View Full Version : Limited windows functionality
swordstone
2011-04-11, 18:36
I installed Avira free edition last night and today when I started my notebook a popup appeared saying that windows had detected some changes and will have limited functionality, and another one after that saying I won't receive notifications in windows or something to that effect (I don't remember exactly) and both gave me the option to "close" or "go online for help"
When I clicked go online chrome opened and nothing happened
When I clicked close I kept returning to the user logon screen
Eventually I clicked restart from the user logon screen and the system started as normal.
However, as soon as I got to the home screen spybot detected a system registry value that had been delete {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} and the "deny change" option is grayed out. It had also detected several registry changes last night but I allowed them thinking it was Avira.
I haven't shut down the system since then in case the problem reoccurs, so I haven't disabled the tea timer and restarted as yet. I have no clue what's going on with the system registry, could someone please help?
DDS
.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by Mohammad at 13:30:39.36 on Mon 04/11/2011
Internet Explorer: 8.0.6001.18928 BrowserJavaVersion: 1.6.0_17
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2938.1094 [GMT 5:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Norton Internet Security *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Windows\system32\taskeng.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Users\Mohammad\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
C:\Program Files (x86)\CodePlex\XPS2OneNote\XPS2OneNote.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\Sony Corporation\SmartWi Connection Utility\CCP.exe
C:\Windows\system32\dgdersvc.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Sony Corporation\SmartWi Connection Utility\PowerManager.exe
C:\Program Files\Sony Corporation\SmartWi Connection Utility\ThirdPartyAppMgr.exe
C:\Program Files\Sony Corporation\SmartWi Connection Utility\UIManager.exe
C:\Program Files\Sony\VAIO Care\VCsystray.exe
C:\Program Files\Sony\VAIO Care\collsvc.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESGfxMgr.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\DRIVERS\xaudio64.exe
C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Mohammad\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Mohammad\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
uInternet Settings,ProxyOverride = local;*.local
uInternet Settings,ProxyServer = proxy.lums.edu.pk:80
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
uURLSearchHooks: Hotspot Shield Toolbar: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\tbHots.dll
mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
mURLSearchHooks: Hotspot Shield Toolbar: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\tbHots.dll
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\IPSBHO.DLL
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
BHO: Hotspot Shield Toolbar: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\tbHots.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
TB: Hotspot Shield Toolbar: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\tbHots.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [ISUSPM] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [Google Update] "C:\Users\Mohammad\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\/\KiesTrayAgent.exe
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [SmartWiHelper] "C:\Program Files\Sony Corporation\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
mRun: [RegistrationReminder] "C:\Program Files\Sony\First Experience\OOBEFcdRegistration.exe"
mRun: [VAIORegistration] "C:\Program Files\Sony\First Experience\WelcomeLauncher.exe"
mRun: [VAIOSurvey] "C:\Program Files (x86)\Sony\VAIO Survey\VAIO Sat Survey.exe"
mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
mRunOnce: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent
StartupFolder: C:\Users\Mohammad\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\Users\Mohammad\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\Users\Mohammad\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\XPS2ON~1.LNK - C:\Users\Mohammad\AppData\Roaming\Microsoft\Installer\{6DD7A9DA-6732-47D2-8362-6A12BD0EA053}\_FBB2488C0F33C1DFE6AC1F.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
Trusted Zone: intuit.com\community
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} - hxxp://esupport.sony.com/VaioInfo.CAB
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll
Notify: VESWinlogon - VESWinlogon.dll
BHO-X64: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg64.dll
BHO-X64: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\hssie\HssIE_64.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
TB-X64: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
TB-X64: {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File
TB-X64: {C95A4E8E-816D-4655-8C79-D736DA1ADB6D} - No File
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
mRun-x64: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
mRun-x64: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [IgfxTray] C:\Windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Mohammad\AppData\Roaming\Mozilla\Firefox\Profiles\wzzo97kb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1572363&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT1572363&SearchSource=13
FF - component: C:\Users\Mohammad\AppData\Roaming\Mozilla\Firefox\Profiles\wzzo97kb.default\extensions\zoteroWinWordIntegration@zotero.org\components\zoteroWinWordIntegration.dll
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Mohammad\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Users\Mohammad\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Mohammad\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Orthodox: {6d677280-ddfe-11dc-95ff-0800200c9a66} - %profile%\extensions\{6d677280-ddfe-11dc-95ff-0800200c9a66}
FF - Ext: Metal3D: {48e23fba-bb14-4745-b768-382150cd83fb} - %profile%\extensions\{48e23fba-bb14-4745-b768-382150cd83fb}
FF - Ext: Zotero: zotero@chnm.gmu.edu - %profile%\extensions\zotero@chnm.gmu.edu
FF - Ext: Zotero WinWord Integration: zoteroWinWordIntegration@zotero.org - %profile%\extensions\zoteroWinWordIntegration@zotero.org
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-6-8 55856]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1008000.029\SymEFA64.sys [2010-1-28 402992]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-4-10 505176]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2010-1-1 280408]
R1 BHDrvx64;Symantec Heuristics Driver;C:\Windows\System32\drivers\NISx64\1008000.029\BHDrvx64.sys [2010-1-28 334384]
R1 ccHP;Symantec Hash Provider;C:\Windows\System32\drivers\NISx64\1008000.029\cchpx64.sys [2010-1-28 583296]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091111.001\IDSviA64.sys [2009-11-13 466992]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2010-1-1 22360]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2010-1-1 64344]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-4-10 42184]
R2 dgdersvc;Device Error Recovery Service;C:\Windows\System32\dgdersvc.exe [2009-12-22 117584]
R2 Norton Internet Security;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe [2010-1-28 117640]
R2 SampleCollector;Intel(R) Sample Collector;C:\Program Files\Sony\VAIO Care\collsvc.exe [2009-6-8 167424]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-1-2 1153368]
R2 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-6-8 120104]
R2 SOHDBSvr;VAIO Media plus Database Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-6-8 70952]
R2 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-6-8 390440]
R2 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-6-8 75048]
R2 SOHPlMgr;VAIO Media plus Playlist Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-6-8 91432]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\System32\drivers\ArcSoftKsUFilter.sys [2009-6-8 19968]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2009-4-10 300032]
R3 dgderdrv;dgderdrv;C:\Windows\System32\drivers\dgderdrv.sys [2009-12-22 20568]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-10-16 132656]
R3 seehcri;Sony Ericsson seehcri Device Driver;C:\Windows\System32\drivers\seehcri.sys [2010-1-19 34032]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2009-4-10 11392]
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk60x64.sys [2009-4-10 391680]
S2 gupdate1c9e81a239f2659;Google Update Service (gupdate1c9e81a239f2659);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-6-8 133104]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-10-16 93184]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-21 19968]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);C:\Windows\System32\drivers\s0016bus.sys [2010-1-19 115240]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;C:\Windows\System32\drivers\s0016mdfl.sys [2010-1-19 19496]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;C:\Windows\System32\drivers\s0016mdm.sys [2010-1-19 158760]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);C:\Windows\System32\drivers\s0016mgmt.sys [2010-1-19 137256]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);C:\Windows\System32\drivers\s0016nd5.sys [2010-1-19 34344]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;C:\Windows\System32\drivers\s0016obex.sys [2010-1-19 136744]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);C:\Windows\System32\drivers\s0016unic.sys [2010-1-19 151592]
S3 TFsExDisk;TFsExDisk;C:\Windows\System32\drivers\TFsExDisk.sys [2010-11-6 16448]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-9-28 51712]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2011-04-11 07:50:42 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-04-10 09:22:12 505176 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2011-04-10 09:21:08 40648 ----a-w- C:\Windows\avastSS.scr
2011-04-10 09:20:43 -------- d-----w- C:\Program Files\AVAST Software
2011-04-10 09:19:43 -------- d-----w- C:\PROGRA~3\AVAST Software
2011-04-01 22:39:33 -------- d-----w- C:\Users\Mohammad\AppData\Roaming\.Get Organized
2011-04-01 22:39:12 -------- d-----w- C:\Program Files (x86)\Get Organized
2011-03-13 18:30:11 -------- d-----w- C:\Program Files (x86)\Sandlot Games
2011-03-13 14:22:50 -------- d-----w- C:\Program Files (x86)\Shockwave.com
2011-03-13 14:02:25 -------- d-----w- C:\PROGRA~3\Sandlot Games
.
==================== Find3M ====================
.
2011-02-23 14:55:05 64344 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
.
============= FINISH: 13:35:53.41 ===============
[B]Spybot Scan Results
Zango: [SBI $689E03A0] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{618AAD04-921F-44C2-BE38-C0818AF69861}
Zango: [SBI $689E03A0] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{618AAD04-921F-44C2-BE38-C0818AF69861}
Zango: [SBI $411F0828] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{B5D2ED96-62F9-4C2C-956D-E425B1F67337}
Zango: [SBI $411F0828] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{B5D2ED96-62F9-4C2C-956D-E425B1F67337}
Zango: [SBI $9432A0E4] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{D3A412E8-1E4B-47D2-9B12-F88291F5AFBB}
Zango: [SBI $9432A0E4] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{D3A412E8-1E4B-47D2-9B12-F88291F5AFBB}
MediaPlex: Tracking cookie (Internet Explorer: Mohammad) (Cookie, nothing done)
AdBrite: Tracking cookie (Internet Explorer: Mohammad) (Cookie, nothing done)
DoubleClick: Tracking cookie (Internet Explorer: Mohammad) (Cookie, nothing done)
Right Media: Tracking cookie (Internet Explorer: Mohammad) (Cookie, nothing done)
MediaPlex: Tracking cookie (Internet Explorer: Mohammad) (Cookie, nothing done)
DoubleClick: Tracking cookie (Firefox: Mohammad (default)) (Cookie, nothing done)
Statcounter: Tracking cookie (Firefox: Mohammad (default)) (Cookie, nothing done)
MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
AdBrite: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
DoubleClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
Zedo: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
BurstMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
FastClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
FastClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
HitBox: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
HitBox: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
HitBox: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
Adviva: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
Adviva: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
WebTrends live: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
AdBrite: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
Tradedoubler: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
Tradedoubler: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
Zedo: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
Win32.PornPopUp: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
Tradedoubler: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
Tradedoubler: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
Tradedoubler: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
FastClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
AdBrite: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
AdBrite: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
FastClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
FastClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
DoubleClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
LinkSynergy: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
DoubleClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
DoubleClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
DoubleClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
BurstMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
Zedo: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
Zedo: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
Zedo: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
DoubleClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
AdBrite: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
AdBrite: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
AdBrite: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
BurstMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
BurstMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
FastClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
FastClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
Statcounter: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
Statcounter: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-01-26 TeaTimer.exe (1.6.4.26)
2011-01-02 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-01-26 advcheck.dll (1.6.2.15)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2010-10-05 Includes\Adware.sbi (*)
2010-11-30 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2010-12-14 Includes\DialerC.sbi (*)
2010-01-25 Includes\HeavyDuty.sbi (*)
2010-11-30 Includes\Hijackers.sbi (*)
2010-11-30 Includes\HijackersC.sbi (*)
2010-06-02 Includes\iPhone.sbi (*)
2010-12-14 Includes\Keyloggers.sbi (*)
2010-12-14 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2010-12-14 Includes\Malware.sbi (*)
2010-12-28 Includes\MalwareC.sbi (*)
2010-05-18 Includes\PUPS.sbi (*)
2010-12-14 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2010-12-14 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2010-12-28 Includes\Spyware.sbi (*)
2010-12-28 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2010-12-28 Includes\Trojans.sbi (*)
2010-12-17 Includes\TrojansC-02.sbi (*)
2010-12-16 Includes\TrojansC-03.sbi (*)
2010-12-16 Includes\TrojansC-04.sbi (*)
2010-12-28 Includes\TrojansC-05.sbi (*)
2010-12-28 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
swordstone
2011-04-11, 18:42
I installed Avast antivirus free edition last night and today when I started my notebook a popup appeared saying that windows had detected some changes and will have limited functionality, and another one after that saying I won't receive notifications in windows or something to that effect (I don't remember exactly) and both gave me the option to "close" or "go online for help"
When I clicked go online chrome opened and nothing happened
When I clicked close I kept returning to the user logon screen
Eventually I clicked restart from the user logon screen and the system started as normal.
However, as soon as I got to the home screen spybot detected a system registry value that had been delete {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} and the "deny change" option is grayed out. It had also detected several registry changes last night but I allowed them thinking it was Avast.
I haven't shut down the system since then in case the problem reoccurs, so I haven't disabled the tea timer and restarted as yet. I have no clue what's going on with the system registry, could someone please help?
DDS
.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by Mohammad at 13:30:39.36 on Mon 04/11/2011
Internet Explorer: 8.0.6001.18928 BrowserJavaVersion: 1.6.0_17
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2938.1094 [GMT 5:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Norton Internet Security *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Windows\system32\taskeng.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Users\Mohammad\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
C:\Program Files (x86)\CodePlex\XPS2OneNote\XPS2OneNote.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\Sony Corporation\SmartWi Connection Utility\CCP.exe
C:\Windows\system32\dgdersvc.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Sony Corporation\SmartWi Connection Utility\PowerManager.exe
C:\Program Files\Sony Corporation\SmartWi Connection Utility\ThirdPartyAppMgr.exe
C:\Program Files\Sony Corporation\SmartWi Connection Utility\UIManager.exe
C:\Program Files\Sony\VAIO Care\VCsystray.exe
C:\Program Files\Sony\VAIO Care\collsvc.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESGfxMgr.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\DRIVERS\xaudio64.exe
C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Mohammad\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Mohammad\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
uInternet Settings,ProxyOverride = local;*.local
uInternet Settings,ProxyServer = proxy.lums.edu.pk:80
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
uURLSearchHooks: Hotspot Shield Toolbar: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\tbHots.dll
mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
mURLSearchHooks: Hotspot Shield Toolbar: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\tbHots.dll
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\IPSBHO.DLL
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
BHO: Hotspot Shield Toolbar: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\tbHots.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
TB: Hotspot Shield Toolbar: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\tbHots.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [ISUSPM] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [Google Update] "C:\Users\Mohammad\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\/\KiesTrayAgent.exe
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [SmartWiHelper] "C:\Program Files\Sony Corporation\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
mRun: [RegistrationReminder] "C:\Program Files\Sony\First Experience\OOBEFcdRegistration.exe"
mRun: [VAIORegistration] "C:\Program Files\Sony\First Experience\WelcomeLauncher.exe"
mRun: [VAIOSurvey] "C:\Program Files (x86)\Sony\VAIO Survey\VAIO Sat Survey.exe"
mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
mRunOnce: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent
StartupFolder: C:\Users\Mohammad\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\Users\Mohammad\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\Users\Mohammad\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\XPS2ON~1.LNK - C:\Users\Mohammad\AppData\Roaming\Microsoft\Installer\{6DD7A9DA-6732-47D2-8362-6A12BD0EA053}\_FBB2488C0F33C1DFE6AC1F.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
Trusted Zone: intuit.com\community
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} - hxxp://esupport.sony.com/VaioInfo.CAB
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll
Notify: VESWinlogon - VESWinlogon.dll
BHO-X64: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg64.dll
BHO-X64: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\hssie\HssIE_64.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
TB-X64: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
TB-X64: {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File
TB-X64: {C95A4E8E-816D-4655-8C79-D736DA1ADB6D} - No File
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
mRun-x64: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
mRun-x64: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [IgfxTray] C:\Windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Mohammad\AppData\Roaming\Mozilla\Firefox\Profiles\wzzo97kb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1572363&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT1572363&SearchSource=13
FF - component: C:\Users\Mohammad\AppData\Roaming\Mozilla\Firefox\Profiles\wzzo97kb.default\extensions\zoteroWinWordIntegration@zotero.org\components\zoteroWinWordIntegration.dll
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Mohammad\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Users\Mohammad\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Mohammad\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Orthodox: {6d677280-ddfe-11dc-95ff-0800200c9a66} - %profile%\extensions\{6d677280-ddfe-11dc-95ff-0800200c9a66}
FF - Ext: Metal3D: {48e23fba-bb14-4745-b768-382150cd83fb} - %profile%\extensions\{48e23fba-bb14-4745-b768-382150cd83fb}
FF - Ext: Zotero: zotero@chnm.gmu.edu - %profile%\extensions\zotero@chnm.gmu.edu
FF - Ext: Zotero WinWord Integration: zoteroWinWordIntegration@zotero.org - %profile%\extensions\zoteroWinWordIntegration@zotero.org
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-6-8 55856]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1008000.029\SymEFA64.sys [2010-1-28 402992]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-4-10 505176]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2010-1-1 280408]
R1 BHDrvx64;Symantec Heuristics Driver;C:\Windows\System32\drivers\NISx64\1008000.029\BHDrvx64.sys [2010-1-28 334384]
R1 ccHP;Symantec Hash Provider;C:\Windows\System32\drivers\NISx64\1008000.029\cchpx64.sys [2010-1-28 583296]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091111.001\IDSviA64.sys [2009-11-13 466992]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2010-1-1 22360]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2010-1-1 64344]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-4-10 42184]
R2 dgdersvc;Device Error Recovery Service;C:\Windows\System32\dgdersvc.exe [2009-12-22 117584]
R2 Norton Internet Security;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe [2010-1-28 117640]
R2 SampleCollector;Intel(R) Sample Collector;C:\Program Files\Sony\VAIO Care\collsvc.exe [2009-6-8 167424]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-1-2 1153368]
R2 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-6-8 120104]
R2 SOHDBSvr;VAIO Media plus Database Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-6-8 70952]
R2 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-6-8 390440]
R2 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-6-8 75048]
R2 SOHPlMgr;VAIO Media plus Playlist Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-6-8 91432]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\System32\drivers\ArcSoftKsUFilter.sys [2009-6-8 19968]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2009-4-10 300032]
R3 dgderdrv;dgderdrv;C:\Windows\System32\drivers\dgderdrv.sys [2009-12-22 20568]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-10-16 132656]
R3 seehcri;Sony Ericsson seehcri Device Driver;C:\Windows\System32\drivers\seehcri.sys [2010-1-19 34032]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2009-4-10 11392]
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk60x64.sys [2009-4-10 391680]
S2 gupdate1c9e81a239f2659;Google Update Service (gupdate1c9e81a239f2659);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-6-8 133104]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-10-16 93184]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-21 19968]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);C:\Windows\System32\drivers\s0016bus.sys [2010-1-19 115240]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;C:\Windows\System32\drivers\s0016mdfl.sys [2010-1-19 19496]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;C:\Windows\System32\drivers\s0016mdm.sys [2010-1-19 158760]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);C:\Windows\System32\drivers\s0016mgmt.sys [2010-1-19 137256]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);C:\Windows\System32\drivers\s0016nd5.sys [2010-1-19 34344]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;C:\Windows\System32\drivers\s0016obex.sys [2010-1-19 136744]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);C:\Windows\System32\drivers\s0016unic.sys [2010-1-19 151592]
S3 TFsExDisk;TFsExDisk;C:\Windows\System32\drivers\TFsExDisk.sys [2010-11-6 16448]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-9-28 51712]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2011-04-11 07:50:42 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-04-10 09:22:12 505176 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2011-04-10 09:21:08 40648 ----a-w- C:\Windows\avastSS.scr
2011-04-10 09:20:43 -------- d-----w- C:\Program Files\AVAST Software
2011-04-10 09:19:43 -------- d-----w- C:\PROGRA~3\AVAST Software
2011-04-01 22:39:33 -------- d-----w- C:\Users\Mohammad\AppData\Roaming\.Get Organized
2011-04-01 22:39:12 -------- d-----w- C:\Program Files (x86)\Get Organized
2011-03-13 18:30:11 -------- d-----w- C:\Program Files (x86)\Sandlot Games
2011-03-13 14:22:50 -------- d-----w- C:\Program Files (x86)\Shockwave.com
2011-03-13 14:02:25 -------- d-----w- C:\PROGRA~3\Sandlot Games
.
==================== Find3M ====================
.
2011-02-23 14:55:05 64344 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
.
============= FINISH: 13:35:53.41 ===============
[B]Spybot Scan Results
Zango: [SBI $689E03A0] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{618AAD04-921F-44C2-BE38-C0818AF69861}
Zango: [SBI $689E03A0] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{618AAD04-921F-44C2-BE38-C0818AF69861}
Zango: [SBI $411F0828] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{B5D2ED96-62F9-4C2C-956D-E425B1F67337}
Zango: [SBI $411F0828] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{B5D2ED96-62F9-4C2C-956D-E425B1F67337}
Zango: [SBI $9432A0E4] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{D3A412E8-1E4B-47D2-9B12-F88291F5AFBB}
Zango: [SBI $9432A0E4] Interface (Registry key, nothing done)
HKEY_CLASSES_ROOT\Interface\{D3A412E8-1E4B-47D2-9B12-F88291F5AFBB}
MediaPlex: Tracking cookie (Internet Explorer: Mohammad) (Cookie, nothing done)
AdBrite: Tracking cookie (Internet Explorer: Mohammad) (Cookie, nothing done)
DoubleClick: Tracking cookie (Internet Explorer: Mohammad) (Cookie, nothing done)
Right Media: Tracking cookie (Internet Explorer: Mohammad) (Cookie, nothing done)
MediaPlex: Tracking cookie (Internet Explorer: Mohammad) (Cookie, nothing done)
DoubleClick: Tracking cookie (Firefox: Mohammad (default)) (Cookie, nothing done)
Statcounter: Tracking cookie (Firefox: Mohammad (default)) (Cookie, nothing done)
MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
AdBrite: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
DoubleClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
Zedo: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
BurstMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
FastClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
FastClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
HitBox: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
HitBox: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
HitBox: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
Adviva: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
Adviva: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
WebTrends live: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
AdBrite: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
Tradedoubler: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
Tradedoubler: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
Zedo: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
Win32.PornPopUp: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
Tradedoubler: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
Tradedoubler: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
Tradedoubler: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
FastClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
AdBrite: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
AdBrite: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
FastClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
FastClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
DoubleClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
MediaPlex: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
LinkSynergy: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
DoubleClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
DoubleClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
DoubleClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
BurstMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
Zedo: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
Zedo: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
Zedo: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
DoubleClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
AdBrite: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
AdBrite: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
AdBrite: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
BurstMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
BurstMedia: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
FastClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
FastClick: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
Statcounter: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
Statcounter: Tracking cookie (Chrome: Chrome) (Cookie, nothing done)
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-01-26 TeaTimer.exe (1.6.4.26)
2011-01-02 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-01-26 advcheck.dll (1.6.2.15)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2010-10-05 Includes\Adware.sbi (*)
2010-11-30 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2010-12-14 Includes\DialerC.sbi (*)
2010-01-25 Includes\HeavyDuty.sbi (*)
2010-11-30 Includes\Hijackers.sbi (*)
2010-11-30 Includes\HijackersC.sbi (*)
2010-06-02 Includes\iPhone.sbi (*)
2010-12-14 Includes\Keyloggers.sbi (*)
2010-12-14 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2010-12-14 Includes\Malware.sbi (*)
2010-12-28 Includes\MalwareC.sbi (*)
2010-05-18 Includes\PUPS.sbi (*)
2010-12-14 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2010-12-14 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2010-12-28 Includes\Spyware.sbi (*)
2010-12-28 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2010-12-28 Includes\Trojans.sbi (*)
2010-12-17 Includes\TrojansC-02.sbi (*)
2010-12-16 Includes\TrojansC-03.sbi (*)
2010-12-16 Includes\TrojansC-04.sbi (*)
2010-12-28 Includes\TrojansC-05.sbi (*)
2010-12-28 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
:snwelcome:
Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.
Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.
Please do not start any new topics, just reply to this thread using the SUBMIT REPLY.
You have two Antivirus programs running, Symantec and Avast, you cant have two, more than one is over kill and will cause all sorts of problems , your call but you need to remove one via Programs and Features in the Control Panel and then post a new DDS log
swordstone
2011-04-13, 11:51
Thanks for the reply
I uninstalled Norton
Here's the new DDS log..
.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by Mohammad at 14:36:25.99 on Wed 04/13/2011
Internet Explorer: 8.0.6001.18928 BrowserJavaVersion: 1.6.0_17
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2938.875 [GMT 5:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Windows\system32\taskeng.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
C:\Program Files (x86)\CodePlex\XPS2OneNote\XPS2OneNote.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\Sony Corporation\SmartWi Connection Utility\CCP.exe
C:\Windows\system32\dgdersvc.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Sony Corporation\SmartWi Connection Utility\PowerManager.exe
C:\Program Files\Sony Corporation\SmartWi Connection Utility\ThirdPartyAppMgr.exe
C:\Program Files\Sony Corporation\SmartWi Connection Utility\UIManager.exe
C:\Program Files\Sony\VAIO Care\VCsystray.exe
C:\Program Files\Sony\VAIO Care\collsvc.exe
C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESGfxMgr.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\DRIVERS\xaudio64.exe
C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Sony Corporation\SmartWi Connection Utility\SmartWi.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Mohammad\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\Magic-i Visual Effects.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Mohammad\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
uInternet Settings,ProxyOverride = local;*.local
uInternet Settings,ProxyServer = proxy.lums.edu.pk:80
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
uURLSearchHooks: Hotspot Shield Toolbar: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\tbHots.dll
mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
mURLSearchHooks: Hotspot Shield Toolbar: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\tbHots.dll
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
BHO: Hotspot Shield Toolbar: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\tbHots.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll
TB: Hotspot Shield Toolbar: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\tbHots.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [ISUSPM] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [Google Update] "C:\Users\Mohammad\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\/\KiesTrayAgent.exe
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [SmartWiHelper] "C:\Program Files\Sony Corporation\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
mRun: [RegistrationReminder] "C:\Program Files\Sony\First Experience\OOBEFcdRegistration.exe"
mRun: [VAIORegistration] "C:\Program Files\Sony\First Experience\WelcomeLauncher.exe"
mRun: [VAIOSurvey] "C:\Program Files (x86)\Sony\VAIO Survey\VAIO Sat Survey.exe"
mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [BlackBerryAutoUpdate] C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
mRunOnce: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent
StartupFolder: C:\Users\Mohammad\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
StartupFolder: C:\Users\Mohammad\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\Users\Mohammad\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\XPS2ON~1.LNK - C:\Users\Mohammad\AppData\Roaming\Microsoft\Installer\{6DD7A9DA-6732-47D2-8362-6A12BD0EA053}\_FBB2488C0F33C1DFE6AC1F.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
Trusted Zone: intuit.com\community
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} - hxxp://esupport.sony.com/VaioInfo.CAB
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Notify: VESWinlogon - VESWinlogon.dll
BHO-X64: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg64.dll
BHO-X64: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\hssie\HssIE_64.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
TB-X64: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
TB-X64: {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File
TB-X64: {C95A4E8E-816D-4655-8C79-D736DA1ADB6D} - No File
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
mRun-x64: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
mRun-x64: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [IgfxTray] C:\Windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Mohammad\AppData\Roaming\Mozilla\Firefox\Profiles\wzzo97kb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1572363&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT1572363&SearchSource=13
FF - component: C:\Users\Mohammad\AppData\Roaming\Mozilla\Firefox\Profiles\wzzo97kb.default\extensions\zoteroWinWordIntegration@zotero.org\components\zoteroWinWordIntegration.dll
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Mohammad\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Users\Mohammad\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Mohammad\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Orthodox: {6d677280-ddfe-11dc-95ff-0800200c9a66} - %profile%\extensions\{6d677280-ddfe-11dc-95ff-0800200c9a66}
FF - Ext: Metal3D: {48e23fba-bb14-4745-b768-382150cd83fb} - %profile%\extensions\{48e23fba-bb14-4745-b768-382150cd83fb}
FF - Ext: Zotero: zotero@chnm.gmu.edu - %profile%\extensions\zotero@chnm.gmu.edu
FF - Ext: Zotero WinWord Integration: zoteroWinWordIntegration@zotero.org - %profile%\extensions\zoteroWinWordIntegration@zotero.org
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2009-6-8 55856]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-4-10 505176]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2010-1-1 280408]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2010-1-1 22360]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2010-1-1 64344]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-4-10 42184]
R2 dgdersvc;Device Error Recovery Service;C:\Windows\System32\dgdersvc.exe [2009-12-22 117584]
R2 SampleCollector;Intel(R) Sample Collector;C:\Program Files\Sony\VAIO Care\collsvc.exe [2009-6-8 167424]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-1-2 1153368]
R2 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-6-8 120104]
R2 SOHDBSvr;VAIO Media plus Database Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-6-8 70952]
R2 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-6-8 390440]
R2 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-6-8 75048]
R2 SOHPlMgr;VAIO Media plus Playlist Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-6-8 91432]
R2 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2009-4-10 411496]
R2 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-1-15 5184872]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\System32\drivers\ArcSoftKsUFilter.sys [2009-6-8 19968]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2009-4-10 300032]
R3 dgderdrv;dgderdrv;C:\Windows\System32\drivers\dgderdrv.sys [2009-12-22 20568]
R3 seehcri;Sony Ericsson seehcri Device Driver;C:\Windows\System32\drivers\seehcri.sys [2010-1-19 34032]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2009-4-10 11392]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-6-8 394536]
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk60x64.sys [2009-4-10 391680]
RUnknown EraserUtilRebootDrv;EraserUtilRebootDrv; [x]
S2 gupdate1c9e81a239f2659;Google Update Service (gupdate1c9e81a239f2659);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-6-8 133104]
S2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2009-6-8 104960]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-10-16 93184]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-21 19968]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);C:\Windows\System32\drivers\s0016bus.sys [2010-1-19 115240]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;C:\Windows\System32\drivers\s0016mdfl.sys [2010-1-19 19496]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;C:\Windows\System32\drivers\s0016mdm.sys [2010-1-19 158760]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);C:\Windows\System32\drivers\s0016mgmt.sys [2010-1-19 137256]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);C:\Windows\System32\drivers\s0016nd5.sys [2010-1-19 34344]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;C:\Windows\System32\drivers\s0016obex.sys [2010-1-19 136744]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);C:\Windows\System32\drivers\s0016unic.sys [2010-1-19 151592]
S3 TFsExDisk;TFsExDisk;C:\Windows\System32\drivers\TFsExDisk.sys [2010-11-6 16448]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-9-28 51712]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2009-6-8 110376]
SUnknown SYMNDISV;SYMNDISV; [x]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2011-04-11 07:50:42 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-04-10 09:22:12 505176 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2011-04-10 09:21:08 40648 ----a-w- C:\Windows\avastSS.scr
2011-04-10 09:20:43 -------- d-----w- C:\Program Files\AVAST Software
2011-04-10 09:19:43 -------- d-----w- C:\PROGRA~3\AVAST Software
2011-04-01 22:39:33 -------- d-----w- C:\Users\Mohammad\AppData\Roaming\.Get Organized
2011-04-01 22:39:12 -------- d-----w- C:\Program Files (x86)\Get Organized
.
==================== Find3M ====================
.
2011-02-23 14:55:05 64344 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
.
============= FINISH: 14:41:16.61 ===============
Not really looking at anything bad on your log. Lets do a few things.
Please download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune to your desktop.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.Your system may start up slower after running ATF Cleaner, this is expected but will be back to normal after the first or second boot up
Please note: If you use online banking or are registered online with any other organizations, ensure you have memorized password and other personal information as removing cookies will temporarily disable the auto-login facility.
You have Malwarebytes installed, open it, check for updates and run the Quick Scan and post the log.
ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan
*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.
Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button.
Accept any security warnings from your browser.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png
Make sure that the option "Remove found threats" is Unchecked
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button.
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png
Please make sure you include the following items in your next post:
The log that was produced after running ESET Online Scanner.
swordstone
2011-04-14, 00:45
Ok I ran ATF
Here's the malwarebytes and ESET logs..
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6353
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18928
4/13/2011 11:07:31 PM
mbam-log-2011-04-13 (23-07-31).txt
Scan type: Quick scan
Objects scanned: 175712
Time elapsed: 9 minute(s), 35 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
ESET scan
C:\Users\Mohammad\Documents\Downloads\HSS-1.43-install-webroot-239-conduit2.exe a variant of Win32/HotSpotShield application
C:\Users\Mohammad\Documents\Downloads\HSS-1.44-update-ui.exe a variant of Win32/HotSpotShield application
C:\Users\Mohammad\Documents\Downloads\MsgPlusLive-482.exe a variant of Win32/Adware.CiDHelp application
Thought I might add.. when I clicked finish the ESET window didn't close so I pushed the red 'x' on the top right and a popup appeared saying it may not have installed correctly.. hope that didn't affect the reliability of the scan
swordstone
2011-04-14, 00:58
Also, I was just about to shut down my computer to restart it, but it keeps giving me this error "Access violation at address 004709DD in module TeaTimer.exe. Read of address 000000010" and the like.. I hadn't disabled tea timer as I mentioned in my first post..
These files you downloaded via file sharing may be infected, you should delete them
C:\Users\Mohammad\Documents\Downloads\HSS-1.43-install-webroot-239-conduit2.exe
C:\Users\Mohammad\Documents\Downloads\HSS-1.44-update-ui.exe
C:\Users\Mohammad\Documents\Downloads\MsgPlusLive-482.exe
Disable the TeaTimer
Run Spybot-S&D in Advanced Mode.
If it is not already set to do this Go to the Mode menu select "Advanced Mode"
On the left hand side, Click on Tools
Then click on the Resident Icon in the List
Uncheck "Resident TeaTimer" and OK any prompts.
Restart your computer.<--You need to do this for it to take effect
Download CKScanner (http://downloads.malwareremoval.com/CKScanner.exe)
Important - Save it to your desktop.
Doubleclick CKScanner.exe and click Search For Files.
After a very short time, when the cursor hourglass disappears, click Save List To File.
A message box will verify the file saved.
Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
swordstone
2011-04-14, 11:10
I've deleted those 3 files and disabled tea timer and restarted.
Here are the contents of ckfiles.txt
CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.RP.11
----- EOF -----
Still nothing bad but we can run a few more scans, you may also want to run Spybot Search and Destroy again and let it remove all those tracking cookies
Scan With RootKitUnHooker
Please choose one link and download Rootkit Unhooker and save it to your desktop.
Link 1 (http://www.kernelmode.info/ARKs/RKUnhookerLE.EXE)
Link 2 (http://www.kernelmode.info/ARKs/RKUnhookerLE.zip)
Link 3 (http://www.kernelmode.info/ARKs/RkU3.8.388.590.rar)
Now double-click on RKUnhookerLE.exe to run it.
Click the Report tab, then click Scan.
Check (Tick) Drivers and Stealth
Uncheck the rest. then click OK
When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
Wait till the scanner has finished and then click File > Save Report.
Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in your next reply.
Note** you may get the following warning, just click OK and continue.
"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
swordstone
2011-04-16, 23:30
Ok, I ran a scan with spybot... it was unable to fix some stuff though
I've attached it's results containing the files that could not be fixed along with the OTL logs
Furthermore I downloaded rootkit unhooker from all 3 links and it keeps giving me this error popup when I run it... "Error loading driver, NSTATUS code: 0xC000036B"
On a sidenote the computer is still giving me the error that windows has detected a change and will result in limited windows functionality and kept taking me back to the user logon screen.. restarting from there worked again though.
Spybot scan
--- Search result list ---
Zango: [SBI $689E03A0] Interface (Registry key, fixing failed)
HKEY_CLASSES_ROOT\Interface\{618AAD04-921F-44C2-BE38-C0818AF69861}
Zango: [SBI $689E03A0] Interface (Registry key, fixing failed)
HKEY_CLASSES_ROOT\Interface\{618AAD04-921F-44C2-BE38-C0818AF69861}
Zango: [SBI $411F0828] Interface (Registry key, fixing failed)
HKEY_CLASSES_ROOT\Interface\{B5D2ED96-62F9-4C2C-956D-E425B1F67337}
Zango: [SBI $411F0828] Interface (Registry key, fixing failed)
HKEY_CLASSES_ROOT\Interface\{B5D2ED96-62F9-4C2C-956D-E425B1F67337}
Zango: [SBI $9432A0E4] Interface (Registry key, fixing failed)
HKEY_CLASSES_ROOT\Interface\{D3A412E8-1E4B-47D2-9B12-F88291F5AFBB}
Zango: [SBI $9432A0E4] Interface (Registry key, fixing failed)
HKEY_CLASSES_ROOT\Interface\{D3A412E8-1E4B-47D2-9B12-F88291F5AFBB}
OTL log
OTL logfile created on: 4/15/2011 1:19:55 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Mohammad\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 56.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 287.91 Gb Total Space | 174.22 Gb Free Space | 60.51% Space Free | Partition Type: NTFS
Computer Name: MOHAMMAD-PC | User Name: Mohammad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Mohammad\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Sony Corporation\SmartWi Connection Utility\CCP.exe ()
PRC - C:\Program Files\Sony Corporation\SmartWi Connection Utility\ThirdPartyAppMgr.exe ()
PRC - C:\Program Files\Sony Corporation\SmartWi Connection Utility\PowerManager.exe ()
PRC - C:\Program Files\Sony Corporation\SmartWi Connection Utility\UIManager.exe (Sony Electronics, Inc.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
PRC - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
PRC - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
PRC - C:\Program Files\Sony\VAIO Care\listener.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
========== Modules (SafeList) ==========
MOD - C:\Users\Mohammad\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\AVAST Software\Avast\snxhk.dll (AVAST Software)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV:[b]64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (dgdersvc) -- C:\Windows\SysNative\dgdersvc.exe ()
SRV:64bit: - (VcmIAlzMgr) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
SRV:64bit: - (VcmXmlIfHelper) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe (Sony Corporation)
SRV:64bit: - (VAIO Power Management) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)
SRV:64bit: - (SampleCollector) -- C:\Program Files\Sony\VAIO Care\collsvc.exe (Intel Corporation)
SRV:64bit: - (XAudioService) -- C:\Windows\SysNative\DRIVERS\xaudio64.exe ()
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (dgdersvc) -- C:\Windows\SysWOW64\dgdersvc.exe (Devguru Co., Ltd.)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (Vcsw) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
SRV - (VzCdbSvc) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
SRV - (SOHCImp) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation)
SRV - (SOHPlMgr) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe (Sony Corporation)
SRV - (SOHDs) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation)
SRV - (SOHDms) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation)
SRV - (SOHDBSvr) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe (Sony Corporation)
SRV - (VAIO Event Service) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (VCFw) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (uCamMonitor) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
SRV - (QBCFMonitorService) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
SRV - (QBFCService) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IviRegMgr) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
========== Driver Services (SafeList) ==========
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys ()
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys ()
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys ()
DRV:64bit: - (HssDrv) -- C:\Windows\SysNative\DRIVERS\HssDrv.sys ()
DRV:64bit: - (taphss) -- C:\Windows\SysNative\DRIVERS\taphss.sys ()
DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\Drivers\TFsExDisk.sys ()
DRV:64bit: - (dgderdrv) -- C:\Windows\SysNative\drivers\dgderdrv.sys ()
DRV:64bit: - (ss_mdm) -- C:\Windows\SysNative\DRIVERS\ss_mdm.sys ()
DRV:64bit: - (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM) -- C:\Windows\SysNative\DRIVERS\ss_bus.sys ()
DRV:64bit: - (ss_mdfl) -- C:\Windows\SysNative\DRIVERS\ss_mdfl.sys ()
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys ()
DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\DRIVERS\RimSerial_AMD64.sys ()
DRV:64bit: - (igfx) -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys ()
DRV:64bit: - (SFEP) -- C:\Windows\SysNative\DRIVERS\SFEP.sys ()
DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\DRIVERS\rimssn64.sys ()
DRV:64bit: - (risdptsk) -- C:\Windows\SysNative\DRIVERS\risdsn64.sys ()
DRV:64bit: - (athr) -- C:\Windows\SysNative\DRIVERS\athrx.sys ()
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys ()
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\DRIVERS\wimfltr.sys ()
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys ()
DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\Drivers\RimUsb_AMD64.sys ()
DRV:64bit: - (s0016mdm) -- C:\Windows\SysNative\DRIVERS\s0016mdm.sys ()
DRV:64bit: - (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) -- C:\Windows\SysNative\DRIVERS\s0016unic.sys ()
DRV:64bit: - (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) -- C:\Windows\SysNative\DRIVERS\s0016mgmt.sys ()
DRV:64bit: - (s0016obex) -- C:\Windows\SysNative\DRIVERS\s0016obex.sys ()
DRV:64bit: - (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) -- C:\Windows\SysNative\DRIVERS\s0016nd5.sys ()
DRV:64bit: - (s0016mdfl) -- C:\Windows\SysNative\DRIVERS\s0016mdfl.sys ()
DRV:64bit: - (s0016bus) Sony Ericsson Device 0016 driver (WDM) -- C:\Windows\SysNative\DRIVERS\s0016bus.sys ()
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\DRIVERS\iaStor.sys ()
DRV:64bit: - (yukonx64) -- C:\Windows\SysNative\DRIVERS\yk60x64.sys ()
DRV:64bit: - (XAudio) -- C:\Windows\SysNative\DRIVERS\xaudio64.sys ()
DRV:64bit: - (HSF_DPV) -- C:\Windows\SysNative\DRIVERS\CAX_DPV.sys ()
DRV:64bit: - (mdmxsdk) -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys ()
DRV:64bit: - (winachsf) -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys ()
DRV:64bit: - (CAXHWAZL) -- C:\Windows\SysNative\DRIVERS\CAXHWAZL.sys ()
DRV:64bit: - (ArcSoftKsUFilter) -- C:\Windows\SysNative\DRIVERS\ArcSoftKsUFilter.sys ()
DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\Drivers\RootMdm.sys ()
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys ()
DRV:64bit: - (HSFHWAZL) -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS ()
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys ()
DRV:64bit: - (seehcri) -- C:\Windows\SysNative\DRIVERS\seehcri.sys ()
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()
DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc)
DRV - (dgderdrv) -- C:\Windows\SysWOW64\drivers\dgderdrv.sys (Devguru Co., Ltd)
DRV - (DMICall) -- C:\Windows\SysWOW64\drivers\DMICall.sys (Sony Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\tbHots.dll (Conduit Ltd.)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\tbHots.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;*.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.lums.edu.pk:80
========== FireFox ==========
FF - prefs.js..browser.search.defaultthis.engineName: "ooVoo Chat Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1572363&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT1572363&SearchSource=13"
FF - prefs.js..extensions.enabledItems: zotero@chnm.gmu.edu:2.0.9
FF - prefs.js..extensions.enabledItems: zoteroWinWordIntegration@zotero.org:3.0b1
FF - prefs.js..extensions.enabledItems: {6d677280-ddfe-11dc-95ff-0800200c9a66}:0.4
FF - prefs.js..extensions.enabledItems: {48e23fba-bb14-4745-b768-382150cd83fb}:1.0.1
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/12/16 00:59:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/12/22 20:30:41 | 000,000,000 | ---D | M]
[2010/02/18 20:54:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mohammad\AppData\Roaming\mozilla\Extensions
[2010/02/18 20:54:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mohammad\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2011/04/11 21:20:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mohammad\AppData\Roaming\mozilla\Firefox\Profiles\wzzo97kb.default\extensions
[2009/10/29 20:56:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mohammad\AppData\Roaming\mozilla\Firefox\Profiles\wzzo97kb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/30 20:33:53 | 000,000,000 | ---D | M] ("Metal3D") -- C:\Users\Mohammad\AppData\Roaming\mozilla\Firefox\Profiles\wzzo97kb.default\extensions\{48e23fba-bb14-4745-b768-382150cd83fb}
[2010/04/30 20:32:28 | 000,000,000 | ---D | M] (Orthodox) -- C:\Users\Mohammad\AppData\Roaming\mozilla\Firefox\Profiles\wzzo97kb.default\extensions\{6d677280-ddfe-11dc-95ff-0800200c9a66}
[2010/05/23 00:06:17 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Users\Mohammad\AppData\Roaming\mozilla\Firefox\Profiles\wzzo97kb.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2010/03/12 00:57:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mohammad\AppData\Roaming\mozilla\Firefox\Profiles\wzzo97kb.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2010/11/10 23:15:55 | 000,000,000 | ---D | M] (Zotero) -- C:\Users\Mohammad\AppData\Roaming\mozilla\Firefox\Profiles\wzzo97kb.default\extensions\zotero@chnm.gmu.edu
[2010/11/22 21:16:21 | 000,000,000 | ---D | M] (Zotero WinWord Integration) -- C:\Users\Mohammad\AppData\Roaming\mozilla\Firefox\Profiles\wzzo97kb.default\extensions\zoteroWinWordIntegration@zotero.org
[2009/10/06 18:07:30 | 000,000,882 | ---- | M] () -- C:\Users\Mohammad\AppData\Roaming\Mozilla\Firefox\Profiles\wzzo97kb.default\searchplugins\conduit.xml
[2011/04/13 14:33:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
O1 HOSTS File: ([2006/09/19 02:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll ()
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg64.dll (Google Inc.)
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O2 - BHO: (Hotspot Shield Toolbar) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\tbHots.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll ()
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Hotspot Shield Toolbar) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\tbHots.dll (Conduit Ltd.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Hotspot Shield Toolbar) - {C95A4E8E-816D-4655-8C79-D736DA1ADB6D} - C:\Program Files (x86)\Hotspot_Shield\tbHots.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe ()
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [RegistrationReminder] C:\Program Files\Sony\First Experience\OOBEFcdRegistration.exe (Sony Electronics, Inc.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SmartWiHelper] C:\Program Files\Sony Corporation\SmartWi Connection Utility\SmartWiHelper.exe (Sony Electronics Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VAIORegistration] C:\Program Files\Sony\First Experience\WelcomeLauncher.exe (Sony Electronics, Inc.)
O4 - HKLM..\Run: [VAIOSurvey] C:\Program Files (x86)\Sony\VAIO Survey\VAIO Sat Survey.exe ()
O4 - HKCU..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\/\KiesTrayAgent.exe ()
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10h_ActiveX.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Mohammad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Users\Mohammad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XPS2OneNote.lnk = C:\Users\Mohammad\AppData\Roaming\Microsoft\Installer\{6DD7A9DA-6732-47D2-8362-6A12BD0EA053}\_FBB2488C0F33C1DFE6AC1F.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: intuit.com ([community] https in Trusted sites)
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} http://esupport.sony.com/VaioInfo.CAB (VaioInfo.CMClass)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: CabBuilder http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\qbwc {FC598A64-626C-4447-85B8-53150405FD57} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll ()
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Garden.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Garden.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{807975c6-d75c-11de-9ae1-001dbaf06e9b}\Shell - "" = AutoRun
O33 - MountPoints2\{807975c6-d75c-11de-9ae1-001dbaf06e9b}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/04/15 00:04:01 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Mohammad\Desktop\OTL.exe
[2011/04/14 01:28:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011/04/13 23:59:34 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Mohammad\Desktop\esetsmartinstaller_enu.exe
[2011/04/13 22:54:40 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Users\Mohammad\Desktop\ATF-Cleaner.exe
[2011/04/11 13:27:35 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/04/11 13:26:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/04/11 13:26:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2011/04/11 12:50:42 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/04/11 12:50:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/10 14:22:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/04/10 14:21:08 | 000,040,648 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/04/10 14:20:43 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/04/10 14:19:43 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/04/02 03:39:33 | 000,000,000 | ---D | C] -- C:\Users\Mohammad\AppData\Roaming\.Get Organized
[2011/04/02 03:39:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Get Organized
[2011/04/02 03:39:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Get Organized
[2011/03/23 21:09:15 | 000,000,000 | R-SD | C] -- C:\Users\Mohammad\Documents\My Stationery
[1 C:\Users\Mohammad\Documents\*.tmp files -> C:\Users\Mohammad\Documents\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/04/15 00:51:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/15 00:47:59 | 000,034,560 | ---- | M] () -- C:\Windows\SysWow64\drivers\Normandy.sys
[2011/04/15 00:39:02 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2874463723-3708051865-952906006-1000UA.job
[2011/04/15 00:04:07 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Mohammad\Desktop\OTL.exe
[2011/04/14 23:59:02 | 000,124,980 | ---- | M] () -- C:\Users\Mohammad\Desktop\RKUnhookerLE.zip
[2011/04/14 23:57:18 | 000,133,632 | ---- | M] () -- C:\Users\Mohammad\Desktop\RKUnhookerLE.EXE
[2011/04/14 23:26:43 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/14 23:26:43 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/14 21:51:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/14 19:27:16 | 000,002,619 | ---- | M] () -- C:\Users\Mohammad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XPS2OneNote.lnk
[2011/04/14 19:26:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/14 19:26:37 | 3081,801,728 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/14 12:49:08 | 000,453,632 | ---- | M] () -- C:\Users\Mohammad\Desktop\CKScanner.exe
[2011/04/14 01:39:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2874463723-3708051865-952906006-1000Core.job
[2011/04/14 00:00:20 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Mohammad\Desktop\esetsmartinstaller_enu.exe
[2011/04/13 22:54:41 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Users\Mohammad\Desktop\ATF-Cleaner.exe
[2011/04/12 22:38:06 | 000,003,949 | ---- | M] () -- C:\Users\Mohammad\Get Organized Backup.gbak
[2011/04/11 21:10:13 | 000,002,422 | ---- | M] () -- C:\Users\Mohammad\Desktop\Attach.zip
[2011/04/11 13:27:05 | 000,000,943 | ---- | M] () -- C:\Users\Mohammad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/04/11 13:26:47 | 000,000,744 | ---- | M] () -- C:\Users\Mohammad\Desktop\ERUNT.lnk
[2011/04/11 12:50:42 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/10 15:25:08 | 014,022,085 | ---- | M] () -- C:\Users\Mohammad\Documents\LoaderBackup-(2011-04-10).ipd
[2011/04/10 14:44:27 | 000,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/04/10 14:44:27 | 000,595,684 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/04/10 14:44:27 | 000,101,350 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/04/10 14:22:14 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/04/10 14:22:11 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/04/03 18:00:17 | 000,003,597 | ---- | M] () -- C:\Users\Mohammad\Documents\Get Organized Backup.gbak
[2011/04/02 03:39:14 | 000,001,782 | ---- | M] () -- C:\Users\Public\Desktop\Get Organized.lnk
[2011/03/24 16:22:34 | 000,427,273 | ---- | M] () -- C:\Users\Mohammad\Desktop\IMM5257E.pdf
[2011/03/19 22:34:09 | 000,097,792 | ---- | M] () -- C:\Users\Mohammad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\Users\Mohammad\Documents\*.tmp files -> C:\Users\Mohammad\Documents\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/04/14 23:58:58 | 000,124,980 | ---- | C] () -- C:\Users\Mohammad\Desktop\RKUnhookerLE.zip
[2011/04/14 23:58:18 | 000,034,560 | ---- | C] () -- C:\Windows\SysWow64\drivers\Normandy.sys
[2011/04/14 23:57:13 | 000,133,632 | ---- | C] () -- C:\Users\Mohammad\Desktop\RKUnhookerLE.EXE
[2011/04/14 12:49:05 | 000,453,632 | ---- | C] () -- C:\Users\Mohammad\Desktop\CKScanner.exe
[2011/04/11 21:10:13 | 000,002,422 | ---- | C] () -- C:\Users\Mohammad\Desktop\Attach.zip
[2011/04/11 13:27:05 | 000,000,943 | ---- | C] () -- C:\Users\Mohammad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/04/11 13:26:47 | 000,000,744 | ---- | C] () -- C:\Users\Mohammad\Desktop\ERUNT.lnk
[2011/04/11 12:50:42 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/10 15:25:08 | 014,022,085 | ---- | C] () -- C:\Users\Mohammad\Documents\LoaderBackup-(2011-04-10).ipd
[2011/04/10 14:22:14 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/04/10 14:22:12 | 000,505,176 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011/04/10 14:22:11 | 000,238,968 | ---- | C] () -- C:\Windows\SysNative\aswBoot.exe
[2011/04/05 04:06:32 | 000,003,949 | ---- | C] () -- C:\Users\Mohammad\Get Organized Backup.gbak
[2011/04/03 18:00:17 | 000,003,597 | ---- | C] () -- C:\Users\Mohammad\Documents\Get Organized Backup.gbak
[2011/04/02 03:39:14 | 000,001,782 | ---- | C] () -- C:\Users\Public\Desktop\Get Organized.lnk
[2011/03/22 18:49:34 | 000,427,273 | ---- | C] () -- C:\Users\Mohammad\Desktop\IMM5257E.pdf
[2010/11/12 18:59:25 | 000,000,236 | ---- | C] () -- C:\Users\Mohammad\AppData\Roaming\wklnhst.dat
[2010/01/19 21:03:09 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\pool.bin
[2010/01/01 19:28:07 | 000,000,680 | ---- | C] () -- C:\Users\Mohammad\AppData\Local\d3d9caps.dat
[2009/11/09 07:08:10 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2009/11/09 07:08:10 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2009/11/09 07:08:10 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2009/11/09 07:08:10 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2009/10/20 22:21:52 | 000,157,629 | ---- | C] () -- C:\Windows\hpoins27.dat
[2009/10/16 23:31:43 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/10/12 10:16:29 | 000,097,792 | ---- | C] () -- C:\Users\Mohammad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/08 15:22:22 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2009/06/08 14:34:06 | 000,000,095 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2009/04/10 08:00:57 | 002,192,024 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009/04/10 08:00:56 | 000,147,172 | ---- | C] () -- C:\Windows\SysWow64\igfcg550.bin
[2009/04/10 08:00:54 | 000,492,496 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/04/10 07:32:10 | 000,106,605 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/04/10 07:32:10 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008/01/21 07:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/21 07:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008/01/18 20:56:22 | 000,000,932 | ---- | C] () -- C:\Windows\hpomdl27.dat
[2006/11/02 20:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 17:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 17:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 17:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 14:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
========== LOP Check ==========
[2011/04/02 04:05:17 | 000,000,000 | ---D | M] -- C:\Users\Mohammad\AppData\Roaming\.Get Organized
[2010/02/15 21:59:05 | 000,000,000 | ---D | M] -- C:\Users\Mohammad\AppData\Roaming\Auslogics
[2010/12/22 20:45:47 | 000,000,000 | ---D | M] -- C:\Users\Mohammad\AppData\Roaming\Azureus
[2010/08/27 18:30:16 | 000,000,000 | ---D | M] -- C:\Users\Mohammad\AppData\Roaming\Barnes & Noble
[2010/02/15 23:17:08 | 000,000,000 | ---D | M] -- C:\Users\Mohammad\AppData\Roaming\Blackberry Desktop
[2010/06/05 19:55:38 | 000,000,000 | ---D | M] -- C:\Users\Mohammad\AppData\Roaming\GameRanger
[2010/02/18 20:53:54 | 000,000,000 | ---D | M] -- C:\Users\Mohammad\AppData\Roaming\InterVideo
[2010/11/06 13:06:45 | 000,000,000 | ---D | M] -- C:\Users\Mohammad\AppData\Roaming\LimeWire
[2009/11/21 23:01:32 | 000,000,000 | ---D | M] -- C:\Users\Mohammad\AppData\Roaming\Moyea
[2009/12/22 15:34:34 | 000,000,000 | ---D | M] -- C:\Users\Mohammad\AppData\Roaming\ooVoo Details
[2010/05/16 01:07:00 | 000,000,000 | ---D | M] -- C:\Users\Mohammad\AppData\Roaming\Orangeline Interactive
[2010/11/06 20:32:44 | 000,000,000 | ---D | M] -- C:\Users\Mohammad\AppData\Roaming\PC Suite
[2010/01/19 23:08:04 | 000,000,000 | ---D | M] -- C:\Users\Mohammad\AppData\Roaming\Research In Motion
[2010/11/06 20:14:25 | 000,000,000 | ---D | M] -- C:\Users\Mohammad\AppData\Roaming\Samsung
[2010/11/12 18:59:28 | 000,000,000 | ---D | M] -- C:\Users\Mohammad\AppData\Roaming\Template
[2011/03/13 23:29:52 | 000,000,000 | ---D | M] -- C:\Users\Mohammad\AppData\Roaming\uTorrent
[2011/04/14 19:25:36 | 000,032,650 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
swordstone
2011-04-16, 23:31
Extras Log
OTL Extras logfile created on: 4/15/2011 1:19:55 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Mohammad\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 56.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 287.91 Gb Total Space | 174.22 Gb Free Space | 60.51% Space Free | Partition Type: NTFS
Computer Name: MOHAMMAD-PC | User Name: Mohammad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[b]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe ()
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l ()
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" ()
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{155713E8-78A0-41AA-9D70-2DCE055D620C}" = lport=10243 | protocol=6 | dir=in | app=system |
"{1A008B85-F471-43AC-8A06-93F444E26A9E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1E673756-0A78-4E82-9497-75F21E54A1AD}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{20D25801-0CC4-4798-BED6-A8D2ECADE18A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{24AA7604-1DCE-4792-9FAA-4726204A09F5}" = rport=139 | protocol=6 | dir=out | app=system |
"{28C1DEAE-BFD9-465B-BB36-111C5E7D3963}" = lport=139 | protocol=6 | dir=in | app=system |
"{28E52C16-3ABF-4022-91D6-1C99C4D91459}" = lport=138 | protocol=17 | dir=in | app=system |
"{36274588-95AA-40FC-8FEE-971EB54D59B4}" = rport=138 | protocol=17 | dir=out | app=system |
"{3B75F420-816F-4125-BB2B-4AECDCD179F1}" = lport=137 | protocol=17 | dir=in | app=system |
"{45424881-00AE-4108-99FC-0FB9881C565A}" = lport=445 | protocol=6 | dir=in | app=system |
"{4B6DC3EB-70D8-4735-8950-B1F24EA7864E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4B89B585-955D-4CE6-AF00-0704C7329DF2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{ABF070C2-62CC-42D2-9405-470FE7EE26D6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C0FF6FC6-3AF2-4EEF-92C8-2C68F9074F2D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C44DAE88-47AE-49E0-B1BC-84AFDC102518}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{D29F7876-9AE1-47A0-A131-58956A413DDE}" = rport=137 | protocol=17 | dir=out | app=system |
"{E7842F55-36B3-4858-BD9B-AAD2298B31D4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F0D4AFD5-0922-454B-99A3-99E7DEC7E728}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F6151602-BE9B-4D07-A656-80C48FFD79C5}" = rport=445 | protocol=6 | dir=out | app=system |
"{F9723BFF-651A-4C7C-BE4E-AF0D48189880}" = rport=10243 | protocol=6 | dir=out | app=system |
"{FAB08D62-F533-4B8E-97F2-0C48B9B9872A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07CA0E9E-2FA1-4B16-9638-1DD28DA4F461}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{087D5CCB-BB3A-429B-ACB4-464471D5DD1B}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\sony shared\sohlib\sohcimp.exe |
"{12C7DAE0-5F23-4BFF-8B2A-4846A00C1484}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{228AEF3A-4D81-4EF5-BD5A-C49D14BA181F}" = protocol=6 | dir=out | app=system |
"{2E855C6D-BF35-4480-8492-E8ADFEC9DB17}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{32EBCE3E-F502-4C81-9FE6-3AAAF3668672}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{33464665-A6DE-4301-B284-3C70A120C210}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\sony shared\sohlib\sohcimp.exe |
"{38C4E1D2-E81A-442B-A955-75CB0604266D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3AAD2E9F-A8BB-416F-B3EC-F5E98DD1F117}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3CA05C0C-9EB3-4E8A-995A-4159DC552DEE}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{3D5F3AD6-686B-4B8B-8899-45A81E3137B9}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{476A68CD-242D-4D48-9655-78F70DBCB9CB}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{4928C6B5-5244-4780-9166-5B19DA31877A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{4AD5FA7E-B461-4CD6-A390-15F99C7CEA0D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{4F98B787-8054-4B61-921F-308BB1083FEC}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{53F2B96B-6116-44B1-A4F8-238AA2EDDE3E}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\sony shared\sohlib\sohds.exe |
"{5C1BC5C3-F14E-48CE-8DEB-2CFA277BD76E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5F748B59-F24E-4A86-A784-7F0A362ADB96}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{6CED5F3C-6584-43C7-A361-C6BCFF0291E2}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{7814B3F8-305F-4BF9-96D8-E95DA98E608A}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\sony shared\sohlib\sohdms.exe |
"{7ED74C9C-0864-41CD-8BD8-42BC385AB589}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{83EBDA77-112C-4FFF-9589-1D0FE40AF152}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8EE8C737-0D15-4C0F-AF39-3D7A9F772903}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{91112E42-2FB2-4D1F-B2F4-781820D3EDDC}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\sony shared\sohlib\sohds.exe |
"{9AE80792-A671-4568-8E1B-2512016C5324}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9B983D4C-3ED9-4672-99D4-BF8AEE05B89A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9FAB9498-5573-44B2-B09F-5B904A7BD9A3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A05EEEC3-111D-42A7-9428-1064CFCACF3D}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{A3175033-C6A0-48FF-B0E9-A8D28502271F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{B4901CF8-7B88-442A-B6D0-B1C4F20D2E07}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B730DD2A-AE46-4C62-A017-79FBDB809481}" = protocol=6 | dir=in | app=c:\program files (x86)\sony\vaio media plus\vmp.exe |
"{C131C375-8CB9-4215-A969-37CD5FFD10FA}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{C453032D-A49C-4269-A995-394D73F9DB8F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C4D028FC-888A-4FA1-B6E9-724D9CB7A1AA}" = protocol=17 | dir=in | app=c:\program files (x86)\sony\vaio media plus\vmp.exe |
"{D361B690-2968-444D-B323-9299455CDC86}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{D43FFAAD-80D9-47E8-BBC6-ABD04EB35396}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D73F398E-E3A0-4380-950A-C0AF92DF4D74}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{D7E7EDFD-7BE0-4C6A-A63C-36C9FA7D6FCE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DBBBF8A1-2C17-4EB4-8C4C-7F48A692C148}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DBCE5B5B-0B88-470F-A950-98FCFA595E00}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{E126BE26-F125-4B09-80A5-CE60FCFA2D19}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E2A27BB8-7698-4AF0-97C7-5D6AEE5E38AF}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{E7ED5E28-9A19-4C60-8934-318C7CB1AA8C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FC4585ED-43BC-49D5-827E-34352AC8B2D0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{FDCCCF2B-263A-4406-8BFD-3341F3EB3093}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FE3D78D7-5582-4E0D-902F-C23F0D243106}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\sony shared\sohlib\sohdms.exe |
"TCP Query User{C3F477F2-0F46-4AEF-8E84-589C8945E90B}C:\users\mohammad\downloads\utorrent.exe" = protocol=6 | dir=in | app=c:\users\mohammad\downloads\utorrent.exe |
"UDP Query User{1E6BAE9A-B54F-463C-857D-A1FEF3905BEC}C:\users\mohammad\downloads\utorrent.exe" = protocol=17 | dir=in | app=c:\users\mohammad\downloads\utorrent.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{22ABA92B-6C1B-46D8-AC2B-C48EEAE172A9}" = VD64Inst
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support
"{9F560BEB-021F-43AC-825F-AA60442D8DE4}" = 64 Bit HP CIO Components Installer
"{B6EFD9A5-2ECE-4C22-BAEC-D16E73EA2013}" = iTunes
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D77D43B5-ED55-426b-B67B-E21F804F6102}" = HP Deskjet F2200 All-In-One Driver Software 10.0 Rel .3
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{005F78AF-110D-398A-8430-BE98950A1E22}" = Google Talk Plugin
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
"{068F037B-2723-48E3-85F1-4D7D93A29D2A}" = VAIO Content Metadata Intelligent Analyzing Manager
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{0F962B79-D0DC-40D9-96BA-ED1355120CBA}" = QuickBooks Financial Center
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}" = VAIO Launcher
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{1B500D37-E7CF-480B-8054-8A563594EC4E}" = VAIO OOBE and Welcome Center
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{2018C019-30D9-4240-8C01-0865C10DCF5A}" = VAIO Presentation Support
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 17
"{2878C3C9-9D91-430F-8F50-885BB23DB001}" = VAIO Content Folder Watcher
"{2B39620B-F959-4C8A-AEEF-B5D29D8012D0}" = BlackBerry Device Software v5.0.0 for the BlackBerry 8520 smartphone
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{327B75F0-92AF-420A-988F-FA596A218E0B}" = VAIO Content Folder Watcher
"{34610DE0-3C13-42CA-8E32-01FFA38AB6E8}" = PC Connectivity Solution
"{34B37A74-125E-4406-87BA-E4BD3D097AE5}" = VAIO Survey
"{363AA0EF-7672-42C2-AA43-237E1DBFB827}_is1" = Moyea FLV Editor Pro Version: 3.1.13.0
"{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}" = VAIO Care
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{376DCC77-BFDA-4AC0-A57E-2CEB000D5E47}" = VAIO Content Metadata Intelligent Analyzing Manager
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{47A2CE5C-EA1F-4F58-8A0A-9452CBA795CD}" = Click to Disc
"{4D612FB2-1AE7-4E46-9377-35BB2F06A787}" = Roxio Media Manager
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy Media Creator 10 LJ
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F5867F0-2D23-4338-A206-01A76C823924}" = VAIO Power Management
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64DBE9FE-A07D-41A0-B81A-8D416D9647FF}" = VAIO Content Folder Watcher
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6BF03C88-C06A-48DC-B9A1-FE72B24E5FA9}" = VAIO Media plus Opening Movie
"{6DD7A9DA-6732-47D2-8362-6A12BD0EA053}" = XPS2OneNote
"{6EB6A82E-4918-481F-9AF8-3129E6D29B7E}" = Sony Home Network Library
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72B5983C-80C7-4225-BA72-E92AE1D59C62}" = VAIO My Memory Center
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{78780A45-B180-4297-AE6D-12C45EC5AD35}" = VAIO Content Metadata Manager Setting
"{7988ba74-4a27-4685-991a-53f072f22808}" = F2200_Help
"{7B79CD75-F848-4B33-83E3-0EE1A1805A8C}" = VAIO Movie Story
"{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-i Visual Effects 2
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{83CDA18E-0BF3-4ACA-872C-B4CDABF2360E}" = VAIO Update 4
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8DA37A5A-55BF-47B3-A7F7-09FB3F3CF965}" = BlackBerry Device Software v5.0.0 for the BlackBerry 8520 smartphone
"{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}" = VAIO Media plus
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" =
"{98FC7A64-774B-49B5-B046-4B4EBC053FA9}" = VAIO MusicBox Sample Music
"{9973498D-EA29-4A68-BE0B-C88D6E03E928}" = ArcSoft WebCam Companion 2
"{9A2F0810-3619-4E86-9072-973FBE1679C5}" = QuickBooks Simple Start 2009
"{9B5F85CA-90D4-4AFC-BB37-32477FD0D2B9}" = SmartWi Connection Utility
"{9F479685-180E-4C05-9400-D59292A1B29C}" = Windows Live Movie Maker
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A3365448-B694-468D-BBF0-D7A4CCDF955F}" = BlackBerry® Media Sync
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Function Setting
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9D3D707-4A1A-4227-BE6E-F16448B4CB63}" = VAIO Entertainment Platform
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{BFD85D24-D4F3-4CCC-B518-D7C4FC29C76D}" = VAIO Content Metadata Intelligent Analyzing Manager
"{C1555BC5-88B1-466B-BC79-062B5715DF92}" = VAIO Content Metadata XML Interface Library
"{c6922d7f-c698-4d9e-9671-8b3de04d1511}" = DJ_AIO_03_F2200_Software_Min
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{CC2541A6-BC6A-4099-B711-7911C884AEB8}" = VAIO Content Metadata XML Interface Library
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CD7E6232-D41D-4E5B-ABE1-0264B6260309}" = VAIO Content Metadata Intelligent Analyzing Manager
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BB}" = WinZip 14.0
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Music Transfer
"{D03D02D8-AB64-4785-A48E-5AA8B0FB8C14}" = Sony Home Network Library
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D47FE987-EA3D-424B-9886-B752501D7CE7}" = VAIO Help and Support
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{D613E659-6503-42A8-9617-4F599061EAD5}" = VAIO MusicBox
"{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{db18dc72-cd20-4801-be82-f5d2caeec4d7}" = DJ_AIO_03_F2200_Software
"{DEF97A70-C67D-41E1-837C-6462C97A6F65}" = OpenMG Secure Module 5.3.00
"{DFD0E9A9-F24A-492B-8975-8C938E32408F}" = VAIO Startup Assistant
"{E3453B1B-C91B-4C48-B046-8DF635DD46F2}" = VAIO Content Metadata XML Interface Library
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{e97a9fd7-2fa1-4474-820d-3f8893a5b78a}" = F2200
"{EADE97A7-E7AA-43FD-A042-92A68E0187A6}" = VAIO Content Metadata Manager Setting
"{eca3039b-e429-420f-bd5e-7dec0683fc32}" = DJ_AIO_03_F2200_ProductContext
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EF85141C-7980-4CB4-B19D-7680731135EC}" = BlackBerry Desktop Software 5.0
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" =
"{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Easy Media Creator Home
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"am-cakemania" = Cake Mania
"am-cakemaniamainstreettm" = Cake Mania Main Street(TM)
"Applian FLV Player2.0.24" = Applian FLV Player
"Application Manager for VAIO" = Application Manager for VAIO
"avast" = avast! Free Antivirus
"BlackBerry_{EF85141C-7980-4CB4-B19D-7680731135EC}" = BlackBerry Desktop Software 5.0
"Cake Mania-MainStreet ." = Cake Mania-MainStreet .
"Citrus Alarm Clock_is1" = Citrus Alarm Clock 2.2
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"DivX Setup.divx.com" = DivX Setup
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"Get Organized_is1" = Get Organized 1.02
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Hotspot_Shield Toolbar" = Hotspot_Shield Toolbar
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"InstallShield_{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies
"InstallShield_{DEF97A70-C67D-41E1-837C-6462C97A6F65}" = OpenMG Secure Module 5.3.00
"LimeWire" = LimeWire 5.3.6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"NOOKstudy" = NOOKstudy
"Picasa 3" = Picasa 3
"RealPlayer 12.0" = RealPlayer
"uTorrent" = µTorrent
"Vuze_Remote Toolbar" = Vuze_Remote Toolbar
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
========== Last 10 Event Log Errors ==========
[ Antivirus Events ]
Error - 3/30/2011 5:34:27 AM | Computer Name = Mohammad-PC | Source = avast! | ID = 33554522
Description =
Error - 3/31/2011 10:10:09 PM | Computer Name = Mohammad-PC | Source = avast! | ID = 33554522
Description =
Error - 4/1/2011 6:39:12 PM | Computer Name = Mohammad-PC | Source = avast! | ID = 33554522
Description =
Error - 4/3/2011 6:27:32 PM | Computer Name = Mohammad-PC | Source = avast! | ID = 33554522
Description =
Error - 4/7/2011 7:00:07 PM | Computer Name = Mohammad-PC | Source = avast! | ID = 33554522
Description =
Error - 4/8/2011 5:21:49 PM | Computer Name = Mohammad-PC | Source = avast! | ID = 33554522
Description =
Error - 4/10/2011 4:24:20 AM | Computer Name = Mohammad-PC | Source = avast! | ID = 33554522
Description =
Error - 4/10/2011 4:24:53 AM | Computer Name = Mohammad-PC | Source = avast! | ID = 33554522
Description =
Error - 4/10/2011 7:12:13 AM | Computer Name = Mohammad-PC | Source = avast! | ID = 33554522
Description =
Error - 4/10/2011 7:13:34 AM | Computer Name = Mohammad-PC | Source = avast! | ID = 33554522
Description =
[ Application Events ]
Error - 2/9/2011 5:06:26 PM | Computer Name = Mohammad-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe".
Dependent
Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0"
could not be found. Please use sxstrace.exe for detailed diagnosis.
Error - 2/9/2011 5:06:39 PM | Computer Name = Mohammad-PC | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "C:\Program Files (x86)\Windows
Live\Photo Gallery\MovieMaker.Exe".Error in manifest or policy file "C:\Program
Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" on line 8. Component identity
found in manifest does not match the identity of the component requested. Reference
is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition
is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Please use
sxstrace.exe for detailed diagnosis.
Error - 2/9/2011 5:06:48 PM | Computer Name = Mohammad-PC | Source = WinMgmt | ID = 10
Description =
Error - 2/9/2011 5:08:31 PM | Computer Name = Mohammad-PC | Source = VzCdbSvc | ID = 7
Description = Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error
code = 0x80042019)
Error - 2/10/2011 10:34:09 AM | Computer Name = Mohammad-PC | Source = WinMgmt | ID = 10
Description =
Error - 2/10/2011 10:35:41 AM | Computer Name = Mohammad-PC | Source = VzCdbSvc | ID = 7
Description = Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error
code = 0x80042019)
Error - 2/11/2011 8:09:59 AM | Computer Name = Mohammad-PC | Source = WinMgmt | ID = 10
Description =
Error - 2/11/2011 8:11:45 AM | Computer Name = Mohammad-PC | Source = VzCdbSvc | ID = 7
Description = Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error
code = 0x80042019)
Error - 2/11/2011 1:54:19 PM | Computer Name = Mohammad-PC | Source = WinMgmt | ID = 10
Description =
Error - 2/11/2011 1:56:04 PM | Computer Name = Mohammad-PC | Source = VzCdbSvc | ID = 7
Description = Failed to load the plug-in module. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})(Error
code = 0x80042019)
[ System Events ]
Error - 4/14/2011 10:30:13 AM | Computer Name = Mohammad-PC | Source = Service Control Manager | ID = 7022
Description =
Error - 4/14/2011 10:30:14 AM | Computer Name = Mohammad-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 4/14/2011 2:58:20 PM | Computer Name = Mohammad-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\Normandy.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.
Error - 4/14/2011 2:58:49 PM | Computer Name = Mohammad-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\Normandy.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.
Error - 4/14/2011 2:59:52 PM | Computer Name = Mohammad-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\Normandy.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.
Error - 4/14/2011 3:00:08 PM | Computer Name = Mohammad-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\Normandy.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.
Error - 4/14/2011 3:41:10 PM | Computer Name = Mohammad-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\Normandy.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.
Error - 4/14/2011 3:42:30 PM | Computer Name = Mohammad-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\Normandy.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.
Error - 4/14/2011 3:47:45 PM | Computer Name = Mohammad-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\Normandy.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.
Error - 4/14/2011 3:47:59 PM | Computer Name = Mohammad-PC | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\Normandy.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.
< End of report >
Lets try this
Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please
swordstone
2011-04-17, 12:48
The results opened on notepad automatically after the scan
Here they are.....
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6383
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18928
4/17/2011 3:36:30 PM
mbam-log-2011-04-17 (15-36-30).txt
Scan type: Quick scan
Objects scanned: 175449
Time elapsed: 5 minute(s), 44 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Looks good, the only thing I see wrong is related to Normandy , believe its a game thats not compatible with your system.
How are things running now ?
swordstone
2011-04-19, 17:57
it still gives me the same error message when I start it every now and then... but a restart fixes that every time so far
Do you use this toolbar, if not uninstall it
Hotspot_Shield Toolbar
ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan
*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.
Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button.
Accept any security warnings from your browser.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png
Make sure that the option "Remove found threats" is Unchecked
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button.
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png
Please make sure you include the following items in your next post:
The log that was produced after running ESET Online Scanner.
I reopened your thread. If you removed those entries that ESET found earlier than there is no need to run it again. Just wanted to be sure there gone
Tell me how things are running and we can dig deeper if need be
swordstone
2011-04-27, 18:39
Thanks for your time!
I uninstalled the hotspot shield toolbar and ran the scan here's the file
C:\$Recycle.Bin\S-1-5-21-2874463723-3708051865-952906006-1000\$RCLN6TY.exe a variant of Win32/HotSpotShield application
C:\$Recycle.Bin\S-1-5-21-2874463723-3708051865-952906006-1000\$RXD5C5H.exe a variant of Win32/HotSpotShield application
C:\$Recycle.Bin\S-1-5-21-2874463723-3708051865-952906006-1000\$RZEK2U2.exe a variant of Win32/Adware.CiDHelp application
I restarted after this scan that's probably why you can still see the hotspot shield toolbar entries
and no I haven't been having any problems so far now =)
Run OTL and post a new log and lets take a look
OTL by OldTimer
Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
swordstone
2011-04-27, 21:46
The OTL file opened on it's own but Extras one didn't and the only extras log I found was the old one dated 15th April.. the same one I posted before
OTL logfile created on: 4/27/2011 11:38:33 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Mohammad\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 59.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 287.91 Gb Total Space | 170.97 Gb Free Space | 59.38% Space Free | Partition Type: NTFS
Computer Name: MOHAMMAD-PC | User Name: Mohammad | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Mohammad\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Sony Corporation\SmartWi Connection Utility\CCP.exe ()
PRC - C:\Program Files\Sony Corporation\SmartWi Connection Utility\ThirdPartyAppMgr.exe ()
PRC - C:\Program Files\Sony Corporation\SmartWi Connection Utility\PowerManager.exe ()
PRC - C:\Program Files\Sony Corporation\SmartWi Connection Utility\UIManager.exe (Sony Electronics, Inc.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe (Sony Corporation)
PRC - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
PRC - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
PRC - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
PRC - C:\Program Files\Sony\VAIO Care\listener.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
========== Modules (SafeList) ==========
MOD - C:\Users\Mohammad\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\AVAST Software\Avast\snxhk.dll (AVAST Software)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV:[b]64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (dgdersvc) -- C:\Windows\SysNative\dgdersvc.exe ()
SRV:64bit: - (VcmIAlzMgr) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
SRV:64bit: - (VcmXmlIfHelper) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe (Sony Corporation)
SRV:64bit: - (VAIO Power Management) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)
SRV:64bit: - (SampleCollector) -- C:\Program Files\Sony\VAIO Care\collsvc.exe (Intel Corporation)
SRV:64bit: - (XAudioService) -- C:\Windows\SysNative\DRIVERS\xaudio64.exe ()
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (dgdersvc) -- C:\Windows\SysWOW64\dgdersvc.exe (Devguru Co., Ltd.)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (Vcsw) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
SRV - (VzCdbSvc) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
SRV - (SOHCImp) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation)
SRV - (SOHPlMgr) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe (Sony Corporation)
SRV - (SOHDs) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation)
SRV - (SOHDms) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation)
SRV - (SOHDBSvr) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe (Sony Corporation)
SRV - (VAIO Event Service) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (VCFw) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (uCamMonitor) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
SRV - (QBCFMonitorService) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
SRV - (QBFCService) -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IviRegMgr) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
========== Driver Services (SafeList) ==========
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys ()
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys ()
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys ()
DRV:64bit: - (HssDrv) -- C:\Windows\SysNative\DRIVERS\HssDrv.sys ()
DRV:64bit: - (taphss) -- C:\Windows\SysNative\DRIVERS\taphss.sys ()
DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\Drivers\TFsExDisk.sys ()
DRV:64bit: - (dgderdrv) -- C:\Windows\SysNative\drivers\dgderdrv.sys ()
DRV:64bit: - (ss_mdm) -- C:\Windows\SysNative\DRIVERS\ss_mdm.sys ()
DRV:64bit: - (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM) -- C:\Windows\SysNative\DRIVERS\ss_bus.sys ()
DRV:64bit: - (ss_mdfl) -- C:\Windows\SysNative\DRIVERS\ss_mdfl.sys ()
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys ()
DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\DRIVERS\RimSerial_AMD64.sys ()
DRV:64bit: - (igfx) -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys ()
DRV:64bit: - (SFEP) -- C:\Windows\SysNative\DRIVERS\SFEP.sys ()
DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\DRIVERS\rimssn64.sys ()
DRV:64bit: - (risdptsk) -- C:\Windows\SysNative\DRIVERS\risdsn64.sys ()
DRV:64bit: - (athr) -- C:\Windows\SysNative\DRIVERS\athrx.sys ()
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys ()
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\DRIVERS\wimfltr.sys ()
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys ()
DRV:64bit: - (RimUsb) -- C:\Windows\SysNative\Drivers\RimUsb_AMD64.sys ()
DRV:64bit: - (s0016mdm) -- C:\Windows\SysNative\DRIVERS\s0016mdm.sys ()
DRV:64bit: - (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) -- C:\Windows\SysNative\DRIVERS\s0016unic.sys ()
DRV:64bit: - (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) -- C:\Windows\SysNative\DRIVERS\s0016mgmt.sys ()
DRV:64bit: - (s0016obex) -- C:\Windows\SysNative\DRIVERS\s0016obex.sys ()
DRV:64bit: - (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) -- C:\Windows\SysNative\DRIVERS\s0016nd5.sys ()
DRV:64bit: - (s0016mdfl) -- C:\Windows\SysNative\DRIVERS\s0016mdfl.sys ()
DRV:64bit: - (s0016bus) Sony Ericsson Device 0016 driver (WDM) -- C:\Windows\SysNative\DRIVERS\s0016bus.sys ()
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\DRIVERS\iaStor.sys ()
DRV:64bit: - (yukonx64) -- C:\Windows\SysNative\DRIVERS\yk60x64.sys ()
DRV:64bit: - (XAudio) -- C:\Windows\SysNative\DRIVERS\xaudio64.sys ()
DRV:64bit: - (HSF_DPV) -- C:\Windows\SysNative\DRIVERS\CAX_DPV.sys ()
DRV:64bit: - (mdmxsdk) -- C:\Windows\SysNative\DRIVERS\mdmxsdk.sys ()
DRV:64bit: - (winachsf) -- C:\Windows\SysNative\DRIVERS\CAX_CNXT.sys ()
DRV:64bit: - (CAXHWAZL) -- C:\Windows\SysNative\DRIVERS\CAXHWAZL.sys ()
DRV:64bit: - (ArcSoftKsUFilter) -- C:\Windows\SysNative\DRIVERS\ArcSoftKsUFilter.sys ()
DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\Drivers\RootMdm.sys ()
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys ()
DRV:64bit: - (HSFHWAZL) -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS ()
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys ()
DRV:64bit: - (seehcri) -- C:\Windows\SysNative\DRIVERS\seehcri.sys ()
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()
DRV - (Normandy) -- C:\Windows\SysWow64\drivers\Normandy.sys ()
DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc)
DRV - (dgderdrv) -- C:\Windows\SysWOW64\drivers\dgderdrv.sys (Devguru Co., Ltd)
DRV - (DMICall) -- C:\Windows\SysWOW64\drivers\DMICall.sys (Sony Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2874463723-3708051865-952906006-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
IE - HKU\S-1-5-21-2874463723-3708051865-952906006-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT
IE - HKU\S-1-5-21-2874463723-3708051865-952906006-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2874463723-3708051865-952906006-1000\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2874463723-3708051865-952906006-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2874463723-3708051865-952906006-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local;*.local
IE - HKU\S-1-5-21-2874463723-3708051865-952906006-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.lums.edu.pk:80
========== FireFox ==========
FF - prefs.js..browser.search.defaultthis.engineName: "ooVoo Chat Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1572363&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT1572363&SearchSource=13"
FF - prefs.js..extensions.enabledItems: zotero@chnm.gmu.edu:2.0.9
FF - prefs.js..extensions.enabledItems: zoteroWinWordIntegration@zotero.org:3.0b1
FF - prefs.js..extensions.enabledItems: {6d677280-ddfe-11dc-95ff-0800200c9a66}:0.4
FF - prefs.js..extensions.enabledItems: {48e23fba-bb14-4745-b768-382150cd83fb}:1.0.1
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/04/27 20:53:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/04/27 20:53:19 | 000,000,000 | ---D | M]
[2010/02/18 20:54:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mohammad\AppData\Roaming\mozilla\Extensions
[2010/02/18 20:54:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mohammad\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2011/04/27 21:03:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mohammad\AppData\Roaming\mozilla\Firefox\Profiles\wzzo97kb.default\extensions
[2009/10/29 20:56:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mohammad\AppData\Roaming\mozilla\Firefox\Profiles\wzzo97kb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/30 20:33:53 | 000,000,000 | ---D | M] ("Metal3D") -- C:\Users\Mohammad\AppData\Roaming\mozilla\Firefox\Profiles\wzzo97kb.default\extensions\{48e23fba-bb14-4745-b768-382150cd83fb}
[2010/04/30 20:32:28 | 000,000,000 | ---D | M] (Orthodox) -- C:\Users\Mohammad\AppData\Roaming\mozilla\Firefox\Profiles\wzzo97kb.default\extensions\{6d677280-ddfe-11dc-95ff-0800200c9a66}
[2010/05/23 00:06:17 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Users\Mohammad\AppData\Roaming\mozilla\Firefox\Profiles\wzzo97kb.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2010/03/12 00:57:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mohammad\AppData\Roaming\mozilla\Firefox\Profiles\wzzo97kb.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2010/11/10 23:15:55 | 000,000,000 | ---D | M] (Zotero) -- C:\Users\Mohammad\AppData\Roaming\mozilla\Firefox\Profiles\wzzo97kb.default\extensions\zotero@chnm.gmu.edu
[2010/11/22 21:16:21 | 000,000,000 | ---D | M] (Zotero WinWord Integration) -- C:\Users\Mohammad\AppData\Roaming\mozilla\Firefox\Profiles\wzzo97kb.default\extensions\zoteroWinWordIntegration@zotero.org
[2009/10/06 18:07:30 | 000,000,882 | ---- | M] () -- C:\Users\Mohammad\AppData\Roaming\Mozilla\Firefox\Profiles\wzzo97kb.default\searchplugins\conduit.xml
[2011/04/13 14:33:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
O1 HOSTS File: ([2006/09/19 02:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll ()
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg64.dll (Google Inc.)
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll ()
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O3:64bit: - HKU\S-1-5-21-2874463723-3708051865-952906006-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-2874463723-3708051865-952906006-1000\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\tbVuze.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe ()
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [RegistrationReminder] C:\Program Files\Sony\First Experience\OOBEFcdRegistration.exe (Sony Electronics, Inc.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SmartWiHelper] C:\Program Files\Sony Corporation\SmartWi Connection Utility\SmartWiHelper.exe (Sony Electronics Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VAIORegistration] C:\Program Files\Sony\First Experience\WelcomeLauncher.exe (Sony Electronics, Inc.)
O4 - HKLM..\Run: [VAIOSurvey] C:\Program Files (x86)\Sony\VAIO Survey\VAIO Sat Survey.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2874463723-3708051865-952906006-1000..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\/\KiesTrayAgent.exe ()
O4 - Startup: C:\Users\Mohammad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Users\Mohammad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XPS2OneNote.lnk = C:\Users\Mohammad\AppData\Roaming\Microsoft\Installer\{6DD7A9DA-6732-47D2-8362-6A12BD0EA053}\_FBB2488C0F33C1DFE6AC1F.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2874463723-3708051865-952906006-1000\..Trusted Domains: intuit.com ([community] https in Trusted sites)
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} http://esupport.sony.com/VaioInfo.CAB (VaioInfo.CMClass)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} http://mobileapps.blackberry.com/devicesoftware/AxLoader.cab (RIM AxLoader)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: CabBuilder http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\qbwc {FC598A64-626C-4447-85B8-53150405FD57} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll ()
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Garden.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Garden.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{807975c6-d75c-11de-9ae1-001dbaf06e9b}\Shell - "" = AutoRun
O33 - MountPoints2\{807975c6-d75c-11de-9ae1-001dbaf06e9b}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/04/27 18:44:22 | 000,000,000 | ---D | C] -- C:\Users\Mohammad\Desktop\mrs khalid
[2011/04/19 00:11:12 | 000,000,000 | ---D | C] -- C:\Users\Mohammad\.Get Organized
[2011/04/15 00:04:01 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Mohammad\Desktop\OTL.exe
[2011/04/14 01:28:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011/04/13 23:59:34 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Mohammad\Desktop\esetsmartinstaller_enu.exe
[2011/04/13 22:54:40 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Users\Mohammad\Desktop\ATF-Cleaner.exe
[2011/04/11 13:27:35 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/04/11 13:26:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/04/11 13:26:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2011/04/11 12:50:42 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/04/11 12:50:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/10 14:22:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011/04/10 14:21:08 | 000,040,648 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011/04/10 14:20:43 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/04/10 14:19:43 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/04/02 03:39:33 | 000,000,000 | ---D | C] -- C:\Users\Mohammad\AppData\Roaming\.Get Organized
[2011/04/02 03:39:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Get Organized
[2011/04/02 03:39:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Get Organized
[1 C:\Users\Mohammad\Documents\*.tmp files -> C:\Users\Mohammad\Documents\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/04/27 22:51:04 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/27 21:55:36 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/27 21:55:36 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/27 21:51:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/27 19:57:05 | 000,002,619 | ---- | M] () -- C:\Users\Mohammad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XPS2OneNote.lnk
[2011/04/27 19:55:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/27 19:55:30 | 3081,801,728 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/27 18:47:01 | 000,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/04/27 18:47:01 | 000,595,684 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/04/27 18:47:01 | 000,101,350 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/04/24 19:34:04 | 000,004,162 | ---- | M] () -- C:\Users\Mohammad\Get Organized Backup.gbak
[2011/04/19 00:11:07 | 000,001,782 | ---- | M] () -- C:\Users\Public\Desktop\Get Organized.lnk
[2011/04/17 02:20:35 | 000,034,560 | ---- | M] () -- C:\Windows\SysWow64\drivers\Normandy.sys
[2011/04/15 00:04:07 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Mohammad\Desktop\OTL.exe
[2011/04/14 23:59:02 | 000,124,980 | ---- | M] () -- C:\Users\Mohammad\Desktop\RKUnhookerLE.zip
[2011/04/14 23:57:18 | 000,133,632 | ---- | M] () -- C:\Users\Mohammad\Desktop\RKUnhookerLE.EXE
[2011/04/14 12:49:08 | 000,453,632 | ---- | M] () -- C:\Users\Mohammad\Desktop\CKScanner.exe
[2011/04/14 00:00:20 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Mohammad\Desktop\esetsmartinstaller_enu.exe
[2011/04/13 22:54:41 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Users\Mohammad\Desktop\ATF-Cleaner.exe
[2011/04/11 21:10:13 | 000,002,422 | ---- | M] () -- C:\Users\Mohammad\Desktop\Attach.zip
[2011/04/11 13:27:05 | 000,000,943 | ---- | M] () -- C:\Users\Mohammad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/04/11 13:26:47 | 000,000,744 | ---- | M] () -- C:\Users\Mohammad\Desktop\ERUNT.lnk
[2011/04/11 12:50:42 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/10 15:25:08 | 014,022,085 | ---- | M] () -- C:\Users\Mohammad\Documents\LoaderBackup-(2011-04-10).ipd
[2011/04/10 14:22:14 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/04/10 14:22:11 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/04/03 18:00:17 | 000,003,597 | ---- | M] () -- C:\Users\Mohammad\Documents\Get Organized Backup.gbak
[1 C:\Users\Mohammad\Documents\*.tmp files -> C:\Users\Mohammad\Documents\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/04/14 23:58:58 | 000,124,980 | ---- | C] () -- C:\Users\Mohammad\Desktop\RKUnhookerLE.zip
[2011/04/14 23:58:18 | 000,034,560 | ---- | C] () -- C:\Windows\SysWow64\drivers\Normandy.sys
[2011/04/14 23:57:13 | 000,133,632 | ---- | C] () -- C:\Users\Mohammad\Desktop\RKUnhookerLE.EXE
[2011/04/14 12:49:05 | 000,453,632 | ---- | C] () -- C:\Users\Mohammad\Desktop\CKScanner.exe
[2011/04/11 21:10:13 | 000,002,422 | ---- | C] () -- C:\Users\Mohammad\Desktop\Attach.zip
[2011/04/11 13:27:05 | 000,000,943 | ---- | C] () -- C:\Users\Mohammad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/04/11 13:26:47 | 000,000,744 | ---- | C] () -- C:\Users\Mohammad\Desktop\ERUNT.lnk
[2011/04/11 12:50:42 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/10 15:25:08 | 014,022,085 | ---- | C] () -- C:\Users\Mohammad\Documents\LoaderBackup-(2011-04-10).ipd
[2011/04/10 14:22:14 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/04/10 14:22:12 | 000,505,176 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011/04/10 14:22:11 | 000,238,968 | ---- | C] () -- C:\Windows\SysNative\aswBoot.exe
[2011/04/05 04:06:32 | 000,004,162 | ---- | C] () -- C:\Users\Mohammad\Get Organized Backup.gbak
[2011/04/03 18:00:17 | 000,003,597 | ---- | C] () -- C:\Users\Mohammad\Documents\Get Organized Backup.gbak
[2011/04/02 03:39:14 | 000,001,782 | ---- | C] () -- C:\Users\Public\Desktop\Get Organized.lnk
[2010/11/12 18:59:25 | 000,000,236 | ---- | C] () -- C:\Users\Mohammad\AppData\Roaming\wklnhst.dat
[2010/01/19 21:03:09 | 000,000,256 | ---- | C] () -- C:\Windows\SysWow64\pool.bin
[2010/01/01 19:28:07 | 000,000,680 | ---- | C] () -- C:\Users\Mohammad\AppData\Local\d3d9caps.dat
[2009/11/09 07:08:10 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2009/11/09 07:08:10 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2009/11/09 07:08:10 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2009/11/09 07:08:10 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2009/10/20 22:21:52 | 000,157,629 | ---- | C] () -- C:\Windows\hpoins27.dat
[2009/10/16 23:31:43 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/10/12 10:16:29 | 000,097,792 | ---- | C] () -- C:\Users\Mohammad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/08 15:22:22 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2009/06/08 14:34:06 | 000,000,095 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2009/04/10 08:00:57 | 002,192,024 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009/04/10 08:00:56 | 000,147,172 | ---- | C] () -- C:\Windows\SysWow64\igfcg550.bin
[2009/04/10 08:00:54 | 000,492,496 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/04/10 07:32:10 | 000,106,605 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009/04/10 07:32:10 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008/01/21 07:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/21 07:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008/01/18 20:56:22 | 000,000,932 | ---- | C] () -- C:\Windows\hpomdl27.dat
[2006/11/02 20:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 17:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 17:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 17:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 14:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
========== LOP Check ==========
[2011/04/19 00:11:14 | 000,000,000 | ---D | M] -- C:\Users\Mohammad\AppData\Roaming\.Get Organized
[2010/02/15 21:59:05 | 000,000,000 | ---D | M] -- C:\Users\Mohammad\AppData\Roaming\Auslogics
[2010/12/22 20:45:47 | 000,000,000 | ---D | M] -- C:\Users\Mohammad\AppData\Roaming\Azureus
[2010/08/27 18:30:16 | 000,000,000 | ---D | M] -- C:\Users\Mohammad\AppData\Roaming\Barnes & Noble
[2010/02/15 23:17:08 | 000,000,000 | ---D | M] -- C:\Users\Mohammad\AppData\Roaming\Blackberry Desktop
[2010/06/05 19:55:38 | 000,000,000 | ---D | M] -- C:\Users\Mohammad\AppData\Roaming\GameRanger
[2010/02/18 20:53:54 | 000,000,000 | ---D | M] -- C:\Users\Mohammad\AppData\Roaming\InterVideo
[2010/11/06 13:06:45 | 000,000,000 | ---D | M] -- C:\Users\Mohammad\AppData\Roaming\LimeWire
[2009/11/21 23:01:32 | 000,000,000 | ---D | M] -- C:\Users\Mohammad\AppData\Roaming\Moyea
[2009/12/22 15:34:34 | 000,000,000 | ---D | M] -- C:\Users\Mohammad\AppData\Roaming\ooVoo Details
[2010/05/16 01:07:00 | 000,000,000 | ---D | M] -- C:\Users\Mohammad\AppData\Roaming\Orangeline Interactive
[2010/11/06 20:32:44 | 000,000,000 | ---D | M] -- C:\Users\Mohammad\AppData\Roaming\PC Suite
[2010/01/19 23:08:04 | 000,000,000 | ---D | M] -- C:\Users\Mohammad\AppData\Roaming\Research In Motion
[2010/11/06 20:14:25 | 000,000,000 | ---D | M] -- C:\Users\Mohammad\AppData\Roaming\Samsung
[2010/11/12 18:59:28 | 000,000,000 | ---D | M] -- C:\Users\Mohammad\AppData\Roaming\Template
[2011/03/13 23:29:52 | 000,000,000 | ---D | M] -- C:\Users\Mohammad\AppData\Roaming\uTorrent
[2011/04/27 19:21:37 | 000,032,650 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
http://www.lums.edu.pk/
Does this computer belong to the university ? Your using a proxy server for the university
swordstone
2011-04-27, 23:45
Nope it's my personal computer. But I logged into the university network today.
Log looks ok, how are things running now ?
swordstone
2011-04-28, 00:16
I haven't been getting that error message since the last few days.. so I'd say they're good
Doing a windows update may fix that, if not post here for windows problems and I am sure they can help you. From what I have been reading you may have a few corrupted files
http://forums.whatthetech.com/index.php?showforum=119
Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups
How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/So_how_did_I_get_infected_in_the_first_place_t57817.html)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)
Safe Surfn
Ken
swordstone
2011-04-29, 01:01
Thanks a lot Ken!
But OTL didn't remove ERUNT, ESET and ATF cleaner... do I remove them manually? I rebooted my computer and ERUNT was still trying to create registry backups
Sabreena
You can just drag ERUNT to the trash and as far as ESET, it may be in Add Remove Programs. Malwarebytes is the free version and yours to keep as is ATF Cleaner, I run ATF on all my systems about once a week to get rid of all the garbage
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.