Lavasoft Support Forums > jim787's own topic Missing mfc70u.dll

Full Version: jim787's own topic Missing mfc70u.dll

Lavasoft Support Forums > Archived Topics > Archives: Resolved/Inactive Topics > Resolved/Inactive False Postive Issues

jim787

Jul 21 2009, 07:44 AM

I have the same problem. Running Windows XT SP3, after running AdAware AE, Windows reports MFC7OU.DLL as missing.
My laptop battery is no longer recognized by Windows. Sony Vaio (I use VGN-C150P) advice has been ineffective, although I identified the problem as AdAware-related. Their utilities installer is not recognized by Windows. They recommend using System Restore, but that is not functioning either; is this also AAware-related?

LS Pekka

Jul 21 2009, 11:40 AM

QUOTE(jim787 @ Jul 21 2009, 08:44 AM)

Hi jim787!

SPMgr.exe, located in "%programfiles%\Sony\VAIO Power Management\", provides additional configuration options for Sony Vaio laptops. SPMgr.exe is probably loaded on system startup, see Registry key: "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run". This makes the error, that is caused by the deleted file MFC7OU.DLL, pop up at each restart.

Reinstalling the "VAIO Power Management" from your Sony install CD may fix the issue and reinstall the deleted shared library file.

-----------------------------

Was the file (MFC7OU.DLL) also deleted from the system restore?

If not, the System Restore feature can be launched at a command prompt while in Safe Mode (if you choose to do so) according to the info below:

1. Boot in to Safe Mode. (Restart and press F8 When the message "Please select the operating system to start" appears and select the option "Safe Mode with Command Prompt", then press Enter).
2. Log on to the computer with the account that has administration privileges.
3. Enter the following command: %systemroot%\system32\restore\rstrui.exe (press enter)
4. Follow the instructions to restore your computer to an earlier state.
5. Reboot the machine into normal mode

-----------------------------

Here are some more info that might be helpful in order to locate downloadable files for Sony Vaio VGN-C150P:

The list of downloadable files for Sony Vaio VGN-C150P are made available by Sony at,
ht tp://esupport.sony.com/US/perl/swu-list.pl?mdl=VGNC150P&LOC=3
Look under "Notebook Control and Utilities" and "Original - Sony® Notebook Utilities" for a "utility that installs the originally shipped version of the following Sony Notebook Utilities".
Also, look under, "System Components" for "Original - Sony Shared Library for Microsoft Windows XP"

Regards,

LS Pekka

Lavasoft Malware Labs

jim787

Jul 22 2009, 03:41 AM

QUOTE(LS Pekka @ Jul 21 2009, 11:40 AM)

Hi jim787!

Reinstalling the "VAIO Power Management" from your Sony install CD may fix the issue and reinstall the deleted shared library file.

THERE IS NO INSTALLATION CD.

-----------------------------

Was the file (MFC7OU.DLL) also deleted from the system restore?

If not, the System Restore feature can be launched at a command prompt while in Safe Mode (if you choose to do so) according to the info below:

SYSTEM RESTORE IS NOT WORKING TO RETURN TO A PREVIOUS MONTH. (I ACCESSED RESTORE FROM SAFE MODE.) IS THIS PROBLEM ALSO RELATED TO AD-AWARE?

-----------------------------

Here are some more info that might be helpful in order to locate downloadable files for Sony Vaio VGN-C150P:

The list of downloadable files for Sony Vaio VGN-C150P are made available by Sony at,
ht tp://esupport.sony.com/US/perl/swu-list.pl?mdl=VGNC150P&LOC=3
Look under "Notebook Control and Utilities" and "Original - Sony® Notebook Utilities" for a "utility that installs the originally shipped version of the following Sony Notebook Utilities".
Also, look under, "System Components" for "Original - Sony Shared Library for Microsoft Windows XP"

I TRIED THIS. SOOOTH-37100000-US.EXE IS NOT RECOGNIZED BY WINDOWS AS A W32 PROGRAM.

HOW ABOUT THIS PROCEDURE POSTED BY CALAMITY JANE?--
http://www.lavasoftsupport.com/index.php?showtopic=26421

Regards,

LS Pekka

Lavasoft Malware Labs

LS Pekka

Jul 22 2009, 07:23 AM

Hi jim787!

Then please go to the thread mentioned,
http://www.lavasoftsupport.com/index.php?showtopic=26421,
and follow the instructions and post the Ad-Aware logfile in that thread.

Regards,

LS Pekka

Lavasoft Malware Labs

jim787

Jul 23 2009, 03:12 AM

Statistics

Shows statistics about the objects detected in previous scans.

Choose “Statistics” from the “Display” drop-down menu.

You can choose to display the total or specific time statistics.

Once selected, the “Scan Statistics” table will refresh.

The Scan log file is a detailed information log about the scan. It contains valuable information when troubleshooting errors.

Click "Export Scan Report" to open the scan log file as a text file, which you can save to your system.

Note: The Scan log file will open for the specific screen selected in the drop-down menu.

To reset statistics click the "Reset Statistics" button. This will clear the statistics starting from the moment you click this button.

--------------------------------------------------------------------------------

© 2009 Lavasoft AB

QUOTE(LS Pekka @ Jul 22 2009, 07:23 AM)

THE EXPORT LINK DOES NOT WORK WITH "TOTAL STATISTICS"--ONLY WITH INDIVIDUAL DATES: HERE ARE THE FILES INDIVIDUALLY. THE FALSE POSITIVE IS PROBABLY IN THE MOST RECENT (JULY 13, JULY 20) SCANS.

Logfile created: 6/16/2009 11:27:22
Lavasoft Ad-Aware version: 8.0.5
Extended engine version: 8.1
User performing scan: Professor

*********************** Definitions database information ***********************
Lavasoft definition file: 148.46
Extended engine definition file: 8.1

******************************** Scan results: *********************************
Scan profile name: Smart Scan (ID: smart)
Objects scanned: 72289
Objects detected: 9

Type Detected
==========================
Processes.......: 0
Registry entries: 0
Hostfile entries: 0
Files...........: 0
Folders.........: 0
LSPs............: 0
Cookies.........: 9
Browser hijacks.: 0
MRU objects.....: 0

Skipped items:
Description: *.lycos* Family Name: Cookies Clean status: Success Item ID: 408930 Family ID: 0

Removed items:
Description: *questionmarket* Family Name: Cookies Clean status: Success Item ID: 408819 Family ID: 0
Description: *real* Family Name: Cookies Clean status: Success Item ID: 408817 Family ID: 0
Description: *specificclick* Family Name: Cookies Clean status: Success Item ID: 408807 Family ID: 0
Description: *2o7* Family Name: Cookies Clean status: Success Item ID: 408943 Family ID: 0
Description: *questionmarket* Family Name: Cookies Clean status: Success Item ID: 408819 Family ID: 0
Description: *pointroll* Family Name: Cookies Clean status: Failed Item ID: 408826 Family ID: 0
Description: *ads.pointroll* Family Name: Cookies Clean status: Failed Item ID: 408927 Family ID: 0
Description: *doubleclick* Family Name: Cookies Clean status: Success Item ID: 408875 Family ID: 0

Scan and cleaning complete: Finished correctly after 518 seconds

*********************************** Settings ***********************************

Scan profile:
ID: smart, enabled:1, value: Smart Scan
ID: scancriticalareas, enabled:1, value: true
ID: scanrunningapps, enabled:1, value: true
ID: scanregistry, enabled:1, value: true
ID: scanlsp, enabled:1, value: true
ID: scanads, enabled:1, value: false
ID: scanhostsfile, enabled:1, value: false
ID: scanmru, enabled:1, value: false
ID: scanbrowserhijacks, enabled:1, value: true
ID: scantrackingcookies, enabled:1, value: true
ID: closebrowsers, enabled:1, value: false
ID: folderstoscan, enabled:1, value:
ID: scanrootkits, enabled:1, value: true
ID: usespywareheuristics, enabled:1, value: true
ID: extendedengine, enabled:0, value: true
ID: useheuristics, enabled:0, value: true
ID: heuristicslevel, enabled:0, value: mild, domain: medium,mild,strict
ID: filescanningoptions, enabled:1
ID: archives, enabled:1, value: false
ID: onlyexecutables, enabled:1, value: true
ID: skiplargerthan, enabled:1, value: 20480

Scan global:
ID: global, enabled:1
ID: addtocontextmenu, enabled:1, value: true
ID: playsoundoninfection, enabled:1, value: false
ID: soundfile, enabled:0, value: *to be filled in automatically*\alert.wav

Scheduled scan settings:
<Empty>

Update settings:
ID: updates, enabled:1
ID: launchthreatworksafterscan, enabled:1, value: normal, domain: normal,off,silently
ID: displaystatus, enabled:1, value: false
ID: deffiles, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: autodetectproxy, enabled:1, value: false
ID: useautoconfigscript, enabled:1, value: false
ID: autoconfigurl, enabled:0, value:
ID: useproxy, enabled:1, value: false
ID: proxyserver, enabled:0, value:
ID: softwareupdates, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: schedules, enabled:1, value: true
ID: updatedaily, enabled:1, value: Daily
ID: time, enabled:1, value: Wed Jun 03 00:28:00 2009
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updateweekly, enabled:1, value: Weekly
ID: time, enabled:1, value: Wed Jun 03 00:28:00 2009
ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: true
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: true
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false

Appearance settings:
ID: appearance, enabled:1
ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource
ID: showtrayicon, enabled:1, value: true
ID: language, enabled:1, value: en, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language

Realtime protection settings:
ID: realtime, enabled:1
ID: processprotection, enabled:1, value: true
ID: registryprotection, enabled:0, value: false
ID: networkprotection, enabled:0, value: false
ID: loadatstartup, enabled:1, value: true
ID: usespywareheuristics, enabled:0, value: true
ID: extendedengine, enabled:0, value: false
ID: useheuristics, enabled:0, value: false
ID: heuristicslevel, enabled:0, value: mild, domain: medium,mild,strict
ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant

****************************** System information ******************************
Computer name: DUMA
Processor name: Intel® Core™2 CPU T5500 @ 1.66GHz
Processor identifier: x86 Family 6 Model 15 Stepping 6
Raw info: processorarchitecture 0, processortype 586, processorlevel 6, processor revision 3846, number of processors 2
Physical memory available: 1071857664 bytes
Physical memory total: 2137108480 bytes
Virtual memory available: 2023763968 bytes
Virtual memory total: 2147352576 bytes
Memory load: 49%
Microsoft Windows XP Professional Service Pack 3 (build 2600)
Windows startup mode:

Running processes:
PID: 1008 name: \SystemRoot\System32\smss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1092 name: \??\C:\WINDOWS\system32\csrss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1120 name: \??\C:\WINDOWS\system32\winlogon.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1164 name: C:\WINDOWS\system32\services.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1176 name: C:\WINDOWS\system32\lsass.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1344 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1412 name: C:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 1452 name: C:\Program Files\Windows Defender\MsMpEng.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1492 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1608 name: C:\Program Files\Intel\Wireless\Bin\EvtEng.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1816 name: C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2016 name: C:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 2044 name: C:\WINDOWS\system32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 188 name: C:\WINDOWS\system32\ZoneLabs\vsmon.exe owner: <UNKNOWN> domain: <UNKNOWN>
PID: 1048 name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1180 name: C:\WINDOWS\system32\spoolsv.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1844 name: C:\WINDOWS\system32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 1884 name: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1968 name: C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1984 name: C:\Program Files\Bonjour\mDNSResponder.exe owner: SYSTEM domain: NT AUTHORITY
PID: 260 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 448 name: C:\Program Files\Java\jre6\bin\jqs.exe owner: SYSTEM domain: NT AUTHORITY
PID: 516 name: C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 628 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 692 name: C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 716 name: C:\PROGRA~1\AVG\AVG8\avgrsx.exe owner: SYSTEM domain: NT AUTHORITY
PID: 736 name: C:\Program Files\Sony\VAIO Event Service\VESMgr.exe owner: SYSTEM domain: NT AUTHORITY
PID: 788 name: C:\PROGRA~1\AVG\AVG8\avgnsx.exe owner: SYSTEM domain: NT AUTHORITY
PID: 924 name: C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1964 name: C:\Program Files\Windows Media Player\WMPNetwk.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 2212 name: C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2248 name: C:\PROGRA~1\AVG\AVG8\avgemc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2396 name: C:\WINDOWS\system32\igfxext.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2404 name: C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2436 name: C:\WINDOWS\system32\igfxsrvc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2552 name: C:\Program Files\AVG\AVG8\avgcsrvx.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2736 name: C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3104 name: C:\WINDOWS\system32\wbem\unsecapp.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3148 name: C:\WINDOWS\System32\alg.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 3392 name: C:\WINDOWS\system32\wbem\wmiprvse.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3928 name: C:\WINDOWS\Explorer.EXE owner: Professor domain: DUMA
PID: 3748 name: C:\WINDOWS\system32\hkcmd.exe owner: Professor domain: DUMA
PID: 4072 name: C:\WINDOWS\system32\igfxpers.exe owner: Professor domain: DUMA
PID: 3096 name: C:\Program Files\Sony\ISB Utility\ISBMgr.exe owner: Professor domain: DUMA
PID: 3488 name: C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe owner: Professor domain: DUMA
PID: 3576 name: C:\Program Files\Sony\VAIO Power Management\SPMgr.exe owner: Professor domain: DUMA
PID: 2288 name: C:\Program Files\Google\Gmail Notifier\gnotify.exe owner: Professor domain: DUMA
PID: 2784 name: C:\WINDOWS\VM305_STI.EXE owner: Professor domain: DUMA
PID: 1232 name: C:\PROGRA~1\AVG\AVG8\avgtray.exe owner: Professor domain: DUMA
PID: 3460 name: C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe owner: <UNKNOWN> domain: <UNKNOWN>
PID: 3924 name: C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe owner: Professor domain: DUMA
PID: 1748 name: C:\Program Files\Windows Defender\MSASCui.exe owner: Professor domain: DUMA
PID: 2920 name: C:\Program Files\iTunes\iTunesHelper.exe owner: Professor domain: DUMA
PID: 332 name: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe owner: Professor domain: DUMA
PID: 3816 name: C:\Program Files\Java\jre6\bin\jusched.exe owner: Professor domain: DUMA
PID: 1464 name: C:\WINDOWS\system32\ctfmon.exe owner: Professor domain: DUMA
PID: 2180 name: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe owner: Professor domain: DUMA
PID: 2472 name: C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe owner: Professor domain: DUMA
PID: 2548 name: C:\Program Files\Digital Camera\DRIVERM.exe owner: Professor domain: DUMA
PID: 1916 name: C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe owner: Professor domain: DUMA
PID: 1320 name: C:\Program Files\iPod\bin\iPodService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1448 name: C:\Program Files\Mozilla Firefox\firefox.exe owner: Professor domain: DUMA
PID: 3840 name: \??\C:\WINDOWS\system32\csrss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3876 name: \??\C:\WINDOWS\system32\winlogon.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3760 name: C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2352 name: C:\WINDOWS\Explorer.EXE owner: Admin2 domain: DUMA
PID: 4240 name: C:\WINDOWS\system32\hkcmd.exe owner: Admin2 domain: DUMA
PID: 4248 name: C:\WINDOWS\system32\igfxpers.exe owner: Admin2 domain: DUMA
PID: 4320 name: C:\Program Files\Sony\ISB Utility\ISBMgr.exe owner: Admin2 domain: DUMA
PID: 4328 name: C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe owner: Admin2 domain: DUMA
PID: 4336 name: C:\Program Files\Sony\VAIO Power Management\SPMgr.exe owner: Admin2 domain: DUMA
PID: 4352 name: C:\Program Files\Google\Gmail Notifier\gnotify.exe owner: Admin2 domain: DUMA
PID: 4368 name: C:\WINDOWS\VM305_STI.EXE owner: Admin2 domain: DUMA
PID: 4380 name: C:\PROGRA~1\AVG\AVG8\avgtray.exe owner: Admin2 domain: DUMA
PID: 4504 name: C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe owner: <UNKNOWN> domain: <UNKNOWN>
PID: 4628 name: C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe owner: Admin2 domain: DUMA
PID: 4640 name: C:\WINDOWS\system32\igfxext.exe owner: SYSTEM domain: NT AUTHORITY
PID: 4648 name: C:\Program Files\Windows Defender\MSASCui.exe owner: Admin2 domain: DUMA
PID: 4664 name: C:\Program Files\QuickTime\QTTask.exe owner: Admin2 domain: DUMA
PID: 4688 name: C:\Program Files\iTunes\iTunesHelper.exe owner: Admin2 domain: DUMA
PID: 4696 name: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe owner: Admin2 domain: DUMA
PID: 4704 name: C:\Program Files\Java\jre6\bin\jusched.exe owner: Admin2 domain: DUMA
PID: 4752 name: C:\WINDOWS\system32\igfxsrvc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 4820 name: C:\WINDOWS\system32\ctfmon.exe owner: Admin2 domain: DUMA
PID: 5600 name: C:\Program Files\Digital Camera\DRIVERM.exe owner: Admin2 domain: DUMA
PID: 5328 name: C:\Program Files\Mozilla Firefox\firefox.exe owner: Admin2 domain: DUMA
PID: 4152 name: C:\WINDOWS\system32\igfxsrvc.exe owner: Professor domain: DUMA
PID: 6136 name: C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe owner: Professor domain: DUMA
PID: 3384 name: C:\WINDOWS\system32\wbem\wmiprvse.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 1856 name: C:\Program Files\Common Files\Real\Update_OB\realsched.exe owner: Professor domain: DUMA
PID: 3092 name: C:\WINDOWS\system32\igfxsrvc.exe owner: Admin2 domain: DUMA
PID: 5836 name: C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe owner: Professor domain: DUMA
PID: 4984 name: C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe owner: Professor domain: DUMA
PID: 5948 name: C:\WINDOWS\system32\wuauclt.exe owner: SYSTEM domain: NT AUTHORITY
PID: 5512 name: C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe owner: Professor domain: DUMA

Startup items:
Name: PostBootReminder
imagepath: {7849596a-48ea-486e-8937-a2a3009f31a9}
Name: CDBurn
imagepath: {fbeb8a05-beee-4442-804e-409d6c4515e9}
Name: WebCheck
imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
Name: SysTray
imagepath: {35CEC8A3-2BE6-11D2-8773-92E220524153}
Name: WPDShServiceObj
imagepath: {AAA288BA-9A4C-45B0-95D7-94D524869DB5}
Name: {438755C2-A8BA-11D1-B96B-00A0C90312E1}
imagepath: Browseui preloader
Name: {8C7461EF-2B13-11d2-BE35-3078302C2030}
imagepath: Component Categories cache daemon
Name: igfxhkcmd
imagepath: C:\WINDOWS\system32\hkcmd.exe
Name: igfxpers
imagepath: C:\WINDOWS\system32\igfxpers.exe
Name: SkyTel
imagepath: SkyTel.EXE
Name: Alcmtr
imagepath: ALCMTR.EXE
Name: AzMixerSel
imagepath: C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
Name: VAIO Recovery
imagepath: C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
Name: ISBMgr.exe
imagepath: C:\Program Files\Sony\ISB Utility\ISBMgr.exe
Name: VAIO Update 2
imagepath: "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
Name: SonyPowerCfg
imagepath: "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"
Name: {0228e555-4f9c-4e35-a3ec-b109a192b4c2}
imagepath: C:\Program Files\Google\Gmail Notifier\gnotify.exe
Name: BigDogPath
imagepath: C:\WINDOWS\VM_STI.EXE ZSMC USB PC Camera
Name: BigDog305
imagepath: C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
Logfile created: 6/17/2009 13:2:24
Lavasoft Ad-Aware version: 8.0.5
Extended engine version: 8.1
User performing scan: Professor

*********************** Definitions database information ***********************
Lavasoft definition file: 148.46
Extended engine definition file: 8.1

******************************** Scan results: *********************************
Scan profile name: Smart Scan (ID: smart)
Objects scanned: 71054
Objects detected: 1

Type Detected
==========================
Processes.......: 0
Registry entries: 0
Hostfile entries: 0
Files...........: 0
Folders.........: 0
LSPs............: 0
Cookies.........: 1
Browser hijacks.: 0
MRU objects.....: 0

Removed items:
Description: *real* Family Name: Cookies Clean status: Success Item ID: 408817 Family ID: 0

Scan and cleaning complete: Finished correctly after 502 seconds

*********************************** Settings ***********************************

Scan profile:
ID: smart, enabled:1, value: Smart Scan
ID: scancriticalareas, enabled:1, value: true
ID: scanrunningapps, enabled:1, value: true
ID: scanregistry, enabled:1, value: true
ID: scanlsp, enabled:1, value: true
ID: scanads, enabled:1, value: false
ID: scanhostsfile, enabled:1, value: false
ID: scanmru, enabled:1, value: false
ID: scanbrowserhijacks, enabled:1, value: true
ID: scantrackingcookies, enabled:1, value: true
ID: closebrowsers, enabled:1, value: false
ID: folderstoscan, enabled:1, value:
ID: scanrootkits, enabled:1, value: true
ID: usespywareheuristics, enabled:1, value: true
ID: extendedengine, enabled:0, value: true
ID: useheuristics, enabled:0, value: true
ID: heuristicslevel, enabled:0, value: mild, domain: medium,mild,strict
ID: filescanningoptions, enabled:1
ID: archives, enabled:1, value: false
ID: onlyexecutables, enabled:1, value: true
ID: skiplargerthan, enabled:1, value: 20480

Scan global:
ID: global, enabled:1
ID: addtocontextmenu, enabled:1, value: true
ID: playsoundoninfection, enabled:1, value: false
ID: soundfile, enabled:0, value: *to be filled in automatically*\alert.wav

Scheduled scan settings:
<Empty>

Update settings:
ID: updates, enabled:1
ID: launchthreatworksafterscan, enabled:1, value: normal, domain: normal,off,silently
ID: displaystatus, enabled:1, value: false
ID: deffiles, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: autodetectproxy, enabled:1, value: false
ID: useautoconfigscript, enabled:1, value: false
ID: autoconfigurl, enabled:0, value:
ID: useproxy, enabled:1, value: false
ID: proxyserver, enabled:0, value:
ID: softwareupdates, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: schedules, enabled:1, value: true
ID: updatedaily, enabled:1, value: Daily
ID: time, enabled:1, value: Wed Jun 03 00:28:00 2009
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updateweekly, enabled:1, value: Weekly
ID: time, enabled:1, value: Wed Jun 03 00:28:00 2009
ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: true
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: true
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false

Appearance settings:
ID: appearance, enabled:1
ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource
ID: showtrayicon, enabled:1, value: true
ID: language, enabled:1, value: en, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language

Realtime protection settings:
ID: realtime, enabled:1
ID: processprotection, enabled:1, value: true
ID: registryprotection, enabled:0, value: false
ID: networkprotection, enabled:0, value: false
ID: loadatstartup, enabled:1, value: true
ID: usespywareheuristics, enabled:0, value: true
ID: extendedengine, enabled:0, value: false
ID: useheuristics, enabled:0, value: false
ID: heuristicslevel, enabled:0, value: mild, domain: medium,mild,strict
ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant

****************************** System information ******************************
Computer name: DUMA
Processor name: Intel® Core™2 CPU T5500 @ 1.66GHz
Processor identifier: x86 Family 6 Model 15 Stepping 6
Raw info: processorarchitecture 0, processortype 586, processorlevel 6, processor revision 3846, number of processors 2
Physical memory available: 870920192 bytes
Physical memory total: 2137108480 bytes
Virtual memory available: 2000498688 bytes
Virtual memory total: 2147352576 bytes
Memory load: 59%
Microsoft Windows XP Professional Service Pack 3 (build 2600)
Windows startup mode:

Running processes:
PID: 1008 name: \SystemRoot\System32\smss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1092 name: \??\C:\WINDOWS\system32\csrss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1120 name: \??\C:\WINDOWS\system32\winlogon.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1164 name: C:\WINDOWS\system32\services.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1176 name: C:\WINDOWS\system32\lsass.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1344 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1412 name: C:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 1452 name: C:\Program Files\Windows Defender\MsMpEng.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1492 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1608 name: C:\Program Files\Intel\Wireless\Bin\EvtEng.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1816 name: C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2016 name: C:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 2044 name: C:\WINDOWS\system32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 188 name: C:\WINDOWS\system32\ZoneLabs\vsmon.exe owner: <UNKNOWN> domain: <UNKNOWN>
PID: 1048 name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1180 name: C:\WINDOWS\system32\spoolsv.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1844 name: C:\WINDOWS\system32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 1884 name: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1968 name: C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1984 name: C:\Program Files\Bonjour\mDNSResponder.exe owner: SYSTEM domain: NT AUTHORITY
PID: 260 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 448 name: C:\Program Files\Java\jre6\bin\jqs.exe owner: SYSTEM domain: NT AUTHORITY
PID: 516 name: C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 628 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 692 name: C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 716 name: C:\PROGRA~1\AVG\AVG8\avgrsx.exe owner: SYSTEM domain: NT AUTHORITY
PID: 736 name: C:\Program Files\Sony\VAIO Event Service\VESMgr.exe owner: SYSTEM domain: NT AUTHORITY
PID: 788 name: C:\PROGRA~1\AVG\AVG8\avgnsx.exe owner: SYSTEM domain: NT AUTHORITY
PID: 924 name: C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1964 name: C:\Program Files\Windows Media Player\WMPNetwk.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 2212 name: C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2248 name: C:\PROGRA~1\AVG\AVG8\avgemc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2396 name: C:\WINDOWS\system32\igfxext.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2404 name: C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2436 name: C:\WINDOWS\system32\igfxsrvc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2552 name: C:\Program Files\AVG\AVG8\avgcsrvx.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2736 name: C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3104 name: C:\WINDOWS\system32\wbem\unsecapp.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3148 name: C:\WINDOWS\System32\alg.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 3392 name: C:\WINDOWS\system32\wbem\wmiprvse.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3928 name: C:\WINDOWS\Explorer.EXE owner: Professor domain: DUMA
PID: 3748 name: C:\WINDOWS\system32\hkcmd.exe owner: Professor domain: DUMA
PID: 4072 name: C:\WINDOWS\system32\igfxpers.exe owner: Professor domain: DUMA
PID: 3096 name: C:\Program Files\Sony\ISB Utility\ISBMgr.exe owner: Professor domain: DUMA
PID: 3488 name: C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe owner: Professor domain: DUMA
PID: 3576 name: C:\Program Files\Sony\VAIO Power Management\SPMgr.exe owner: Professor domain: DUMA
PID: 2288 name: C:\Program Files\Google\Gmail Notifier\gnotify.exe owner: Professor domain: DUMA
PID: 2784 name: C:\WINDOWS\VM305_STI.EXE owner: Professor domain: DUMA
PID: 1232 name: C:\PROGRA~1\AVG\AVG8\avgtray.exe owner: Professor domain: DUMA
PID: 3460 name: C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe owner: <UNKNOWN> domain: <UNKNOWN>
PID: 3924 name: C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe owner: Professor domain: DUMA
PID: 1748 name: C:\Program Files\Windows Defender\MSASCui.exe owner: Professor domain: DUMA
PID: 2920 name: C:\Program Files\iTunes\iTunesHelper.exe owner: Professor domain: DUMA
PID: 332 name: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe owner: Professor domain: DUMA
PID: 3816 name: C:\Program Files\Java\jre6\bin\jusched.exe owner: Professor domain: DUMA
PID: 1464 name: C:\WINDOWS\system32\ctfmon.exe owner: Professor domain: DUMA
PID: 2180 name: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe owner: Professor domain: DUMA
PID: 2472 name: C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe owner: Professor domain: DUMA
PID: 2548 name: C:\Program Files\Digital Camera\DRIVERM.exe owner: Professor domain: DUMA
PID: 1916 name: C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe owner: Professor domain: DUMA
PID: 1320 name: C:\Program Files\iPod\bin\iPodService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1448 name: C:\Program Files\Mozilla Firefox\firefox.exe owner: Professor domain: DUMA
PID: 3840 name: \??\C:\WINDOWS\system32\csrss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3876 name: \??\C:\WINDOWS\system32\winlogon.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3760 name: C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2352 name: C:\WINDOWS\Explorer.EXE owner: Admin2 domain: DUMA
PID: 4240 name: C:\WINDOWS\system32\hkcmd.exe owner: Admin2 domain: DUMA
PID: 4248 name: C:\WINDOWS\system32\igfxpers.exe owner: Admin2 domain: DUMA
PID: 4320 name: C:\Program Files\Sony\ISB Utility\ISBMgr.exe owner: Admin2 domain: DUMA
PID: 4328 name: C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe owner: Admin2 domain: DUMA
PID: 4336 name: C:\Program Files\Sony\VAIO Power Management\SPMgr.exe owner: Admin2 domain: DUMA
PID: 4352 name: C:\Program Files\Google\Gmail Notifier\gnotify.exe owner: Admin2 domain: DUMA
PID: 4368 name: C:\WINDOWS\VM305_STI.EXE owner: Admin2 domain: DUMA
PID: 4380 name: C:\PROGRA~1\AVG\AVG8\avgtray.exe owner: Admin2 domain: DUMA
PID: 4504 name: C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe owner: <UNKNOWN> domain: <UNKNOWN>
PID: 4628 name: C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe owner: Admin2 domain: DUMA
PID: 4640 name: C:\WINDOWS\system32\igfxext.exe owner: SYSTEM domain: NT AUTHORITY
PID: 4648 name: C:\Program Files\Windows Defender\MSASCui.exe owner: Admin2 domain: DUMA
PID: 4664 name: C:\Program Files\QuickTime\QTTask.exe owner: Admin2 domain: DUMA
PID: 4688 name: C:\Program Files\iTunes\iTunesHelper.exe owner: Admin2 domain: DUMA
PID: 4696 name: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe owner: Admin2 domain: DUMA
PID: 4704 name: C:\Program Files\Java\jre6\bin\jusched.exe owner: Admin2 domain: DUMA
PID: 4752 name: C:\WINDOWS\system32\igfxsrvc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 4820 name: C:\WINDOWS\system32\ctfmon.exe owner: Admin2 domain: DUMA
PID: 5600 name: C:\Program Files\Digital Camera\DRIVERM.exe owner: Admin2 domain: DUMA
PID: 5328 name: C:\Program Files\Mozilla Firefox\firefox.exe owner: Admin2 domain: DUMA
PID: 4152 name: C:\WINDOWS\system32\igfxsrvc.exe owner: Professor domain: DUMA
PID: 3384 name: C:\WINDOWS\system32\wbem\wmiprvse.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 3092 name: C:\WINDOWS\system32\igfxsrvc.exe owner: Admin2 domain: DUMA
PID: 4556 name: C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe owner: Professor domain: DUMA
PID: 6348 name: C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe owner: Professor domain: DUMA
PID: 9208 name: C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe owner: Professor domain: DUMA
PID: 8968 name: C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe owner: Professor domain: DUMA

Startup items:
Name: igfxhkcmd
imagepath: C:\WINDOWS\system32\hkcmd.exe
Name: igfxpers
imagepath: C:\WINDOWS\system32\igfxpers.exe
Name: SkyTel
imagepath: SkyTel.EXE
Name: Alcmtr
imagepath: ALCMTR.EXE
Name: AzMixerSel
imagepath: C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
Name: VAIO Recovery
imagepath: C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
Name: ISBMgr.exe
imagepath: C:\Program Files\Sony\ISB Utility\ISBMgr.exe
Name: VAIO Update 2
imagepath: "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
Name: SonyPowerCfg
imagepath: "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"
Name: {0228e555-4f9c-4e35-a3ec-b109a192b4c2}
imagepath: C:\Program Files\Google\Gmail Notifier\gnotify.exe
Name: BigDogPath
imagepath: C:\WINDOWS\VM_STI.EXE ZSMC USB PC Camera
Name: BigDog305
imagepath: C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)

Logfile created: 6/28/2009 18:25:47
Lavasoft Ad-Aware version: 8.0.6
Extended engine version: 8.1
User performing scan: Professor

*********************** Definitions database information ***********************
Lavasoft definition file: 148.57
Extended engine definition file: 8.1

******************************** Scan results: *********************************
Scan profile name: Smart Scan (ID: smart)
Objects scanned: 72905
Objects detected: 8

Type Detected
==========================
Processes.......: 0
Registry entries: 0
Hostfile entries: 0
Files...........: 0
Folders.........: 0
LSPs............: 0
Cookies.........: 8
Browser hijacks.: 0
MRU objects.....: 0

Removed items:
Description: *real* Family Name: Cookies Clean status: Success Item ID: 408817 Family ID: 0
Description: *2o7* Family Name: Cookies Clean status: Failed Item ID: 408943 Family ID: 0
Description: *questionmarket* Family Name: Cookies Clean status: Failed Item ID: 408819 Family ID: 0
Description: *pointroll* Family Name: Cookies Clean status: Failed Item ID: 408826 Family ID: 0
Description: *ads.pointroll* Family Name: Cookies Clean status: Failed Item ID: 408927 Family ID: 0
Description: *.lycos* Family Name: Cookies Clean status: Failed Item ID: 408930 Family ID: 0
Description: *doubleclick* Family Name: Cookies Clean status: Success Item ID: 408875 Family ID: 0
Description: *.zedo* Family Name: Cookies Clean status: Success Item ID: 409030 Family ID: 0

Scan and cleaning complete: Finished correctly after 355 seconds

*********************************** Settings ***********************************

Scan profile:
ID: smart, enabled:1, value: Smart Scan
ID: scancriticalareas, enabled:1, value: true
ID: scanrunningapps, enabled:1, value: true
ID: scanregistry, enabled:1, value: true
ID: scanlsp, enabled:1, value: true
ID: scanads, enabled:1, value: false
ID: scanhostsfile, enabled:1, value: false
ID: scanmru, enabled:1, value: false
ID: scanbrowserhijacks, enabled:1, value: true
ID: scantrackingcookies, enabled:1, value: true
ID: closebrowsers, enabled:1, value: false
ID: folderstoscan, enabled:1, value:
ID: usespywareheuristics, enabled:1, value: true
ID: extendedengine, enabled:0, value: true
ID: useheuristics, enabled:0, value: true
ID: heuristicslevel, enabled:0, value: mild, domain: medium,mild,strict
ID: filescanningoptions, enabled:1
ID: scanrootkits, enabled:1, value: true
ID: archives, enabled:1, value: false
ID: onlyexecutables, enabled:1, value: true
ID: skiplargerthan, enabled:1, value: 20480

Scan global:
ID: global, enabled:1
ID: addtocontextmenu, enabled:1, value: true
ID: playsoundoninfection, enabled:1, value: false
ID: soundfile, enabled:0, value: *to be filled in automatically*\alert.wav

Scheduled scan settings:
<Empty>

Update settings:
ID: updates, enabled:1
ID: launchthreatworksafterscan, enabled:1, value: normal, domain: normal,off,silently
ID: softwareupdates, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: schedules, enabled:1, value: true
ID: updatedaily, enabled:1, value: Daily
ID: time, enabled:1, value: Wed Jun 03 00:28:00 2009
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updateweekly, enabled:1, value: Weekly
ID: time, enabled:1, value: Wed Jun 03 00:28:00 2009
ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: true
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: true
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false

Appearance settings:
ID: appearance, enabled:1
ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource
ID: showtrayicon, enabled:1, value: true
ID: language, enabled:1, value: en, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language

Realtime protection settings:
ID: realtime, enabled:1
ID: processprotection, enabled:1, value: true
ID: registryprotection, enabled:0, value: false
ID: networkprotection, enabled:0, value: false
ID: usespywareheuristics, enabled:0, value: true
ID: extendedengine, enabled:0, value: false
ID: useheuristics, enabled:0, value: false
ID: heuristicslevel, enabled:0, value: mild, domain: medium,mild,strict
ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant

****************************** System information ******************************
Computer name: DUMA
Processor name: Intel® Core™2 CPU T5500 @ 1.66GHz
Processor identifier: x86 Family 6 Model 15 Stepping 6
Raw info: processorarchitecture 0, processortype 586, processorlevel 6, processor revision 3846, number of processors 2
Physical memory available: 996556800 bytes
Physical memory total: 2137108480 bytes
Virtual memory available: 2033299456 bytes
Virtual memory total: 2147352576 bytes
Memory load: 53%
Microsoft Windows XP Professional Service Pack 3 (build 2600)
Windows startup mode:

Running processes:
PID: 1008 name: \SystemRoot\System32\smss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1088 name: \??\C:\WINDOWS\system32\csrss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1112 name: \??\C:\WINDOWS\system32\winlogon.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1160 name: C:\WINDOWS\system32\services.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1172 name: C:\WINDOWS\system32\lsass.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1352 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1420 name: C:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 1564 name: C:\Program Files\Windows Defender\MsMpEng.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1604 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1728 name: C:\Program Files\Intel\Wireless\Bin\EvtEng.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1868 name: C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2000 name: C:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 316 name: C:\WINDOWS\system32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 412 name: C:\WINDOWS\system32\ZoneLabs\vsmon.exe owner: <UNKNOWN> domain: <UNKNOWN>
PID: 280 name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 372 name: C:\WINDOWS\system32\spoolsv.exe owner: SYSTEM domain: NT AUTHORITY
PID: 796 name: C:\WINDOWS\system32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 1028 name: C:\WINDOWS\Explorer.EXE owner: Professor domain: DUMA
PID: 1040 name: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1308 name: C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1464 name: C:\Program Files\Bonjour\mDNSResponder.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1980 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 612 name: C:\Program Files\Java\jre6\bin\jqs.exe owner: SYSTEM domain: NT AUTHORITY
PID: 508 name: C:\PROGRA~1\AVG\AVG8\avgrsx.exe owner: SYSTEM domain: NT AUTHORITY
PID: 640 name: C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 704 name: C:\PROGRA~1\AVG\AVG8\avgnsx.exe owner: SYSTEM domain: NT AUTHORITY
PID: 804 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2108 name: C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2156 name: C:\Program Files\Sony\VAIO Event Service\VESMgr.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2380 name: C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2732 name: C:\Program Files\Windows Media Player\WMPNetwk.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 3092 name: C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3180 name: C:\PROGRA~1\AVG\AVG8\avgemc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3392 name: C:\WINDOWS\system32\igfxext.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3416 name: C:\WINDOWS\system32\hkcmd.exe owner: Professor domain: DUMA
PID: 3452 name: C:\WINDOWS\system32\igfxsrvc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3624 name: C:\WINDOWS\system32\igfxpers.exe owner: Professor domain: DUMA
PID: 3640 name: C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3780 name: C:\Program Files\Mozilla Firefox\firefox.exe owner: Professor domain: DUMA
PID: 3992 name: C:\Program Files\Sony\ISB Utility\ISBMgr.exe owner: Professor domain: DUMA
PID: 4024 name: C:\Program Files\AVG\AVG8\avgcsrvx.exe owner: SYSTEM domain: NT AUTHORITY
PID: 708 name: C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe owner: Professor domain: DUMA
PID: 712 name: C:\Program Files\Sony\VAIO Power Management\SPMgr.exe owner: Professor domain: DUMA
PID: 2068 name: C:\Program Files\Google\Gmail Notifier\gnotify.exe owner: Professor domain: DUMA
PID: 812 name: C:\WINDOWS\VM305_STI.EXE owner: Professor domain: DUMA
PID: 1752 name: C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2280 name: C:\PROGRA~1\AVG\AVG8\avgtray.exe owner: Professor domain: DUMA
PID: 2604 name: C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe owner: <UNKNOWN> domain: <UNKNOWN>
PID: 1856 name: C:\WINDOWS\system32\wbem\unsecapp.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3844 name: C:\WINDOWS\System32\alg.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 3916 name: C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe owner: Professor domain: DUMA
PID: 580 name: C:\Program Files\Windows Defender\MSASCui.exe owner: Professor domain: DUMA
PID: 2344 name: C:\Program Files\QuickTime\QTTask.exe owner: Professor domain: DUMA
PID: 2352 name: C:\WINDOWS\system32\wbem\wmiprvse.exe owner: SYSTEM domain: NT AUTHORITY
PID: 164 name: C:\Program Files\iTunes\iTunesHelper.exe owner: Professor domain: DUMA
PID: 3040 name: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe owner: Professor domain: DUMA
PID: 288 name: C:\Program Files\Java\jre6\bin\jusched.exe owner: Professor domain: DUMA
PID: 3380 name: C:\WINDOWS\system32\ctfmon.exe owner: Professor domain: DUMA
PID: 3996 name: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe owner: Professor domain: DUMA
PID: 724 name: C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe owner: Professor domain: DUMA
PID: 1380 name: C:\Program Files\Digital Camera\DRIVERM.exe owner: Professor domain: DUMA
PID: 1492 name: C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe owner: Professor domain: DUMA
PID: 216 name: C:\Program Files\iPod\bin\iPodService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 5392 name: \??\C:\WINDOWS\system32\csrss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 5496 name: \??\C:\WINDOWS\system32\winlogon.exe owner: SYSTEM domain: NT AUTHORITY
PID: 5792 name: C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3316 name: C:\WINDOWS\Explorer.EXE owner: Admin2 domain: DUMA
PID: 1164 name: C:\WINDOWS\system32\hkcmd.exe owner: Admin2 domain: DUMA
PID: 4632 name: C:\WINDOWS\system32\igfxpers.exe owner: Admin2 domain: DUMA
PID: 4100 name: C:\Program Files\Sony\ISB Utility\ISBMgr.exe owner: Admin2 domain: DUMA
PID: 4112 name: C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe owner: Admin2 domain: DUMA
PID: 4120 name: C:\Program Files\Sony\VAIO Power Management\SPMgr.exe owner: Admin2 domain: DUMA
PID: 4144 name: C:\Program Files\Google\Gmail Notifier\gnotify.exe owner: Admin2 domain: DUMA
PID: 4168 name: C:\WINDOWS\VM305_STI.EXE owner: Admin2 domain: DUMA
PID: 4208 name: C:\WINDOWS\system32\igfxext.exe owner: SYSTEM domain: NT AUTHORITY
PID: 4304 name: C:\WINDOWS\system32\igfxsrvc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 4276 name: C:\PROGRA~1\AVG\AVG8\avgtray.exe owner: Admin2 domain: DUMA
PID: 4532 name: C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe owner: <UNKNOWN> domain: <UNKNOWN>
PID: 4556 name: C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe owner: Admin2 domain: DUMA
PID: 4596 name: C:\Program Files\Windows Defender\MSASCui.exe owner: Admin2 domain: DUMA
PID: 4620 name: C:\Program Files\iTunes\iTunesHelper.exe owner: Admin2 domain: DUMA
PID: 4636 name: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe owner: Admin2 domain: DUMA
PID: 4656 name: C:\Program Files\Java\jre6\bin\jusched.exe owner: Admin2 domain: DUMA
PID: 4980 name: C:\WINDOWS\system32\ctfmon.exe owner: Admin2 domain: DUMA
PID: 304 name: C:\Program Files\Digital Camera\DRIVERM.exe owner: Admin2 domain: DUMA
PID: 3132 name: C:\Program Files\Mozilla Firefox\firefox.exe owner: Admin2 domain: DUMA
PID: 4700 name: C:\WINDOWS\system32\igfxsrvc.exe owner: Professor domain: DUMA
PID: 3984 name: C:\WINDOWS\system32\igfxsrvc.exe owner: Admin2 domain: DUMA
PID: 4500 name: C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE owner: Professor domain: DUMA
PID: 4684 name: C:\WINDOWS\system32\wbem\wmiprvse.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 3208 name: C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe owner: Professor domain: DUMA
PID: 5400 name: C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe owner: Professor domain: DUMA

Startup items:
Name: PostBootReminder
imagepath: {7849596a-48ea-486e-8937-a2a3009f31a9}
Name: CDBurn
imagepath: {fbeb8a05-beee-4442-804e-409d6c4515e9}
Name: WebCheck
imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
Name: SysTray
imagepath: {35CEC8A3-2BE6-11D2-8773-92E220524153}
Name: WPDShServiceObj
imagepath: {AAA288BA-9A4C-45B0-95D7-94D524869DB5}
Name: igfxhkcmd
imagepath: C:\WINDOWS\system32\hkcmd.exe
Name: igfxpers
imagepath: C:\WINDOWS\system32\igfxpers.exe
Name: SkyTel
imagepath: SkyTel.EXE
Name: Alcmtr
imagepath: ALCMTR.EXE
Name: AzMixerSel
imagepath: C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
Name: VAIO Recovery
imagepath: C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
Name: ISBMgr.exe
imagepath: C:\Program Files\Sony\ISB Utility\ISBMgr.exe
Name: VAIO Update 2
imagepath: "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
Name: SonyPowerCfg
imagepath: "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"
Name: {0228e555-4f9c-4e35-a3ec-b109a192b4c2}
imagepath: C:\Program Files\Google\Gmail Notifier\gnotify.exe
Name: BigDogPath
imagepath: C:\WINDOWS\VM_STI.EXE ZSMC USB PC Camera
Name: BigDog305
imagepath: C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
Logfile created: 7/13/2009 10:7:59
Lavasoft Ad-Aware version: 8.0.7
Extended engine version: 8.1
User performing scan: Professor

*********************** Definitions database information ***********************
Lavasoft definition file: 149.0
Extended engine definition file: 8.1

******************************** Scan results: *********************************
Scan profile name: Smart Scan (ID: smart)
Objects scanned: 50331
Objects detected: 0

Type Detected
==========================
Processes.......: 0
Registry entries: 0
Hostfile entries: 0
Files...........: 0
Folders.........: 0
LSPs............: 0
Cookies.........: 0
Browser hijacks.: 0
MRU objects.....: 0

Scan and cleaning complete: Finished correctly after 337 seconds

*********************************** Settings ***********************************

Scan profile:
ID: smart, enabled:1, value: Smart Scan
ID: scancriticalareas, enabled:1, value: true
ID: scanrunningapps, enabled:1, value: true
ID: scanregistry, enabled:1, value: true
ID: scanlsp, enabled:1, value: true
ID: scanads, enabled:1, value: false
ID: scanhostsfile, enabled:1, value: false
ID: scanmru, enabled:1, value: false
ID: scanbrowserhijacks, enabled:1, value: true
ID: scantrackingcookies, enabled:1, value: true
ID: closebrowsers, enabled:1, value: false
ID: folderstoscan, enabled:1, value:
ID: usespywareheuristics, enabled:1, value: true
ID: extendedengine, enabled:0, value: true
ID: useheuristics, enabled:0, value: true
ID: heuristicslevel, enabled:0, value: mild, domain: medium,mild,strict
ID: filescanningoptions, enabled:1
ID: scanrootkits, enabled:1, value: true
ID: archives, enabled:1, value: false
ID: onlyexecutables, enabled:1, value: true
ID: skiplargerthan, enabled:1, value: 20480

Scan global:
ID: global, enabled:1
ID: addtocontextmenu, enabled:1, value: true
ID: playsoundoninfection, enabled:1, value: false
ID: soundfile, enabled:0, value: *to be filled in automatically*\alert.wav

Scheduled scan settings:
<Empty>

Update settings:
ID: updates, enabled:1
ID: launchthreatworksafterscan, enabled:1, value: normal, domain: normal,off,silently
ID: softwareupdates, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: schedules, enabled:1, value: true
ID: updatedaily, enabled:1, value: Daily
ID: time, enabled:1, value: Wed Jun 03 00:28:00 2009
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updateweekly, enabled:1, value: Weekly
ID: time, enabled:1, value: Wed Jun 03 00:28:00 2009
ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: true
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: true
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false

Appearance settings:
ID: appearance, enabled:1
ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource
ID: showtrayicon, enabled:1, value: true
ID: language, enabled:1, value: en, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language

Realtime protection settings:
ID: realtime, enabled:1
ID: processprotection, enabled:1, value: true
ID: registryprotection, enabled:0, value: false
ID: networkprotection, enabled:0, value: false
ID: usespywareheuristics, enabled:0, value: true
ID: extendedengine, enabled:0, value: false
ID: useheuristics, enabled:0, value: false
ID: heuristicslevel, enabled:0, value: mild, domain: medium,mild,strict
ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant

****************************** System information ******************************
Computer name: DUMA
Processor name: Intel® Core™2 CPU T5500 @ 1.66GHz
Processor identifier: x86 Family 6 Model 15 Stepping 6
Raw info: processorarchitecture 0, processortype 586, processorlevel 6, processor revision 3846, number of processors 2
Physical memory available: 1326600192 bytes
Physical memory total: 2137108480 bytes
Virtual memory available: 2050449408 bytes
Virtual memory total: 2147352576 bytes
Memory load: 37%
Microsoft Windows XP Professional Service Pack 3 (build 2600)
Windows startup mode:

Running processes:
PID: 1008 name: \SystemRoot\System32\smss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1088 name: \??\C:\WINDOWS\system32\csrss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1112 name: \??\C:\WINDOWS\system32\winlogon.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1156 name: C:\WINDOWS\system32\services.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1168 name: C:\WINDOWS\system32\lsass.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1344 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1412 name: C:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 1556 name: C:\Program Files\Windows Defender\MsMpEng.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1596 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1652 name: C:\Program Files\Intel\Wireless\Bin\EvtEng.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1928 name: C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe owner: SYSTEM domain: NT AUTHORITY
PID: 284 name: C:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 388 name: C:\WINDOWS\system32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 480 name: C:\WINDOWS\system32\ZoneLabs\vsmon.exe owner: <UNKNOWN> domain: <UNKNOWN>
PID: 216 name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 320 name: C:\WINDOWS\system32\spoolsv.exe owner: SYSTEM domain: NT AUTHORITY
PID: 680 name: C:\WINDOWS\system32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 756 name: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 780 name: C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 792 name: C:\Program Files\Bonjour\mDNSResponder.exe owner: SYSTEM domain: NT AUTHORITY
PID: 988 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1360 name: C:\Program Files\Java\jre6\bin\jqs.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1668 name: C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1788 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1968 name: C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 232 name: C:\PROGRA~1\AVG\AVG8\avgrsx.exe owner: SYSTEM domain: NT AUTHORITY
PID: 552 name: C:\PROGRA~1\AVG\AVG8\avgnsx.exe owner: SYSTEM domain: NT AUTHORITY
PID: 628 name: C:\Program Files\Sony\VAIO Event Service\VESMgr.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2112 name: C:\WINDOWS\system32\igfxext.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2120 name: C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2144 name: C:\WINDOWS\system32\igfxsrvc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2268 name: C:\Program Files\Windows Media Player\WMPNetwk.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 2560 name: C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2600 name: C:\PROGRA~1\AVG\AVG8\avgemc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2924 name: C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2932 name: C:\Program Files\AVG\AVG8\avgcsrvx.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3200 name: C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3404 name: C:\WINDOWS\system32\wbem\unsecapp.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3824 name: C:\WINDOWS\system32\wbem\wmiprvse.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3952 name: C:\WINDOWS\System32\alg.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 3236 name: C:\WINDOWS\Explorer.EXE owner: Professor domain: DUMA
PID: 1984 name: C:\WINDOWS\system32\hkcmd.exe owner: Professor domain: DUMA
PID: 2036 name: C:\WINDOWS\system32\igfxpers.exe owner: Professor domain: DUMA
PID: 2356 name: C:\Program Files\Sony\ISB Utility\ISBMgr.exe owner: Professor domain: DUMA
PID: 2384 name: C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe owner: Professor domain: DUMA
PID: 2804 name: C:\Program Files\Sony\VAIO Power Management\SPMgr.exe owner: Professor domain: DUMA
PID: 2492 name: C:\Program Files\Google\Gmail Notifier\gnotify.exe owner: Professor domain: DUMA
PID: 2548 name: C:\WINDOWS\VM305_STI.EXE owner: Professor domain: DUMA
PID: 2616 name: C:\PROGRA~1\AVG\AVG8\avgtray.exe owner: Professor domain: DUMA
PID: 2748 name: C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe owner: <UNKNOWN> domain: <UNKNOWN>
PID: 2288 name: C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe owner: Professor domain: DUMA
PID: 3720 name: C:\Program Files\Windows Defender\MSASCui.exe owner: Professor domain: DUMA
PID: 3764 name: C:\Program Files\QuickTime\QTTask.exe owner: Professor domain: DUMA
PID: 3856 name: C:\Program Files\iTunes\iTunesHelper.exe owner: Professor domain: DUMA
PID: 1616 name: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe owner: Professor domain: DUMA
PID: 3752 name: C:\Program Files\Java\jre6\bin\jusched.exe owner: Professor domain: DUMA
PID: 2324 name: C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe owner: Professor domain: DUMA
PID: 2812 name: C:\WINDOWS\system32\ctfmon.exe owner: Professor domain: DUMA
PID: 1752 name: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe owner: Professor domain: DUMA
PID: 2836 name: C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe owner: Professor domain: DUMA
PID: 1904 name: C:\Program Files\Eraser\eraser.exe owner: Professor domain: DUMA
PID: 3072 name: C:\Program Files\iPod\bin\iPodService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1776 name: C:\Program Files\Digital Camera\DRIVERM.exe owner: Professor domain: DUMA
PID: 3616 name: C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe owner: Professor domain: DUMA
PID: 3964 name: C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe owner: Professor domain: DUMA
PID: 3472 name: C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe owner: Professor domain: DUMA

Startup items:
Name: {438755C2-A8BA-11D1-B96B-00A0C90312E1}
imagepath: Browseui preloader
Name: {8C7461EF-2B13-11d2-BE35-3078302C2030}
imagepath: Component Categories cache daemon
Name: igfxhkcmd
imagepath: C:\WINDOWS\system32\hkcmd.exe
Name: igfxpers
imagepath: C:\WINDOWS\system32\igfxpers.exe
Name: SkyTel
imagepath: SkyTel.EXE
Name: Alcmtr
imagepath: ALCMTR.EXE
Name: AzMixerSel
imagepath: C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
Name: VAIO Recovery
imagepath: C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
Name: ISBMgr.exe
imagepath: C:\Program Files\Sony\ISB Utility\ISBMgr.exe
Name: VAIO Update 2
imagepath: "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
Name: SonyPowerCfg
imagepath: "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"
Name: {0228e555-4f9c-4e35-a3ec-b109a192b4c2}
imagepath: C:\Program Files\Google\Gmail Notifier\gnotify.exe
Name: BigDogPath
imagepath: C:\WINDOWS\VM_STI.EXE ZSMC USB PC Camera
Name: BigDog305
imagepath: C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
Logfile created: 7/20/2009 22:21:56
Lavasoft Ad-Aware version: 8.0.7
Extended engine version: 8.1
User performing scan: Professor

*********************** Definitions database information ***********************
Lavasoft definition file: 149.8
Extended engine definition file: 8.1

******************************** Scan results: *********************************
Scan profile name: Full Scan (ID: full)
Objects scanned: 201914
Objects detected: 0

Type Detected
==========================
Processes.......: 0
Registry entries: 0
Hostfile entries: 0
Files...........: 0
Folders.........: 0
LSPs............: 0
Cookies.........: 0
Browser hijacks.: 0
MRU objects.....: 0

Scan and cleaning complete: Finished correctly after 3902 seconds

*********************************** Settings ***********************************

Scan profile:
ID: full, enabled:1, value: Full Scan
ID: scancriticalareas, enabled:1, value: true
ID: scanrunningapps, enabled:1, value: true
ID: scanregistry, enabled:1, value: true
ID: scanlsp, enabled:1, value: true
ID: scanads, enabled:1, value: true
ID: scanhostsfile, enabled:1, value: true
ID: scanmru, enabled:1, value: true
ID: scanbrowserhijacks, enabled:1, value: true
ID: scantrackingcookies, enabled:1, value: true
ID: closebrowsers, enabled:1, value: false
ID: folderstoscan, enabled:1, value: C:\
ID: usespywareheuristics, enabled:1, value: true
ID: extendedengine, enabled:0, value: true
ID: useheuristics, enabled:0, value: true
ID: heuristicslevel, enabled:0, value: mild, domain: medium,mild,strict
ID: filescanningoptions, enabled:1
ID: scanrootkits, enabled:1, value: true
ID: archives, enabled:1, value: true
ID: onlyexecutables, enabled:1, value: false
ID: skiplargerthan, enabled:1, value: 20480

Scan global:
ID: global, enabled:1
ID: addtocontextmenu, enabled:1, value: true
ID: playsoundoninfection, enabled:1, value: false
ID: soundfile, enabled:0, value: *to be filled in automatically*\alert.wav

Scheduled scan settings:
<Empty>

Update settings:
ID: updates, enabled:1
ID: launchthreatworksafterscan, enabled:1, value: normal, domain: normal,off,silently
ID: softwareupdates, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
ID: schedules, enabled:1, value: true
ID: updatedaily, enabled:1, value: Daily
ID: time, enabled:1, value: Wed Jun 03 00:28:00 2009
ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: false
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: false
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false
ID: updateweekly, enabled:1, value: Weekly
ID: time, enabled:1, value: Wed Jun 03 00:28:00 2009
ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly
ID: weekdays, enabled:1
ID: monday, enabled:1, value: true
ID: tuesday, enabled:1, value: false
ID: wednesday, enabled:1, value: true
ID: thursday, enabled:1, value: false
ID: friday, enabled:1, value: false
ID: saturday, enabled:1, value: false
ID: sunday, enabled:1, value: false
ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
ID: scanprofile, enabled:1, value:
ID: auto_deal_with_infections, enabled:1, value: false

Appearance settings:
ID: appearance, enabled:1
ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource
ID: showtrayicon, enabled:1, value: true
ID: language, enabled:1, value: en, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language

Realtime protection settings:
ID: realtime, enabled:1
ID: processprotection, enabled:1, value: true
ID: registryprotection, enabled:0, value: false
ID: networkprotection, enabled:0, value: false
ID: usespywareheuristics, enabled:0, value: true
ID: extendedengine, enabled:0, value: false
ID: useheuristics, enabled:0, value: false
ID: heuristicslevel, enabled:0, value: mild, domain: medium,mild,strict
ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant

****************************** System information ******************************
Computer name: DUMA
Processor name: Intel® Core™2 CPU T5500 @ 1.66GHz
Processor identifier: x86 Family 6 Model 15 Stepping 6
Raw info: processorarchitecture 0, processortype 586, processorlevel 6, processor revision 3846, number of processors 2
Physical memory available: 1013813248 bytes
Physical memory total: 2137108480 bytes
Virtual memory available: 2050154496 bytes
Virtual memory total: 2147352576 bytes
Memory load: 52%
Microsoft Windows XP Professional Service Pack 3 (build 2600)
Windows startup mode:

Running processes:
PID: 992 name: \SystemRoot\System32\smss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1088 name: \??\C:\WINDOWS\system32\csrss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1112 name: \??\C:\WINDOWS\system32\winlogon.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1156 name: C:\WINDOWS\system32\services.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1168 name: C:\WINDOWS\system32\lsass.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1344 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1412 name: C:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 1452 name: C:\Program Files\Windows Defender\MsMpEng.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1492 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1552 name: C:\Program Files\Intel\Wireless\Bin\EvtEng.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1888 name: C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2004 name: C:\WINDOWS\system32\svchost.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 184 name: C:\WINDOWS\system32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 200 name: C:\WINDOWS\system32\ZoneLabs\vsmon.exe owner: <UNKNOWN> domain: <UNKNOWN>
PID: 924 name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1072 name: C:\WINDOWS\system32\spoolsv.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1836 name: C:\WINDOWS\Explorer.EXE owner: Professor domain: DUMA
PID: 368 name: C:\WINDOWS\system32\svchost.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 400 name: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 428 name: C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 528 name: C:\Program Files\Bonjour\mDNSResponder.exe owner: SYSTEM domain: NT AUTHORITY
PID: 664 name: C:\WINDOWS\System32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 768 name: C:\Program Files\Java\jre6\bin\jqs.exe owner: SYSTEM domain: NT AUTHORITY
PID: 860 name: C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1036 name: C:\WINDOWS\system32\svchost.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1396 name: C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1628 name: C:\Program Files\Sony\VAIO Event Service\VESMgr.exe owner: SYSTEM domain: NT AUTHORITY
PID: 1844 name: C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2216 name: C:\PROGRA~1\AVG\AVG8\avgrsx.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2252 name: C:\Program Files\Windows Media Player\WMPNetwk.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 2256 name: C:\PROGRA~1\AVG\AVG8\avgnsx.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2584 name: C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2712 name: C:\PROGRA~1\AVG\AVG8\avgemc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2860 name: C:\WINDOWS\system32\igfxext.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2992 name: C:\WINDOWS\system32\igfxsrvc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3004 name: C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3128 name: C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe owner: <UNKNOWN> domain: <UNKNOWN>
PID: 3208 name: C:\Program Files\Google\Gmail Notifier\gnotify.exe owner: Professor domain: DUMA
PID: 3216 name: C:\Program Files\AVG\AVG8\avgcsrvx.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3240 name: C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe owner: Professor domain: DUMA
PID: 3416 name: C:\Program Files\Windows Defender\MSASCui.exe owner: Professor domain: DUMA
PID: 3448 name: C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe owner: Professor domain: DUMA
PID: 3524 name: C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3768 name: C:\Program Files\Java\jre6\bin\jusched.exe owner: Professor domain: DUMA
PID: 3948 name: C:\Program Files\QuickTime\QTTask.exe owner: Professor domain: DUMA
PID: 296 name: C:\Program Files\iTunes\iTunesHelper.exe owner: Professor domain: DUMA
PID: 1684 name: C:\Program Files\Sony\ISB Utility\ISBMgr.exe owner: Professor domain: DUMA
PID: 180 name: C:\WINDOWS\system32\igfxpers.exe owner: Professor domain: DUMA
PID: 2172 name: C:\WINDOWS\system32\hkcmd.exe owner: Professor domain: DUMA
PID: 2332 name: C:\WINDOWS\VM305_STI.EXE owner: Professor domain: DUMA
PID: 2800 name: C:\WINDOWS\system32\wbem\unsecapp.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3036 name: C:\WINDOWS\system32\wbem\wmiprvse.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3100 name: C:\PROGRA~1\AVG\AVG8\avgtray.exe owner: Professor domain: DUMA
PID: 3188 name: C:\WINDOWS\System32\alg.exe owner: LOCAL SERVICE domain: NT AUTHORITY
PID: 760 name: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe owner: Professor domain: DUMA
PID: 1824 name: C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe owner: Professor domain: DUMA
PID: 3172 name: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe owner: Professor domain: DUMA
PID: 3944 name: C:\Program Files\Eraser\eraser.exe owner: Professor domain: DUMA
PID: 3888 name: C:\WINDOWS\system32\ctfmon.exe owner: Professor domain: DUMA
PID: 1160 name: C:\Program Files\iPod\bin\iPodService.exe owner: SYSTEM domain: NT AUTHORITY
PID: 2872 name: C:\Program Files\Digital Camera\DRIVERM.exe owner: Professor domain: DUMA
PID: 3800 name: C:\Program Files\PowerPanel\Program\PcfMgr.exe owner: Professor domain: DUMA
PID: 3720 name: C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe owner: Professor domain: DUMA
PID: 492 name: C:\Program Files\Mozilla Firefox\firefox.exe owner: Professor domain: DUMA
PID: 1992 name: \??\C:\WINDOWS\system32\csrss.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3836 name: \??\C:\WINDOWS\system32\winlogon.exe owner: SYSTEM domain: NT AUTHORITY
PID: 724 name: C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe owner: SYSTEM domain: NT AUTHORITY
PID: 3652 name: C:\WINDOWS\Explorer.EXE owner: Admin2 domain: DUMA
PID: 4296 name: C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe owner: <UNKNOWN> domain: <UNKNOWN>
PID: 4336 name: C:\Program Files\Google\Gmail Notifier\gnotify.exe owner: Admin2 domain: DUMA
PID: 4344 name: C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe owner: Admin2 domain: DUMA
PID: 4356 name: C:\WINDOWS\system32\igfxext.exe owner: SYSTEM domain: NT AUTHORITY
PID: 4364 name: C:\Program Files\Windows Defender\MSASCui.exe owner: Admin2 domain: DUMA
PID: 4376 name: C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe owner: Admin2 domain: DUMA
PID: 4400 name: C:\Program Files\Java\jre6\bin\jusched.exe owner: Admin2 domain: DUMA
PID: 4460 name: C:\Program Files\QuickTime\QTTask.exe owner: Admin2 domain: DUMA
PID: 4572 name: C:\Program Files\iTunes\iTunesHelper.exe owner: Admin2 domain: DUMA
PID: 4588 name: C:\WINDOWS\system32\igfxsrvc.exe owner: SYSTEM domain: NT AUTHORITY
PID: 4596 name: C:\Program Files\Sony\ISB Utility\ISBMgr.exe owner: Admin2 domain: DUMA
PID: 4716 name: C:\WINDOWS\system32\igfxpers.exe owner: Admin2 domain: DUMA
PID: 4740 name: C:\WINDOWS\system32\hkcmd.exe owner: Admin2 domain: DUMA
PID: 4812 name: C:\WINDOWS\VM305_STI.EXE owner: Admin2 domain: DUMA
PID: 4976 name: C:\PROGRA~1\AVG\AVG8\avgtray.exe owner: Admin2 domain: DUMA
PID: 5080 name: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe owner: Admin2 domain: DUMA
PID: 5192 name: C:\Program Files\Messenger\msmsgs.exe owner: Admin2 domain: DUMA
PID: 5204 name: C:\WINDOWS\system32\ctfmon.exe owner: Admin2 domain: DUMA
PID: 6012 name: C:\Program Files\Digital Camera\DRIVERM.exe owner: Admin2 domain: DUMA
PID: 6056 name: C:\Program Files\PowerPanel\Program\PcfMgr.exe owner: Admin2 domain: DUMA
PID: 4116 name: C:\Program Files\Mozilla Firefox\firefox.exe owner: Admin2 domain: DUMA
PID: 6104 name: C:\WINDOWS\system32\igfxsrvc.exe owner: Professor domain: DUMA
PID: 6036 name: C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE owner: Professor domain: DUMA
PID: 4952 name: C:\WINDOWS\system32\wbem\wmiprvse.exe owner: NETWORK SERVICE domain: NT AUTHORITY
PID: 5860 name: C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe owner: Professor domain: DUMA
PID: 4872 name: C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe owner: Professor domain: DUMA

Startup items:
Name: ZoneAlarm Client
imagepath: "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
Name: {0228e555-4f9c-4e35-a3ec-b109a192b4c2}
imagepath: C:\Program Files\Google\Gmail Notifier\gnotify.exe
Name: YSearchProtection
imagepath: "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
Name: Windows Defender
imagepath: "C:\Program Files\Windows Defender\MSASCui.exe" -hide
Name: VAIO Update 2
imagepath: "C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary
Name: VAIO Recovery
imagepath: C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
Name: SysMon
Name: SunJavaUpdateSched
imagepath: "C:\Program Files\Java\jre6\bin\jusched.exe"
Name: SonyPowerCfg
imagepath: "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"
Name: SkyTel
imagepath: SkyTel.EXE
Name: QuickTime Task
imagepath: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
Name: PartSeal
imagepath: C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
Name: LogitechCommunicationsManager
imagepath: "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
Name: iTunesHelper
imagepath: "C:\Program Files\iTunes\iTunesHelper.exe"
Name: ISBMgr.exe
imagepath: C:\Program Files\Sony\ISB Utility\ISBMgr.exe
Name: igfxtray
imagepath: C:\WINDOWS\system32\igfxtray.exe
Name: igfxpers
imagepath: C:\WINDOWS\system32\igfxpers.exe
Name: igfxhkcmd
imagepath: C:\WINDOWS\system32\hkcmd.exe
Name: BigDogPath
imagepath: C:\WINDOWS\VM_STI.EXE ZSMC USB PC Camera
Name: BigDog305
imagepath: C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
Name: AzMixerSel
imagepath: C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
Name: AVG8_TRAY
imagepath: C:\PROGRA~1\AVG\AVG8\avgtray.exe
Name: Alcmtr
imagepath: ALCMTR.EXE
Name: Adobe Reader Speed Launcher
imagepath: "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
Name: Ad-Watch
imagepath: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
Name: DWQueuedReporting
imagepath: "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
Name: {438755C2-A8BA-11D1-B96B-00A0C90312E1}
imagepath: Browseui preloader
Name: {8C7461EF-2B13-11d2-BE35-3078302C2030}
imagepath: Component Categories cache daemon
Name: PostBootReminder
imagepath: {7849596a-48ea-486e-8937-a2a3009f31a9}
Name: CDBurn
imagepath: {fbeb8a05-beee-4442-804e-409d6c4515e9}
Name: WebCheck
imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
Name: SysTray
imagepath: {35CEC8A3-2BE6-11D2-8773-92E220524153}
Name: WPDShServiceObj
imagepath: {AAA288BA-9A4C-45B0-95D7-94D524869DB5}
Name:
location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
imagepath: C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
Name:
location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
imagepath: C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
Name:
imagepath: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
Name:
location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DRIVER PNP Monitor.lnk
imagepath: C:\Program Files\Digital Camera\DRIVERM.exe
Name:
location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Mozilla Firefox\Mozilla Firefox (Safe Mode).lnk
imagepath: C:\Program Files\Mozilla Firefox\firefox.exe
Name:
location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Mozilla Firefox\Mozilla Firefox.lnk
imagepath: C:\Program Files\Mozilla Firefox\firefox.exe
Name:
location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PowerPanel.lnk
imagepath: C:\Program Files\PowerPanel\Program\PcfMgr.exe

Bootexecute items:
Name:
imagepath: autocheck autochk *
Name:
imagepath: lsdelete

Running services:
Name: 6to4
displayname: IPv6 Helper Service
Name: ALG
displayname: Application Layer Gateway Service
Name: Apple Mobile Device
displayname: Apple Mobile Device
Name: AudioSrv
displayname: Windows Audio
Name: avg8emc
displayname: AVG Free8 E-mail Scanner
Name: avg8wd
displayname: AVG8 WatchDog
Name: Bonjour Service
displayname: Bonjour Service
Name: CryptSvc
displayname: Cryptographic Services
Name: DcomLaunch
displayname: DCOM Server Process Launcher
Name: Dhcp
displayname: DHCP Client
Name: Dnscache
displayname: DNS Client
Name: ERSvc
displayname: Error Reporting Service
Name: Eventlog
displayname: Event Log
Name: EventSystem
displayname: COM+ Event System
Name: EvtEng
displayname: Intel® PROSet/Wireless Event Log
Name: FastUserSwitchingCompatibility
displayname: Fast User Switching Compatibility
Name: helpsvc
displayname: Help and Support
Name: HidServ
displayname: HID Input Service
Name: HTTPFilter
displayname: HTTP SSL
Name: iPod Service
displayname: iPod Service
Name: JavaQuickStarterService
displayname: Java Quick Starter
Name: LanmanWorkstation
displayname: Workstation
Name: Lavasoft Ad-Aware Service
displayname: Lavasoft Ad-Aware Service
Name: LmHosts
displayname: TCP/IP NetBIOS Helper
Name: Netman
displayname: Network Connections
Name: Nla
displayname: Network Location Awareness (NLA)
Name: PlugPlay
displayname: Plug and Play
Name: PolicyAgent
displayname: IPSEC Services
Name: ProtectedStorage
displayname: Protected Storage
Name: RasMan
displayname: Remote Access Connection Manager
Name: RegSrvc
displayname: Intel® PROSet/Wireless Registry Service
Name: RemoteRegistry
displayname: Remote Registry
Name: RpcSs
displayname: Remote Procedure Call (RPC)
Name: S24EventMonitor
displayname: Intel® PROSet/Wireless Service
Name: SamSs
displayname: Security Accounts Manager
Name: Schedule
displayname: Task Scheduler
Name: seclogon
displayname: Secondary Logon
Name: SENS
displayname: System Event Notification
Name: SharedAccess
displayname: Windows Firewall/Internet Connection Sharing (ICS)
Name: ShellHWDetection
displayname: Shell Hardware Detection
Name: Spooler
displayname: Print Spooler
Name: srservice
displayname: System Restore Service
Name: SSDPSRV
displayname: SSDP Discovery Service
Name: stisvc
displayname: Windows Image Acquisition (WIA)
Name: Symantec Core LC
displayname: Symantec Core LC
Name: TapiSrv
displayname: Telephony
Name: TermService
displayname: Terminal Services
Name: Themes
displayname: Themes
Name: TrkWks
displayname: Distributed Link Tracking Client
Name: upnphost
displayname: Universal Plug and Play Device Host
Name: VAIO Event Service
displayname: VAIO Event Service
Name: Vcsw
displayname: VAIO Entertainment UPnP Client Adapter
Name: vsmon
displayname: TrueVector Internet Monitor
Name: VzCdbSvc
displayname: VAIO Entertainment Database Service
Name: VzFw
displayname: VAIO Entertainment File Import Service
Name: W32Time
displayname: Windows Time
Name: WebClient
displayname: WebClient
Name: WinDefend
displayname: Windows Defender
Name: winmgmt
displayname: Windows Management Instrumentation
Name: WMPNetworkSvc
displayname: Windows Media Player Network Sharing Service
Name: wscsvc
displayname: Security Center
Name: wuauserv
displayname: Automatic Updates
Name: WZCSVC
displayname: Wireless Zero Configuration
Name: YahooAUService
displayname: Yahoo! Updater

LS Pekka

Jul 23 2009, 08:42 AM

Hi again jim787!

The missing MFC7OU.DLL is included in the "Utils Installer VAIO Power Management\data1" cab file
within Sonys C1_UTILITIES.ZIP, available for download at,

f tp://ftp.vaio-link.com/PUB/Vaio/Original/C1_UTILITIES.ZIP

Option1: You could try to reinstall "VAIO Power Management" using the setup.exe file from the "Utils Installer VAIO Power Management"
Note! In this case you may have to install Sony Utils from the folder "Utils Installer 1 SonyUtils DLL" first
Both the "Utils Installer VAIO Power Management" and the "Utils Installer 1 SonyUtils DLL" folders are present in "Utils" within
C1_UTILITIES.ZIP.

Option2 (copying MFC7OU.DLL to its location manually):

Note: In order to extract the data1.cab file you could for example use an external extractor tool such as
"Universal Extractor", ht tp://legroom.net/scripts/download.php?file=uniextract16
"Rightclick "data1.cab" and choose "UniExtract to Subdir" from the right-click menu."

1. Extract the "Utils" folder within the C1_UTILITIES.ZIP file.
2. Locate the "Utils Installer VAIO Power Management" folder in "Utils".
3. The missing MFC7OU.DLL is included in the "Utils Installer VAIO Power Management\data1" cab file.
4. Copy MFC7OU.DLL to your "C:\Program Files\Sony\VAIO Power Management\" folder.
5. Test if the problem is solved (system reboot may be needed first)

Note: As the posted stats does not contain any data of the detection/removal of the MFC7OU.DLL it may be the fact that
the MFC7OU.DLL file needs to be copied to other locations on your system. The symptom described "My laptop battery is no longer recognized by Windows." however points to the fact that the file was deleted within the "C:\Program Files\Sony\VAIO Power Management\" folder where MFC7OU.DLL should be present.

Regards,

LS Pekka

Lavasoft Malware Labs

jim787

Jul 23 2009, 02:47 PM

As instructed in thread
http://www.lavasoftsupport.com/index.php?a...amp;qpid=107682
I am posting my log files as attachments. Still trying to re-install missing DLL for SPMGR

LS CalamityJane

Jul 23 2009, 03:19 PM

Hello, I moved your reply back to your own thread here so Pekka can review for you

LS Pekka

Jul 23 2009, 05:36 PM

QUOTE(jim787 @ Jul 23 2009, 03:47 PM)

As instructed in thread
http://www.lavasoftsupport.com/index.php?a...amp;qpid=107682
I am posting my log files as attachments. Still trying to re-install missing DLL for SPMGR

Hi jim787!

Thanks for the uploaded logfiles!
However they only show that cookies has been detected on your system.

I hope that you succeed with re-installing the missing DLL-file using either Option1 or Option2 according to my previous post.

Regards,

LS Pekka

Lavasoft Malware Labs

jim787

Jul 24 2009, 06:44 AM

Before I attempt your two options (quoted in the post below), isn't the file I need attached (and subsequently removed) by Calamity Jane in this post?

http://www.lavasoftsupport.com/index.php?showtopic=26399

This looks like a simple procedure. Can you post the .zip file for me?

QUOTE(LS Pekka @ Jul 23 2009, 08:42 AM)

LS Pekka

Jul 24 2009, 08:18 AM

Hi again jim787!

In reply to:
"...Can you post the .zip file for me?"

Sorry, I can´t do that due to legal reasons.

Regards,

LS Pekka

Lavasoft Malware Labs

jim787

Jul 25 2009, 08:37 AM

I tried both options. Battery is still not recognized.
I did reinstall of the relevant applications.
Missing DLL message has stopped appearing on startup (even before these procedures).

LS Pekka

Jul 25 2009, 09:35 AM

QUOTE(jim787 @ Jul 25 2009, 09:37 AM)

I tried both options. Battery is still not recognized.
I did reinstall of the relevant applications.
Missing DLL message has stopped appearing on startup (even before these procedures).

Hi jim787!

According to thread at,
h ttp://forum.notebookreview.com/showthread.php?t=76411

...it might be an ISBMgr error.

More info on ISBMgr available here,
h ttp://www.file.net/process/isbmgr.exe.html

"Re: Sony VAIO VGN-SZ260P Battery not recognized by computer"
"Remove isbmgr.exe from the start-up list using msconfig, Startup Control Panel or Autoruns and reboot to fix the problem." (h ttp://forum.notebookreview.com/showthread.php?t=76411)

Here is one way to disable isbmgr.exe,
Go to "Start", "Run" then type "msconfig" and press enter, press the "Startup" tab in msconfig and then Remove isbmgr.exe from the start-up list using msconfig. Reboot the machine in order to see if that fixed the problem

This might be worth trying.

Regards,

LS Pekka

Lavasoft Malware Labs

jim787

Jul 27 2009, 08:35 AM

Nope. Removing ISBMgr does not work.
Logs may only indicate cookies but full scans twice detected malware. One was "***delf", quaranteeend and since restored. The other was a DLL, no doubt the mfc70u.dll

QUOTE(LS Pekka @ Jul 25 2009, 09:35 AM)

Petorian

Jul 31 2009, 12:29 AM

Please help I am in need of the missing file myself and my battery too is not recognized...The Culprit was Win32DropperDelf.......Thankx in Advance....Steve

LS Pekka

Jul 31 2009, 06:54 AM

QUOTE(Petorian @ Jul 31 2009, 01:29 AM)

Please help I am in need of the missing file myself and my battery too is not recognized...The Culprit was Win32DropperDelf.......Thankx in Advance....Steve

Hi Petorian!

Would it be possible for you to post the Ad-Aware log-file from the scan where the Win32DropperDelf object/objects was detected?
We would need that in order to pinpoint the location/locations of the object/objects that was detected/removed on your system.
Here are some info on how to locate the log-file: http://www.lavasoftsupport.com/index.php?showtopic=18033

Have you tried to restore the object/objects from quarantine or did you remove/delete them from your system?
Here are some info on how to restore quarantined objects: http://www.lavasoftsupport.com/index.php?showtopic=19729

Regards,

LS Pekka

Lavasoft Malware Labs

Petorian

Aug 11 2009, 10:31 AM

QUOTE(LS Pekka @ Jul 31 2009, 06:54 AM)

I hope this is what you need, if not please contact me again I wont take so long........Thankx in advance ...Steve

LS Pekka

Aug 11 2009, 11:06 AM

QUOTE(Petorian @ Aug 11 2009, 11:31 AM)

I hope this is what you need, if not please contact me again I wont take so long........Thankx in advance ...Steve

Hi

Thanks for uploading the logfile!

According to the logfile mfc70u.dll was quarantined from "c:\windows\system32\":

Quarantined items:
Description: c:\windows\system32\mfc70u.dll Family Name: Win32.TrojanDropper.Delf Clean status: Success Item ID: 1238256 Family ID: 1385

In order to solve the problem try copying the mfc70u.dll file to "c:\windows\system32\" on your system.

Here follows how to do that manually:

The missing MFC7OU.DLL is included in the "Utils Installer VAIO Power Management\data1" cab file
within Sonys C1_UTILITIES.ZIP, available for download at,

f tp://ftp.vaio-link.com/PUB/Vaio/Original/C1_UTILITIES.ZIP

Note: In order to extract the data1.cab file you could for example use an external extractor tool such as
"Universal Extractor", ht tp://legroom.net/scripts/download.php?file=uniextract16
"Rightclick "data1.cab" and choose "UniExtract to Subdir" from the right-click menu."

1. Extract the "Utils" folder within the C1_UTILITIES.ZIP file.
2. Locate the "Utils Installer VAIO Power Management" folder in "Utils".
3. The missing MFC7OU.DLL is included in the "Utils Installer VAIO Power Management\data1" cab file.
4. Copy MFC7OU.DLL to your "c:\windows\system32\" folder.
5. Test if the problem is solved (system reboot may be needed first)

Regards,

LS Pekka

Lavasoft Malware Labs

Petorian

Aug 11 2009, 07:12 PM

QUOTE(LS Pekka @ Aug 11 2009, 11:06 AM)

Hi
Thanks for uploading the logfile!

According to the logfile mfc70u.dll was quarantined from "c:\windows\system32\":

Quarantined items:
Description: c:\windows\system32\mfc70u.dll Family Name: Win32.TrojanDropper.Delf Clean status: Success Item ID: 1238256 Family ID: 1385

In order to solve the problem try copying the mfc70u.dll file to "c:\windows\system32\" on your system.

Here follows how to do that manually:

The missing MFC7OU.DLL is included in the "Utils Installer VAIO Power Management\data1" cab file
within Sonys C1_UTILITIES.ZIP, available for download at,

f tp://ftp.vaio-link.com/PUB/Vaio/Original/C1_UTILITIES.ZIP

Note: In order to extract the data1.cab file you could for example use an external extractor tool such as
"Universal Extractor", ht tp://legroom.net/scripts/download.php?file=uniextract16
"Rightclick "data1.cab" and choose "UniExtract to Subdir" from the right-click menu."

1. Extract the "Utils" folder within the C1_UTILITIES.ZIP file.
2. Locate the "Utils Installer VAIO Power Management" folder in "Utils".
3. The missing MFC7OU.DLL is included in the "Utils Installer VAIO Power Management\data1" cab file.
4. Copy MFC7OU.DLL to your "c:\windows\system32\" folder.
5. Test if the problem is solved (system reboot may be needed first)

Regards,

LS Pekka

Lavasoft Malware Labs

I have done everything but do not see any files inside the data1.cab file? Do I need to copy the whole thing and paste it in there?.......Thankx Steve

LS Pekka

Aug 11 2009, 07:47 PM

QUOTE(Petorian @ Aug 11 2009, 08:12 PM)

I have done everything but do not see any files inside the data1.cab file? Do I need to copy the whole thing and paste it in there?.......Thankx Steve

Hi Petorian!

Q: ...but do not see any files inside the data1.cab file?
A: The data1.cab file can be extracted by using the "Universal Extractor" (see further info below).

1. Extract the "Utils" folder within the C1_UTILITIES.ZIP file.
2. Locate the "Utils Installer VAIO Power Management" folder in "Utils".
3. The missing MFC7OU.DLL is included in the "Utils Installer VAIO Power Management\data1" cab file.

The data1.cab file may be extracted by using the "Universal Extractor",
available for download at:

ht tp://legroom.net/scripts/download.php?file=uniextract16

After the install of the "Universal Extractor" rightclick "data1.cab" and choose
"UniExtract to Subdir" from the right-click menu.".

4. Copy MFC7OU.DLL to your "c:\windows\system32\" folder.
5. Reboot the system and test if the problem is solved.

Regards,

LS Pekka

Lavasoft Malware Labs

Petorian

Aug 11 2009, 08:25 PM

QUOTE(LS Pekka @ Aug 11 2009, 07:47 PM)

Thankx alot for putting up with me I did get the file pasted and the error message is gone, I hope I am not pushing my luck here but, after rebooting twice, taking battery out and re-installing and unplugging battery and changing power management properties the battery does not seem to charge....What do you think my next step should be????? Thankx in advance........Steve

LS Pekka

Aug 11 2009, 09:53 PM

QUOTE(Petorian @ Aug 11 2009, 09:25 PM)

Hi again Petorian!

The battery charging problem could have many causes.

Here are some things that might be worth looking at.

Running the Sony Vaio diagnostics.
Checking the Sony Vaio manual for your model (battery and troubleshooting)?
(Here is one Sony Vaio manual) - ht tp://www.docs.sony.com/release/VGNTZ300_TZ40_.pdf
(Battery is not charging) - ht tp://www.fixya.com/support/t121752-battery_not_charging
(Battery charging problems - Vaio VGN-CS290 ) -
ht tp://www.techsupportforum.com/hardware-support/laptop-support/380473-battery-charging-problems-vaio-vgn-cs290.html

Regards,

LS Pekka

Lavasoft Malware Labs

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.