 | 000,075,048 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2009/01/20 23:21:18 | 000,390,440 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)
SRV - [2009/01/20 23:20:48 | 000,070,952 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe -- (SOHDBSvr)
SRV - [2009/01/20 04:13:04 | 000,394,536 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2009/01/20 00:19:20 | 000,203,624 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2009/01/17 09:29:08 | 000,083,240 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper)
SRV - [2009/01/15 01:08:38 | 005,184,872 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2009/01/08 11:40:32 | 000,114,688 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2009/01/06 06:34:54 | 000,109,088 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe -- (RtkAudioService)
SRV - [2008/12/22 09:25:06 | 000,303,104 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\Network Utility\NSUService.exe -- (NSUService)
SRV - [2008/12/20 01:32:08 | 000,415,592 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV - [2008/09/18 22:29:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2008/09/16 23:33:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)
SRV - [2008/01/21 06:53:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/11/07 08:58:18 | 003,004,416 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90)
SRV - [2007/01/05 07:18:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\mahnaz\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/03/14 09:40:04 | 000,148,504 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfw.sys -- (epfw)
DRV - [2012/03/14 09:40:02 | 000,169,080 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm)
DRV - [2012/03/14 09:40:02 | 000,120,152 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2012/03/14 09:40:02 | 000,050,624 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\epfwwfp.sys -- (epfwwfp)
DRV - [2012/03/14 09:40:02 | 000,033,656 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\EpfwLWF.sys -- (EpfwLWF)
DRV - [2011/10/04 10:14:35 | 000,195,968 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2010/07/26 18:55:42 | 000,068,240 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\idmwfp.sys -- (IDMWFP)
DRV - [2010/04/10 13:59:52 | 000,016,000 | ---- | M] (Xilinx, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\xpc4drvr.sys -- (XilinxPC4Driver)
DRV - [2009/10/22 06:00:46 | 000,853,936 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmx86.sys -- (vmx86)
DRV - [2009/10/22 06:00:44 | 000,070,704 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmci.sys -- (vmci)
DRV - [2009/10/22 06:00:44 | 000,026,288 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV - [2009/10/22 06:00:44 | 000,023,216 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMkbd.sys -- (vmkbd)
DRV - [2009/10/22 04:47:52 | 000,032,304 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hcmon.sys -- (hcmon)
DRV - [2009/10/22 01:13:36 | 000,031,280 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmusb.sys -- (vmusb)
DRV - [2009/10/22 01:13:32 | 000,036,400 | R--- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV - [2009/10/22 01:13:32 | 000,016,560 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2009/10/12 15:31:52 | 000,022,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2009/09/01 22:19:26 | 000,019,584 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\aticir.sys -- (AtiIrRcvr)
DRV - [2009/09/01 22:17:44 | 001,080,832 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atinavrr.sys -- (ATIAVPCI)
DRV - [2009/05/28 22:41:28 | 004,233,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2008/11/25 11:11:52 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
DRV - [2008/11/19 04:38:46 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
DRV - [2008/10/23 04:32:23 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\risdptsk.sys -- (risdptsk)
DRV - [2008/10/23 04:32:02 | 000,068,608 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008/08/26 04:31:46 | 000,023,712 | ---- | M] (Sony Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\shpf.sys -- (shpf)
DRV - [2008/07/08 14:02:48 | 000,029,568 | ---- | M] (Spectrum Digital Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sdusb2em.sys -- (sdusb2em)
DRV - [2008/06/07 04:32:55 | 000,131,000 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2008/04/25 01:36:40 | 000,017,920 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV - [2008/01/25 06:44:25 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2008/01/21 06:53:26 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2007/09/04 16:53:34 | 000,055,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Team Tools\Performance Tools\VSPerfDrv90.sys -- (VSPerfDrv90)
DRV - [2007/07/07 09:11:58 | 000,026,120 | ---- | M] (Rainbow Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SNTNLUSB.SYS -- (Sntnlusb)
DRV - [2007/04/18 07:39:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2006/11/10 16:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
DRV - [2005/09/05 22:30:22 | 000,028,743 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2005/08/16 11:23:10 | 000,038,422 | ---- | M] (Generic) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\StMp3Rec.sys -- (StMp3Rec)
DRV - [2004/10/22 07:58:48 | 000,028,296 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\xds560.sys -- (XDS560)
DRV - [2004/10/22 07:57:40 | 000,006,112 | ---- | M] (Texas Instruments Incorporated) [Kernel | Auto | Running] -- C:\Windows\System32\xdsfast1.sys -- (xdsfast1)
DRV - [2004/10/22 07:57:40 | 000,003,968 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drpkiont.sys -- (drpkiont)
DRV - [2004/05/26 21:56:58 | 000,003,200 | ---- | M] (Altium Limited) [Kernel | Auto | Running] -- C:\Windows\System32\altio.sys -- (altio)
DRV - [2001/03/01 02:15:00 | 000,006,144 | ---- | M] (Erik Salaj) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ioport.sys -- (IOPort)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchPage =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{8E13C345-C393-4DC1-ABDF-503E89EADC4F}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\mahnaz\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\mahnaz\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\mahnaz\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\mahnaz\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012/11/29 22:13:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\mahnaz\AppData\Roaming\IDM\idmmzcc3 [2011/09/15 21:26:21 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Users\mahnaz\AppData\Roaming\IDM\idmmzcc3 [2011/09/15 21:26:21 | 000,000,000 | ---D | M]

[2012/03/29 19:15:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mahnaz\AppData\Roaming\Mozilla\Extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\mahnaz\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\mahnaz\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\mahnaz\AppData\Local\Google\Chrome\Application\26.0.1410.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\mahnaz\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Babylon Chrome Plugin (Enabled) = C:\Users\mahnaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.4_0\BabylonChromePI.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\mahnaz\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\mahnaz\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Users\mahnaz\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\mahnaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\mahnaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Gmail = C:\Users\mahnaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/04/27 21:11:29 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\_OTL\MovedFiles\04272013_193340\C_Program Files\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (Microsoft Web Test Recorder 9.0 Helper) - {E31CE47F-C268-41ba-897B-B415E613947D} - C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO90.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [VMSwitch] C:\Program Files\Sony\VAIO Mode Switch\VMSwitch.exe (Sony Corporation)
O4 - HKCU..\Run: [IDMan] C:\_OTL\MovedFiles\04272013_193340\C_Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKCU..\Run: [NSUFloatingUI] C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download all links with IDM - C:\_OTL\MovedFiles\04272013_193340\C_Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download FLV video content with IDM - C:\_OTL\MovedFiles\04272013_193340\C_Program Files\Internet Download Manager\IEGetVL.htm ()
O8 - Extra context menu item: Download with IDM - C:\_OTL\MovedFiles\04272013_193340\C_Program Files\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Simorgh Client - {afaf756a-600b-48df-a1d1-0a173eb5ec26} - C:\Program Files\Nosa\Simorgh\HTTPClient\SimWinClt.exe (Iran Software & Hardware Co. (NOSA))
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitd...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://ereg.ut.ac.ir/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3216F67A-F1D5-4887-9CF3-41A1042B3CAC}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\textwareilluminatorbase {CE5CD329-1650-414A-8DB0-4CBF72FAED87} - C:\Windows\System32\textwareilluminatorbaseProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - File not found
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Users\mahnaz\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\mahnaz\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 02:13:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe - (Broadcom Corporation.)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Canon LBP5000 Status Window.lnk - - File not found
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Maximum Notifier.lnk - C:\Program Files\Narcis Soft\Maximum\MaxNotifier.exe - (Narcis Electronic publications)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TMMonitor.lnk - C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe - (ArcSoft, Inc.)
MsConfig - StartUpFolder: C:^Users^mahnaz^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Audio Filter.lnk - C:\Program Files\Sony\SonicStage Mastering Studio\Audio Filter\SSMSFilter.exe - (Sony Corporation)
MsConfig - StartUpFolder: C:^Users^mahnaz^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LingvoSoft Talking Dictionary 2008 (English-Persian (Farsi)).lnk - - File not found
MsConfig - StartUpFolder: C:^Users^mahnaz^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig - StartUpFolder: C:^Users^mahnaz^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Serviio.lnk - C:\Program Files\Serviio\bin\ServiioConsole.exe - ()
MsConfig - StartUpReg: ArcSoft Connection Service - hkey= - key= - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Users\mahnaz\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig - StartUpReg: googletalk - hkey= - key= - C:\Users\mahnaz\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig - StartUpReg: Messenger (Yahoo!) - hkey= - key= - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
MsConfig - StartUpReg: ooVoo.exe - hkey= - key= - C:\Program Files\ooVoo\ooVoo.exe (ooVoo LLC)
MsConfig - StartUpReg: RemoteControl11 - hkey= - key= - C:\Program Files\CyberLink\PowerDVD11\PDVD11Serv.exe (CyberLink Corp.)
MsConfig - StartUpReg: uTorrent - hkey= - key= - C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
MsConfig - StartUpReg: vmware-tray - hkey= - key= - C:\Program Files\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
MsConfig - StartUpReg: Web Freer - hkey= - key= - C:\Program Files\WebFreer\webfreer.exe (Appaxy Inc.)
MsConfig - State: "startup" - 2
MsConfig - State: "services" - 2

SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM for Java
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 7.0.0
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 7.0.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: SENTINEL - C:\Windows\System32\SNTI386.DLL ()
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.dvsd - C:\Program Files\Common Files\Sony Shared\VideoLib\sonydv.dll (Sony Corporation)
Drivers32: VIDC.VMnc - C:\Windows\System32\vmnc.dll (VMware, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/04/27 22:27:42 | 000,354,299 | ---- | C] (Farbar) -- C:\Users\mahnaz\Desktop\FSS.exe
[2013/04/27 21:46:14 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\mahnaz\Desktop\tdsskiller.exe
[2013/04/27 21:14:54 | 000,000,000 | ---D | C] -- C:\Users\mahnaz\AppData\Local\temp
[2013/04/27 21:13:47 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/04/27 20:49:00 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/04/27 20:49:00 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/04/27 20:49:00 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/04/27 20:48:56 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013/04/27 20:48:45 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/04/27 20:48:14 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/04/27 20:46:41 | 005,060,715 | R--- | C] (Swearware) -- C:\Users\mahnaz\Desktop\ComboFix.exe
[2013/04/27 19:34:18 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\mahnaz\Desktop\aswMBR.exe
[2013/04/27 19:33:41 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/04/22 19:04:38 | 000,000,000 | --SD | C] -- C:\Users\mahnaz\Documents\My Data Sources
[2013/04/22 18:11:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\mahnaz\Desktop\OTL.exe
[2013/04/21 19:15:02 | 000,000,000 | ---D | C] -- C:\Users\mahnaz\AppData\Roaming\Malwarebytes
[2013/04/21 19:14:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/04/21 19:14:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/04/21 19:14:07 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/04/21 19:14:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/04/18 00:44:08 | 000,000,000 | ---D | C] -- C:\Users\mahnaz\Desktop\bbbb
[2013/04/18 00:31:49 | 000,000,000 | ---D | C] -- C:\Users\mahnaz\Desktop\USB flash drive contents replaced with a single shortcut _ The Captain's Log_files
[2013/04/18 00:31:28 | 002,738,264 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\mahnaz\Desktop\procexp.exe
[2013/04/17 23:59:58 | 000,000,000 | ---D | C] -- C:\Users\mahnaz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
[2013/04/17 23:59:58 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2013/04/14 23:12:46 | 000,000,000 | ---D | C] -- C:\Users\mahnaz\Desktop\ax13.92
[2013/04/01 16:04:55 | 000,000,000 | ---D | C] -- C:\Users\mahnaz\Desktop\mohamad
[5 C:\Users\mahnaz\Desktop\*.tmp files -> C:\Users\mahnaz\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/04/27 23:00:16 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/04/27 22:51:55 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/27 22:51:55 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/27 22:51:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/27 22:51:49 | 2008,064,000 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/27 22:50:48 | 000,015,972 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013/04/27 22:30:02 | 000,000,270 | ---- | M] () -- C:\Windows\tasks\Check Updates for Windows Live Toolbar.job
[2013/04/27 22:27:45 | 000,354,299 | ---- | M] (Farbar) -- C:\Users\mahnaz\Desktop\FSS.exe
[2013/04/27 22:25:45 | 000,061,440 | ---- | M] ( ) -- C:\Users\mahnaz\Desktop\VEW.exe
[2013/04/27 22:24:39 | 000,692,900 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/04/27 22:24:39 | 000,138,400 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/04/27 22:06:01 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3233104117-2109178606-3299732699-1003UA.job
[2013/04/27 21:48:47 | 000,619,461 | ---- | M] () -- C:\Users\mahnaz\Desktop\adwcleaner.exe
[2013/04/27 21:46:26 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\mahnaz\Desktop\tdsskiller.exe
[2013/04/27 21:11:29 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/04/27 20:47:03 | 005,060,715 | R--- | M] (Swearware) -- C:\Users\mahnaz\Desktop\ComboFix.exe
[2013/04/27 20:44:20 | 000,000,512 | ---- | M] () -- C:\Users\mahnaz\Desktop\MBR.dat
[2013/04/27 19:34:40 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\mahnaz\Desktop\aswMBR.exe
[2013/04/25 19:12:54 | 000,001,053 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Canon LBP5000 Status Window.lnk
[2013/04/22 19:06:01 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3233104117-2109178606-3299732699-1003Core.job
[2013/04/22 18:11:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\mahnaz\Desktop\OTL.exe
[2013/04/21 19:14:14 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/17 09:49:28 | 000,144,366 | ---- | M] () -- C:\Users\mahnaz\Desktop\USB flash drive contents replaced with a single shortcut _ The Captain's Log.htm
[2013/04/12 00:10:37 | 000,002,088 | ---- | M] () -- C:\Users\mahnaz\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[5 C:\Users\mahnaz\Desktop\*.tmp files -> C:\Users\mahnaz\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/04/27 22:25:44 | 000,061,440 | ---- | C] ( ) -- C:\Users\mahnaz\Desktop\VEW.exe
[2013/04/27 21:48:40 | 000,619,461 | ---- | C] () -- C:\Users\mahnaz\Desktop\adwcleaner.exe
[2013/04/27 20:49:00 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/04/27 20:49:00 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/04/27 20:49:00 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/04/27 20:49:00 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/04/27 20:49:00 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/04/27 20:44:20 | 000,000,512 | ---- | C] () -- C:\Users\mahnaz\Desktop\MBR.dat
[2013/04/21 19:14:14 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/18 00:31:49 | 000,144,366 | ---- | C] () -- C:\Users\mahnaz\Desktop\USB flash drive contents replaced with a single shortcut _ The Captain's Log.htm
[2013/01/31 13:04:36 | 000,000,034 | ---- | C] () -- C:\Windows\cvavr.ini
[2012/12/29 11:07:44 | 000,000,600 | ---- | C] () -- C:\Users\mahnaz\AppData\Local\PUTTY.RND
[2012/11/10 11:45:38 | 000,053,248 | ---- | C] () -- C:\Windows\System32\HPPMLVS.dll
[2012/08/23 13:03:29 | 000,000,502 | ---- | C] () -- C:\Windows\System32\CNCMFP34.INI
[2012/08/13 14:22:31 | 000,000,063 | ---- | C] () -- C:\Windows\TEXTware.ini
[2012/08/13 14:22:04 | 000,321,024 | ---- | C] () -- C:\Windows\System32\textwareilluminatorbaseProtocol.dll
[2012/08/13 14:22:03 | 000,113,288 | ---- | C] () -- C:\Windows\System32\bass.dll
[2012/08/13 14:22:02 | 000,147,456 | ---- | C] () -- C:\Windows\System32\Twavbx32.dll
[2012/08/13 14:22:02 | 000,018,432 | ---- | C] () -- C:\Windows\System32\TWAIED02.DLL
[2012/08/13 14:21:59 | 000,143,360 | ---- | C] () -- C:\Windows\System32\ILXTBS.DLL
[2012/04/17 21:46:00 | 000,000,411 | ---- | C] () -- C:\Users\mahnaz\Documents - Shortcut (2).lnk
[2012/02/01 13:10:09 | 000,000,042 | ---- | C] () -- C:\Windows\Narcis.INI
[2012/01/07 12:18:34 | 000,000,600 | ---- | C] () -- C:\Users\mahnaz\AppData\Roaming\winscp.rnd
[2011/10/30 16:31:53 | 000,018,410 | ---- | C] () -- C:\Users\mahnaz\report.pdf
[2011/10/30 16:31:53 | 000,003,383 | ---- | C] () -- C:\Users\mahnaz\report.synctex.gz
[2011/10/30 16:29:47 | 000,000,544 | ---- | C] () -- C:\Users\mahnaz\report.dvi
[2011/10/30 16:29:47 | 000,000,009 | ---- | C] () -- C:\Users\mahnaz\report.aux
[2011/10/30 16:29:27 | 000,001,171 | ---- | C] () -- C:\Users\mahnaz\report.tex
[2011/10/27 19:07:15 | 000,044,413 | ---- | C] () -- C:\Users\mahnaz\my first.pdf
[2011/10/27 19:07:14 | 000,000,084 | ---- | C] () -- C:\Users\mahnaz\my first.aux
[2011/10/27 19:06:05 | 000,000,699 | ---- | C] () -- C:\Users\mahnaz\my first.tex
[2011/05/14 23:56:51 | 000,000,411 | ---- | C] () -- C:\Users\mahnaz\Documents - Shortcut.lnk
[2011/05/14 20:50:33 | 000,000,126 | ---- | C] () -- C:\Windows\mdm.ini
[2011/05/14 20:50:27 | 000,000,535 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011/05/13 11:04:31 | 000,006,550 | ---- | C] () -- C:\Windows\jautoexp.dat
[2011/05/11 23:27:51 | 000,001,191 | ---- | C] () -- C:\Users\mahnaz\.opgalaxy7.vr
[2011/02/07 20:22:38 | 000,000,268 | ---- | C] () -- C:\Users\mahnaz\quartus2.ini
[2010/11/13 13:52:01 | 000,000,600 | ---- | C] () -- C:\Users\mahnaz\PUTTY.RND
[2010/05/24 08:43:44 | 000,001,356 | ---- | C] () -- C:\Users\mahnaz\AppData\Local\d3d9caps.dat
[2010/03/01 21:01:08 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/01/23 19:56:04 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/11/04 14:28:10 | 000,029,128 | ---- | C] () -- C:\Users\mahnaz\AppData\Roaming\UserTile.png
[2009/10/24 22:21:39 | 000,000,112 | ---- | C] () -- C:\ProgramData\wrWin.ini
[2009/10/22 11:57:25 | 000,106,496 | ---- | C] () -- C:\Users\mahnaz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2002/01/01 01:22:31 | 024,605,022 | ---- | C] () -- C:\Users\mahnaz\iAUDIO - Who.Let.The.Whores.Out.XXX.DVDrip.XviD-NOGRP.[www.torrentfive.com]1.avi

========== ZeroAccess Check ==========

[2006/11/02 17:24:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011/01/21 20:16:32 | 011,582,464 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/03/03 09:06:24 | 000,615,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/01/21 06:54:03 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: Hitachi HTS543232L9SA00
Partitions: 4
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE1 -
Interface type: IDE
Media Type:
Model: Ricoh SD/MMC Disk Device
Partitions: 0
Status: OK
Status Info: 0

Drive: \\\\.\\PHYSICALDRIVE2 -
Interface type: IDE
Media Type:
Model: Ricoh Memory Stick Disk Device
Partitions: 0
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 12.00GB
Starting Offset: 1048576
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 245.00GB
Starting Offset: 13306429440
Hidden sectors: 0


DeviceID: Disk #0, Partition #2
PartitionType: Extended w/Extended Int 13
Bootable: False
BootPartition: False
PrimaryPartition: False
Size: 21.00GB
Starting Offset: 276032389120
Hidden sectors: 0


DeviceID: Disk #0, Partition #3
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 20.00GB
Starting Offset: 299101061120
Hidden sectors: 0


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\assembly\GAC_32\*.ini >

< %systemroot%\assembly\GAC_64\*.ini >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2012/08/12 22:45:33 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Acapela Group
[2013/03/24 23:52:03 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Adobe
[2012/04/21 20:34:51 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\AlilG
[2013/04/25 00:00:05 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Altium2004_SP4
[2011/04/18 20:09:08 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\ArcSoft
[2010/05/29 20:11:36 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\BitDefender
[2012/08/13 14:22:48 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Cambridge
[2012/08/23 13:23:23 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Canon
[2009/12/04 01:10:33 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\COWON
[2012/01/14 23:12:01 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\CyberLink
[2011/09/10 23:01:16 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Digiarty
[2011/10/30 12:51:32 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\DMCache
[2012/12/14 19:05:55 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\dvdcss
[2012/11/19 22:10:40 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\ESET
[2011/09/14 21:49:07 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\GetRightToGo
[2010/04/26 20:38:14 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Google
[2011/05/30 23:05:56 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\HDI
[2011/01/21 02:46:36 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Helios
[2010/01/13 15:00:59 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Help
[2010/04/10 14:36:06 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\hte
[2009/10/17 22:07:21 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Identities
[2012/09/05 13:05:34 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\IDM
[2012/07/06 22:53:29 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Import Audio from Video
[2009/12/04 11:19:23 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\InstallShield
[2009/10/22 00:39:54 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Intel
[2009/12/04 15:47:05 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\InterVideo
[2009/10/21 23:10:13 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Macromedia
[2013/04/21 19:15:02 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Malwarebytes
[2009/11/27 23:07:48 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\MathWorks
[2006/11/02 17:07:34 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Media Center Programs
[2013/04/22 19:04:38 | 000,000,000 | --SD | M] -- C:\Users\mahnaz\AppData\Roaming\Microsoft
[2011/10/27 19:07:01 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\MiKTeX
[2012/03/29 19:15:43 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Mozilla
[2012/07/11 14:40:12 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Mp3 Audio Editor
[2010/05/03 14:01:36 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\MuPAD
[2010/08/23 21:10:38 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Nero
[2012/01/07 12:49:44 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\NetSarang
[2012/11/30 09:16:34 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Notepad++
[2011/07/19 23:34:49 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\ooVoo Details
[2009/11/04 14:28:10 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\PeerNetworking
[2012/03/01 15:34:12 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\PixelPlanet
[2011/08/16 15:18:36 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Real
[2009/10/22 12:01:08 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Roxio
[2012/11/28 00:53:46 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Samsung
[2010/03/02 14:59:09 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Skype
[2010/03/02 09:08:35 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\skypePM
[2011/02/27 21:49:45 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Sony Corporation
[2010/11/12 20:27:39 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Syntrillium
[2010/10/11 22:57:01 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\SystemRequirementsLab
[2012/02/21 18:55:33 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\TeamViewer
[2010/03/14 23:16:49 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Uniblue
[2012/11/30 23:01:43 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\uTorrent
[2013/04/14 19:42:15 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\vlc
[2013/03/20 14:23:02 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\VMware
[2009/10/19 09:48:48 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\WinRAR
[2012/09/23 23:26:33 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Xilinx
[2011/12/07 17:17:28 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Xilisoft Corporation
[2011/10/27 19:20:20 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\xm1
[2012/11/26 16:01:52 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Yahoo!
[2013/03/18 23:05:48 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\{9824CBCB-329D-487F-97B1-B09FEA68CA6C}
[2013/03/18 23:05:27 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\{AF7B0CE6-0629-4425-9E54-98864D50FAB1}

< MD5 for: ATAPI.SYS >
[2008/01/21 06:53:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\erdnt\cache\atapi.sys
[2008/01/21 06:53:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008/01/21 06:53:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/21 06:53:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 14:19:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: CSRSS.EXE >
[2008/01/21 06:54:54 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=ABCA209EBA02CB59233614DB83B4F50D -- C:\Windows\System32\csrss.exe
[2008/01/21 06:54:54 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=ABCA209EBA02CB59233614DB83B4F50D -- C:\Windows\winsxs\x86_microsoft-windows-csrss_31bf3856ad364e35_6.0.6001.18000_none_58e3e3d7e415ae4c\csrss.exe

< MD5 for: EXPLORER.EXE >
[2008/10/29 10:50:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 10:59:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\erdnt\cache\explorer.exe
[2008/10/29 10:59:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\explorer.exe
[2008/10/29 10:59:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/30 08:29:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2008/10/28 06:45:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/21 06:54:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: MSWSOCK.DLL >
[2008/01/21 06:54:02 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=89FD0595EEA4E505CABEFCF7008F2612 -- C:\Windows\erdnt\cache\mswsock.dll
[2008/01/21 06:54:02 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=89FD0595EEA4E505CABEFCF7008F2612 -- C:\Windows\System32\mswsock.dll
[2008/01/21 06:54:02 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=89FD0595EEA4E505CABEFCF7008F2612 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6001.18000_none_b85357062d4bbe8e\mswsock.dll

< MD5 for: NAPINSP.DLL >
[2008/01/21 06:54:29 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=FC62A635063B762E1C3C60EA77279378 -- C:\Windows\System32\NapiNSP.dll
[2008/01/21 06:54:29 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=FC62A635063B762E1C3C60EA77279378 -- C:\Windows\winsxs\x86_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.0.6001.18000_none_ac1d40c88f30e6c0\NapiNSP.dll

< MD5 for: NLAAPI.DLL >
[2008/01/21 06:53:44 | 000,048,128 | ---- | M] (Microsoft Corporation) MD5=D1A84F7D4CAFCFE2A32149FF418056E5 -- C:\Windows\System32\nlaapi.dll
[2008/01/21 06:53:44 | 000,048,128 | ---- | M] (Microsoft Corporation) MD5=D1A84F7D4CAFCFE2A32149FF418056E5 -- C:\Windows\winsxs\x86_microsoft-windows-nlasvc_31bf3856ad364e35_6.0.6001.18000_none_6785f5c70aea4565\nlaapi.dll

< MD5 for: PNRPNSP.DLL >
[2008/01/21 06:55:26 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=690D41DF1D555F96D4898A0F54EBA065 -- C:\Windows\System32\pnrpnsp.dll
[2008/01/21 06:55:26 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=690D41DF1D555F96D4898A0F54EBA065 -- C:\Windows\winsxs\x86_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.0.6001.18000_none_717f15b322749509\pnrpnsp.dll

< MD5 for: SERVICES.EXE >
[2008/01/21 06:54:48 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\erdnt\cache\services.exe
[2008/01/21 06:54:48 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\System32\services.exe
[2008/01/21 06:54:48 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe

< MD5 for: SVCHOST.EXE >
[2008/01/21 06:53:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\erdnt\cache\svchost.exe
[2008/01/21 06:53:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/21 06:53:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/21 06:54:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\erdnt\cache\userinit.exe
[2008/01/21 06:54:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/21 06:54:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WINLOGON.EXE >
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/01/21 06:54:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\erdnt\cache\winlogon.exe
[2008/01/21 06:54:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008/01/21 06:54:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< MD5 for: WINRNR.DLL >
[2006/11/02 14:16:14 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=FF78B8E67EDCE9FEED651D7858D77A04 -- C:\Windows\System32\winrnr.dll
[2006/11/02 14:16:14 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=FF78B8E67EDCE9FEED651D7858D77A04 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.0.6000.16386_none_571790f3532b2696\winrnr.dll

< MD5 for: WSHELPER.DLL >
[2006/11/02 14:16:14 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=20614C9F12A3A09A5015C9EBBD4419D2 -- C:\Windows\System32\wshelper.dll
[2006/11/02 14:16:14 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=20614C9F12A3A09A5015C9EBBD4419D2 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\wshelper.dll

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\mahnaz\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2013/04/09 13:27:09 | 001,312,720 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\mahnaz\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2013/04/09 13:27:09 | 001,312,720 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\mahnaz\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2013/04/09 13:27:09 | 001,312,720 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\mahnaz\AppData\Local\Google\Chrome\Application\chrome.exe" [2013/04/09 13:27:09 | 001,312,720 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2008/01/21 06:54:17 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2008/01/21 06:54:17 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2008/01/21 06:54:17 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/04/21 19:32:30 | 000,634,648 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\mahnaz\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2013/04/09 13:27:09 | 001,312,720 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\mahnaz\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2013/04/09 13:27:09 | 001,312,720 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\mahnaz\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2013/04/09 13:27:09 | 001,312,720 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\mahnaz\AppData\Local\Google\Chrome\Application\chrome.exe" [2013/04/09 13:27:09 | 001,312,720 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2008/01/21 06:54:17 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2008/01/21 06:54:17 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2008/01/21 06:54:17 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/04/21 19:32:30 | 000,634,648 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemdrive%\$Recycle.Bin|@;true;true;true /fp >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

========== Files - Unicode (All) ==========
[2013/01/26 22:41:41 | 000,023,798 | ---- | C] ()(C:\Users\mahnaz\Desktop\????????.docx) -- C:\Users\mahnaz\Desktop\پرسشنامه.docx
[2012/08/12 22:10:08 | 000,023,798 | ---- | M] ()(C:\Users\mahnaz\Desktop\????????.docx) -- C:\Users\mahnaz\Desktop\پرسشنامه.docx

========== Alternate Data Streams ==========

@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:010ADD2C

< End of report >

******************************************************************************************

Extras (second OTL report):


OTL Extras logfile created on: 4/27/2013 10:59:01 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\mahnaz\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 0.77 Gb Available Physical Memory | 41.03% Memory free
3.98 Gb Paging File | 2.68 Gb Available in Paging File | 67.35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 244.68 Gb Total Space | 42.63 Gb Free Space | 17.42% Space Free | Partition Type: NTFS
Drive G: | 19.53 Gb Total Space | 2.92 Gb Free Space | 14.95% Space Free | Partition Type: NTFS
Drive H: | 21.48 Gb Total Space | 3.04 Gb Free Space | 14.17% Space Free | Partition Type: NTFS

Computer Name: MAHNAZ-PC | User Name: mahnaz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- regedit.exe "%1"
.scr [@ = scrfile] -- "%1" /S
.txt [@ = TXT_File] -- Reg Error: Key error. File not found
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromiumHTML] -- C:\Program Files\WebFreer\webfreer.exe (Appaxy Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- rundll32.exe C:\Windows\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1"
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DisabledInterfaces" = {7159EA8C-F7DE-47F0-921D-F2A7D672CB5D},{976B8E07-7E59-4EC5-A42A-EC91D3193D08},{BD263571-F6DE-41E2-8487-36FC90FE27EA},{3216F67A-F1D5-4887-9CF3-41A1042B3CAC}

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{008684B0-BA3D-4CE9-83D4-C0B1244366CD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{01F71A32-E6CB-4B58-A649-5BFCF68591BE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{04B3B978-0E5C-4771-B42C-7B6A9193B5F8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{0537EE40-276F-4006-A6FC-E8632931C31C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{08FB0A7E-1D45-4D19-B72F-6C9FB0198A36}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{098F1357-79F6-4421-A7EA-C03CAF3D19E1}" = lport=443 | protocol=6 | dir=in | name=oovoo tcp port 443 |
"{0A5C83CD-DEF2-48EB-B2B8-845A8E693202}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{0B58776E-8984-44A0-91F2-040D82B3B0AC}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{0CE63EDD-9C36-4CDB-A8DC-3EB0FDEE0087}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0D532C6F-DCE3-4108-A0D7-2ED0E7225C8C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{0D656938-1009-4FAD-AB08-2D332B3568DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{0E13CA55-0EE1-4F84-9252-440ECB354722}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{10364EE2-634D-45C3-9BD4-4A40003D6B34}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{11D6C3BE-6045-4976-9AAF-D63F58756BF5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{14AFA7BF-D9C6-4B04-B1D4-88D1055E5310}" = lport=37674 | protocol=6 | dir=in | name=oovoo tcp port 37674 |
"{156B305C-F492-4A47-A9A9-B443FB9EBAFF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{196301AC-D942-4C97-B60F-7B6CE7FD45A0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{1B2A46B5-77A1-4011-BAD4-4BAFDCE3141F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{1B760A46-D7BB-46C9-BE7C-2A2E1E254D8B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{1BB4A0DD-4C3D-44C9-9434-C525A6AD7ABC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{1D307767-A5D8-48F3-A90D-F676DA1831A6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1D8136F3-DB11-465A-82E7-D454919F0913}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1EE1F92E-86B6-47F2-8F9D-C0D341E0447E}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{1F9669F0-D468-4B9E-A43A-88101C7A45BD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{226C0438-866E-4F55-9874-A5ABB9B01AA1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{25D3A09E-A51C-4A8C-AD04-7EE17462B1F0}" = lport=2869 | protocol=6 | dir=in | app=system |
"{263617D9-58AB-4434-B6A6-F917CAC8032A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{28D811A5-11D7-4928-BD91-BC34B433F87E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{29462AAC-ED75-4BCF-B8C8-65CE73F2EAF9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{29ADEB17-FD23-40DE-BDAF-75D30DFF1304}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2CAED533-DC16-4F4B-8C5E-FE857D624E14}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2E39B2BF-5BC5-4D43-8D2C-D8FD26B11343}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{31EF931C-0851-48D6-95F2-EABB241A206D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{335FC6C8-BEBA-47D6-8E89-3B684223AF62}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{343057E4-94C8-41C5-B5A3-20EB0DC46907}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{35102C51-D8E2-4582-9F6B-C6A6F0EBC2B2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{37190F8C-B392-49DE-95AC-E1F7F3B207C9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3819C937-AAFA-46B3-8F9E-616EF5E42627}" = lport=2869 | protocol=6 | dir=in | app=system |
"{394995ED-F6D0-4407-A8D7-E042A54C121F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{3B75EE75-6C84-4B61-85C4-DCFA1D541CA1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{3C38F3E8-780F-4D8B-9A31-A5117FC639E5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3D188A27-972A-454A-A99C-8CD87FE5522F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{3ED4615D-D2A1-4F93-AD03-B9B657B2ED3D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{3FC27FE6-035C-4E27-B7BA-47FF041AA99E}" = lport=37674 | protocol=17 | dir=in | name=oovoo udp port 37674 |
"{4372298C-0EA1-4A77-ACCF-F2C2F5F913DC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{44EC53A6-633B-4C04-A572-20515AD1AA00}" = lport=2869 | protocol=6 | dir=in | app=system |
"{48A70670-DCC2-449C-ACCB-0F596D100CC3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{4C82511E-EEEE-42AB-9D7F-5A9D99D57307}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{4C9CF738-B708-4C22-87E4-00B530AAE37A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{4EA644FD-210A-4191-9911-59FE8D56F0F5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4EB64D7F-956F-4068-B72E-2492BECF581C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{4F8E3FC7-CF41-4EF3-8875-3C7F5E3FA0D1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{504DBDEF-89E3-4562-AFBF-759185263726}" = lport=443 | protocol=17 | dir=in | name=oovoo udp port 443 |
"{5152ECF8-7365-4D2E-8AA6-110FBFA89574}" = lport=2869 | protocol=6 | dir=in | app=system |
"{57375B9F-5A98-4F4B-A45E-09060F7DDBF3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{57A0E6F5-046B-4304-ACC2-79E8347B4B05}" = lport=2869 | protocol=6 | dir=in | app=system |
"{59FFB468-06AA-487D-B7D3-123523B41BF8}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5C44E04D-698A-4B86-97DD-AC158E075EA9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5C912BB8-BD62-4E95-99AD-DC013807D5BA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{5FB53B60-55E6-4EB4-B228-E085E367AB62}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{6114DCFC-F3EF-4471-B056-06BC05385611}" = lport=2869 | protocol=6 | dir=in | app=system |
"{628851C7-0383-42C0-854D-AAED234345BC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{6364F638-2544-4161-A52A-9203D3AB6C59}" = lport=2869 | protocol=6 | dir=in | app=system |
"{638BB400-DD63-435A-B955-C89267E6FD35}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{64B62D28-8E57-40E2-B6C1-0859E62CE22D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{65BC5A33-ECCD-4D26-90B3-8ED05B79C4F7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6775D597-9264-44A7-8256-1244D1478A23}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6B1752FF-16DB-422A-B410-AD3D07D877BE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6C654C23-5BE6-4AC2-A8E4-EBB92315FA76}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{6C6F8C66-3C24-4AEC-9E20-D004C4BB1C95}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6EB705A8-63C7-42D2-AE0D-FD53DBB3071F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{71A0FBDA-AC5F-4109-9EBE-EBDBD5087A8E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{73518885-F15C-4B34-BF54-278237215AE0}" = lport=2869 | protocol=6 | dir=in | app=system |
"{772FE1E9-8149-4405-A246-4A94D3159D94}" = lport=2869 | protocol=6 | dir=in | app=system |
"{78CCA86C-01DD-47F7-8B34-A5A70E3FE489}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{791C014B-E542-4507-AD33-39051F43B2C2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{7AA9FE22-84C3-4B56-9505-7F21AFB6A58E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{7B38C402-4C0C-43D8-A285-F703FD10C7BC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7C50F012-1ABF-4D5E-9B00-23ACB03D5A5C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7C7BDD53-53D6-4594-9DF5-7AB5F4A03939}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{7DB19F10-C789-4A10-ADCA-3FFBF575DAE5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7EA3054C-15D2-48EC-BD2C-96933B642566}" = lport=37675 | protocol=17 | dir=in | name=oovoo udp port 37675 |
"{85854BA5-C957-4274-8AB4-015DBF0421FB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{88191B7F-92EF-4518-A339-B06CC567E511}" = lport=2869 | protocol=6 | dir=in | app=system |
"{884361E4-D43B-42B1-ACEC-8A9266AE7B3C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8AB1C3A9-17EE-4B00-B349-3BED12E42D34}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{8AE0CCFE-70F8-4D36-9469-9ED07FE748F2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{8C57EBCC-C09D-41CF-950F-3BDE7294EF99}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8DD3C791-D160-468F-B5E2-D0456D745E8D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8F0A8B72-E0AC-4D22-81FC-AC8EDBB68F5D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{90555581-14E9-4584-BE06-1F2C67555A6C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{90D90F37-C8BB-49BA-BB9C-38D39CA5F90D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{91FAAD1C-E661-4E29-9373-116CF59DF3BC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{93B691EE-E79C-4B49-A489-932EE0B0FA32}" = lport=2869 | protocol=6 | dir=in | app=system |
"{94649015-3196-43F8-ADB2-5E8754EFDED1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{972B5F06-D731-49E8-AB82-24F849A2D5BD}" = lport=2869 | protocol=6 | dir=in | app=system |
"{97D29C79-F867-40C6-AFFD-C65DE2FC01B1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{98C704EB-DFCA-4281-8003-1D4BD7624EF1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{9A667642-8546-46B1-BB46-7B7AD85CD58F}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{9AF4FD92-B86D-4F3A-B423-24D4FED352DE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9F8F7C79-AA4B-445E-89C1-A791F0277C83}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A4D171C0-D875-4D9B-B6A7-23F6FDD0467C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{A64AE9C1-8451-4132-AADE-C030B578DDF1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{A663106E-83A9-46C4-8995-7EFB92347691}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A6EAF772-E80D-4F5D-9D87-89BDC19164BD}" = rport=445 | protocol=6 | dir=out | app=system |
"{A775B79F-3FE5-4117-B114-8502971163BD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{A834ABE0-B8AC-407D-BA3F-A283AF683711}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{A8D7E297-6DB0-47B5-BFB4-EB7ED728AF13}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{ABEC8FF9-B940-483C-B4D8-D0F4CD6F2F38}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{ACDF1590-12E4-442D-A732-EE49DDC3E8CE}" = lport=138 | protocol=17 | dir=in | app=system |
"{ACE06C17-8DDF-4465-9EB5-4BD0707565B6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{B11C5F5F-8EE3-4D5A-9A7A-17288673F4EB}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{B1DBEAF4-3384-470B-8ADF-DF0ECE14A10E}" = rport=139 | protocol=6 | dir=out | app=system |
"{B32317A1-6A45-47E7-BE7A-392A6A35E1C1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{B5EEDA27-73FA-4908-86D3-0C7E2FEF6398}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B6D17E84-A13C-44FD-A0B3-A9A1AB7F74D1}" = lport=445 | protocol=6 | dir=in | app=system |
"{B863CA96-AD0F-4C2C-984A-A454AB8FBF8D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{B90B288E-DDA4-4A99-A085-8D58E5D4073A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BB7C2135-5F2B-4AD4-8574-3A73B25ADE75}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BD8C0F95-0E85-4E83-B052-DC73A74C6BAC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{BDCB09CB-80B9-4F1E-BCB3-C46A6ABDFBD7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C8700DBA-BC26-4BDE-B2D1-82CB1CE83833}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{C9F48640-FADA-493C-952B-F7310B3B8A1B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CBAAE686-43B3-470F-99B4-D2B61B625710}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CBE6F29F-975F-4B9F-9017-B2AF6BE948E1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CC2F2182-F23B-4838-8532-EC637D807FAA}" = rport=137 | protocol=17 | dir=out | app=system |
"{CD73F541-097A-468E-A80F-72A5362F0251}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CE187289-9F1D-4133-AA8F-2A4C98905876}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D086C542-52E9-418F-9AB7-A1D17FCED519}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D135918D-30C6-4F1C-A815-D84F08A3C8B7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{D38F3D3F-1287-4921-8B69-5456AD956A9E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D5EDEA24-A9FE-4B80-BA70-E5B796A60D1A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D6390CCD-211D-41F2-8262-585E3B6955F6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DBDD614B-2CFD-41D5-99C0-DF4D718382BB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{DBE0AAF1-6780-4F7E-99C2-B8058F30586C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{DF265439-4C22-4DBE-8829-8E0DCF20116B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{E37D49B8-9825-46A9-B305-FB24063931B6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E44024BA-684F-4640-B82E-EB4AC22460AC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E48AE047-21F7-4A14-93DB-CA1E9A11BCA2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{E6AD9584-609B-4D1A-B16B-C73AB318E6DE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{E6C6D6CA-00E0-44B9-8D04-B3AB69A80662}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{E7BA31FA-A9FD-4F0B-A76A-6966E2749457}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{E84E5880-CC1A-4E84-B67F-9BC9F929C79F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E872ACF6-4CCA-4968-BD6E-79245D0EB9FF}" = lport=139 | protocol=6 | dir=in | app=system |
"{EC216117-AF2E-4B78-BAAD-F8948CD1837A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{F0218C9D-ACBA-4E38-84DB-8E06908AEFC1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F0D0E2B5-44B4-4633-9FED-FD3DC824D320}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F3F0280A-4113-46BF-89DB-AB406B179CAF}" = lport=137 | protocol=17 | dir=in | app=system |
"{F4830A2C-1FF0-4FB9-BC0C-117C33B7ABBF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{F4860900-F1F2-4963-B589-62BF8337643A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F5BD361F-3374-4DF5-B72B-8709A925C04A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{FA0889EB-215F-4E22-BDF2-8D35A6FAC09B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{FA81C6F3-9A40-4A0C-AA47-B498250EFA25}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FACEDCEC-E3EE-45CF-8218-68F3C0771F61}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{FDED8139-3681-4D98-B21A-CF0824E9212B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{FF066E69-F11C-4273-8DF1-E31E46CB0AB9}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00D89C35-26DA-4A04-A0DB-EC44D5E6B18B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{05053575-F992-4BD5-8070-401D29EA4FEB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{052A718F-CD5E-4CFA-ACB1-2618250ADF0C}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{0656BB4A-D0E4-4F40-85D0-4E4D752FC860}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{07F0999F-4D23-4A71-B94E-AE3335807AB8}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{0881893C-3985-4872-B378-81FE40CA4F79}" = protocol=6 | dir=out | app=system |
"{0B687129-2D5D-4921-ABFB-46BC95CDFE8B}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{0D3C3C1D-DAE8-4494-B768-A89C94192C17}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe |
"{117072D7-ADFC-49C1-B840-AB883AFC0597}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{1336F524-C5DB-4FF2-9F38-7B0CA70A35A9}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{1341E0DC-39C6-41EA-820A-A29BF331CBF1}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{13437F6E-BA15-4869-A403-57AA8DF88ECE}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{13F4CC88-31BD-4DD9-9846-B8E62A174D78}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{14632146-1C04-4090-9146-B656F97263BA}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{148715D1-67AE-424F-A9AF-E358AB69CCF3}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{1670087D-E485-4635-A8E4-A36BA8608693}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{19CC37B4-89A3-4159-8D2C-53A5BC60D4A4}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{1BDBE7D2-6ADB-4F41-B9F1-1ADAF6BDAC73}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{1D3D1DAC-3821-488C-B016-EC92824F5705}" = protocol=17 | dir=in | app=c:\program files\serviio\bin\serviioconsole.exe |
"{1D4BEC34-0717-4A33-ABD1-346D63DE4477}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{1DABC4F9-A313-4E7F-B8FA-E89F491209CA}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{1DE4CDD5-883A-4869-A561-F058DD001A89}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{2258317B-53B7-4EB0-8227-07CF1EC3CFE8}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{24630BF1-BD0A-44B3-BFF6-109CCFD91D82}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{24B4B2EE-384C-4F9C-887B-9DFB43DDF3D4}" = protocol=6 | dir=in | app=c:\program files\webfreer\webfreer.exe |
"{2665AD42-3512-4A3D-B966-AEC76F06C9EB}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{276F34EE-DD4A-4B22-BD13-D6C0F19485F2}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{27BFC5AE-6A6F-41AF-AFC3-CED0339C81CB}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{28F411A8-6F02-432E-9FD6-437FF90673FE}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{296F5682-4068-4F91-B868-6D9AC3C8241E}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{2A2A342F-57A2-4C99-A3F8-740C8C03E456}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{2A2EB5C1-32B0-4C84-B3E5-6D6B21FE0CD1}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{2CC6D0D0-5451-4B23-BEE6-881ADF522066}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{2FB2F581-8E57-4B73-AFF7-E9A4EA4D773D}" = protocol=1 | dir=in | [email protected],-28543 |
"{337C34D2-265C-4AEC-9F75-31D9A6B7550F}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{360A7395-90C3-4E28-86B5-C1281D893557}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{364C3C2C-5251-4223-820D-9ABB7B6700D9}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{36CDE28E-AB69-4990-8194-BEA76DA12CFE}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{3A1F6826-7A7D-46A0-85B6-CE524577C3BF}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{3A820236-B99D-4668-A38E-1F2F686EE967}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{3A9676E6-4345-4420-8D7B-3B514D729099}" = protocol=1 | dir=out | [email protected],-28544 |
"{3ACE19F1-EE31-4308-BF88-7A0E547D511C}" = protocol=6 | dir=in | app=c:\program files\serviio\bin\serviioconsole.exe |
"{3BE757B4-BFAA-4427-94FC-C833041B1F81}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{42C529C3-047A-4AD1-B914-8CCB158D67D6}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{45AEA9A2-6122-4CFF-9211-9D0AC86387A8}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{46386C1D-F8B5-40E8-A632-69AF3A4DBE5B}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{471B0417-A196-4682-8F77-3779C7F447D0}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{4822FC3A-E63D-48FE-874A-AD7EA628B086}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{499B53DA-7595-43D9-BC86-731C701C6085}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{4CC54C0C-F9BF-4B38-BA5C-F7AD9234D807}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{4CC6C2E3-015F-402A-9A56-B91EFED002B8}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{52B75313-CF03-4C86-A839-092D320629FF}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{52BD58BF-D3BE-4971-87D7-005981E68B1A}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{52FFE4B4-B434-4229-9A8F-04D04A8E5E1A}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{53407079-D2F3-400A-9A36-4C8391A835D1}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{548F6D65-3B7B-4391-B119-8DFFA7D4CF0B}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{55BA10AD-77A9-47E0-BD2D-C795BDDEC236}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{56034F4C-A92B-410E-ADCD-79851A1C5308}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{56ADA928-665F-4671-A0EB-C4CEE4D0F5B2}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{56D3E1DF-A8CB-4587-A6D0-4E63483488CC}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{57486F97-4858-475B-B6EA-71E5EFB9A677}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{57545689-BBEC-4175-A749-9876C0132C80}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{59E69DB5-815A-42C2-BA1A-7532A5C0F6D0}" = protocol=6 | dir=in | app=c:\program files\serviio\bin\serviioconsole.exe |
"{5A0A0D36-1CA2-4EEE-B257-89BA047D3B5F}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{5EA5407F-8729-47E0-BF02-B3B8C9735046}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{62CF0BC7-A71B-419B-9A11-68370561CE26}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{63956DF3-12EC-4900-A780-472EBB69A475}" = protocol=6 | dir=in | app=c:\program files\netsarang\xmanager enterprise 3\xmanager.exe |
"{64C7E7B8-0913-4C39-8534-4083C34177F8}" = protocol=17 | dir=in | app=c:\program files\common files\sony shared\sohlib\sohdms.exe |
"{659216CF-5B93-4F9B-B7BC-3D31B3E6A279}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{68D5038E-4DB7-4AD0-BC13-0086EA66624E}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{69A8416B-59BF-426E-9DD7-E49F6B776C6B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{6BA89A39-7952-4994-AB8D-C8C1BB968025}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{6C34BBB1-9483-4667-9B70-100930D20095}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{6D65500A-9759-422A-B89F-42E9203CCB7A}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{6DD397C8-ED14-42F3-AE08-81E1DC007DE2}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{6EA9F3C8-DFAF-4AB9-93B1-2060C78ECF43}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{71767E84-77F6-4725-A233-FE855BC58417}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{7182D321-912E-4BBB-A838-C1C9620943DF}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{72C1A44D-E291-4499-9EC0-DF4313F22F50}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{73CE506F-06F5-4E23-961E-CD3CB3F40B7E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{73FA10C8-C5F5-476A-A820-640E7C3490A4}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{74CB7245-E32C-4435-B39B-E0B821C7E049}" = protocol=6 | dir=in | app=c:\program files\sony\vaio media plus\vmp.exe |
"{7563F072-CF9B-44EC-82FB-DDB2E713E085}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{76E65B4B-B750-43E5-AB1B-C3743B8758F3}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{77C9BB7A-0E64-4301-9A8F-80D6811DF6A7}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{785D1C57-AB33-4801-ACA7-11CDA6EAC965}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{7A6E5A19-3E6C-4C04-88A2-242DD6E02CBF}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{7ABA7E34-8326-44AA-9138-E0EB64997840}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{7B23A094-6DCF-4433-8704-C81A5D29EE4D}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{7BD84810-2251-403E-AAAC-5912641C2BF5}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{81419B74-3E11-49C9-98AB-B465A28C87D4}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{8363B69D-4522-401E-8B9D-BF045BD18214}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{86B5FFC2-3851-49B1-8769-BB93FCB37B67}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{8824E4F9-C2C7-465F-A94D-76B15B49DCE5}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{8887167E-E06F-4622-A0E5-862CBBEFE66A}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{8B614F26-1933-479A-A2DE-CB90D319F056}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{8BFAD199-A12C-4E95-B6D7-0AD63A6FD60A}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{8D16DDCE-F6C0-4FE1-81FD-173B0DABA6F9}" = protocol=6 | dir=in | app=c:\program files\vmware\vmware workstation\vmware-authd.exe |
"{8EB55CCE-CB04-436E-ABAE-6F557B9EC5FF}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{8F855CA2-F9B3-40BC-8DF0-2513D8224CFE}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{8FA3DDA9-A2E9-4114-A8B2-1F58EC8AB902}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{8FE429A4-E49C-4EFC-ABAB-1279D563EFF9}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{901CF0B4-B5BE-4A58-8813-00CC82B6FBF4}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{909B03ED-D1DC-4216-9C9C-9F97F859B704}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{915B9E6C-C9B4-48AA-9DDC-257DFFF1B997}" = protocol=6 | dir=in | app=c:\program files\common files\sony shared\sohlib\sohdms.exe |
"{95329E1F-55D8-4331-9CD5-A7784674FE77}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{9554BC47-C6F7-4851-88CF-29AE7D2700A8}" = protocol=6 | dir=in | app=c:\program files\common files\sony shared\sohlib\sohds.exe |
"{9556BDD1-F199-4CF5-B801-38678A1083E4}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{9704B120-DD94-44C0-B595-218B492C2693}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{97E6A15F-697D-4A02-8143-35AB9DA06CFE}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{9CD75DA7-7650-46C9-8FBF-062738F74E30}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{9E721FE9-0F41-49AB-8F4E-3E5D76238F51}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{9FBA767E-A165-4137-A25C-85BA0FB1FD68}" = protocol=17 | dir=in | app=c:\program files\vmware\vmware workstation\vmware-authd.exe |
"{A02EED78-88EF-4CC8-A2CB-CFF9FE9A36B7}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{A0851893-7C09-462E-83CC-76D2B19CF51D}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{A13B356C-1160-4A7F-AA2E-78741EF8CC8A}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{A6542825-7190-4B60-B012-DC2DC1769081}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{A6A19A94-CC05-4A0D-BD6C-15756A2552E8}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{A75F65A8-94E3-4841-81A2-1AC6CFE7A024}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{A8E406F0-740A-4FCD-9920-139B0BC0A52D}" = protocol=17 | dir=in | app=c:\program files\arcsoft\totalmedia 3.5\totalmedia.exe |
"{AA36F000-36E1-45D2-9FB2-FE30914F62CF}" = protocol=17 | dir=in | app=c:\program files\sony\vaio media plus\vmp.exe |
"{AC8A52C7-F05E-444A-8D41-BF1149FCDD24}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{AD16D62B-9943-4957-A86C-3E7890CB530A}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{AE6141CC-A2CC-4C90-9E5B-89CECF1ACBCB}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{AE6AD336-8B60-4B27-8BE9-C71BD7566454}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{B0DC98FF-D55E-47C4-8B11-819C48EB9D0E}" = protocol=6 | dir=in | app=c:\program files\netsarang\xmanager enterprise 3\xsound.exe |
"{B463CE8C-34BB-4719-B8D3-0D586FFC8555}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{B4AC196E-F363-4F17-8240-044C332B7C4B}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{B5DD8132-9C1B-4569-8E94-6975B1AF1993}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{BAD8A50B-D394-4971-83FA-004ACB8E1314}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{BB03DB2A-DE37-4C02-AF92-60DF43275CB6}" = protocol=58 | dir=in | [email protected],-28545 |
"{BB9E81B7-E365-4418-927F-04310353BEBA}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{BC281800-1476-4138-8343-F8B8AE0844D1}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{BD0C9996-AC5E-4FB4-BE92-6799152E53CC}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{BDF2D946-6AEB-4030-8AAD-00543D3F12E4}" = protocol=6 | dir=in | app=c:\program files\serviio\bin\serviioservice.exe |
"{BEA44C07-A4FB-457F-B799-AC909BF0761F}" = protocol=17 | dir=in | app=c:\program files\netsarang\xmanager enterprise 3\xsound.exe |
"{C0066BF0-F7FA-455D-AE95-53A4BF11F9B7}" = protocol=58 | dir=out | [email protected],-28546 |
"{C059101B-41FC-40E4-B437-2AE2A494F947}" = protocol=17 | dir=in | app=c:\program files\serviio\bin\serviioservice.exe |
"{C1B14A03-9826-4380-8548-89392D58A4CB}" = protocol=6 | dir=in | app=c:\program files\arcsoft\totalmedia 3.5\totalmedia.exe |
"{C248DF13-8C30-4340-B350-E39375A8D3A4}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{C2CB247F-6277-407D-AC7E-D0BFCFDC5FF6}" = protocol=17 | dir=in | app=c:\program files\netsarang\xmanager enterprise 3\xmanager.exe |
"{C64962C9-6CDA-451D-914C-3A90370E291E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{CC00A82C-166B-4AD1-BE0F-766B6FA81952}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{CF9D68AA-3F73-4C12-83C6-1A8CBCB242A0}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{D25B7B0A-05A7-4768-9D80-794BAEB4BE0B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{D350D014-D705-415F-995C-D5BE4B1F5187}" = protocol=17 | dir=in | app=c:\program files\common files\sony shared\sohlib\sohds.exe |
"{D3E3DACF-3946-4B6B-A39C-A53413EE30CD}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{D6716F7F-5314-49D2-B819-C50AD4E9A2A4}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{D6F6C4A2-F8BF-4219-ACD5-3E54B42EEBCE}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{D85D9694-9F61-4F02-A9AA-3DCA8EE15567}" = protocol=6 | dir=in | app=c:\program files\common files\sony shared\sohlib\sohcimp.exe |
"{D86E5C0A-8CDC-4A03-B2EC-980F554DD0DF}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{D92E6013-DA52-4FC3-8FEB-F556E4D62E38}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{DCD3F054-B393-4E79-90EF-0E504172058F}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{DDE083AD-F53F-4C00-A681-447F50DC6D43}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{E04618B6-FCA4-4B75-8BC4-BA64FB2051C4}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{E1104433-5B2C-4B0A-B11D-EF28B1A98B54}" = protocol=17 | dir=in | app=c:\program files\common files\sony shared\sohlib\sohcimp.exe |
"{E3DEB179-832C-4A28-9008-F21633C8FFF1}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{E49B779B-BAB5-447E-88DB-3FD789BD4495}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{E4FD7963-633F-48D5-8B69-5040075AE2BC}" = protocol=17 | dir=in | app=c:\program files\webfreer\webfreer.exe |
"{E6BADA9D-8770-4ED1-AD9A-49B9DA269669}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{E6F2EC8F-A4F4-4E6C-B53E-B98ABFC7F8DE}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{E87DC5DF-5834-4776-A19E-C84864EEE7ED}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{EAF3D6C0-CB75-44BF-ACF6-1B3F2971B6D1}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{EBB6728F-C6CC-4086-ACA1-C34263DE8EEC}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{F0201256-CFD4-4646-A641-BB358C690BAF}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{F2E3CB18-FFB7-4A20-A4BF-483F1C2A5811}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{F8E68BA8-1906-4BFD-BC8E-E28FADBE28C7}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{FB6E6DEC-952A-4884-9F3E-FF0C0C03A6BC}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{FE097A48-62A5-45D8-A9CA-E8EB89D4E36B}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{FE9BA991-7189-4DCA-8369-FD2D4733AF61}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"TCP Query User{02D71B48-D259-4AAC-97E7-4DC1D3158351}C:\program files\microsoft visual studio\common\tools\vs-ent98\vanalyzr\varpc.exe" = protocol=6 | dir=in | app=c:\program files\microsoft visual studio\common\tools\vs-ent98\vanalyzr\varpc.exe |
"TCP Query User{2B13C5DD-52DA-4809-AE4B-8B68F1588927}C:\xilinx\12.1\ise_ds\ise\bin\nt\unwrapped\isimgui.exe" = protocol=6 | dir=in | app=c:\xilinx\12.1\ise_ds\ise\bin\nt\unwrapped\isimgui.exe |
"TCP Query User{3427AA58-6F0E-4E39-9407-13EAE80F44CA}C:\ccstudio_v3.3\cc\bin\tracecompmgr.exe" = protocol=6 | dir=in | app=c:\ccstudio_v3.3\cc\bin\tracecompmgr.exe |
"TCP Query User{3DB56187-B14D-463A-8BD7-CAED3AAD68A4}C:\program files\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files\oovoo\oovoo.exe |
"TCP Query User{3FAB983E-BEEE-481F-8FF4-DBBCDF93D7FD}C:\program files\www.cproxy.com\cproxy.exe" = protocol=6 | dir=in | app=c:\program files\www.cproxy.com\cproxy.exe |
"TCP Query User{3FC22C97-DFFB-41DE-BF22-0237E471846D}H:\برنامه\u96b.exe" = protocol=6 | dir=in | app=h:\برنامه\u96b.exe |
"TCP Query User{4BDB5AED-546D-4CC4-B613-A76A240C43B3}C:\users\mahnaz\documents\downloads\programs\fg731p.exe" = protocol=6 | dir=in | app=c:\users\mahnaz\documents\downloads\programs\fg731p.exe |
"TCP Query User{4EEAA039-B59A-4B7B-B723-8B795D02D281}C:\ccstudio_v3.3\cc\bin\traceserver.exe" = protocol=6 | dir=in | app=c:\ccstudio_v3.3\cc\bin\traceserver.exe |
"TCP Query User{58863848-36A4-4316-8439-0155140680A2}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{5929CF9E-7390-4DDF-A2E8-EB67D2BDD717}G:\software\utorrent.exe" = protocol=6 | dir=in | app=g:\software\utorrent.exe |
"TCP Query User{72FCC0D5-E1AC-4ECA-808D-01F997693EC0}C:\ccstudio_v3.3\cc\bin\tracecntrl.exe" = protocol=6 | dir=in | app=c:\ccstudio_v3.3\cc\bin\tracecntrl.exe |
"TCP Query User{737DB182-1EDE-44BA-97F5-5AD833CA4E0F}C:\program files\dap\dap.exe" = protocol=6 | dir=in | app=c:\program files\dap\dap.exe |
"TCP Query User{7B4394C1-D0E3-4974-A317-23F5F655A445}C:\program files\puff\puff.exe" = protocol=6 | dir=in | app=c:\program files\puff\puff.exe |
"TCP Query User{8FB2F076-AFBB-4E59-A113-2BA65B13D356}C:\lord\irantv\irantv.exe" = protocol=6 | dir=in | app=c:\lord\irantv\irantv.exe |
"TCP Query User{93E1FE97-AAA8-4C84-95A3-C4398B8CF115}C:\program files\puff\puff.exe" = protocol=6 | dir=in | app=c:\program files\puff\puff.exe |
"TCP Query User{999FAF85-BFC6-4DCC-B264-16C12C84BD3E}C:\users\mahnaz\desktop\u96c.exe" = protocol=6 | dir=in | app=c:\users\mahnaz\desktop\u96c.exe |
"TCP Query User{A16A41A9-860D-4789-917B-C5FDA66D86AB}C:\program files\opnet\14.5.a\sys\pc_intel_win32\bin\modeler.exe" = protocol=6 | dir=in | app=c:\program files\opnet\14.5.a\sys\pc_intel_win32\bin\modeler.exe |
"TCP Query User{BEAB8CBB-0190-4278-AEBF-AACA4B29E34B}C:\ccstudio_v3.3\cc\bin\cc_app.exe" = protocol=6 | dir=in | app=c:\ccstudio_v3.3\cc\bin\cc_app.exe |
"TCP Query User{E63CD1B2-2B5D-431B-BEF2-025BFFAE4CCD}C:\program files\altium2004\dxp.exe" = protocol=6 | dir=in | app=c:\program files\altium2004\dxp.exe |
"TCP Query User{E9EF3D3F-C2FA-4BF7-9FE2-84849F0ADA88}C:\program files\progdvb\progdvbnet.exe" = protocol=6 | dir=in | app=c:\program files\progdvb\progdvbnet.exe |
"TCP Query User{F26079EB-8B0B-46C0-A874-A73E0A848319}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{0A2B037A-1BFE-401C-912E-EE5FC163B4CD}C:\program files\altium2004\dxp.exe" = protocol=17 | dir=in | app=c:\program files\altium2004\dxp.exe |
"UDP Query User{0F81F38C-E9CE-4DE6-AA44-4E28A3DDD646}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{10696A6C-B7B5-462E-B685-E19E68A32D5A}C:\program files\microsoft visual studio\common\tools\vs-ent98\vanalyzr\varpc.exe" = protocol=17 | dir=in | app=c:\program files\microsoft visual studio\common\tools\vs-ent98\vanalyzr\varpc.exe |
"UDP Query User{1C39FF94-CF4B-4B14-98E3-328B4CB176D5}C:\program files\dap\dap.exe" = protocol=17 | dir=in | app=c:\program files\dap\dap.exe |
"UDP Query User{3C1CB9B2-9D56-4BE9-9596-58D77B02AA59}C:\lord\irantv\irantv.exe" = protocol=17 | dir=in | app=c:\lord\irantv\irantv.exe |
"UDP Query User{42126146-0B5D-431C-97D1-3EE8C904CA99}C:\program files\progdvb\progdvbnet.exe" = protocol=17 | dir=in | app=c:\program files\progdvb\progdvbnet.exe |
"UDP Query User{4B173EA1-412A-4E2D-B20D-A2BCB0BFBAC8}C:\ccstudio_v3.3\cc\bin\tracecntrl.exe" = protocol=17 | dir=in | app=c:\ccstudio_v3.3\cc\bin\tracecntrl.exe |
"UDP Query User{55E52353-8D10-49F5-A33C-1A74EA0A7E70}H:\برنامه\u96b.exe" = protocol=17 | dir=in | app=h:\برنامه\u96b.exe |
"UDP Query User{5737DC36-D992-4CDA-9F99-71B1FB481B1F}G:\software\utorrent.exe" = protocol=17 | dir=in | app=g:\software\utorrent.exe |
"UDP Query User{63F96406-345D-4B4B-A3E8-ECA161057EEE}C:\users\mahnaz\desktop\u96c.exe" = protocol=17 | dir=in | app=c:\users\mahnaz\desktop\u96c.exe |
"UDP Query User{6457E261-7859-44B5-A665-79667BCF19B0}C:\ccstudio_v3.3\cc\bin\cc_app.exe" = protocol=17 | dir=in | app=c:\ccstudio_v3.3\cc\bin\cc_app.exe |
"UDP Query User{6ED6A0F8-3384-45CE-B61F-E9FEF14F5603}C:\ccstudio_v3.3\cc\bin\traceserver.exe" = protocol=17 | dir=in | app=c:\ccstudio_v3.3\cc\bin\traceserver.exe |
"UDP Query User{7610EB79-48F9-4388-80FD-33C643495CF0}C:\program files\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files\oovoo\oovoo.exe |
"UDP Query User{8687FE0D-19F8-4093-960D-A0070AAC3A0C}C:\program files\www.cproxy.com\cproxy.exe" = protocol=17 | dir=in | app=c:\program files\www.cproxy.com\cproxy.exe |
"UDP Query User{999F546B-3A58-4732-B0E7-CE4237B8575A}C:\program files\puff\puff.exe" = protocol=17 | dir=in | app=c:\program files\puff\puff.exe |
"UDP Query User{9BB3E184-3813-405F-979C-7EC1D1EAA6DF}C:\program files\puff\puff.exe" = protocol=17 | dir=in | app=c:\program files\puff\puff.exe |
"UDP Query User{A191A3A2-91AE-4C68-A154-45FEB609201F}C:\users\mahnaz\documents\downloads\programs\fg731p.exe" = protocol=17 | dir=in | app=c:\users\mahnaz\documents\downloads\programs\fg731p.exe |
"UDP Query User{A501EFDE-264C-4A63-AA65-563400122736}C:\ccstudio_v3.3\cc\bin\tracecompmgr.exe" = protocol=17 | dir=in | app=c:\ccstudio_v3.3\cc\bin\tracecompmgr.exe |
"UDP Query User{A5482CC0-3BB4-44DA-86C0-A0577F552F54}C:\xilinx\12.1\ise_ds\ise\bin\nt\unwrapped\isimgui.exe" = protocol=17 | dir=in | app=c:\xilinx\12.1\ise_ds\ise\bin\nt\unwrapped\isimgui.exe |
"UDP Query User{DE74B810-5C3B-4B5E-91B3-3DE5615D9066}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{E8123237-341B-47CC-BB1C-060932BAEC04}C:\program files\opnet\14.5.a\sys\pc_intel_win32\bin\modeler.exe" = protocol=17 | dir=in | app=c:\program files\opnet\14.5.a\sys\pc_intel_win32\bin\modeler.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
"{046885A1-B4AE-4459-A0D1-8C93706698D6}" =
"{05EC21B8-4593-3037-A781-A6B5AFFCB19D}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
"{068F037B-2723-48E3-85F1-4D7D93A29D2A}" = VAIO Content Metadata Intelligent Analyzing Manager
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{105CFC7C-6992-11D5-BD9D-000102C10FD8}" = Lizardtech DjVu Control
"{13C4E8F0-B747-4C7C-9090-884832F9F90A}" = Proteus 7 Professional
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail
"{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{2018C019-30D9-4240-8C01-0865C10DCF5A}" = VAIO Presentation Support
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"{20E36B2C-C273-4686-A4F7-F617C406483A}" = Code Composer Studio v3.3
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting
"{241F2BF7-69EB-42A4-9156-96B2426C7504}" = Microsoft SQL Server Compact 3.5 for Devices ENU
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{2878C3C9-9D91-430F-8F50-885BB23DB001}" = VAIO Content Folder Watcher
"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
"{29E44E9D-ACB2-4D2D-849F-5361C941B7E1}" = ArcSoft TotalMedia 3.5
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}" = Windows Live Photo Gallery
"{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}" = Microsoft SQL Server Compact 3.5 Design Tools ENU
"{327B75F0-92AF-420A-988F-FA596A218E0B}" = VAIO Content Folder Watcher
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3B659FAD-E772-44A3-B7E7-560FF084669F}" = VAIO Smart Network
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{44260653-FD5A-4F8F-9C0C-654E597E9651}" = Topsis Solver 2012
"{47A2CE5C-EA1F-4F58-8A0A-9452CBA795CD}" = Click to Disc
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{52B3D4A3-6AF9-4A9E-9E90-6228408764D6}" = VAIO Edit Components
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy Media Creator 10 LJ
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic
"{5F5867F0-2D23-4338-A206-01A76C823924}" = VAIO Power Management
"{60D9F236-09FD-4A22-BBD4-4775D3EAF5FE}" = Nosa Simorgh HTTP Client For Windows Version 6.02
"{6332AFF1-9D9A-429C-AA03-F82749FA4F49}" = SonicStage Mastering Studio
"{64c5b887-b5ee-42b8-8596-78905a6b5f1f}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
"{64DBE9FE-A07D-41A0-B81A-8D416D9647FF}" = VAIO Content Folder Watcher
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{6767DFEE-8909-453A-B553-C7693912B2EB}" = Canon MF Toolbox 4.9.1.1.mf09
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6BF03C88-C06A-48DC-B9A1-FE72B24E5FA9}" = VAIO Media plus Opening Movie
"{6C9F6D23-E9AD-43C9-B43A-011562AAF876}" = Windows Mobile 5.0 SDK R2 for Pocket PC
"{6EB6A82E-4918-481F-9AF8-3129E6D29B7E}" = Sony Home Network Library
"{7010F660-F97B-4565-9BA2-F985FFFB42B1}" = VAIO Mode Switch
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{72EEB695-388B-4835-8EA6-0C04545B06B9}" = Intel® PROSet/Wireless WiFi Software
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-i Visual Effects 2
"{80C06CCD-7D07-3DB6-86CD-B57B3F0614D8}" = Microsoft Visual Studio Team System 2008 Team Suite - ENU
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{85AF94EC-55DE-452A-8FD7-C34E598B3F1F}" = Adobe Premiere Elements 7.0 Templates
"{8B056B29-E35C-4F8C-BB75-F123C1200709}" = HSPICE A-2007.09
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
"{90120000-0021-0409-0000-0000000FF1CE}_VisualWebDeveloper_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}_VISPRO_{519D9F45-CBF4-4E57-B419-11F196CCA8AE}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{9176251A-4CC1-4DDB-B343-B487195EB397}" = Windows Live Writer
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}" = Windows Mobile 5.0 SDK R2 for Smartphone
"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" =
"{991C37B9-7034-43EF-A1A9-63AA0E04BAAF}" = Xmanager Enterprise 3
"{9973498D-EA29-4A68-BE0B-C88D6E03E928}" = ArcSoft WebCam Companion 2
"{99A5569D-9F86-4f32-A227-1538B731DA42}" = Canon MF4320-4350
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.2
"{9C1C8A04-F8CA-4472-A92D-4288CE32DE86}" = SonicStage Mastering Studio Plugins
"{9D12A8B5-9D41-4465-BF11-70719EB0CD02}" = VU5x86
"{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}" = VAIO Update
"{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" = VMware Workstation
"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Function Setting
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1" = VDownloader 2.7.322
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A9D3D707-4A1A-4227-BE6E-F16448B4CB63}" = VAIO Entertainment Platform
"{AA171A69-F942-40DA-AE3A-EA91026A1CAE}" = VAIO Manual
"{AA467959-A1D6-4F45-90CD-11DC57733F32}" = Crystal Reports Basic for Visual Studio 2008
"{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris
"{AC76BA86-7AD7-1033-7B44-A90100000001}" = Adobe Reader 9.0.1
"{ADD72094-D289-4714-A62E-70574478A2BC}" = System Requirements Lab for Intel
"{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k
"{AFC0E60E-3A68-4381-B762-E5C2F0E2ABC3}" = SD CCS 3.3 Emulation Drivers
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B268E9A1-04A9-40D0-9866-846BE2B74BA7}" = Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B32E7732-B2FB-3FD0-81AC-6025B1104C66}" = Microsoft Device Emulator version 3.0 - ENU
"{B608DEB4-98BE-46C4-A750-CC10C9E0AE13}" = DXP 2004
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B7C03E84-AF46-42F4-809D-D4127D9086D0}" = VAIO Edit Components 6.5
"{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{BDD0DD35-76E9-4DDA-84B3-B9E6E7C5B4DB}" = ModelSim-Altera 6.4a (Quartus II 9.0) Starter Edition
"{BFD85D24-D4F3-4CCC-B518-D7C4FC29C76D}" = VAIO Content Metadata Intelligent Analyzing Manager
"{C1555BC5-88B1-466B-BC79-062B5715DF92}" = VAIO Content Metadata XML Interface Library
"{C62AEA0E-90B0-4049-9780-8499A18A34D7}" = VAIO Content Metadata Manager Setting
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}" = Microsoft Windows SDK for Visual Studio 2008 Tools
"{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0
"{CCF13D13-A87B-34E8-B689-1896D0C2DBA2}" = Google Talk Plugin
"{CD7E6232-D41D-4E5B-ABE1-0264B6260309}" = VAIO Content Metadata Intelligent Analyzing Manager
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Music Transfer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D03D02D8-AB64-4785-A48E-5AA8B0FB8C14}" = Sony Home Network Library
"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
"{D239B547-8B20-4BDE-888D-C9CCA823FFD8}" = WIDCOMM Bluetooth Software
"{D564B5E2-CCB5-4A5C-B35E-2FC30BBC9336}" = Adobe Premiere Elements 7.0
"{D5A145FC-D00C-4F1A-9119-EB4D9D659750}" = Windows Live Toolbar
"{D7DAD1E4-45F4-3B2B-899A-EA728167EC4F}" = Microsoft Visual Studio 2008 Professional Edition - ENU
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{DEF97A70-C67D-41E1-837C-6462C97A6F65}" = OpenMG Secure Module 5.3.00
"{DF7DB916-90E5-40F2-9010-B8125EB5FD6F}" = SonicStage Mastering Studio Audio Filter
"{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = COWON Media Center - jetAudio Basic VX
"{E3453B1B-C91B-4C48-B046-8DF635DD46F2}" = VAIO Content Metadata XML Interface Library
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster 2010
"{EADE97A7-E7AA-43FD-A042-92A68E0187A6}" = VAIO Content Metadata Manager Setting
"{EB3F5C2A-0754-38B8-8722-7B537006BF46}" = Microsoft Visual Studio 2008 Performance Collection Tools - ENU
"{EC37A846-53AC-4DA7-98FA-76A4E74AA900}" = SonicStage Mastering Studio Audio Filter Custom Preset
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2
"{EF181DC1-0ECB-4546-9772-C3C3F58E5747}" = ESET Smart Security
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" =
"{F6234880-85BE-4DCB-8A45-1FF85A1A8552}" = SmartSound Quicktracks for Premiere Elements
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Easy Media Creator Home
"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0
"AliNEGAR 1.0.3.3" = AliNEGAR 1.0.3.3
"Altium Designer 2004 Service Pack 3" = Altium Designer 2004 Service Pack 3
"Altium Designer 2004 Service Pack 3 IntLib" = Altium Designer 2004 Service Pack 3 IntLib
"Altium Designer 2004 Service Pack 4" = Altium Designer 2004 Service Pack 4
"Altium Designer 2004 Service Pack 4 IntLib" = Altium Designer 2004 Service Pack 4 IntLib
"Autorun Virus Remover_is1" = Autorun Virus Remover 2.3
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"Cambridge Advanced Learner's Dictionary" = Cambridge Advanced Learner's Dictionary
"Canon LBP5000" = Canon LBP5000
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"CodeVisionAVR C Compiler" = CodeVisionAVR C Compiler
"Cool Edit Pro 2.1" = Cool Edit Pro 2.1
"Data Access Objects (DAO) 3.5" = Data Access Objects (DAO) 3.5
"DXP2004 Service Pack 2" = DXP2004 Service Pack 2
"DXP2004 SP2 Integrated Libraries" = DXP2004 SP2 Integrated Libraries
"E79249BF35C19B6C848052C01F208F628798C193" = Windows Driver Package - LASAK UK LTD HDCS (15/8/2010 1.0.24.1)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"HDMI" = Intel® Graphics Media Accelerator Driver
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"InstallShield_{7C551361-A18D-49A9-A916-F8DFBBDCB6D9}" = Smart TV Hybrid Pro v6.14.10.389 32bit Vista
"InstallShield_{991C37B9-7034-43EF-A1A9-63AA0E04BAAF}" = Xmanager Enterprise 3
"InstallShield_{DEF97A70-C67D-41E1-837C-6462C97A6F65}" = OpenMG Secure Module 5.3.00
"InstallShield_{F6234880-85BE-4DCB-8A45-1FF85A1A8552}" = SmartSound Quicktracks for Premiere Elements
"Internet Download Manager" = Internet Download Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"MatlabR2009a" = MATLAB R2009a
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Studio 2008 Professional Edition - ENU" = Microsoft Visual Studio 2008 Professional Edition - ENU
"Microsoft Visual Studio Team System 2008 Team Suite - ENU" = Microsoft Visual Studio Team System 2008 Team Suite - ENU
"MiKTeX 2.9" = MiKTeX 2.9
"Mp3 Audio Editor" = Mp3 Audio Editor
"MsJavaVM" = Microsoft VM for Java
"MuVo Driver" = Creative Mass Storage Drivers
"Notepad++" = Notepad++
"PremElem70" = Adobe Premiere Elements 7.0
"PremElem70Templates" = Adobe Premiere Elements 7.0 Templates
"ProInst" = Intel PROSet Wireless
"Rainbow Sentinel Driver" = Sentinel System Driver
"Recover My Files_is1" = Recover My Files
"Serviio" = Serviio
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Texmaker" = Texmaker
"The KMPlayer" = The KMPlayer (remove only)
"Unlocker" = Unlocker 1.9.1
"uTorrent" = µTorrent
"VISPRO" = Microsoft Office Visio Professional 2007
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"VLC media player" = VLC media player 2.0.3
"VMware_Workstation" = VMware Workstation
"WebFreer" = Web Freer
"WebPost" = Microsoft Web Publishing Wizard 1.53
"Windows Live Toolbar" = Windows Live Toolbar
"WinRAR archiver" = WinRAR archiver
"Xilisoft Video Converter Ultimate" = Xilisoft Video Converter Ultimate
"XingMPEG Encoder" = XingMPEG Encoder
"XingMPEG Player" = XingMPEG Player
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 6/22/2011 9:30:26 AM | Computer Name = mahnaz-PC | Source = Application Error | ID = 1000
Description = Faulting application cc_app.exe, version 5.98.0.219, time stamp 0x457d056a,
faulting module ntdll.dll, version 6.0.6001.22777, time stamp 0x4cb72ffe, exception
code 0xc0000005, fault offset 0x0003cdca, process id 0x140, application start time
0x01cc30baf5fb9650.

Error - 6/22/2011 3:54:43 PM | Computer Name = mahnaz-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 7.0.6001.18639 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1c70 Start Time: 01cc31152c55cae0 Termination Time: 15

Error - 6/24/2011 12:18:06 AM | Computer Name = mahnaz-PC | Source = Application Error | ID = 1000
Description = Faulting application ACService.exe, version 1.1.0.47, time stamp 0x4ba1976d,
faulting module ACService.exe, version 1.1.0.47, time stamp 0x4ba1976d, exception
code 0xc0000005, fault offset 0x00007aea, process id 0x904, application start time
0x01cc3225b7985548.

Error - 6/24/2011 12:20:21 AM | Computer Name = mahnaz-PC | Source = WinMgmt | ID = 10
Description =

Error - 6/24/2011 12:20:27 AM | Computer Name = mahnaz-PC | Source = VzCdbSvc | ID = 7
Description = Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error
code = 0x80042019)

Error - 6/24/2011 1:27:48 AM | Computer Name = mahnaz-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 6/24/2011 1:27:48 AM | Computer Name = mahnaz-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 6/24/2011 9:54:56 AM | Computer Name = mahnaz-PC | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.0.6001.18164 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 68c Start Time: 01cc3225b61b7948 Termination Time: 59

Error - 6/24/2011 10:00:39 AM | Computer Name = mahnaz-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 6/25/2011 4:26:32 AM | Computer Name = mahnaz-PC | Source = Application Error | ID = 1000
Description = Faulting application ACService.exe, version 1.1.0.47, time stamp 0x4ba1976d,
faulting module ACService.exe, version 1.1.0.47, time stamp 0x4ba1976d, exception
code 0xc0000005, fault offset 0x00007aea, process id 0x4bc, application start time
0x01cc331196bc60c0.

[ OSession Events ]
Error - 10/26/2009 4:26:52 PM | Computer Name = mahnaz-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6215.1000. This session
lasted 58 seconds with 0 seconds of active time. This session ended with a crash.

Error - 5/24/2010 2:54:25 PM | Computer Name = mahnaz-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 18866
seconds with 7320 seconds of active time. This session ended with a crash.

Error - 12/28/2010 3:56:12 PM | Computer Name = mahnaz-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2408
seconds with 480 seconds of active time. This session ended with a crash.

Error - 2/19/2011 10:17:46 AM | Computer Name = mahnaz-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 10, Application Name: Microsoft Office Visio, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

Error - 8/23/2012 4:05:34 PM | Computer Name = mahnaz-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 11 seconds with 0 seconds of active time. This session ended with a crash.


Error encountered while reading event logs.

< End of report >


***********************************************************************************************************

FSS report :


Farbar Service Scanner Version: 14-04-2013
Ran by mahnaz (administrator) on 28-04-2013 at 21:33:15
Running from "C:\Users\mahnaz\Desktop"
Windows Vista ™ Home Premium Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Attempt to access Yahoo IP returned error. Yahoo IP is offline
Attempt to access Yahoo.com returned error: Yahoo.com is offline


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys
[2011-06-18 22:11] - [2011-04-21 17:46] - 0273408 ____A (Microsoft Corporation) 48EB99503533C27AC6135648E5474457

C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2010-08-30 15:16] - [2010-06-16 20:29] - 0898952 ____A (Microsoft Corporation) 782568AB6A43160A159B6215B70BCCE9

C:\Windows\system32\dnsrslvr.dll
[2011-04-13 20:31] - [2011-03-02 19:19] - 0086528 ____A (Microsoft Corporation) 4805D9A6D281C7A7DEFD9094DEC6AF7D

C:\Windows\system32\mpssvc.dll
[2008-01-21 06:54] - [2008-01-21 06:54] - 0393216 ____A (Microsoft Corporation) D1639BA315B0D79DEC49A4B0E1FB929B

C:\Windows\system32\bfe.dll
[2008-01-21 06:53] - [2008-01-21 06:53] - 0328704 ____A (Microsoft Corporation) 8582E233C346AEFE759833E8A30DD697

C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe
[2008-01-21 06:53] - [2008-01-21 06:53] - 1054720 ____A (Microsoft Corporation) D5FB73D19C46ADE183F968E13F186B23

C:\Windows\system32\wscsvc.dll
[2008-01-21 06:53] - [2008-01-21 06:53] - 0061440 ____A (Microsoft Corporation) 683DD16B590372F2C9661D277F35E49C

C:\Windows\system32\wbem\WMIsvc.dll
[2008-01-21 06:54] - [2008-01-21 06:54] - 0161792 ____A (Microsoft Corporation) 00B79A7C984678F24CF052E5BEB3A2F5

C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll
[2008-01-21 06:55] - [2008-01-21 06:55] - 0758272 ____A (Microsoft Corporation) 02ED7B4DBC2A3232A389106DA7515C3D

C:\Windows\system32\es.dll
[2009-04-07 22:56] - [2008-04-18 10:18] - 0269312 ____A (Microsoft Corporation) 3CB3343D720168B575133A0A20DC2465

C:\Windows\system32\cryptsvc.dll
[2008-01-21 06:54] - [2008-01-21 06:54] - 0128000 ____A (Microsoft Corporation) 6DE363F9F99334514C46AEC02D3E3678

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll
[2010-07-16 23:22] - [2010-02-18 18:41] - 0190464 ____A (Microsoft Corporation) 6A35D233693EDC29A12742049BC5E37F

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll
[2009-10-23 00:54] - [2009-03-03 09:09] - 0551424 ____A (Microsoft Corporation) 301AE00E12408650BADDC04DBC832830



**** End of log ****

********************************************************************************************************

please let me know what is my pc problem ?
  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
1. Double-click My Computer, and then right-click the hard disk that you want to check. G:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.

Unless something is using the drive it should run through fairly quickly. When it finishes repeat for H: then for C:
When you try to do C: (and if something is using G or H)
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but if this is for the C: drive don't restart yet.


Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:

2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.


Please download GrantPerms.zip
http://download.blee.../GrantPerms.zip
and save it to your desktop.
Unzip the file and depending on the system run GrantPerms.exe or GrantPerms64.exe
Copy and paste the following in the edit box:


c:\$recycle.bin
C:\Windows\explorer.exe


Click Unlock. When it is done click "OK".
Click List Permissions and post the result (Perms.txt) that pops up. A copy of Perms.txt will be saved in the same directory the tool is run.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

explorer.exe

Windows Explorer should open. If it doesn't let me know. Close Explorer.

Uninstall

Internet Download Manager - not needed
Java™ 6 Update 11 - obsolete get latest from java.com. Do not let them download foistware such as toolbars and security scans.
Adobe Flash Player 10 ActiveX -obsolete - get latest from adobe.com - must use IE to get it. Do not let them download foistware such as toolbars and security scans.
Adobe Reader 9.0.1 - obsolete get latest from adobe.com. Do not let them download foistware such as toolbars and security scans.
Uniblue RegistryBooster 2010 - does more harm than good


Copy the text in the code box by highlighting and Ctrl + c

:OTL
O4 - HKCU..\Run: [MSNetDDNowiz] C:\Users\mahnaz\AppData\Local\Temp\1352570291.exe ()
O33 - MountPoints2\{0fc96c87-dbe7-11de-8ffb-00214ff8b58b}\Shell - "" = AutoRun
O33 - MountPoints2\{0fc96c87-dbe7-11de-8ffb-00214ff8b58b}\Shell\AutoRun\command - "" = "H:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{0fc96cc4-dbe7-11de-8ffb-00214ff8b58b}\Shell - "" = AutoRun
O33 - MountPoints2\{0fc96cc4-dbe7-11de-8ffb-00214ff8b58b}\Shell\AutoRun\command - "" = H:\start.exe
O33 - MountPoints2\{8e93a18e-c0c4-11de-8705-001dbab85ad7}\Shell - "" = AutoRun
O33 - MountPoints2\{8e93a18e-c0c4-11de-8705-001dbab85ad7}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a

:files
dir g:\* /c
dir h:\* /c
dir c:\$recycle.bin\* /c
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon"  /c

:reg
[-HKEY_CURRENT_USER\SOFTWARE\LERTDMon]

:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]


then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply.
It appears that Old Timer is now hiding the log in c:\_OTL\MovedFiles\04262013-some number.log so look there if you don't see it.


Run OTL one more time. This time just press Quickscan. You will get a single log. Please copy and paste it.
  • 0

#5
mahi65

mahi65

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
hi,
these are the reports you mentioned:



VEW_system :



Vino's Event Viewer v01c run on Windows Vista in English
Report run at 01/05/2013 1:51:01 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 01/05/2013 8:48:53 AM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {C2BFE331-6739-4270-86C9-493D9A04CD38} did not register with DCOM within the required timeout.

Log: 'System' Date/Time: 01/05/2013 9:13:05 AM
Type: Error Category: 0
Event: 15016 Source: Microsoft-Windows-HttpEvent
Unable to initialize the security package Kerberos for server side authentication. The data field contains the error number.

Log: 'System' Date/Time: 01/05/2013 9:16:22 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 01/05/2013 9:16:22 AM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the ArcSoft Connect Daemon service to connect.

Log: 'System' Date/Time: 01/05/2013 9:16:22 AM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the VAIO Power Management service to connect.

Log: 'System' Date/Time: 01/05/2013 9:16:22 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The VAIO Power Management service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 01/05/2013 9:19:07 AM
Type: Error Category: 30
Event: 1001 Source: Microsoft-Windows-LanguagePackSetup
Application initialization failed. Last error: 0x80070032

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 01/05/2013 8:49:04 AM
Type: Warning Category: 0
Event: 10002 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN Extensibility Module has stopped. Module Path: C:\Windows\System32\IWMSSvc.dll

Log: 'System' Date/Time: 01/05/2013 8:49:07 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Log: 'System' Date/Time: 01/05/2013 9:15:40 AM
Type: Warning Category: 0
Event: 34005 Source: Microsoft-Windows-SharedAccess_NAT
The ICS_IPV6 was unable to allocate  bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

************************************************************************************

VEW_application:

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 01/05/2013 1:52:11 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 01/05/2013 9:13:26 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application ACService.exe, version 1.1.0.47, time stamp 0x4ba1976d, faulting module ACService.exe, version 1.1.0.47, time stamp 0x4ba1976d, exception code 0xc0000005, fault offset 0x00007aea, process id 0x728, application start time 0x01ce464c22e43716.

Log: 'Application' Date/Time: 01/05/2013 9:15:39 AM
Type: Error Category: 0
Event: 7 Source: VzCdbSvc
Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error code = 0x80042019)

Log: 'Application' Date/Time: 01/05/2013 9:16:20 AM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Information Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 01/05/2013 8:48:13 AM
Type: Information Category: 0
Event: 10002 Source: Microsoft-Windows-Winsrv
The following application was terminated because it was hung: chrome.exe.

Log: 'Application' Date/Time: 01/05/2013 8:48:13 AM
Type: Information Category: 0
Event: 10002 Source: Microsoft-Windows-Winsrv
The following application was terminated because it was hung: chrome.exe.

Log: 'Application' Date/Time: 01/05/2013 8:48:13 AM
Type: Information Category: 0
Event: 10002 Source: Microsoft-Windows-Winsrv
The following application was terminated because it was hung: chrome.exe.

Log: 'Application' Date/Time: 01/05/2013 8:48:13 AM
Type: Information Category: 0
Event: 10002 Source: Microsoft-Windows-Winsrv
The following application was terminated because it was hung: chrome.exe.

Log: 'Application' Date/Time: 01/05/2013 8:48:31 AM
Type: Information Category: 0
Event: 2 Source: Microsoft-Windows-CertificateServicesClient
Certificate Services Client has been stopped.

Log: 'Application' Date/Time: 01/05/2013 8:48:34 AM
Type: Information Category: 0
Event: 9009 Source: Desktop Window Manager
The Desktop Window Manager has exited with code (0x40010004)

Log: 'Application' Date/Time: 01/05/2013 8:48:35 AM
Type: Information Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <SessionEnv> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 01/05/2013 8:49:10 AM
Type: Information Category: 0
Event: 2 Source: Microsoft-Windows-CertificateServicesClient
Certificate Services Client has been stopped.

Log: 'Application' Date/Time: 01/05/2013 9:13:00 AM
Type: Information Category: 0
Event: 1001 Source: Microsoft-Windows-Wininit
Checking file system on H: The type of the file system is NTFS. Volume label is mahnaz. A disk check has been scheduled. Windows will now check the disk. 9600 file records processed.
1 large file records processed.
0 bad file records processed.
0 EA records processed.
0 reparse records processed.
10668 index entries processed.
0 unindexed files processed.
9600 security descriptors processed.
Cleaning up 12 unused index entries from index $SII of file 0x9. Cleaning up 12 unused index entries from index $SDH of file 0x9. Cleaning up 12 unused security descriptors. 534 data files processed.
CHKDSK is verifying file data (stage 4 of 5)... 9584 files processed.
File data verification completed. CHKDSK is verifying free space (stage 5 of 5)... 1405752 free clusters processed.
Free space verification is complete. Windows has checked the file system and found no problems. 22526975 KB total disk space. 16826088 KB in 3588 files. 1636 KB in 536 indexes. 0 KB in bad sectors. 76239 KB in use by the system. 65536 KB occupied by the log file. 5623012 KB available on disk. 4096 bytes in each allocation unit. 5631743 total allocation units on disk. 1405753 allocation units available on disk. Internal Info: 80 25 00 00 27 10 00 00 9c 1a 00 00 00 00 00 00 .%..'........... ae 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 42 00 00 00 8f 84 0a 77 c8 a4 13 00 c8 9c 13 00 B......w........

Log: 'Application' Date/Time: 01/05/2013 9:13:00 AM
Type: Information Category: 0
Event: 1001 Source: Microsoft-Windows-Wininit
Checking file system on G: The type of the file system is NTFS. Volume label is New Volume. A disk check has been scheduled. Windows will now check the disk. 7424 file records processed.
0 large file records processed.
0 bad file records processed.
0 EA records processed.
0 reparse records processed.
8248 index entries processed.
0 unindexed files processed.
7424 security descriptors processed.
Cleaning up 8 unused index entries from index $SII of file 0x9. Cleaning up 8 unused index entries from index $SDH of file 0x9. Cleaning up 8 unused security descriptors. 412 data files processed.
CHKDSK is verifying file data (stage 4 of 5)... 7408 files processed.
File data verification completed. CHKDSK is verifying free space (stage 5 of 5)... 766501 free clusters processed.
Free space verification is complete. Windows has checked the file system and found no problems. 20478975 KB total disk space. 17335812 KB in 5503 files. 3152 KB in 414 indexes. 0 KB in bad sectors. 74003 KB in use by the system. 65536 KB occupied by the log file. 3066008 KB available on disk. 4096 bytes in each allocation unit. 5119743 total allocation units on disk. 766502 allocation units available on disk. Internal Info: 00 1d 00 00 28 17 00 00 5f 1f 00 00 00 00 00 00 ....(..._....... 6f 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 o............... 42 00 00 00 8f 84 0a 77 c8 a4 2d 00 c8 9c 2d 00 B......w..-...-.

Log: 'Application' Date/Time: 01/05/2013 9:13:01 AM
Type: Information Category: 0
Event: 1531 Source: Microsoft-Windows-User Profiles Service
The User Profile Service has started successfully.

Log: 'Application' Date/Time: 01/05/2013 9:13:01 AM
Type: Information Category: 0
Event: 900 Source: Microsoft-Windows-Security-Licensing-SLC
The Software Licensing service is starting.

Log: 'Application' Date/Time: 01/05/2013 9:13:01 AM
Type: Information Category: 0
Event: 4625 Source: Microsoft-Windows-EventSystem
The EventSystem sub system is suppressing duplicate event log entries for a duration of 86400 seconds. The suppression timeout can be controlled by a REG_DWORD value named SuppressDuplicateDuration under the following registry key: HKLM\Software\Microsoft\EventSystem\EventLog.

Log: 'Application' Date/Time: 01/05/2013 9:13:14 AM
Type: Information Category: 0
Event: 1033 Source: Microsoft-Windows-Security-Licensing-SLC
These policies are being excluded since they are only defined with override-only attribute. Policy Names=(IIS-W3SVC-MaxConcurrentRequests) (Telnet-Client-EnableTelnetClient) (Telnet-Client-EnableTelnetClient_w) (Telnet-Server-EnableTelnetServer) (Telnet-Server-EnableTelnetServer_w) App Id=55c92734-d682-4d71-983e-d6ec3f16059f Sku Id=bffdc375-bbd5-499d-8ef1-4f37b61c895f

Log: 'Application' Date/Time: 01/05/2013 9:13:14 AM
Type: Information Category: 0
Event: 1003 Source: Microsoft-Windows-Security-Licensing-SLC
The Software Licensing service has completed licensing status check. Application Id=55c92734-d682-4d71-983e-d6ec3f16059f Licensing Status=
{1,[3a1d44e2-bede-46fb-8a02-0cd485a1db8b, 8, 0xC004F014,0x0]}

{1,[9e042223-03bf-49ae-808f-ff37f128d40d, 8, 0xC004F014,0x0]}

{1,[a3481201-436e-4fc9-88b4-34ccf7f81789, 8, 0xC004F014,0x0]}

{1,[a4eec485-e375-48b4-8f51-80d13a4086b6, 8, 0xC004F014,0x0]}

{1,[b6795467-dc45-4acf-af87-e948ee3f15f4, 8, 0xC004F014,0x0]}

{1,[bffdc375-bbd5-499d-8ef1-4f37b61c895f, 0, 0x0,0x0],[0x0,0x0,0x0,0,0,0x0],[0x0,0xFFFFFFFF,0x0,0,0,0x0],[0x0,0xFFFFFFFF,0x0,0,0,0x0],[0,0,0x0]}

{1,[c3505bd0-004a-49b9-84db-a1a4869eddf1, 8, 0xC004F014,0x0]}

{1,[c5d8ec70-e2ae-42d8-aaa9-eec3772438ee, 8, 0xC004F014,0x0]}

{1,[f3acdd3c-119a-4932-a3d7-0b6f33a1dca9, 8, 0xC004F014,0x0]}

{1,[afd5f68f-b70f-4000-a21d-28dbc8be8b07, 8, 0xC004F014,0x0]}


Log: 'Application' Date/Time: 01/05/2013 9:13:14 AM
Type: Information Category: 0
Event: 1005 Source: Microsoft-Windows-Security-Licensing-SLC
The result of Windows Right consumption is: hr=0x0

Log: 'Application' Date/Time: 01/05/2013 9:13:14 AM
Type: Information Category: 0
Event: 902 Source: Microsoft-Windows-Security-Licensing-SLC
The Software Licensing service has started.

Log: 'Application' Date/Time: 01/05/2013 9:13:30 AM
Type: Information Category: 1
Event: 2570 Source: Adobe Active File Monitor 7.0
Adobe Active File Monitor Service has Started.

Log: 'Application' Date/Time: 01/05/2013 9:13:30 AM
Type: Information Category: 0
Event: 0 Source: btwdins
The event description cannot be found.

Log: 'Application' Date/Time: 01/05/2013 9:13:33 AM
Type: Information Category: 0
Event: 0 Source: EvtEng
The event description cannot be found.

****************************************************************************


Prems.txt :


GrantPerms by Farbar
Ran by mahnaz (administrator) at 2013-05-01 13:53:44

===============================================
****************************************************************************

OTL first log:

========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\MSNetDDNowiz not found.
File C:\Users\mahnaz\AppData\Local\Temp\1352570291.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0fc96c87-dbe7-11de-8ffb-00214ff8b58b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0fc96c87-dbe7-11de-8ffb-00214ff8b58b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0fc96c87-dbe7-11de-8ffb-00214ff8b58b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0fc96c87-dbe7-11de-8ffb-00214ff8b58b}\ not found.
File "H:\WD SmartWare.exe" autoplay=true not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0fc96cc4-dbe7-11de-8ffb-00214ff8b58b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0fc96cc4-dbe7-11de-8ffb-00214ff8b58b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0fc96cc4-dbe7-11de-8ffb-00214ff8b58b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0fc96cc4-dbe7-11de-8ffb-00214ff8b58b}\ not found.
File H:\start.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8e93a18e-c0c4-11de-8705-001dbab85ad7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8e93a18e-c0c4-11de-8705-001dbab85ad7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8e93a18e-c0c4-11de-8705-001dbab85ad7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8e93a18e-c0c4-11de-8705-001dbab85ad7}\ not found.
File G:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.
File G:\LaunchU3.exe -a not found.
========== FILES ==========
< dir g:\* /c >
Volume in drive G is New Volume
Volume Serial Number is 94D2-98BD
Directory of g:\
09/11/2010 09:32 PM <DIR> $RECYCLE.BIN
12/05/2012 11:53 PM <DIR> aroosi_mahnaz91
06/03/2011 01:36 AM <DIR> bikalam music
02/10/2013 12:59 PM <DIR> ebook
08/13/2012 12:37 AM <DIR> love song
02/10/2013 12:58 PM <DIR> m.n
02/10/2013 12:57 PM <DIR> selection
02/06/2011 01:15 PM 336,896 sirjani-letters.doc
11/29/2012 09:08 PM <DIR> software
08/13/2012 04:43 PM <DIR> tutorial
05/11/2011 03:01 PM 63 vista.txt
2 File(s) 336,959 bytes
9 Dir(s) 3,135,397,888 bytes free
C:\Users\mahnaz\Desktop\cmd.bat deleted successfully.
C:\Users\mahnaz\Desktop\cmd.txt deleted successfully.
< dir h:\* /c >
Volume in drive H is mahnaz
Volume Serial Number is 7602-2EBC
Directory of h:\
05/16/2011 09:27 AM <DIR> $RECYCLE.BIN
12/14/2012 04:09 AM 2,642,944 1.pps
04/30/2012 11:24 PM 3,739,081 dar_in_ghat-e_az_behesht_mp3_high_quality.mp3
04/28/2013 09:57 PM <DIR> DIFFERENT
01/29/2013 08:01 PM <DIR> Dr bayat
02/01/2013 11:34 AM 125,383,214 dvbc_all_qam.rar
02/20/2013 12:08 PM 106,215 ghabz.jpg
02/05/2013 09:23 AM <DIR> movies
05/13/2011 10:54 AM <DIR> Projects
11/13/2011 08:19 PM 183 report.txt
04/26/2013 02:24 PM <DIR> TOP 3
08/14/2011 11:37 AM <DIR> VS2008
10/20/2012 12:45 PM 27,974,480 WebFreer_Setup_1.0.3.005.exe
02/27/2012 09:13 PM 44 zarfshui.txt
7 File(s) 159,846,161 bytes
7 Dir(s) 5,753,769,984 bytes free
C:\Users\mahnaz\Desktop\cmd.bat deleted successfully.
C:\Users\mahnaz\Desktop\cmd.txt deleted successfully.
< dir c:\$recycle.bin\* /c >
Volume in drive C has no label.
Volume Serial Number is 8AB6-78FF
Directory of c:\$recycle.bin
C:\Users\mahnaz\Desktop\cmd.bat deleted successfully.
C:\Users\mahnaz\Desktop\cmd.txt deleted successfully.
< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" /c >
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
ReportBootOk REG_SZ 1
Shell REG_SZ Explorer.exe
Userinit REG_SZ C:\Windows\system32\userinit.exe,
VmApplet REG_SZ rundll32 shell32,Control_RunDLL "sysdm.cpl"
AutoRestartShell REG_DWORD 0x1
LegalNoticeCaption REG_SZ
LegalNoticeText REG_SZ
PowerdownAfterShutdown REG_SZ 0
ShutdownWithoutLogon REG_SZ 0
cachedlogonscount REG_SZ 10
forceunlocklogon REG_DWORD 0x0
passwordexpirywarning REG_DWORD 0xe
Background REG_SZ 0 0 0
DebugServerCommand REG_SZ no
WinStationsDisabled REG_SZ 0
DisableCAD REG_DWORD 0x1
scremoveoption REG_SZ 0
ShutdownFlags REG_DWORD 0x27
LegalNotice Text REG_SZ
SFCDisable REG_DWORD 0x0
System REG_SZ
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoLogonChecked
C:\Users\mahnaz\Desktop\cmd.bat deleted successfully.
C:\Users\mahnaz\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\LERTDMon\ deleted successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: mahnaz
->Flash cache emptied: 492 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: mahnaz
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 05012013_135642


******************************************************************************************

OTL second log :


OTL logfile created on: 5/1/2013 2:04:52 PM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\mahnaz\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 0.73 Gb Available Physical Memory | 39.30% Memory free
3.98 Gb Paging File | 2.58 Gb Available in Paging File | 64.75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 244.68 Gb Total Space | 48.42 Gb Free Space | 19.79% Space Free | Partition Type: NTFS
Drive G: | 19.53 Gb Total Space | 2.92 Gb Free Space | 14.95% Space Free | Partition Type: NTFS
Drive H: | 21.48 Gb Total Space | 5.36 Gb Free Space | 24.94% Space Free | Partition Type: NTFS

Computer Name: MAHNAZ-PC | User Name: mahnaz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/04/22 18:11:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\mahnaz\Desktop\OTL.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/11/22 16:08:14 | 001,038,496 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
PRC - [2012/11/22 16:08:12 | 000,957,056 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update\VUAgent.exe
PRC - [2012/03/07 16:40:34 | 000,913,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2012/03/07 16:40:28 | 003,117,344 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2011/12/13 15:06:29 | 002,984,832 | ---- | M] (TeamViewer GmbH) -- C:\Users\mahnaz\temp\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2011/09/14 23:51:29 | 003,241,312 | ---- | M] (Tonec Inc.) -- C:\_OTL\MovedFiles\04272013_193340\C_Program Files\Internet Download Manager\IDMan.exe
PRC - [2010/07/05 00:21:26 | 000,017,408 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2009/10/22 06:00:04 | 000,395,824 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnat.exe
PRC - [2009/10/22 05:59:58 | 000,113,200 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
PRC - [2009/10/22 05:59:48 | 000,334,384 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnetdhcp.exe
PRC - [2009/10/22 04:47:54 | 000,563,760 | ---- | M] (VMware, Inc.) -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2009/05/21 14:28:38 | 000,874,768 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2009/05/21 13:04:14 | 000,473,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2009/02/05 04:31:30 | 000,538,472 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Mode Switch\VMSwitch.exe
PRC - [2009/01/24 22:01:26 | 000,559,656 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2009/01/21 21:37:42 | 000,313,264 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2009/01/21 21:37:42 | 000,192,512 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2009/01/20 04:13:04 | 000,394,536 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
PRC - [2009/01/20 00:19:20 | 000,203,624 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2009/01/20 00:19:20 | 000,112,488 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2009/01/15 01:08:38 | 005,184,872 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
PRC - [2009/01/06 06:34:54 | 000,109,088 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe
PRC - [2008/12/22 11:00:32 | 000,274,432 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Network Utility\LANUtil.exe
PRC - [2008/12/22 09:25:06 | 000,303,104 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Network Utility\NSUService.exe
PRC - [2008/12/20 01:32:08 | 001,771,368 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
PRC - [2008/12/20 01:32:08 | 000,415,592 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe
PRC - [2008/12/18 22:23:50 | 000,317,288 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\ISB Utility\ISBMgr.exe
PRC - [2008/10/29 10:59:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/09/18 22:29:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
PRC - [2008/09/16 23:33:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
PRC - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/01/15 05:43:00 | 000,063,176 | ---- | M] (CANON INC.) -- C:\Windows\System32\CNAC4RPK.EXE
PRC - [2007/01/05 07:18:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe


========== Modules (No Company Name) ==========

MOD - [2013/04/09 13:27:07 | 000,390,096 | ---- | M] () -- C:\Users\mahnaz\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppgooglenaclpluginchrome.dll
MOD - [2013/04/09 13:27:05 | 004,050,896 | ---- | M] () -- C:\Users\mahnaz\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll
MOD - [2013/04/09 13:26:13 | 001,606,096 | ---- | M] () -- C:\Users\mahnaz\AppData\Local\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll
MOD - [2011/12/04 20:04:39 | 001,356,288 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\cac78a264e7ac9299057eb2416c86000\System.WorkflowServices.ni.dll
MOD - [2011/12/04 20:04:00 | 001,706,496 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\5046de252a0e714c78207b5dd01a89bd\System.ServiceModel.Web.ni.dll
MOD - [2011/12/04 19:56:31 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\bf3b757c821a36e6a9c7c1988b39a15d\System.IdentityModel.Selectors.ni.dll
MOD - [2011/12/04 19:56:29 | 001,070,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\3fb6b9b320c78fa02be3fa8ce26b7559\System.IdentityModel.ni.dll
MOD - [2011/12/04 19:56:25 | 002,345,472 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\0393b1448497e28ae9bbfed9be19bd3e\System.Runtime.Serialization.ni.dll
MOD - [2011/12/04 19:56:19 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\06bb41fe681650a017fa2c99e197edf0\SMDiagnostics.ni.dll
MOD - [2011/12/04 19:56:17 | 017,403,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\0dd1924dbe8ac43b923a28409d351619\System.ServiceModel.ni.dll
MOD - [2011/12/04 19:51:40 | 011,800,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0a1195c6b5fab213527364c9e8b26ef0\System.Web.ni.dll
MOD - [2011/12/04 19:50:56 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\aa3e053d433c48e1e8c3f436b4de1ed3\System.Configuration.ni.dll
MOD - [2011/12/04 19:23:23 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll
MOD - [2011/12/04 19:22:15 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll
MOD - [2011/12/04 19:21:33 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll
MOD - [2011/12/04 19:15:30 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll
MOD - [2011/12/04 19:14:40 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2010/07/05 02:02:38 | 000,010,752 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerCOM.dll
MOD - [2010/07/05 02:02:36 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll
MOD - [2010/07/05 00:21:26 | 000,017,408 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
MOD - [2010/06/21 16:45:36 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Diagnostics.ServiceModelSink\3.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Diagnostics.ServiceModelSink.dll
MOD - [2009/04/08 02:24:30 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\SPMDam\3.1.0.6020__1b3c579b6925895f\SPMDam.dll
MOD - [2009/04/08 02:24:29 | 000,086,016 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\SPMCommon\3.1.0.6020__e3c7096ba83f9295\SPMCommon.dll
MOD - [2009/01/20 00:19:22 | 000,010,752 | ---- | M] () -- C:\Program Files\Sony\VAIO Event Service\VESBasePS.dll
MOD - [2007/09/20 19:34:58 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Services (SafeList) ==========

SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/11/22 16:08:12 | 000,957,056 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Update\VUAgent.exe -- (VUAgent)
SRV - [2012/09/17 00:22:47 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/09 22:55:48 | 000,279,552 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Serviio\bin\ServiioService.exe -- (Serviio)
SRV - [2012/03/07 16:40:34 | 000,913,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2011/12/13 15:06:29 | 002,984,832 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Users\mahnaz\temp\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/10/22 06:00:04 | 000,395,824 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnat.exe -- (VMware NAT Service)
SRV - [2009/10/22 05:59:58 | 000,113,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2009/10/22 05:59:48 | 000,334,384 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2009/10/22 04:47:54 | 000,563,760 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2009/10/12 15:32:24 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60)
SRV - [2009/05/21 14:28:38 | 000,874,768 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2009/05/21 13:04:14 | 000,473,360 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2009/05/02 15:40:35 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/01/24 22:01:26 | 000,559,656 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/01/21 21:37:44 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2009/01/21 21:37:42 | 000,313,264 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2009/01/21 21:37:42 | 000,192,512 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2009/01/20 23:26:06 | 000,120,104 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2009/01/20 23:22:18 | 000,091,432 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe -- (SOHPlMgr)
SRV - [2009/01/20 23:21:48 | 000,075,048 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2009/01/20 23:21:18 | 000,390,440 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)
SRV - [2009/01/20 23:20:48 | 000,070,952 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe -- (SOHDBSvr)
SRV - [2009/01/20 04:13:04 | 000,394,536 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2009/01/20 00:19:20 | 000,203,624 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2009/01/17 09:29:08 | 000,083,240 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper)
SRV - [2009/01/15 01:08:38 | 005,184,872 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2009/01/08 11:40:32 | 000,114,688 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2009/01/06 06:34:54 | 000,109,088 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe -- (RtkAudioService)
SRV - [2008/12/22 09:25:06 | 000,303,104 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\Network Utility\NSUService.exe -- (NSUService)
SRV - [2008/12/20 01:32:08 | 000,415,592 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV - [2008/09/18 22:29:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2008/09/16 23:33:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)
SRV - [2008/01/21 06:53:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/11/07 08:58:18 | 003,004,416 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90)
SRV - [2007/01/05 07:18:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\mahnaz\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/03/14 09:40:04 | 000,148,504 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfw.sys -- (epfw)
DRV - [2012/03/14 09:40:02 | 000,169,080 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm)
DRV - [2012/03/14 09:40:02 | 000,120,152 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2012/03/14 09:40:02 | 000,050,624 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\epfwwfp.sys -- (epfwwfp)
DRV - [2012/03/14 09:40:02 | 000,033,656 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\EpfwLWF.sys -- (EpfwLWF)
DRV - [2011/10/04 10:14:35 | 000,195,968 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2010/07/26 18:55:42 | 000,068,240 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\idmwfp.sys -- (IDMWFP)
DRV - [2010/04/10 13:59:52 | 000,016,000 | ---- | M] (Xilinx, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\xpc4drvr.sys -- (XilinxPC4Driver)
DRV - [2009/10/22 06:00:46 | 000,853,936 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmx86.sys -- (vmx86)
DRV - [2009/10/22 06:00:44 | 000,070,704 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmci.sys -- (vmci)
DRV - [2009/10/22 06:00:44 | 000,026,288 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV - [2009/10/22 06:00:44 | 000,023,216 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMkbd.sys -- (vmkbd)
DRV - [2009/10/22 04:47:52 | 000,032,304 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hcmon.sys -- (hcmon)
DRV - [2009/10/22 01:13:36 | 000,031,280 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmusb.sys -- (vmusb)
DRV - [2009/10/22 01:13:32 | 000,036,400 | R--- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV - [2009/10/22 01:13:32 | 000,016,560 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2009/10/12 15:31:52 | 000,022,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2009/09/01 22:19:26 | 000,019,584 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\aticir.sys -- (AtiIrRcvr)
DRV - [2009/09/01 22:17:44 | 001,080,832 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atinavrr.sys -- (ATIAVPCI)
DRV - [2009/05/28 22:41:28 | 004,233,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2008/11/25 11:11:52 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
DRV - [2008/11/19 04:38:46 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
DRV - [2008/10/23 04:32:23 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\risdptsk.sys -- (risdptsk)
DRV - [2008/10/23 04:32:02 | 000,068,608 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008/08/26 04:31:46 | 000,023,712 | ---- | M] (Sony Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\shpf.sys -- (shpf)
DRV - [2008/07/08 14:02:48 | 000,029,568 | ---- | M] (Spectrum Digital Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sdusb2em.sys -- (sdusb2em)
DRV - [2008/06/07 04:32:55 | 000,131,000 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2008/04/25 01:36:40 | 000,017,920 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV - [2008/01/25 06:44:25 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2008/01/21 06:53:26 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2007/09/04 16:53:34 | 000,055,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Team Tools\Performance Tools\VSPerfDrv90.sys -- (VSPerfDrv90)
DRV - [2007/07/07 09:11:58 | 000,026,120 | ---- | M] (Rainbow Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SNTNLUSB.SYS -- (Sntnlusb)
DRV - [2007/04/18 07:39:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2006/11/10 16:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
DRV - [2005/09/05 22:30:22 | 000,028,743 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2005/08/16 11:23:10 | 000,038,422 | ---- | M] (Generic) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\StMp3Rec.sys -- (StMp3Rec)
DRV - [2004/10/22 07:58:48 | 000,028,296 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\xds560.sys -- (XDS560)
DRV - [2004/10/22 07:57:40 | 000,006,112 | ---- | M] (Texas Instruments Incorporated) [Kernel | Auto | Running] -- C:\Windows\System32\xdsfast1.sys -- (xdsfast1)
DRV - [2004/10/22 07:57:40 | 000,003,968 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drpkiont.sys -- (drpkiont)
DRV - [2004/05/26 21:56:58 | 000,003,200 | ---- | M] (Altium Limited) [Kernel | Auto | Running] -- C:\Windows\System32\altio.sys -- (altio)
DRV - [2001/03/01 02:15:00 | 000,006,144 | ---- | M] (Erik Salaj) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ioport.sys -- (IOPort)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchPage =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{8E13C345-C393-4DC1-ABDF-503E89EADC4F}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\mahnaz\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\mahnaz\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\mahnaz\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\mahnaz\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012/11/29 22:13:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\mahnaz\AppData\Roaming\IDM\idmmzcc3 [2011/09/15 21:26:21 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Users\mahnaz\AppData\Roaming\IDM\idmmzcc3 [2011/09/15 21:26:21 | 000,000,000 | ---D | M]

[2012/03/29 19:15:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mahnaz\AppData\Roaming\Mozilla\Extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\mahnaz\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\mahnaz\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\mahnaz\AppData\Local\Google\Chrome\Application\26.0.1410.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\mahnaz\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Babylon Chrome Plugin (Enabled) = C:\Users\mahnaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.4_0\BabylonChromePI.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\mahnaz\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\mahnaz\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Users\mahnaz\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\mahnaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\mahnaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Gmail = C:\Users\mahnaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/04/27 21:11:29 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\_OTL\MovedFiles\04272013_193340\C_Program Files\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (Microsoft Web Test Recorder 9.0 Helper) - {E31CE47F-C268-41ba-897B-B415E613947D} - C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO90.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [VMSwitch] C:\Program Files\Sony\VAIO Mode Switch\VMSwitch.exe (Sony Corporation)
O4 - HKCU..\Run: [IDMan] C:\_OTL\MovedFiles\04272013_193340\C_Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKCU..\Run: [NSUFloatingUI] C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download all links with IDM - C:\_OTL\MovedFiles\04272013_193340\C_Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download FLV video content with IDM - C:\_OTL\MovedFiles\04272013_193340\C_Program Files\Internet Download Manager\IEGetVL.htm ()
O8 - Extra context menu item: Download with IDM - C:\_OTL\MovedFiles\04272013_193340\C_Program Files\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Simorgh Client - {afaf756a-600b-48df-a1d1-0a173eb5ec26} - C:\Program Files\Nosa\Simorgh\HTTPClient\SimWinClt.exe (Iran Software & Hardware Co. (NOSA))
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitd...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://ereg.ut.ac.ir/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3216F67A-F1D5-4887-9CF3-41A1042B3CAC}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\textwareilluminatorbase {CE5CD329-1650-414A-8DB0-4CBF72FAED87} - C:\Windows\System32\textwareilluminatorbaseProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - File not found
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Users\mahnaz\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\mahnaz\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 02:13:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/05/01 13:52:58 | 000,000,000 | ---D | C] -- C:\Users\mahnaz\Desktop\GrantPerms
[2013/04/28 21:53:57 | 000,000,000 | ---D | C] -- C:\Users\mahnaz\Desktop\geekstogo
[2013/04/27 21:14:54 | 000,000,000 | ---D | C] -- C:\Users\mahnaz\AppData\Local\temp
[2013/04/27 21:13:47 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/04/27 20:49:00 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/04/27 20:49:00 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/04/27 20:49:00 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/04/27 20:48:56 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013/04/27 20:48:45 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/04/27 20:48:14 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/04/27 19:33:41 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/04/22 19:04:38 | 000,000,000 | --SD | C] -- C:\Users\mahnaz\Documents\My Data Sources
[2013/04/22 18:11:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\mahnaz\Desktop\OTL.exe
[2013/04/21 19:15:02 | 000,000,000 | ---D | C] -- C:\Users\mahnaz\AppData\Roaming\Malwarebytes
[2013/04/21 19:14:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/04/21 19:14:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/04/21 19:14:07 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/04/21 19:14:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/04/18 00:44:08 | 000,000,000 | ---D | C] -- C:\Users\mahnaz\Desktop\bbbb
[2013/04/17 23:59:58 | 000,000,000 | ---D | C] -- C:\Users\mahnaz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
[2013/04/17 23:59:58 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2013/04/14 23:12:46 | 000,000,000 | ---D | C] -- C:\Users\mahnaz\Desktop\ax13.92
[2013/04/01 16:04:55 | 000,000,000 | ---D | C] -- C:\Users\mahnaz\Desktop\mohamad
[5 C:\Users\mahnaz\Desktop\*.tmp files -> C:\Users\mahnaz\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/05/01 14:06:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3233104117-2109178606-3299732699-1003UA.job
[2013/05/01 14:00:47 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/01 13:58:50 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/01 13:58:50 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/01 13:58:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/01 13:58:01 | 2008,064,000 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/01 13:57:16 | 000,015,972 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013/05/01 12:30:00 | 000,000,270 | ---- | M] () -- C:\Windows\tasks\Check Updates for Windows Live Toolbar.job
[2013/04/28 21:35:48 | 000,692,900 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/04/28 21:35:48 | 000,138,400 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/04/27 22:25:45 | 000,061,440 | ---- | M] ( ) -- C:\Users\mahnaz\Desktop\VEW.exe
[2013/04/27 21:11:29 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/04/25 19:12:54 | 000,001,053 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Canon LBP5000 Status Window.lnk
[2013/04/22 19:06:01 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3233104117-2109178606-3299732699-1003Core.job
[2013/04/22 18:11:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\mahnaz\Desktop\OTL.exe
[2013/04/12 00:10:37 | 000,002,088 | ---- | M] () -- C:\Users\mahnaz\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[5 C:\Users\mahnaz\Desktop\*.tmp files -> C:\Users\mahnaz\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/04/27 22:25:44 | 000,061,440 | ---- | C] ( ) -- C:\Users\mahnaz\Desktop\VEW.exe
[2013/04/27 20:49:00 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/04/27 20:49:00 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/04/27 20:49:00 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/04/27 20:49:00 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/04/27 20:49:00 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/01/31 13:04:36 | 000,000,034 | ---- | C] () -- C:\Windows\cvavr.ini
[2012/12/29 11:07:44 | 000,000,600 | ---- | C] () -- C:\Users\mahnaz\AppData\Local\PUTTY.RND
[2012/11/10 11:45:38 | 000,053,248 | ---- | C] () -- C:\Windows\System32\HPPMLVS.dll
[2012/08/23 13:03:29 | 000,000,502 | ---- | C] () -- C:\Windows\System32\CNCMFP34.INI
[2012/08/13 14:22:31 | 000,000,063 | ---- | C] () -- C:\Windows\TEXTware.ini
[2012/08/13 14:22:04 | 000,321,024 | ---- | C] () -- C:\Windows\System32\textwareilluminatorbaseProtocol.dll
[2012/08/13 14:22:03 | 000,113,288 | ---- | C] () -- C:\Windows\System32\bass.dll
[2012/08/13 14:22:02 | 000,147,456 | ---- | C] () -- C:\Windows\System32\Twavbx32.dll
[2012/08/13 14:22:02 | 000,018,432 | ---- | C] () -- C:\Windows\System32\TWAIED02.DLL
[2012/08/13 14:21:59 | 000,143,360 | ---- | C] () -- C:\Windows\System32\ILXTBS.DLL
[2012/04/17 21:46:00 | 000,000,411 | ---- | C] () -- C:\Users\mahnaz\Documents - Shortcut (2).lnk
[2012/02/01 13:10:09 | 000,000,042 | ---- | C] () -- C:\Windows\Narcis.INI
[2012/01/07 12:18:34 | 000,000,600 | ---- | C] () -- C:\Users\mahnaz\AppData\Roaming\winscp.rnd
[2011/10/30 16:31:53 | 000,018,410 | ---- | C] () -- C:\Users\mahnaz\report.pdf
[2011/10/30 16:31:53 | 000,003,383 | ---- | C] () -- C:\Users\mahnaz\report.synctex.gz
[2011/10/30 16:29:47 | 000,000,544 | ---- | C] () -- C:\Users\mahnaz\report.dvi
[2011/10/30 16:29:47 | 000,000,009 | ---- | C] () -- C:\Users\mahnaz\report.aux
[2011/10/30 16:29:27 | 000,001,171 | ---- | C] () -- C:\Users\mahnaz\report.tex
[2011/10/27 19:07:15 | 000,044,413 | ---- | C] () -- C:\Users\mahnaz\my first.pdf
[2011/10/27 19:07:14 | 000,000,084 | ---- | C] () -- C:\Users\mahnaz\my first.aux
[2011/10/27 19:06:05 | 000,000,699 | ---- | C] () -- C:\Users\mahnaz\my first.tex
[2011/05/14 23:56:51 | 000,000,411 | ---- | C] () -- C:\Users\mahnaz\Documents - Shortcut.lnk
[2011/05/14 20:50:33 | 000,000,126 | ---- | C] () -- C:\Windows\mdm.ini
[2011/05/14 20:50:27 | 000,000,535 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011/05/13 11:04:31 | 000,006,550 | ---- | C] () -- C:\Windows\jautoexp.dat
[2011/05/11 23:27:51 | 000,001,191 | ---- | C] () -- C:\Users\mahnaz\.opgalaxy7.vr
[2011/02/07 20:22:38 | 000,000,268 | ---- | C] () -- C:\Users\mahnaz\quartus2.ini
[2010/11/13 13:52:01 | 000,000,600 | ---- | C] () -- C:\Users\mahnaz\PUTTY.RND
[2010/05/24 08:43:44 | 000,001,356 | ---- | C] () -- C:\Users\mahnaz\AppData\Local\d3d9caps.dat
[2010/03/01 21:01:08 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/01/23 19:56:04 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/11/04 14:28:10 | 000,029,128 | ---- | C] () -- C:\Users\mahnaz\AppData\Roaming\UserTile.png
[2009/10/24 22:21:39 | 000,000,112 | ---- | C] () -- C:\ProgramData\wrWin.ini
[2009/10/22 11:57:25 | 000,106,496 | ---- | C] () -- C:\Users\mahnaz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2002/01/01 01:22:31 | 024,605,022 | ---- | C] () -- C:\Users\mahnaz\iAUDIO - Who.Let.The.Whores.Out.XXX.DVDrip.XviD-NOGRP.[www.torrentfive.com]1.avi

========== ZeroAccess Check ==========

[2006/11/02 17:24:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011/01/21 20:16:32 | 011,582,464 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/03/03 09:06:24 | 000,615,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/01/21 06:54:03 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/08/12 22:45:33 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Acapela Group
[2012/04/21 20:34:51 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\AlilG
[2013/04/25 00:00:05 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Altium2004_SP4
[2010/05/29 20:11:36 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\BitDefender
[2012/08/13 14:22:48 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Cambridge
[2012/08/23 13:23:23 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Canon
[2009/12/04 01:10:33 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\COWON
[2011/09/10 23:01:16 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Digiarty
[2011/10/30 12:51:32 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\DMCache
[2012/11/19 22:10:40 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\ESET
[2011/09/14 21:49:07 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\GetRightToGo
[2011/05/30 23:05:56 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\HDI
[2011/01/21 02:46:36 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Helios
[2010/04/10 14:36:06 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\hte
[2012/09/05 13:05:34 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\IDM
[2012/07/06 22:53:29 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Import Audio from Video
[2009/12/04 15:47:05 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\InterVideo
[2012/07/11 14:40:12 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Mp3 Audio Editor
[2010/05/03 14:01:36 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\MuPAD
[2012/01/07 12:49:44 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\NetSarang
[2012/11/30 09:16:34 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Notepad++
[2011/07/19 23:34:49 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\ooVoo Details
[2009/11/04 14:28:10 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\PeerNetworking
[2012/03/01 15:34:12 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\PixelPlanet
[2012/11/28 00:53:46 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Samsung
[2010/10/11 22:57:01 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\SystemRequirementsLab
[2012/02/21 18:55:33 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\TeamViewer
[2010/03/14 23:16:49 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Uniblue
[2012/11/30 23:01:43 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\uTorrent
[2012/09/23 23:26:33 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Xilinx
[2011/12/07 17:17:28 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Xilisoft Corporation
[2011/10/27 19:20:20 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\xm1
[2013/03/18 23:05:48 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\{9824CBCB-329D-487F-97B1-B09FEA68CA6C}
[2013/03/18 23:05:27 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\{AF7B0CE6-0629-4425-9E54-98864D50FAB1}

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:010ADD2C

< End of report >



********************************************************************************************

Actually when i typed explorer.exe in command prompt it said that it is not an executable command and nothing happened.

Edited by mahi65, 01 May 2013 - 03:49 AM.

  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
OTL is still showing a problem with explorer.exe. I've attached two files. Please Download and Save each file then right click on each and Extract All. This will create two folders, winlogonexpl and explorer. Inside winlogonexpl should be winlogonexpl.reg. Right click on the winlogonexpl.reg and select Merge and allow it to merge. This replaces the current registry entry with a copy from my Vista just in case there are some invisible differences between them.

Inside the explorer folder should be explorer.exe. This is a copy of explorer.exe from my Vista. If you double click on it it should open without a problem. Does it?

Let's let OTL replace the current explorer with its backup. It looks like it should be the exact same file but there must be a problem with it since it doesn't seem to work.

Copy the text in the code box by highlighting and Ctrl + c


:files
C:\Windows\explorer.exe|C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe /replace
     
:Commands
[Reboot]

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

Download ShellExView.

http://www.nirsoft.n...s/shexview.html

Use this download:
http://www.nirsoft.n...xview_setup.exe

Once you get it installed, run it and look in the third or fourth column from the RIGHT. It should say MICROSOFT. Click once or twice on MICROSOFT so that items with NO are at the top.
Select all of the NO items and then click on the red led looking icon in the upper left. This should disable all of the non-microsoft additions to Explorer. Reboot

Run OTL again, quickscan and post the log.
  • 0

#7
mahi65

mahi65

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
dear friend,
the explorer opened without any problem but it seems that OTL could not rrplace the old file,this is the report i get from fix in OTL:

========== FILES ==========
Unable to replace file: C:\Windows\explorer.exe with C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe without a reboot.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.69.0 log created on 05032013_205422

Files\Folders moved on Reboot...

PendingFileRenameOperations files...
[2008/10/29 10:59:41 | 002,927,104 | ---- | M] (Microsoft Corporation) C:\Windows\explorer.exe : MD5=4F554999D7D5F05DAAEBBA7B5BA1089D

Registry entries deleted on Reboot...



the next OTL report is such as follow:

OTL logfile created on: 5/5/2013 10:01:12 PM - Run 6
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\mahnaz\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 0.64 Gb Available Physical Memory | 34.04% Memory free
3.98 Gb Paging File | 2.49 Gb Available in Paging File | 62.50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 244.68 Gb Total Space | 44.28 Gb Free Space | 18.10% Space Free | Partition Type: NTFS
Drive G: | 19.53 Gb Total Space | 2.92 Gb Free Space | 14.95% Space Free | Partition Type: NTFS
Drive H: | 21.48 Gb Total Space | 5.36 Gb Free Space | 24.94% Space Free | Partition Type: NTFS

Computer Name: MAHNAZ-PC | User Name: mahnaz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/04/22 18:11:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\mahnaz\Desktop\OTL.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/11/22 16:08:14 | 001,038,496 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
PRC - [2012/11/22 16:08:12 | 000,957,056 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update\VUAgent.exe
PRC - [2012/03/07 16:40:34 | 000,913,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2012/03/07 16:40:28 | 003,117,344 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2011/12/13 15:06:29 | 002,984,832 | ---- | M] (TeamViewer GmbH) -- C:\Users\mahnaz\temp\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2011/09/14 23:51:29 | 003,241,312 | ---- | M] (Tonec Inc.) -- C:\_OTL\MovedFiles\04272013_193340\C_Program Files\Internet Download Manager\IDMan.exe
PRC - [2010/07/05 00:21:26 | 000,017,408 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2009/10/22 06:00:04 | 000,395,824 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnat.exe
PRC - [2009/10/22 05:59:58 | 000,113,200 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
PRC - [2009/10/22 05:59:48 | 000,334,384 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnetdhcp.exe
PRC - [2009/10/22 04:47:54 | 000,563,760 | ---- | M] (VMware, Inc.) -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2009/05/21 14:28:38 | 000,874,768 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2009/05/21 13:04:14 | 000,473,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2009/02/05 04:31:30 | 000,538,472 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Mode Switch\VMSwitch.exe
PRC - [2009/01/24 22:01:26 | 000,559,656 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2009/01/21 21:37:42 | 000,313,264 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2009/01/21 21:37:42 | 000,192,512 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2009/01/20 04:13:04 | 000,394,536 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
PRC - [2009/01/20 00:19:20 | 000,203,624 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2009/01/20 00:19:20 | 000,112,488 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2009/01/15 01:08:38 | 005,184,872 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
PRC - [2009/01/06 06:34:54 | 000,109,088 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe
PRC - [2008/12/22 11:00:32 | 000,274,432 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Network Utility\LANUtil.exe
PRC - [2008/12/22 09:25:06 | 000,303,104 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Network Utility\NSUService.exe
PRC - [2008/12/20 01:32:08 | 001,771,368 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
PRC - [2008/12/20 01:32:08 | 000,415,592 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe
PRC - [2008/12/18 22:23:50 | 000,317,288 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\ISB Utility\ISBMgr.exe
PRC - [2008/10/29 10:59:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/09/18 22:29:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
PRC - [2008/09/16 23:33:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
PRC - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/01/15 05:43:00 | 000,063,176 | ---- | M] (CANON INC.) -- C:\Windows\System32\CNAC4RPK.EXE
PRC - [2007/01/05 07:18:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe


========== Modules (No Company Name) ==========

MOD - [2013/04/09 13:27:07 | 000,390,096 | ---- | M] () -- C:\Users\mahnaz\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppgooglenaclpluginchrome.dll
MOD - [2013/04/09 13:27:05 | 004,050,896 | ---- | M] () -- C:\Users\mahnaz\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll
MOD - [2013/04/09 13:26:13 | 001,606,096 | ---- | M] () -- C:\Users\mahnaz\AppData\Local\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll
MOD - [2011/12/04 20:04:39 | 001,356,288 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\cac78a264e7ac9299057eb2416c86000\System.WorkflowServices.ni.dll
MOD - [2011/12/04 20:04:00 | 001,706,496 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\5046de252a0e714c78207b5dd01a89bd\System.ServiceModel.Web.ni.dll
MOD - [2011/12/04 19:56:31 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\bf3b757c821a36e6a9c7c1988b39a15d\System.IdentityModel.Selectors.ni.dll
MOD - [2011/12/04 19:56:29 | 001,070,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\3fb6b9b320c78fa02be3fa8ce26b7559\System.IdentityModel.ni.dll
MOD - [2011/12/04 19:56:25 | 002,345,472 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\0393b1448497e28ae9bbfed9be19bd3e\System.Runtime.Serialization.ni.dll
MOD - [2011/12/04 19:56:19 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\06bb41fe681650a017fa2c99e197edf0\SMDiagnostics.ni.dll
MOD - [2011/12/04 19:56:17 | 017,403,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\0dd1924dbe8ac43b923a28409d351619\System.ServiceModel.ni.dll
MOD - [2011/12/04 19:51:40 | 011,800,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0a1195c6b5fab213527364c9e8b26ef0\System.Web.ni.dll
MOD - [2011/12/04 19:50:56 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\aa3e053d433c48e1e8c3f436b4de1ed3\System.Configuration.ni.dll
MOD - [2011/12/04 19:23:23 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll
MOD - [2011/12/04 19:22:15 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll
MOD - [2011/12/04 19:21:33 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll
MOD - [2011/12/04 19:15:30 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll
MOD - [2011/12/04 19:14:40 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2010/07/05 02:02:36 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll
MOD - [2010/07/05 00:21:26 | 000,017,408 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
MOD - [2010/06/21 16:45:36 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Diagnostics.ServiceModelSink\3.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Diagnostics.ServiceModelSink.dll
MOD - [2009/04/08 02:24:30 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\SPMDam\3.1.0.6020__1b3c579b6925895f\SPMDam.dll
MOD - [2009/04/08 02:24:29 | 000,086,016 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\SPMCommon\3.1.0.6020__e3c7096ba83f9295\SPMCommon.dll
MOD - [2009/01/20 00:19:22 | 000,010,752 | ---- | M] () -- C:\Program Files\Sony\VAIO Event Service\VESBasePS.dll


========== Services (SafeList) ==========

SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/11/22 16:08:12 | 000,957,056 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Update\VUAgent.exe -- (VUAgent)
SRV - [2012/09/17 00:22:47 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/09 22:55:48 | 000,279,552 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Serviio\bin\ServiioService.exe -- (Serviio)
SRV - [2012/03/07 16:40:34 | 000,913,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2011/12/13 15:06:29 | 002,984,832 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Users\mahnaz\temp\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/10/22 06:00:04 | 000,395,824 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnat.exe -- (VMware NAT Service)
SRV - [2009/10/22 05:59:58 | 000,113,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2009/10/22 05:59:48 | 000,334,384 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2009/10/22 04:47:54 | 000,563,760 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2009/10/12 15:32:24 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60)
SRV - [2009/05/21 14:28:38 | 000,874,768 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2009/05/21 13:04:14 | 000,473,360 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2009/05/02 15:40:35 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/01/24 22:01:26 | 000,559,656 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/01/21 21:37:44 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2009/01/21 21:37:42 | 000,313,264 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2009/01/21 21:37:42 | 000,192,512 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2009/01/20 23:26:06 | 000,120,104 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2009/01/20 23:22:18 | 000,091,432 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe -- (SOHPlMgr)
SRV - [2009/01/20 23:21:48 | 000,075,048 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2009/01/20 23:21:18 | 000,390,440 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)
SRV - [2009/01/20 23:20:48 | 000,070,952 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe -- (SOHDBSvr)
SRV - [2009/01/20 04:13:04 | 000,394,536 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2009/01/20 00:19:20 | 000,203,624 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2009/01/17 09:29:08 | 000,083,240 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper)
SRV - [2009/01/15 01:08:38 | 005,184,872 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2009/01/08 11:40:32 | 000,114,688 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2009/01/06 06:34:54 | 000,109,088 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe -- (RtkAudioService)
SRV - [2008/12/22 09:25:06 | 000,303,104 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\Network Utility\NSUService.exe -- (NSUService)
SRV - [2008/12/20 01:32:08 | 000,415,592 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV - [2008/09/18 22:29:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2008/09/16 23:33:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)
SRV - [2008/01/21 06:53:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/11/07 08:58:18 | 003,004,416 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90)
SRV - [2007/01/05 07:18:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\mahnaz\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/03/14 09:40:04 | 000,148,504 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfw.sys -- (epfw)
DRV - [2012/03/14 09:40:02 | 000,169,080 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm)
DRV - [2012/03/14 09:40:02 | 000,120,152 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2012/03/14 09:40:02 | 000,050,624 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\epfwwfp.sys -- (epfwwfp)
DRV - [2012/03/14 09:40:02 | 000,033,656 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\EpfwLWF.sys -- (EpfwLWF)
DRV - [2011/10/04 10:14:35 | 000,195,968 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2010/07/26 18:55:42 | 000,068,240 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\idmwfp.sys -- (IDMWFP)
DRV - [2010/04/10 13:59:52 | 000,016,000 | ---- | M] (Xilinx, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\xpc4drvr.sys -- (XilinxPC4Driver)
DRV - [2009/10/22 06:00:46 | 000,853,936 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmx86.sys -- (vmx86)
DRV - [2009/10/22 06:00:44 | 000,070,704 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmci.sys -- (vmci)
DRV - [2009/10/22 06:00:44 | 000,026,288 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV - [2009/10/22 06:00:44 | 000,023,216 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMkbd.sys -- (vmkbd)
DRV - [2009/10/22 04:47:52 | 000,032,304 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hcmon.sys -- (hcmon)
DRV - [2009/10/22 01:13:36 | 000,031,280 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmusb.sys -- (vmusb)
DRV - [2009/10/22 01:13:32 | 000,036,400 | R--- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV - [2009/10/22 01:13:32 | 000,016,560 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2009/10/12 15:31:52 | 000,022,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2009/09/01 22:19:26 | 000,019,584 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\aticir.sys -- (AtiIrRcvr)
DRV - [2009/09/01 22:17:44 | 001,080,832 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atinavrr.sys -- (ATIAVPCI)
DRV - [2009/05/28 22:41:28 | 004,233,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2008/11/25 11:11:52 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
DRV - [2008/11/19 04:38:46 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
DRV - [2008/10/23 04:32:23 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\risdptsk.sys -- (risdptsk)
DRV - [2008/10/23 04:32:02 | 000,068,608 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008/08/26 04:31:46 | 000,023,712 | ---- | M] (Sony Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\shpf.sys -- (shpf)
DRV - [2008/07/08 14:02:48 | 000,029,568 | ---- | M] (Spectrum Digital Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sdusb2em.sys -- (sdusb2em)
DRV - [2008/06/07 04:32:55 | 000,131,000 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2008/04/25 01:36:40 | 000,017,920 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV - [2008/01/25 06:44:25 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2008/01/21 06:53:26 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2007/09/04 16:53:34 | 000,055,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Team Tools\Performance Tools\VSPerfDrv90.sys -- (VSPerfDrv90)
DRV - [2007/07/07 09:11:58 | 000,026,120 | ---- | M] (Rainbow Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SNTNLUSB.SYS -- (Sntnlusb)
DRV - [2007/04/18 07:39:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2006/11/10 16:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
DRV - [2005/09/05 22:30:22 | 000,028,743 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2005/08/16 11:23:10 | 000,038,422 | ---- | M] (Generic) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\StMp3Rec.sys -- (StMp3Rec)
DRV - [2004/10/22 07:58:48 | 000,028,296 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\xds560.sys -- (XDS560)
DRV - [2004/10/22 07:57:40 | 000,006,112 | ---- | M] (Texas Instruments Incorporated) [Kernel | Auto | Running] -- C:\Windows\System32\xdsfast1.sys -- (xdsfast1)
DRV - [2004/10/22 07:57:40 | 000,003,968 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drpkiont.sys -- (drpkiont)
DRV - [2004/05/26 21:56:58 | 000,003,200 | ---- | M] (Altium Limited) [Kernel | Auto | Running] -- C:\Windows\System32\altio.sys -- (altio)
DRV - [2001/03/01 02:15:00 | 000,006,144 | ---- | M] (Erik Salaj) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ioport.sys -- (IOPort)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchPage =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{8E13C345-C393-4DC1-ABDF-503E89EADC4F}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\mahnaz\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\mahnaz\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\mahnaz\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\mahnaz\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012/11/29 22:13:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\mahnaz\AppData\Roaming\IDM\idmmzcc3 [2011/09/15 21:26:21 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Users\mahnaz\AppData\Roaming\IDM\idmmzcc3 [2011/09/15 21:26:21 | 000,000,000 | ---D | M]

[2012/03/29 19:15:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mahnaz\AppData\Roaming\Mozilla\Extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\mahnaz\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\mahnaz\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\mahnaz\AppData\Local\Google\Chrome\Application\26.0.1410.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\mahnaz\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Babylon Chrome Plugin (Enabled) = C:\Users\mahnaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.4_0\BabylonChromePI.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\mahnaz\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\mahnaz\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Users\mahnaz\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\mahnaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\mahnaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Gmail = C:\Users\mahnaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/04/27 21:11:29 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\_OTL\MovedFiles\04272013_193340\C_Program Files\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (Microsoft Web Test Recorder 9.0 Helper) - {E31CE47F-C268-41ba-897B-B415E613947D} - C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO90.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [VMSwitch] C:\Program Files\Sony\VAIO Mode Switch\VMSwitch.exe (Sony Corporation)
O4 - HKCU..\Run: [IDMan] C:\_OTL\MovedFiles\04272013_193340\C_Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKCU..\Run: [NSUFloatingUI] C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download all links with IDM - C:\_OTL\MovedFiles\04272013_193340\C_Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download FLV video content with IDM - C:\_OTL\MovedFiles\04272013_193340\C_Program Files\Internet Download Manager\IEGetVL.htm ()
O8 - Extra context menu item: Download with IDM - C:\_OTL\MovedFiles\04272013_193340\C_Program Files\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Simorgh Client - {afaf756a-600b-48df-a1d1-0a173eb5ec26} - C:\Program Files\Nosa\Simorgh\HTTPClient\SimWinClt.exe (Iran Software & Hardware Co. (NOSA))
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitd...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://ereg.ut.ac.ir/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3216F67A-F1D5-4887-9CF3-41A1042B3CAC}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\textwareilluminatorbase {CE5CD329-1650-414A-8DB0-4CBF72FAED87} - C:\Windows\System32\textwareilluminatorbaseProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - File not found
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Users\mahnaz\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\mahnaz\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 02:13:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/05/03 23:07:21 | 000,000,000 | ---D | C] -- C:\Users\mahnaz\Desktop\Microsoft_Visual_Studio_2010
[2013/05/03 22:23:45 | 000,000,000 | ---D | C] -- C:\Users\mahnaz\Desktop\cmake
[2013/05/03 21:46:41 | 000,000,000 | ---D | C] -- C:\Users\mahnaz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft ShellExView
[2013/05/03 21:46:41 | 000,000,000 | ---D | C] -- C:\Program Files\NirSoft
[2013/05/01 13:52:58 | 000,000,000 | ---D | C] -- C:\Users\mahnaz\Desktop\GrantPerms
[2013/04/28 21:53:57 | 000,000,000 | ---D | C] -- C:\Users\mahnaz\Desktop\geekstogo
[2013/04/27 21:14:54 | 000,000,000 | ---D | C] -- C:\Users\mahnaz\AppData\Local\temp
[2013/04/27 21:13:47 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/04/27 20:49:00 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/04/27 20:49:00 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/04/27 20:49:00 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/04/27 20:48:56 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013/04/27 20:48:45 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/04/27 20:48:14 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/04/27 19:33:41 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/04/22 19:04:38 | 000,000,000 | --SD | C] -- C:\Users\mahnaz\Documents\My Data Sources
[2013/04/22 18:11:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\mahnaz\Desktop\OTL.exe
[2013/04/21 19:15:02 | 000,000,000 | ---D | C] -- C:\Users\mahnaz\AppData\Roaming\Malwarebytes
[2013/04/21 19:14:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/04/21 19:14:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/04/21 19:14:07 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/04/21 19:14:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/04/18 00:44:08 | 000,000,000 | ---D | C] -- C:\Users\mahnaz\Desktop\bbbb
[2013/04/17 23:59:58 | 000,000,000 | ---D | C] -- C:\Users\mahnaz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
[2013/04/17 23:59:58 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2013/04/14 23:12:46 | 000,000,000 | ---D | C] -- C:\Users\mahnaz\Desktop\ax13.92
[5 C:\Users\mahnaz\Desktop\*.tmp files -> C:\Users\mahnaz\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/05/05 22:00:04 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/05 21:56:33 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/05 21:56:33 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/05 21:56:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/05 21:56:24 | 2005,995,520 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/04 23:39:07 | 000,015,972 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013/05/04 23:30:00 | 000,000,270 | ---- | M] () -- C:\Windows\tasks\Check Updates for Windows Live Toolbar.job
[2013/05/04 23:06:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3233104117-2109178606-3299732699-1003UA.job
[2013/05/03 23:15:17 | 000,692,900 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/05/03 23:15:17 | 000,138,400 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/05/03 21:04:02 | 000,001,053 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Canon LBP5000 Status Window.lnk
[2013/05/03 19:33:36 | 000,106,496 | ---- | M] () -- C:\Users\mahnaz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/05/03 19:06:01 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3233104117-2109178606-3299732699-1003Core.job
[2013/04/27 21:11:29 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/04/22 18:11:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\mahnaz\Desktop\OTL.exe
[2013/04/12 00:10:37 | 000,002,088 | ---- | M] () -- C:\Users\mahnaz\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[5 C:\Users\mahnaz\Desktop\*.tmp files -> C:\Users\mahnaz\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/04/27 20:49:00 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/04/27 20:49:00 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/04/27 20:49:00 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/04/27 20:49:00 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/04/27 20:49:00 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/01/31 13:04:36 | 000,000,034 | ---- | C] () -- C:\Windows\cvavr.ini
[2012/12/29 11:07:44 | 000,000,600 | ---- | C] () -- C:\Users\mahnaz\AppData\Local\PUTTY.RND
[2012/11/10 11:45:38 | 000,053,248 | ---- | C] () -- C:\Windows\System32\HPPMLVS.dll
[2012/08/23 13:03:29 | 000,000,502 | ---- | C] () -- C:\Windows\System32\CNCMFP34.INI
[2012/08/13 14:22:31 | 000,000,063 | ---- | C] () -- C:\Windows\TEXTware.ini
[2012/08/13 14:22:04 | 000,321,024 | ---- | C] () -- C:\Windows\System32\textwareilluminatorbaseProtocol.dll
[2012/08/13 14:22:03 | 000,113,288 | ---- | C] () -- C:\Windows\System32\bass.dll
[2012/08/13 14:22:02 | 000,147,456 | ---- | C] () -- C:\Windows\System32\Twavbx32.dll
[2012/08/13 14:22:02 | 000,018,432 | ---- | C] () -- C:\Windows\System32\TWAIED02.DLL
[2012/08/13 14:21:59 | 000,143,360 | ---- | C] () -- C:\Windows\System32\ILXTBS.DLL
[2012/04/17 21:46:00 | 000,000,411 | ---- | C] () -- C:\Users\mahnaz\Documents - Shortcut (2).lnk
[2012/02/01 13:10:09 | 000,000,042 | ---- | C] () -- C:\Windows\Narcis.INI
[2012/01/07 12:18:34 | 000,000,600 | ---- | C] () -- C:\Users\mahnaz\AppData\Roaming\winscp.rnd
[2011/10/30 16:31:53 | 000,018,410 | ---- | C] () -- C:\Users\mahnaz\report.pdf
[2011/10/30 16:31:53 | 000,003,383 | ---- | C] () -- C:\Users\mahnaz\report.synctex.gz
[2011/10/30 16:29:47 | 000,000,544 | ---- | C] () -- C:\Users\mahnaz\report.dvi
[2011/10/30 16:29:47 | 000,000,009 | ---- | C] () -- C:\Users\mahnaz\report.aux
[2011/10/30 16:29:27 | 000,001,171 | ---- | C] () -- C:\Users\mahnaz\report.tex
[2011/10/27 19:07:15 | 000,044,413 | ---- | C] () -- C:\Users\mahnaz\my first.pdf
[2011/10/27 19:07:14 | 000,000,084 | ---- | C] () -- C:\Users\mahnaz\my first.aux
[2011/10/27 19:06:05 | 000,000,699 | ---- | C] () -- C:\Users\mahnaz\my first.tex
[2011/05/14 23:56:51 | 000,000,411 | ---- | C] () -- C:\Users\mahnaz\Documents - Shortcut.lnk
[2011/05/14 20:50:33 | 000,000,126 | ---- | C] () -- C:\Windows\mdm.ini
[2011/05/14 20:50:27 | 000,000,535 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011/05/13 11:04:31 | 000,006,550 | ---- | C] () -- C:\Windows\jautoexp.dat
[2011/05/11 23:27:51 | 000,001,191 | ---- | C] () -- C:\Users\mahnaz\.opgalaxy7.vr
[2011/02/07 20:22:38 | 000,000,268 | ---- | C] () -- C:\Users\mahnaz\quartus2.ini
[2010/11/13 13:52:01 | 000,000,600 | ---- | C] () -- C:\Users\mahnaz\PUTTY.RND
[2010/05/24 08:43:44 | 000,001,356 | ---- | C] () -- C:\Users\mahnaz\AppData\Local\d3d9caps.dat
[2010/03/01 21:01:08 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/01/23 19:56:04 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/11/04 14:28:10 | 000,029,128 | ---- | C] () -- C:\Users\mahnaz\AppData\Roaming\UserTile.png
[2009/10/24 22:21:39 | 000,000,112 | ---- | C] () -- C:\ProgramData\wrWin.ini
[2009/10/22 11:57:25 | 000,106,496 | ---- | C] () -- C:\Users\mahnaz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2002/01/01 01:22:31 | 024,605,022 | ---- | C] () -- C:\Users\mahnaz\iAUDIO - Who.Let.The.Whores.Out.XXX.DVDrip.XviD-NOGRP.[www.torrentfive.com]1.avi

========== ZeroAccess Check ==========

[2006/11/02 17:24:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011/01/21 20:16:32 | 011,582,464 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/03/03 09:06:24 | 000,615,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/01/21 06:54:03 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/08/12 22:45:33 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Acapela Group
[2012/04/21 20:34:51 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\AlilG
[2013/04/25 00:00:05 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Altium2004_SP4
[2010/05/29 20:11:36 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\BitDefender
[2012/08/13 14:22:48 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Cambridge
[2012/08/23 13:23:23 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Canon
[2009/12/04 01:10:33 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\COWON
[2011/09/10 23:01:16 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Digiarty
[2011/10/30 12:51:32 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\DMCache
[2012/11/19 22:10:40 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\ESET
[2011/09/14 21:49:07 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\GetRightToGo
[2011/05/30 23:05:56 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\HDI
[2011/01/21 02:46:36 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Helios
[2010/04/10 14:36:06 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\hte
[2012/09/05 13:05:34 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\IDM
[2012/07/06 22:53:29 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Import Audio from Video
[2009/12/04 15:47:05 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\InterVideo
[2012/07/11 14:40:12 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Mp3 Audio Editor
[2010/05/03 14:01:36 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\MuPAD
[2012/01/07 12:49:44 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\NetSarang
[2012/11/30 09:16:34 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Notepad++
[2011/07/19 23:34:49 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\ooVoo Details
[2009/11/04 14:28:10 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\PeerNetworking
[2012/03/01 15:34:12 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\PixelPlanet
[2012/11/28 00:53:46 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Samsung
[2010/10/11 22:57:01 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\SystemRequirementsLab
[2012/02/21 18:55:33 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\TeamViewer
[2010/03/14 23:16:49 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Uniblue
[2012/11/30 23:01:43 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\uTorrent
[2012/09/23 23:26:33 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Xilinx
[2011/12/07 17:17:28 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Xilisoft Corporation
[2011/10/27 19:20:20 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\xm1
[2013/03/18 23:05:48 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\{9824CBCB-329D-487F-97B1-B09FEA68CA6C}
[2013/03/18 23:05:27 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\{AF7B0CE6-0629-4425-9E54-98864D50FAB1}

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:010ADD2C

< End of report >
  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP

Unable to replace file: C:\Windows\explorer.exe with C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe without a reboot.

That's normal since Explorer was in use. It apparently replaced it during the reboot if you are now able to open it normally.

Oddly enough OTL is still not happy with the file for some reason.

Has it made any difference on the flash disks?
  • 0

#9
mahi65

mahi65

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
actually during these steps i've done the infected flash disk was not connected to laptop.i tried an not infected external flash disk and connect it to laptop tonight, the previous problem(replacing all contents with a single shortcut) didn't happen again, but i am afraid of connecting my infected flash disk to laptop again.maybe the virus come to laptop again, what do you recommend to do with my infected flash disk? very thanks to your useful replies.
  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
Install AutoRun Eater v2.5
http://download.cnet...4-10752777.html
It will stay resident and prevent USB drives from infecting your PC. (Right click and Run As Admin when you install it)

It should be safe to inset a USB drive then. It will stop any autorun.inf files from infecting the PC. There is still a chance of a desktop.ini file which would infect the PC when you look at the USB drive with explorer. You can:

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Type with an Enter after each line:


X:

(Where X stands for the drive letter associated with your possibly infected USB drive.)

attrib -r -h -s desktop.ini

(if it says it can't find it then it's safe to open the USB with Explorer. Otherwise delete the file with the following command)
del desktop.ini
  • 0

#11
mahi65

mahi65

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
dear friend,
thanks a lot for your help. the problem of my laptop has been solved by your help but i had to format my cool disk, there is another PC in our home, i was infected in the same way of my laptop and still has the problem. could you please say in summary which above steps i must repeat for this PC and what was the problem exactly?

Best Regards
Mahnaz
  • 0

#12
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
You need to start a new topic for the second PC. Be sure to copy and paste the OTL log(s). I'm on a trip and won't be able to work the forum for a month.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP