Dear RKinner, thanks for your suggestions, here are the reports you ordered:OTL:OTL logfile created on: 4/27/2013 8:09:32 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\mahnaz\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.87 Gb Total Physical Memory | 0.90 Gb Available Physical Memory | 48.11% Memory free
3.98 Gb Paging File | 2.83 Gb Available in Paging File | 71.08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 244.68 Gb Total Space | 32.56 Gb Free Space | 13.31% Space Free | Partition Type: NTFS
Drive G: | 19.53 Gb Total Space | 2.92 Gb Free Space | 14.95% Space Free | Partition Type: NTFS
Drive H: | 21.48 Gb Total Space | 3.04 Gb Free Space | 14.17% Space Free | Partition Type: NTFS
Computer Name: MAHNAZ-PC | User Name: mahnaz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - [2013/04/26 16:07:37 | 000,192,000 | -HS- | M] () -- C:\Users\mahnaz\AppData\Local\Temp\1352570291.exe
PRC - [2013/04/22 18:11:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\mahnaz\Desktop\OTL.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/03/07 16:40:34 | 000,913,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2012/03/07 16:40:28 | 003,117,344 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2011/12/13 15:06:29 | 002,984,832 | ---- | M] (TeamViewer GmbH) -- C:\Users\mahnaz\temp\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2010/07/05 00:21:26 | 000,017,408 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2009/10/22 06:00:04 | 000,395,824 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnat.exe
PRC - [2009/10/22 05:59:58 | 000,113,200 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
PRC - [2009/10/22 05:59:48 | 000,334,384 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnetdhcp.exe
PRC - [2009/10/22 04:47:54 | 000,563,760 | ---- | M] (VMware, Inc.) -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2009/05/21 14:28:38 | 000,874,768 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2009/05/21 13:04:14 | 000,473,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2009/02/05 04:31:30 | 000,538,472 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Mode Switch\VMSwitch.exe
PRC - [2009/01/24 22:01:26 | 000,559,656 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2009/01/21 21:37:42 | 000,313,264 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2009/01/21 21:37:42 | 000,192,512 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2009/01/20 04:13:04 | 000,394,536 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
PRC - [2009/01/20 00:19:20 | 000,203,624 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2009/01/20 00:19:20 | 000,112,488 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2009/01/15 01:08:38 | 005,184,872 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
PRC - [2009/01/06 06:34:54 | 000,109,088 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe
PRC - [2008/12/22 11:00:32 | 000,274,432 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Network Utility\LANUtil.exe
PRC - [2008/12/22 09:25:06 | 000,303,104 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Network Utility\NSUService.exe
PRC - [2008/12/20 01:32:08 | 001,771,368 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
PRC - [2008/12/20 01:32:08 | 000,415,592 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe
PRC - [2008/12/18 22:23:50 | 000,317,288 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\ISB Utility\ISBMgr.exe
PRC - [2008/10/29 10:59:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/09/18 22:29:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
PRC - [2008/09/16 23:33:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
PRC - [2008/01/21 06:53:53 | 001,143,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wercon.exe
PRC - [2008/01/21 06:53:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/01/15 05:43:00 | 000,063,176 | ---- | M] (CANON INC.) -- C:\Windows\System32\CNAC4RPK.EXE
PRC - [2007/01/05 07:18:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
========== Modules (No Company Name) ========== MOD - [2013/04/26 16:07:37 | 000,192,000 | -HS- | M] () -- C:\Users\mahnaz\AppData\Local\Temp\1352570291.exe
MOD - [2011/12/04 20:04:39 | 001,356,288 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\cac78a264e7ac9299057eb2416c86000\System.WorkflowServices.ni.dll
MOD - [2011/12/04 20:04:00 | 001,706,496 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\5046de252a0e714c78207b5dd01a89bd\System.ServiceModel.Web.ni.dll
MOD - [2011/12/04 19:56:31 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\bf3b757c821a36e6a9c7c1988b39a15d\System.IdentityModel.Selectors.ni.dll
MOD - [2011/12/04 19:56:29 | 001,070,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\3fb6b9b320c78fa02be3fa8ce26b7559\System.IdentityModel.ni.dll
MOD - [2011/12/04 19:56:25 | 002,345,472 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\0393b1448497e28ae9bbfed9be19bd3e\System.Runtime.Serialization.ni.dll
MOD - [2011/12/04 19:56:19 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\06bb41fe681650a017fa2c99e197edf0\SMDiagnostics.ni.dll
MOD - [2011/12/04 19:56:17 | 017,403,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\0dd1924dbe8ac43b923a28409d351619\System.ServiceModel.ni.dll
MOD - [2011/12/04 19:51:40 | 011,800,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0a1195c6b5fab213527364c9e8b26ef0\System.Web.ni.dll
MOD - [2011/12/04 19:50:56 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\aa3e053d433c48e1e8c3f436b4de1ed3\System.Configuration.ni.dll
MOD - [2011/12/04 19:23:23 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll
MOD - [2011/12/04 19:22:15 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll
MOD - [2011/12/04 19:21:33 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll
MOD - [2011/12/04 19:15:30 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll
MOD - [2011/12/04 19:14:40 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2010/07/05 02:02:38 | 000,010,752 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerCOM.dll
MOD - [2010/07/05 02:02:36 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll
MOD - [2010/07/05 00:21:26 | 000,017,408 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
MOD - [2010/06/21 16:45:36 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Diagnostics.ServiceModelSink\3.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Diagnostics.ServiceModelSink.dll
MOD - [2009/04/08 02:24:30 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\SPMDam\3.1.0.6020__1b3c579b6925895f\SPMDam.dll
MOD - [2009/04/08 02:24:29 | 000,086,016 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\SPMCommon\3.1.0.6020__e3c7096ba83f9295\SPMCommon.dll
MOD - [2009/01/20 00:19:22 | 000,010,752 | ---- | M] () -- C:\Program Files\Sony\VAIO Event Service\VESBasePS.dll
MOD - [2007/09/20 19:34:58 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
========== Services (SafeList) ========== SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/11/22 16:08:12 | 000,957,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Update\VUAgent.exe -- (VUAgent)
SRV - [2012/09/17 00:22:47 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/09 22:55:48 | 000,279,552 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Serviio\bin\ServiioService.exe -- (Serviio)
SRV - [2012/03/07 16:40:34 | 000,913,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2011/12/13 15:06:29 | 002,984,832 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Users\mahnaz\temp\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/10/22 06:00:04 | 000,395,824 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnat.exe -- (VMware NAT Service)
SRV - [2009/10/22 05:59:58 | 000,113,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2009/10/22 05:59:48 | 000,334,384 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2009/10/22 04:47:54 | 000,563,760 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2009/10/12 15:32:24 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60)
SRV - [2009/05/21 14:28:38 | 000,874,768 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2009/05/21 13:04:14 | 000,473,360 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2009/05/02 15:40:35 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/01/24 22:01:26 | 000,559,656 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/01/21 21:37:44 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2009/01/21 21:37:42 | 000,313,264 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2009/01/21 21:37:42 | 000,192,512 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2009/01/20 23:26:06 | 000,120,104 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2009/01/20 23:22:18 | 000,091,432 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe -- (SOHPlMgr)
SRV - [2009/01/20 23:21:48 | 000,075,048 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2009/01/20 23:21:18 | 000,390,440 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)
SRV - [2009/01/20 23:20:48 | 000,070,952 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe -- (SOHDBSvr)
SRV - [2009/01/20 04:13:04 | 000,394,536 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2009/01/20 00:19:20 | 000,203,624 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2009/01/17 09:29:08 | 000,083,240 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper)
SRV - [2009/01/15 01:08:38 | 005,184,872 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2009/01/08 11:40:32 | 000,114,688 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2009/01/06 06:34:54 | 000,109,088 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe -- (RtkAudioService)
SRV - [2008/12/22 09:25:06 | 000,303,104 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\Network Utility\NSUService.exe -- (NSUService)
SRV - [2008/12/20 01:32:08 | 000,415,592 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV - [2008/09/18 22:29:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2008/09/16 23:33:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)
SRV - [2008/01/21 06:53:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/11/07 08:58:18 | 003,004,416 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90)
SRV - [2007/01/05 07:18:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/03/14 09:40:04 | 000,148,504 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfw.sys -- (epfw)
DRV - [2012/03/14 09:40:02 | 000,169,080 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm)
DRV - [2012/03/14 09:40:02 | 000,120,152 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2012/03/14 09:40:02 | 000,050,624 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\epfwwfp.sys -- (epfwwfp)
DRV - [2012/03/14 09:40:02 | 000,033,656 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\EpfwLWF.sys -- (EpfwLWF)
DRV - [2011/10/04 10:14:35 | 000,195,968 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2010/07/26 18:55:42 | 000,068,240 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\idmwfp.sys -- (IDMWFP)
DRV - [2010/07/05 00:21:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2010/04/10 13:59:52 | 000,016,000 | ---- | M] (Xilinx, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\xpc4drvr.sys -- (XilinxPC4Driver)
DRV - [2009/10/22 06:00:46 | 000,853,936 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmx86.sys -- (vmx86)
DRV - [2009/10/22 06:00:44 | 000,070,704 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmci.sys -- (vmci)
DRV - [2009/10/22 06:00:44 | 000,026,288 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV - [2009/10/22 06:00:44 | 000,023,216 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMkbd.sys -- (vmkbd)
DRV - [2009/10/22 04:47:52 | 000,032,304 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hcmon.sys -- (hcmon)
DRV - [2009/10/22 01:13:36 | 000,031,280 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmusb.sys -- (vmusb)
DRV - [2009/10/22 01:13:32 | 000,036,400 | R--- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV - [2009/10/22 01:13:32 | 000,016,560 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2009/10/12 15:31:52 | 000,022,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2009/09/01 22:19:26 | 000,019,584 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\aticir.sys -- (AtiIrRcvr)
DRV - [2009/09/01 22:17:44 | 001,080,832 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atinavrr.sys -- (ATIAVPCI)
DRV - [2009/05/28 22:41:28 | 004,233,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2008/11/25 11:11:52 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
DRV - [2008/11/19 04:38:46 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
DRV - [2008/10/23 04:32:23 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\risdptsk.sys -- (risdptsk)
DRV - [2008/10/23 04:32:02 | 000,068,608 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008/08/26 04:31:46 | 000,023,712 | ---- | M] (Sony Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\shpf.sys -- (shpf)
DRV - [2008/07/08 14:02:48 | 000,029,568 | ---- | M] (Spectrum Digital Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sdusb2em.sys -- (sdusb2em)
DRV - [2008/06/07 04:32:55 | 000,131,000 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2008/04/25 01:36:40 | 000,017,920 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV - [2008/01/25 06:44:25 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2008/01/21 06:53:26 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2007/09/04 16:53:34 | 000,055,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Team Tools\Performance Tools\VSPerfDrv90.sys -- (VSPerfDrv90)
DRV - [2007/07/07 09:11:58 | 000,026,120 | ---- | M] (Rainbow Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SNTNLUSB.SYS -- (Sntnlusb)
DRV - [2007/04/18 07:39:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2006/11/10 16:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
DRV - [2005/09/05 22:30:22 | 000,028,743 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2005/08/16 11:23:10 | 000,038,422 | ---- | M] (Generic) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\StMp3Rec.sys -- (StMp3Rec)
DRV - [2004/10/22 07:58:48 | 000,028,296 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\xds560.sys -- (XDS560)
DRV - [2004/10/22 07:57:40 | 000,006,112 | ---- | M] (Texas Instruments Incorporated) [Kernel | Auto | Running] -- C:\Windows\System32\xdsfast1.sys -- (xdsfast1)
DRV - [2004/10/22 07:57:40 | 000,003,968 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drpkiont.sys -- (drpkiont)
DRV - [2004/05/26 21:56:58 | 000,003,200 | ---- | M] (Altium Limited) [Kernel | Auto | Running] -- C:\Windows\System32\altio.sys -- (altio)
DRV - [2001/03/01 02:15:00 | 000,006,144 | ---- | M] (Erik Salaj) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ioport.sys -- (IOPort)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://search.live.c...ferrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://vaio-online.sony.com/IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchPage =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://google.com/IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://search.live.c...ferrer:source?}IE - HKCU\..\SearchScopes\{8E13C345-C393-4DC1-ABDF-503E89EADC4F}: "URL" =
http://search.yahoo....p={searchTerms}IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\mahnaz\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\mahnaz\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\mahnaz\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\mahnaz\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\
[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012/11/29 22:13:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\
[email protected]: C:\Users\mahnaz\AppData\Roaming\IDM\idmmzcc3 [2011/09/15 21:26:21 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\
[email protected]: C:\Users\mahnaz\AppData\Roaming\IDM\idmmzcc3 [2011/09/15 21:26:21 | 000,000,000 | ---D | M]
[2012/03/29 19:15:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mahnaz\AppData\Roaming\Mozilla\Extensions
========== Chrome ========== CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
http://www.google.com/CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\mahnaz\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\mahnaz\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\mahnaz\AppData\Local\Google\Chrome\Application\26.0.1410.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\mahnaz\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Babylon Chrome Plugin (Enabled) = C:\Users\mahnaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.4_0\BabylonChromePI.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\mahnaz\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\mahnaz\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Users\mahnaz\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\mahnaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\mahnaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Gmail = C:\Users\mahnaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2010/05/24 23:23:44 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (Microsoft Web Test Recorder 9.0 Helper) - {E31CE47F-C268-41ba-897B-B415E613947D} - C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO90.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [VMSwitch] C:\Program Files\Sony\VAIO Mode Switch\VMSwitch.exe (Sony Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MSNetDDNowiz] C:\Users\mahnaz\AppData\Local\Temp\1352570291.exe ()
O4 - HKCU..\Run: [NSUFloatingUI] C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Simorgh Client - {afaf756a-600b-48df-a1d1-0a173eb5ec26} - C:\Program Files\Nosa\Simorgh\HTTPClient\SimWinClt.exe (Iran Software & Hardware Co. (NOSA))
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}
http://download.bitd...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
http://ereg.ut.ac.ir/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3216F67A-F1D5-4887-9CF3-41A1042B3CAC}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\textwareilluminatorbase {CE5CD329-1650-414A-8DB0-4CBF72FAED87} - C:\Windows\System32\textwareilluminatorbaseProtocol.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - File not found
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Users\mahnaz\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\mahnaz\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 02:13:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0fc96c87-dbe7-11de-8ffb-00214ff8b58b}\Shell - "" = AutoRun
O33 - MountPoints2\{0fc96c87-dbe7-11de-8ffb-00214ff8b58b}\Shell\AutoRun\command - "" = "H:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{0fc96cc4-dbe7-11de-8ffb-00214ff8b58b}\Shell - "" = AutoRun
O33 - MountPoints2\{0fc96cc4-dbe7-11de-8ffb-00214ff8b58b}\Shell\AutoRun\command - "" = H:\start.exe
O33 - MountPoints2\{8e93a18e-c0c4-11de-8705-001dbab85ad7}\Shell - "" = AutoRun
O33 - MountPoints2\{8e93a18e-c0c4-11de-8705-001dbab85ad7}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ========== [2013/04/27 19:33:41 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/04/22 19:04:38 | 000,000,000 | --SD | C] -- C:\Users\mahnaz\Documents\My Data Sources
[2013/04/22 18:11:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\mahnaz\Desktop\OTL.exe
[2013/04/21 19:15:02 | 000,000,000 | ---D | C] -- C:\Users\mahnaz\AppData\Roaming\Malwarebytes
[2013/04/21 19:14:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/04/21 19:14:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/04/21 19:14:07 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/04/21 19:14:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/04/18 00:44:08 | 000,000,000 | ---D | C] -- C:\Users\mahnaz\Desktop\bbbb
[2013/04/18 00:31:49 | 000,000,000 | ---D | C] -- C:\Users\mahnaz\Desktop\USB flash drive contents replaced with a single shortcut _ The Captain's Log_files
[2013/04/18 00:31:28 | 002,738,264 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\mahnaz\Desktop\procexp.exe
[2013/04/17 23:59:58 | 000,000,000 | ---D | C] -- C:\Users\mahnaz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
[2013/04/17 23:59:58 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2013/04/14 23:12:46 | 000,000,000 | ---D | C] -- C:\Users\mahnaz\Desktop\ax13.92
[2013/04/01 16:04:55 | 000,000,000 | ---D | C] -- C:\Users\mahnaz\Desktop\mohamad
[5 C:\Users\mahnaz\Desktop\*.tmp files -> C:\Users\mahnaz\Desktop\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2013/04/27 20:06:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3233104117-2109178606-3299732699-1003UA.job
[2013/04/27 20:00:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/04/27 19:52:57 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/27 19:52:57 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/27 19:52:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/27 19:52:51 | 2008,064,000 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/27 19:51:59 | 000,015,972 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013/04/27 19:34:40 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\mahnaz\Desktop\aswMBR.exe
[2013/04/27 19:30:13 | 000,000,270 | ---- | M] () -- C:\Windows\tasks\Check Updates for Windows Live Toolbar.job
[2013/04/25 19:12:54 | 000,001,053 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Canon LBP5000 Status Window.lnk
[2013/04/22 19:06:01 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3233104117-2109178606-3299732699-1003Core.job
[2013/04/22 18:11:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\mahnaz\Desktop\OTL.exe
[2013/04/22 17:58:30 | 000,692,900 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/04/22 17:58:30 | 000,138,400 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/04/21 19:14:14 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/17 09:49:28 | 000,144,366 | ---- | M] () -- C:\Users\mahnaz\Desktop\USB flash drive contents replaced with a single shortcut _ The Captain's Log.htm
[2013/04/12 00:10:37 | 000,002,088 | ---- | M] () -- C:\Users\mahnaz\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[5 C:\Users\mahnaz\Desktop\*.tmp files -> C:\Users\mahnaz\Desktop\*.tmp -> ]
========== Files Created - No Company Name ========== [2013/04/21 19:14:14 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/18 00:31:49 | 000,144,366 | ---- | C] () -- C:\Users\mahnaz\Desktop\USB flash drive contents replaced with a single shortcut _ The Captain's Log.htm
[2013/01/31 13:04:36 | 000,000,034 | ---- | C] () -- C:\Windows\cvavr.ini
[2012/12/29 11:07:44 | 000,000,600 | ---- | C] () -- C:\Users\mahnaz\AppData\Local\PUTTY.RND
[2012/11/10 11:45:38 | 000,053,248 | ---- | C] () -- C:\Windows\System32\HPPMLVS.dll
[2012/08/23 13:03:29 | 000,000,502 | ---- | C] () -- C:\Windows\System32\CNCMFP34.INI
[2012/08/13 14:22:31 | 000,000,063 | ---- | C] () -- C:\Windows\TEXTware.ini
[2012/08/13 14:22:04 | 000,321,024 | ---- | C] () -- C:\Windows\System32\textwareilluminatorbaseProtocol.dll
[2012/08/13 14:22:03 | 000,113,288 | ---- | C] () -- C:\Windows\System32\bass.dll
[2012/08/13 14:22:02 | 000,147,456 | ---- | C] () -- C:\Windows\System32\Twavbx32.dll
[2012/08/13 14:22:02 | 000,018,432 | ---- | C] () -- C:\Windows\System32\TWAIED02.DLL
[2012/08/13 14:21:59 | 000,143,360 | ---- | C] () -- C:\Windows\System32\ILXTBS.DLL
[2012/04/17 21:46:00 | 000,000,411 | ---- | C] () -- C:\Users\mahnaz\Documents - Shortcut (2).lnk
[2012/02/01 13:10:09 | 000,000,042 | ---- | C] () -- C:\Windows\Narcis.INI
[2012/01/07 12:18:34 | 000,000,600 | ---- | C] () -- C:\Users\mahnaz\AppData\Roaming\winscp.rnd
[2011/10/30 16:31:53 | 000,018,410 | ---- | C] () -- C:\Users\mahnaz\report.pdf
[2011/10/30 16:31:53 | 000,003,383 | ---- | C] () -- C:\Users\mahnaz\report.synctex.gz
[2011/10/30 16:29:47 | 000,000,544 | ---- | C] () -- C:\Users\mahnaz\report.dvi
[2011/10/30 16:29:47 | 000,000,009 | ---- | C] () -- C:\Users\mahnaz\report.aux
[2011/10/30 16:29:27 | 000,001,171 | ---- | C] () -- C:\Users\mahnaz\report.tex
[2011/10/27 19:07:15 | 000,044,413 | ---- | C] () -- C:\Users\mahnaz\my first.pdf
[2011/10/27 19:07:14 | 000,000,084 | ---- | C] () -- C:\Users\mahnaz\my first.aux
[2011/10/27 19:06:05 | 000,000,699 | ---- | C] () -- C:\Users\mahnaz\my first.tex
[2011/05/14 23:56:51 | 000,000,411 | ---- | C] () -- C:\Users\mahnaz\Documents - Shortcut.lnk
[2011/05/14 20:50:33 | 000,000,126 | ---- | C] () -- C:\Windows\mdm.ini
[2011/05/14 20:50:27 | 000,000,535 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011/05/13 11:04:31 | 000,006,550 | ---- | C] () -- C:\Windows\jautoexp.dat
[2011/05/11 23:27:51 | 000,001,191 | ---- | C] () -- C:\Users\mahnaz\.opgalaxy7.vr
[2011/02/07 20:22:38 | 000,000,268 | ---- | C] () -- C:\Users\mahnaz\quartus2.ini
[2010/11/13 13:52:01 | 000,000,600 | ---- | C] () -- C:\Users\mahnaz\PUTTY.RND
[2010/05/24 08:43:44 | 000,001,356 | ---- | C] () -- C:\Users\mahnaz\AppData\Local\d3d9caps.dat
[2010/03/01 21:01:08 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/01/23 19:56:04 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/11/04 14:28:10 | 000,029,128 | ---- | C] () -- C:\Users\mahnaz\AppData\Roaming\UserTile.png
[2009/10/24 22:21:39 | 000,000,112 | ---- | C] () -- C:\ProgramData\wrWin.ini
[2009/10/22 11:57:25 | 000,106,496 | ---- | C] () -- C:\Users\mahnaz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2002/01/01 01:22:31 | 024,605,022 | ---- | C] () -- C:\Users\mahnaz\iAUDIO - Who.Let.The.Whores.Out.XXX.DVDrip.XviD-NOGRP.[www.torrentfive.com]1.avi
========== ZeroAccess Check ========== [2006/11/02 17:24:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011/01/21 20:16:32 | 011,582,464 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/03/03 09:06:24 | 000,615,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/01/21 06:54:03 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ========== [2012/08/12 22:45:33 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Acapela Group
[2012/04/21 20:34:51 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\AlilG
[2013/04/25 00:00:05 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Altium2004_SP4
[2010/05/29 20:11:36 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\BitDefender
[2012/08/13 14:22:48 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Cambridge
[2012/08/23 13:23:23 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Canon
[2009/12/04 01:10:33 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\COWON
[2011/09/10 23:01:16 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Digiarty
[2011/10/30 12:51:32 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\DMCache
[2012/11/19 22:10:40 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\ESET
[2011/09/14 21:49:07 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\GetRightToGo
[2011/05/30 23:05:56 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\HDI
[2011/01/21 02:46:36 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Helios
[2010/04/10 14:36:06 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\hte
[2012/09/05 13:05:34 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\IDM
[2012/07/06 22:53:29 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Import Audio from Video
[2009/12/04 15:47:05 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\InterVideo
[2012/07/11 14:40:12 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Mp3 Audio Editor
[2010/05/03 14:01:36 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\MuPAD
[2012/01/07 12:49:44 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\NetSarang
[2012/11/30 09:16:34 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Notepad++
[2011/07/19 23:34:49 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\ooVoo Details
[2009/11/04 14:28:10 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\PeerNetworking
[2012/03/01 15:34:12 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\PixelPlanet
[2012/11/28 00:53:46 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Samsung
[2010/10/11 22:57:01 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\SystemRequirementsLab
[2012/02/21 18:55:33 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\TeamViewer
[2010/03/14 23:16:49 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Uniblue
[2012/11/30 23:01:43 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\uTorrent
[2012/09/23 23:26:33 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Xilinx
[2011/12/07 17:17:28 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Xilisoft Corporation
[2011/10/27 19:20:20 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\xm1
[2013/03/18 23:05:48 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\{9824CBCB-329D-487F-97B1-B09FEA68CA6C}
[2013/03/18 23:05:27 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\{AF7B0CE6-0629-4425-9E54-98864D50FAB1}
========== Purity Check ========== ========== Files - Unicode (All) ==========[2013/01/26 22:41:41 | 000,023,798 | ---- | C] ()(C:\Users\mahnaz\Desktop\????????.docx) -- C:\Users\mahnaz\Desktop\پرسشنامه.docx
[2012/08/12 22:10:08 | 000,023,798 | ---- | M] ()(C:\Users\mahnaz\Desktop\????????.docx) -- C:\Users\mahnaz\Desktop\پرسشنامه.docx
========== Alternate Data Streams ========== @Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:010ADD2C
< End of report >
**
****************************************************************************************************************
aswMBr report :aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-04-27 20:20:20
-----------------------------
20:20:20.324 OS Version: Windows 6.0.6001 Service Pack 1
20:20:20.324 Number of processors: 2 586 0x170A
20:20:20.324 ComputerName: MAHNAZ-PC UserName: mahnaz
20:20:23.210 Initialize success
20:26:56.941 AVAST engine defs: 13042700
20:32:57.725 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:32:57.725 Disk 0 Vendor: Hitachi_ FB4O Size: 305245MB BusType: 3
20:32:57.725 Disk 1 \Device\Harddisk1\DR1 -> \Device\00000085
20:32:57.725 Disk 1 Vendor: RICOH 01 Size: 305245MB BusType: 0
20:32:57.741 Disk 2 \Device\Harddisk2\DR2 -> \Device\00000086
20:32:57.741 Disk 2 Vendor: RICOH 02 Size: 305245MB BusType: 0
20:32:58.271 Disk 0 MBR read successfully
20:32:58.271 Disk 0 MBR scan
20:32:58.661 Disk 0 Windows VISTA default MBR code
20:32:58.739 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 12689 MB offset 2048
20:32:58.770 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 250554 MB offset 25989120
20:32:58.770 Disk 0 Partition - 00 0F Extended LBA 22000 MB offset 539125760
20:32:58.895 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 19999 MB offset 584181760
20:32:59.425 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 21999 MB offset 539127808
20:32:59.457 Disk 0 scanning sectors +625139712
20:32:59.644 Disk 0 scanning C:\Windows\system32\drivers
20:33:20.612 Service scanning
20:34:06.148 Modules scanning
20:34:42.663 AVAST engine scan C:\Windows
20:34:48.485 AVAST engine scan C:\Windows\system32
20:36:03.166 File: C:\Windows\system32\ND5202.OCX **INFECTED** Win32:Malware-gen
20:39:03.840 AVAST engine scan C:\Windows\system32\drivers
20:39:24.806 AVAST engine scan C:\Users\mahnaz
20:44:20.312 Disk 0 MBR has been saved successfully to "C:\Users\mahnaz\Desktop\MBR.dat"
20:44:20.327 The log file has been saved successfully to "C:\Users\mahnaz\Desktop\aswMBR.txt"
***************************************************************************************************
Combo report : ComboFix 13-04-27.04 - mahnaz 04/27/2013 20:53:10.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1914.837 [GMT 4.5:30]
Running from: c:\users\mahnaz\Desktop\ComboFix.exe
AV: ESET Smart Security 5.2 *Disabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET Personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.2 *Disabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\prefs.js
c:\programdata\Roaming
c:\windows\system32\html
c:\windows\system32\html\calendar.html
c:\windows\system32\html\calendarbottom.html
c:\windows\system32\html\calendartop.html
c:\windows\system32\html\crystalexportdialog.htm
c:\windows\system32\html\crystalprinthost.html
c:\windows\system32\images
c:\windows\system32\images\toolbar\calendar.gif
c:\windows\system32\images\toolbar\crlogo.gif
c:\windows\system32\images\toolbar\export.gif
c:\windows\system32\images\toolbar\export_over.gif
c:\windows\system32\images\toolbar\exportd.gif
c:\windows\system32\images\toolbar\First.gif
c:\windows\system32\images\toolbar\first_over.gif
c:\windows\system32\images\toolbar\Firstd.gif
c:\windows\system32\images\toolbar\gotopage.gif
c:\windows\system32\images\toolbar\gotopage_over.gif
c:\windows\system32\images\toolbar\gotopaged.gif
c:\windows\system32\images\toolbar\grouptree.gif
c:\windows\system32\images\toolbar\grouptree_over.gif
c:\windows\system32\images\toolbar\grouptreed.gif
c:\windows\system32\images\toolbar\grouptreepressed.gif
c:\windows\system32\images\toolbar\Last.gif
c:\windows\system32\images\toolbar\last_over.gif
c:\windows\system32\images\toolbar\Lastd.gif
c:\windows\system32\images\toolbar\Next.gif
c:\windows\system32\images\toolbar\next_over.gif
c:\windows\system32\images\toolbar\Nextd.gif
c:\windows\system32\images\toolbar\Prev.gif
c:\windows\system32\images\toolbar\prev_over.gif
c:\windows\system32\images\toolbar\Prevd.gif
c:\windows\system32\images\toolbar\print.gif
c:\windows\system32\images\toolbar\print_over.gif
c:\windows\system32\images\toolbar\printd.gif
c:\windows\system32\images\toolbar\Refresh.gif
c:\windows\system32\images\toolbar\refresh_over.gif
c:\windows\system32\images\toolbar\refreshd.gif
c:\windows\system32\images\toolbar\Search.gif
c:\windows\system32\images\toolbar\search_over.gif
c:\windows\system32\images\toolbar\searchd.gif
c:\windows\system32\images\toolbar\up.gif
c:\windows\system32\images\toolbar\up_over.gif
c:\windows\system32\images\toolbar\upd.gif
c:\windows\system32\images\tree\begindots.gif
c:\windows\system32\images\tree\beginminus.gif
c:\windows\system32\images\tree\beginplus.gif
c:\windows\system32\images\tree\blank.gif
c:\windows\system32\images\tree\blankdots.gif
c:\windows\system32\images\tree\dots.gif
c:\windows\system32\images\tree\lastdots.gif
c:\windows\system32\images\tree\lastminus.gif
c:\windows\system32\images\tree\lastplus.gif
c:\windows\system32\images\tree\Magnify.gif
c:\windows\system32\images\tree\minus.gif
c:\windows\system32\images\tree\minusbox.gif
c:\windows\system32\images\tree\plus.gif
c:\windows\system32\images\tree\plusbox.gif
c:\windows\system32\images\tree\singleminus.gif
c:\windows\system32\images\tree\singleplus.gif
.
.
((((((((((((((((((((((((( Files Created from 2013-03-27 to 2013-04-27 )))))))))))))))))))))))))))))))
.
.
2013-04-27 16:41 . 2013-04-27 16:41 -------- d-----w- c:\users\mahnaz\AppData\Local\temp
2013-04-27 16:41 . 2013-04-27 16:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-27 15:03 . 2013-04-27 15:03 -------- d-----w- C:\_OTL
2013-04-26 08:12 . 2013-04-10 03:08 6906960 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F6E77386-1962-4C5D-ACF9-145BA894BBD1}\mpengine.dll
2013-04-21 14:45 . 2013-04-21 14:45 -------- d-----w- c:\users\mahnaz\AppData\Roaming\Malwarebytes
2013-04-21 14:44 . 2013-04-21 14:44 -------- d-----w- c:\programdata\Malwarebytes
2013-04-21 14:44 . 2013-04-21 14:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-04-21 14:44 . 2013-04-04 10:20 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-17 19:29 . 2013-04-17 19:37 -------- d-----w- c:\program files\Unlocker
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-11 20:40 . 2009-11-16 08:26 237088 ------w- c:\windows\system32\MpSigStub.exe
2013-01-31 08:34 . 2013-01-31 08:34 796672 ----a-w- c:\windows\GPInstall.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2010-07-26 12:09 70776 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2008-12-22 274432]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"IDMan"="c:\_otl\MovedFiles\04272013_193340\C_Program Files\Internet Download Manager\IDMan.exe" [2011-09-14 3241312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2008-12-18 317288]
"VMSwitch"="c:\program files\Sony\VAIO Mode Switch\VMSwitch.exe" [2009-02-05 538472]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-10 835584]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-01-06 6703648]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-11-29 145944]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-11-29 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-11-29 170520]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-12-03 35184]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2012-03-07 3117344]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Canon LBP5000 Status Window.lnk - c:\windows\System32\spool\drivers\w32x86\3\CNAC4LAK.EXE [2011-7-26 50848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-01-19 19:49 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Canon LBP5000 Status Window.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Canon LBP5000 Status Window.lnk
backup=c:\windows\pss\Canon LBP5000 Status Window.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Maximum Notifier.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Maximum Notifier.lnk
backup=c:\windows\pss\Maximum Notifier.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TMMonitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\TMMonitor.lnk
backup=c:\windows\pss\TMMonitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^mahnaz^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Audio Filter.lnk]
path=c:\users\mahnaz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Audio Filter.lnk
backup=c:\windows\pss\Audio Filter.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^mahnaz^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LingvoSoft Talking Dictionary 2008 (English-Persian (Farsi)).lnk]
path=c:\users\mahnaz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LingvoSoft Talking Dictionary 2008 (English-Persian (Farsi)).lnk
backup=c:\windows\pss\LingvoSoft Talking Dictionary 2008 (English-Persian (Farsi)).lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^mahnaz^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\mahnaz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^mahnaz^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Serviio.lnk]
path=c:\users\mahnaz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Serviio.lnk
backup=c:\windows\pss\Serviio.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-03-18 06:49 207360 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-06-24 15:36 136176 ----atw- c:\users\mahnaz\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- c:\users\mahnaz\AppData\Roaming\Google\Google Talk\googletalk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 08:14 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2012-05-25 00:55 6595928 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ooVoo.exe]
2011-05-18 04:55 22631608 ----a-w- c:\program files\ooVoo\ooVoo.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl11]
2011-08-24 01:13 230696 ------w- c:\program files\CyberLink\PowerDVD11\PDVD11Serv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2010-07-14 08:50 322352 ----a-w- c:\program files\uTorrent\uTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vmware-tray]
2009-10-22 01:29 129584 ----a-w- c:\program files\VMware\VMware Workstation\vmware-tray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Web Freer]
2012-04-24 01:05 1408512 ----a-w- c:\program files\WebFreer\webfreer.exe
.
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
bdx REG_MULTI_SZ sysagent
.
Contents of the 'Scheduled Tasks' folder
.
2013-04-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-16 19:52]
.
2013-04-27 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 18:20]
.
2013-04-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3233104117-2109178606-3299732699-1003Core.job
- c:\users\mahnaz\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-24 15:36]
.
2013-04-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3233104117-2109178606-3299732699-1003UA.job
- c:\users\mahnaz\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-24 15:36]
.
2010-12-19 c:\windows\Tasks\User_Feed_Synchronization-{D34B2B1C-6357-4E46-A503-06D1B6884F01}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uInternet Settings,ProxyOverride = <local>
IE: Download all links with IDM - c:\_otl\MovedFiles\04272013_193340\C_Program Files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\_otl\MovedFiles\04272013_193340\C_Program Files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\_otl\MovedFiles\04272013_193340\C_Program Files\Internet Download Manager\IEExt.htm
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{afaf756a-600b-48df-a1d1-0a173eb5ec26} - c:\program files\Nosa\Simorgh\HTTPClient\SimWinClt.exe
LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll
TCP: DhcpNameServer = 192.168.1.1
Handler: ms-its51 - {F6F1E82D-DE4D-11D2-875C-0000F8105754} - c:\program files\Common Files\microsoft shared\Information Retrieval\itss51.dll
.
.
------- File Associations -------
.
.txt=TXT_File
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-Babylon Client - c:\program files\Babylon\Babylon-Pro\Babylon.exe
MSConfigStartUp-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
MSConfigStartUp-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
MSConfigStartUp-NeroFilterCheck - c:\program files\Common Files\Nero\Lib\NeroCheck.exe
MSConfigStartUp-SpyEmergency - c:\program files\NETGATE\Spy Emergency\SpyEmergency.exe
MSConfigStartUp-VMpTtray - c:\program files\Sony\VAIO Media plus\VMpTtray.exe
AddRemove-MTI ModelSim SE 6.1b Deinstall Key - c:\modeltech_6.1b\win32\Uninst.isu
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2013-04-27 21:11
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
*****************************************************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3233104117-2109178606-3299732699-1003_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):95,a4,b7,a0,e8,dc,be,f2,a4,80,68,c0,6f,74,bc,9d,1b,2e,b2,e2,35,
a8,fb,7a,f4,d4,6b,75,f1,c6,1b,69,88,59,3c,05,a1,73,53,25,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-3233104117-2109178606-3299732699-1003_Classes\CLSID\{79e6dc9d-4d1d-49c6-9954-3e572c0112f6}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000148
"Therad"=dword:00000016
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-3233104117-2109178606-3299732699-1003_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):9f,1e,05,11,b6,c4,66,ae,be,68,f4,e8,39,c1,22,30,89,e2,0f,8c,b2,
20,36,14,1b,45,f3,8a,fe,5b,ca,46,da,5c,31,df,21,f9,1c,39,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-3233104117-2109178606-3299732699-1003_Classes\CLSID\{8863a079-8457-401f-b3fb-92b7d5795e7b}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000b9
"Therad"=dword:00000023
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,8b,ad,e6,ed,fc,08,a4,c2,e4,3a,d3,41,b6,93,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0014\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2013-04-27 21:14:51
ComboFix-quarantined-files.txt 2013-04-27 16:44
.
Pre-Run: 35,342,249,984 bytes free
Post-Run: 46,073,806,848 bytes free
.
- - End Of File - - 12AE1D04E24544FA12424E5464BCF39E
**************************************************************************************************************
TDSSKiller report :
21:50:43.0765 4128 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
21:50:45.0793 4128 ============================================================
21:50:45.0793 4128 Current date / time: 2013/04/27 21:50:45.0793
21:50:45.0793 4128 SystemInfo:
21:50:45.0793 4128
21:50:45.0793 4128 OS Version: 6.0.6001 ServicePack: 1.0
21:50:45.0793 4128 Product type: Workstation
21:50:45.0793 4128 ComputerName: MAHNAZ-PC
21:50:45.0793 4128 UserName: mahnaz
21:50:45.0793 4128 Windows directory: C:\Windows
21:50:45.0793 4128 System windows directory: C:\Windows
21:50:45.0793 4128 Processor architecture: Intel x86
21:50:45.0793 4128 Number of processors: 2
21:50:45.0793 4128 Page size: 0x1000
21:50:45.0793 4128 Boot type: Normal boot
21:50:45.0793 4128 ============================================================
21:50:46.0449 4128 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:50:46.0480 4128 ============================================================
21:50:46.0480 4128 \Device\Harddisk0\DR0:
21:50:46.0495 4128 MBR partitions:
21:50:46.0495 4128 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x18C9000, BlocksNum 0x1E95D2A0
21:50:46.0527 4128 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x20227000, BlocksNum 0x2AF7800
21:50:46.0527 4128 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x22D1E800, BlocksNum 0x270F800
21:50:46.0527 4128 ============================================================
21:50:46.0698 4128 C: <-> \Device\Harddisk0\DR0\Partition1
21:50:47.0322 4128 G: <-> \Device\Harddisk0\DR0\Partition3
21:50:47.0509 4128 H: <-> \Device\Harddisk0\DR0\Partition2
21:50:47.0509 4128 ============================================================
21:50:47.0509 4128 Initialize success
21:50:47.0509 4128 ============================================================
21:50:51.0987 5448 ============================================================
21:50:51.0987 5448 Scan started
21:50:51.0987 5448 Mode: Manual;
21:50:51.0987 5448 ============================================================
21:50:52.0798 5448 ================ Scan system memory ========================
21:50:52.0798 5448 System memory - ok
21:50:52.0798 5448 ================ Scan services =============================
21:50:53.0047 5448 [ 1BFDC35DE9CC3F6F9CBDCDD0456005E4 ] ACDaemon C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
21:50:53.0047 5448 ACDaemon - ok
21:50:53.0297 5448 [ FCB8C7210F0135E24C6580F7F649C73C ] ACPI C:\Windows\system32\drivers\acpi.sys
21:50:53.0297 5448 ACPI - ok
21:50:53.0391 5448 [ 3FD8DC2C9735C2AA70155102CFB93EDA ] AdobeActiveFileMonitor7.0 C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
21:50:53.0391 5448 AdobeActiveFileMonitor7.0 - ok
21:50:53.0515 5448 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:50:53.0515 5448 AdobeFlashPlayerUpdateSvc - ok
21:50:53.0609 5448 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
21:50:53.0625 5448 adp94xx - ok
21:50:53.0640 5448 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
21:50:53.0640 5448 adpahci - ok
21:50:53.0671 5448 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
21:50:53.0671 5448 adpu160m - ok
21:50:53.0687 5448 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
21:50:53.0687 5448 adpu320 - ok
21:50:53.0749 5448 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:50:53.0749 5448 AeLookupSvc - ok
21:50:53.0812 5448 [ FE3EA6E9AFC1A78E6EDCA121E006AFB7 ] Afc C:\Windows\system32\drivers\Afc.sys
21:50:53.0812 5448 Afc - ok
21:50:53.0968 5448 [ 48EB99503533C27AC6135648E5474457 ] AFD C:\Windows\system32\drivers\afd.sys
21:50:53.0983 5448 AFD - ok
21:50:54.0061 5448 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
21:50:54.0061 5448 agp440 - ok
21:50:54.0077 5448 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
21:50:54.0077 5448 aic78xx - ok
21:50:54.0093 5448 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
21:50:54.0093 5448 ALG - ok
21:50:54.0108 5448 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
21:50:54.0108 5448 aliide - ok
21:50:54.0186 5448 [ 5E90A956526086634547BF8093FEB699 ] altio C:\Windows\system32\altio.sys
21:50:54.0186 5448 altio - ok
21:50:54.0202 5448 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
21:50:54.0202 5448 amdagp - ok
21:50:54.0217 5448 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
21:50:54.0217 5448 amdide - ok
21:50:54.0280 5448 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
21:50:54.0280 5448 AmdK7 - ok
21:50:54.0295 5448 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
21:50:54.0295 5448 AmdK8 - ok
21:50:54.0358 5448 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
21:50:54.0373 5448 Appinfo - ok
21:50:54.0436 5448 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
21:50:54.0451 5448 arc - ok
21:50:54.0514 5448 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
21:50:54.0514 5448 arcsas - ok
21:50:54.0529 5448 [ 857B48965A0503B7AB795D4BFE7CBD8B ] ArcSoftKsUFilter C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
21:50:54.0529 5448 ArcSoftKsUFilter - ok
21:50:54.0919 5448 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
21:50:54.0951 5448 aspnet_state - ok
21:50:55.0029 5448 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:50:55.0029 5448 AsyncMac - ok
21:50:55.0075 5448 [ 2D9C903DC76A66813D350A562DE40ED9 ] atapi C:\Windows\system32\drivers\atapi.sys
21:50:55.0075 5448 atapi - ok
21:50:55.0278 5448 [ 939C7B5F43096BE8511780D2EECCF6BE ] ATIAVPCI C:\Windows\system32\DRIVERS\atinavrr.sys
21:50:55.0356 5448 ATIAVPCI - ok
21:50:55.0419 5448 [ 7E963AFC33AC3A0E234F96FA5DDB4CFB ] AtiIrRcvr C:\Windows\system32\DRIVERS\aticir.sys
21:50:55.0419 5448 AtiIrRcvr - ok
21:50:55.0481 5448 [ 42076E29AAFA0830A2C5D4E310F58DD1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:50:55.0497 5448 AudioEndpointBuilder - ok
21:50:55.0497 5448 [ 42076E29AAFA0830A2C5D4E310F58DD1 ] Audiosrv C:\Windows\System32\Audiosrv.dll
21:50:55.0497 5448 Audiosrv - ok
21:50:55.0621 5448 [ 6163664C7E9CD110AF70180C126C3FDC ] BcmSqlStartupSvc C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
21:50:55.0621 5448 BcmSqlStartupSvc - ok
21:50:55.0699 5448 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
21:50:55.0699 5448 Beep - ok
21:50:55.0762 5448 [ 8582E233C346AEFE759833E8A30DD697 ] BFE C:\Windows\System32\bfe.dll
21:50:55.0762 5448 BFE - ok
21:50:55.0965 5448 [ 02ED7B4DBC2A3232A389106DA7515C3D ] BITS C:\Windows\system32\qmgr.dll
21:50:55.0980 5448 BITS - ok
21:50:56.0027 5448 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
21:50:56.0043 5448 blbdrive - ok
21:50:56.0105 5448 [ 8153396D5551276227FA146900F734E6 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:50:56.0105 5448 bowser - ok
21:50:56.0167 5448 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
21:50:56.0167 5448 BrFiltLo - ok
21:50:56.0167 5448 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
21:50:56.0167 5448 BrFiltUp - ok
21:50:56.0183 5448 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
21:50:56.0199 5448 Browser - ok
21:50:56.0245 5448 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
21:50:56.0245 5448 Brserid - ok
21:50:56.0261 5448 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
21:50:56.0261 5448 BrSerWdm - ok
21:50:56.0277 5448 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
21:50:56.0277 5448 BrUsbMdm - ok
21:50:56.0277 5448 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
21:50:56.0277 5448 BrUsbSer - ok
21:50:56.0339 5448 [ AE19CFBBBA41800F3D5343E21D2CA09F ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
21:50:56.0339 5448 BthEnum - ok
21:50:56.0355 5448 [ 5FFA6988FF9597986FF2ADA736CC90C0 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
21:50:56.0355 5448 BTHMODEM - ok
21:50:56.0386 5448 [ 5904EFA25F829BF84EA6FB045134A1D8 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
21:50:56.0386 5448 BthPan - ok
21:50:56.0448 5448 [ 75F19DF0BC62992D05FDD8A32D968531 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
21:50:56.0464 5448 BTHPORT - ok
21:50:56.0526 5448 [ FC930B47A83F5F61DFADC64A0719DE43 ] BthServ C:\Windows\System32\bthserv.dll
21:50:56.0526 5448 BthServ - ok
21:50:56.0526 5448 [ 4CE2A25C5936BC515357D60FEE73F221 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
21:50:56.0526 5448 BTHUSB - ok
21:50:56.0682 5448 [ 6E41621E03D91167CEAE555CE2B468B8 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
21:50:56.0698 5448 btwaudio - ok
21:50:56.0729 5448 [ 7E67B295081B33EA22C0FB04798B306C ] btwavdt C:\Windows\system32\drivers\btwavdt.sys
21:50:56.0729 5448 btwavdt - ok
21:50:56.0947 5448 [ 2C50A18375EF2571F09D9DAF83192762 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
21:50:56.0947 5448 btwdins - ok
21:50:57.0010 5448 [ 54C2EE0A3CEC586629035D771AACAE67 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
21:50:57.0010 5448 btwl2cap - ok
21:50:57.0057 5448 [ 4B4F992EE709C40EFD33BA4D2BAFA402 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
21:50:57.0057 5448 btwrchid - ok
21:50:57.0431 5448 catchme - ok
21:50:57.0509 5448 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:50:57.0509 5448 cdfs - ok
21:50:57.0587 5448 [ 1EC25CEA0DE6AC4718BF89F9E1778B57 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
21:50:57.0587 5448 cdrom - ok
21:50:57.0649 5448 [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] CertPropSvc C:\Windows\System32\certprop.dll
21:50:57.0665 5448 CertPropSvc - ok
21:50:57.0681 5448 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
21:50:57.0681 5448 circlass - ok
21:50:57.0696 5448 [ 465745561C832B29F7C48B488AAB3842 ] CLFS C:\Windows\system32\CLFS.sys
21:50:57.0696 5448 CLFS - ok
21:50:57.0790 5448 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:50:57.0805 5448 clr_optimization_v2.0.50727_32 - ok
21:50:57.0915 5448 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:50:57.0915 5448 clr_optimization_v4.0.30319_32 - ok
21:50:57.0993 5448 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
21:50:57.0993 5448 CmBatt - ok
21:50:57.0993 5448 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:50:57.0993 5448 cmdide - ok
21:50:58.0055 5448 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
21:50:58.0071 5448 Compbatt - ok
21:50:58.0071 5448 COMSysApp - ok
21:50:58.0102 5448 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
21:50:58.0102 5448 crcdisk - ok
21:50:58.0117 5448 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
21:50:58.0117 5448 Crusoe - ok
21:50:58.0180 5448 [ 6DE363F9F99334514C46AEC02D3E3678 ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:50:58.0180 5448 CryptSvc - ok
21:50:58.0258 5448 [ 301AE00E12408650BADDC04DBC832830 ] DcomLaunch C:\Windows\system32\rpcss.dll
21:50:58.0258 5448 DcomLaunch - ok
21:50:58.0351 5448 [ A3E9FA213F443AC77C7746119D13FEEC ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:50:58.0383 5448 DfsC - ok
21:50:58.0617 5448 [ FA3463F25F9CC9C3BCF1E7912FEFF099 ] DFSR C:\Windows\system32\DFSR.exe
21:50:58.0679 5448 DFSR - ok
21:50:58.0757 5448 [ 43A988A9C10333476CB5FB667CBD629D ] Dhcp C:\Windows\System32\dhcpcsvc.dll
21:50:58.0773 5448 Dhcp - ok
21:50:58.0851 5448 [ 64109E623ABD6955C8FB110B592E68B7 ] disk C:\Windows\system32\drivers\disk.sys
21:50:58.0851 5448 disk - ok
21:50:58.0913 5448 [ F206E28ED74C491FD5D7C0A1119CE37F ] DMICall C:\Windows\system32\DRIVERS\DMICall.sys
21:50:58.0913 5448 DMICall - ok
21:50:58.0960 5448 [ 4805D9A6D281C7A7DEFD9094DEC6AF7D ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:50:58.0960 5448 Dnscache - ok
21:50:58.0975 5448 [ 5AF620A08C614E24206B79E8153CF1A8 ] dot3svc C:\Windows\System32\dot3svc.dll
21:50:58.0975 5448 dot3svc - ok
21:50:59.0053 5448 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
21:50:59.0069 5448 DPS - ok
21:50:59.0100 5448 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:50:59.0100 5448 drmkaud - ok
21:50:59.0163 5448 [ 5B2410766376CB6B2BE95B6D6824B771 ] drpkiont C:\Windows\system32\drpkiont.sys
21:50:59.0163 5448 drpkiont - ok
21:50:59.0194 5448 [ 85F33880B8CFB554BD3D9CCDB486845A ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:50:59.0209 5448 DXGKrnl - ok
21:50:59.0256 5448 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
21:50:59.0256 5448 E1G60 - ok
21:50:59.0397 5448 [ 8A45015E85A4DCE0086B9973F0FD9A20 ] eamonm C:\Windows\system32\DRIVERS\eamonm.sys
21:50:59.0397 5448 eamonm - ok
21:50:59.0459 5448 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
21:50:59.0459 5448 EapHost - ok
21:50:59.0521 5448 [ DD2CD259D83D8B72C02C5F2331FF9D68 ] Ecache C:\Windows\system32\drivers\ecache.sys
21:50:59.0521 5448 Ecache - ok
21:50:59.0584 5448 [ 5412ED24FFFCA64E2F0168399B86C952 ] ehdrv C:\Windows\system32\DRIVERS\ehdrv.sys
21:50:59.0584 5448 ehdrv - ok
21:50:59.0662 5448 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:50:59.0677 5448 ehRecvr - ok
21:50:59.0693 5448 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
21:50:59.0693 5448 ehSched - ok
21:50:59.0693 5448 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
21:50:59.0693 5448 ehstart - ok
21:50:59.0818 5448 [ AD4FAADE819E0DA9933BEA7C01D2C763 ] ekrn C:\Program Files\ESET\ESET Smart Security\ekrn.exe
21:50:59.0818 5448 ekrn - ok
21:50:59.0896 5448 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
21:50:59.0911 5448 elxstor - ok
21:50:59.0943 5448 [ 70B1A86DF0C8EAD17D2BC332EDAE2C7C ] EMDMgmt C:\Windows\system32\emdmgmt.dll
21:50:59.0958 5448 EMDMgmt - ok
21:51:00.0067 5448 [ 774BABCB1144513DC86992003740B774 ] epfw C:\Windows\system32\DRIVERS\epfw.sys
21:51:00.0083 5448 epfw - ok
21:51:00.0083 5448 [ 2C22CC39309EE06AE870C183BF2A769D ] EpfwLWF C:\Windows\system32\DRIVERS\EpfwLWF.sys
21:51:00.0083 5448 EpfwLWF - ok
21:51:00.0161 5448 [ 2B4E5F01A4E786B422F4D617B51FA7D9 ] epfwwfp C:\Windows\system32\DRIVERS\epfwwfp.sys
21:51:00.0161 5448 epfwwfp - ok
21:51:00.0223 5448 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:51:00.0223 5448 ErrDev - ok
21:51:00.0301 5448 [ 3CB3343D720168B575133A0A20DC2465 ] EventSystem C:\Windows\system32\es.dll
21:51:00.0317 5448 EventSystem - ok
21:51:00.0442 5448 [ 791464A9E9ADE063327A29F1B3F1A86C ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
21:51:00.0442 5448 EvtEng - ok
21:51:00.0520 5448 [ 0D858EB20589A34EFB25695ACAA6AA2D ] exfat C:\Windows\system32\drivers\exfat.sys
21:51:00.0520 5448 exfat - ok
21:51:00.0551 5448 [ 3C489390C2E2064563727752AF8EAB9E ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:51:00.0551 5448 fastfat - ok
21:51:00.0645 5448 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
21:51:00.0660 5448 fdc - ok
21:51:00.0676 5448 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
21:51:00.0676 5448 fdPHost - ok
21:51:00.0691 5448 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
21:51:00.0707 5448 FDResPub - ok
21:51:00.0707 5448 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:51:00.0723 5448 FileInfo - ok
21:51:00.0723 5448 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:51:00.0723 5448 Filetrace - ok
21:51:00.0801 5448 [ F76D04F7413B07DAA029F6520B64B4E8 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
21:51:00.0801 5448 FLEXnet Licensing Service - ok
21:51:00.0832 5448 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
21:51:00.0847 5448 flpydisk - ok
21:51:00.0847 5448 [ 05EA53AFE985443011E36DAB07343B46 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:51:00.0847 5448 FltMgr - ok
21:51:00.0925 5448 [ C9BE08664611DDAF98E2331E9288B00B ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:51:00.0941 5448 FontCache3.0.0.0 - ok
21:51:00.0957 5448 [ 65EA8B77B5851854F0C55C43FA51A198 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:51:00.0957 5448 Fs_Rec - ok
21:51:00.0972 5448 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
21:51:00.0972 5448 gagp30kx - ok
21:51:01.0019 5448 [ D9F1113D9401185245573350712F92FC ] gpsvc C:\Windows\System32\gpsvc.dll
21:51:01.0019 5448 gpsvc - ok
21:51:01.0081 5448 [ 1F79859A8C1D7C14EF6207852F622ADD ] hcmon C:\Windows\system32\drivers\hcmon.sys
21:51:01.0081 5448 hcmon - ok
21:51:01.0175 5448 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:51:01.0191 5448 HdAudAddService - ok
21:51:01.0206 5448 [ C87B1EE051C0464491C1A7B03FA0BC99 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
21:51:01.0206 5448 HDAudBus - ok
21:51:01.0269 5448 [ 2FE6EF94B64D2DA60F400EB643086220 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
21:51:01.0269 5448 HidBth - ok
21:51:01.0284 5448 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
21:51:01.0284 5448 HidIr - ok
21:51:01.0315 5448 [ 8FA640195279ACE21BEA91396A0054FC ] hidserv C:\Windows\System32\hidserv.dll
21:51:01.0315 5448 hidserv - ok
21:51:01.0362 5448 [ E2B5BD48AFCC0F0974FB44641B223250 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
21:51:01.0362 5448 HidUsb - ok
21:51:01.0378 5448 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:51:01.0378 5448 hkmsvc - ok
21:51:01.0409 5448 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
21:51:01.0409 5448 HpCISSs - ok
21:51:01.0471 5448 [ 46D67209550973257601A533E2AC5785 ] HSFHWAZL C:\Windows\system32\DRIVERS\VSTAZL3.SYS
21:51:01.0487 5448 HSFHWAZL - ok
21:51:01.0581 5448 [ 7BC42C65B5C6281777C1A7605B253BA8 ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys
21:51:01.0596 5448 HSF_DPV - ok
21:51:01.0721 5448 [ 9EBF2D102CCBB6BCDFBF1B7922F8BA2E ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys
21:51:01.0721 5448 HSXHWAZL - ok
21:51:01.0815 5448 [ 96E241624C71211A79C84F50A8E71CAB ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:51:01.0815 5448 HTTP - ok
21:51:01.0846 5448 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
21:51:01.0846 5448 i2omp - ok
21:51:01.0908 5448 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
21:51:01.0908 5448 i8042prt - ok
21:51:01.0924 5448 [ DB0CC620B27A928D968C1A1E9CD9CB87 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
21:51:01.0924 5448 iaStor - ok
21:51:01.0939 5448 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
21:51:01.0955 5448 iaStorV - ok
21:51:02.0049 5448 [ 8FE13DC6828973E8B4326AD89A39B117 ] IDMWFP C:\Windows\system32\DRIVERS\idmwfp.sys
21:51:02.0049 5448 IDMWFP - ok
21:51:02.0189 5448 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
21:51:02.0205 5448 IDriverT - ok
21:51:02.0392 5448 [ 7B630ACAED64FEF0C3E1CF255CB56686 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:51:02.0407 5448 idsvc - ok
21:51:02.0517 5448 [ CE5FF5D5E3F4CA974E36DC24C15474D0 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
21:51:02.0595 5448 igfx - ok
21:51:02.0610 5448 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
21:51:02.0610 5448 iirsp - ok
21:51:02.0641 5448 [ A3BC480A2BF8AA8E4DABD2D5DCE0AFAC ] IKEEXT C:\Windows\System32\ikeext.dll
21:51:02.0657 5448 IKEEXT - ok
21:51:02.0922 5448 [ 3AA1F82EFA2B0454AF163124C9920D16 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
21:51:02.0969 5448 IntcAzAudAddService - ok
21:51:03.0000 5448 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
21:51:03.0016 5448 intelide - ok
21:51:03.0031 5448 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:51:03.0031 5448 intelppm - ok
21:51:03.0094 5448 [ F7C534DEF663B4E847E44F20927F5ED2 ] IOPort C:\Windows\system32\DRIVERS\IOPORT.SYS
21:51:03.0094 5448 IOPort - ok
21:51:03.0125 5448 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:51:03.0125 5448 IPBusEnum - ok
21:51:03.0141 5448 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:51:03.0141 5448 IpFilterDriver - ok
21:51:03.0203 5448 [ 6A35D233693EDC29A12742049BC5E37F ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:51:03.0219 5448 iphlpsvc - ok
21:51:03.0219 5448 IpInIp - ok
21:51:03.0250 5448 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
21:51:03.0250 5448 IPMIDRV - ok
21:51:03.0265 5448 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
21:51:03.0265 5448 IPNAT - ok
21:51:03.0281 5448 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:51:03.0281 5448 IRENUM - ok
21:51:03.0297 5448 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:51:03.0297 5448 isapnp - ok
21:51:03.0359 5448 [ F247EEC28317F6C739C16DE420097301 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
21:51:03.0359 5448 iScsiPrt - ok
21:51:03.0390 5448 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
21:51:03.0406 5448 iteatapi - ok
21:51:03.0421 5448 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
21:51:03.0421 5448 iteraid - ok
21:51:03.0484 5448 [ 213822072085B5BBAD9AF30AB577D817 ] IviRegMgr C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
21:51:03.0484 5448 IviRegMgr - ok
21:51:03.0515 5448 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
21:51:03.0515 5448 kbdclass - ok
21:51:03.0531 5448 [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
21:51:03.0531 5448 kbdhid - ok
21:51:03.0562 5448 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] KeyIso C:\Windows\system32\lsass.exe
21:51:03.0562 5448 KeyIso - ok
21:51:03.0593 5448 [ 7A0CF7908B6824D6A2A1D313E5AE3DCA ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:51:03.0593 5448 KSecDD - ok
21:51:03.0655 5448 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
21:51:03.0671 5448 KtmRm - ok
21:51:03.0733 5448 [ 1925E63C91CF1610AE41BFD539062079 ] LanmanServer C:\Windows\System32\srvsvc.dll
21:51:03.0749 5448 LanmanServer - ok
21:51:03.0780 5448 [ 2AE2E1628C5D3F1C0A46A67C9FA1DF15 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:51:03.0780 5448 LanmanWorkstation - ok
21:51:03.0811 5448 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:51:03.0811 5448 lltdio - ok
21:51:03.0843 5448 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:51:03.0843 5448 lltdsvc - ok
21:51:03.0874 5448 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
21:51:03.0874 5448 lmhosts - ok
21:51:03.0889 5448 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
21:51:03.0889 5448 LSI_FC - ok
21:51:03.0889 5448 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
21:51:03.0905 5448 LSI_SAS - ok
21:51:03.0921 5448 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
21:51:03.0921 5448 LSI_SCSI - ok
21:51:03.0936 5448 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
21:51:03.0936 5448 luafv - ok
21:51:03.0967 5448 [ 4470E3C1E0C3378E4CAB137893C12C3A ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
21:51:03.0967 5448 MBAMProtector - ok
21:51:04.0077 5448 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
21:51:04.0092 5448 MBAMScheduler - ok
21:51:04.0155 5448 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
21:51:04.0186 5448 MBAMService - ok
21:51:04.0217 5448 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:51:04.0248 5448 Mcx2Svc - ok
21:51:04.0279 5448 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
21:51:04.0279 5448 mdmxsdk - ok
21:51:04.0342 5448 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
21:51:04.0357 5448 megasas - ok
21:51:04.0373 5448 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
21:51:04.0373 5448 MegaSR - ok
21:51:04.0482 5448 [ 7C4C76B39D5525C4A465E0BE32528E19 ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
21:51:04.0498 5448 Microsoft Office Groove Audit Service - ok
21:51:04.0513 5448 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
21:51:04.0513 5448 MMCSS - ok
21:51:04.0529 5448 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
21:51:04.0529 5448 Modem - ok
21:51:04.0560 5448 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:51:04.0560 5448 monitor - ok
21:51:04.0560 5448 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
21:51:04.0560 5448 mouclass - ok
21:51:04.0591 5448 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:51:04.0591 5448 mouhid - ok
21:51:04.0591 5448 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
21:51:04.0591 5448 MountMgr - ok
21:51:04.0654 5448 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
21:51:04.0685 5448 mpio - ok
21:51:04.0716 5448 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:51:04.0716 5448 mpsdrv - ok
21:51:04.0747 5448 [ D1639BA315B0D79DEC49A4B0E1FB929B ] MpsSvc C:\Windows\system32\mpssvc.dll
21:51:04.0747 5448 MpsSvc - ok
21:51:04.0810 5448 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
21:51:04.0825 5448 Mraid35x - ok
21:51:04.0841 5448 [ AE3DE84536B6799D2267443CEC8EDBB9 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:51:04.0841 5448 MRxDAV - ok
21:51:04.0903 5448 [ 5734A0F2BE7E495F7D3ED6EFD4B9F5A1 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:51:04.0919 5448 mrxsmb - ok
21:51:04.0966 5448 [ 6B5FA5ADFACAC9DBBE0991F4566D7D55 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:51:04.0966 5448 mrxsmb10 - ok
21:51:04.0997 5448 [ 5C80D8159181C7ABF1B14BA703B01E0B ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:51:04.0997 5448 mrxsmb20 - ok
21:51:05.0044 5448 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys
21:51:05.0044 5448 msahci - ok
21:51:05.0059 5448 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:51:05.0059 5448 msdsm - ok
21:51:05.0091 5448 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
21:51:05.0091 5448 MSDTC - ok
21:51:05.0106 5448 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:51:05.0106 5448 Msfs - ok
21:51:05.0122 5448 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:51:05.0122 5448 msisadrv - ok
21:51:05.0137 5448 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:51:05.0153 5448 MSiSCSI - ok
21:51:05.0184 5448 msiserver - ok
21:51:05.0231 5448 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:51:05.0247 5448 MSKSSRV - ok
21:51:05.0293 5448 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:51:05.0309 5448 MSPCLOCK - ok
21:51:05.0325 5448 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:51:05.0325 5448 MSPQM - ok
21:51:05.0356 5448 [ B5614AECB05A9340AA0FB55BF561CC63 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:51:05.0356 5448 MsRPC - ok
21:51:05.0387 5448 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
21:51:05.0387 5448 mssmbios - ok
21:51:05.0434 5448 MSSQL$MSSMLBIZ - ok
21:51:05.0543 5448 [ C06EA83F6FC2959E897C117255B6B1D5 ] MSSQLServerADHelper C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
21:51:05.0543 5448 MSSQLServerADHelper - ok
21:51:05.0574 5448 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:51:05.0574 5448 MSTEE - ok
21:51:05.0933 5448 [ E514D0493C272AECBAC7C6C1DAC635D1 ] msvsmon90 C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe
21:51:05.0995 5448 msvsmon90 - ok
21:51:06.0027 5448 [ 6DFD1D322DE55B0B7DB7D21B90BEC49C ] Mup C:\Windows\system32\Drivers\mup.sys
21:51:06.0027 5448 Mup - ok
21:51:06.0058 5448 [ C43B25863FBD65B6D2A142AF3AE320CA ] napagent C:\Windows\system32\qagentRT.dll
21:51:06.0073 5448 napagent - ok
21:51:06.0120 5448 [ 3C21CE48FF529BB73DADB98770B54025 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:51:06.0120 5448 NativeWifiP - ok
21:51:06.0183 5448 [ 9BDC71790FA08F0A0B5F10462B1BD0B1 ] NDIS C:\Windows\system32\drivers\ndis.sys
21:51:06.0183 5448 NDIS - ok
21:51:06.0214 5448 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:51:06.0214 5448 NdisTapi - ok
21:51:06.0229 5448 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:51:06.0229 5448 Ndisuio - ok
21:51:06.0261 5448 [ 3D14C3B3496F88890D431E8AA022A411 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:51:06.0261 5448 NdisWan - ok
21:51:06.0276 5448 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:51:06.0276 5448 NDProxy - ok
21:51:06.0307 5448 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:51:06.0307 5448 NetBIOS - ok
21:51:06.0323 5448 [ 7C5FEE5B1C5728507CD96FB4A13E7A02 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
21:51:06.0323 5448 netbt - ok
21:51:06.0339 5448 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] Netlogon C:\Windows\system32\lsass.exe
21:51:06.0339 5448 Netlogon - ok
21:51:06.0385 5448 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
21:51:06.0385 5448 Netman - ok
21:51:06.0463 5448 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:51:06.0463 5448 NetMsmqActivator - ok
21:51:06.0463 5448 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:51:06.0479 5448 NetPipeActivator - ok
21:51:06.0510 5448 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
21:51:06.0510 5448 netprofm - ok
21:51:06.0526 5448 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:51:06.0526 5448 NetTcpActivator - ok
21:51:06.0526 5448 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:51:06.0526 5448 NetTcpPortSharing - ok
21:51:06.0697 5448 [ F0C42E0CDCE558D658FA53A222B4CCB1 ] NETw5v32 C:\Windows\system32\DRIVERS\NETw5v32.sys
21:51:06.0807 5448 NETw5v32 - ok
21:51:06.0822 5448 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
21:51:06.0822 5448 nfrd960 - ok
21:51:06.0853 5448 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
21:51:06.0853 5448 NlaSvc - ok
21:51:06.0900 5448 [ ECB5003F484F9ED6C608D6D6C7886CBB ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:51:06.0900 5448 Npfs - ok
21:51:06.0916 5448 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
21:51:06.0931 5448 nsi - ok
21:51:06.0947 5448 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:51:06.0947 5448 nsiproxy - ok
21:51:07.0025 5448 [ 276BFF84AD77DD23E1085E191F5A591F ] NSUService C:\Program Files\Sony\Network Utility\NSUService.exe
21:51:07.0025 5448 NSUService - ok
21:51:07.0103 5448 [ B4EFFE29EB4F15538FD8A9681108492D ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:51:07.0119 5448 Ntfs - ok
21:51:07.0165 5448 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
21:51:07.0165 5448 ntrigdigi - ok
21:51:07.0181 5448 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
21:51:07.0181 5448 Null - ok
21:51:07.0212 5448 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:51:07.0212 5448 nvraid - ok
21:51:07.0228 5448 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:51:07.0228 5448 nvstor - ok
21:51:07.0243 5448 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:51:07.0243 5448 nv_agp - ok
21:51:07.0243 5448 NwlnkFlt - ok
21:51:07.0243 5448 NwlnkFwd - ok
21:51:07.0493 5448 [ 1F0E05DFF4F5A833168E49BE1256F002 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:51:07.0509 5448 odserv - ok
21:51:07.0540 5448 [ 790E27C3DB53410B40FF9EF2FD10A1D9 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
21:51:07.0540 5448 ohci1394 - ok
21:51:07.0555 5448 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:51:07.0555 5448 ose - ok
21:51:07.0618 5448 [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2pimsvc C:\Windows\system32\p2psvc.dll
21:51:07.0618 5448 p2pimsvc - ok
21:51:07.0633 5448 [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2psvc C:\Windows\system32\p2psvc.dll
21:51:07.0649 5448 p2psvc - ok
21:51:07.0696 5448 [ B8040C5C1FC1FBBBE5C78CB9EDA343EC ] PACSPTISVR C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
21:51:07.0696 5448 PACSPTISVR - ok
21:51:07.0727 5448 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
21:51:07.0727 5448 Parport - ok
21:51:07.0743 5448 [ 3B38467E7C3DAED009DFE359E17F139F ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:51:07.0743 5448 partmgr - ok
21:51:07.0758 5448 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
21:51:07.0758 5448 Parvdm - ok
21:51:07.0774 5448 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
21:51:07.0774 5448 PcaSvc - ok
21:51:07.0836 5448 [ 01B94418DEB235DFF777CC80076354B4 ] pci C:\Windows\system32\drivers\pci.sys
21:51:07.0836 5448 pci - ok
21:51:07.0836 5448 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys
21:51:07.0836 5448 pciide - ok
21:51:07.0852 5448 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
21:51:07.0852 5448 pcmcia - ok
21:51:07.0930 5448 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:51:07.0930 5448 PEAUTH - ok
21:51:08.0008 5448 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
21:51:08.0039 5448 pla - ok
21:51:08.0055 5448 [ 78F975CB6D18265BE6F492EDB2D7BC7B ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:51:08.0070 5448 PlugPlay - ok
21:51:08.0086 5448 [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
21:51:08.0086 5448 PNRPAutoReg - ok
21:51:08.0101 5448 [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPsvc C:\Windows\system32\p2psvc.dll
21:51:08.0117 5448 PNRPsvc - ok
21:51:08.0148 5448 [ 47B8F37AA18B74D8C2E1BC1A7A2C8F8A ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:51:08.0148 5448 PolicyAgent - ok
21:51:08.0179 5448 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:51:08.0179 5448 PptpMiniport - ok
21:51:08.0195 5448 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
21:51:08.0195 5448 Processor - ok
21:51:08.0226 5448 [ B627E4FC8585E8843C5905D4D3587A90 ] ProfSvc C:\Windows\system32\profsvc.dll
21:51:08.0226 5448 ProfSvc - ok
21:51:08.0242 5448 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:51:08.0242 5448 ProtectedStorage - ok
21:51:08.0257 5448 [ BFEF604508A0ED1EAE2A73E872555FFB ] PSched C:\Windows\system32\DRIVERS\pacer.sys
21:51:08.0257 5448 PSched - ok
21:51:08.0273 5448 [ 153D02480A0A2F45785522E814C634B6 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
21:51:08.0273 5448 PxHelp20 - ok
21:51:08.0351 5448 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
21:51:08.0367 5448 ql2300 - ok
21:51:08.0398 5448 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
21:51:08.0398 5448 ql40xx - ok
21:51:08.0413 5448 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
21:51:08.0429 5448 QWAVE - ok
21:51:08.0429 5448 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:51:08.0445 5448 QWAVEdrv - ok
21:51:08.0445 5448 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:51:08.0445 5448 RasAcd - ok
21:51:08.0460 5448 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
21:51:08.0460 5448 RasAuto - ok
21:51:08.0491 5448 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:51:08.0491 5448 Rasl2tp - ok
21:51:08.0523 5448 [ AFB474438762F0418060653F7294D92C ] RasMan C:\Windows\System32\rasmans.dll
21:51:08.0523 5448 RasMan - ok
21:51:08.0538 5448 [ 3E9D9B048107B40D87B97DF2E48E0744 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:51:08.0538 5448 RasPppoe - ok
21:51:08.0538 5448 [ A7D141684E9500AC928A772ED8E6B671 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:51:08.0538 5448 RasSstp - ok
21:51:08.0569 5448 [ 6E1C5D0457622F9EE35F683110E93D14 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:51:08.0569 5448 rdbss - ok
21:51:08.0616 5448 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:51:08.0616 5448 RDPCDD - ok
21:51:08.0647 5448 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
21:51:08.0647 5448 rdpdr - ok
21:51:08.0663 5448 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:51:08.0663 5448 RDPENCDD - ok
21:51:08.0710 5448 [ E1C18F4097A5ABCEC941DC4B2F99DB7E ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:51:08.0710 5448 RDPWD - ok
21:51:08.0757 5448 [ 001B4278407F4303EFC902A2B16F2453 ] regi C:\Windows\system32\drivers\regi.sys
21:51:08.0757 5448 regi - ok
21:51:08.0850 5448 [ 636AAFAD77BEABE192D01E7E74F4A45B ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
21:51:08.0850 5448 RegSrvc - ok
21:51:08.0913 5448 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
21:51:08.0928 5448 RemoteAccess - ok
21:51:08.0959 5448 [ CC4E32400F3C7253400CF8F3F3A0B676 ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:51:08.0959 5448 RemoteRegistry - ok
21:51:09.0006 5448 [ 23F486726DA7A9B2F3EC7326421A9C36 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
21:51:09.0006 5448 RFCOMM - ok
21:51:09.0069 5448 [ F7D9ECF41EBD3CF6C65944368150F66B ] rimsptsk C:\Windows\system32\DRIVERS\rimsptsk.sys
21:51:09.0069 5448 rimsptsk - ok
21:51:09.0100 5448 [ 1BE6C42767A7C67BA31AE32B293B37A3 ] risdptsk C:\Windows\system32\DRIVERS\risdptsk.sys
21:51:09.0100 5448 risdptsk - ok
21:51:09.0147 5448 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
21:51:09.0147 5448 RpcLocator - ok
21:51:09.0162 5448 [ 301AE00E12408650BADDC04DBC832830 ] RpcSs C:\Windows\System32\rpcss.dll
21:51:09.0162 5448 RpcSs - ok
21:51:09.0209 5448 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:51:09.0209 5448 rspndr - ok
21:51:09.0287 5448 [ 4B3795EBECAE570DEF38BA7924C2A3DC ] RtkAudioService C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe
21:51:09.0287 5448 RtkAudioService - ok
21:51:09.0303 5448 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] SamSs C:\Windows\system32\lsass.exe
21:51:09.0303 5448 SamSs - ok
21:51:09.0318 5448 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:51:09.0318 5448 sbp2port - ok
21:51:09.0349 5448 [ 11387E32642269C7E62E8B52C060B3C6 ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:51:09.0349 5448 SCardSvr - ok
21:51:09.0412 5448 [ 7B587B8A6D4A99F79D2902D0385F29BD ] Schedule C:\Windows\system32\schedsvc.dll
21:51:09.0427 5448 Schedule - ok
21:51:09.0443 5448 [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] SCPolicySvc C:\Windows\System32\certprop.dll
21:51:09.0443 5448 SCPolicySvc - ok
21:51:09.0474 5448 [ 126EA89BCC413EE45E3004FB0764888F ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
21:51:09.0474 5448 sdbus - ok
21:51:09.0505 5448 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:51:09.0505 5448 SDRSVC - ok
21:51:09.0583 5448 [ 448658656535D0DE20882EFBC6315BB7 ] sdusb2em C:\Windows\system32\Drivers\sdusb2em.sys
21:51:09.0583 5448 sdusb2em - ok
21:51:09.0599 5448 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:51:09.0599 5448 secdrv - ok
21:51:09.0615 5448 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
21:51:09.0615 5448 seclogon - ok
21:51:09.0630 5448 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll
21:51:09.0630 5448 SENS - ok
21:51:09.0708 5448 [ A8CBE554D43136F0272ABA0F8B693BE1 ] Sentinel C:\Windows\System32\Drivers\SENTINEL.SYS
21:51:09.0708 5448 Sentinel - ok
21:51:09.0708 5448 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
21:51:09.0724 5448 Serenum - ok
21:51:09.0739 5448 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
21:51:09.0739 5448 Serial - ok
21:51:09.0771 5448 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
21:51:09.0771 5448 sermouse - ok
21:51:09.0911 5448 [ A9AF077DDB5AEB97BCC5C41504E27223 ] Serviio C:\Program Files\Serviio\bin\ServiioService.exe
21:51:09.0911 5448 Serviio - ok
21:51:09.0942 5448 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
21:51:09.0958 5448 SessionEnv - ok
21:51:09.0973 5448 [ 8B7C1768D2CDE2E02E09A66563DDFD16 ] SFEP C:\Windows\system32\DRIVERS\SFEP.sys
21:51:09.0973 5448 SFEP - ok
21:51:10.0036 5448 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
21:51:10.0036 5448 sffdisk - ok
21:51:10.0051 5448 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:51:10.0051 5448 sffp_mmc - ok
21:51:10.0067 5448 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
21:51:10.0067 5448 sffp_sd - ok
21:51:10.0083 5448 [ C33BFBD6E9E41FCD9FFEF9729E9FAED6 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
21:51:10.0083 5448 sfloppy - ok
21:51:10.0114 5448 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
21:51:10.0114 5448 SharedAccess - ok
21:51:10.0176 5448 [ 1E3FDB80E40A3CE645F229DFBDFB7694 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:51:10.0176 5448 ShellHWDetection - ok
21:51:10.0239 5448 [ 0E0E7ECAF83F793EFFA080685E24D2DB ] shpf C:\Windows\system32\DRIVERS\shpf.sys
21:51:10.0239 5448 shpf - ok
21:51:10.0270 5448 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
21:51:10.0270 5448 sisagp - ok
21:51:10.0285 5448 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
21:51:10.0285 5448 SiSRaid2 - ok
21:51:10.0301 5448 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
21:51:10.0301 5448 SiSRaid4 - ok
21:51:10.0395 5448 [ 0BA91E1358AD25236863039BB2609A2E ] slsvc C:\Windows\system32\SLsvc.exe
21:51:10.0457 5448 slsvc - ok
21:51:10.0488 5448 [ 7C6DC44CA0BFA6291629AB764200D1D4 ] SLUINotify C:\Windows\system32\SLUINotify.dll
21:51:10.0488 5448 SLUINotify - ok
21:51:10.0535 5448 [ 031E6BCD53C9B2B9ACE111EAFEC347B6 ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:51:10.0535 5448 Smb - ok
21:51:10.0566 5448 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:51:10.0566 5448 SNMPTRAP - ok
21:51:10.0644 5448 [ A1FF7D99B199CEA1F3DF371BA70D2780 ] Sntnlusb C:\Windows\system32\DRIVERS\SNTNLUSB.SYS
21:51:10.0644 5448 Sntnlusb - ok
21:51:10.0675 5448 [ 7B24EFA2A60BA7388FECDA63AB24560A ] SOHCImp C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe
21:51:10.0691 5448 SOHCImp - ok
21:51:10.0691 5448 [ 140FCF5FFAE4EFBA9740A9FD8B49E0BF ] SOHDBSvr C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe
21:51:10.0707 5448 SOHDBSvr - ok
21:51:10.0722 5448 [ D8C244121A06B581B097D9617D94CFF1 ] SOHDms C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDms.exe
21:51:10.0738 5448 SOHDms - ok
21:51:10.0753 5448 [ 2DB561887EA122B946BBE2821473EDD8 ] SOHDs C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe
21:51:10.0753 5448 SOHDs - ok
21:51:10.0769 5448 [ AB9EE246A1EB2C3C7C6CB16E0B9462F7 ] SOHPlMgr C:\Program Files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe
21:51:10.0769 5448 SOHPlMgr - ok
21:51:10.0800 5448 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
21:51:10.0800 5448 spldr - ok
21:51:10.0831 5448 [ 3665F79026A3F91FBCA63F2C65A09B19 ] Spooler C:\Windows\System32\spoolsv.exe
21:51:10.0847 5448 Spooler - ok
21:51:10.0878 5448 [ B2EC3E1DEAC5F0A764BD3486D213A0AF ] SQLBrowser C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
21:51:10.0878 5448 SQLBrowser - ok
21:51:10.0909 5448 [ D2F4F32B59440011174B4F8137AF4E0C ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
21:51:10.0909 5448 SQLWriter - ok
21:51:10.0972 5448 [ 2252AEF839B1093D16761189F45AF885 ] srv C:\Windows\system32\DRIVERS\srv.sys
21:51:10.0972 5448 srv - ok
21:51:11.0034 5448 [ B7FF59408034119476B00A81BB53D5D1 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:51:11.0034 5448 srv2 - ok
21:51:11.0050 5448 [ 2ACCC9B12AF02030F531E6CCA6F8B76E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:51:11.0065 5448 srvnet - ok
21:51:11.0081 5448 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:51:11.0081 5448 SSDPSRV - ok
21:51:11.0143 5448 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:51:11.0143 5448 SstpSvc - ok
21:51:11.0206 5448 [ 7DD08A597BC56051F320DA0BAF69E389 ] stisvc C:\Windows\System32\wiaservc.dll
21:51:11.0206 5448 stisvc - ok
21:51:11.0253 5448 [ C99010707441D2428C90EB8D0069E153 ] StMp3Rec C:\Windows\system32\Drivers\StMp3Rec.sys
21:51:11.0253 5448 StMp3Rec - ok
21:51:11.0268 5448 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
21:51:11.0268 5448 swenum - ok
21:51:11.0284 5448 [ B36C7CDB86F7F7A8E884479219766950 ] swprv C:\Windows\System32\swprv.dll
21:51:11.0284 5448 swprv - ok
21:51:11.0299 5448 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
21:51:11.0315 5448 Symc8xx - ok
21:51:11.0315 5448 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
21:51:11.0315 5448 Sym_hi - ok
21:51:11.0331 5448 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
21:51:11.0346 5448 Sym_u3 - ok
21:51:11.0424 5448 [ 99DA94793332AADBB17BBB521AE56E21 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
21:51:11.0424 5448 SynTP - ok
21:51:11.0455 5448 [ 8710A92D0024B03B5FB9540DF1F71F1D ] SysMain C:\Windows\system32\sysmain.dll
21:51:11.0471 5448 SysMain - ok
21:51:11.0487 5448 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:51:11.0487 5448 TabletInputService - ok
21:51:11.0502 5448 [ 680916BB09EE0F3A6ACA7C274B0D633F ] TapiSrv C:\Windows\System32\tapisrv.dll
21:51:11.0502 5448 TapiSrv - ok
21:51:11.0518 5448 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
21:51:11.0518 5448 TBS - ok
21:51:11.0580 5448 [ 782568AB6A43160A159B6215B70BCCE9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:51:11.0596 5448 Tcpip - ok
21:51:11.0611 5448 [ 782568AB6A43160A159B6215B70BCCE9 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
21:51:11.0611 5448 Tcpip6 - ok
21:51:11.0643 5448 [ D4A2E4A4B011F3A883AF77315A5AE76B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:51:11.0643 5448 tcpipreg - ok
21:51:11.0658 5448 [ 55FE712F574DA1A726AD74B20886A529 ] TcUsb C:\Windows\system32\Drivers\tcusb.sys
21:51:11.0658 5448 TcUsb - ok
21:51:11.0674 5448 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:51:11.0674 5448 TDPIPE - ok
21:51:11.0689 5448 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:51:11.0689 5448 TDTCP - ok
21:51:11.0705 5448 [ D09276B1FAB033CE1D40DCBDF303D10F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:51:11.0705 5448 tdx - ok
21:51:11.0970 5448 [ 0BB489BB768E4131B3EDBAE8FD7AE0B2 ] TeamViewer7 C:\Users\mahnaz\temp\TeamViewer\Version7\TeamViewer_Service.exe
21:51:11.0986 5448 TeamViewer7 - ok
21:51:12.0033 5448 [ A048056F5E1A96A9BF3071B91741A5AA ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
21:51:12.0033 5448 TermDD - ok
21:51:12.0064 5448 [ D605031E225AACCBCEB5B76A4F1603A6 ] TermService C:\Windows\System32\termsrv.dll
21:51:12.0079 5448 TermService - ok
21:51:12.0111 5448 [ 1E3FDB80E40A3CE645F229DFBDFB7694 ] Themes C:\Windows\system32\shsvcs.dll
21:51:12.0111 5448 Themes - ok
21:51:12.0142 5448 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
21:51:12.0157 5448 THREADORDER - ok
21:51:12.0220 5448 [ CB258C2F726F1BE73C507022BE33EBB3 ] TPM C:\Windows\system32\drivers\tpm.sys
21:51:12.0220 5448 TPM - ok
21:51:12.0235 5448 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
21:51:12.0235 5448 TrkWks - ok
21:51:12.0282 5448 [ 16613A1BAD034D4ECF957AF18B7C2FF5 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:51:12.0282 5448 TrustedInstaller - ok
21:51:12.0298 5448 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:51:12.0298 5448 tssecsrv - ok
21:51:12.0313 5448 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
21:51:12.0313 5448 tunmp - ok
21:51:12.0360 5448 [ 6042505FF6FA9AC1EF7684D0E03B6940 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:51:12.0376 5448 tunnel - ok
21:51:12.0407 5448 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
21:51:12.0407 5448 uagp35 - ok
21:51:12.0438 5448 [ 63F6D08C54D5B3C1B12A6172032055C7 ] uCamMonitor C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
21:51:12.0438 5448 uCamMonitor - ok
21:51:12.0469 5448 [ 8B5088058FA1D1CD897A2113CCFF6C58 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:51:12.0469 5448 udfs - ok
21:51:12.0563 5448 [ 3F2D08B07CF67CB37E669A93E59A508C ] ufad-ws60 C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
21:51:12.0579 5448 ufad-ws60 - ok
21:51:12.0610 5448 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:51:12.0610 5448 UI0Detect - ok
21:51:12.0641 5448 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:51:12.0657 5448 uliagpkx - ok
21:51:12.0672 5448 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
21:51:12.0672 5448 uliahci - ok
21:51:12.0688 5448 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
21:51:12.0688 5448 UlSata - ok
21:51:12.0703 5448 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
21:51:12.0703 5448 ulsata2 - ok
21:51:12.0719 5448 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
21:51:12.0719 5448 umbus - ok
21:51:12.0750 5448 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
21:51:12.0750 5448 upnphost - ok
21:51:12.0813 5448 [ A7CD5B4ADEA26765CAB06BDAB7B07B13 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:51:12.0813 5448 usbccgp - ok
21:51:12.0828 5448 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
21:51:12.0828 5448 usbcir - ok
21:51:12.0875 5448 [ 686D4188AE36254C3008B71FEDACADF3 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
21:51:12.0875 5448 usbehci - ok
21:51:12.0891 5448 [ 4E42F665A658F08D153F7FFFE7C83806 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:51:12.0906 5448 usbhub - ok
21:51:12.0922 5448 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
21:51:12.0922 5448 usbohci - ok
21:51:12.0969 5448 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
21:51:12.0969 5448 usbprint - ok
21:51:13.0015 5448 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
21:51:13.0015 5448 usbscan - ok
21:51:13.0031 5448 [ 87BA6B83C5D19B69160968D07D6E2982 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:51:13.0031 5448 USBSTOR - ok
21:51:13.0093 5448 [ 40F95A3D6D50D82F947F1D167C2EC39D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
21:51:13.0093 5448 usbuhci - ok
21:51:13.0140 5448 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
21:51:13.0156 5448 usbvideo - ok
21:51:13.0171 5448 [ 032A0ACC3909AE7215D524E29D536797 ] UxSms C:\Windows\System32\uxsms.dll
21:51:13.0171 5448 UxSms - ok
21:51:13.0218 5448 [ 4E7135D6D0127067E4CFEE12259F895D ] VAIO Entertainment TV Device Arbitration Service C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
21:51:13.0218 5448 VAIO Entertainment TV Device Arbitration Service - ok
21:51:13.0249 5448 [ 73328C784ECFE7072BD102F370076B50 ] VAIO Event Service C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
21:51:13.0249 5448 VAIO Event Service - ok
21:51:13.0296 5448 [ 45A9AE4768840830D0239B52DFDC806A ] VAIO Power Management C:\Program Files\Sony\VAIO Power Management\SPMService.exe
21:51:13.0296 5448 VAIO Power Management - ok
21:51:13.0437 5448 [ 0ED1D51DCEC67F96CC313D02A1741CF3 ] VCFw C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
21:51:13.0452 5448 VCFw - ok
21:51:13.0499 5448 [ 7295A2B5795E7B8AA128E5DF5A29B656 ] VcmIAlzMgr C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
21:51:13.0499 5448 VcmIAlzMgr - ok
21:51:13.0515 5448 [ 69C36D2A7B2169C336D9CE193C9B655E ] VcmXmlIfHelper C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
21:51:13.0530 5448 VcmXmlIfHelper - ok
21:51:13.0530 5448 Vcsw - ok
21:51:13.0546 5448 [ B13BC395B9D6116628F5AF47E0802AC4 ] vds C:\Windows\System32\vds.exe
21:51:13.0561 5448 vds - ok
21:51:13.0593 5448 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:51:13.0593 5448 vga - ok
21:51:13.0593 5448 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
21:51:13.0593 5448 VgaSave - ok
21:51:13.0608 5448 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
21:51:13.0608 5448 viaagp - ok
21:51:13.0624 5448 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
21:51:13.0624 5448 ViaC7 - ok
21:51:13.0639 5448 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
21:51:13.0639 5448 viaide - ok
21:51:13.0702 5448 [ 85A0E62AC295B2958070EBF60CED22BC ] VMAuthdService C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
21:51:13.0702 5448 VMAuthdService - ok
21:51:13.0749 5448 [ 2847315DE9AC17C7FF5FA3059D935C07 ] vmci C:\Windows\system32\Drivers\vmci.sys
21:51:13.0749 5448 vmci - ok
21:51:13.0811 5448 [ AAEEF4444A6C2BB2E741DE684F2A5E56 ] vmkbd C:\Windows\system32\drivers\VMkbd.sys
21:51:13.0811 5448 vmkbd - ok
21:51:13.0873 5448 [ E41704D8149992107B333CC7A52C07CC ] VMnetAdapter C:\Windows\system32\DRIVERS\vmnetadapter.sys
21:51:13.0873 5448 VMnetAdapter - ok
21:51:13.0873 5448 [ 462F2A31EA8B87A28962ACA998DF1869 ] VMnetBridge C:\Windows\system32\DRIVERS\vmnetbridge.sys
21:51:13.0873 5448 VMnetBridge - ok
21:51:13.0905 5448 [ 9FAD0F49EDA6E16EC61BF7DD1A5107B3 ] VMnetDHCP C:\Windows\system32\vmnetdhcp.exe
21:51:13.0905 5448 VMnetDHCP - ok
21:51:13.0936 5448 [ 386234C03F38FA9EAE752F4CCA7C8336 ] VMnetuserif C:\Windows\system32\drivers\vmnetuserif.sys
21:51:13.0936 5448 VMnetuserif - ok
21:51:14.0014 5448 [ AFB10AD9AA91D2F70C9F0E6BDA0D119B ] vmusb C:\Windows\system32\Drivers\vmusb.sys
21:51:14.0014 5448 vmusb - ok
21:51:14.0076 5448 [ 346AF8B2BE7E2E349B0FCA70C55CAC03 ] VMUSBArbService C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
21:51:14.0076 5448 VMUSBArbService - ok
21:51:14.0092 5448 [ D3ECFDBFAFD965AFDAC299DEBE71B4C7 ] VMware NAT Service C:\Windows\system32\vmnat.exe
21:51:14.0107 5448 VMware NAT Service - ok
21:51:14.0185 5448 [ CF8215484F00AE5268A1B3A46DD69E17 ] vmx86 C:\Windows\system32\Drivers\vmx86.sys
21:51:14.0201 5448 vmx86 - ok
21:51:14.0248 5448 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:51:14.0248 5448 volmgr - ok
21:51:14.0279 5448 [ 98F5FFE6316BD74E9E2C97206C190196 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:51:14.0295 5448 volmgrx - ok
21:51:14.0326 5448 [ D8B4A53DD2769F226B3EB374374987C9 ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:51:14.0326 5448 volsnap - ok
21:51:14.0341 5448 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
21:51:14.0341 5448 vsmraid - ok
21:51:14.0482 5448 [ 0BD123313159CB8963D7A0404F7D96A5 ] VSPerfDrv90 C:\Program Files\Microsoft Visual Studio 9.0\Team Tools\Performance Tools\VSPerfDrv90.sys
21:51:14.0497 5448 VSPerfDrv90 - ok
21:51:14.0544 5448 [ D5FB73D19C46ADE183F968E13F186B23 ] VSS C:\Windows\system32\vssvc.exe
21:51:14.0560 5448 VSS - ok
21:51:14.0622 5448 [ 476A052B3CE506ED63A94018F3E979D5 ] vstor2-ws60 C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys
21:51:14.0622 5448 vstor2-ws60 - ok
21:51:14.0763 5448 [ 3D47CC68B2F57796AC12EE2AA8BEE2CF ] VUAgent C:\Program Files\Sony\VAIO Update\VUAgent.exe
21:51:14.0763 5448 VUAgent - ok
21:51:14.0841 5448 [ 79EB419F4A694B4514249E0D3DB16ECF ] VzCdbSvc C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
21:51:14.0841 5448 VzCdbSvc - ok
21:51:14.0856 5448 [ 1CF9206966A8458CDA9A8B20DF8AB7D3 ] W32Time C:\Windows\system32\w32time.dll
21:51:14.0856 5448 W32Time - ok
21:51:14.0903 5448 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
21:51:14.0903 5448 WacomPen - ok
21:51:14.0919 5448 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
21:51:14.0919 5448 Wanarp - ok
21:51:14.0934 5448 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:51:14.0934 5448 Wanarpv6 - ok
21:51:14.0981 5448 [ F3A5C2E1A6533192B070D06ECF6BE796 ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:51:14.0981 5448 wcncsvc - ok
21:51:14.0997 5448 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:51:14.0997 5448 WcsPlugInService - ok
21:51:15.0028 5448 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
21:51:15.0028 5448 Wd - ok
21:51:15.0059 5448 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:51:15.0059 5448 Wdf01000 - ok
21:51:15.0075 5448 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:51:15.0075 5448 WdiServiceHost - ok
21:51:15.0075 5448 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:51:15.0090 5448 WdiSystemHost - ok
21:51:15.0106 5448 [ CF9A5F41789B642DB967021DE06A2713 ] WebClient C:\Windows\System32\webclnt.dll
21:51:15.0106 5448 WebClient - ok
21:51:15.0137 5448 [ 905214925A88311FCE52F66153DE7610 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:51:15.0137 5448 Wecsvc - ok
21:51:15.0168 5448 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:51:15.0168 5448 wercplsupport - ok
21:51:15.0184 5448 [ FD1965AAA112C6818A30AB02742D0461 ] WerSvc C:\Windows\System32\WerSvc.dll
21:51:15.0184 5448 WerSvc - ok
21:51:15.0215 5448 [ 090A2B8F055343815556A01F725F6C35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
21:51:15.0215 5448 WimFltr - ok
21:51:15.0277 5448 [ 5A77AC34A0FFB70CE8B35B524FEDE9BA ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys
21:51:15.0293 5448 winachsf - ok
21:51:15.0355 5448 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
21:51:15.0355 5448 WinDefend - ok
21:51:15.0449 5448 [ 0A597F84BC8AF4229B529F655BB2BA14 ] WinDriver6 C:\Windows\system32\drivers\windrvr6.sys
21:51:15.0449 5448 WinDriver6 - ok
21:51:15.0449 5448 WinHttpAutoProxySvc - ok
21:51:15.0496 5448 [ 00B79A7C984678F24CF052E5BEB3A2F5 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:51:15.0511 5448 Winmgmt - ok
21:51:15.0558 5448 [ 20FC93FDC916843CFDFCAA7A1B0DB16F ] WinRM C:\Windows\system32\WsmSvc.dll
21:51:15.0574 5448 WinRM - ok
21:51:15.0605 5448 [ 275F4346E569DF56CFB95243BD6F6FF0 ] Wlansvc C:\Windows\System32\wlansvc.dll
21:51:15.0621 5448 Wlansvc - ok
21:51:15.0683 5448 [ 94A85E956A065E23E0010A6A7826243B ] WLSetupSvc C:\Program Files\Windows Live\installer\WLSetupSvc.exe
21:51:15.0683 5448 WLSetupSvc - ok
21:51:15.0699 5448 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
21:51:15.0699 5448 WmiAcpi - ok
21:51:15.0730 5448 [ ABA4CF9F856D9A3A25F4DDD7690A6E9D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:51:15.0730 5448 wmiApSrv - ok
21:51:15.0808 5448 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
21:51:15.0823 5448 WMPNetworkSvc - ok
21:51:15.0839 5448 [ 5D94CD167751294962BA238D82DD1BB8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:51:15.0855 5448 WPCSvc - ok
21:51:15.0870 5448 [ 396D406292B0CD26E3504FFE82784702 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:51:15.0870 5448 WPDBusEnum - ok
21:51:15.0933 5448 [ 0CEC23084B51B8288099EB710224E955 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
21:51:15.0933 5448 WpdUsb - ok
21:51:16.0120 5448 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
21:51:16.0120 5448 WPFFontCache_v0400 - ok
21:51:16.0135 5448 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:51:16.0135 5448 ws2ifsl - ok
21:51:16.0167 5448 [ 683DD16B590372F2C9661D277F35E49C ] wscsvc C:\Windows\system32\wscsvc.dll
21:51:16.0167 5448 wscsvc - ok
21:51:16.0167 5448 WSearch - ok
21:51:16.0276 5448 [ 6298277B73C77FA99106B271A7525163 ] wuauserv C:\Windows\system32\wuaueng.dll
21:51:16.0307 5448 wuauserv - ok
21:51:16.0385 5448 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:51:16.0385 5448 WUDFRd - ok
21:51:16.0401 5448 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:51:16.0416 5448 wudfsvc - ok
21:51:16.0432 5448 [ 88AF537264F2B818DA15479CEEAF5D7C ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys
21:51:16.0432 5448 XAudio - ok
21:51:16.0447 5448 [ 15A317674A08DF26BE65164D959E9203 ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe
21:51:16.0447 5448 XAudioService - ok
21:51:16.0525 5448 [ BC861723BF67345DD5EFEED93190655E ] XDS560 C:\Windows\system32\DRIVERS\xds560.sys
21:51:16.0525 5448 XDS560 - ok
21:51:16.0557 5448 [ 1E4FA3DC572F348B2E6F71791871FD6C ] xdsfast1 C:\Windows\system32\xdsfast1.sys
21:51:16.0572 5448 xdsfast1 - ok
21:51:16.0635 5448 [ 6104F397127FEECCCE16BD16CD3843A6 ] XilinxPC4Driver C:\Windows\System32\drivers\xpc4drvr.sys
21:51:16.0635 5448 XilinxPC4Driver - ok
21:51:16.0681 5448 [ 67E3D2AF24C3873E6A0CAC89DE78D63B ] yukonwlh C:\Windows\system32\DRIVERS\yk60x86.sys
21:51:16.0681 5448 yukonwlh - ok
21:51:16.0697 5448 ================ Scan global ===============================
21:51:16.0728 5448 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
21:51:16.0775 5448 [ F42F8855CB5C22E203C6672B124F17FD ] C:\Windows\system32\winsrv.dll
21:51:16.0791 5448 [ F42F8855CB5C22E203C6672B124F17FD ] C:\Windows\system32\winsrv.dll
21:51:16.0822 5448 [ 2B336AB6286D6C81FA02CBAB914E3C6C ] C:\Windows\system32\services.exe
21:51:16.0822 5448 [Global] - ok
21:51:16.0822 5448 ================ Scan MBR ==================================
21:51:16.0837 5448 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
21:51:17.0134 5448 \Device\Harddisk0\DR0 - ok
21:51:17.0134 5448 ================ Scan VBR ==================================
21:51:17.0134 5448 [ 793A1D561BC2FE3A9991FE8A9BF0632F ] \Device\Harddisk0\DR0\Partition1
21:51:17.0134 5448 \Device\Harddisk0\DR0\Partition1 - ok
21:51:17.0165 5448 [ CD306696A0C0B5BB9CA6D8E9B32EF90E ] \Device\Harddisk0\DR0\Partition2
21:51:17.0165 5448 \Device\Harddisk0\DR0\Partition2 - ok
21:51:17.0181 5448 [ C1E5309BBF83C40AEE5CA6A209E9DBD8 ] \Device\Harddisk0\DR0\Partition3
21:51:17.0196 5448 \Device\Harddisk0\DR0\Partition3 - ok
21:51:17.0196 5448 ============================================================
21:51:17.0196 5448 Scan finished
21:51:17.0196 5448 ============================================================
21:51:17.0196 5456 Detected object count: 0
21:51:17.0196 5456 Actual detected object count: 0
21:57:28.0222 1964 Deinitialize success
*****************************************************************************************************
Malwarebyte report :Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
Database version: v2013.04.27.03
Windows Vista Service Pack 1 x86 NTFS
Internet Explorer 7.0.6001.18000
mahnaz :: MAHNAZ-PC [administrator]
Protection: Disabled
4/27/2013 10:03:56 PM
mbam-log-2013-04-27 (22-03-56).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 229875
Time elapsed: 6 minute(s), 28 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
*************************************************************************************
Adwcleaner report :# AdwCleaner v2.202 - Logfile created 04/27/2013 at 22:12:45
# Updated 23/04/2013 by Xplode
# Operating system : Windows Vista Home Premium Service Pack 1 (32 bits)
# User : mahnaz - MAHNAZ-PC
# Boot Mode : Normal
# Running from : C:\Users\mahnaz\Desktop\adwcleaner.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
Folder Deleted : C:\Program Files\Babylon
Folder Deleted : C:\Program Files\Ilivid
Folder Deleted : C:\ProgramData\Speedbit
Folder Deleted : C:\Users\mahnaz\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\mahnaz\AppData\LocalLow\ShoppingReport2
Folder Deleted : C:\Users\mahnaz\AppData\LocalLow\Toolbar4
Folder Deleted : C:\Users\mahnaz\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\@themediafinder.com
Folder Deleted : C:\Users\mahnaz\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\
[email protected]***** [Registry] *****
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ShoppingReport2
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{603C4CC9-5DC6-4C44-873F-8281509DF953}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ShoppingReport2
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FF7C3CF0-4B15-11D1-ABED-709549C10000}
Key Deleted : HKCU\Software\SpeedBit
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0BF91075-F457-4A8B-99EF-140B52D2F22A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{37425600-CB21-49A0-8659-476FBAB0F8E8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{431FB0E5-2CBB-4602-9FE6-F1D64488ADD7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5C9A230D-70A5-11D5-AFB0-0050DAC67890}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8911483C-C00A-4183-9FBC-6C9C00946C15}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A1F1ECD3-4806-44C6-A869-F0DADF11C57C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C3F058A9-407D-4CD1-8F66-B75605B54B69}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFDCAF05-D29C-4D4D-9836-8CDCD606A6B2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1460988
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2542127
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3BCF582D-CA87-4C6F-AF3D-B3548A976AB3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{5C9A2304-70A5-11D5-AFB0-0050DAC67890}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{AD25754E-D76C-42B3-A335-2F81478B722F}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{603C4CC9-5DC6-4C44-873F-8281509DF953}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\9908bf61cd0a9b71cdba29662861794c274135443
Key Deleted : HKLM\Software\SpeedBit
***** [Internet Browsers] *****
-\\ Internet Explorer v7.0.6001.18639
[OK] Registry is clean.
-\\ Google Chrome v26.0.1410.64
File : C:\Users\mahnaz\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[S1].txt - [5805 octets] - [27/04/2013 22:12:45]
########## EOF - C:\AdwCleaner[S1].txt - [5865 octets] ##########
************************************************************************************************
VEW report :Vino's Event Viewer v01c run on Windows Vista in English
Report run at 27/04/2013 10:56:36 PM
Note: All dates below are in the format dd/mm/yyyy
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 16/06/2010 4:24:26 PM
Type: Error Category: 0
Event: 7 Source: disk
The device, \Device\Harddisk3\DR3, has a bad block.
Log: 'System' Date/Time: 16/06/2010 4:24:26 PM
Type: Error Category: 0
Event: 7 Source: disk
The device, \Device\Harddisk3\DR3, has a bad block.
Log: 'System' Date/Time: 16/06/2010 4:24:27 PM
Type: Error Category: 0
Event: 7 Source: disk
The device, \Device\Harddisk3\DR3, has a bad block.
Log: 'System' Date/Time: 16/06/2010 4:24:27 PM
Type: Error Category: 0
Event: 7 Source: disk
The device, \Device\Harddisk3\DR3, has a bad block.
Log: 'System' Date/Time: 16/06/2010 4:24:27 PM
Type: Error Category: 0
Event: 7 Source: disk
The device, \Device\Harddisk3\DR3, has a bad block.
Log: 'System' Date/Time: 16/06/2010 4:24:27 PM
Type: Error Category: 0
Event: 7 Source: disk
The device, \Device\Harddisk3\DR3, has a bad block.
Log: 'System' Date/Time: 16/06/2010 4:24:29 PM
Type: Error Category: 0
Event: 7 Source: disk
The device, \Device\Harddisk3\DR3, has a bad block.
Log: 'System' Date/Time: 16/06/2010 4:24:29 PM
Type: Error Category: 0
Event: 7 Source: disk
The device, \Device\Harddisk3\DR3, has a bad block.
Log: 'System' Date/Time: 16/06/2010 4:24:29 PM
Type: Error Category: 0
Event: 7 Source: disk
The device, \Device\Harddisk3\DR3, has a bad block.
Log: 'System' Date/Time: 16/06/2010 4:24:29 PM
Type: Error Category: 0
Event: 7 Source: disk
The device, \Device\Harddisk3\DR3, has a bad block.
Log: 'System' Date/Time: 16/06/2010 4:24:31 PM
Type: Error Category: 0
Event: 7 Source: disk
The device, \Device\Harddisk3\DR3, has a bad block.
Log: 'System' Date/Time: 16/06/2010 4:24:31 PM
Type: Error Category: 0
Event: 7 Source: disk
The device, \Device\Harddisk3\DR3, has a bad block.
Log: 'System' Date/Time: 16/06/2010 4:24:31 PM
Type: Error Category: 0
Event: 7 Source: disk
The device, \Device\Harddisk3\DR3, has a bad block.
Log: 'System' Date/Time: 16/06/2010 4:24:31 PM
Type: Error Category: 0
Event: 7 Source: disk
The device, \Device\Harddisk3\DR3, has a bad block.
Log: 'System' Date/Time: 16/06/2010 4:24:32 PM
Type: Error Category: 0
Event: 7 Source: disk
The device, \Device\Harddisk3\DR3, has a bad block.
Log: 'System' Date/Time: 16/06/2010 4:24:32 PM
Type: Error Category: 0
Event: 7 Source: disk
The device, \Device\Harddisk3\DR3, has a bad block.
Log: 'System' Date/Time: 16/06/2010 4:24:32 PM
Type: Error Category: 0
Event: 7 Source: disk
The device, \Device\Harddisk3\DR3, has a bad block.
Log: 'System' Date/Time: 16/06/2010 4:24:32 PM
Type: Error Category: 0
Event: 7 Source: disk
The device, \Device\Harddisk3\DR3, has a bad block.
Log: 'System' Date/Time: 16/06/2010 4:24:34 PM
Type: Error Category: 0
Event: 7 Source: disk
The device, \Device\Harddisk3\DR3, has a bad block.
Log: 'System' Date/Time: 16/06/2010 4:24:34 PM
Type: Error Category: 0
Event: 7 Source: disk
The device, \Device\Harddisk3\DR3, has a bad block.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 16/06/2010 6:26:22 PM
Type: Warning Category: 0
Event: 8004 Source: bowser
A request has been submitted to promote the computer to backup when it is already a master browser.
Log: 'System' Date/Time: 16/06/2010 6:26:52 PM
Type: Warning Category: 0
Event: 8004 Source: bowser
A request has been submitted to promote the computer to backup when it is already a master browser.
Log: 'System' Date/Time: 16/06/2010 6:27:22 PM
Type: Warning Category: 0
Event: 8004 Source: bowser
A request has been submitted to promote the computer to backup when it is already a master browser.
Log: 'System' Date/Time: 16/06/2010 6:27:52 PM
Type: Warning Category: 0
Event: 8004 Source: bowser
A request has been submitted to promote the computer to backup when it is already a master browser.
Log: 'System' Date/Time: 16/06/2010 6:28:52 PM
Type: Warning Category: 0
Event: 8004 Source: bowser
A request has been submitted to promote the computer to backup when it is already a master browser.
Log: 'System' Date/Time: 16/06/2010 6:35:45 PM
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0022FB56369C. The following error occurred: The semaphore timeout period has expired.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
Log: 'System' Date/Time: 16/06/2010 6:56:21 PM
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0022FB56369C. The following error occurred: The semaphore timeout period has expired.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
Log: 'System' Date/Time: 16/06/2010 8:38:09 PM
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0022FB56369C. The following error occurred: The semaphore timeout period has expired.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
Log: 'System' Date/Time: 16/06/2010 9:04:21 PM
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0022FB56369C. The following error occurred: The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
Log: 'System' Date/Time: 17/06/2010 7:01:16 AM
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0022FB56369C. The following error occurred: The semaphore timeout period has expired.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
Log: 'System' Date/Time: 17/06/2010 7:03:38 AM
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0022FB56369C. The following error occurred: The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
Log: 'System' Date/Time: 17/06/2010 7:04:09 AM
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0022FB56369C. The following error occurred: The semaphore timeout period has expired.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
Log: 'System' Date/Time: 17/06/2010 7:25:13 AM
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0022FB56369C. The following error occurred: The semaphore timeout period has expired.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
Log: 'System' Date/Time: 17/06/2010 7:26:14 AM
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0022FB56369C. The following error occurred: The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
Log: 'System' Date/Time: 17/06/2010 7:27:44 AM
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0022FB56369C. The following error occurred: The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
Log: 'System' Date/Time: 17/06/2010 9:24:20 AM
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0022FB56369C. The following error occurred: The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
Log: 'System' Date/Time: 17/06/2010 9:24:27 AM
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0022FB56369C. The following error occurred: The operation was canceled by the user.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
Log: 'System' Date/Time: 19/06/2010 2:37:30 PM
Type: Warning Category: 0
Event: 36 Source: Microsoft-Windows-Time-Service
The time service has not synchronized the system time for 86400 seconds because none of the time service providers provided a usable time stamp. The time service will not update the local system time until it is able to synchronize with a time source. If the local system is configured to act as a time server for clients, it will stop advertising as a time source to clients. The time service will continue to retry and sync time with its time sources. Check system event log for other W32time events for more details. Run 'w32tm /resync' to force an instant time synchronization.
Log: 'System' Date/Time: 19/06/2010 2:43:10 PM
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0022FB56369C. The following error occurred: The semaphore timeout period has expired.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
Log: 'System' Date/Time: 19/06/2010 3:21:49 PM
Type: Warning Category: 0
Event: 1003 Source: Microsoft-Windows-Dhcp-Client
Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 0022FB56369C. The following error occurred: The semaphore timeout period has expired.. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
*****************************************************************************************
OTL1 (first OTL log) : OTL logfile created on: 4/27/2013 10:59:01 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\mahnaz\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.87 Gb Total Physical Memory | 0.77 Gb Available Physical Memory | 41.03% Memory free
3.98 Gb Paging File | 2.68 Gb Available in Paging File | 67.35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 244.68 Gb Total Space | 42.63 Gb Free Space | 17.42% Space Free | Partition Type: NTFS
Drive G: | 19.53 Gb Total Space | 2.92 Gb Free Space | 14.95% Space Free | Partition Type: NTFS
Drive H: | 21.48 Gb Total Space | 3.04 Gb Free Space | 14.17% Space Free | Partition Type: NTFS
Computer Name: MAHNAZ-PC | User Name: mahnaz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - [2013/04/22 18:11:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\mahnaz\Desktop\OTL.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/11/22 16:08:14 | 001,038,496 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
PRC - [2012/11/22 16:08:12 | 000,957,056 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update\VUAgent.exe
PRC - [2012/03/07 16:40:34 | 000,913,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2012/03/07 16:40:28 | 003,117,344 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2011/12/13 15:06:29 | 002,984,832 | ---- | M] (TeamViewer GmbH) -- C:\Users\mahnaz\temp\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2011/09/14 23:51:29 | 003,241,312 | ---- | M] (Tonec Inc.) -- C:\_OTL\MovedFiles\04272013_193340\C_Program Files\Internet Download Manager\IDMan.exe
PRC - [2010/07/05 00:21:26 | 000,017,408 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2009/10/22 06:00:04 | 000,395,824 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnat.exe
PRC - [2009/10/22 05:59:58 | 000,113,200 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
PRC - [2009/10/22 05:59:48 | 000,334,384 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnetdhcp.exe
PRC - [2009/10/22 04:47:54 | 000,563,760 | ---- | M] (VMware, Inc.) -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2009/05/21 14:28:38 | 000,874,768 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2009/05/21 13:04:14 | 000,473,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2009/02/05 04:31:30 | 000,538,472 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Mode Switch\VMSwitch.exe
PRC - [2009/01/24 22:01:26 | 000,559,656 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2009/01/21 21:37:42 | 000,313,264 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2009/01/21 21:37:42 | 000,192,512 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2009/01/20 04:13:04 | 000,394,536 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
PRC - [2009/01/20 00:19:20 | 000,203,624 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2009/01/20 00:19:20 | 000,112,488 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2009/01/15 01:08:38 | 005,184,872 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
PRC - [2009/01/06 06:34:54 | 000,109,088 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe
PRC - [2008/12/22 11:00:32 | 000,274,432 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Network Utility\LANUtil.exe
PRC - [2008/12/22 09:25:06 | 000,303,104 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Network Utility\NSUService.exe
PRC - [2008/12/20 01:32:08 | 001,771,368 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
PRC - [2008/12/20 01:32:08 | 000,415,592 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe
PRC - [2008/12/18 22:23:50 | 000,317,288 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\ISB Utility\ISBMgr.exe
PRC - [2008/10/29 10:59:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/09/18 22:29:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
PRC - [2008/09/16 23:33:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
PRC - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/01/15 05:43:00 | 000,063,176 | ---- | M] (CANON INC.) -- C:\Windows\System32\CNAC4RPK.EXE
PRC - [2007/01/05 07:18:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
========== Modules (No Company Name) ========== MOD - [2013/04/09 13:27:07 | 000,390,096 | ---- | M] () -- C:\Users\mahnaz\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppgooglenaclpluginchrome.dll
MOD - [2013/04/09 13:27:05 | 004,050,896 | ---- | M] () -- C:\Users\mahnaz\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll
MOD - [2013/04/09 13:26:13 | 001,606,096 | ---- | M] () -- C:\Users\mahnaz\AppData\Local\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll
MOD - [2011/12/04 20:04:39 | 001,356,288 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\cac78a264e7ac9299057eb2416c86000\System.WorkflowServices.ni.dll
MOD - [2011/12/04 20:04:00 | 001,706,496 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\5046de252a0e714c78207b5dd01a89bd\System.ServiceModel.Web.ni.dll
MOD - [2011/12/04 19:56:31 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\bf3b757c821a36e6a9c7c1988b39a15d\System.IdentityModel.Selectors.ni.dll
MOD - [2011/12/04 19:56:29 | 001,070,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\3fb6b9b320c78fa02be3fa8ce26b7559\System.IdentityModel.ni.dll
MOD - [2011/12/04 19:56:25 | 002,345,472 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\0393b1448497e28ae9bbfed9be19bd3e\System.Runtime.Serialization.ni.dll
MOD - [2011/12/04 19:56:19 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\06bb41fe681650a017fa2c99e197edf0\SMDiagnostics.ni.dll
MOD - [2011/12/04 19:56:17 | 017,403,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\0dd1924dbe8ac43b923a28409d351619\System.ServiceModel.ni.dll
MOD - [2011/12/04 19:51:40 | 011,800,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0a1195c6b5fab213527364c9e8b26ef0\System.Web.ni.dll
MOD - [2011/12/04 19:50:56 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\aa3e053d433c48e1e8c3f436b4de1ed3\System.Configuration.ni.dll
MOD - [2011/12/04 19:23:23 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll
MOD - [2011/12/04 19:22:15 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll
MOD - [2011/12/04 19:21:33 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll
MOD - [2011/12/04 19:15:30 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll
MOD - [2011/12/04 19:14:40 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2010/07/05 02:02:38 | 000,010,752 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerCOM.dll
MOD - [2010/07/05 02:02:36 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll
MOD - [2010/07/05 00:21:26 | 000,017,408 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
MOD - [2010/06/21 16:45:36 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualStudio.Diagnostics.ServiceModelSink\3.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.Diagnostics.ServiceModelSink.dll
MOD - [2009/04/08 02:24:30 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\SPMDam\3.1.0.6020__1b3c579b6925895f\SPMDam.dll
MOD - [2009/04/08 02:24:29 | 000,086,016 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\SPMCommon\3.1.0.6020__e3c7096ba83f9295\SPMCommon.dll
MOD - [2009/01/20 00:19:22 | 000,010,752 | ---- | M] () -- C:\Program Files\Sony\VAIO Event Service\VESBasePS.dll
MOD - [2008/05/08 09:03:46 | 000,417,792 | ---- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\AdobeXMP.dll
MOD - [2007/11/17 03:32:18 | 000,479,232 | R--- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\ccme_base.dll
MOD - [2007/11/17 03:32:18 | 000,401,408 | R--- | M] () -- C:\Program Files\Adobe\Reader 9.0\Reader\cryptocme2.dll
MOD - [2007/09/20 19:34:58 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
========== Services (SafeList) ========== SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/11/22 16:08:12 | 000,957,056 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Sony\VAIO Update\VUAgent.exe -- (VUAgent)
SRV - [2012/09/17 00:22:47 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/09 22:55:48 | 000,279,552 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Serviio\bin\ServiioService.exe -- (Serviio)
SRV - [2012/03/07 16:40:34 | 000,913,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2011/12/13 15:06:29 | 002,984,832 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Users\mahnaz\temp\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/10/22 06:00:04 | 000,395,824 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnat.exe -- (VMware NAT Service)
SRV - [2009/10/22 05:59:58 | 000,113,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2009/10/22 05:59:48 | 000,334,384 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2009/10/22 04:47:54 | 000,563,760 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2009/10/12 15:32:24 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60)
SRV - [2009/05/21 14:28:38 | 000,874,768 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2009/05/21 13:04:14 | 000,473,360 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2009/05/02 15:40:35 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/01/24 22:01:26 | 000,559,656 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/01/21 21:37:44 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2009/01/21 21:37:42 | 000,313,264 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2009/01/21 21:37:42 | 000,192,512 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2009/01/20 23:26:06 | 000,120,104 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2009/01/20 23:22:18 | 000,091,432 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe -- (SOHPlMgr)
SRV - [2009/01/20 23:21:48 | 000,075,048 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2009/01/20 23:21:18 | 000,390,440 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)
SRV - [2009/01/20 23:20:48 | 000,070,952 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe -- (SOHDBSvr)
SRV - [2009/01/20 04:13:04 | 000,394,536 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2009/01/20 00:19:20 | 000,203,624 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2009/01/17 09:29:08 | 000,083,240 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper)
SRV - [2009/01/15 01:08:38 | 005,184,872 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2009/01/08 11:40:32 | 000,114,688 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2009/01/06 06:34:54 | 000,109,088 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe -- (RtkAudioService)
SRV - [2008/12/22 09:25:06 | 000,303,104 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\Network Utility\NSUService.exe -- (NSUService)
SRV - [2008/12/20 01:32:08 | 000,415,592 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV - [2008/09/18 22:29:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2008/09/16 23:33:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)
SRV - [2008/01/21 06:53:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/11/07 08:58:18 | 003,004,416 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90)
SRV - [2007/01/05 07:18:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\mahnaz\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/03/14 09:40:04 | 000,148,504 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfw.sys -- (epfw)
DRV - [2012/03/14 09:40:02 | 000,169,080 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm)
DRV - [2012/03/14 09:40:02 | 000,120,152 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2012/03/14 09:40:02 | 000,050,624 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\epfwwfp.sys -- (epfwwfp)
DRV - [2012/03/14 09:40:02 | 000,033,656 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\EpfwLWF.sys -- (EpfwLWF)
DRV - [2011/10/04 10:14:35 | 000,195,968 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2010/07/26 18:55:42 | 000,068,240 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\idmwfp.sys -- (IDMWFP)
DRV - [2010/04/10 13:59:52 | 000,016,000 | ---- | M] (Xilinx, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\xpc4drvr.sys -- (XilinxPC4Driver)
DRV - [2009/10/22 06:00:46 | 000,853,936 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmx86.sys -- (vmx86)
DRV - [2009/10/22 06:00:44 | 000,070,704 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmci.sys -- (vmci)
DRV - [2009/10/22 06:00:44 | 000,026,288 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV - [2009/10/22 06:00:44 | 000,023,216 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMkbd.sys -- (vmkbd)
DRV - [2009/10/22 04:47:52 | 000,032,304 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hcmon.sys -- (hcmon)
DRV - [2009/10/22 01:13:36 | 000,031,280 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmusb.sys -- (vmusb)
DRV - [2009/10/22 01:13:32 | 000,036,400 | R--- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV - [2009/10/22 01:13:32 | 000,016,560 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2009/10/12 15:31:52 | 000,022,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2009/09/01 22:19:26 | 000,019,584 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\aticir.sys -- (AtiIrRcvr)
DRV - [2009/09/01 22:17:44 | 001,080,832 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atinavrr.sys -- (ATIAVPCI)
DRV - [2009/05/28 22:41:28 | 004,233,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32)
DRV - [2008/11/25 11:11:52 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
DRV - [2008/11/19 04:38:46 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
DRV - [2008/10/23 04:32:23 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\risdptsk.sys -- (risdptsk)
DRV - [2008/10/23 04:32:02 | 000,068,608 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008/08/26 04:31:46 | 000,023,712 | ---- | M] (Sony Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\shpf.sys -- (shpf)
DRV - [2008/07/08 14:02:48 | 000,029,568 | ---- | M] (Spectrum Digital Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sdusb2em.sys -- (sdusb2em)
DRV - [2008/06/07 04:32:55 | 000,131,000 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2008/04/25 01:36:40 | 000,017,920 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV - [2008/01/25 06:44:25 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2008/01/21 06:53:26 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2007/09/04 16:53:34 | 000,055,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Team Tools\Performance Tools\VSPerfDrv90.sys -- (VSPerfDrv90)
DRV - [2007/07/07 09:11:58 | 000,026,120 | ---- | M] (Rainbow Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SNTNLUSB.SYS -- (Sntnlusb)
DRV - [2007/04/18 07:39:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2006/11/10 16:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
DRV - [2005/09/05 22:30:22 | 000,028,743 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2005/08/16 11:23:10 | 000,038,422 | ---- | M] (Generic) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\StMp3Rec.sys -- (StMp3Rec)
DRV - [2004/10/22 07:58:48 | 000,028,296 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\xds560.sys -- (XDS560)
DRV - [2004/10/22 07:57:40 | 000,006,112 | ---- | M] (Texas Instruments Incorporated) [Kernel | Auto | Running] -- C:\Windows\System32\xdsfast1.sys -- (xdsfast1)
DRV - [2004/10/22 07:57:40 | 000,003,968 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drpkiont.sys -- (drpkiont)
DRV - [2004/05/26 21:56:58 | 000,003,200 | ---- | M] (Altium Limited) [Kernel | Auto | Running] -- C:\Windows\System32\altio.sys -- (altio)
DRV - [2001/03/01 02:15:00 | 000,006,144 | ---- | M] (Erik Salaj) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ioport.sys -- (IOPort)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://search.live.c...ferrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchPage =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://google.com/IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" =
http://www.bing.com/...ms}&FORM=IE8SRCIE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" =
http://www.bing.com/...ms}&FORM=IE8SRCIE - HKCU\..\SearchScopes\{8E13C345-C393-4DC1-ABDF-503E89EADC4F}: "URL" =
http://search.yahoo....p={searchTerms}IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\mahnaz\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\mahnaz\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\mahnaz\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\mahnaz\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\
[email protected]: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012/11/29 22:13:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\
[email protected]: C:\Users\mahnaz\AppData\Roaming\IDM\idmmzcc3 [2011/09/15 21:26:21 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\
[email protected]: C:\Users\mahnaz\AppData\Roaming\IDM\idmmzcc3 [2011/09/15 21:26:21 | 000,000,000 | ---D | M]
[2012/03/29 19:15:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mahnaz\AppData\Roaming\Mozilla\Extensions
========== Chrome ========== CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
http://www.google.com/CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\mahnaz\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\mahnaz\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\mahnaz\AppData\Local\Google\Chrome\Application\26.0.1410.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\mahnaz\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Babylon Chrome Plugin (Enabled) = C:\Users\mahnaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.4_0\BabylonChromePI.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\mahnaz\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\mahnaz\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Users\mahnaz\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\mahnaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\mahnaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Gmail = C:\Users\mahnaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
O1 HOSTS File: ([2013/04/27 21:11:29 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\_OTL\MovedFiles\04272013_193340\C_Program Files\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (Microsoft Web Test Recorder 9.0 Helper) - {E31CE47F-C268-41ba-897B-B415E613947D} - C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO90.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [VMSwitch] C:\Program Files\Sony\VAIO Mode Switch\VMSwitch.exe (Sony Corporation)
O4 - HKCU..\Run: [IDMan] C:\_OTL\MovedFiles\04272013_193340\C_Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKCU..\Run: [NSUFloatingUI] C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download all links with IDM - C:\_OTL\MovedFiles\04272013_193340\C_Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download FLV video content with IDM - C:\_OTL\MovedFiles\04272013_193340\C_Program Files\Internet Download Manager\IEGetVL.htm ()
O8 - Extra context menu item: Download with IDM - C:\_OTL\MovedFiles\04272013_193340\C_Program Files\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Simorgh Client - {afaf756a-600b-48df-a1d1-0a173eb5ec26} - C:\Program Files\Nosa\Simorgh\HTTPClient\SimWinClt.exe (Iran Software & Hardware Co. (NOSA))
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}
http://download.bitd...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
http://ereg.ut.ac.ir/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3216F67A-F1D5-4887-9CF3-41A1042B3CAC}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\textwareilluminatorbase {CE5CD329-1650-414A-8DB0-4CBF72FAED87} - C:\Windows\System32\textwareilluminatorbaseProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - File not found
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Users\mahnaz\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\mahnaz\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/19 02:13:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe - (Broadcom Corporation.)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Canon LBP5000 Status Window.lnk - - File not found
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Maximum Notifier.lnk - C:\Program Files\Narcis Soft\Maximum\MaxNotifier.exe - (Narcis Electronic publications)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TMMonitor.lnk - C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe - (ArcSoft, Inc.)
MsConfig - StartUpFolder: C:^Users^mahnaz^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Audio Filter.lnk - C:\Program Files\Sony\SonicStage Mastering Studio\Audio Filter\SSMSFilter.exe - (Sony Corporation)
MsConfig - StartUpFolder: C:^Users^mahnaz^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LingvoSoft Talking Dictionary 2008 (English-Persian (Farsi)).lnk - - File not found
MsConfig - StartUpFolder: C:^Users^mahnaz^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig - StartUpFolder: C:^Users^mahnaz^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Serviio.lnk - C:\Program Files\Serviio\bin\ServiioConsole.exe - ()
MsConfig - StartUpReg:
ArcSoft Connection Service - hkey= - key= - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
MsConfig - StartUpReg:
Google Update - hkey= - key= - C:\Users\mahnaz\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig - StartUpReg:
googletalk - hkey= - key= - C:\Users\mahnaz\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
MsConfig - StartUpReg:
GrooveMonitor - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig - StartUpReg:
Messenger (Yahoo!) - hkey= - key= - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
MsConfig - StartUpReg:
ooVoo.exe - hkey= - key= - C:\Program Files\ooVoo\ooVoo.exe (ooVoo LLC)
MsConfig - StartUpReg:
RemoteControl11 - hkey= - key= - C:\Program Files\CyberLink\PowerDVD11\PDVD11Serv.exe (CyberLink Corp.)
MsConfig - StartUpReg:
uTorrent - hkey= - key= - C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
MsConfig - StartUpReg:
vmware-tray - hkey= - key= - C:\Program Files\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
MsConfig - StartUpReg:
Web Freer - hkey= - key= - C:\Program Files\WebFreer\webfreer.exe (Appaxy Inc.)
MsConfig - State: "startup" - 2
MsConfig - State: "services" - 2
SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM for Java
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 7.0.0
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 7.0.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: SENTINEL - C:\Windows\System32\SNTI386.DLL ()
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.dvsd - C:\Program Files\Common Files\Sony Shared\VideoLib\sonydv.dll (Sony Corporation)
Drivers32: VIDC.VMnc - C:\Windows\System32\vmnc.dll (VMware, Inc.)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ========== [2013/04/27 22:27:42 | 000,354,299 | ---- | C] (Farbar) -- C:\Users\mahnaz\Desktop\FSS.exe
[2013/04/27 21:46:14 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\mahnaz\Desktop\tdsskiller.exe
[2013/04/27 21:14:54 | 000,000,000 | ---D | C] -- C:\Users\mahnaz\AppData\Local\temp
[2013/04/27 21:13:47 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/04/27 20:49:00 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/04/27 20:49:00 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/04/27 20:49:00 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/04/27 20:48:56 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013/04/27 20:48:45 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/04/27 20:48:14 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/04/27 20:46:41 | 005,060,715 | R--- | C] (Swearware) -- C:\Users\mahnaz\Desktop\ComboFix.exe
[2013/04/27 19:34:18 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\mahnaz\Desktop\aswMBR.exe
[2013/04/27 19:33:41 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/04/22 19:04:38 | 000,000,000 | --SD | C] -- C:\Users\mahnaz\Documents\My Data Sources
[2013/04/22 18:11:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\mahnaz\Desktop\OTL.exe
[2013/04/21 19:15:02 | 000,000,000 | ---D | C] -- C:\Users\mahnaz\AppData\Roaming\Malwarebytes
[2013/04/21 19:14:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/04/21 19:14:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/04/21 19:14:07 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/04/21 19:14:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/04/18 00:44:08 | 000,000,000 | ---D | C] -- C:\Users\mahnaz\Desktop\bbbb
[2013/04/18 00:31:49 | 000,000,000 | ---D | C] -- C:\Users\mahnaz\Desktop\USB flash drive contents replaced with a single shortcut _ The Captain's Log_files
[2013/04/18 00:31:28 | 002,738,264 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\mahnaz\Desktop\procexp.exe
[2013/04/17 23:59:58 | 000,000,000 | ---D | C] -- C:\Users\mahnaz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
[2013/04/17 23:59:58 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2013/04/14 23:12:46 | 000,000,000 | ---D | C] -- C:\Users\mahnaz\Desktop\ax13.92
[2013/04/01 16:04:55 | 000,000,000 | ---D | C] -- C:\Users\mahnaz\Desktop\mohamad
[5 C:\Users\mahnaz\Desktop\*.tmp files -> C:\Users\mahnaz\Desktop\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2013/04/27 23:00:16 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/04/27 22:51:55 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/27 22:51:55 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/27 22:51:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/27 22:51:49 | 2008,064,000 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/27 22:50:48 | 000,015,972 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2013/04/27 22:30:02 | 000,000,270 | ---- | M] () -- C:\Windows\tasks\Check Updates for Windows Live Toolbar.job
[2013/04/27 22:27:45 | 000,354,299 | ---- | M] (Farbar) -- C:\Users\mahnaz\Desktop\FSS.exe
[2013/04/27 22:25:45 | 000,061,440 | ---- | M] ( ) -- C:\Users\mahnaz\Desktop\VEW.exe
[2013/04/27 22:24:39 | 000,692,900 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/04/27 22:24:39 | 000,138,400 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/04/27 22:06:01 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3233104117-2109178606-3299732699-1003UA.job
[2013/04/27 21:48:47 | 000,619,461 | ---- | M] () -- C:\Users\mahnaz\Desktop\adwcleaner.exe
[2013/04/27 21:46:26 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\mahnaz\Desktop\tdsskiller.exe
[2013/04/27 21:11:29 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/04/27 20:47:03 | 005,060,715 | R--- | M] (Swearware) -- C:\Users\mahnaz\Desktop\ComboFix.exe
[2013/04/27 20:44:20 | 000,000,512 | ---- | M] () -- C:\Users\mahnaz\Desktop\MBR.dat
[2013/04/27 19:34:40 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\mahnaz\Desktop\aswMBR.exe
[2013/04/25 19:12:54 | 000,001,053 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Canon LBP5000 Status Window.lnk
[2013/04/22 19:06:01 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3233104117-2109178606-3299732699-1003Core.job
[2013/04/22 18:11:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\mahnaz\Desktop\OTL.exe
[2013/04/21 19:14:14 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/17 09:49:28 | 000,144,366 | ---- | M] () -- C:\Users\mahnaz\Desktop\USB flash drive contents replaced with a single shortcut _ The Captain's Log.htm
[2013/04/12 00:10:37 | 000,002,088 | ---- | M] () -- C:\Users\mahnaz\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/04/04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[5 C:\Users\mahnaz\Desktop\*.tmp files -> C:\Users\mahnaz\Desktop\*.tmp -> ]
========== Files Created - No Company Name ========== [2013/04/27 22:25:44 | 000,061,440 | ---- | C] ( ) -- C:\Users\mahnaz\Desktop\VEW.exe
[2013/04/27 21:48:40 | 000,619,461 | ---- | C] () -- C:\Users\mahnaz\Desktop\adwcleaner.exe
[2013/04/27 20:49:00 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/04/27 20:49:00 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/04/27 20:49:00 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/04/27 20:49:00 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/04/27 20:49:00 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/04/27 20:44:20 | 000,000,512 | ---- | C] () -- C:\Users\mahnaz\Desktop\MBR.dat
[2013/04/21 19:14:14 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/18 00:31:49 | 000,144,366 | ---- | C] () -- C:\Users\mahnaz\Desktop\USB flash drive contents replaced with a single shortcut _ The Captain's Log.htm
[2013/01/31 13:04:36 | 000,000,034 | ---- | C] () -- C:\Windows\cvavr.ini
[2012/12/29 11:07:44 | 000,000,600 | ---- | C] () -- C:\Users\mahnaz\AppData\Local\PUTTY.RND
[2012/11/10 11:45:38 | 000,053,248 | ---- | C] () -- C:\Windows\System32\HPPMLVS.dll
[2012/08/23 13:03:29 | 000,000,502 | ---- | C] () -- C:\Windows\System32\CNCMFP34.INI
[2012/08/13 14:22:31 | 000,000,063 | ---- | C] () -- C:\Windows\TEXTware.ini
[2012/08/13 14:22:04 | 000,321,024 | ---- | C] () -- C:\Windows\System32\textwareilluminatorbaseProtocol.dll
[2012/08/13 14:22:03 | 000,113,288 | ---- | C] () -- C:\Windows\System32\bass.dll
[2012/08/13 14:22:02 | 000,147,456 | ---- | C] () -- C:\Windows\System32\Twavbx32.dll
[2012/08/13 14:22:02 | 000,018,432 | ---- | C] () -- C:\Windows\System32\TWAIED02.DLL
[2012/08/13 14:21:59 | 000,143,360 | ---- | C] () -- C:\Windows\System32\ILXTBS.DLL
[2012/04/17 21:46:00 | 000,000,411 | ---- | C] () -- C:\Users\mahnaz\Documents - Shortcut (2).lnk
[2012/02/01 13:10:09 | 000,000,042 | ---- | C] () -- C:\Windows\Narcis.INI
[2012/01/07 12:18:34 | 000,000,600 | ---- | C] () -- C:\Users\mahnaz\AppData\Roaming\winscp.rnd
[2011/10/30 16:31:53 | 000,018,410 | ---- | C] () -- C:\Users\mahnaz\report.pdf
[2011/10/30 16:31:53 | 000,003,383 | ---- | C] () -- C:\Users\mahnaz\report.synctex.gz
[2011/10/30 16:29:47 | 000,000,544 | ---- | C] () -- C:\Users\mahnaz\report.dvi
[2011/10/30 16:29:47 | 000,000,009 | ---- | C] () -- C:\Users\mahnaz\report.aux
[2011/10/30 16:29:27 | 000,001,171 | ---- | C] () -- C:\Users\mahnaz\report.tex
[2011/10/27 19:07:15 | 000,044,413 | ---- | C] () -- C:\Users\mahnaz\my first.pdf
[2011/10/27 19:07:14 | 000,000,084 | ---- | C] () -- C:\Users\mahnaz\my first.aux
[2011/10/27 19:06:05 | 000,000,699 | ---- | C] () -- C:\Users\mahnaz\my first.tex
[2011/05/14 23:56:51 | 000,000,411 | ---- | C] () -- C:\Users\mahnaz\Documents - Shortcut.lnk
[2011/05/14 20:50:33 | 000,000,126 | ---- | C] () -- C:\Windows\mdm.ini
[2011/05/14 20:50:27 | 000,000,535 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011/05/13 11:04:31 | 000,006,550 | ---- | C] () -- C:\Windows\jautoexp.dat
[2011/05/11 23:27:51 | 000,001,191 | ---- | C] () -- C:\Users\mahnaz\.opgalaxy7.vr
[2011/02/07 20:22:38 | 000,000,268 | ---- | C] () -- C:\Users\mahnaz\quartus2.ini
[2010/11/13 13:52:01 | 000,000,600 | ---- | C] () -- C:\Users\mahnaz\PUTTY.RND
[2010/05/24 08:43:44 | 000,001,356 | ---- | C] () -- C:\Users\mahnaz\AppData\Local\d3d9caps.dat
[2010/03/01 21:01:08 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/01/23 19:56:04 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/11/04 14:28:10 | 000,029,128 | ---- | C] () -- C:\Users\mahnaz\AppData\Roaming\UserTile.png
[2009/10/24 22:21:39 | 000,000,112 | ---- | C] () -- C:\ProgramData\wrWin.ini
[2009/10/22 11:57:25 | 000,106,496 | ---- | C] () -- C:\Users\mahnaz\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2002/01/01 01:22:31 | 024,605,022 | ---- | C] () -- C:\Users\mahnaz\iAUDIO - Who.Let.The.Whores.Out.XXX.DVDrip.XviD-NOGRP.[www.torrentfive.com]1.avi
========== ZeroAccess Check ========== [2006/11/02 17:24:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011/01/21 20:16:32 | 011,582,464 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/03/03 09:06:24 | 000,615,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/01/21 06:54:03 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== Custom Scans ========== ========== Drive Information ========== Physical Drives
---------------
Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: Hitachi HTS543232L9SA00
Partitions: 4
Status: OK
Status Info: 0
Drive: \\\\.\\PHYSICALDRIVE1 -
Interface type: IDE
Media Type:
Model: Ricoh SD/MMC Disk Device
Partitions: 0
Status: OK
Status Info: 0
Drive: \\\\.\\PHYSICALDRIVE2 -
Interface type: IDE
Media Type:
Model: Ricoh Memory Stick Disk Device
Partitions: 0
Status: OK
Status Info: 0
Partitions
---------------
DeviceID: Disk #0, Partition #0
PartitionType: Unknown
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 12.00GB
Starting Offset: 1048576
Hidden sectors: 0
DeviceID: Disk #0, Partition #1
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 245.00GB
Starting Offset: 13306429440
Hidden sectors: 0
DeviceID: Disk #0, Partition #2
PartitionType: Extended w/Extended Int 13
Bootable: False
BootPartition: False
PrimaryPartition: False
Size: 21.00GB
Starting Offset: 276032389120
Hidden sectors: 0
DeviceID: Disk #0, Partition #3
PartitionType: Installable File System
Bootable: False
BootPartition: False
PrimaryPartition: True
Size: 20.00GB
Starting Offset: 299101061120
Hidden sectors: 0
< %SYSTEMDRIVE%\*.exe > < %systemroot%\assembly\GAC_32\*.ini > < %systemroot%\assembly\GAC_64\*.ini > < %SYSTEMDRIVE%\*.exe > < %ALLUSERSPROFILE%\Application Data\*.exe > < %APPDATA%\*. >[2012/08/12 22:45:33 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Acapela Group
[2013/03/24 23:52:03 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Adobe
[2012/04/21 20:34:51 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\AlilG
[2013/04/25 00:00:05 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Altium2004_SP4
[2011/04/18 20:09:08 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\ArcSoft
[2010/05/29 20:11:36 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\BitDefender
[2012/08/13 14:22:48 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Cambridge
[2012/08/23 13:23:23 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Canon
[2009/12/04 01:10:33 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\COWON
[2012/01/14 23:12:01 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\CyberLink
[2011/09/10 23:01:16 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Digiarty
[2011/10/30 12:51:32 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\DMCache
[2012/12/14 19:05:55 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\dvdcss
[2012/11/19 22:10:40 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\ESET
[2011/09/14 21:49:07 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\GetRightToGo
[2010/04/26 20:38:14 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Google
[2011/05/30 23:05:56 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\HDI
[2011/01/21 02:46:36 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Helios
[2010/01/13 15:00:59 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Help
[2010/04/10 14:36:06 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\hte
[2009/10/17 22:07:21 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Identities
[2012/09/05 13:05:34 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\IDM
[2012/07/06 22:53:29 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Import Audio from Video
[2009/12/04 11:19:23 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\InstallShield
[2009/10/22 00:39:54 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Intel
[2009/12/04 15:47:05 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\InterVideo
[2009/10/21 23:10:13 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Macromedia
[2013/04/21 19:15:02 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Malwarebytes
[2009/11/27 23:07:48 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\MathWorks
[2006/11/02 17:07:34 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Media Center Programs
[2013/04/22 19:04:38 | 000,000,000 | --SD | M] -- C:\Users\mahnaz\AppData\Roaming\Microsoft
[2011/10/27 19:07:01 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\MiKTeX
[2012/03/29 19:15:43 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Mozilla
[2012/07/11 14:40:12 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Mp3 Audio Editor
[2010/05/03 14:01:36 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\MuPAD
[2010/08/23 21:10:38 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Nero
[2012/01/07 12:49:44 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\NetSarang
[2012/11/30 09:16:34 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Notepad++
[2011/07/19 23:34:49 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\ooVoo Details
[2009/11/04 14:28:10 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\PeerNetworking
[2012/03/01 15:34:12 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\PixelPlanet
[2011/08/16 15:18:36 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Real
[2009/10/22 12:01:08 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Roxio
[2012/11/28 00:53:46 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Samsung
[2010/03/02 14:59:09 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Skype
[2010/03/02 09:08:35 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\skypePM
[2011/02/27 21:49:45 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Sony Corporation
[2010/11/12 20:27:39 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Syntrillium
[2010/10/11 22:57:01 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\SystemRequirementsLab
[2012/02/21 18:55:33 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\TeamViewer
[2010/03/14 23:16:49 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Uniblue
[2012/11/30 23:01:43 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\uTorrent
[2013/04/14 19:42:15 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\vlc
[2013/03/20 14:23:02 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\VMware
[2009/10/19 09:48:48 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\WinRAR
[2012/09/23 23:26:33 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Xilinx
[2011/12/07 17:17:28 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Xilisoft Corporation
[2011/10/27 19:20:20 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\xm1
[2012/11/26 16:01:52 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\Yahoo!
[2013/03/18 23:05:48 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\{9824CBCB-329D-487F-97B1-B09FEA68CA6C}
[2013/03/18 23:05:27 | 000,000,000 | ---D | M] -- C:\Users\mahnaz\AppData\Roaming\{AF7B0CE6-0629-4425-9E54-98864D50FAB1}
< MD5 for: ATAPI.SYS >[2008/01/21 06:53:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\erdnt\cache\atapi.sys
[2008/01/21 06:53:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008/01/21 06:53:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/21 06:53:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 14:19:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
< MD5 for: CSRSS.EXE >[2008/01/21 06:54:54 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=ABCA209EBA02CB59233614DB83B4F50D -- C:\Windows\System32\csrss.exe
[2008/01/21 06:54:54 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=ABCA209EBA02CB59233614DB83B4F50D -- C:\Windows\winsxs\x86_microsoft-windows-csrss_31bf3856ad364e35_6.0.6001.18000_none_58e3e3d7e415ae4c\csrss.exe
< MD5 for: EXPLORER.EXE >[2008/10/29 10:50:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 10:59:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\erdnt\cache\explorer.exe
[2008/10/29 10:59:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\explorer.exe
[2008/10/29 10:59:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/30 08:29:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2008/10/28 06:45:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/21 06:54:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
< MD5 for: MSWSOCK.DLL >[2008/01/21 06:54:02 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=89FD0595EEA4E505CABEFCF7008F2612 -- C:\Windows\erdnt\cache\mswsock.dll
[2008/01/21 06:54:02 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=89FD0595EEA4E505CABEFCF7008F2612 -- C:\Windows\System32\mswsock.dll
[2008/01/21 06:54:02 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=89FD0595EEA4E505CABEFCF7008F2612 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6001.18000_none_b85357062d4bbe8e\mswsock.dll
< MD5 for: NAPINSP.DLL >[2008/01/21 06:54:29 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=FC62A635063B762E1C3C60EA77279378 -- C:\Windows\System32\NapiNSP.dll
[2008/01/21 06:54:29 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=FC62A635063B762E1C3C60EA77279378 -- C:\Windows\winsxs\x86_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.0.6001.18000_none_ac1d40c88f30e6c0\NapiNSP.dll
< MD5 for: NLAAPI.DLL >[2008/01/21 06:53:44 | 000,048,128 | ---- | M] (Microsoft Corporation) MD5=D1A84F7D4CAFCFE2A32149FF418056E5 -- C:\Windows\System32\nlaapi.dll
[2008/01/21 06:53:44 | 000,048,128 | ---- | M] (Microsoft Corporation) MD5=D1A84F7D4CAFCFE2A32149FF418056E5 -- C:\Windows\winsxs\x86_microsoft-windows-nlasvc_31bf3856ad364e35_6.0.6001.18000_none_6785f5c70aea4565\nlaapi.dll
< MD5 for: PNRPNSP.DLL >[2008/01/21 06:55:26 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=690D41DF1D555F96D4898A0F54EBA065 -- C:\Windows\System32\pnrpnsp.dll
[2008/01/21 06:55:26 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=690D41DF1D555F96D4898A0F54EBA065 -- C:\Windows\winsxs\x86_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.0.6001.18000_none_717f15b322749509\pnrpnsp.dll
< MD5 for: SERVICES.EXE >[2008/01/21 06:54:48 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\erdnt\cache\services.exe
[2008/01/21 06:54:48 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\System32\services.exe
[2008/01/21 06:54:48 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
< MD5 for: SVCHOST.EXE >[2008/01/21 06:53:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\erdnt\cache\svchost.exe
[2008/01/21 06:53:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/21 06:53:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
< MD5 for: USERINIT.EXE >[2008/01/21 06:54:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\erdnt\cache\userinit.exe
[2008/01/21 06:54:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/21 06:54:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
< MD5 for: WINLOGON.EXE >[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/01/21 06:54:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\erdnt\cache\winlogon.exe
[2008/01/21 06:54:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008/01/21 06:54:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
< MD5 for: WINRNR.DLL >[2006/11/02 14:16:14 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=FF78B8E67EDCE9FEED651D7858D77A04 -- C:\Windows\System32\winrnr.dll
[2006/11/02 14:16:14 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=FF78B8E67EDCE9FEED651D7858D77A04 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.0.6000.16386_none_571790f3532b2696\winrnr.dll
< MD5 for: WSHELPER.DLL >[2006/11/02 14:16:14 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=20614C9F12A3A09A5015C9EBBD4419D2 -- C:\Windows\System32\wshelper.dll
[2006/11/02 14:16:14 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=20614C9F12A3A09A5015C9EBBD4419D2 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\wshelper.dll
< %systemroot%\*. /mp /s > < hklm\software\clients\startmenuinternet|command /rs >HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\mahnaz\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2013/04/09 13:27:09 | 001,312,720 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\mahnaz\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2013/04/09 13:27:09 | 001,312,720 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\mahnaz\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2013/04/09 13:27:09 | 001,312,720 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\mahnaz\AppData\Local\Google\Chrome\Application\chrome.exe" [2013/04/09 13:27:09 | 001,312,720 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2008/01/21 06:54:17 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2008/01/21 06:54:17 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2008/01/21 06:54:17 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/04/21 19:32:30 | 000,634,648 | ---- | M] (Microsoft Corporation)
< hklm\software\clients\startmenuinternet|command /64 /rs >HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\mahnaz\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2013/04/09 13:27:09 | 001,312,720 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\mahnaz\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2013/04/09 13:27:09 | 001,312,720 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\mahnaz\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2013/04/09 13:27:09 | 001,312,720 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\mahnaz\AppData\Local\Google\Chrome\Application\chrome.exe" [2013/04/09 13:27:09 | 001,312,720 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2008/01/21 06:54:17 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2008/01/21 06:54:17 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2008/01/21 06:54:17 | 000,070,656 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/04/21 19:32:30 | 000,634,648 | ---- | M] (Microsoft Corporation)
< %systemroot%\system32\*.dll /lockedfiles > < %systemroot%\Tasks\*.job /lockedfiles > < %systemdrive%\$Recycle.Bin|@;true;true;true /fp > < %systemroot%\system32\drivers\*.sys /lockedfiles > ========== Files - Unicode (All) ==========[2013/01/26 22:41:41 | 000,023,798 | ---- | C] ()(C:\Users\mahnaz\Desktop\????????.docx) -- C:\Users\mahnaz\Desktop\پرسشنامه.docx
[2012/08/12 22:10:08 | 000,023,798 | ---- | M] ()(C:\Users\mahnaz\Desktop\????????.docx) -- C:\Users\mahnaz\Desktop\پرسشنامه.docx
========== Alternate Data Streams ========== @Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:010ADD2C
< End of report >
******************************************************************************************
Extras (second OTL report):OTL Extras logfile created on: 4/27/2013 10:59:01 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\mahnaz\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.87 Gb Total Physical Memory | 0.77 Gb Available Physical Memory | 41.03% Memory free
3.98 Gb Paging File | 2.68 Gb Available in Paging File | 67.35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 244.68 Gb Total Space | 42.63 Gb Free Space | 17.42% Space Free | Partition Type: NTFS
Drive G: | 19.53 Gb Total Space | 2.92 Gb Free Space | 14.95% Space Free | Partition Type: NTFS
Drive H: | 21.48 Gb Total Space | 3.04 Gb Free Space | 14.17% Space Free | Partition Type: NTFS
Computer Name: MAHNAZ-PC | User Name: mahnaz | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (All) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- regedit.exe "%1"
.scr [@ = scrfile] -- "%1" /S
.txt [@ = TXT_File] -- Reg Error: Key error. File not found
.vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromiumHTML] -- C:\Program Files\WebFreer\webfreer.exe (Appaxy Inc.)
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- rundll32.exe C:\Windows\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1"
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DisabledInterfaces" = {7159EA8C-F7DE-47F0-921D-F2A7D672CB5D},{976B8E07-7E59-4EC5-A42A-EC91D3193D08},{BD263571-F6DE-41E2-8487-36FC90FE27EA},{3216F67A-F1D5-4887-9CF3-41A1042B3CAC}
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{008684B0-BA3D-4CE9-83D4-C0B1244366CD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{01F71A32-E6CB-4B58-A649-5BFCF68591BE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{04B3B978-0E5C-4771-B42C-7B6A9193B5F8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{0537EE40-276F-4006-A6FC-E8632931C31C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{08FB0A7E-1D45-4D19-B72F-6C9FB0198A36}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{098F1357-79F6-4421-A7EA-C03CAF3D19E1}" = lport=443 | protocol=6 | dir=in | name=oovoo tcp port 443 |
"{0A5C83CD-DEF2-48EB-B2B8-845A8E693202}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{0B58776E-8984-44A0-91F2-040D82B3B0AC}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{0CE63EDD-9C36-4CDB-A8DC-3EB0FDEE0087}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0D532C6F-DCE3-4108-A0D7-2ED0E7225C8C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{0D656938-1009-4FAD-AB08-2D332B3568DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{0E13CA55-0EE1-4F84-9252-440ECB354722}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{10364EE2-634D-45C3-9BD4-4A40003D6B34}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{11D6C3BE-6045-4976-9AAF-D63F58756BF5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{14AFA7BF-D9C6-4B04-B1D4-88D1055E5310}" = lport=37674 | protocol=6 | dir=in | name=oovoo tcp port 37674 |
"{156B305C-F492-4A47-A9A9-B443FB9EBAFF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{196301AC-D942-4C97-B60F-7B6CE7FD45A0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{1B2A46B5-77A1-4011-BAD4-4BAFDCE3141F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{1B760A46-D7BB-46C9-BE7C-2A2E1E254D8B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{1BB4A0DD-4C3D-44C9-9434-C525A6AD7ABC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{1D307767-A5D8-48F3-A90D-F676DA1831A6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1D8136F3-DB11-465A-82E7-D454919F0913}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1EE1F92E-86B6-47F2-8F9D-C0D341E0447E}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{1F9669F0-D468-4B9E-A43A-88101C7A45BD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{226C0438-866E-4F55-9874-A5ABB9B01AA1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{25D3A09E-A51C-4A8C-AD04-7EE17462B1F0}" = lport=2869 | protocol=6 | dir=in | app=system |
"{263617D9-58AB-4434-B6A6-F917CAC8032A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{28D811A5-11D7-4928-BD91-BC34B433F87E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{29462AAC-ED75-4BCF-B8C8-65CE73F2EAF9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{29ADEB17-FD23-40DE-BDAF-75D30DFF1304}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2CAED533-DC16-4F4B-8C5E-FE857D624E14}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2E39B2BF-5BC5-4D43-8D2C-D8FD26B11343}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{31EF931C-0851-48D6-95F2-EABB241A206D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{335FC6C8-BEBA-47D6-8E89-3B684223AF62}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{343057E4-94C8-41C5-B5A3-20EB0DC46907}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{35102C51-D8E2-4582-9F6B-C6A6F0EBC2B2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{37190F8C-B392-49DE-95AC-E1F7F3B207C9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3819C937-AAFA-46B3-8F9E-616EF5E42627}" = lport=2869 | protocol=6 | dir=in | app=system |
"{394995ED-F6D0-4407-A8D7-E042A54C121F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{3B75EE75-6C84-4B61-85C4-DCFA1D541CA1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{3C38F3E8-780F-4D8B-9A31-A5117FC639E5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3D188A27-972A-454A-A99C-8CD87FE5522F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{3ED4615D-D2A1-4F93-AD03-B9B657B2ED3D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{3FC27FE6-035C-4E27-B7BA-47FF041AA99E}" = lport=37674 | protocol=17 | dir=in | name=oovoo udp port 37674 |
"{4372298C-0EA1-4A77-ACCF-F2C2F5F913DC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{44EC53A6-633B-4C04-A572-20515AD1AA00}" = lport=2869 | protocol=6 | dir=in | app=system |
"{48A70670-DCC2-449C-ACCB-0F596D100CC3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{4C82511E-EEEE-42AB-9D7F-5A9D99D57307}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{4C9CF738-B708-4C22-87E4-00B530AAE37A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{4EA644FD-210A-4191-9911-59FE8D56F0F5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4EB64D7F-956F-4068-B72E-2492BECF581C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{4F8E3FC7-CF41-4EF3-8875-3C7F5E3FA0D1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{504DBDEF-89E3-4562-AFBF-759185263726}" = lport=443 | protocol=17 | dir=in | name=oovoo udp port 443 |
"{5152ECF8-7365-4D2E-8AA6-110FBFA89574}" = lport=2869 | protocol=6 | dir=in | app=system |
"{57375B9F-5A98-4F4B-A45E-09060F7DDBF3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{57A0E6F5-046B-4304-ACC2-79E8347B4B05}" = lport=2869 | protocol=6 | dir=in | app=system |
"{59FFB468-06AA-487D-B7D3-123523B41BF8}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5C44E04D-698A-4B86-97DD-AC158E075EA9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5C912BB8-BD62-4E95-99AD-DC013807D5BA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{5FB53B60-55E6-4EB4-B228-E085E367AB62}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{6114DCFC-F3EF-4471-B056-06BC05385611}" = lport=2869 | protocol=6 | dir=in | app=system |
"{628851C7-0383-42C0-854D-AAED234345BC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{6364F638-2544-4161-A52A-9203D3AB6C59}" = lport=2869 | protocol=6 | dir=in | app=system |
"{638BB400-DD63-435A-B955-C89267E6FD35}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{64B62D28-8E57-40E2-B6C1-0859E62CE22D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{65BC5A33-ECCD-4D26-90B3-8ED05B79C4F7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6775D597-9264-44A7-8256-1244D1478A23}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6B1752FF-16DB-422A-B410-AD3D07D877BE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6C654C23-5BE6-4AC2-A8E4-EBB92315FA76}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{6C6F8C66-3C24-4AEC-9E20-D004C4BB1C95}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6EB705A8-63C7-42D2-AE0D-FD53DBB3071F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{71A0FBDA-AC5F-4109-9EBE-EBDBD5087A8E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{73518885-F15C-4B34-BF54-278237215AE0}" = lport=2869 | protocol=6 | dir=in | app=system |
"{772FE1E9-8149-4405-A246-4A94D3159D94}" = lport=2869 | protocol=6 | dir=in | app=system |
"{78CCA86C-01DD-47F7-8B34-A5A70E3FE489}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{791C014B-E542-4507-AD33-39051F43B2C2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{7AA9FE22-84C3-4B56-9505-7F21AFB6A58E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{7B38C402-4C0C-43D8-A285-F703FD10C7BC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7C50F012-1ABF-4D5E-9B00-23ACB03D5A5C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7C7BDD53-53D6-4594-9DF5-7AB5F4A03939}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{7DB19F10-C789-4A10-ADCA-3FFBF575DAE5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7EA3054C-15D2-48EC-BD2C-96933B642566}" = lport=37675 | protocol=17 | dir=in | name=oovoo udp port 37675 |
"{85854BA5-C957-4274-8AB4-015DBF0421FB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{88191B7F-92EF-4518-A339-B06CC567E511}" = lport=2869 | protocol=6 | dir=in | app=system |
"{884361E4-D43B-42B1-ACEC-8A9266AE7B3C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8AB1C3A9-17EE-4B00-B349-3BED12E42D34}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{8AE0CCFE-70F8-4D36-9469-9ED07FE748F2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{8C57EBCC-C09D-41CF-950F-3BDE7294EF99}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8DD3C791-D160-468F-B5E2-D0456D745E8D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8F0A8B72-E0AC-4D22-81FC-AC8EDBB68F5D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{90555581-14E9-4584-BE06-1F2C67555A6C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{90D90F37-C8BB-49BA-BB9C-38D39CA5F90D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{91FAAD1C-E661-4E29-9373-116CF59DF3BC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{93B691EE-E79C-4B49-A489-932EE0B0FA32}" = lport=2869 | protocol=6 | dir=in | app=system |
"{94649015-3196-43F8-ADB2-5E8754EFDED1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{972B5F06-D731-49E8-AB82-24F849A2D5BD}" = lport=2869 | protocol=6 | dir=in | app=system |
"{97D29C79-F867-40C6-AFFD-C65DE2FC01B1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{98C704EB-DFCA-4281-8003-1D4BD7624EF1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{9A667642-8546-46B1-BB46-7B7AD85CD58F}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{9AF4FD92-B86D-4F3A-B423-24D4FED352DE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9F8F7C79-AA4B-445E-89C1-A791F0277C83}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A4D171C0-D875-4D9B-B6A7-23F6FDD0467C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{A64AE9C1-8451-4132-AADE-C030B578DDF1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{A663106E-83A9-46C4-8995-7EFB92347691}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A6EAF772-E80D-4F5D-9D87-89BDC19164BD}" = rport=445 | protocol=6 | dir=out | app=system |
"{A775B79F-3FE5-4117-B114-8502971163BD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{A834ABE0-B8AC-407D-BA3F-A283AF683711}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{A8D7E297-6DB0-47B5-BFB4-EB7ED728AF13}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{ABEC8FF9-B940-483C-B4D8-D0F4CD6F2F38}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{ACDF1590-12E4-442D-A732-EE49DDC3E8CE}" = lport=138 | protocol=17 | dir=in | app=system |
"{ACE06C17-8DDF-4465-9EB5-4BD0707565B6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{B11C5F5F-8EE3-4D5A-9A7A-17288673F4EB}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{B1DBEAF4-3384-470B-8ADF-DF0ECE14A10E}" = rport=139 | protocol=6 | dir=out | app=system |
"{B32317A1-6A45-47E7-BE7A-392A6A35E1C1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{B5EEDA27-73FA-4908-86D3-0C7E2FEF6398}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B6D17E84-A13C-44FD-A0B3-A9A1AB7F74D1}" = lport=445 | protocol=6 | dir=in | app=system |
"{B863CA96-AD0F-4C2C-984A-A454AB8FBF8D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss |
[email protected],-28539 |
"{B90B288E-DDA4-4A99-A085-8D58E5D4073A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BB7C2135-5F2B-4AD4-8574-3A73B25ADE75}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BD8C0F95-0E85-4E83-B052-DC73A74C6BAC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{BDCB09CB-80B9-4F1E-BCB3-C46A6ABDFBD7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C8700DBA-BC26-4BDE-B2D1-82CB1CE83833}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{C9F48640-FADA-493C-952B-F7310B3B8A1B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CBAAE686-43B3-470F-99B4-D2B61B625710}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CBE6F29F-975F-4B9F-9017-B2AF6BE948E1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CC2F2182-F23B-4838-8532-EC637D807FAA}" = rport=137 | protocol=17 | dir=out | app=system |
"{CD73F541-097A-468E-A80F-72A5362F0251}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CE187289-9F1D-4133-AA8F-2A4C98905876}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D086C542-52E9-418F-9AB7-A1D17FCED519}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D135918D-30C6-4F1C-A815-D84F08A3C8B7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{D38F3D3F-1287-4921-8B69-5456AD956A9E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D5EDEA24-A9FE-4B80-BA70-E5B796A60D1A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D6390CCD-211D-41F2-8262-585E3B6955F6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DBDD614B-2CFD-41D5-99C0-DF4D718382BB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{DBE0AAF1-6780-4F7E-99C2-B8058F30586C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{DF265439-4C22-4DBE-8829-8E0DCF20116B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{E37D49B8-9825-46A9-B305-FB24063931B6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E44024BA-684F-4640-B82E-EB4AC22460AC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E48AE047-21F7-4A14-93DB-CA1E9A11BCA2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{E6AD9584-609B-4D1A-B16B-C73AB318E6DE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{E6C6D6CA-00E0-44B9-8D04-B3AB69A80662}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{E7BA31FA-A9FD-4F0B-A76A-6966E2749457}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{E84E5880-CC1A-4E84-B67F-9BC9F929C79F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E872ACF6-4CCA-4968-BD6E-79245D0EB9FF}" = lport=139 | protocol=6 | dir=in | app=system |
"{EC216117-AF2E-4B78-BAAD-F8948CD1837A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{F0218C9D-ACBA-4E38-84DB-8E06908AEFC1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F0D0E2B5-44B4-4633-9FED-FD3DC824D320}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F3F0280A-4113-46BF-89DB-AB406B179CAF}" = lport=137 | protocol=17 | dir=in | app=system |
"{F4830A2C-1FF0-4FB9-BC0C-117C33B7ABBF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{F4860900-F1F2-4963-B589-62BF8337643A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F5BD361F-3374-4DF5-B72B-8709A925C04A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{FA0889EB-215F-4E22-BDF2-8D35A6FAC09B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{FA81C6F3-9A40-4A0C-AA47-B498250EFA25}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FACEDCEC-E3EE-45CF-8218-68F3C0771F61}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{FDED8139-3681-4D98-B21A-CF0824E9212B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{FF066E69-F11C-4273-8DF1-E31E46CB0AB9}" = lport=2869 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00D89C35-26DA-4A04-A0DB-EC44D5E6B18B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{05053575-F992-4BD5-8070-401D29EA4FEB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{052A718F-CD5E-4CFA-ACB1-2618250ADF0C}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{0656BB4A-D0E4-4F40-85D0-4E4D752FC860}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{07F0999F-4D23-4A71-B94E-AE3335807AB8}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{0881893C-3985-4872-B378-81FE40CA4F79}" = protocol=6 | dir=out | app=system |
"{0B687129-2D5D-4921-ABFB-46BC95CDFE8B}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{0D3C3C1D-DAE8-4494-B768-A89C94192C17}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe |
"{117072D7-ADFC-49C1-B840-AB883AFC0597}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{1336F524-C5DB-4FF2-9F38-7B0CA70A35A9}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{1341E0DC-39C6-41EA-820A-A29BF331CBF1}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{13437F6E-BA15-4869-A403-57AA8DF88ECE}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{13F4CC88-31BD-4DD9-9846-B8E62A174D78}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{14632146-1C04-4090-9146-B656F97263BA}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{148715D1-67AE-424F-A9AF-E358AB69CCF3}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{1670087D-E485-4635-A8E4-A36BA8608693}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{19CC37B4-89A3-4159-8D2C-53A5BC60D4A4}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{1BDBE7D2-6ADB-4F41-B9F1-1ADAF6BDAC73}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{1D3D1DAC-3821-488C-B016-EC92824F5705}" = protocol=17 | dir=in | app=c:\program files\serviio\bin\serviioconsole.exe |
"{1D4BEC34-0717-4A33-ABD1-346D63DE4477}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{1DABC4F9-A313-4E7F-B8FA-E89F491209CA}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{1DE4CDD5-883A-4869-A561-F058DD001A89}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{2258317B-53B7-4EB0-8227-07CF1EC3CFE8}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{24630BF1-BD0A-44B3-BFF6-109CCFD91D82}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{24B4B2EE-384C-4F9C-887B-9DFB43DDF3D4}" = protocol=6 | dir=in | app=c:\program files\webfreer\webfreer.exe |
"{2665AD42-3512-4A3D-B966-AEC76F06C9EB}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{276F34EE-DD4A-4B22-BD13-D6C0F19485F2}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{27BFC5AE-6A6F-41AF-AFC3-CED0339C81CB}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{28F411A8-6F02-432E-9FD6-437FF90673FE}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{296F5682-4068-4F91-B868-6D9AC3C8241E}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{2A2A342F-57A2-4C99-A3F8-740C8C03E456}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{2A2EB5C1-32B0-4C84-B3E5-6D6B21FE0CD1}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{2CC6D0D0-5451-4B23-BEE6-881ADF522066}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{2FB2F581-8E57-4B73-AFF7-E9A4EA4D773D}" = protocol=1 | dir=in |
[email protected],-28543 |
"{337C34D2-265C-4AEC-9F75-31D9A6B7550F}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{360A7395-90C3-4E28-86B5-C1281D893557}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{364C3C2C-5251-4223-820D-9ABB7B6700D9}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{36CDE28E-AB69-4990-8194-BEA76DA12CFE}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{3A1F6826-7A7D-46A0-85B6-CE524577C3BF}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{3A820236-B99D-4668-A38E-1F2F686EE967}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{3A9676E6-4345-4420-8D7B-3B514D729099}" = protocol=1 | dir=out |
[email protected],-28544 |
"{3ACE19F1-EE31-4308-BF88-7A0E547D511C}" = protocol=6 | dir=in | app=c:\program files\serviio\bin\serviioconsole.exe |
"{3BE757B4-BFAA-4427-94FC-C833041B1F81}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{42C529C3-047A-4AD1-B914-8CCB158D67D6}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{45AEA9A2-6122-4CFF-9211-9D0AC86387A8}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{46386C1D-F8B5-40E8-A632-69AF3A4DBE5B}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{471B0417-A196-4682-8F77-3779C7F447D0}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{4822FC3A-E63D-48FE-874A-AD7EA628B086}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{499B53DA-7595-43D9-BC86-731C701C6085}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{4CC54C0C-F9BF-4B38-BA5C-F7AD9234D807}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{4CC6C2E3-015F-402A-9A56-B91EFED002B8}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{52B75313-CF03-4C86-A839-092D320629FF}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{52BD58BF-D3BE-4971-87D7-005981E68B1A}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{52FFE4B4-B434-4229-9A8F-04D04A8E5E1A}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{53407079-D2F3-400A-9A36-4C8391A835D1}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{548F6D65-3B7B-4391-B119-8DFFA7D4CF0B}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{55BA10AD-77A9-47E0-BD2D-C795BDDEC236}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{56034F4C-A92B-410E-ADCD-79851A1C5308}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{56ADA928-665F-4671-A0EB-C4CEE4D0F5B2}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{56D3E1DF-A8CB-4587-A6D0-4E63483488CC}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{57486F97-4858-475B-B6EA-71E5EFB9A677}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{57545689-BBEC-4175-A749-9876C0132C80}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{59E69DB5-815A-42C2-BA1A-7532A5C0F6D0}" = protocol=6 | dir=in | app=c:\program files\serviio\bin\serviioconsole.exe |
"{5A0A0D36-1CA2-4EEE-B257-89BA047D3B5F}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{5EA5407F-8729-47E0-BF02-B3B8C9735046}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{62CF0BC7-A71B-419B-9A11-68370561CE26}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{63956DF3-12EC-4900-A780-472EBB69A475}" = protocol=6 | dir=in | app=c:\program files\netsarang\xmanager enterprise 3\xmanager.exe |
"{64C7E7B8-0913-4C39-8534-4083C34177F8}" = protocol=17 | dir=in | app=c:\program files\common files\sony shared\sohlib\sohdms.exe |
"{659216CF-5B93-4F9B-B7BC-3D31B3E6A279}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{68D5038E-4DB7-4AD0-BC13-0086EA66624E}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{69A8416B-59BF-426E-9DD7-E49F6B776C6B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{6BA89A39-7952-4994-AB8D-C8C1BB968025}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{6C34BBB1-9483-4667-9B70-100930D20095}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{6D65500A-9759-422A-B89F-42E9203CCB7A}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{6DD397C8-ED14-42F3-AE08-81E1DC007DE2}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{6EA9F3C8-DFAF-4AB9-93B1-2060C78ECF43}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{71767E84-77F6-4725-A233-FE855BC58417}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{7182D321-912E-4BBB-A838-C1C9620943DF}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{72C1A44D-E291-4499-9EC0-DF4313F22F50}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{73CE506F-06F5-4E23-961E-CD3CB3F40B7E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{73FA10C8-C5F5-476A-A820-640E7C3490A4}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{74CB7245-E32C-4435-B39B-E0B821C7E049}" = protocol=6 | dir=in | app=c:\program files\sony\vaio media plus\vmp.exe |
"{7563F072-CF9B-44EC-82FB-DDB2E713E085}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{76E65B4B-B750-43E5-AB1B-C3743B8758F3}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{77C9BB7A-0E64-4301-9A8F-80D6811DF6A7}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{785D1C57-AB33-4801-ACA7-11CDA6EAC965}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{7A6E5A19-3E6C-4C04-88A2-242DD6E02CBF}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{7ABA7E34-8326-44AA-9138-E0EB64997840}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{7B23A094-6DCF-4433-8704-C81A5D29EE4D}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{7BD84810-2251-403E-AAAC-5912641C2BF5}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{81419B74-3E11-49C9-98AB-B465A28C87D4}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{8363B69D-4522-401E-8B9D-BF045BD18214}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{86B5FFC2-3851-49B1-8769-BB93FCB37B67}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{8824E4F9-C2C7-465F-A94D-76B15B49DCE5}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{8887167E-E06F-4622-A0E5-862CBBEFE66A}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{8B614F26-1933-479A-A2DE-CB90D319F056}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{8BFAD199-A12C-4E95-B6D7-0AD63A6FD60A}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{8D16DDCE-F6C0-4FE1-81FD-173B0DABA6F9}" = protocol=6 | dir=in | app=c:\program files\vmware\vmware workstation\vmware-authd.exe |
"{8EB55CCE-CB04-436E-ABAE-6F557B9EC5FF}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{8F855CA2-F9B3-40BC-8DF0-2513D8224CFE}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{8FA3DDA9-A2E9-4114-A8B2-1F58EC8AB902}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{8FE429A4-E49C-4EFC-ABAB-1279D563EFF9}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{901CF0B4-B5BE-4A58-8813-00CC82B6FBF4}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{909B03ED-D1DC-4216-9C9C-9F97F859B704}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{915B9E6C-C9B4-48AA-9DDC-257DFFF1B997}" = protocol=6 | dir=in | app=c:\program files\common files\sony shared\sohlib\sohdms.exe |
"{95329E1F-55D8-4331-9CD5-A7784674FE77}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{9554BC47-C6F7-4851-88CF-29AE7D2700A8}" = protocol=6 | dir=in | app=c:\program files\common files\sony shared\sohlib\sohds.exe |
"{9556BDD1-F199-4CF5-B801-38678A1083E4}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{9704B120-DD94-44C0-B595-218B492C2693}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{97E6A15F-697D-4A02-8143-35AB9DA06CFE}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{9CD75DA7-7650-46C9-8FBF-062738F74E30}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{9E721FE9-0F41-49AB-8F4E-3E5D76238F51}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{9FBA767E-A165-4137-A25C-85BA0FB1FD68}" = protocol=17 | dir=in | app=c:\program files\vmware\vmware workstation\vmware-authd.exe |
"{A02EED78-88EF-4CC8-A2CB-CFF9FE9A36B7}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{A0851893-7C09-462E-83CC-76D2B19CF51D}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{A13B356C-1160-4A7F-AA2E-78741EF8CC8A}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{A6542825-7190-4B60-B012-DC2DC1769081}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{A6A19A94-CC05-4A0D-BD6C-15756A2552E8}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{A75F65A8-94E3-4841-81A2-1AC6CFE7A024}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{A8E406F0-740A-4FCD-9920-139B0BC0A52D}" = protocol=17 | dir=in | app=c:\program files\arcsoft\totalmedia 3.5\totalmedia.exe |
"{AA36F000-36E1-45D2-9FB2-FE30914F62CF}" = protocol=17 | dir=in | app=c:\program files\sony\vaio media plus\vmp.exe |
"{AC8A52C7-F05E-444A-8D41-BF1149FCDD24}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{AD16D62B-9943-4957-A86C-3E7890CB530A}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{AE6141CC-A2CC-4C90-9E5B-89CECF1ACBCB}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{AE6AD336-8B60-4B27-8BE9-C71BD7566454}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{B0DC98FF-D55E-47C4-8B11-819C48EB9D0E}" = protocol=6 | dir=in | app=c:\program files\netsarang\xmanager enterprise 3\xsound.exe |
"{B463CE8C-34BB-4719-B8D3-0D586FFC8555}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{B4AC196E-F363-4F17-8240-044C332B7C4B}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{B5DD8132-9C1B-4569-8E94-6975B1AF1993}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{BAD8A50B-D394-4971-83FA-004ACB8E1314}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{BB03DB2A-DE37-4C02-AF92-60DF43275CB6}" = protocol=58 | dir=in |
[email protected],-28545 |
"{BB9E81B7-E365-4418-927F-04310353BEBA}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{BC281800-1476-4138-8343-F8B8AE0844D1}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{BD0C9996-AC5E-4FB4-BE92-6799152E53CC}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{BDF2D946-6AEB-4030-8AAD-00543D3F12E4}" = protocol=6 | dir=in | app=c:\program files\serviio\bin\serviioservice.exe |
"{BEA44C07-A4FB-457F-B799-AC909BF0761F}" = protocol=17 | dir=in | app=c:\program files\netsarang\xmanager enterprise 3\xsound.exe |
"{C0066BF0-F7FA-455D-AE95-53A4BF11F9B7}" = protocol=58 | dir=out |
[email protected],-28546 |
"{C059101B-41FC-40E4-B437-2AE2A494F947}" = protocol=17 | dir=in | app=c:\program files\serviio\bin\serviioservice.exe |
"{C1B14A03-9826-4380-8548-89392D58A4CB}" = protocol=6 | dir=in | app=c:\program files\arcsoft\totalmedia 3.5\totalmedia.exe |
"{C248DF13-8C30-4340-B350-E39375A8D3A4}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{C2CB247F-6277-407D-AC7E-D0BFCFDC5FF6}" = protocol=17 | dir=in | app=c:\program files\netsarang\xmanager enterprise 3\xmanager.exe |
"{C64962C9-6CDA-451D-914C-3A90370E291E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{CC00A82C-166B-4AD1-BE0F-766B6FA81952}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{CF9D68AA-3F73-4C12-83C6-1A8CBCB242A0}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{D25B7B0A-05A7-4768-9D80-794BAEB4BE0B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{D350D014-D705-415F-995C-D5BE4B1F5187}" = protocol=17 | dir=in | app=c:\program files\common files\sony shared\sohlib\sohds.exe |
"{D3E3DACF-3946-4B6B-A39C-A53413EE30CD}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{D6716F7F-5314-49D2-B819-C50AD4E9A2A4}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{D6F6C4A2-F8BF-4219-ACD5-3E54B42EEBCE}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{D85D9694-9F61-4F02-A9AA-3DCA8EE15567}" = protocol=6 | dir=in | app=c:\program files\common files\sony shared\sohlib\sohcimp.exe |
"{D86E5C0A-8CDC-4A03-B2EC-980F554DD0DF}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{D92E6013-DA52-4FC3-8FEB-F556E4D62E38}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{DCD3F054-B393-4E79-90EF-0E504172058F}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{DDE083AD-F53F-4C00-A681-447F50DC6D43}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{E04618B6-FCA4-4B75-8BC4-BA64FB2051C4}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{E1104433-5B2C-4B0A-B11D-EF28B1A98B54}" = protocol=17 | dir=in | app=c:\program files\common files\sony shared\sohlib\sohcimp.exe |
"{E3DEB179-832C-4A28-9008-F21633C8FFF1}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{E49B779B-BAB5-447E-88DB-3FD789BD4495}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{E4FD7963-633F-48D5-8B69-5040075AE2BC}" = protocol=17 | dir=in | app=c:\program files\webfreer\webfreer.exe |
"{E6BADA9D-8770-4ED1-AD9A-49B9DA269669}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{E6F2EC8F-A4F4-4E6C-B53E-B98ABFC7F8DE}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{E87DC5DF-5834-4776-A19E-C84864EEE7ED}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{EAF3D6C0-CB75-44BF-ACF6-1B3F2971B6D1}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{EBB6728F-C6CC-4086-ACA1-C34263DE8EEC}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{F0201256-CFD4-4646-A641-BB358C690BAF}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{F2E3CB18-FFB7-4A20-A4BF-483F1C2A5811}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{F8E68BA8-1906-4BFD-BC8E-E28FADBE28C7}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{FB6E6DEC-952A-4884-9F3E-FF0C0C03A6BC}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{FE097A48-62A5-45D8-A9CA-E8EB89D4E36B}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{FE9BA991-7189-4DCA-8369-FD2D4733AF61}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"TCP Query User{02D71B48-D259-4AAC-97E7-4DC1D3158351}C:\program files\microsoft visual studio\common\tools\vs-ent98\vanalyzr\varpc.exe" = protocol=6 | dir=in | app=c:\program files\microsoft visual studio\common\tools\vs-ent98\vanalyzr\varpc.exe |
"TCP Query User{2B13C5DD-52DA-4809-AE4B-8B68F1588927}C:\xilinx\12.1\ise_ds\ise\bin\nt\unwrapped\isimgui.exe" = protocol=6 | dir=in | app=c:\xilinx\12.1\ise_ds\ise\bin\nt\unwrapped\isimgui.exe |
"TCP Query User{3427AA58-6F0E-4E39-9407-13EAE80F44CA}C:\ccstudio_v3.3\cc\bin\tracecompmgr.exe" = protocol=6 | dir=in | app=c:\ccstudio_v3.3\cc\bin\tracecompmgr.exe |
"TCP Query User{3DB56187-B14D-463A-8BD7-CAED3AAD68A4}C:\program files\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files\oovoo\oovoo.exe |
"TCP Query User{3FAB983E-BEEE-481F-8FF4-DBBCDF93D7FD}C:\program files\www.cproxy.com\cproxy.exe" = protocol=6 | dir=in | app=c:\program files\www.cproxy.com\cproxy.exe |
"TCP Query User{3FC22C97-DFFB-41DE-BF22-0237E471846D}H:\برنامه\u96b.exe" = protocol=6 | dir=in | app=h:\برنامه\u96b.exe |
"TCP Query User{4BDB5AED-546D-4CC4-B613-A76A240C43B3}C:\users\mahnaz\documents\downloads\programs\fg731p.exe" = protocol=6 | dir=in | app=c:\users\mahnaz\documents\downloads\programs\fg731p.exe |
"TCP Query User{4EEAA039-B59A-4B7B-B723-8B795D02D281}C:\ccstudio_v3.3\cc\bin\traceserver.exe" = protocol=6 | dir=in | app=c:\ccstudio_v3.3\cc\bin\traceserver.exe |
"TCP Query User{58863848-36A4-4316-8439-0155140680A2}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{5929CF9E-7390-4DDF-A2E8-EB67D2BDD717}G:\software\utorrent.exe" = protocol=6 | dir=in | app=g:\software\utorrent.exe |
"TCP Query User{72FCC0D5-E1AC-4ECA-808D-01F997693EC0}C:\ccstudio_v3.3\cc\bin\tracecntrl.exe" = protocol=6 | dir=in | app=c:\ccstudio_v3.3\cc\bin\tracecntrl.exe |
"TCP Query User{737DB182-1EDE-44BA-97F5-5AD833CA4E0F}C:\program files\dap\dap.exe" = protocol=6 | dir=in | app=c:\program files\dap\dap.exe |
"TCP Query User{7B4394C1-D0E3-4974-A317-23F5F655A445}C:\program files\puff\puff.exe" = protocol=6 | dir=in | app=c:\program files\puff\puff.exe |
"TCP Query User{8FB2F076-AFBB-4E59-A113-2BA65B13D356}C:\lord\irantv\irantv.exe" = protocol=6 | dir=in | app=c:\lord\irantv\irantv.exe |
"TCP Query User{93E1FE97-AAA8-4C84-95A3-C4398B8CF115}C:\program files\puff\puff.exe" = protocol=6 | dir=in | app=c:\program files\puff\puff.exe |
"TCP Query User{999FAF85-BFC6-4DCC-B264-16C12C84BD3E}C:\users\mahnaz\desktop\u96c.exe" = protocol=6 | dir=in | app=c:\users\mahnaz\desktop\u96c.exe |
"TCP Query User{A16A41A9-860D-4789-917B-C5FDA66D86AB}C:\program files\opnet\14.5.a\sys\pc_intel_win32\bin\modeler.exe" = protocol=6 | dir=in | app=c:\program files\opnet\14.5.a\sys\pc_intel_win32\bin\modeler.exe |
"TCP Query User{BEAB8CBB-0190-4278-AEBF-AACA4B29E34B}C:\ccstudio_v3.3\cc\bin\cc_app.exe" = protocol=6 | dir=in | app=c:\ccstudio_v3.3\cc\bin\cc_app.exe |
"TCP Query User{E63CD1B2-2B5D-431B-BEF2-025BFFAE4CCD}C:\program files\altium2004\dxp.exe" = protocol=6 | dir=in | app=c:\program files\altium2004\dxp.exe |
"TCP Query User{E9EF3D3F-C2FA-4BF7-9FE2-84849F0ADA88}C:\program files\progdvb\progdvbnet.exe" = protocol=6 | dir=in | app=c:\program files\progdvb\progdvbnet.exe |
"TCP Query User{F26079EB-8B0B-46C0-A874-A73E0A848319}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{0A2B037A-1BFE-401C-912E-EE5FC163B4CD}C:\program files\altium2004\dxp.exe" = protocol=17 | dir=in | app=c:\program files\altium2004\dxp.exe |
"UDP Query User{0F81F38C-E9CE-4DE6-AA44-4E28A3DDD646}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{10696A6C-B7B5-462E-B685-E19E68A32D5A}C:\program files\microsoft visual studio\common\tools\vs-ent98\vanalyzr\varpc.exe" = protocol=17 | dir=in | app=c:\program files\microsoft visual studio\common\tools\vs-ent98\vanalyzr\varpc.exe |
"UDP Query User{1C39FF94-CF4B-4B14-98E3-328B4CB176D5}C:\program files\dap\dap.exe" = protocol=17 | dir=in | app=c:\program files\dap\dap.exe |
"UDP Query User{3C1CB9B2-9D56-4BE9-9596-58D77B02AA59}C:\lord\irantv\irantv.exe" = protocol=17 | dir=in | app=c:\lord\irantv\irantv.exe |
"UDP Query User{42126146-0B5D-431C-97D1-3EE8C904CA99}C:\program files\progdvb\progdvbnet.exe" = protocol=17 | dir=in | app=c:\program files\progdvb\progdvbnet.exe |
"UDP Query User{4B173EA1-412A-4E2D-B20D-A2BCB0BFBAC8}C:\ccstudio_v3.3\cc\bin\tracecntrl.exe" = protocol=17 | dir=in | app=c:\ccstudio_v3.3\cc\bin\tracecntrl.exe |
"UDP Query User{55E52353-8D10-49F5-A33C-1A74EA0A7E70}H:\برنامه\u96b.exe" = protocol=17 | dir=in | app=h:\برنامه\u96b.exe |
"UDP Query User{5737DC36-D992-4CDA-9F99-71B1FB481B1F}G:\software\utorrent.exe" = protocol=17 | dir=in | app=g:\software\utorrent.exe |
"UDP Query User{63F96406-345D-4B4B-A3E8-ECA161057EEE}C:\users\mahnaz\desktop\u96c.exe" = protocol=17 | dir=in | app=c:\users\mahnaz\desktop\u96c.exe |
"UDP Query User{6457E261-7859-44B5-A665-79667BCF19B0}C:\ccstudio_v3.3\cc\bin\cc_app.exe" = protocol=17 | dir=in | app=c:\ccstudio_v3.3\cc\bin\cc_app.exe |
"UDP Query User{6ED6A0F8-3384-45CE-B61F-E9FEF14F5603}C:\ccstudio_v3.3\cc\bin\traceserver.exe" = protocol=17 | dir=in | app=c:\ccstudio_v3.3\cc\bin\traceserver.exe |
"UDP Query User{7610EB79-48F9-4388-80FD-33C643495CF0}C:\program files\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files\oovoo\oovoo.exe |
"UDP Query User{8687FE0D-19F8-4093-960D-A0070AAC3A0C}C:\program files\www.cproxy.com\cproxy.exe" = protocol=17 | dir=in | app=c:\program files\www.cproxy.com\cproxy.exe |
"UDP Query User{999F546B-3A58-4732-B0E7-CE4237B8575A}C:\program files\puff\puff.exe" = protocol=17 | dir=in | app=c:\program files\puff\puff.exe |
"UDP Query User{9BB3E184-3813-405F-979C-7EC1D1EAA6DF}C:\program files\puff\puff.exe" = protocol=17 | dir=in | app=c:\program files\puff\puff.exe |
"UDP Query User{A191A3A2-91AE-4C68-A154-45FEB609201F}C:\users\mahnaz\documents\downloads\programs\fg731p.exe" = protocol=17 | dir=in | app=c:\users\mahnaz\documents\downloads\programs\fg731p.exe |
"UDP Query User{A501EFDE-264C-4A63-AA65-563400122736}C:\ccstudio_v3.3\cc\bin\tracecompmgr.exe" = protocol=17 | dir=in | app=c:\ccstudio_v3.3\cc\bin\tracecompmgr.exe |
"UDP Query User{A5482CC0-3BB4-44DA-86C0-A0577F552F54}C:\xilinx\12.1\ise_ds\ise\bin\nt\unwrapped\isimgui.exe" = protocol=17 | dir=in | app=c:\xilinx\12.1\ise_ds\ise\bin\nt\unwrapped\isimgui.exe |
"UDP Query User{DE74B810-5C3B-4B5E-91B3-3DE5615D9066}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{E8123237-341B-47CC-BB1C-060932BAEC04}C:\program files\opnet\14.5.a\sys\pc_intel_win32\bin\modeler.exe" = protocol=17 | dir=in | app=c:\program files\opnet\14.5.a\sys\pc_intel_win32\bin\modeler.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
"{046885A1-B4AE-4459-A0D1-8C93706698D6}" =
"{05EC21B8-4593-3037-A781-A6B5AFFCB19D}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
"{068F037B-2723-48E3-85F1-4D7D93A29D2A}" = VAIO Content Metadata Intelligent Analyzing Manager
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{105CFC7C-6992-11D5-BD9D-000102C10FD8}" = Lizardtech DjVu Control
"{13C4E8F0-B747-4C7C-9090-884832F9F90A}" = Proteus 7 Professional
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{184E7118-0295-43C4-B72C-1D54AA75AAF7}" = Windows Live Mail
"{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{2018C019-30D9-4240-8C01-0865C10DCF5A}" = VAIO Presentation Support
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"{20E36B2C-C273-4686-A4F7-F617C406483A}" = Code Composer Studio v3.3
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting
"{241F2BF7-69EB-42A4-9156-96B2426C7504}" = Microsoft SQL Server Compact 3.5 for Devices ENU
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 11
"{2878C3C9-9D91-430F-8F50-885BB23DB001}" = VAIO Content Folder Watcher
"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
"{29E44E9D-ACB2-4D2D-849F-5361C941B7E1}" = ArcSoft TotalMedia 3.5
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2D4F6BE3-6FEF-4FE9-9D01-1406B220D08C}" = Windows Live Photo Gallery
"{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}" = Microsoft SQL Server Compact 3.5 Design Tools ENU
"{327B75F0-92AF-420A-988F-FA596A218E0B}" = VAIO Content Folder Watcher
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3B659FAD-E772-44A3-B7E7-560FF084669F}" = VAIO Smart Network
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{44260653-FD5A-4F8F-9C0C-654E597E9651}" = Topsis Solver 2012
"{47A2CE5C-EA1F-4F58-8A0A-9452CBA795CD}" = Click to Disc
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{52B3D4A3-6AF9-4A9E-9E90-6228408764D6}" = VAIO Edit Components
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy Media Creator 10 LJ
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic
"{5F5867F0-2D23-4338-A206-01A76C823924}" = VAIO Power Management
"{60D9F236-09FD-4A22-BBD4-4775D3EAF5FE}" = Nosa Simorgh HTTP Client For Windows Version 6.02
"{6332AFF1-9D9A-429C-AA03-F82749FA4F49}" = SonicStage Mastering Studio
"{64c5b887-b5ee-42b8-8596-78905a6b5f1f}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
"{64DBE9FE-A07D-41A0-B81A-8D416D9647FF}" = VAIO Content Folder Watcher
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{6767DFEE-8909-453A-B553-C7693912B2EB}" = Canon MF Toolbox 4.9.1.1.mf09
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6BF03C88-C06A-48DC-B9A1-FE72B24E5FA9}" = VAIO Media plus Opening Movie
"{6C9F6D23-E9AD-43C9-B43A-011562AAF876}" = Windows Mobile 5.0 SDK R2 for Pocket PC
"{6EB6A82E-4918-481F-9AF8-3129E6D29B7E}" = Sony Home Network Library
"{7010F660-F97B-4565-9BA2-F985FFFB42B1}" = VAIO Mode Switch
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{72EEB695-388B-4835-8EA6-0C04545B06B9}" = Intel® PROSet/Wireless WiFi Software
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-i Visual Effects 2
"{80C06CCD-7D07-3DB6-86CD-B57B3F0614D8}" = Microsoft Visual Studio Team System 2008 Team Suite - ENU
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{85AF94EC-55DE-452A-8FD7-C34E598B3F1F}" = Adobe Premiere Elements 7.0 Templates
"{8B056B29-E35C-4F8C-BB75-F123C1200709}" = HSPICE A-2007.09
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
"{90120000-0021-0409-0000-0000000FF1CE}_VisualWebDeveloper_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}_VISPRO_{519D9F45-CBF4-4E57-B419-11F196CCA8AE}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{9176251A-4CC1-4DDB-B343-B487195EB397}" = Windows Live Writer
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}" = Windows Mobile 5.0 SDK R2 for Smartphone
"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" =
"{991C37B9-7034-43EF-A1A9-63AA0E04BAAF}" = Xmanager Enterprise 3
"{9973498D-EA29-4A68-BE0B-C88D6E03E928}" = ArcSoft WebCam Companion 2
"{99A5569D-9F86-4f32-A227-1538B731DA42}" = Canon MF4320-4350
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.2
"{9C1C8A04-F8CA-4472-A92D-4288CE32DE86}" = SonicStage Mastering Studio Plugins
"{9D12A8B5-9D41-4465-BF11-70719EB0CD02}" = VU5x86
"{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}" = VAIO Update
"{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" = VMware Workstation
"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Function Setting
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1" = VDownloader 2.7.322
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A9D3D707-4A1A-4227-BE6E-F16448B4CB63}" = VAIO Entertainment Platform
"{AA171A69-F942-40DA-AE3A-EA91026A1CAE}" = VAIO Manual
"{AA467959-A1D6-4F45-90CD-11DC57733F32}" = Crystal Reports Basic for Visual Studio 2008
"{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris
"{AC76BA86-7AD7-1033-7B44-A90100000001}" = Adobe Reader 9.0.1
"{ADD72094-D289-4714-A62E-70574478A2BC}" = System Requirements Lab for Intel
"{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k
"{AFC0E60E-3A68-4381-B762-E5C2F0E2ABC3}" = SD CCS 3.3 Emulation Drivers
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B268E9A1-04A9-40D0-9866-846BE2B74BA7}" = Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B32E7732-B2FB-3FD0-81AC-6025B1104C66}" = Microsoft Device Emulator version 3.0 - ENU
"{B608DEB4-98BE-46C4-A750-CC10C9E0AE13}" = DXP 2004
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B7C03E84-AF46-42F4-809D-D4127D9086D0}" = VAIO Edit Components 6.5
"{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{BDD0DD35-76E9-4DDA-84B3-B9E6E7C5B4DB}" = ModelSim-Altera 6.4a (Quartus II 9.0) Starter Edition
"{BFD85D24-D4F3-4CCC-B518-D7C4FC29C76D}" = VAIO Content Metadata Intelligent Analyzing Manager
"{C1555BC5-88B1-466B-BC79-062B5715DF92}" = VAIO Content Metadata XML Interface Library
"{C62AEA0E-90B0-4049-9780-8499A18A34D7}" = VAIO Content Metadata Manager Setting
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}" = Microsoft Windows SDK for Visual Studio 2008 Tools
"{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0
"{CCF13D13-A87B-34E8-B689-1896D0C2DBA2}" = Google Talk Plugin
"{CD7E6232-D41D-4E5B-ABE1-0264B6260309}" = VAIO Content Metadata Intelligent Analyzing Manager
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Music Transfer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D03D02D8-AB64-4785-A48E-5AA8B0FB8C14}" = Sony Home Network Library
"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
"{D239B547-8B20-4BDE-888D-C9CCA823FFD8}" = WIDCOMM Bluetooth Software
"{D564B5E2-CCB5-4A5C-B35E-2FC30BBC9336}" = Adobe Premiere Elements 7.0
"{D5A145FC-D00C-4F1A-9119-EB4D9D659750}" = Windows Live Toolbar
"{D7DAD1E4-45F4-3B2B-899A-EA728167EC4F}" = Microsoft Visual Studio 2008 Professional Edition - ENU
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{DEF97A70-C67D-41E1-837C-6462C97A6F65}" = OpenMG Secure Module 5.3.00
"{DF7DB916-90E5-40F2-9010-B8125EB5FD6F}" = SonicStage Mastering Studio Audio Filter
"{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = COWON Media Center - jetAudio Basic VX
"{E3453B1B-C91B-4C48-B046-8DF635DD46F2}" = VAIO Content Metadata XML Interface Library
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster 2010
"{EADE97A7-E7AA-43FD-A042-92A68E0187A6}" = VAIO Content Metadata Manager Setting
"{EB3F5C2A-0754-38B8-8722-7B537006BF46}" = Microsoft Visual Studio 2008 Performance Collection Tools - ENU
"{EC37A846-53AC-4DA7-98FA-76A4E74AA900}" = SonicStage Mastering Studio Audio Filter Custom Preset
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2
"{EF181DC1-0ECB-4546-9772-C3C3F58E5747}" = ESET Smart Security
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" =
"{F6234880-85BE-4DCB-8A45-1FF85A1A8552}" = SmartSound Quicktracks for Premiere Elements
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Easy Media Creator Home
"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0
"AliNEGAR 1.0.3.3" = AliNEGAR 1.0.3.3
"Altium Designer 2004 Service Pack 3" = Altium Designer 2004 Service Pack 3
"Altium Designer 2004 Service Pack 3 IntLib" = Altium Designer 2004 Service Pack 3 IntLib
"Altium Designer 2004 Service Pack 4" = Altium Designer 2004 Service Pack 4
"Altium Designer 2004 Service Pack 4 IntLib" = Altium Designer 2004 Service Pack 4 IntLib
"Autorun Virus Remover_is1" = Autorun Virus Remover 2.3
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"Cambridge Advanced Learner's Dictionary" = Cambridge Advanced Learner's Dictionary
"Canon LBP5000" = Canon LBP5000
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"CodeVisionAVR C Compiler" = CodeVisionAVR C Compiler
"Cool Edit Pro 2.1" = Cool Edit Pro 2.1
"Data Access Objects (DAO) 3.5" = Data Access Objects (DAO) 3.5
"DXP2004 Service Pack 2" = DXP2004 Service Pack 2
"DXP2004 SP2 Integrated Libraries" = DXP2004 SP2 Integrated Libraries
"E79249BF35C19B6C848052C01F208F628798C193" = Windows Driver Package - LASAK UK LTD HDCS (15/8/2010 1.0.24.1)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"HDMI" = Intel® Graphics Media Accelerator Driver
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"InstallShield_{7C551361-A18D-49A9-A916-F8DFBBDCB6D9}" = Smart TV Hybrid Pro v6.14.10.389 32bit Vista
"InstallShield_{991C37B9-7034-43EF-A1A9-63AA0E04BAAF}" = Xmanager Enterprise 3
"InstallShield_{DEF97A70-C67D-41E1-837C-6462C97A6F65}" = OpenMG Secure Module 5.3.00
"InstallShield_{F6234880-85BE-4DCB-8A45-1FF85A1A8552}" = SmartSound Quicktracks for Premiere Elements
"Internet Download Manager" = Internet Download Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"MatlabR2009a" = MATLAB R2009a
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Studio 2008 Professional Edition - ENU" = Microsoft Visual Studio 2008 Professional Edition - ENU
"Microsoft Visual Studio Team System 2008 Team Suite - ENU" = Microsoft Visual Studio Team System 2008 Team Suite - ENU
"MiKTeX 2.9" = MiKTeX 2.9
"Mp3 Audio Editor" = Mp3 Audio Editor
"MsJavaVM" = Microsoft VM for Java
"MuVo Driver" = Creative Mass Storage Drivers
"Notepad++" = Notepad++
"PremElem70" = Adobe Premiere Elements 7.0
"PremElem70Templates" = Adobe Premiere Elements 7.0 Templates
"ProInst" = Intel PROSet Wireless
"Rainbow Sentinel Driver" = Sentinel System Driver
"Recover My Files_is1" = Recover My Files
"Serviio" = Serviio
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Texmaker" = Texmaker
"The KMPlayer" = The KMPlayer (remove only)
"Unlocker" = Unlocker 1.9.1
"uTorrent" = µTorrent
"VISPRO" = Microsoft Office Visio Professional 2007
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"VLC media player" = VLC media player 2.0.3
"VMware_Workstation" = VMware Workstation
"WebFreer" = Web Freer
"WebPost" = Microsoft Web Publishing Wizard 1.53
"Windows Live Toolbar" = Windows Live Toolbar
"WinRAR archiver" = WinRAR archiver
"Xilisoft Video Converter Ultimate" = Xilisoft Video Converter Ultimate
"XingMPEG Encoder" = XingMPEG Encoder
"XingMPEG Player" = XingMPEG Player
"Yahoo! Messenger" = Yahoo! Messenger
========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ========== [ Application Events ]
Error - 6/22/2011 9:30:26 AM | Computer Name = mahnaz-PC | Source = Application Error | ID = 1000
Description = Faulting application cc_app.exe, version 5.98.0.219, time stamp 0x457d056a,
faulting module ntdll.dll, version 6.0.6001.22777, time stamp 0x4cb72ffe, exception
code 0xc0000005, fault offset 0x0003cdca, process id 0x140, application start time
0x01cc30baf5fb9650.
Error - 6/22/2011 3:54:43 PM | Computer Name = mahnaz-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 7.0.6001.18639 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1c70 Start Time: 01cc31152c55cae0 Termination Time: 15
Error - 6/24/2011 12:18:06 AM | Computer Name = mahnaz-PC | Source = Application Error | ID = 1000
Description = Faulting application ACService.exe, version 1.1.0.47, time stamp 0x4ba1976d,
faulting module ACService.exe, version 1.1.0.47, time stamp 0x4ba1976d, exception
code 0xc0000005, fault offset 0x00007aea, process id 0x904, application start time
0x01cc3225b7985548.
Error - 6/24/2011 12:20:21 AM | Computer Name = mahnaz-PC | Source = WinMgmt | ID = 10
Description =
Error - 6/24/2011 12:20:27 AM | Computer Name = mahnaz-PC | Source = VzCdbSvc | ID = 7
Description = Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error
code = 0x80042019)
Error - 6/24/2011 1:27:48 AM | Computer Name = mahnaz-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 6/24/2011 1:27:48 AM | Computer Name = mahnaz-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 6/24/2011 9:54:56 AM | Computer Name = mahnaz-PC | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.0.6001.18164 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 68c Start Time: 01cc3225b61b7948 Termination Time: 59
Error - 6/24/2011 10:00:39 AM | Computer Name = mahnaz-PC | Source = Windows Search Service | ID = 3013
Description =
Error - 6/25/2011 4:26:32 AM | Computer Name = mahnaz-PC | Source = Application Error | ID = 1000
Description = Faulting application ACService.exe, version 1.1.0.47, time stamp 0x4ba1976d,
faulting module ACService.exe, version 1.1.0.47, time stamp 0x4ba1976d, exception
code 0xc0000005, fault offset 0x00007aea, process id 0x4bc, application start time
0x01cc331196bc60c0.
[ OSession Events ]
Error - 10/26/2009 4:26:52 PM | Computer Name = mahnaz-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6215.1000. This session
lasted 58 seconds with 0 seconds of active time. This session ended with a crash.
Error - 5/24/2010 2:54:25 PM | Computer Name = mahnaz-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 18866
seconds with 7320 seconds of active time. This session ended with a crash.
Error - 12/28/2010 3:56:12 PM | Computer Name = mahnaz-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2408
seconds with 480 seconds of active time. This session ended with a crash.
Error - 2/19/2011 10:17:46 AM | Computer Name = mahnaz-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 10, Application Name: Microsoft Office Visio, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.
Error - 8/23/2012 4:05:34 PM | Computer Name = mahnaz-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 11 seconds with 0 seconds of active time. This session ended with a crash.
Error encountered while reading event logs.
< End of report >
***********************************************************************************************************
FSS report :Farbar Service Scanner Version: 14-04-2013
Ran by mahnaz (administrator) on 28-04-2013 at 21:33:15
Running from "C:\Users\mahnaz\Desktop"
Windows Vista Home Premium Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Attempt to access Yahoo IP returned error. Yahoo IP is offline
Attempt to access Yahoo.com returned error: Yahoo.com is offline
Windows Firewall:
=============
Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
System Restore:
============
System Restore Disabled Policy:
========================
Security Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
Other Services:
==============
File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys
[2011-06-18 22:11] - [2011-04-21 17:46] - 0273408 ____A (Microsoft Corporation) 48EB99503533C27AC6135648E5474457
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2010-08-30 15:16] - [2010-06-16 20:29] - 0898952 ____A (Microsoft Corporation) 782568AB6A43160A159B6215B70BCCE9
C:\Windows\system32\dnsrslvr.dll
[2011-04-13 20:31] - [2011-03-02 19:19] - 0086528 ____A (Microsoft Corporation) 4805D9A6D281C7A7DEFD9094DEC6AF7D
C:\Windows\system32\mpssvc.dll
[2008-01-21 06:54] - [2008-01-21 06:54] - 0393216 ____A (Microsoft Corporation) D1639BA315B0D79DEC49A4B0E1FB929B
C:\Windows\system32\bfe.dll
[2008-01-21 06:53] - [2008-01-21 06:53] - 0328704 ____A (Microsoft Corporation) 8582E233C346AEFE759833E8A30DD697
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe
[2008-01-21 06:53] - [2008-01-21 06:53] - 1054720 ____A (Microsoft Corporation) D5FB73D19C46ADE183F968E13F186B23
C:\Windows\system32\wscsvc.dll
[2008-01-21 06:53] - [2008-01-21 06:53] - 0061440 ____A (Microsoft Corporation) 683DD16B590372F2C9661D277F35E49C
C:\Windows\system32\wbem\WMIsvc.dll
[2008-01-21 06:54] - [2008-01-21 06:54] - 0161792 ____A (Microsoft Corporation) 00B79A7C984678F24CF052E5BEB3A2F5
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll
[2008-01-21 06:55] - [2008-01-21 06:55] - 0758272 ____A (Microsoft Corporation) 02ED7B4DBC2A3232A389106DA7515C3D
C:\Windows\system32\es.dll
[2009-04-07 22:56] - [2008-04-18 10:18] - 0269312 ____A (Microsoft Corporation) 3CB3343D720168B575133A0A20DC2465
C:\Windows\system32\cryptsvc.dll
[2008-01-21 06:54] - [2008-01-21 06:54] - 0128000 ____A (Microsoft Corporation) 6DE363F9F99334514C46AEC02D3E3678
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll
[2010-07-16 23:22] - [2010-02-18 18:41] - 0190464 ____A (Microsoft Corporation) 6A35D233693EDC29A12742049BC5E37F
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll
[2009-10-23 00:54] - [2009-03-03 09:09] - 0551424 ____A (Microsoft Corporation) 301AE00E12408650BADDC04DBC832830
**** End of log ****
********************************************************************************************************
please let me know what is my pc problem ?