Solved Help Trojan:DOS/Rovnix.D

[amiraa]

It all started 4 days ago and I have NO idea Why >.< suddenly my laptop displayed a blue screen and restarted then a message appeared
problem signature :
Problem Event Name : BlueScreen
OS Version : 6.1.7601.2.1.0.256.1
Locale ID : 1033
Additional information about the problem :
BCCode: 109
BCP1: A3A039D895157704
BCP2: B3B7465FF793B536

after that Microsoft Security Essentials detected "Trojan: DOS/Rovnix.D" and shows a screen with a red color 'SCAN' button advising immediate removal of the Trojan
"Category: Trojan
Description: This program is dangerous and executes commands from an attacker.
Recommended action: Remove this software immediately.
Items: boot:\\.\PHYSICALDRIVE0\Partition0 (NTFS)"

When I press the scan button, it tries to remove but comes with an error message showing it is unable to remove it " Error code0x800704ec. This program is blocked by group policy .For more information, contact your system administrator "
I Attached pictures of my error message and system information
please HELP me I really can't afford to lose every thing on my drives I can't format .
Please help me save my work and every thing else .
PS: my computer knowledge is average please walk me through everything slowly and tolerate my ignorance ^_^

 

[Broni]

Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

 

[amiraa]

I have Microsoft Security Essentials as an antivirus program
MBAM log
Malwarebytes Anti-Malware (Trial) 1.75.0.1300www.malwarebytes.org
Database version: v2013.08.08.02
Windows 7 Service Pack 1 x64 NTFSInternet Explorer 10.0.9200.16635user1 :: USER1-PC [administrator]
Protection: Enabled
8/8/2013 9:47:43 AMmbam-log-2013-08-08 (09-47-43).txt
Scan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 213766Time elapsed: 6 minute(s),
Memory Processes Detected: 0(No malicious items detected)
Memory Modules Detected: 0(No malicious items detected)
Registry Keys Detected: 0(No malicious items detected)
Registry Values Detected: 0(No malicious items detected)
Registry Data Items Detected: 0(No malicious items detected)
Folders Detected: 1C:\Users\user1\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
Files Detected: 2C:\Users\user1\Downloads\MS Office 2010 EZ-Activator_WOC.rar (RiskWare.Tool.CK) -> Quarantined and deleted successfully.C:\Users\user1\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
(end)

there was no DDS.txt created !!!! Attach.txt
.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume1Install Date: 10/12/2011 8:27:25 AMSystem Uptime: 8/8/2013 9:45:30 AM (1 hours ago).Motherboard: TOSHIBA | | PWWHAProcessor: Intel(R) Core(TM) i3-2310M CPU @ 2.10GHz | CPU 1 | 2100/100mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 152 GiB total, 28.964 GiB free.D: is FIXED (NTFS) - 146 GiB total, 14.059 GiB free.E: is CDROM ()F: is Removable.==== Disabled Device Manager Items =============.Class GUID: {7240100f-6512-4548-8418-9ebb5c6a1a94}Description: Bluetooth USB Controller-10 from TOSHIBADevice ID: USB\VID_0930&PID_0215\6&36055CEE&0&2Manufacturer: ToshibaName: Bluetooth USB Controller-10 from TOSHIBAPNP Device ID: USB\VID_0930&PID_0215\6&36055CEE&0&2Service: tosrfusb.==== System Restore Points ===================.RP238: 8/2/2013 2:58:06 PM - Windows UpdateRP239: 8/4/2013 8:11:20 PM - Removed Windows 7 ManagerRP240: 8/4/2013 8:40:26 PM - Restore OperationRP241: 8/4/2013 8:47:54 PM - Removed Windows 7 ManagerRP242: 8/4/2013 9:17:56 PM - Windows UpdateRP243: 8/6/2013 9:05:50 PM - Malwarebytes Anti-Rootkit Restore PointRP245: 8/8/2013 9:56:47 AM - Windows Update.==== Image File Execution Options =============..==== Installed Programs ======================..==== End Of File ===========================

 

[Broni]

Please re-run DDS one more time.

 

[amiraa]

I did that 3 times BUT NO DDS.txt it only created 1 log file "Attach.txt"
and the times that the system restarts is getting more and more frequent and the time between each restart is getting less .

 

[Broni]

Download RogueKiller for 32bit or Roguekiller for 64bit to your Desktop.

• Close all the running programs
• Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
• Otherwise just double-click on RogueKiller.exe
• Pre-scan will start. Let it finish.
• Click on SCAN button.
• Wait until the Status box shows Scan Finished
• Click on Delete.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.
• If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Create new restore point before proceeding with the next step....
How to:
- Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

Download Malwarebytes Anti-Rootkit (MBAR) from HERE

• Unzip downloaded file.
• Open the folder where the contents were unzipped and run mbar.exe
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
• Click on the Cleanup button to remove any threats and reboot if prompted to do so.
• Wait while the system shuts down and the cleanup process is performed.
• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
• When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt

 

[amiraa]

RogueKiller V8.6.5 _x64_ [Aug 5 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.adlice.com/forum/Website : http://www.adlice.com/softwares/roguekiller/Blog : http://tigzyrk.blogspot.com/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : user1 [Admin rights]Mode : Remove -- Date : 08/09/2013 20:10:16| ARK || FAK || MBR |
¤¤¤ Bad processes : 1 ¤¤¤[SUSP PATH] mbbService.exe -- C:\ProgramData\MobileBrServ\mbbservice.exe [7] -> KILLED [TermProc]
¤¤¤ Registry Entries : 2 ¤¤¤[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)[HJ DESK] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
¤¤¤ Scheduled tasks : 0 ¤¤¤
¤¤¤ Startup Entries : 0 ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
¤¤¤ External Hives: ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK3276GSXN ATA Device +++++--- User ---[MBR] b415d1e1e7aae9cce9371f114fa45d61[BSP] ef9cdb939ef7333789ad89fe5d1432db : Windows 7/8 MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset: 2048 | Size: 100 Mo1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset: 206848 | Size: 149899 Mo2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset: 307200000 | Size: 155244 MoUser = LL1 ... OK!User = LL2 ... OK!
Finished : << RKreport[0]_D_08092013_201016.txt >>RKreport[0]_S_08092013_200944.txt

when I insteld MBAR the system asked for a restart cuze some file wasn't there then I have now on the laptop a BLACK screen with a window of MBAR with a message that DDA Driver is not active. Scan Can't continue and in the backgroned is a window labeled C:\Windows\System32\cmd.exe
when I pressed OK every thing went back to normal BUT no trace of MBAR
I did a re-run this time the scan was normal and NO malware found!
and here is the logs
system-log
[FONT=arial]---------------------------------------[/FONT]
[FONT=arial]Malwarebytes Anti-Rootkit BETA 1.06.1.1005[/FONT]

[FONT=arial](c) Malwarebytes Corporation 2011-2012[/FONT]

[FONT=arial]OS version: 6.1.7601 Windows 7 Service Pack 1 x64[/FONT]

[FONT=arial]Account is Administrative[/FONT]

[FONT=arial]Internet Explorer version: 10.0.9200.16635[/FONT]

[FONT=arial]File system is: NTFS[/FONT]
[FONT=arial]Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED[/FONT]
[FONT=arial]CPU speed: 2.095000 GHz[/FONT]
[FONT=arial]Memory total: 2050662400, free: 679538688[/FONT]

[FONT=arial]---------------------------------------[/FONT]
[FONT=arial]Malwarebytes Anti-Rootkit BETA 1.06.1.1005[/FONT]

[FONT=arial](c) Malwarebytes Corporation 2011-2012[/FONT]

[FONT=arial]OS version: 6.1.7601 Windows 7 Service Pack 1 x64[/FONT]

[FONT=arial]Account is Administrative[/FONT]

[FONT=arial]Internet Explorer version: 10.0.9200.16635[/FONT]

[FONT=arial]File system is: NTFS[/FONT]
[FONT=arial]Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED[/FONT]
[FONT=arial]CPU speed: 2.095000 GHz[/FONT]
[FONT=arial]Memory total: 2050662400, free: 654376960[/FONT]

[FONT=arial]=======================================[/FONT]


[FONT=arial]Downloaded database version: v2013.08.08.01[/FONT]
[FONT=arial]Downloaded database version: v2013.08.08.02[/FONT]
[FONT=arial]Downloaded database version: v2013.08.08.03[/FONT]
[FONT=arial]Downloaded database version: v2013.08.08.04[/FONT]
[FONT=arial]Downloaded database version: v2013.08.08.05[/FONT]
[FONT=arial]Downloaded database version: v2013.08.08.06[/FONT]
[FONT=arial]Downloaded database version: v2013.08.08.07[/FONT]
[FONT=arial]Downloaded database version: v2013.08.09.01[/FONT]
[FONT=arial]Downloaded database version: v2013.08.09.02[/FONT]
[FONT=arial]Downloaded database version: v2013.08.09.03[/FONT]
[FONT=arial]Downloaded database version: v2013.08.09.04[/FONT]
[FONT=arial]Downloaded database version: v2013.08.09.05[/FONT]
[FONT=arial]Initializing...[/FONT]
[FONT=arial]DDA Driver installation error.[/FONT]
[FONT=arial]Driver installed on boot. Reboot required.[/FONT]

[FONT=arial]System shutdown occurred[/FONT]
[FONT=arial]=======================================[/FONT]


[FONT=arial]---------------------------------------[/FONT]
[FONT=arial]Malwarebytes Anti-Rootkit BETA 1.06.1.1005[/FONT]

[FONT=arial](c) Malwarebytes Corporation 2011-2012[/FONT]

[FONT=arial]OS version: 6.1.7601 Windows 7 Service Pack 1 x64[/FONT]

[FONT=arial]Account is Administrative[/FONT]

[FONT=arial]Internet Explorer version: 10.0.9200.16635[/FONT]

[FONT=arial]File system is: NTFS[/FONT]
[FONT=arial]Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED[/FONT]
[FONT=arial]CPU speed: 2.095000 GHz[/FONT]
[FONT=arial]Memory total: 2050662400, free: 1021800448[/FONT]

[FONT=arial]Initializing...[/FONT]
[FONT=arial]DDA Driver is not active. Scan can't continue[/FONT]
[FONT=arial]=======================================[/FONT]


[FONT=arial]---------------------------------------[/FONT]
[FONT=arial]Malwarebytes Anti-Rootkit BETA 1.06.1.1005[/FONT]

[FONT=arial](c) Malwarebytes Corporation 2011-2012[/FONT]

[FONT=arial]OS version: 6.1.7601 Windows 7 Service Pack 1 x64[/FONT]

[FONT=arial]Account is Administrative[/FONT]

[FONT=arial]Internet Explorer version: 10.0.9200.16635[/FONT]

[FONT=arial]File system is: NTFS[/FONT]
[FONT=arial]Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED[/FONT]
[FONT=arial]CPU speed: 2.095000 GHz[/FONT]
[FONT=arial]Memory total: 2050662400, free: 1141379072[/FONT]

[FONT=arial]Downloaded database version: v2013.08.08.01[/FONT]
[FONT=arial]Downloaded database version: v2013.08.08.02[/FONT]
[FONT=arial]Downloaded database version: v2013.08.08.03[/FONT]
[FONT=arial]Downloaded database version: v2013.08.08.04[/FONT]
[FONT=arial]Downloaded database version: v2013.08.08.05[/FONT]
[FONT=arial]Downloaded database version: v2013.08.08.06[/FONT]
[FONT=arial]Downloaded database version: v2013.08.08.07[/FONT]
[FONT=arial]Downloaded database version: v2013.08.09.01[/FONT]
[FONT=arial]Downloaded database version: v2013.08.09.02[/FONT]
[FONT=arial]Downloaded database version: v2013.08.09.03[/FONT]
[FONT=arial]Downloaded database version: v2013.08.09.04[/FONT]
[FONT=arial]Downloaded database version: v2013.08.09.05[/FONT]
[FONT=arial]Downloaded database version: v2013.08.09.06[/FONT]
[FONT=arial]Initializing...[/FONT]
[FONT=arial]------------ Kernel report ------------[/FONT]
[FONT=arial] 08/09/2013 20:38:22[/FONT]
[FONT=arial]------------ Loaded modules -----------[/FONT]
[FONT=arial]\SystemRoot\system32\ntoskrnl.exe[/FONT]
[FONT=arial]\SystemRoot\system32\hal.dll[/FONT]
[FONT=arial]\SystemRoot\system32\kdcom.dll[/FONT]
[FONT=arial]\SystemRoot\system32\mcupdate_GenuineIntel.dll[/FONT]
[FONT=arial]\SystemRoot\system32\PSHED.dll[/FONT]
[FONT=arial]\SystemRoot\system32\CLFS.SYS[/FONT]
[FONT=arial]\SystemRoot\system32\CI.dll[/FONT]
[FONT=arial]\SystemRoot\system32\drivers\Wdf01000.sys[/FONT]
[FONT=arial]\SystemRoot\system32\drivers\WDFLDR.SYS[/FONT]
[FONT=arial]\SystemRoot\system32\drivers\ACPI.sys[/FONT]
[FONT=arial]\SystemRoot\system32\drivers\WMILIB.SYS[/FONT]
[FONT=arial]\SystemRoot\system32\drivers\msisadrv.sys[/FONT]
[FONT=arial]\SystemRoot\system32\drivers\pci.sys[/FONT]
[FONT=arial]\SystemRoot\system32\drivers\vdrvroot.sys[/FONT]
[FONT=arial]\SystemRoot\System32\drivers\partmgr.sys[/FONT]
[FONT=arial]\SystemRoot\system32\DRIVERS\compbatt.sys[/FONT]
[FONT=arial]\SystemRoot\system32\DRIVERS\BATTC.SYS[/FONT]
[FONT=arial]\SystemRoot\system32\drivers\volmgr.sys[/FONT]
[FONT=arial]\SystemRoot\System32\drivers\volmgrx.sys[/FONT]
[FONT=arial]\SystemRoot\system32\drivers\pciide.sys[/FONT]
[FONT=arial]\SystemRoot\system32\drivers\PCIIDEX.SYS[/FONT]
[FONT=arial]\SystemRoot\System32\drivers\mountmgr.sys[/FONT]
[FONT=arial]\SystemRoot\system32\drivers\vmbus.sys[/FONT]
[FONT=arial]\SystemRoot\system32\drivers\winhv.sys[/FONT]
[FONT=arial]\SystemRoot\system32\drivers\atapi.sys[/FONT]
[FONT=arial]\SystemRoot\system32\drivers\ataport.SYS[/FONT]
[FONT=arial]\SystemRoot\system32\drivers\amdxata.sys[/FONT]
[FONT=arial]\SystemRoot\system32\drivers\fltmgr.sys[/FONT]
[FONT=arial]\SystemRoot\system32\drivers\fileinfo.sys[/FONT]
[FONT=arial]\SystemRoot\system32\DRIVERS\MpFilter.sys[/FONT]
[FONT=arial]\SystemRoot\System32\Drivers\Ntfs.sys[/FONT]
[FONT=arial]\SystemRoot\System32\Drivers\msrpc.sys[/FONT]
[FONT=arial]\SystemRoot\System32\Drivers\ksecdd.sys[/FONT]
[FONT=arial]\SystemRoot\System32\Drivers\cng.sys[/FONT]
[FONT=arial]\SystemRoot\System32\drivers\pcw.sys[/FONT]
[FONT=arial]\SystemRoot\System32\Drivers\Fs_Rec.sys[/FONT]
[FONT=arial]\SystemRoot\system32\drivers\ndis.sys[/FONT]
[FONT=arial]\SystemRoot\system32\drivers\NETIO.SYS[/FONT]
[FONT=arial]\SystemRoot\System32\Drivers\ksecpkg.sys[/FONT]
[FONT=arial]\SystemRoot\System32\drivers\tcpip.sys[/FONT]
[FONT=arial]\SystemRoot\System32\drivers\fwpkclnt.sys[/FONT]
[FONT=arial]\SystemRoot\system32\drivers\vmstorfl.sys[/FONT]
[FONT=arial]\SystemRoot\system32\drivers\volsnap.sys[/FONT]
[FONT=arial]\SystemRoot\system32\DRIVERS\TVALZ_O.SYS[/FONT]
[FONT=arial]\SystemRoot\System32\Drivers\spldr.sys[/FONT]
[FONT=arial]\SystemRoot\System32\drivers\rdyboost.sys[/FONT]
[FONT=arial]\SystemRoot\System32\Drivers\mup.sys[/FONT]
[FONT=arial]\SystemRoot\System32\drivers\hwpolicy.sys[/FONT]
[FONT=arial]\SystemRoot\System32\DRIVERS\fvevol.sys[/FONT]
[FONT=arial]\SystemRoot\system32\DRIVERS\disk.sys[/FONT]
[FONT=arial]\SystemRoot\system32\DRIVERS\CLASSPNP.SYS[/FONT]
[FONT=arial]\SystemRoot\system32\ntoskrnl.exe[/FONT]
[FONT=arial]\SystemRoot\system32\DRIVERS\cdrom.sys[/FONT]
[FONT=arial]\SystemRoot\System32\Drivers\Null.SYS[/FONT]
[FONT=arial]\SystemRoot\System32\Drivers\Beep.SYS[/FONT]
[FONT=arial]\SystemRoot\System32\drivers\vga.sys[/FONT]
[FONT=arial]\SystemRoot\System32\drivers\VIDEOPRT.SYS[/FONT]
[FONT=arial]\SystemRoot\System32\drivers\watchdog.sys[/FONT]
[FONT=arial]\SystemRoot\System32\DRIVERS\RDPCDD.sys[/FONT]
[FONT=arial]\SystemRoot\system32\drivers\rdpencdd.sys[/FONT]
[FONT=arial]\SystemRoot\system32\drivers\rdprefmp.sys[/FONT]
[FONT=arial]\SystemRoot\System32\Drivers\Msfs.SYS[/FONT]
[FONT=arial]\SystemRoot\System32\Drivers\Npfs.SYS[/FONT]
[FONT=arial]\SystemRoot\system32\DRIVERS\tdx.sys[/FONT]
[FONT=arial]\SystemRoot\system32\DRIVERS\TDI.SYS[/FONT]
[FONT=arial]\SystemRoot\system32\drivers\afd.sys[/FONT]
[FONT=arial]\SystemRoot\System32\DRIVERS\netbt.sys[/FONT]
[FONT=arial]\SystemRoot\system32\DRIVERS\wfplwf.sys[/FONT]
[FONT=arial]\SystemRoot\system32\DRIVERS\pacer.sys[/FONT]
[FONT=arial]\SystemRoot\system32\DRIVERS\vwififlt.sys[/FONT]
[FONT=arial]\SystemRoot\system32\DRIVERS\netbios.sys[/FONT]
[FONT=arial]\SystemRoot\system32\DRIVERS\wanarp.sys[/FONT]
[FONT=arial]\SystemRoot\system32\drivers\termdd.sys[/FONT]
[FONT=arial]\SystemRoot\system32\DRIVERS\rdbss.sys[/FONT]
[FONT=arial]\SystemRoot\system32\drivers\nsiproxy.sys[/FONT]
[FONT=arial]\SystemRoot\system32\drivers\mssmbios.sys[/FONT]
[FONT=arial]\SystemRoot\System32\drivers\discache.sys[/FONT]
[FONT=arial]\SystemRoot\system32\drivers\csc.sys[/FONT]
[FONT=arial]\SystemRoot\System32\Drivers\dfsc.sys[/FONT]
[FONT=arial]\SystemRoot\system32\DRIVERS\blbdrive.sys[/FONT]
[FONT=arial]\SystemRoot\system32\DRIVERS\tunnel.sys[/FONT]
[FONT=arial]\SystemRoot\system32\DRIVERS\igdkmd64.sys[/FONT]
[FONT=arial]\SystemRoot\System32\drivers\dxgkrnl.sys[/FONT]
[FONT=arial]\SystemRoot\System32\drivers\dxgmms1.sys[/FONT]
[FONT=arial]\SystemRoot\system32\DRIVERS\HECIx64.sys[/FONT]
[FONT=arial]\SystemRoot\system32\drivers\usbehci.sys[/FONT]
[FONT=arial]\SystemRoot\system32\drivers\USBPORT.SYS[/FONT]
[FONT=arial]\SystemRoot\system32\drivers\HDAudBus.sys[/FONT]
[FONT=arial]\SystemRoot\system32\DRIVERS\Rt64win7.sys[/FONT]
[FONT=arial]\SystemRoot\system32\DRIVERS\athrx.sys[/FONT]
[FONT=arial]\SystemRoot\system32\DRIVERS\vwifibus.sys[/FONT]
[FONT=arial]\SystemRoot\system32\DRIVERS\CmBatt.sys[/FONT]
[FONT=arial]\SystemRoot\system32\drivers\i8042prt.sys[/FONT]
[FONT=arial]\SystemRoot\system32\DRIVERS\mouclass.sys[/FONT]
[FONT=arial]\SystemRoot\system32\drivers\kbdclass.sys[/FONT]
[FONT=arial]\SystemRoot\system32\DRIVERS\intelppm.sys[/FONT]
[FONT=arial]\SystemRoot\system32\DRIVERS\tosrfec.sys[/FONT]
[FONT=arial]\SystemRoot\system32\drivers\CompositeBus.sys[/FONT]
[FONT=arial]\SystemRoot\system32\DRIVERS\AgileVpn.sys[/FONT]
[FONT=arial]\SystemRoot\system32\DRIVERS\rasl2tp.sys[/FONT]
[FONT=arial]\SystemRoot\system32\DRIVERS\ndistapi.sys[/FONT]
[FONT=arial]\SystemRoot\system32\DRIVERS\ndiswan.sys[/FONT]
[FONT=arial]\SystemRoot\system32\DRIVERS\raspppoe.sys[/FONT]
[FONT=arial]\SystemRoot\system32\DRIVERS\raspptp.sys[/FONT]
[FONT=arial]\SystemRoot\system32\DRIVERS\rassstp.sys[/FONT]
[FONT=arial]\SystemRoot\system32\DRIVERS\rdpbus.sys[/FONT]
[FONT=arial]\SystemRoot\system32\drivers\swenum.sys[/FONT]
[FONT=arial]\SystemRoot\system32\drivers\ks.sys[/FONT]
[FONT=arial]\SystemRoot\system32\drivers\umbus.sys[/FONT]
[FONT=arial]\SystemRoot\system32\DRIVERS\usbhub.sys[/FONT]
[FONT=arial]\SystemRoot\System32\Drivers\NDProxy.SYS[/FONT]
[FONT=arial]\SystemRoot\system32\drivers\HdAudio.sys[/FONT]
[FONT=arial]\SystemRoot\system32\drivers\portcls.sys[/FONT]
[FONT=arial]\SystemRoot\system32\drivers\drmk.sys[/FONT]
[FONT=arial]\SystemRoot\system32\drivers\ksthunk.sys[/FONT]
[FONT=arial]\SystemRoot\System32\Drivers\crashdmp.sys[/FONT]
[FONT=arial]\SystemRoot\System32\Drivers\dump_dumpata.sys[/FONT]
[FONT=arial]\SystemRoot\System32\Drivers\dump_atapi.sys[/FONT]
[FONT=arial]\SystemRoot\System32\Drivers\dump_dumpfve.sys[/FONT]
[FONT=arial]\SystemRoot\System32\win32k.sys[/FONT]
[FONT=arial]\SystemRoot\System32\drivers\Dxapi.sys[/FONT]
[FONT=arial]\SystemRoot\system32\DRIVERS\USBSTOR.SYS[/FONT]
[FONT=arial]\SystemRoot\system32\DRIVERS\USBD.SYS[/FONT]
[FONT=arial]\SystemRoot\system32\DRIVERS\monitor.sys[/FONT]
[FONT=arial]\SystemRoot\System32\TSDDD.dll[/FONT]
[FONT=arial]\SystemRoot\System32\cdd.dll[/FONT]
[FONT=arial]\SystemRoot\system32\DRIVERS\usbccgp.sys[/FONT]
[FONT=arial]\SystemRoot\System32\Drivers\usbvideo.sys[/FONT]
[FONT=arial]\SystemRoot\system32\DRIVERS\pgeffect.sys[/FONT]
[FONT=arial]\SystemRoot\system32\drivers\luafv.sys[/FONT]
[FONT=arial]\??\C:\Windows\system32\drivers\mbam.sys[/FONT]
[FONT=arial]\SystemRoot\system32\DRIVERS\lltdio.sys[/FONT]
[FONT=arial]\SystemRoot\system32\DRIVERS\nwifi.sys[/FONT]
[FONT=arial]\SystemRoot\system32\DRIVERS\ndisuio.sys[/FONT]
[FONT=arial]\SystemRoot\system32\DRIVERS\rspndr.sys[/FONT]
[FONT=arial]\SystemRoot\system32\drivers\HTTP.sys[/FONT]
[FONT=arial]\SystemRoot\system32\DRIVERS\bowser.sys[/FONT]
[FONT=arial]\SystemRoot\System32\drivers\mpsdrv.sys[/FONT]
[FONT=arial]\SystemRoot\system32\DRIVERS\mrxsmb.sys[/FONT]
[FONT=arial]\SystemRoot\system32\DRIVERS\mrxsmb10.sys[/FONT]
[FONT=arial]\SystemRoot\system32\DRIVERS\mrxsmb20.sys[/FONT]
[FONT=arial]\SystemRoot\system32\DRIVERS\vwifimp.sys[/FONT]
[FONT=arial]\SystemRoot\system32\DRIVERS\NisDrvWFP.sys[/FONT]
[FONT=arial]\SystemRoot\system32\drivers\peauth.sys[/FONT]
[FONT=arial]\SystemRoot\System32\Drivers\secdrv.SYS[/FONT]
[FONT=arial]\SystemRoot\System32\DRIVERS\srvnet.sys[/FONT]
[FONT=arial]\SystemRoot\System32\drivers\tcpipreg.sys[/FONT]
[FONT=arial]\SystemRoot\System32\DRIVERS\srv2.sys[/FONT]
[FONT=arial]\SystemRoot\System32\DRIVERS\srv.sys[/FONT]
[FONT=arial]\SystemRoot\system32\drivers\WudfPf.sys[/FONT]
[FONT=arial]\SystemRoot\system32\DRIVERS\WUDFRd.sys[/FONT]
[FONT=arial]\??\C:\Windows\system32\drivers\mbamchameleon.sys[/FONT]
[FONT=arial]\SystemRoot\system32\drivers\mbamswissarmy.sys[/FONT]
[FONT=arial]\Windows\System32\ntdll.dll[/FONT]
[FONT=arial]\Windows\System32\smss.exe[/FONT]
[FONT=arial]\Windows\System32\apisetschema.dll[/FONT]
[FONT=arial]\Windows\System32\autochk.exe[/FONT]
[FONT=arial]\Windows\System32\oleaut32.dll[/FONT]
[FONT=arial]\Windows\System32\ws2_32.dll[/FONT]
[FONT=arial]\Windows\System32\shell32.dll[/FONT]
[FONT=arial]----------- End -----------[/FONT]
[FONT=arial]Done![/FONT]
[FONT=arial]<<<1>>>[/FONT]
[FONT=arial]Upper Device Name: \Device\Harddisk1\DR1[/FONT]
[FONT=arial]Upper Device Object: 0xfffffa80058f4790[/FONT]
[FONT=arial]Upper Device Driver Name: \Driver\Disk\[/FONT]
[FONT=arial]Lower Device Name: \Device\00000072\[/FONT]
[FONT=arial]Lower Device Object: 0xfffffa8005257b60[/FONT]
[FONT=arial]Lower Device Driver Name: \Driver\USBSTOR\[/FONT]
[FONT=arial]<<<1>>>[/FONT]
[FONT=arial]Upper Device Name: \Device\Harddisk0\DR0[/FONT]
[FONT=arial]Upper Device Object: 0xfffffa80041d0060[/FONT]
[FONT=arial]Upper Device Driver Name: \Driver\Disk\[/FONT]
[FONT=arial]Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\[/FONT]
[FONT=arial]Lower Device Object: 0xfffffa8003c3a060[/FONT]
[FONT=arial]Lower Device Driver Name: \Driver\atapi\[/FONT]
[FONT=arial]<<<2>>>[/FONT]
[FONT=arial]Device number: 0, partition: 3[/FONT]
[FONT=arial]Physical Sector Size: 512[/FONT]
[FONT=arial]Drive: 0, DevicePointer: 0xfffffa80041d0060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\[/FONT]
[FONT=arial]--------- Disk Stack ------[/FONT]
[FONT=arial]DevicePointer: 0xfffffa80040919d0, DeviceName: Unknown, DriverName: \Driver\partmgr\[/FONT]
[FONT=arial]DevicePointer: 0xfffffa80041d0060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\[/FONT]
[FONT=arial]DevicePointer: 0xfffffa8003c8e520, DeviceName: Unknown, DriverName: \Driver\ACPI\[/FONT]
[FONT=arial]DevicePointer: 0xfffffa8003c3a060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\[/FONT]
[FONT=arial]------------ End ----------[/FONT]
[FONT=arial]Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\[/FONT]
[FONT=arial]Upper DeviceData: 0x0, 0x0, 0x0[/FONT]
[FONT=arial]Lower DeviceData: 0x0, 0x0, 0x0[/FONT]
[FONT=arial]<<<3>>>[/FONT]
[FONT=arial]Volume: C:[/FONT]
[FONT=arial]File system type: NTFS[/FONT]
[FONT=arial]SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes[/FONT]
[FONT=arial]<<<2>>>[/FONT]
[FONT=arial]Device number: 0, partition: 3[/FONT]
[FONT=arial]<<<3>>>[/FONT]
[FONT=arial]Volume: C:[/FONT]
[FONT=arial]File system type: NTFS[/FONT]
[FONT=arial]SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes[/FONT]
[FONT=arial]Scanning drivers directory: C:\Windows\system32\drivers...[/FONT]
[FONT=arial]<<<2>>>[/FONT]
[FONT=arial]Device number: 0, partition: 3[/FONT]
[FONT=arial]<<<3>>>[/FONT]
[FONT=arial]Volume: C:[/FONT]
[FONT=arial]File system type: NTFS[/FONT]
[FONT=arial]SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes[/FONT]
[FONT=arial]Done![/FONT]
[FONT=arial]Drive 0[/FONT]
[FONT=arial]Scanning MBR on drive 0...[/FONT]
[FONT=arial]Inspecting partition table:[/FONT]
[FONT=arial]MBR Signature: 55AA[/FONT]
[FONT=arial]Disk Signature: 600DD109[/FONT]

[FONT=arial]Partition information:[/FONT]

[FONT=arial] Partition 0 type is Primary (0x7)[/FONT]
[FONT=arial] Partition is ACTIVE.[/FONT]
[FONT=arial] Partition starts at LBA: 2048 Numsec = 204800[/FONT]
[FONT=arial] Partition file system is NTFS[/FONT]
[FONT=arial] Partition is bootable[/FONT]

[FONT=arial] Partition 1 type is Primary (0x7)[/FONT]
[FONT=arial] Partition is NOT ACTIVE.[/FONT]
[FONT=arial] Partition starts at LBA: 206848 Numsec = 306993152[/FONT]

[FONT=arial] Partition 2 type is Primary (0x7)[/FONT]
[FONT=arial] Partition is NOT ACTIVE.[/FONT]
[FONT=arial] Partition starts at LBA: 307200000 Numsec = 317939712[/FONT]

[FONT=arial] Partition 3 type is Empty (0x0)[/FONT]
[FONT=arial] Partition is NOT ACTIVE.[/FONT]
[FONT=arial] Partition starts at LBA: 0 Numsec = 0[/FONT]

[FONT=arial]Disk Size: 320072933376 bytes[/FONT]
[FONT=arial]Sector size: 512 bytes[/FONT]

[FONT=arial]Scanning physical sectors of unpartitioned space on drive 0 (1-2047-625122448-625142448)...[/FONT]
[FONT=arial]Done![/FONT]
[FONT=arial]Physical Sector Size: 0[/FONT]
[FONT=arial]Drive: 1, DevicePointer: 0xfffffa80058f4790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\[/FONT]
[FONT=arial]--------- Disk Stack ------[/FONT]
[FONT=arial]DevicePointer: 0xfffffa8005259b90, DeviceName: Unknown, DriverName: \Driver\partmgr\[/FONT]
[FONT=arial]DevicePointer: 0xfffffa80058f4790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\[/FONT]
[FONT=arial]DevicePointer: 0xfffffa8005257b60, DeviceName: \Device\00000072\, DriverName: \Driver\USBSTOR\[/FONT]
[FONT=arial]------------ End ----------[/FONT]
[FONT=arial]Scan finished[/FONT]
[FONT=arial]=======================================[/FONT]


[FONT=arial]Removal queue found; removal started[/FONT]
[FONT=arial]Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...[/FONT]
[FONT=arial]Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_0_2048_i.mbam...[/FONT]
[FONT=arial]Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...[/FONT]
[FONT=arial]Removal finished[/FONT]

[FONT=arial]mbar-log[/FONT]
Malwarebytes Anti-Rootkit BETA 1.06.1.1005www.malwarebytes.org
Database version: v2013.08.09.06
Windows 7 Service Pack 1 x64 NTFSInternet Explorer 10.0.9200.16635user1 :: USER1-PC [administrator]
8/9/2013 8:38:28 PMmbar-log-2013-08-09 (20-38-28).txt
Scan type: Quick scanScan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2PScan options disabled: PUPObjects scanned: 233932Time elapsed: 15 minute(s), 22 second(s)
Memory Processes Detected: 0(No malicious items detected)
Memory Modules Detected: 0(No malicious items detected)
Registry Keys Detected: 0(No malicious items detected)
Registry Values Detected: 0(No malicious items detected)
Registry Data Items Detected: 0(No malicious items detected)
Folders Detected: 0(No malicious items detected)
Files Detected: 0(No malicious items detected)
Physical Sectors Detected: 0(No malicious items detected)
(end)

 

[Broni]

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.

 

[amiraa]

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-08-2013 02
Ran by user1 (administrator) on 09-08-2013 21:16:31
Running from C:\Users\user1\Downloads
Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\ProgramData\MobileBrServ\mbbservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Users\user1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\user1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\user1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\user1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\user1\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\user1\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1281512 2013-01-27] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TkBellExe] - c:\program files (x86)\real\realplayer\Update\realsched.exe [296096 2012-07-25] (RealNetworks, Inc.)
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - %SystemRoot%\system32\wpdshserviceobj.dll (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://arabia.msn.com/?C=JO
URLSearchHook: (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: No Name - {C8625893-2C0F-4484-8C18-52B00D5A8BB9} - No File
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\7qjyvmn8.default
FF user.js: detected! => C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\7qjyvmn8.default\user.js
FF Homepage: hxxp://www.bing.com/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=15.0.5.109 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.5.109 - c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.5.109 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.5.109 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=15.0.5.109 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\user1\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\user1\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\7qjyvmn8.default\searchplugins\search.xml
FF Extension: Yahoo! Toolbar - C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\7qjyvmn8.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}] C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

Chrome:
=======
CHR Extension: (Ultimate YouTube Downloader) - C:\Users\user1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfkpkealncpcbfklpgnggcgjjdkbljop\1.0.2.6_0
CHR Extension: (YouTube) - C:\Users\user1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\user1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\user1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0
CHR Extension: (Gmail) - C:\Users\user1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx
CHR StartMenuInternet: Google Chrome - C:\Users\user1\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [232288 2012-03-12] ()
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
S2 ATE_PROCMON; \??\C:\Program Files (x86)\Anti Trojan Elite\ATEPMon.sys [x]
S3 cpuz134; \??\C:\Users\user1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 Tosrfcom; No ImagePath
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-09 21:15 - 2013-08-09 21:16 - 01790169 _____ (Farbar) C:\Users\user1\Downloads\FRST64.exe
2013-08-09 21:04 - 2013-08-09 21:04 - 00262144 _____ C:\Windows\Minidump\080913-20872-01.dmp
2013-08-09 20:17 - 2013-08-09 20:18 - 12081912 _____ (Malwarebytes Corp.) C:\Users\user1\Downloads\mbar-1.06.1.1005.exe
2013-08-09 20:07 - 2013-08-09 20:13 - 00000000 ____D C:\Users\user1\Desktop\RK_Quarantine
2013-08-09 20:06 - 2013-08-09 20:07 - 03800064 _____ C:\Users\user1\Downloads\RogueKillerX64.exe
2013-08-08 11:12 - 2013-08-09 21:12 - 00000336 _____ C:\Windows\setupact.log
2013-08-08 11:12 - 2013-08-09 21:04 - 301846164 _____ C:\Windows\MEMORY.DMP
2013-08-08 11:12 - 2013-08-08 11:12 - 00262144 _____ C:\Windows\Minidump\080813-33228-01.dmp
2013-08-08 11:12 - 2013-08-08 11:12 - 00000000 _____ C:\Windows\setuperr.log
2013-08-08 09:36 - 2013-08-08 09:36 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-08 09:36 - 2013-08-08 09:36 - 00000000 ____D C:\Users\user1\AppData\Roaming\Malwarebytes
2013-08-08 09:35 - 2013-08-08 09:36 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-08 09:35 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-08-08 09:33 - 2013-08-08 09:34 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\user1\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-08 09:31 - 2013-08-08 09:31 - 00000000 ____D C:\ProgramData\CDB
2013-08-06 21:22 - 2013-08-09 20:55 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-08-06 20:17 - 2013-08-06 20:17 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-06 00:59 - 2013-08-06 21:58 - 00000162 _____ C:\Windows\Reimage.ini
2013-08-04 23:56 - 2013-08-09 21:04 - 00000000 ____D C:\Windows\Minidump
2013-08-04 22:53 - 2013-08-08 10:28 - 00000000 ____D C:\Program Files (x86)\GridinSoft Trojan Killer
2013-08-02 14:59 - 2013-08-02 15:01 - 00000000 ____D C:\Windows\system32\MRT
2013-07-27 21:54 - 2013-06-28 21:20 - 00000000 ____D C:\Users\user1\Desktop\Ulala Session - Memory [www.k2nblog.com]
2013-07-12 23:19 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-12 23:19 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-12 23:19 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-12 23:19 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-12 23:19 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-12 23:19 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-12 23:19 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-12 23:19 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-12 23:19 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-12 23:19 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-12 23:19 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-12 23:19 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-12 23:19 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-12 23:19 - 2013-06-12 01:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-12 23:19 - 2013-06-12 01:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-12 23:19 - 2013-06-12 01:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-12 23:19 - 2013-06-12 01:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-12 23:19 - 2013-06-12 01:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-12 23:19 - 2013-06-12 01:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-12 23:19 - 2013-06-12 01:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-12 23:19 - 2013-06-12 01:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-12 23:19 - 2013-06-12 01:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-12 23:19 - 2013-06-12 01:25 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-12 23:19 - 2013-06-12 01:25 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-12 23:19 - 2013-06-12 01:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-12 23:19 - 2013-06-12 01:25 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-12 23:19 - 2013-06-12 01:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-12 23:19 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-12 23:19 - 2013-06-12 00:50 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-12 23:19 - 2013-06-07 05:22 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-12 23:19 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-12 20:54 - 2013-06-04 08:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-12 20:54 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-12 20:54 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-12 20:54 - 2013-04-03 00:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-12 12:22 - 2013-06-05 05:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-12 12:22 - 2013-05-06 08:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-12 12:22 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-10 20:08 - 2013-07-10 20:15 - 00000000 ____D C:\Users\user1\Desktop\Warrior (Deluxe Version)

==================== One Month Modified Files and Folders =======

2013-08-09 21:16 - 2013-08-09 21:15 - 01790169 _____ (Farbar) C:\Users\user1\Downloads\FRST64.exe
2013-08-09 21:12 - 2013-08-08 11:12 - 00000336 _____ C:\Windows\setupact.log
2013-08-09 21:12 - 2012-09-11 06:25 - 00000422 _____ C:\Windows\Tasks\Wise Care 365.job
2013-08-09 21:12 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-09 21:11 - 2012-09-11 19:35 - 01689663 _____ C:\Windows\WindowsUpdate.log
2013-08-09 21:10 - 2009-07-14 06:45 - 00023504 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-09 21:10 - 2009-07-14 06:45 - 00023504 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-09 21:04 - 2013-08-09 21:04 - 00262144 _____ C:\Windows\Minidump\080913-20872-01.dmp
2013-08-09 21:04 - 2013-08-08 11:12 - 301846164 _____ C:\Windows\MEMORY.DMP
2013-08-09 21:04 - 2013-08-04 23:56 - 00000000 ____D C:\Windows\Minidump
2013-08-09 20:55 - 2013-08-06 21:22 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-08-09 20:27 - 2012-04-01 07:36 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-09 20:18 - 2013-08-09 20:17 - 12081912 _____ (Malwarebytes Corp.) C:\Users\user1\Downloads\mbar-1.06.1.1005.exe
2013-08-09 20:13 - 2013-08-09 20:07 - 00000000 ____D C:\Users\user1\Desktop\RK_Quarantine
2013-08-09 20:07 - 2013-08-09 20:06 - 03800064 _____ C:\Users\user1\Downloads\RogueKillerX64.exe
2013-08-08 11:12 - 2013-08-08 11:12 - 00262144 _____ C:\Windows\Minidump\080813-33228-01.dmp
2013-08-08 11:12 - 2013-08-08 11:12 - 00000000 _____ C:\Windows\setuperr.log
2013-08-08 10:28 - 2013-08-04 22:53 - 00000000 ____D C:\Program Files (x86)\GridinSoft Trojan Killer
2013-08-08 09:36 - 2013-08-08 09:36 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-08 09:36 - 2013-08-08 09:36 - 00000000 ____D C:\Users\user1\AppData\Roaming\Malwarebytes
2013-08-08 09:36 - 2013-08-08 09:35 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-08 09:34 - 2013-08-08 09:33 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\user1\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-08 09:31 - 2013-08-08 09:31 - 00000000 ____D C:\ProgramData\CDB
2013-08-06 21:58 - 2013-08-06 00:59 - 00000162 _____ C:\Windows\Reimage.ini
2013-08-06 21:08 - 2011-10-12 08:43 - 00000000 ____D C:\Users\user1
2013-08-06 20:17 - 2013-08-06 20:17 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-06 20:06 - 2011-10-22 13:18 - 00000000 ____D C:\ProgramData\Yahoo!
2013-08-06 20:05 - 2011-10-22 12:48 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2013-08-04 20:43 - 2012-05-01 17:48 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2013-08-04 20:43 - 2012-01-29 21:50 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-08-04 20:43 - 2011-10-21 23:57 - 00000000 ____D C:\Users\user1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\The KMPlayer
2013-08-04 20:43 - 2011-10-21 23:57 - 00000000 ____D C:\Program Files (x86)\The KMPlayer
2013-08-04 20:43 - 2009-07-14 09:45 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-08-04 20:43 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2013-08-04 20:43 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\AppCompat
2013-08-04 20:42 - 2012-01-01 15:56 - 00000000 ____D C:\ProgramData\Real
2013-08-02 15:01 - 2013-08-02 14:59 - 00000000 ____D C:\Windows\system32\MRT
2013-08-01 19:18 - 2009-07-14 07:13 - 00726444 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-29 20:55 - 2011-12-05 17:06 - 00000000 ____D C:\Users\user1\Desktop\Wallpapers
2013-07-29 20:55 - 2011-10-21 23:33 - 00000000 ___RD C:\Users\user1\Desktop\pic
2013-07-18 15:36 - 2012-05-13 06:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-07-17 21:42 - 2013-06-27 21:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-13 16:19 - 2009-07-14 06:45 - 00343352 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-13 16:17 - 2009-07-14 09:46 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-13 16:17 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-13 16:17 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-13 16:16 - 2012-05-19 09:03 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-13 16:16 - 2012-05-19 09:03 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-12 23:28 - 2011-11-16 22:55 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-12 23:21 - 2011-11-11 17:09 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-12 11:43 - 2012-04-01 07:36 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-07-12 11:43 - 2012-04-01 07:36 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-07-12 11:43 - 2011-10-22 13:18 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-07-12 11:41 - 2011-12-08 06:39 - 00000000 ____D C:\Users\user1\AppData\Local\Adobe
2013-07-10 20:15 - 2013-07-10 20:08 - 00000000 ____D C:\Users\user1\Desktop\Warrior (Deluxe Version)

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-02 15:31

==================== End Of Log ============================

 

[amiraa]

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-08-2013 02
Ran by user1 at 2013-08-09 21:17:27
Running from C:\Users\user1\Downloads
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================


Adobe AIR (x32 Version: 3.1.0.4880)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Adobe Reader X (10.1.7) (x32 Version: 10.1.7)
Atheros Driver Installation Program (x32 Version: 9.2)
Bing Bar (x32 Version: 7.1.391.0)
Bing Rewards Client Installer (x32 Version: 16.0.345.0)
Bluetooth Stack for Windows by Toshiba (Version: v8.00.02(T))
CCleaner (x32 Version: 2.27)
COWON Media Center - jetAudio Plus VX (x32 Version: 8.0.11)
D3DX10 (x32 Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
dows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0) (Version: 08/22/2008 7.0.0.0)
GOM Audio (x32 Version: 2.0.2.0287)
GOM Player (x32 Version: 2.1.50.5145)
Google Chrome (HKCU Version: 28.0.1500.95)
HP Deskjet 2050 J510 series Basic Device Software (Version: 22.50.231.0)
HP Deskjet 2050 J510 series Help (x32 Version: 140.0.61.61)
HP Deskjet 2050 J510 series Product Improvement Study (Version: 22.50.231.0)
HP Photo Creations (x32 Version: 1.0.0.3781)
HP Update (x32 Version: 5.002.006.003)
Intel(R) Management Engine Components (x32 Version: 7.0.0.1144)
Intel(R) Processor Graphics (x32 Version: 8.15.10.2353)
IrfanView (remove only) (x32 Version: 4.32)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Mesh Runtime (x32 Version: 15.4.5722.2)
Messenger Companion (x32 Version: 15.4.3502.0922)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Home and Business 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Security Client (Version: 4.2.0223.1)
Microsoft Security Essentials (Version: 4.2.223.1)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Text-to-Speech Engine 4.0 (English) (x32)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319)
Microsoft_VC100_CRT_SP1_x64 (Version: 10.0.40219.1)
Microsoft_VC100_CRT_SP1_x86 (x32 Version: 10.0.40219.1)
Mobile Broadband HL Service (x32 Version: 22.001.14.00.03)
Mozilla Firefox 22.0 (x86 en-US) (x32 Version: 22.0)
Mozilla Maintenance Service (x32 Version: 22.0)
Mp3tag v2.49b (x32 Version: v2.49b)
MSVC80_x64_v2 (Version: 1.0.3.0)
MSVC80_x86_v2 (x32 Version: 1.0.3.0)
MSVC90_x64 (Version: 1.0.1.2)
MSVC90_x86 (x32 Version: 1.0.1.2)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Opera 12.15 (x32 Version: 12.15.1748)
PC Connectivity Solution (x32 Version: 11.5.13.0)
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0)
RealPlayer (x32 Version: 15.0.5)
Realtek Ethernet Controller Driver (x32 Version: 7.38.113.2011)
RealUpgrade 1.1 (x32 Version: 1.1.0)
Sothink FLV Player (x32 Version: 2.3)
The KMPlayer (remove only) (x32 Version: 3.4.0.59)
TOSHIBA Web Camera Application (x32 Version: 2.0.0.19)
Unlocker 1.9.1-x64 (Version: 1.9.1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3555.0308)
Windows Live Family Safety (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8)
WinRAR archiver (x32)

==================== Restore Points =========================

04-08-2013 18:40:26 Restore Operation
04-08-2013 18:47:54 Removed Windows 7 Manager
04-08-2013 19:17:56 Windows Update
06-08-2013 19:05:50 Malwarebytes Anti-Rootkit Restore Point
08-08-2013 07:56:47 Windows Update
08-08-2013 08:33:59 Removed Nokia Connectivity Cable Driver
09-08-2013 18:16:25 Pre-Malwarebytes Anti-Rootkit

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {01904398-4360-4EDF-A01E-6F4E70C6AB96} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-01-27] (Microsoft Corporation)
Task: {03194699-FCEF-4D66-A86F-81459ECEE53C} - \AutoKMS No Task File
Task: {199EFA77-0765-4C8A-BABD-BF60A5C0CE4D} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2820742433-3329283319-3891564071-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-06-21] (RealNetworks, Inc.)
Task: {45E2829C-0C3F-4E21-8220-AB7FEDE0BE82} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation)
Task: {78BAE733-7BA0-44D5-851A-E78EC84BFA4B} - System32\Tasks\HPCustParticipation HP Deskjet 2050 J510 series => C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\HPCustPartic.exe [2010-11-16] (Hewlett-Packard Co.)
Task: {7BFCD0F0-75FA-4AF6-BA53-76B13453F867} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-12] (Adobe Systems Incorporated)
Task: {8F65DDC1-A7D4-409D-A6CE-CBE45C71C048} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {9BB757D1-FD81-4918-9AB4-A4C307F0E8F7} - System32\Tasks\YourFile Update => C:\Program Files (x86)\YourFileDownloader\YourFileUpdater.exe No File
Task: {B171C05C-2BD2-4E98-9060-E1716CAE4E81} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2820742433-3329283319-3891564071-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-06-21] (RealNetworks, Inc.)
Task: {B1915D23-54DC-4B2B-AF30-0646DC693E15} - System32\Tasks\Microsoft\Microsoft Antimalware\MpIdleTask => c:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-01-27] (Microsoft Corporation)
Task: {DA1C18DE-3AAC-49C0-AF0C-24468993990D} - System32\Tasks\Wise Care 365 => C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe No File
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Wise Care 365.job => C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe

==================== Faulty Device Manager Devices =============

Name: Bluetooth USB Controller-10 from TOSHIBA
Description: Bluetooth USB Controller-10 from TOSHIBA
Class Guid: {7240100f-6512-4548-8418-9ebb5c6a1a94}
Manufacturer: Toshiba
Service: tosrfusb
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/09/2013 08:10:55 PM) (Source: Application Error) (User: )
Description: Faulting application name: chrome.exe, version: 28.0.1500.95, time stamp: 0x51f05c5f
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x000d9129
Faulting process id: 0xd48
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3

Error: (08/08/2013 09:32:36 AM) (Source: Application Error) (User: )
Description: Faulting application name: chrome.exe, version: 28.0.1500.95, time stamp: 0x51f05c5f
Faulting module name: chrome.dll, version: 28.0.1500.95, time stamp: 0x51f05bf5
Exception code: 0xc0000409
Fault offset: 0x003fea4c
Faulting process id: 0xdd8
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3

Error: (08/05/2013 11:39:57 PM) (Source: Application Error) (User: )
Description: Faulting application name: chrome.exe, version: 28.0.1500.95, time stamp: 0x51f05c5f
Faulting module name: chrome.dll, version: 28.0.1500.95, time stamp: 0x51f05bf5
Exception code: 0xc0000409
Fault offset: 0x003fea4c
Faulting process id: 0xb60
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3

Error: (08/05/2013 00:09:30 AM) (Source: Application Hang) (User: )
Description: The program SnippingTool.exe version 6.1.7600.16385 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: ba8

Start Time: 01ce915f21659c9e

Termination Time: 8

Application Path: C:\Windows\system32\SnippingTool.exe

Report Id: 7d3d6f7e-fd52-11e2-bae3-b870f4683b87

Error: (08/04/2013 11:59:58 PM) (Source: Application Error) (User: )
Description: Faulting application name: chrome.exe, version: 28.0.1500.95, time stamp: 0x51f05c5f
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00249129
Faulting process id: 0x550
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3

Error: (08/04/2013 10:36:08 PM) (Source: Application Error) (User: )
Description: Faulting application name: chrome.exe, version: 28.0.1500.95, time stamp: 0x51f05c5f
Faulting module name: chrome.dll, version: 28.0.1500.95, time stamp: 0x51f05bf5
Exception code: 0xc0000409
Fault offset: 0x01262bb3
Faulting process id: 0x7e0
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3

Error: (08/04/2013 10:22:23 PM) (Source: Application Error) (User: )
Description: Faulting application name: TJEnder.exe, version: 1.1.8.530, time stamp: 0x00000000
Faulting module name: MSVCRTD.dll, version: 6.0.8168.0, time stamp: 0x3587eddb
Exception code: 0x80000003
Fault offset: 0x00012378
Faulting process id: 0xf14
Faulting application start time: 0xTJEnder.exe0
Faulting application path: TJEnder.exe1
Faulting module path: TJEnder.exe2
Report Id: TJEnder.exe3

Error: (08/04/2013 10:21:21 PM) (Source: Application Error) (User: )
Description: Faulting application name: chrome.exe, version: 28.0.1500.95, time stamp: 0x51f05c5f
Faulting module name: chrome.dll, version: 28.0.1500.95, time stamp: 0x51f05bf5
Exception code: 0xc0000409
Fault offset: 0x000925ea
Faulting process id: 0x178c
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3

Error: (08/04/2013 09:49:06 PM) (Source: Application Error) (User: )
Description: Faulting application name: chrome.exe, version: 28.0.1500.95, time stamp: 0x51f05c5f
Faulting module name: chrome.dll, version: 28.0.1500.95, time stamp: 0x51f05bf5
Exception code: 0xc0000409
Fault offset: 0x003fea4c
Faulting process id: 0xd18
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3

Error: (08/04/2013 09:36:43 PM) (Source: Application Error) (User: )
Description: Faulting application name: chrome.exe, version: 28.0.1500.95, time stamp: 0x51f05c5f
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00119129
Faulting process id: 0x1f3c
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3


System errors:
=============
Error: (08/09/2013 09:12:49 PM) (Source: Microsoft Antimalware) (User: )
Description: %TrojanOS/Rovnix.D60 has encountered a critical error when taking action on malware or other potentially unwanted software.

For more information please see the following:
%TrojanOS/Rovnix.D603

Name: TrojanOS/Rovnix.D

ID: 2147680143

Severity: %TrojanOS/Rovnix.D600

Category: %TrojanOS/Rovnix.D602

Path: 4.2.0223.02

Detection Origin: 4.2.0223.04

Detection Type: 4.2.0223.08

Detection Source: %TrojanOS/Rovnix.D608

User: {246768B0-E1E2-4B0E-9418-8C56AB4EF8C9}9

Process Name: %TrojanOS/Rovnix.D609

Action: {246768B0-E1E2-4B0E-9418-8C56AB4EF8C9}1

Action Status: {246768B0-E1E2-4B0E-9418-8C56AB4EF8C9}8

Error Code: {246768B0-E1E2-4B0E-9418-8C56AB4EF8C9}3

Error description: {246768B0-E1E2-4B0E-9418-8C56AB4EF8C9}4

Signature Version: 2013-08-09T19:12:37.005Z1

Engine Version: 2013-08-09T19:12:37.005Z2

Error: (08/09/2013 09:12:49 PM) (Source: Microsoft Antimalware) (User: )
Description: %TrojanOS/Rovnix.D60 has encountered a critical error when taking action on malware or other potentially unwanted software.

For more information please see the following:
%TrojanOS/Rovnix.D603

Name: TrojanOS/Rovnix.D

ID: 2147680143

Severity: %TrojanOS/Rovnix.D600

Category: %TrojanOS/Rovnix.D602

Path: 4.2.0223.02

Detection Origin: 4.2.0223.04

Detection Type: 4.2.0223.08

Detection Source: %TrojanOS/Rovnix.D608

User: {246768B0-E1E2-4B0E-9418-8C56AB4EF8C9}9

Process Name: %TrojanOS/Rovnix.D609

Action: {246768B0-E1E2-4B0E-9418-8C56AB4EF8C9}1

Action Status: {246768B0-E1E2-4B0E-9418-8C56AB4EF8C9}8

Error Code: {246768B0-E1E2-4B0E-9418-8C56AB4EF8C9}3

Error description: {246768B0-E1E2-4B0E-9418-8C56AB4EF8C9}4

Signature Version: 2013-08-09T19:12:37.005Z1

Engine Version: 2013-08-09T19:12:37.005Z2

Error: (08/09/2013 09:06:01 PM) (Source: Microsoft Antimalware) (User: )
Description: %TrojanOS/Rovnix.D60 has encountered a critical error when taking action on malware or other potentially unwanted software.

For more information please see the following:
%TrojanOS/Rovnix.D603

Name: TrojanOS/Rovnix.D

ID: 2147680143

Severity: %TrojanOS/Rovnix.D600

Category: %TrojanOS/Rovnix.D602

Path: 4.2.0223.02

Detection Origin: 4.2.0223.04

Detection Type: 4.2.0223.08

Detection Source: %TrojanOS/Rovnix.D608

User: {2E6100E5-40BC-4984-A7B0-D913CA1087A3}9

Process Name: %TrojanOS/Rovnix.D609

Action: {2E6100E5-40BC-4984-A7B0-D913CA1087A3}1

Action Status: {2E6100E5-40BC-4984-A7B0-D913CA1087A3}8

Error Code: {2E6100E5-40BC-4984-A7B0-D913CA1087A3}3

Error description: {2E6100E5-40BC-4984-A7B0-D913CA1087A3}4

Signature Version: 2013-08-09T19:05:25.462Z1

Engine Version: 2013-08-09T19:05:25.462Z2

Error: (08/09/2013 09:06:01 PM) (Source: Microsoft Antimalware) (User: )
Description: %TrojanOS/Rovnix.D60 has encountered a critical error when taking action on malware or other potentially unwanted software.

For more information please see the following:
%TrojanOS/Rovnix.D603

Name: TrojanOS/Rovnix.D

ID: 2147680143

Severity: %TrojanOS/Rovnix.D600

Category: %TrojanOS/Rovnix.D602

Path: 4.2.0223.02

Detection Origin: 4.2.0223.04

Detection Type: 4.2.0223.08

Detection Source: %TrojanOS/Rovnix.D608

User: {2E6100E5-40BC-4984-A7B0-D913CA1087A3}9

Process Name: %TrojanOS/Rovnix.D609

Action: {2E6100E5-40BC-4984-A7B0-D913CA1087A3}1

Action Status: {2E6100E5-40BC-4984-A7B0-D913CA1087A3}8

Error Code: {2E6100E5-40BC-4984-A7B0-D913CA1087A3}3

Error description: {2E6100E5-40BC-4984-A7B0-D913CA1087A3}4

Signature Version: 2013-08-09T19:05:25.462Z1

Engine Version: 2013-08-09T19:05:25.462Z2

Error: (08/09/2013 09:04:55 PM) (Source: BugCheck) (User: )
Description: 0x00000109 (0xa3a039d8981d882b, 0xb3b7465eea9bc65d, 0xfffff80000b96bb0, 0x0000000000000006)C:\Windows\MEMORY.DMP080913-20872-01

Error: (08/09/2013 09:04:54 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 9:03:14 PM on ‎8/‎9/‎2013 was unexpected.

Error: (08/09/2013 08:23:27 PM) (Source: Microsoft Antimalware) (User: )
Description: %TrojanOS/Rovnix.D60 has encountered a critical error when taking action on malware or other potentially unwanted software.

For more information please see the following:
%TrojanOS/Rovnix.D603

Name: TrojanOS/Rovnix.D

ID: 2147680143

Severity: %TrojanOS/Rovnix.D600

Category: %TrojanOS/Rovnix.D602

Path: 4.2.0223.02

Detection Origin: 4.2.0223.04

Detection Type: 4.2.0223.08

Detection Source: %TrojanOS/Rovnix.D608

User: {9D66CF76-0997-402A-B7C6-E7D73E6280F8}9

Process Name: %TrojanOS/Rovnix.D609

Action: {9D66CF76-0997-402A-B7C6-E7D73E6280F8}1

Action Status: {9D66CF76-0997-402A-B7C6-E7D73E6280F8}8

Error Code: {9D66CF76-0997-402A-B7C6-E7D73E6280F8}3

Error description: {9D66CF76-0997-402A-B7C6-E7D73E6280F8}4

Signature Version: 2013-08-09T18:23:11.448Z1

Engine Version: 2013-08-09T18:23:11.448Z2

Error: (08/09/2013 08:23:27 PM) (Source: Microsoft Antimalware) (User: )
Description: %TrojanOS/Rovnix.D60 has encountered a critical error when taking action on malware or other potentially unwanted software.

For more information please see the following:
%TrojanOS/Rovnix.D603

Name: TrojanOS/Rovnix.D

ID: 2147680143

Severity: %TrojanOS/Rovnix.D600

Category: %TrojanOS/Rovnix.D602

Path: 4.2.0223.02

Detection Origin: 4.2.0223.04

Detection Type: 4.2.0223.08

Detection Source: %TrojanOS/Rovnix.D608

User: {9D66CF76-0997-402A-B7C6-E7D73E6280F8}9

Process Name: %TrojanOS/Rovnix.D609

Action: {9D66CF76-0997-402A-B7C6-E7D73E6280F8}1

Action Status: {9D66CF76-0997-402A-B7C6-E7D73E6280F8}8

Error Code: {9D66CF76-0997-402A-B7C6-E7D73E6280F8}3

Error description: {9D66CF76-0997-402A-B7C6-E7D73E6280F8}4

Signature Version: 2013-08-09T18:23:11.448Z1

Engine Version: 2013-08-09T18:23:11.448Z2

Error: (08/09/2013 08:22:58 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
mbamswissarmy

Error: (08/09/2013 08:20:03 PM) (Source: Service Control Manager) (User: )
Description: The mbamchameleon service failed to start due to the following error:
%%1275


Microsoft Office Sessions:
=========================
Error: (08/09/2013 08:10:55 PM) (Source: Application Error)(User: )
Description: chrome.exe28.0.1500.9551f05c5funknown0.0.0.000000000c0000005000d9129d4801ce952bc49e6253C:\Users\user1\AppData\Local\Google\Chrome\Application\chrome.exeunknown08424956-011f-11e3-ba92-b870f4683b87

Error: (08/08/2013 09:32:36 AM) (Source: Application Error)(User: )
Description: chrome.exe28.0.1500.9551f05c5fchrome.dll28.0.1500.9551f05bf5c0000409003fea4cdd801ce94095b23729bC:\Users\user1\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\user1\AppData\Local\Google\Chrome\Application\28.0.1500.95\chrome.dllb19f32d4-fffc-11e2-8142-b870f4683b87

Error: (08/05/2013 11:39:57 PM) (Source: Application Error)(User: )
Description: chrome.exe28.0.1500.9551f05c5fchrome.dll28.0.1500.9551f05bf5c0000409003fea4cb6001ce9223b86402dfC:\Users\user1\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\user1\AppData\Local\Google\Chrome\Application\28.0.1500.95\chrome.dll91fd63a7-fe17-11e2-8a83-b870f4683b87

Error: (08/05/2013 00:09:30 AM) (Source: Application Hang)(User: )
Description: SnippingTool.exe6.1.7600.16385ba801ce915f21659c9e8C:\Windows\system32\SnippingTool.exe7d3d6f7e-fd52-11e2-bae3-b870f4683b87

Error: (08/04/2013 11:59:58 PM) (Source: Application Error)(User: )
Description: chrome.exe28.0.1500.9551f05c5funknown0.0.0.000000000c00000050024912955001ce915dbd0adc85C:\Users\user1\AppData\Local\Google\Chrome\Application\chrome.exeunknown338b0dab-fd51-11e2-bae3-b870f4683b87

Error: (08/04/2013 10:36:08 PM) (Source: Application Error)(User: )
Description: chrome.exe28.0.1500.9551f05c5fchrome.dll28.0.1500.9551f05bf5c000040901262bb37e001ce915177621933C:\Users\user1\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\user1\AppData\Local\Google\Chrome\Application\28.0.1500.95\chrome.dll7d41a65c-fd45-11e2-8270-b870f4683b87

Error: (08/04/2013 10:22:23 PM) (Source: Application Error)(User: )
Description: TJEnder.exe1.1.8.53000000000MSVCRTD.dll6.0.8168.03587eddb8000000300012378f1401ce9150490ca2bbC:\Program Files (x86)\Anti Trojan Elite\TJEnder.exeC:\Program Files (x86)\Anti Trojan Elite\MSVCRTD.dll9189ccbe-fd43-11e2-8270-b870f4683b87

Error: (08/04/2013 10:21:21 PM) (Source: Application Error)(User: )
Description: chrome.exe28.0.1500.9551f05c5fchrome.dll28.0.1500.9551f05bf5c0000409000925ea178c01ce91501d027e07C:\Users\user1\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\user1\AppData\Local\Google\Chrome\Application\28.0.1500.95\chrome.dll6cf3b97a-fd43-11e2-8270-b870f4683b87

Error: (08/04/2013 09:49:06 PM) (Source: Application Error)(User: )
Description: chrome.exe28.0.1500.9551f05c5fchrome.dll28.0.1500.9551f05bf5c0000409003fea4cd1801ce914b82829decC:\Users\user1\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\user1\AppData\Local\Google\Chrome\Application\28.0.1500.95\chrome.dllebb9a3fb-fd3e-11e2-8270-b870f4683b87

Error: (08/04/2013 09:36:43 PM) (Source: Application Error)(User: )
Description: chrome.exe28.0.1500.9551f05c5funknown0.0.0.000000000c0000005001191291f3c01ce9149d9ae2087C:\Users\user1\AppData\Local\Google\Chrome\Application\chrome.exeunknown30bff502-fd3d-11e2-82b3-b870f4683b87


CodeIntegrity Errors:
===================================
Date: 2013-08-04 21:44:47.487
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Anti Trojan Elite\ATEPMON.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-08-04 21:44:47.373
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Anti Trojan Elite\ATEPMON.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-08-04 21:42:06.875
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Anti Trojan Elite\ATEPMON.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-08-04 21:42:06.759
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Anti Trojan Elite\ATEPMON.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-01-25 20:18:38.217
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-01-25 20:18:38.170
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-01-25 20:18:38.139
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-01-25 20:18:38.092
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-01-25 20:18:29.624
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2012-01-25 20:18:29.577
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Unlocker\UnlockerDriver5.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 67%
Total physical RAM: 1955.66 MB
Available physical RAM: 638.92 MB
Total Pagefile: 3911.33 MB
Available Pagefile: 2335.83 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:151.61 GB) (Free:29.25 GB) NTFS (Disk=0 Partition=3)
Drive d: () (Fixed) (Total:146.39 GB) (Free:14.06 GB) NTFS (Disk=0 Partition=2)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 600DD109)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=146 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=152 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

[Broni]

That looks fine...

Download TDSSKiller and save it to your desktop.

• Extract (unzip) its contents to your desktop.
• Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
• If an infected file is detected, the default action will be Cure, click on Continue.
• If a suspicious file is detected, the default action will be Skip, click on Continue.
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

 

[amiraa]

Is this the report !! cuz I fond it when I clicked on report after the reboot
22:46:22.0422 2744 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
22:46:23.0405 2744 ============================================================
22:46:23.0405 2744 Current date / time: 2013/08/09 22:46:23.0405
22:46:23.0405 2744 SystemInfo:
22:46:23.0405 2744
22:46:23.0405 2744 OS Version: 6.1.7601 ServicePack: 1.0
22:46:23.0405 2744 Product type: Workstation
22:46:23.0405 2744 ComputerName: USER1-PC
22:46:23.0405 2744 UserName: user1
22:46:23.0405 2744 Windows directory: C:\Windows
22:46:23.0405 2744 System windows directory: C:\Windows
22:46:23.0405 2744 Running under WOW64
22:46:23.0405 2744 Processor architecture: Intel x64
22:46:23.0405 2744 Number of processors: 4
22:46:23.0405 2744 Page size: 0x1000
22:46:23.0405 2744 Boot type: Normal boot
22:46:23.0405 2744 ============================================================
22:46:25.0496 2744 BG loaded
22:46:28.0101 2744 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:46:28.0304 2744 ============================================================
22:46:28.0304 2744 \Device\Harddisk0\DR0:
22:46:28.0319 2744 MBR partitions:
22:46:28.0319 2744 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
22:46:28.0319 2744 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x124C5800
22:46:28.0319 2744 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x124F8000, BlocksNum 0x12F36000
22:46:28.0319 2744 ============================================================
22:46:28.0959 2744 C: <-> \Device\Harddisk0\DR0\Partition3
22:46:29.0333 2744 D: <-> \Device\Harddisk0\DR0\Partition2
22:46:29.0333 2744 ============================================================
22:46:29.0333 2744 Initialize success
22:46:29.0333 2744 ============================================================
22:47:29.0064 0404 ============================================================
22:47:29.0064 0404 Scan started
22:47:29.0064 0404 Mode: Manual;
22:47:29.0064 0404 ============================================================
22:47:32.0402 0404 ================ Scan system memory ========================
22:47:32.0402 0404 System memory - ok
22:47:32.0402 0404 ================ Scan services =============================
22:47:32.0730 0404 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
22:47:32.0730 0404 1394ohci - ok
22:47:32.0777 0404 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
22:47:32.0792 0404 ACPI - ok
22:47:32.0855 0404 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
22:47:32.0870 0404 AcpiPmi - ok
22:47:33.0104 0404 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
22:47:33.0104 0404 AdobeARMservice - ok
22:47:33.0650 0404 [ 476BB014F3F68C0C15EDDD5B444DA8FF ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:47:33.0666 0404 AdobeFlashPlayerUpdateSvc - ok
22:47:33.0775 0404 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
22:47:33.0806 0404 adp94xx - ok
22:47:33.0900 0404 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
22:47:33.0931 0404 adpahci - ok
22:47:34.0009 0404 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
22:47:34.0025 0404 adpu320 - ok
22:47:34.0103 0404 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
22:47:34.0103 0404 AeLookupSvc - ok
22:47:34.0305 0404 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
22:47:34.0305 0404 AFD - ok
22:47:34.0383 0404 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
22:47:34.0399 0404 agp440 - ok
22:47:34.0461 0404 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
22:47:34.0477 0404 ALG - ok
22:47:34.0571 0404 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
22:47:34.0571 0404 aliide - ok
22:47:34.0617 0404 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
22:47:34.0649 0404 amdide - ok
22:47:34.0711 0404 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
22:47:34.0727 0404 AmdK8 - ok
22:47:34.0773 0404 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
22:47:34.0773 0404 AmdPPM - ok
22:47:34.0836 0404 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
22:47:34.0851 0404 amdsata - ok
22:47:34.0914 0404 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
22:47:34.0945 0404 amdsbs - ok
22:47:34.0961 0404 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
22:47:34.0976 0404 amdxata - ok
22:47:35.0054 0404 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
22:47:35.0054 0404 AppID - ok
22:47:35.0085 0404 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
22:47:35.0101 0404 AppIDSvc - ok
22:47:35.0163 0404 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll
22:47:35.0163 0404 Appinfo - ok
22:47:35.0288 0404 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
22:47:35.0304 0404 AppMgmt - ok
22:47:35.0397 0404 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
22:47:35.0429 0404 arc - ok
22:47:35.0460 0404 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
22:47:35.0460 0404 arcsas - ok
22:47:35.0522 0404 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
22:47:35.0616 0404 AsyncMac - ok
22:47:35.0694 0404 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
22:47:35.0694 0404 atapi - ok
22:47:35.0741 0404 ATE_PROCMON - ok
22:47:36.0240 0404 [ DE9FB3DADE8FD39AE2C587DF22D36B8E ] athr C:\Windows\system32\DRIVERS\athrx.sys
22:47:36.0255 0404 athr - ok
22:47:36.0536 0404 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:47:36.0536 0404 AudioEndpointBuilder - ok
22:47:36.0630 0404 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
22:47:36.0645 0404 AudioSrv - ok
22:47:36.0739 0404 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
22:47:36.0770 0404 AxInstSV - ok
22:47:36.0989 0404 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
22:47:37.0020 0404 b06bdrv - ok
22:47:37.0160 0404 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
22:47:37.0223 0404 b57nd60a - ok
22:47:37.0581 0404 [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe
22:47:37.0581 0404 BBSvc - ok
22:47:37.0753 0404 [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
22:47:37.0753 0404 BBUpdate - ok
22:47:37.0893 0404 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
22:47:37.0909 0404 BDESVC - ok
22:47:38.0034 0404 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
22:47:38.0034 0404 Beep - ok
22:47:38.0455 0404 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
22:47:38.0471 0404 BFE - ok
22:47:38.0736 0404 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
22:47:38.0798 0404 BITS - ok
22:47:38.0923 0404 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
22:47:38.0923 0404 blbdrive - ok
22:47:39.0032 0404 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
22:47:39.0032 0404 bowser - ok
22:47:39.0063 0404 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:47:39.0095 0404 BrFiltLo - ok
22:47:39.0173 0404 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:47:39.0297 0404 BrFiltUp - ok
22:47:39.0344 0404 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
22:47:39.0344 0404 Browser - ok
22:47:39.0485 0404 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
22:47:39.0578 0404 Brserid - ok
22:47:39.0594 0404 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
22:47:39.0609 0404 BrSerWdm - ok
22:47:39.0641 0404 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
22:47:39.0641 0404 BrUsbMdm - ok
22:47:39.0672 0404 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
22:47:39.0687 0404 BrUsbSer - ok
22:47:39.0703 0404 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
22:47:39.0703 0404 BTHMODEM - ok
22:47:39.0781 0404 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
22:47:39.0797 0404 bthserv - ok
22:47:39.0859 0404 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
22:47:39.0875 0404 cdfs - ok
22:47:40.0031 0404 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
22:47:40.0031 0404 cdrom - ok
22:47:40.0202 0404 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
22:47:40.0218 0404 CertPropSvc - ok
22:47:40.0296 0404 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
22:47:40.0311 0404 circlass - ok
22:47:40.0421 0404 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
22:47:40.0452 0404 CLFS - ok
22:47:40.0779 0404 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:47:40.0920 0404 clr_optimization_v2.0.50727_32 - ok
22:47:41.0107 0404 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:47:41.0201 0404 clr_optimization_v2.0.50727_64 - ok
22:47:41.0575 0404 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:47:41.0965 0404 clr_optimization_v4.0.30319_32 - ok
22:47:42.0059 0404 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:47:42.0074 0404 clr_optimization_v4.0.30319_64 - ok
22:47:42.0183 0404 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
22:47:42.0183 0404 CmBatt - ok
22:47:42.0230 0404 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
22:47:42.0246 0404 cmdide - ok
22:47:42.0792 0404 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
22:47:42.0870 0404 CNG - ok
22:47:43.0244 0404 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
22:47:43.0275 0404 Compbatt - ok
22:47:43.0494 0404 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
22:47:43.0494 0404 CompositeBus - ok
22:47:43.0541 0404 COMSysApp - ok
22:47:45.0350 0404 cpuz134 - ok
22:47:45.0397 0404 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
22:47:45.0428 0404 crcdisk - ok
22:47:45.0506 0404 [ D8129C49798CBBFB2E4351D4B7B8EF9C ] CryptSvc C:\Windows\system32\cryptsvc.dll
22:47:45.0506 0404 CryptSvc - ok
22:47:45.0803 0404 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
22:47:45.0818 0404 CSC - ok
22:47:46.0271 0404 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
22:47:46.0271 0404 CscService - ok
22:47:46.0380 0404 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
22:47:46.0395 0404 DcomLaunch - ok
22:47:46.0427 0404 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] DEFRAGSVC C:\Windows\System32\defragsvc.dll
22:47:46.0442 0404 DEFRAGSVC - ok
22:47:46.0505 0404 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
22:47:46.0505 0404 DfsC - ok
22:47:46.0629 0404 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
22:47:46.0629 0404 Dhcp - ok
22:47:46.0707 0404 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
22:47:46.0707 0404 discache - ok
22:47:46.0785 0404 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
22:47:46.0785 0404 Disk - ok
22:47:46.0848 0404 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
22:47:46.0863 0404 Dnscache - ok
22:47:46.0957 0404 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
22:47:46.0957 0404 dot3svc - ok
22:47:47.0004 0404 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
22:47:47.0004 0404 DPS - ok
22:47:47.0051 0404 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
22:47:47.0051 0404 drmkaud - ok
22:47:47.0097 0404 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
22:47:47.0113 0404 DXGKrnl - ok
22:47:47.0160 0404 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
22:47:47.0160 0404 EapHost - ok
22:47:47.0659 0404 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
22:47:47.0799 0404 ebdrv - ok
22:47:47.0877 0404 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
22:47:47.0893 0404 EFS - ok
22:47:48.0252 0404 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
22:47:48.0345 0404 ehRecvr - ok
22:47:48.0377 0404 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
22:47:48.0439 0404 ehSched - ok
22:47:48.0533 0404 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
22:47:48.0564 0404 elxstor - ok
22:47:48.0595 0404 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
22:47:48.0595 0404 ErrDev - ok
22:47:48.0704 0404 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
22:47:48.0704 0404 EventSystem - ok
22:47:48.0798 0404 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
22:47:48.0829 0404 exfat - ok
22:47:48.0860 0404 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
22:47:48.0860 0404 fastfat - ok
22:47:49.0063 0404 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
22:47:49.0079 0404 Fax - ok
22:47:49.0157 0404 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
22:47:49.0188 0404 fdc - ok
22:47:49.0250 0404 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
22:47:49.0250 0404 fdPHost - ok
22:47:49.0281 0404 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
22:47:49.0297 0404 FDResPub - ok
22:47:49.0297 0404 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
22:47:49.0313 0404 FileInfo - ok
22:47:49.0328 0404 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
22:47:49.0344 0404 Filetrace - ok
22:47:49.0375 0404 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
22:47:49.0375 0404 flpydisk - ok
22:47:49.0437 0404 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
22:47:49.0453 0404 FltMgr - ok
22:47:49.0547 0404 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
22:47:49.0562 0404 FontCache - ok
22:47:49.0656 0404 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:47:49.0687 0404 FontCache3.0.0.0 - ok
22:47:49.0718 0404 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
22:47:49.0718 0404 FsDepends - ok
22:47:49.0781 0404 [ 07DA62C960DDCCC2D35836AEAB4FC578 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
22:47:49.0781 0404 fssfltr - ok
22:47:50.0311 0404 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
22:47:50.0436 0404 fsssvc - ok
22:47:50.0467 0404 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
22:47:50.0483 0404 Fs_Rec - ok
22:47:50.0561 0404 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
22:47:50.0592 0404 fvevol - ok
22:47:50.0639 0404 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
22:47:50.0654 0404 gagp30kx - ok
22:47:50.0857 0404 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
22:47:50.0873 0404 gpsvc - ok
22:47:50.0904 0404 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
22:47:50.0935 0404 hcw85cir - ok
22:47:51.0044 0404 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:47:51.0044 0404 HdAudAddService - ok
22:47:51.0091 0404 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
22:47:51.0091 0404 HDAudBus - ok
22:47:51.0185 0404 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
22:47:51.0200 0404 HidBatt - ok
22:47:51.0231 0404 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
22:47:51.0247 0404 HidBth - ok
22:47:51.0263 0404 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
22:47:51.0263 0404 HidIr - ok
22:47:51.0294 0404 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
22:47:51.0294 0404 hidserv - ok
22:47:51.0356 0404 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
22:47:51.0372 0404 HidUsb - ok
22:47:51.0419 0404 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
22:47:51.0450 0404 hkmsvc - ok
22:47:51.0497 0404 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:47:51.0512 0404 HomeGroupListener - ok
22:47:51.0543 0404 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:47:51.0559 0404 HomeGroupProvider - ok
22:47:51.0590 0404 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
22:47:51.0590 0404 HpSAMD - ok
22:47:51.0793 0404 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
22:47:51.0809 0404 HTTP - ok
22:47:51.0855 0404 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
22:47:51.0887 0404 hwpolicy - ok
22:47:51.0933 0404 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
22:47:51.0933 0404 i8042prt - ok
22:47:51.0996 0404 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
22:47:52.0011 0404 iaStorV - ok
22:47:52.0245 0404 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:47:52.0323 0404 idsvc - ok
22:47:54.0570 0404 [ 370C2A8629B30F910F740387795DDC6F ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
22:47:54.0632 0404 igfx - ok
22:47:54.0695 0404 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
22:47:54.0695 0404 iirsp - ok
22:47:54.0741 0404 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
22:47:54.0788 0404 IKEEXT - ok
22:47:54.0835 0404 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
22:47:54.0851 0404 intelide - ok
22:47:54.0882 0404 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
22:47:54.0897 0404 intelppm - ok
22:47:54.0913 0404 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
22:47:54.0944 0404 IPBusEnum - ok
22:47:54.0991 0404 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:47:55.0007 0404 IpFilterDriver - ok
22:47:55.0053 0404 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
22:47:55.0069 0404 iphlpsvc - ok
22:47:55.0147 0404 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
22:47:55.0163 0404 IPMIDRV - ok
22:47:55.0225 0404 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
22:47:55.0225 0404 IPNAT - ok
22:47:55.0272 0404 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
22:47:55.0272 0404 IRENUM - ok
22:47:55.0319 0404 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
22:47:55.0334 0404 isapnp - ok
22:47:55.0397 0404 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
22:47:55.0412 0404 iScsiPrt - ok
22:47:55.0459 0404 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
22:47:55.0459 0404 kbdclass - ok
22:47:55.0490 0404 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
22:47:55.0490 0404 kbdhid - ok
22:47:55.0506 0404 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
22:47:55.0506 0404 KeyIso - ok
22:47:55.0584 0404 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
22:47:55.0599 0404 KSecDD - ok
22:47:55.0646 0404 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
22:47:55.0662 0404 KSecPkg - ok
22:47:55.0709 0404 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
22:47:55.0709 0404 ksthunk - ok
22:47:55.0802 0404 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
22:47:55.0818 0404 KtmRm - ok
22:47:55.0865 0404 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
22:47:55.0865 0404 LanmanServer - ok
22:47:55.0927 0404 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:47:55.0927 0404 LanmanWorkstation - ok
22:47:56.0005 0404 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
22:47:56.0005 0404 lltdio - ok
22:47:56.0099 0404 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
22:47:56.0114 0404 lltdsvc - ok
22:47:56.0130 0404 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
22:47:56.0130 0404 lmhosts - ok
22:47:56.0255 0404 [ 50C7CE53EF461870410355F1F2E7D515 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
22:47:56.0270 0404 LMS - ok
22:47:56.0301 0404 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
22:47:56.0301 0404 LSI_FC - ok
22:47:56.0333 0404 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
22:47:56.0348 0404 LSI_SAS - ok
22:47:56.0364 0404 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:47:56.0364 0404 LSI_SAS2 - ok
22:47:56.0395 0404 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:47:56.0395 0404 LSI_SCSI - ok
22:47:56.0426 0404 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
22:47:56.0426 0404 luafv - ok
22:47:56.0504 0404 [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
22:47:56.0504 0404 MBAMProtector - ok
22:47:56.0707 0404 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
22:47:56.0707 0404 MBAMScheduler - ok
22:47:56.0910 0404 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
22:47:56.0925 0404 MBAMService - ok
22:47:56.0988 0404 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
22:47:57.0019 0404 Mcx2Svc - ok
22:47:57.0066 0404 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
22:47:57.0066 0404 megasas - ok
22:47:57.0113 0404 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
22:47:57.0113 0404 MegaSR - ok
22:47:57.0159 0404 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
22:47:57.0159 0404 MEIx64 - ok
22:47:57.0206 0404 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
22:47:57.0206 0404 MMCSS - ok
22:47:57.0409 0404 [ 5A78BB029FD8414381FF1315F1E46947 ] Mobile Broadband HL Service C:\ProgramData\MobileBrServ\mbbservice.exe
22:47:57.0487 0404 Mobile Broadband HL Service - ok
22:47:57.0581 0404 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
22:47:57.0581 0404 Modem - ok
22:47:57.0643 0404 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
22:47:57.0643 0404 monitor - ok
22:47:57.0674 0404 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
22:47:57.0690 0404 mouclass - ok
22:47:57.0721 0404 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
22:47:57.0721 0404 mouhid - ok
22:47:57.0783 0404 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
22:47:57.0783 0404 mountmgr - ok
22:47:57.0846 0404 [ 528A5C2570F468155A1B3CF0A2FF5EBD ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:47:57.0877 0404 MozillaMaintenance - ok
22:47:57.0986 0404 [ F8A10560B35C66F9DE212F03DAD5BFA7 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
22:47:58.0002 0404 MpFilter - ok
22:47:58.0095 0404 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
22:47:58.0142 0404 mpio - ok
22:47:58.0189 0404 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
22:47:58.0189 0404 mpsdrv - ok
22:47:58.0563 0404 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
22:47:58.0579 0404 MpsSvc - ok
22:47:58.0688 0404 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
22:47:58.0704 0404 MRxDAV - ok
22:47:58.0751 0404 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
22:47:58.0751 0404 mrxsmb - ok
22:47:58.0860 0404 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:47:58.0860 0404 mrxsmb10 - ok
22:47:58.0938 0404 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:47:58.0938 0404 mrxsmb20 - ok
22:47:58.0985 0404 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
22:47:59.0031 0404 msahci - ok
22:47:59.0047 0404 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
22:47:59.0047 0404 msdsm - ok
22:47:59.0078 0404 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
22:47:59.0078 0404 MSDTC - ok
22:47:59.0125 0404 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
22:47:59.0125 0404 Msfs - ok
22:47:59.0172 0404 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
22:47:59.0172 0404 mshidkmdf - ok
22:47:59.0219 0404 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
22:47:59.0234 0404 msisadrv - ok
22:47:59.0281 0404 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
22:47:59.0297 0404 MSiSCSI - ok
22:47:59.0297 0404 msiserver - ok
22:47:59.0328 0404 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
22:47:59.0328 0404 MSKSSRV - ok
22:47:59.0499 0404 [ E07DEC52FF801841BA9B6878A60304FB ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
22:47:59.0499 0404 MsMpSvc - ok
22:47:59.0593 0404 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
22:47:59.0609 0404 MSPCLOCK - ok
22:47:59.0624 0404 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
22:47:59.0624 0404 MSPQM - ok
22:47:59.0733 0404 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
22:47:59.0765 0404 MsRPC - ok
22:47:59.0811 0404 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
22:47:59.0811 0404 mssmbios - ok
22:47:59.0889 0404 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
22:47:59.0905 0404 MSTEE - ok
22:47:59.0921 0404 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
22:47:59.0921 0404 MTConfig - ok
22:47:59.0967 0404 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
22:47:59.0967 0404 Mup - ok
22:48:00.0014 0404 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
22:48:00.0030 0404 napagent - ok
22:48:00.0139 0404 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

 

[amiraa]

22:48:00.0155 0404 NativeWifiP - ok
22:48:00.0326 0404 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
22:48:00.0342 0404 NDIS - ok
22:48:00.0420 0404 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
22:48:00.0435 0404 NdisCap - ok
22:48:00.0482 0404 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
22:48:00.0482 0404 NdisTapi - ok
22:48:00.0529 0404 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
22:48:00.0529 0404 Ndisuio - ok
22:48:00.0623 0404 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
22:48:00.0623 0404 NdisWan - ok
22:48:00.0685 0404 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
22:48:00.0685 0404 NDProxy - ok
22:48:00.0747 0404 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
22:48:00.0747 0404 NetBIOS - ok
22:48:00.0857 0404 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
22:48:00.0888 0404 NetBT - ok
22:48:00.0903 0404 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
22:48:00.0903 0404 Netlogon - ok
22:48:00.0981 0404 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
22:48:00.0997 0404 Netman - ok
22:48:01.0013 0404 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
22:48:01.0028 0404 netprofm - ok
22:48:01.0059 0404 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:48:01.0091 0404 NetTcpPortSharing - ok
22:48:01.0137 0404 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
22:48:01.0200 0404 nfrd960 - ok
22:48:01.0278 0404 [ 162100E0BC8377710F9D170631921C03 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
22:48:01.0278 0404 NisDrv - ok
22:48:01.0434 0404 [ C6E15F2F95F9C0A6098D43510B604E52 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
22:48:01.0449 0404 NisSrv - ok
22:48:01.0512 0404 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
22:48:01.0527 0404 NlaSvc - ok
22:48:01.0637 0404 [ 907B5E1E4A592E5EDC5E4CCBDE4863C2 ] nmwcd C:\Windows\system32\drivers\ccdcmbx64.sys
22:48:01.0668 0404 nmwcd - ok
22:48:01.0699 0404 [ 41C1AC1F3613435EB32D67BCB80A5FA5 ] nmwcdc C:\Windows\system32\drivers\ccdcmbox64.sys
22:48:01.0715 0404 nmwcdc - ok
22:48:01.0746 0404 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
22:48:01.0746 0404 Npfs - ok
22:48:01.0777 0404 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
22:48:01.0777 0404 nsi - ok
22:48:01.0808 0404 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
22:48:01.0824 0404 nsiproxy - ok
22:48:02.0229 0404 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
22:48:02.0292 0404 Ntfs - ok
22:48:02.0323 0404 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
22:48:02.0323 0404 Null - ok
22:48:02.0385 0404 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
22:48:02.0385 0404 nvraid - ok
22:48:02.0417 0404 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
22:48:02.0417 0404 nvstor - ok
22:48:02.0448 0404 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
22:48:02.0448 0404 nv_agp - ok
22:48:02.0510 0404 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
22:48:02.0541 0404 ohci1394 - ok
22:48:02.0666 0404 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:48:02.0682 0404 ose - ok
22:48:03.0633 0404 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:48:03.0789 0404 osppsvc - ok
22:48:03.0852 0404 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
22:48:03.0852 0404 p2pimsvc - ok
22:48:03.0914 0404 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
22:48:03.0914 0404 p2psvc - ok
22:48:03.0961 0404 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
22:48:03.0992 0404 Parport - ok
22:48:04.0023 0404 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
22:48:04.0023 0404 partmgr - ok
22:48:04.0070 0404 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
22:48:04.0086 0404 PcaSvc - ok
22:48:04.0117 0404 [ BC0018C2D29F655188A0ED3FA94FDB24 ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
22:48:04.0117 0404 pccsmcfd - ok
22:48:04.0133 0404 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
22:48:04.0133 0404 pci - ok
22:48:04.0179 0404 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
22:48:04.0195 0404 pciide - ok
22:48:04.0211 0404 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
22:48:04.0226 0404 pcmcia - ok
22:48:04.0226 0404 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
22:48:04.0226 0404 pcw - ok
22:48:04.0257 0404 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
22:48:04.0273 0404 PEAUTH - ok
22:48:04.0569 0404 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
22:48:04.0632 0404 PeerDistSvc - ok
22:48:05.0661 0404 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
22:48:05.0708 0404 PerfHost - ok
22:48:05.0786 0404 [ 91111CEBBDE8015E822C46120ED9537C ] PGEffect C:\Windows\system32\DRIVERS\pgeffect.sys
22:48:05.0786 0404 PGEffect - ok
22:48:06.0129 0404 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
22:48:06.0192 0404 pla - ok
22:48:06.0254 0404 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
22:48:06.0270 0404 PlugPlay - ok
22:48:06.0332 0404 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
22:48:06.0363 0404 PNRPAutoReg - ok
22:48:06.0395 0404 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
22:48:06.0410 0404 PNRPsvc - ok
22:48:06.0597 0404 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
22:48:06.0597 0404 PolicyAgent - ok
22:48:06.0691 0404 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
22:48:06.0707 0404 Power - ok
22:48:06.0769 0404 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
22:48:06.0769 0404 PptpMiniport - ok
22:48:06.0800 0404 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
22:48:06.0831 0404 Processor - ok
22:48:06.0909 0404 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
22:48:06.0909 0404 ProfSvc - ok
22:48:06.0956 0404 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:48:06.0956 0404 ProtectedStorage - ok
22:48:07.0034 0404 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
22:48:07.0065 0404 Psched - ok
22:48:07.0455 0404 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
22:48:07.0518 0404 ql2300 - ok
22:48:07.0611 0404 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
22:48:07.0627 0404 ql40xx - ok
22:48:07.0658 0404 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
22:48:07.0689 0404 QWAVE - ok
22:48:07.0705 0404 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
22:48:07.0721 0404 QWAVEdrv - ok
22:48:07.0736 0404 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
22:48:07.0736 0404 RasAcd - ok
22:48:07.0830 0404 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
22:48:07.0830 0404 RasAgileVpn - ok
22:48:07.0877 0404 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
22:48:07.0908 0404 RasAuto - ok
22:48:07.0955 0404 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
22:48:07.0955 0404 Rasl2tp - ok
22:48:08.0017 0404 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
22:48:08.0033 0404 RasMan - ok
22:48:08.0079 0404 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
22:48:08.0079 0404 RasPppoe - ok
22:48:08.0111 0404 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
22:48:08.0111 0404 RasSstp - ok
22:48:08.0157 0404 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
22:48:08.0173 0404 rdbss - ok
22:48:08.0189 0404 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
22:48:08.0189 0404 rdpbus - ok
22:48:08.0235 0404 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
22:48:08.0235 0404 RDPCDD - ok
22:48:08.0360 0404 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
22:48:08.0391 0404 RDPDR - ok
22:48:08.0423 0404 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
22:48:08.0423 0404 RDPENCDD - ok
22:48:08.0454 0404 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
22:48:08.0454 0404 RDPREFMP - ok
22:48:08.0579 0404 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
22:48:08.0579 0404 RdpVideoMiniport - ok
22:48:08.0657 0404 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
22:48:08.0672 0404 RDPWD - ok
22:48:08.0735 0404 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
22:48:08.0750 0404 rdyboost - ok
22:48:08.0828 0404 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
22:48:08.0875 0404 RemoteAccess - ok
22:48:08.0922 0404 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
22:48:08.0953 0404 RemoteRegistry - ok
22:48:08.0969 0404 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
22:48:08.0969 0404 RpcEptMapper - ok
22:48:09.0015 0404 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
22:48:09.0031 0404 RpcLocator - ok
22:48:09.0156 0404 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
22:48:09.0171 0404 RpcSs - ok
22:48:09.0234 0404 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
22:48:09.0234 0404 rspndr - ok
22:48:09.0327 0404 [ 6D3C7E7D82D3DC92DC2A8B0DF9F20F8A ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
22:48:09.0343 0404 RTL8167 - ok
22:48:09.0374 0404 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
22:48:09.0374 0404 s3cap - ok
22:48:09.0390 0404 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
22:48:09.0390 0404 SamSs - ok
22:48:09.0421 0404 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
22:48:09.0437 0404 sbp2port - ok
22:48:09.0468 0404 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
22:48:09.0483 0404 SCardSvr - ok
22:48:09.0515 0404 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
22:48:09.0546 0404 scfilter - ok
22:48:09.0920 0404 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
22:48:09.0936 0404 Schedule - ok
22:48:10.0061 0404 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
22:48:10.0061 0404 SCPolicySvc - ok
22:48:10.0139 0404 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
22:48:10.0154 0404 SDRSVC - ok
22:48:10.0185 0404 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
22:48:10.0185 0404 secdrv - ok
22:48:10.0217 0404 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
22:48:10.0248 0404 seclogon - ok
22:48:10.0279 0404 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
22:48:10.0295 0404 SENS - ok
22:48:10.0310 0404 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
22:48:10.0310 0404 SensrSvc - ok
22:48:10.0326 0404 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
22:48:10.0326 0404 Serenum - ok
22:48:10.0373 0404 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
22:48:10.0373 0404 Serial - ok
22:48:10.0419 0404 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
22:48:10.0419 0404 sermouse - ok
22:48:10.0685 0404 [ 668043F192AB9659761A349A4703600D ] ServiceLayer C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
22:48:10.0716 0404 ServiceLayer - ok
22:48:10.0809 0404 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
22:48:10.0825 0404 SessionEnv - ok
22:48:10.0872 0404 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
22:48:10.0872 0404 sffdisk - ok
22:48:10.0887 0404 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
22:48:10.0887 0404 sffp_mmc - ok
22:48:10.0903 0404 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
22:48:10.0919 0404 sffp_sd - ok
22:48:10.0950 0404 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
22:48:10.0981 0404 sfloppy - ok
22:48:11.0043 0404 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
22:48:11.0059 0404 SharedAccess - ok
22:48:11.0153 0404 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:48:11.0153 0404 ShellHWDetection - ok
22:48:11.0277 0404 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:48:11.0277 0404 SiSRaid2 - ok
22:48:11.0309 0404 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
22:48:11.0309 0404 SiSRaid4 - ok
22:48:11.0402 0404 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
22:48:11.0402 0404 Smb - ok
22:48:11.0449 0404 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
22:48:11.0449 0404 SNMPTRAP - ok
22:48:11.0511 0404 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
22:48:11.0527 0404 spldr - ok
22:48:11.0574 0404 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
22:48:11.0589 0404 Spooler - ok
22:48:11.0948 0404 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
22:48:11.0964 0404 sppsvc - ok
22:48:12.0026 0404 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
22:48:12.0057 0404 sppuinotify - ok
22:48:12.0151 0404 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
22:48:12.0167 0404 srv - ok
22:48:12.0229 0404 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
22:48:12.0229 0404 srv2 - ok
22:48:12.0307 0404 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
22:48:12.0307 0404 srvnet - ok
22:48:12.0401 0404 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
22:48:12.0416 0404 SSDPSRV - ok
22:48:12.0479 0404 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
22:48:12.0479 0404 SstpSvc - ok
22:48:12.0510 0404 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
22:48:12.0525 0404 stexstor - ok
22:48:12.0681 0404 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
22:48:12.0697 0404 stisvc - ok
22:48:12.0759 0404 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
22:48:12.0759 0404 storflt - ok
22:48:12.0822 0404 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
22:48:12.0837 0404 storvsc - ok
22:48:12.0853 0404 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
22:48:12.0853 0404 swenum - ok
22:48:13.0009 0404 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
22:48:13.0025 0404 swprv - ok
22:48:13.0056 0404 Synth3dVsc - ok
22:48:13.0196 0404 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
22:48:13.0212 0404 SysMain - ok
22:48:13.0290 0404 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:48:13.0305 0404 TabletInputService - ok
22:48:13.0368 0404 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
22:48:13.0383 0404 TapiSrv - ok
22:48:13.0415 0404 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
22:48:13.0430 0404 TBS - ok
22:48:13.0883 0404 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] Tcpip C:\Windows\system32\drivers\tcpip.sys
22:48:13.0961 0404 Tcpip - ok
22:48:14.0007 0404 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
22:48:14.0007 0404 TCPIP6 - ok
22:48:14.0085 0404 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
22:48:14.0085 0404 tcpipreg - ok
22:48:14.0163 0404 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
22:48:14.0179 0404 TDPIPE - ok
22:48:14.0241 0404 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
22:48:14.0257 0404 TDTCP - ok
22:48:14.0288 0404 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
22:48:14.0304 0404 tdx - ok
22:48:14.0351 0404 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
22:48:14.0351 0404 TermDD - ok
22:48:14.0507 0404 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
22:48:14.0522 0404 TermService - ok
22:48:14.0600 0404 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
22:48:14.0600 0404 Themes - ok
22:48:14.0631 0404 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
22:48:14.0647 0404 THREADORDER - ok
22:48:14.0834 0404 [ 8F099BE5DB17D025E19652851399B9F1 ] TOSHIBA Bluetooth Service C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
22:48:14.0865 0404 TOSHIBA Bluetooth Service - ok
22:48:14.0881 0404 Tosrfcom - ok
22:48:14.0912 0404 [ F5E3AC4CBCD154EE80849B21887FD0B0 ] tosrfec C:\Windows\system32\DRIVERS\tosrfec.sys
22:48:14.0912 0404 tosrfec - ok
22:48:14.0959 0404 [ C0837ACD637A55CD789179E123212B94 ] Tosrfusb C:\Windows\system32\DRIVERS\tosrfusb.sys
22:48:14.0959 0404 Tosrfusb - ok
22:48:14.0990 0404 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
22:48:14.0990 0404 TrkWks - ok
22:48:15.0177 0404 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:48:15.0287 0404 TrustedInstaller - ok
22:48:15.0333 0404 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
22:48:15.0333 0404 tssecsrv - ok
22:48:15.0380 0404 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
22:48:15.0396 0404 TsUsbFlt - ok
22:48:15.0396 0404 tsusbhub - ok
22:48:15.0458 0404 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
22:48:15.0458 0404 tunnel - ok
22:48:15.0505 0404 [ 9A744CC3D804EC38A6C2C65BC3C6FCD8 ] TVALZ C:\Windows\system32\DRIVERS\TVALZ_O.SYS
22:48:15.0505 0404 TVALZ - ok
22:48:15.0583 0404 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
22:48:15.0583 0404 uagp35 - ok
22:48:15.0677 0404 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
22:48:15.0692 0404 udfs - ok
22:48:15.0723 0404 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
22:48:15.0723 0404 UI0Detect - ok
22:48:15.0786 0404 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
22:48:15.0786 0404 uliagpkx - ok
22:48:15.0848 0404 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
22:48:15.0848 0404 umbus - ok
22:48:15.0926 0404 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
22:48:15.0957 0404 UmPass - ok
22:48:16.0020 0404 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
22:48:16.0020 0404 UmRdpService - ok
22:48:16.0176 0404 [ 9DC07E73A4ABB9ACF692113B36A5009F ] UnlockerDriver5 C:\Program Files\Unlocker\UnlockerDriver5.sys
22:48:16.0238 0404 UnlockerDriver5 - ok
22:48:16.0535 0404 [ 374EBDA379A8F38E0CFC2211611E7167 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
22:48:16.0691 0404 UNS - ok
22:48:16.0831 0404 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
22:48:16.0847 0404 upnphost - ok
22:48:16.0940 0404 [ 4E93C8496359E97830C75AC36393654D ] upperdev C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
22:48:16.0940 0404 upperdev - ok
22:48:17.0003 0404 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
22:48:17.0003 0404 usbccgp - ok
22:48:17.0096 0404 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
22:48:17.0127 0404 usbcir - ok
22:48:17.0143 0404 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
22:48:17.0143 0404 usbehci - ok
22:48:17.0237 0404 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
22:48:17.0237 0404 usbhub - ok
22:48:17.0268 0404 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
22:48:17.0283 0404 usbohci - ok
22:48:17.0346 0404 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
22:48:17.0377 0404 usbprint - ok
22:48:17.0408 0404 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
22:48:17.0424 0404 usbscan - ok
22:48:17.0455 0404 [ 4ACEE387FA8FD39F83564FCD2FC234F2 ] usbser C:\Windows\system32\drivers\usbser.sys
22:48:17.0455 0404 usbser - ok
22:48:17.0517 0404 [ 8844CB19A37B65E27049D4A7786726A9 ] UsbserFilt C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys
22:48:17.0533 0404 UsbserFilt - ok
22:48:17.0595 0404 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:48:17.0595 0404 USBSTOR - ok
22:48:17.0611 0404 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
22:48:17.0627 0404 usbuhci - ok
22:48:17.0829 0404 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
22:48:17.0829 0404 usbvideo - ok
22:48:17.0892 0404 [ 7B28E2FBE75115660FAB31079C0A9F29 ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys
22:48:17.0907 0404 usb_rndisx - ok
22:48:17.0923 0404 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
22:48:17.0923 0404 UxSms - ok
22:48:17.0939 0404 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
22:48:17.0939 0404 VaultSvc - ok
22:48:17.0985 0404 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
22:48:17.0985 0404 vdrvroot - ok
22:48:18.0032 0404 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
22:48:18.0048 0404 vds - ok
22:48:18.0095 0404 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
22:48:18.0095 0404 vga - ok
22:48:18.0126 0404 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
22:48:18.0126 0404 VgaSave - ok
22:48:18.0141 0404 VGPU - ok
22:48:18.0173 0404 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
22:48:18.0173 0404 vhdmp - ok
22:48:18.0235 0404 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
22:48:18.0266 0404 viaide - ok
22:48:18.0282 0404 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
22:48:18.0297 0404 vmbus - ok
22:48:18.0313 0404 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
22:48:18.0329 0404 VMBusHID - ok
22:48:18.0344 0404 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
22:48:18.0344 0404 volmgr - ok
22:48:18.0469 0404 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
22:48:18.0485 0404 volmgrx - ok
22:48:18.0547 0404 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
22:48:18.0563 0404 volsnap - ok
22:48:18.0625 0404 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
22:48:18.0641 0404 vsmraid - ok
22:48:19.0093 0404 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
22:48:19.0171 0404 VSS - ok
22:48:19.0249 0404 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
22:48:19.0249 0404 vwifibus - ok
22:48:19.0296 0404 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
22:48:19.0296 0404 vwififlt - ok
22:48:19.0343 0404 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
22:48:19.0343 0404 vwifimp - ok
22:48:19.0467 0404 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
22:48:19.0467 0404 W32Time - ok
22:48:19.0592 0404 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
22:48:19.0592 0404 WacomPen - ok
22:48:19.0655 0404 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
22:48:19.0655 0404 WANARP - ok
22:48:19.0655 0404 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
22:48:19.0670 0404 Wanarpv6 - ok
22:48:19.0842 0404 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
22:48:19.0873 0404 WatAdminSvc - ok
22:48:20.0279 0404 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
22:48:20.0341 0404 wbengine - ok
22:48:20.0450 0404 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
22:48:20.0466 0404 WbioSrvc - ok
22:48:20.0622 0404 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
22:48:20.0637 0404 wcncsvc - ok
22:48:20.0653 0404 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:48:20.0684 0404 WcsPlugInService - ok
22:48:20.0715 0404 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
22:48:20.0715 0404 Wd - ok
22:48:20.0949 0404 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
22:48:20.0965 0404 Wdf01000 - ok
22:48:20.0996 0404 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
22:48:21.0012 0404 WdiServiceHost - ok
22:48:21.0012 0404 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
22:48:21.0027 0404 WdiSystemHost - ok
22:48:21.0059 0404 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
22:48:21.0074 0404 WebClient - ok
22:48:21.0105 0404 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
22:48:21.0121 0404 Wecsvc - ok
22:48:21.0137 0404 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
22:48:21.0137 0404 wercplsupport - ok
22:48:21.0152 0404 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
22:48:21.0152 0404 WerSvc - ok
22:48:21.0215 0404 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
22:48:21.0215 0404 WfpLwf - ok
22:48:21.0230 0404 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
22:48:21.0246 0404 WIMMount - ok
22:48:21.0277 0404 WinDefend - ok
22:48:21.0293 0404 WinHttpAutoProxySvc - ok
22:48:21.0386 0404 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
22:48:21.0417 0404 Winmgmt - ok
22:48:21.0698 0404 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
22:48:21.0776 0404 WinRM - ok
22:48:21.0854 0404 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
22:48:21.0870 0404 WinUsb - ok
22:48:21.0963 0404 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
22:48:21.0963 0404 Wlansvc - ok
22:48:22.0041 0404 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
22:48:22.0057 0404 wlcrasvc - ok
22:48:22.0697 0404 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:48:22.0712 0404 wlidsvc - ok
22:48:22.0790 0404 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
22:48:22.0821 0404 WmiAcpi - ok
22:48:22.0868 0404 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
22:48:22.0931 0404 wmiApSrv - ok
22:48:22.0977 0404 WMPNetworkSvc - ok
22:48:23.0009 0404 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
22:48:23.0009 0404 WPCSvc - ok
22:48:23.0055 0404 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
22:48:23.0055 0404 WPDBusEnum - ok
22:48:23.0133 0404 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
22:48:23.0165 0404 ws2ifsl - ok
22:48:23.0180 0404 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
22:48:23.0196 0404 wscsvc - ok
22:48:23.0196 0404 WSearch - ok
22:48:23.0648 0404 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
22:48:23.0664 0404 wuauserv - ok
22:48:23.0726 0404 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
22:48:23.0726 0404 WudfPf - ok
22:48:23.0789 0404 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
22:48:23.0789 0404 WUDFRd - ok
22:48:23.0851 0404 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
22:48:23.0867 0404 wudfsvc - ok
22:48:23.0976 0404 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\Windows\System32\wwansvc.dll
22:48:23.0991 0404 WwanSvc - ok
22:48:24.0054 0404 ================ Scan global ===============================
22:48:24.0085 0404 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
22:48:24.0132 0404 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
22:48:24.0194 0404 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
22:48:24.0257 0404 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
22:48:24.0303 0404 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
22:48:24.0303 0404 [Global] - ok
22:48:24.0303 0404 ================ Scan MBR ==================================
22:48:24.0335 0404 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
22:48:24.0927 0404 \Device\Harddisk0\DR0 - ok
22:48:24.0927 0404 ================ Scan VBR ==================================
22:48:24.0959 0404 [ 11221C7BEB074299B2E5160D4DCCA2DC ] \Device\Harddisk0\DR0\Partition1
22:48:24.0990 0404 \Device\Harddisk0\DR0\Partition1 - ok
22:48:25.0021 0404 [ 5F3C9055F98A05EFBCC4604EFA929F08 ] \Device\Harddisk0\DR0\Partition2
22:48:25.0052 0404 \Device\Harddisk0\DR0\Partition2 - ok
22:48:25.0068 0404 [ E2BF5E145037CB32DE72161A11C40CCE ] \Device\Harddisk0\DR0\Partition3
22:48:25.0083 0404 \Device\Harddisk0\DR0\Partition3 - ok
22:48:25.0083 0404 ============================================================
22:48:25.0083 0404 Scan finished
22:48:25.0083 0404 ============================================================
22:48:25.0115 3912 Detected object count: 0

22:48:25.0115 3912 Actual detected object count: 0

 

[Broni]

You did fine.

Is MSE still complaining?

Create new restore point before proceeding with the next step....
How to:
- Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Never rename Combofix unless instructed.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  If the connection is not there use restore point you created prior to running Combofix.
• Double click on combofix.exe & follow the prompts.

• 
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

 

[amiraa]

I did a Quick scan and every thing was OK NO threats BUT with a full scan it did cache the trojan !!
here is the Combofix.txt

[FONT=arial][FONT=arial]ComboFix 13-08-09.02 - user1 08/10/2013 9:50.1.4 - x64[/FONT]
[FONT=arial]Microsoft Windows 7 Ultimate 6.1.7601.1.1256.966.1033.18.1956.859 [GMT 2:00][/FONT]
[FONT=arial]Running from: c:\users\user1\Desktop\ComboFix.exe[/FONT]
[FONT=arial]AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}[/FONT]
[FONT=arial]SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}[/FONT]
[FONT=arial]SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}[/FONT]
[FONT=arial].[/FONT]
[FONT=arial].[/FONT]
[FONT=arial]((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))[/FONT]
[FONT=arial].[/FONT]
[FONT=arial].[/FONT]
[FONT=arial]c:\users\user1\AppData\Roaming\FileDoumi[/FONT]
[FONT=arial]c:\users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\7qjyvmn8.default\searchplugins\search.xml[/FONT]
[FONT=arial]c:\users\user1\AppData\Roaming\OpenTab[/FONT]
[FONT=arial]c:\windows\security\Database\tmp.edb[/FONT]
[FONT=arial].[/FONT]
[FONT=arial].[/FONT]
[FONT=arial]((((((((((((((((((((((((( Files Created from 2013-07-10 to 2013-08-10 )))))))))))))))))))))))))))))))[/FONT]
[FONT=arial].[/FONT]
[FONT=arial].[/FONT]
[FONT=arial]2013-08-10 07:55 . 2013-08-10 07:55--------d-----w-c:\users\Default\AppData\Local\temp[/FONT]
[FONT=arial]2013-08-10 07:22 . 2013-08-10 07:2276232----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{70E4924E-AD87-463E-B931-DC1A3A65D0B5}\offreg.dll[/FONT]
[FONT=arial]2013-08-09 20:44 . 2013-08-09 20:44--------d-----w-C:\TDSSKiller_Quarantine[/FONT]
[FONT=arial]2013-08-09 19:16 . 2013-08-09 19:16--------d-----w-C:\FRST[/FONT]
[FONT=arial]2013-08-09 17:50 . 2013-07-02 08:349460976----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{70E4924E-AD87-463E-B931-DC1A3A65D0B5}\mpengine.dll[/FONT]
[FONT=arial]2013-08-08 07:58 . 2013-07-02 08:349460976----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll[/FONT]
[FONT=arial]2013-08-08 07:36 . 2013-08-08 07:36--------d-----w-c:\users\user1\AppData\Roaming\Malwarebytes[/FONT]
[FONT=arial]2013-08-08 07:35 . 2013-04-04 12:5025928----a-w-c:\windows\system32\drivers\mbam.sys[/FONT]
[FONT=arial]2013-08-08 07:35 . 2013-08-08 07:36--------d-----w-c:\program files (x86)\Malwarebytes' Anti-Malware[/FONT]
[FONT=arial]2013-08-08 07:35 . 2013-08-08 07:35--------d-----w-c:\users\user1\AppData\Local\Programs[/FONT]
[FONT=arial]2013-08-08 07:31 . 2013-08-08 07:31--------d-----w-c:\programdata\CDB[/FONT]
[FONT=arial]2013-08-06 19:22 . 2013-08-09 18:55--------d-----w-c:\programdata\Malwarebytes' Anti-Malware (portable)[/FONT]
[FONT=arial]2013-08-06 18:17 . 2013-08-06 18:17--------d-----w-c:\programdata\Malwarebytes[/FONT]
[FONT=arial]2013-08-04 20:53 . 2013-08-08 08:28--------d-----w-c:\program files (x86)\GridinSoft Trojan Killer[/FONT]
[FONT=arial]2013-08-02 12:59 . 2013-08-02 13:01--------d-----w-c:\windows\system32\MRT[/FONT]
[FONT=arial]2013-07-17 19:19 . 2013-07-17 19:18941720------w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B77EAAFC-DB1A-4ACB-A0BC-F4530832711B}\gapaengine.dll[/FONT]
[FONT=arial]2013-07-12 21:19 . 2013-06-07 03:222706432----a-w-c:\windows\system32\mshtml.tlb[/FONT]
[FONT=arial]2013-07-12 18:54 . 2013-05-27 05:501011712----a-w-c:\program files\Windows Defender\MpSvc.dll[/FONT]
[FONT=arial]2013-07-12 18:54 . 2013-05-27 05:50571904----a-w-c:\program files\Windows Defender\MpClient.dll[/FONT]
[FONT=arial]2013-07-12 18:54 . 2013-05-27 05:50314880----a-w-c:\program files\Windows Defender\MpCommu.dll[/FONT]
[FONT=arial]2013-07-12 18:54 . 2013-05-27 04:574608----a-w-c:\program files (x86)\Windows Defender\MsMpLics.dll[/FONT]
[FONT=arial]2013-07-12 18:54 . 2013-05-27 04:5754784----a-w-c:\program files (x86)\Windows Defender\MpOAV.dll[/FONT]
[FONT=arial]2013-07-12 18:54 . 2013-05-27 04:57392704----a-w-c:\program files (x86)\Windows Defender\MpClient.dll[/FONT]
[FONT=arial]2013-07-12 18:54 . 2013-05-27 03:159216----a-w-c:\program files (x86)\Windows Defender\MpAsDesc.dll[/FONT]
[FONT=arial]2013-07-12 18:54 . 2013-04-09 23:341247744----a-w-c:\windows\SysWow64\DWrite.dll[/FONT]
[FONT=arial]2013-07-12 18:54 . 2013-04-02 22:511643520----a-w-c:\windows\system32\DWrite.dll[/FONT]
[FONT=arial]2013-07-12 18:54 . 2013-06-04 06:00624128----a-w-c:\windows\system32\qedit.dll[/FONT]
[FONT=arial]2013-07-12 18:54 . 2013-06-04 04:53509440----a-w-c:\windows\SysWow64\qedit.dll[/FONT]
[FONT=arial]2013-07-12 10:22 . 2013-05-06 06:031887744----a-w-c:\windows\system32\WMVDECOD.DLL[/FONT]
[FONT=arial]2013-07-12 10:22 . 2013-05-06 04:561620480----a-w-c:\windows\SysWow64\WMVDECOD.DLL[/FONT]
[FONT=arial]2013-07-12 10:22 . 2013-06-05 03:343153920----a-w-c:\windows\system32\win32k.sys[/FONT]
[FONT=arial]2013-07-12 10:22 . 2013-04-10 05:481732608----a-w-c:\program files\Windows Journal\NBDoc.DLL[/FONT]
[FONT=arial]2013-07-12 10:22 . 2013-04-10 05:461393152----a-w-c:\program files\Windows Journal\JNTFiltr.dll[/FONT]
[FONT=arial]2013-07-12 10:22 . 2013-04-10 05:461367040----a-w-c:\program files\Common Files\Microsoft Shared\ink\journal.dll[/FONT]
[FONT=arial]2013-07-12 10:22 . 2013-04-10 05:461402880----a-w-c:\program files\Windows Journal\JNWDRV.dll[/FONT]
[FONT=arial]2013-07-12 10:22 . 2013-04-10 05:03936448----a-w-c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll[/FONT]
[FONT=arial].[/FONT]
[FONT=arial].[/FONT]
[FONT=arial].[/FONT]
[FONT=arial](((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))[/FONT]
[FONT=arial].[/FONT]
[FONT=arial]2013-07-12 21:21 . 2011-11-11 15:0978185248----a-w-c:\windows\system32\MRT.exe[/FONT]
[FONT=arial]2013-07-12 09:43 . 2012-04-01 05:36692104----a-w-c:\windows\SysWow64\FlashPlayerApp.exe[/FONT]
[FONT=arial]2013-07-12 09:43 . 2011-10-22 11:1871048----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl[/FONT]
[FONT=arial]2013-06-21 16:05 . 2012-02-10 18:19964552------w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll[/FONT]
[FONT=arial]2013-05-13 05:51 . 2013-06-12 09:35184320----a-w-c:\windows\system32\cryptsvc.dll[/FONT]
[FONT=arial]2013-05-13 05:51 . 2013-06-12 09:351464320----a-w-c:\windows\system32\crypt32.dll[/FONT]
[FONT=arial]2013-05-13 05:51 . 2013-06-12 09:35139776----a-w-c:\windows\system32\cryptnet.dll[/FONT]
[FONT=arial]2013-05-13 05:50 . 2013-06-12 09:3552224----a-w-c:\windows\system32\certenc.dll[/FONT]
[FONT=arial]2013-05-13 04:45 . 2013-06-12 09:351160192----a-w-c:\windows\SysWow64\crypt32.dll[/FONT]
[FONT=arial]2013-05-13 04:45 . 2013-06-12 09:35140288----a-w-c:\windows\SysWow64\cryptsvc.dll[/FONT]
[FONT=arial]2013-05-13 04:45 . 2013-06-12 09:35103936----a-w-c:\windows\SysWow64\cryptnet.dll[/FONT]
[FONT=arial]2013-05-13 03:43 . 2013-06-12 09:351192448----a-w-c:\windows\system32\certutil.exe[/FONT]
[FONT=arial]2013-05-13 03:08 . 2013-06-12 09:35903168----a-w-c:\windows\SysWow64\certutil.exe[/FONT]
[FONT=arial]2013-05-13 03:08 . 2013-06-12 09:3543008----a-w-c:\windows\SysWow64\certenc.dll[/FONT]
[FONT=arial]2013-05-12 09:41 . 2011-03-28 16:3622240----a-w-c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll[/FONT]
[FONT=arial].[/FONT]
[FONT=arial].[/FONT]
[FONT=arial]((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))[/FONT]
[FONT=arial].[/FONT]
[FONT=arial].[/FONT]
[FONT=arial]*Note* empty entries & legit default entries are not shown [/FONT]
[FONT=arial]REGEDIT4[/FONT]
[FONT=arial].[/FONT]
[FONT=arial][HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run][/FONT]
[FONT=arial]"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208][/FONT]
[FONT=arial]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576][/FONT]
[FONT=arial]"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2012-07-25 296096][/FONT]
[FONT=arial].[/FONT]
[FONT=arial][HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system][/FONT]
[FONT=arial]"ConsentPromptBehaviorUser"= 3 (0x3)[/FONT]
[FONT=arial]"EnableUIADesktopToggle"= 0 (0x0)[/FONT]
[FONT=arial]"SynchronousMachineGroupPolicy"= 0 (0x0)[/FONT]
[FONT=arial]"SynchronousUserGroupPolicy"= 0 (0x0)[/FONT]
[FONT=arial].[/FONT]
[FONT=arial][HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32][/FONT]
[FONT=arial]"aux"=wdmaud.drv[/FONT]
[FONT=arial].[/FONT]
[FONT=arial][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc][/FONT]
[FONT=arial]@="Service"[/FONT]
[FONT=arial].[/FONT]
[FONT=arial]R2 ATE_PROCMON;ATE_PROCMON;c:\program files (x86)\Anti Trojan Elite\ATEPMon.sys;c:\program files (x86)\Anti Trojan Elite\ATEPMon.sys [x][/FONT]
[FONT=arial]R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [x][/FONT]
[FONT=arial]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x][/FONT]
[FONT=arial]R2 Mobile Broadband HL Service;Mobile Broadband HL Service;c:\programdata\MobileBrServ\mbbservice.exe;c:\programdata\MobileBrServ\mbbservice.exe [x][/FONT]
[FONT=arial]R3 cpuz134;cpuz134;c:\users\user1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys;c:\users\user1\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x][/FONT]
[FONT=arial]R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x][/FONT]
[FONT=arial]R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x][/FONT]
[FONT=arial]R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x][/FONT]
[FONT=arial]R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x][/FONT]
[FONT=arial]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x][/FONT]
[FONT=arial]R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x][/FONT]
[FONT=arial]R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x][/FONT]
[FONT=arial]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x][/FONT]
[FONT=arial]R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x][/FONT]
[FONT=arial]S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x][/FONT]
[FONT=arial]S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x][/FONT]
[FONT=arial]S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x][/FONT]
[FONT=arial]S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [x][/FONT]
[FONT=arial]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x][/FONT]
[FONT=arial]S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x][/FONT]
[FONT=arial]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x][/FONT]
[FONT=arial].[/FONT]
[FONT=arial].[/FONT]
[FONT=arial]Contents of the 'Scheduled Tasks' folder[/FONT]
[FONT=arial].[/FONT]
[FONT=arial]2013-08-10 c:\windows\Tasks\Adobe Flash Player Updater.job[/FONT]
[FONT=arial]- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 09:43][/FONT]
[FONT=arial].[/FONT]
[FONT=arial].[/FONT]
[FONT=arial]--------- X64 Entries -----------[/FONT]
[FONT=arial].[/FONT]
[FONT=arial].[/FONT]
[FONT=arial][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run][/FONT]
[FONT=arial]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-08 391000][/FONT]
[FONT=arial]"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-08 418136][/FONT]
[FONT=arial]"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512][/FONT]
[FONT=arial].[/FONT]
[FONT=arial]------- Supplementary Scan -------[/FONT]
[FONT=arial].[/FONT]
[FONT=arial]uStart Page = hxxp://www.google.com/[/FONT]
[FONT=arial]IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000[/FONT]
[FONT=arial]IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105[/FONT]
[FONT=arial]TCP: DhcpNameServer = 192.168.1.1[/FONT]
[FONT=arial]FF - ProfilePath - c:\users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\7qjyvmn8.default\[/FONT]
[FONT=arial]FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/[/FONT]
[FONT=arial]FF - user.js: yahoo.ytff.general.dontshowhpoffer - true[/FONT]
[FONT=arial].[/FONT]
[FONT=arial]- - - - ORPHANS REMOVED - - - -[/FONT]
[FONT=arial].[/FONT]
[FONT=arial]URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)[/FONT]
[FONT=arial]Wow6432Node-HKLM-Run-<NO NAME> - (no file)[/FONT]
[FONT=arial]SafeBoot-22968052.sys[/FONT]
[FONT=arial]HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start[/FONT]
[FONT=arial].[/FONT]
[FONT=arial].[/FONT]
[FONT=arial].[/FONT]
[FONT=arial]--------------------- LOCKED REGISTRY KEYS ---------------------[/FONT]
[FONT=arial].[/FONT]
[FONT=arial][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}][/FONT]
[FONT=arial]@Denied: (A 2) (Everyone)[/FONT]
[FONT=arial]@="FlashBroker"[/FONT]
[FONT=arial]"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"[/FONT]
[FONT=arial].[/FONT]
[FONT=arial][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation][/FONT]
[FONT=arial]"Enabled"=dword:00000001[/FONT]
[FONT=arial].[/FONT]
[FONT=arial][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32][/FONT]
[FONT=arial]@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"[/FONT]
[FONT=arial].[/FONT]
[FONT=arial][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib][/FONT]
[FONT=arial]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"[/FONT]
[FONT=arial].[/FONT]
[FONT=arial][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}][/FONT]
[FONT=arial]@Denied: (A 2) (Everyone)[/FONT]
[FONT=arial]@="IFlashBroker5"[/FONT]
[FONT=arial].[/FONT]
[FONT=arial][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32][/FONT]
[FONT=arial]@="{00020424-0000-0000-C000-000000000046}"[/FONT]
[FONT=arial].[/FONT]
[FONT=arial][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib][/FONT]
[FONT=arial]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"[/FONT]
[FONT=arial]"Version"="1.0"[/FONT]
[FONT=arial].[/FONT]
[FONT=arial][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}][/FONT]
[FONT=arial]@Denied: (A 2) (Everyone)[/FONT]
[FONT=arial]@="FlashBroker"[/FONT]
[FONT=arial]"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"[/FONT]
[FONT=arial].[/FONT]
[FONT=arial][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation][/FONT]
[FONT=arial]"Enabled"=dword:00000001[/FONT]
[FONT=arial].[/FONT]
[FONT=arial][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32][/FONT]
[FONT=arial]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"[/FONT]
[FONT=arial].[/FONT]
[FONT=arial][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib][/FONT]
[FONT=arial]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"[/FONT]
[FONT=arial].[/FONT]
[FONT=arial][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}][/FONT]
[FONT=arial]@Denied: (A 2) (Everyone)[/FONT]
[FONT=arial]@="Shockwave Flash Object"[/FONT]
[FONT=arial].[/FONT]
[FONT=arial][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32][/FONT]
[FONT=arial]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"[/FONT]
[FONT=arial]"ThreadingModel"="Apartment"[/FONT]
[FONT=arial].[/FONT]
[FONT=arial][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus][/FONT]
[FONT=arial]@="0"[/FONT]
[FONT=arial].[/FONT]
[FONT=arial][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID][/FONT]
[FONT=arial]@="ShockwaveFlash.ShockwaveFlash.11"[/FONT]
[FONT=arial].[/FONT]
[FONT=arial][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32][/FONT]
[FONT=arial]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"[/FONT]
[FONT=arial].[/FONT]
[FONT=arial][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib][/FONT]
[FONT=arial]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"[/FONT]
[FONT=arial].[/FONT]
[FONT=arial][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version][/FONT]
[FONT=arial]@="1.0"[/FONT]
[FONT=arial].[/FONT]
[FONT=arial][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID][/FONT]
[FONT=arial]@="ShockwaveFlash.ShockwaveFlash"[/FONT]
[FONT=arial].[/FONT]
[FONT=arial][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}][/FONT]
[FONT=arial]@Denied: (A 2) (Everyone)[/FONT]
[FONT=arial]@="Macromedia Flash Factory Object"[/FONT]
[FONT=arial].[/FONT]
[FONT=arial][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32][/FONT]
[FONT=arial]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"[/FONT]
[FONT=arial]"ThreadingModel"="Apartment"[/FONT]
[FONT=arial].[/FONT]
[FONT=arial][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID][/FONT]
[FONT=arial]@="FlashFactory.FlashFactory.1"[/FONT]
[FONT=arial].[/FONT]
[FONT=arial][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32][/FONT]
[FONT=arial]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"[/FONT]
[FONT=arial].[/FONT]
[FONT=arial][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib][/FONT]
[FONT=arial]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"[/FONT]
[FONT=arial].[/FONT]
[FONT=arial][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version][/FONT]
[FONT=arial]@="1.0"[/FONT]
[FONT=arial].[/FONT]
[FONT=arial][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID][/FONT]
[FONT=arial]@="FlashFactory.FlashFactory"[/FONT]
[FONT=arial].[/FONT]
[FONT=arial][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}][/FONT]
[FONT=arial]@Denied: (A 2) (Everyone)[/FONT]
[FONT=arial]@="IFlashBroker5"[/FONT]
[FONT=arial].[/FONT]
[FONT=arial][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32][/FONT]
[FONT=arial]@="{00020424-0000-0000-C000-000000000046}"[/FONT]
[FONT=arial].[/FONT]
[FONT=arial][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib][/FONT]
[FONT=arial]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"[/FONT]
[FONT=arial]"Version"="1.0"[/FONT]
[FONT=arial].[/FONT]
[FONT=arial][HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}][/FONT]
[FONT=arial]@Denied: (A) (Everyone)[/FONT]
[FONT=arial]"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"[/FONT]
[FONT=arial].[/FONT]
[FONT=arial][HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3][/FONT]
[FONT=arial]@Denied: (A) (Everyone)[/FONT]
[FONT=arial].[/FONT]
[FONT=arial][HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0][/FONT]
[FONT=arial]"Key"="ActionsPane3"[/FONT]
[FONT=arial]"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"[/FONT]
[FONT=arial].[/FONT]
[FONT=arial][HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings][/FONT]
[FONT=arial]@Denied: (A) (Users)[/FONT]
[FONT=arial]@Denied: (A) (Everyone)[/FONT]
[FONT=arial]@Allowed: (B 1 2 3 4 5) (S-1-5-20)[/FONT]
[FONT=arial]"BlindDial"=dword:00000000[/FONT]
[FONT=arial].[/FONT]
[FONT=arial][HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security][/FONT]
[FONT=arial]@Denied: (Full) (Everyone)[/FONT]
[FONT=arial].[/FONT]
[FONT=arial]Completion time: 2013-08-10 10:00:01[/FONT]
[FONT=arial]ComboFix-quarantined-files.txt 2013-08-10 08:00[/FONT]
[FONT=arial].[/FONT]
[FONT=arial]Pre-Run: 30,981,750,784 bytes free[/FONT]
[FONT=arial]Post-Run: 30,939,881,472 bytes free[/FONT]
[FONT=arial].[/FONT]
[FONT=arial]- - End Of File - - 575BA5342F06CDFB4F03D31E166093FE[/FONT]
[FONT=arial]A36C5E4F47E84449FF07ED3517B43A31[/FONT]
[FONT=arial] [/FONT][/FONT]

 

[Broni]

BUT with a full scan it did cache the trojan !!

Details please. File name and its location.

Combofix looks good.

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on adwcleaner.exe to run the tool.
• Click on Delete.
• Confirm each time with Ok.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the contents of that logfile with your next reply.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[amiraa]

this is what MSE detailed file:C:\TDSSKiller_Quarantine\09.08.2013_22.43.37\boot0000\boot0000\tsk0000.dta
Oh and there is a wearied file on my desktop by the name RK_Quarantine and another one on Disk D named $RECYCLE.BIN What to do !!!

this is AdwCleaner log

[FONT=arial]# AdwCleaner v2.306 - Logfile created 08/11/2013 at 20:51:18[/FONT]
[FONT=arial]# Updated 19/07/2013 by Xplode[/FONT]
[FONT=arial]# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)[/FONT]
[FONT=arial]# User : user1 - USER1-PC[/FONT]
[FONT=arial]# Boot Mode : Normal[/FONT]
[FONT=arial]# Running from : C:\Users\user1\Desktop\adwcleaner.exe[/FONT]
[FONT=arial]# Option [Delete][/FONT]
[FONT=arial] [/FONT]
[FONT=arial] [/FONT]
[FONT=arial]***** [Services] *****[/FONT]
[FONT=arial] [/FONT]
[FONT=arial] [/FONT]
[FONT=arial]***** [Files / Folders] *****[/FONT]
[FONT=arial] [/FONT]
[FONT=arial]Folder Deleted : C:\Users\user1\AppData\Roaming\yourfiledownloader[/FONT]
[FONT=arial] [/FONT]
[FONT=arial]***** [Registry] *****[/FONT]
[FONT=arial] [/FONT]
[FONT=arial]Key Deleted : HKCU\Software\APN PIP[/FONT]
[FONT=arial]Key Deleted : HKCU\Software\Softonic[/FONT]
[FONT=arial]Key Deleted : HKCU\Software\YourFileDownloader[/FONT]
[FONT=arial]Key Deleted : HKLM\Software\Classes\Installer\Features\90C64EA18BA25EE488BF80DCF07F2FFD[/FONT]
[FONT=arial]Key Deleted : HKLM\Software\Classes\Installer\Products\90C64EA18BA25EE488BF80DCF07F2FFD[/FONT]
[FONT=arial]Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap[/FONT]
[FONT=arial]Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}[/FONT]
[FONT=arial]Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}[/FONT]
[FONT=arial]Key Deleted : HKLM\Software\PIP[/FONT]
[FONT=arial]Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}[/FONT]
[FONT=arial]Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}[/FONT]
[FONT=arial]Key Deleted : HKLM\Software\YourFileDownloader[/FONT]
[FONT=arial] [/FONT]
[FONT=arial]***** [Internet Browsers] *****[/FONT]
[FONT=arial] [/FONT]
[FONT=arial]-\\ Internet Explorer v10.0.9200.16635[/FONT]
[FONT=arial] [/FONT]
[FONT=arial][OK] Registry is clean.[/FONT]
[FONT=arial] [/FONT]
[FONT=arial]-\\ Mozilla Firefox v22.0 (en-US)[/FONT]
[FONT=arial] [/FONT]
[FONT=arial]File : C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\7qjyvmn8.default\prefs.js[/FONT]
[FONT=arial] [/FONT]
[FONT=arial]C:\Users\user1\AppData\Roaming\Mozilla\Firefox\Profiles\7qjyvmn8.default\user.js ... Deleted ![/FONT]
[FONT=arial] [/FONT]
[FONT=arial][OK] File is clean.[/FONT]
[FONT=arial] [/FONT]
[FONT=arial]-\\ Google Chrome v28.0.1500.95[/FONT]
[FONT=arial] [/FONT]
[FONT=arial]File : C:\Users\user1\AppData\Local\Google\Chrome\User Data\Default\Preferences[/FONT]
[FONT=arial] [/FONT]
[FONT=arial][OK] File is clean.[/FONT]
[FONT=arial] [/FONT]
[FONT=arial]-\\ Opera v12.15.1748.0[/FONT]
[FONT=arial] [/FONT]
[FONT=arial]File : C:\Users\user1\AppData\Roaming\Opera\Opera\operaprefs.ini[/FONT]
[FONT=arial] [/FONT]
[FONT=arial][OK] File is clean.[/FONT]
[FONT=arial] [/FONT]
[FONT=arial]*************************[/FONT]
[FONT=arial] [/FONT]
[FONT=arial]AdwCleaner[S1].txt - [2019 octets] - [11/08/2013 20:51:18][/FONT]
[FONT=arial] [/FONT]
[FONT=arial]########## EOF - C:\AdwCleaner[S1].txt - [2079 octets] ##########[/FONT]

 

[amiraa]

JRT log

[FONT=arial]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~[/FONT]
[FONT=arial]Junkware Removal Tool (JRT) by Thisisu[/FONT]
[FONT=arial]Version: 5.4.2 (08.11.2013:1)[/FONT]
[FONT=arial]OS: Windows 7 Ultimate x64[/FONT]
[FONT=arial]Ran by user1 on Sun 08/11/2013 at 21:05:57.59[/FONT]
[FONT=arial]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~[/FONT]
[FONT=arial] [/FONT]
[FONT=arial] [/FONT]
[FONT=arial] [/FONT]
[FONT=arial] [/FONT]
[FONT=arial]~~~ Services[/FONT]
[FONT=arial] [/FONT]
[FONT=arial] [/FONT]
[FONT=arial] [/FONT]
[FONT=arial]~~~ Registry Values[/FONT]
[FONT=arial] [/FONT]
[FONT=arial] [/FONT]
[FONT=arial] [/FONT]
[FONT=arial]~~~ Registry Keys[/FONT]
[FONT=arial] [/FONT]
[FONT=arial] [/FONT]
[FONT=arial] [/FONT]
[FONT=arial]~~~ Files[/FONT]
[FONT=arial] [/FONT]
[FONT=arial] [/FONT]
[FONT=arial] [/FONT]
[FONT=arial]~~~ Folders[/FONT]
[FONT=arial] [/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{00055577-4838-4A25-B891-C38ADB7A0993}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{003AA2AA-6AF3-4507-817F-89B5A0DBA77D}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{007CD280-20DB-49E8-A2FA-4C36BFA03252}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{01412105-5929-4C95-AF5C-2C38BA23D39E}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{01771CFA-C3D4-4E1A-AFFF-200B349036B9}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{01FA3734-2C0C-4272-8D1D-6D804DC5BA63}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{0249F1DC-A1E1-4521-8290-DF20ADF19E25}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{027392B1-41F8-4255-92CD-1334D906F717}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{028A516A-803D-4C0F-B3BC-911057DEB489}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{02DBD726-FCBC-4F85-85A8-158671E047E1}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{039AAE00-B610-4AC1-960D-15CE750CC5B0}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{03F797AA-9537-4981-8ACE-627F02CEDCF7}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{0402FA6D-610B-40D0-968F-6346F1D9E6A9}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{04FED660-06FE-4550-AF03-F6C946E9E75A}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{055D4E52-381A-4BF1-A574-C9BFA55F46DD}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{06C1C3A6-42B4-4CC1-A996-AB2A696A7C5C}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{08148956-CAF8-4493-95A0-2476E5D5AEB8}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{0835B205-8767-4371-A66B-FB7D6C1B8C7D}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{087205B4-F494-4DBF-BD71-F99952620E48}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{08CB7208-FAB0-41C1-9DA8-38E778579022}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{09AB2ACF-F1D8-49F3-9E93-F4B672B09DEE}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{09E2370A-9FE4-4D40-AB7E-7D526D294EAE}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{0A1DF8D7-AD23-422E-B862-7534250509C8}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{0AA080DA-9554-4934-ADC7-B918A71F0274}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{0AFDBBBA-A54C-4657-83D3-D1356E3E5993}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{0B44525C-6AC0-4498-8E78-216AE42410BD}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{0B4B54FB-394D-4150-A31D-982792B51F6F}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{0B72F23C-273D-4C8D-9543-7956C5B44CA5}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{0BF0BE51-7986-48C3-96B9-D6A3E9D3D921}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{0C247D24-F416-4346-82F5-770411D02330}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{0C45AE93-EE70-4550-94A6-BEDC68578714}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{0C650B48-37E4-4DD6-A3F6-88096A5E2F62}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{0C71A425-5FAF-44B0-82CE-5E981ABDB1CF}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{0C94E579-4692-473A-80F0-CA1FDE05319C}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{0C9B1A24-9BBE-4962-8DE2-2A1DC7EF3555}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{0CBD2BAD-9042-46D3-8660-F6C81D2C3C10}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{0D0DA033-8FCC-44E8-8195-2BDFD59C6E31}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{0D13A1B7-D9C1-43D9-888A-675A4C7CDEBB}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{0D1CFA16-619B-42A3-9B02-11DDD832265A}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{0D97C35E-E849-4828-B1AD-CDE6B654989E}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{0DBC5BF4-39D7-4C46-AEFF-BDE44C7BF605}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{0E90E1DF-323B-4457-80E7-2F3F8FF9195F}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{0ED63624-4F49-4F1C-AA27-230AC7A8F4BE}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{0EE58EC9-96DC-40BF-8146-32C3DDC77C32}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{0F278670-6FBB-4286-A008-6E7857CCFD9A}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{0F4DC745-4608-4E28-9AEC-C59B5103ADC8}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{0F65EFAA-34C7-411C-B221-2B3CD6B0A130}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{0F70382B-C339-4C01-BE75-293A33970330}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{0F708FF2-C9C5-40E6-AA1A-7E3AB9715C00}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{0FA54300-35A8-4ABB-9139-3A4297A6267A}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{1148AB5D-D363-4810-AA2C-0E5AA31CBACE}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{11B139BF-83CD-4B96-97A1-1C136BD0073F}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{11E5AD57-D9E3-4EA5-AF6D-F2B868DBB4FE}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{11F15B97-A975-4B21-B3C2-AD3383417BDB}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{122210D4-86BB-49DC-B243-3C32A58AB211}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{12321958-4183-4022-B32C-61EEAF0FF67D}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{127038BF-F420-4192-88BA-F2DD63C6C576}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{12F4276A-6C29-41E2-ACAF-0A25AB804C1B}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{130764B4-390D-4E89-B975-089A5376320D}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{13212452-640F-4935-8FED-D73429A1AC22}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{136590D9-AB7D-4BA5-845A-5F1564077133}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{13B21C48-AC89-49BE-8CD2-7087FF795EBF}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{13CBEA34-81CC-42DB-8AD1-261603B1473D}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{140EF198-E311-4F7E-9E49-E38EBD2D9050}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{141C668F-BDCF-44ED-A437-312FE4A4C799}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{14546DC3-0CA5-4494-9F38-892580542E5C}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{1493FE71-9FB2-4661-8473-AD1AF42FCF05}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{15354A9D-67EE-4AB0-B1BA-51018E732B93}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{15BD1922-40FD-4D7B-9745-E0BCEBC53652}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{16EA560A-B39A-4EC2-947B-15A5A96075C1}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{1703B144-25B8-431D-A671-10A417CAA952}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{1727F9B6-A02C-43E6-99C2-994A0E0EAAF0}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{182307ED-1A9B-4E41-B223-5B6EEFECBB29}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{1939068F-217B-492B-9A47-CF882155BAD4}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{19B0DBB8-1FC4-41F5-99D7-4AC83289EAE8}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{19D7BB3D-32F6-4DCF-8409-281D85DC98B9}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{1A70C113-55DC-4633-8C04-5DABB0C7ADE1}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{1A745776-73DC-48F6-98A6-DD1E84F6BE4B}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{1A8A0105-D91D-4855-A16E-01A0723E83CC}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{1ABCB899-AAF8-4B00-8EB4-330975228DE0}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{1AD1D42D-2C47-4D00-A96C-95E7FB51A1DB}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{1AF15CD3-D7E8-4CA5-A18A-7219E4D3E4FE}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{1B118A73-EE37-459B-928D-11DDB4D530C8}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{1C6BA656-D725-4560-8CA0-54D90E8443EE}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{1C938D7E-64D7-4075-BCB8-D0A9CB2E5873}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{1C9A0768-709B-45D3-A295-A19BBFB1F4A2}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{1D00611A-ED22-4C39-9A9E-A7066BAD748B}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{1D11B433-CFED-4E37-B95D-6812FD51BC44}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{1D5B0614-37BA-4037-87F8-8877357D98B0}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{1D61A467-4AB3-4DB7-BD83-DF9023015204}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{1D83FCC0-36C3-48A2-A4B8-C7BC0EAB4B17}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{1DB81DBE-567E-4D3C-991C-2BC9116F905C}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{1DD2E82D-B692-4A42-B4AD-DEF2481B13E9}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{1DDD4F5B-6C78-43B8-8321-537E8D09B95E}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{1EA1C207-0895-4A4F-A47E-6C27F0FEAF96}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{1EBDFE97-E717-481B-90E5-3292A6737EC6}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{1EE5D024-CD58-4E0B-A43C-0F3D4BDC5540}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{1EECE115-AA99-4C74-8672-E6AE8BC63757}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{1F006F18-8F75-42E9-A27A-9237B2DD83B5}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{1F5FFFFF-2ED5-46A0-A3FC-544D70A41B45}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{1F80E2BB-3115-469C-9580-0C4A585D8418}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{2046B15B-EC94-437D-96F9-4F0946A5E38F}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{205BE9D4-4313-4BA9-9A08-BD35FABAE67F}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{20836F12-DAA0-454F-8DAE-2F4F18515F00}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{20BA9866-D70A-4DFE-94ED-55FB369910C7}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{2178EEF2-066F-4D2D-B3C8-172DE99EAFB6}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{21919406-C9A4-4E1B-ADDD-ECAC26710174}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{21A2E35E-BCEB-49F1-81D0-71F227105AC3}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{2273CA0C-BDE8-46E0-82AD-E5300928240F}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{229EC1E7-4523-4233-98AB-BA20207B6A3A}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{22A001E8-9C5B-44B5-9238-57DBB15EC81B}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{22F17B58-5127-4F5C-B0DE-B6F40865E668}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{23CFAB94-CAE2-4D38-8B8B-866B19869BB4}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{23D05D65-DA52-460A-8A5D-EC54BA561685}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{240A1AC7-7DC4-4CD5-9E1E-F9D094A6103E}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{2420FBB8-41C5-4E68-91E6-955DE435F644}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{24AA9360-ABBD-4675-9EC6-14E4F8B495F5}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{24E4D2BB-947D-4934-922A-1EFDC95B032B}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{259F200C-3B9C-4BFB-B1B2-58A529A8E8D0}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{26D1082F-8AF5-41E3-9B2A-6FEDF0E7F292}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{27D8B29B-267D-47C6-B3CE-A42E4C4FFEB3}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{27DBBF16-31AF-4FF6-B9F2-2CB29FE40A03}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{28180590-B482-4837-BF72-9E8CC8EA6A31}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{28296BC7-63D3-46B0-8DF7-0F44781ADD0B}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{28322C7D-DB91-47AA-9924-2A97FF99DCB2}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{289C42E3-395F-4616-B231-2F153E298C7C}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{28AD7943-C7E9-4F4F-85C1-3A6DB8525F88}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{28F1302B-3095-4FF1-AF26-1819A191B99E}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{291EFBE9-2657-43D7-8E9E-996BB2D2C349}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{2958DE5F-4188-4A51-AC3D-983044631D40}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{2AD5EE2F-A970-40A7-8EEC-5A4DAF539720}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{2B528784-5D7C-4813-B774-95066BAD96E7}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{2B5C4B1B-34BA-4CF3-927A-8895B5B27E9B}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{2B791B50-DF15-4857-9391-6E11B50150EB}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{2B8F3CE1-66FA-4B80-ACBF-45CABE3E0CC1}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{2BA5EB73-8520-4BD1-B70A-00B84B9402FF}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{2BB810C5-4B6A-4FEB-B146-A8181BB96AFE}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{2BBDBD1D-9723-47DE-84D2-BADDFAE52D3C}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{2BCF3307-6DF9-4557-AE3C-34DC46C57954}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{2BF74119-7D02-48C6-A90D-32482CD381A7}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{2C47AD22-C120-4913-9FB4-BE175F13BF8E}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{2CB5E97E-87D6-4BFF-ABE0-572CC34355E0}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{2CF69668-7A74-41E8-A737-1121461AB77F}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{2D8768C5-AA08-4662-8926-E8DA71291537}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{2D8A88C6-53E6-46DC-9EBE-ED51103D1D54}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{2E1CC77B-4EDF-42B8-B272-2BEDD13D991E}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{2E4CB83C-1041-4A00-A1BC-54515CFE05B3}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{2E8F80BE-0355-4C1C-9FA0-1083984195A5}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{2EB764F2-E248-4E12-977D-9080B096F2BC}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{2FC13369-CADC-4B86-B09E-E1CB1DAE01CE}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{30FB4398-E666-43F6-BD82-E252AD43F600}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{31522A2A-200A-4483-B6FC-70893D15CDC3}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{328D88AA-94CC-4AA0-9885-C2D0BD90FEA8}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{33099134-E979-4FEE-902B-43A9305F617C}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{3320F2CB-8F14-4F39-A0C3-18AAD0823A47}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{333D293B-C098-4D3B-9B5D-56B7BF98680C}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{33A26FD0-7173-417A-8CDC-298D721078AB}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{33F4A12C-A945-4D49-A8BA-34CEE6878733}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{3472EF76-39FC-409E-B3B6-D30BE531145F}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{35394785-8C68-423C-B8C3-958BAB7D788E}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{35C6381A-69F8-44DD-A938-75F91CB8EF66}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{366D29FF-D6D9-4304-995D-375000C95B4B}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{36787B5C-3BB7-4C91-838C-8340CB0F6824}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{367AD3B4-02D6-4B03-B68B-ECF83AE72F2E}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{36BCD28A-7C92-46DF-8AA2-C3DDA04768AF}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{374FC7F3-2AE5-441D-BB21-FC40D5D976AD}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{3757FAEF-D5F2-439E-95F3-6702F5FB221E}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{3772CBF4-F903-4F3E-AE38-2F713EE38104}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{3808042E-D1E3-46E3-85C7-B76D5A96AA0A}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{38243C6A-9DCE-4091-B38F-89530E96C674}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{383BE2B3-4C02-415E-A9AC-69E8FAF37832}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{3869380E-7FB1-4579-898A-E54E4E538097}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{39467073-45B0-4C66-9C34-48AC943B2AC2}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{3946CC6A-1CB9-4482-A06F-57DFF1A75B45}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{3A13C6B0-C067-42E0-AD9D-CC06D9B87F3F}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{3B3D1B10-BEA8-45BB-BDAA-51B20FA96C62}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{3BD171C6-3281-4F7D-9629-834F807313E9}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{3C47E1CB-2167-4458-8C4D-FDC091EC033D}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{3C882401-0C93-4B25-92D0-A5B28CCAC040}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{3CC7FC78-F868-457E-A0EC-14B4CD6B99C5}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{3CDE72D4-D404-453B-B27A-B8DA044E9BCB}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{3D2D2E78-22DB-4C88-B0C6-FC1CB05B60A8}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{3D540F83-4CE5-4890-A835-741D7CCD158A}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{3DE7E886-1599-4265-B31F-C36CFBDCC86A}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{3DEA44CA-062C-4D6B-8EF2-6703C82F6F1B}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{3E284F14-E03A-47DE-8DAA-232E7D20A244}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{3E7377A0-D113-448D-B846-C9C6DD96595D}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{3EBB73A3-CDA2-479A-8FC0-F5A15D64F414}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{3F9E7DA2-673A-4BD3-B734-1042950FB996}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{3FBAAFF0-0365-4CBF-814A-51A2AB72710D}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{4073E98A-7BDF-4EBB-9D6B-A2D86373DF78}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{40A9A477-6FB8-4F9B-AA18-196453B71F65}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{4106E797-AAE2-4011-9425-94C451170794}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{4180CD60-B848-42B5-84DA-E347A9ED4823}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{419F590D-E220-429E-9126-7EF90FE0B6CC}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{422A4959-35D1-4D36-9F1D-36D604012EAC}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{430FC54D-9A5F-4A36-AF1F-CC87E90A4FCC}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{442F458C-2BFA-448F-B21A-D80A704933AC}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{44B9FD6B-C60E-4ABE-9D13-FD640647B210}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{4559EA9F-27D4-41D6-84AE-691A417E07C4}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{4639EB98-2FA6-4CA3-AFDF-46FFBBC5C8D4}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{4642F5C6-0535-4A1B-ABE5-5C324821EBFB}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{4649574E-3924-4C93-83CE-201DBB8FF04F}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{468ADA55-630F-4BE5-B7FB-8BF1E359964D}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{46908B44-2E70-470E-B107-D6CE93090003}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{46CA19AF-1B96-43B1-A45A-D76B7E6AAE66}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{47CA8818-E6C7-4589-8853-2173B580283E}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{4813744E-54CF-4C8C-8C31-D8172E4E50E0}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{4839C3BA-DC83-4DE4-A0D5-DAA455A7A3B3}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{485725E7-3FC8-4661-B858-F1E5B2410CA3}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{48F09888-6935-421B-AEA2-F3BDB8974628}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{48F358EA-E731-4346-9FCC-1DED1689FE19}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{49986EB2-25F6-4FA7-85EC-94D90F26F95F}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{49C02B06-2B33-446C-9DFA-3E952B761F3F}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{4A64E858-7A47-48FF-B237-52601625C8D7}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{4A8695A7-18A5-4ABB-83D9-E68C7A50F7E7}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{4ADD9422-114A-4DCA-BAF2-7E81FA1B9E38}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{4B118231-5DE0-4C3B-A061-183CD26C80D2}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{4B16343E-6855-42B3-8244-5D70A0EFD0BE}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{4B24F440-A462-46EB-8972-70935845F91E}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{4BFCB762-BB3A-496B-A62D-FE83C558C7C6}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{4C48B8FF-63F2-47E7-BB36-24048E54203A}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{4CDF885C-F0C7-4C7A-9348-FF84AFA936AF}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{4D0365A9-0D03-4EAB-A56E-A40AC5CFFFA5}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{4D7B3F5C-6499-456E-8610-75DCAFEEA9B6}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{4DEC551D-3DDD-4B2C-83D6-C8F395D9046C}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{4DF1AFE8-26A4-446D-B8EC-242BB2CE7366}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{4E828F35-C0ED-41EE-AD13-AA6A0BCDE838}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{4E9597CE-7E4D-4517-A7ED-F6032AB4A934}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{4EC2FBED-5ECD-4DF0-89F5-C8653DB2DBBF}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{4EE733FB-8297-4F28-BF9C-4F86F6A916C9}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{4F6E683C-ADEE-409F-AAF5-6D1D5CB9AF80}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{4F7F4CD8-C267-461C-A1B1-88DCEAAD31CF}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{4FD5D099-CD54-4533-AEDC-1C458EFCBE8D}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{4FE9F5E4-D1D9-4C3D-B588-E58DC6BEE823}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{5077D74A-A55D-4B31-900E-20B0F007EE43}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{50A67E7C-142B-414F-A664-8E3D87323D1E}[/FONT]

 

[amiraa]

[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{51338FA9-94AB-43C7-B425-36F284E940BF}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{51D1F82A-B1E0-4F1B-9CE9-E4980493036D}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{51EEF119-40AD-4CA8-A495-F5EA4EA365E2}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{51FECD92-FD1C-4EEC-AEFD-C7E1FECE4CCB}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{521B029D-518F-43B6-851B-76ADC31FBBA9}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{528B000E-3D8C-484C-98DD-87775018595D}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{52CA2C79-365B-4682-8918-40ACACC8479E}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{52DE94EA-82D4-416C-89C2-4CDE77ED60AA}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{52EBD20C-1E81-41C2-92ED-E8DDABDEF5A2}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{547E6070-7A40-423F-8BC1-2F888D3975F6}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{551C5DCA-A10D-4A89-A3CB-CB4A9F48E00E}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{558A802E-8B7A-4213-AD80-14CFAD28B1A8}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{55D3BB55-B20D-4385-89B6-AC299A3B424E}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{5715EFEB-A59A-47F5-98C6-4D1D6E1FDFD4}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{57DA03A9-4186-459C-AA06-86AC2C3FAFBB}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{580036CB-0C80-4243-B640-EE09A13DD757}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{5831ADF1-ED89-4970-B960-1BB51F22E442}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{599E6F63-2072-4BD5-AAAD-EB2066D5B6D0}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{59FC0D52-0EB2-406F-9732-6ED07E7E3A97}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{5AAD1E5E-2DDD-4060-BEB3-B32FC1EA3C02}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{5B95A094-36D4-444A-B760-8AE0D934690A}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{5BDB416D-E965-4AA2-BD6D-27C810DA7F44}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{5BDDE807-E4C2-433A-82A4-EAA9BD9647CC}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{5D5DE845-34BB-4FD8-9390-7EB23E8CE343}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{5DAADBEC-881F-45B1-B7C9-DA917F3FD501}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{5E3ACBFD-4311-46C2-9B51-8EF73ABF556C}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{5E3DAEC7-3F35-417C-9204-ABD43CFA3973}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{5E4BCF75-75C2-4AD2-ABC1-D3AB5770DDD6}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{5E6AE9AC-920B-4A24-84B2-CD4143D3B9DB}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{5E8276CB-5997-4DA9-AE31-32BB1AEB51DB}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{5EF1DD7B-B2D0-45A0-BE17-78A8B176E998}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{5EF89BAE-0CFE-4A31-AB86-169182422F0D}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{5F3B99BB-1B17-4B72-B954-2CFF9EE3DC0B}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{5F3D47B4-321C-4DAA-A484-B1EB6289E331}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{5F515A16-B612-4680-82A6-7175E97994B5}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{5F6B82EA-5ED4-4FFD-A4B2-47F814A0D517}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{5F6BABB0-A0E9-4EA7-AACB-3287830A96EB}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{5FD63F16-0AE7-4EE8-867E-50797276F095}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{6009F750-33C1-4B59-BE18-471915D19A5F}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{602A180B-7DB5-4041-86A5-66444A47BEAF}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{60767F50-A96C-438D-88D1-68F4D927FC58}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{60BBCBCF-AA96-4394-87E9-C45CE9C7EA2B}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{60D696AA-8C02-48C9-94E3-7C5A21048500}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{61302667-BBD5-4F69-8EF1-B8EBF0770C09}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{61B2DFDC-8B9A-480F-BD29-50B1FC59EE66}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{61BC1ACF-67C0-4097-9F70-E8123E665DDE}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{61CF5F52-A063-499B-B493-510CC55F8078}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{62022069-2F38-462E-9067-531B4DF1AA85}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{620CD36F-49E8-4CDA-A721-002866EAF4FD}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{62269E4D-85A6-43A0-9819-7DF43584AF1F}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{62278B0C-A254-4C81-842D-C4EB28298D19}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{6273EEE6-9870-4BE7-9BB9-A15A38A32D90}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{629CEE20-5C93-4B51-AB8F-E7DFB47FFC95}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{62A9CF0A-6A4D-4B61-9A10-18AAB2B4CED5}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{62DC2F55-7EAC-4DD1-A46E-D04C432BA400}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{63278CEB-5B6A-4AEE-B059-4D7495F79206}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{6358355A-3972-419E-8EDD-E8358A19DE45}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{636E4826-4B0D-4A1C-84F4-E136D732291D}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{64176ED2-12E5-45A8-AFD0-F0C9ACEA4854}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{64260E00-5442-47C0-B72F-FF201E607344}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{646718B6-5B7A-4C81-8E7A-23FBF274501D}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{64F4F80B-46E7-47D7-881D-1B9FFA7C7DAD}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{64F996AE-6354-4F9F-97E7-348F163D426C}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{654C6AAC-9F31-4D73-8C7F-8B3D944483B0}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{6565EFA2-717B-4D90-BE09-8C112E11770C}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{65DFA2DF-5663-40E8-AD15-18A8C7A6C239}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{65E4D6FB-82A9-4427-8552-581C1C6BEB6A}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{663897D9-B9F7-486A-83B6-02608C309D56}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{66A2849C-BA68-4137-A4E1-DC39ED56FAB8}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{66AC64AE-4F63-4F99-9AB5-BBDA371F05FA}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{66FB9A80-0401-4351-93CE-E2A14A6F07A9}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{66FFA31A-7CCC-4012-ACC3-C04898815A24}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{67392A10-9BAF-4F0F-AC69-C4A025FC86E2}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{677F0224-885D-41F6-BDF0-2044AA4F01E4}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{67E332EB-F02A-473C-948C-38D6CEB3F715}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{67F81C35-740A-46D1-803B-A1BCA982D1A9}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{682DF960-7756-41F5-A2F9-496EF8AC65DF}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{68631E9D-409A-41CE-BC36-66E756DE0149}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{6891BB1C-B232-468F-BD36-F018C9A0EB17}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{68D751B7-45FB-43FF-9A44-5B11F2BE420B}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{68FC9344-CAF3-4AB4-B06E-6BA85CEED051}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{693B32AD-67C8-4B77-A735-E17899C6A5AB}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{69B4D388-34EF-4709-8700-78048AB4C84B}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{6A1FF757-349F-4B7A-8F8B-53D7BF00948B}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{6A428E93-EBE3-4E8A-90FF-5E52B29336C8}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{6A5D74E2-166C-4374-BEB4-32B8244E05CD}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{6A7B7032-4D42-4B4E-909B-F0615BC8323A}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{6AAA40DA-DBC1-4385-9D8B-4E2A9D62225F}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{6B0EC724-09F3-4F00-BA9F-FA8407D0FE0C}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{6B427507-6700-48BB-A602-1378A29DE5C4}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{6B629B1E-7A0C-4F3D-8FDD-5C9361CD7270}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{6C60B5A1-D9B9-4A5A-9F7C-4CDF98EB4F02}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{6C9A69CC-619C-4FE3-9DCF-BBD030F226AF}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{6D302E22-F038-4207-8071-81A07DA1DB1D}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{6D43E19C-FCEE-40B7-9315-89D10D8DA5D6}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{6DC41107-FD8B-4B70-AC5B-3855CDAC785C}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{6E6C8993-D0D1-4F95-8BC3-037A70D41813}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{6E91437E-DE28-404C-A7F3-8E9150BDFAF1}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{6E9BFCD3-321E-4A51-AB9F-16C214CE39D1}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{6EADACFB-A560-4F82-89DA-0787352F5708}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{6EB04BA1-3BCF-43EE-864F-2911328B5DEF}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{6ED295A1-140C-4B71-AB52-5ABAFDCAF660}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{6ED9BA3F-56C3-497B-9D89-2015ACCD919D}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{6F0E102D-53D7-4D13-8D16-63217B733F0B}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{6F5AA68C-B7C2-4183-9C1E-A861D6BA3967}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{7030E147-BF5B-4401-832C-FDD7A3149C80}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{7201BDC1-2238-4C14-A03F-DFD67D27003B}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{721908AA-B7A9-4649-B323-3E3891A79482}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{7223FE0A-1C18-4C95-8843-C70432542E46}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{726A4BA4-85CC-4099-BD99-5DB66354A432}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{7296F306-735D-4249-801B-9AEA72C8F2E1}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{733BDD75-6C48-4509-AF64-F1D81156ECFA}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{745E5AF2-F57E-49ED-94FD-A9AEEB09B51D}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{747B586B-A295-48E2-A410-AA5719FC409A}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{75059C2C-5CB9-4E75-B055-C7B05E5D7E74}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{750922AC-7F16-41BC-85DD-B0955DEBC1D8}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{7528A07D-8A17-43A6-AE92-3A4FDD98D934}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{75455C58-FC6C-450B-9F72-A352924DCB2E}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{75951BF0-F86B-4FEB-A41D-304D6A7DE9A7}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{75D21BBC-4139-4023-91FA-24477A9D9EFE}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{767FA0B0-4C8A-4D1A-B2FE-F1D8F7088792}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{768ACC8A-5E9B-46EA-AB5D-463B1C4AF24B}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{76B06CF5-6F54-4517-83C3-BA53EDBDFA00}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{76FEE64F-EC62-44DB-98D7-CD5D0CCF12AE}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{7709A240-6C90-4F80-AB86-88BC8D3EEBB8}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{771ADCF1-4749-4A93-B098-A18DAB72D89D}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{774D6971-F19D-4916-9EAB-C56CFD6AC086}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{77DE30C4-5071-447A-B6A7-2D1B159E831B}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{781C1BB2-1193-44FE-9135-439A34CF69E5}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{785D526D-A3C9-45CE-8BDB-07F29AE9A42B}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{789087F3-8087-4945-B63B-82A8BB54AEB2}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{78E423B5-49D4-44B2-8B29-673D2198B196}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{7A0E8CAE-8AA4-4638-8CC6-D3199BFDE1BD}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{7AD7FC82-143D-4EF8-89E9-2DD20B0EE6F0}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{7B2C3F8D-535D-46F1-8E6A-06A9927948C8}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{7B71926B-CC51-47F7-99F7-8256492C3428}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{7B82920D-B33D-4308-A3D0-E60DE2C03DF9}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{7BE3DC32-2090-4282-985E-98478FBD2ACF}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{7C021D8A-2525-466D-855A-94615C061D43}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{7C6D89DA-6344-4BEF-9E15-29130609976E}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{7CD3FDDD-5E13-442E-A566-270D3C89B847}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{7CE059EC-16BD-4EB8-AB54-6079C22BC320}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{7D4D54BB-3A8D-4F13-922D-DEFF875275C9}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{7DA44F69-A2F5-4D5B-970F-3422B621E1D0}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{7DFF9E9B-EB53-4AD3-9F6A-8A5F6A7C569B}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{7E1D92F3-55D6-42A4-AACD-EAD369702921}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{7E20033F-A96B-4C3D-915B-C629246B4077}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{7EB77CA5-67E5-43B6-8589-7585426977DA}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{7F284BD3-0355-4623-A3EC-654D78053D4C}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{7F611762-199D-4A40-9F56-C3599B541F00}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{7FAAE820-E29D-4013-A06A-98353571000B}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{7FC54656-C7CD-4D6C-85F9-BE5C67B4187F}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{803B8865-71DF-4539-8853-CA1459B3CCD5}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{80927933-FDC3-42F6-A7DD-4CF018F6196C}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{81098042-E222-4E0D-9C91-B2A94F297FD8}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{810B2201-80A2-43C9-91E4-BDD84DE33E59}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{81533D98-0DAD-4AEE-9C3B-A8AE761D8F76}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{81CF1798-062D-4AEF-A4D7-FBCA58B7C8BA}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{822FB4CD-D7A6-4D15-ACF1-58D4F08547EE}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{82819334-8B8B-4402-AF73-BFC99E8E74A4}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{83140A4B-2D41-477A-883E-8144052F50D9}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{8323988A-D82B-4E83-896F-B9A76AEF1391}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{8366894B-6DC3-43F6-9D30-F53B74A63E68}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{83D9C929-4E59-427F-A8CC-85854379DA12}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{83DD4CC9-5AA8-4A0A-8F41-CBCACEE86390}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{84117F59-6400-415F-B813-F543BA7CE767}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{8462A0E2-E12F-48DE-B00A-FC7373214C03}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{84661948-D845-4BFC-A66E-B168BE3A2DEC}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{84C927FE-2657-410A-90E2-AF114B6B7360}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{8506CAFE-95AC-41D0-9ECA-D253E1254B80}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{85569AE2-6E77-4340-B9AF-9AD1CA5F4A5F}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{85C6E974-4EBC-4618-AA6A-9B12B80ECE28}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{85C755CA-0F4F-43AA-B9A5-9822D541C5A0}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{869D3840-2B81-4614-8830-72D527FB15EA}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{871AF516-555D-4B71-A2AE-CD5FC468DD71}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{872A15CE-FF85-4A56-9FC1-73FC7A7E8E75}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{87C35669-5870-4770-A649-74351BE1AE40}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{8802165E-7910-494C-BE3E-3BA290F8FA75}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{88CA09ED-92D5-4AA5-89B5-B8F9101BDA06}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{88E7F052-C796-4B35-8E10-1D958800DA10}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{89A7F477-ABAE-4F85-8F9A-66EAB011806D}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{8A71F846-77B8-420D-8E58-7A9A021629E6}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{8A76901C-DD0A-415C-94D7-3215B471AF3C}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{8AC6F2EE-E159-471F-B695-67453390D587}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{8AF5A04A-B51A-453D-97E0-539A2BE0F867}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{8B6A890B-88A8-4C16-AA7D-3D74FE0C97D0}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{8BDED5B2-20A5-4EAC-8C0E-413ECB66E56D}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{8C133D73-62BA-4EE7-A549-CB1EFE23A6F4}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{8C19C878-DCBA-4496-AC07-ADD01EC3581C}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{8C3554C2-7EB4-4017-A5C5-5C5B5BB396F3}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{8C3D8738-ECB5-455E-A498-16443F717A6A}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{8C4986EB-9E35-42E8-830D-FF817910CB77}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{8C635AD0-4FE2-4A87-BD48-848C01C668EF}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{8CBF250D-DC5C-4CB3-8D68-B22F9E60E915}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{8CFF7088-AC07-4CE4-97A7-2FB9FDBD4AA6}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{8D19CFF1-515D-4739-868B-1E6DA948CA2A}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{8D36AE51-38C9-4795-A73B-B2F0B08B25A3}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{8D6BCF30-6B1B-4551-8933-C3EBEE398DC4}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{8DA4264D-F254-49A0-882B-E2B6020C88A3}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{8F13BE4F-A95C-4604-BEFE-DEF27540917B}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{8F2D6AE1-68A4-4C8C-A20A-E21FBF607CCE}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{8FA0A42D-7CE6-4CFC-B9A6-1DB0704F0801}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{8FBE0929-489C-4B87-9C2E-A18109E5077E}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{8FBFADC0-0F33-4A89-9EBE-EA0A28A605B1}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{901EC252-E45E-40A2-B44C-B239990B0DC7}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{901EFA8C-B896-4A8E-B3AC-B6A4955DCF38}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{90543AD5-2845-41BE-AF41-0B10EC1DACAF}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{907B08C3-CEDC-4D20-8365-E8FA908DE72F}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{90B9C2EC-AF61-44CB-8BD0-92EF0D25B209}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{91242744-8278-4277-9A2A-C9D8D2134E5C}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{918C0B3C-F166-497E-9EC2-D1C072F167C3}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{92A3216D-B44B-4597-BFE1-16DA3DE5E7A5}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{92C9BC57-443C-44DB-95CB-63286AB8598B}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{93022FDC-9696-48BA-ACA5-318C0A9392EB}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{9305457A-1EE6-4541-9BDC-971C805B3488}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{93623D30-20EA-4B70-97AD-8B6016DC152F}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{93729AFD-8AF0-4769-B340-BCC1BB5F5A83}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{93827D80-B387-42C9-A2E6-6E429B3421F4}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{9390FC64-969D-4CD9-8E8F-61577A8624F7}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{9394F5AE-DCDC-42F7-9323-5BF97165F137}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{93975050-BAC5-477C-A3AF-2453C68E02FE}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{939F0145-A816-4C3F-832B-5D6D28D384E0}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{93FD642A-7739-4005-B070-078BB096798E}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{940D81DA-6CD9-4A07-A7D8-A9CBDDAD64FC}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{941A50B0-BC79-4A55-B2B3-C5B3B348939C}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{941BE9FD-28F4-47CE-A712-BA064503E797}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{946771FF-762E-444B-9C91-7EBF70D7CE1F}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{947AEC6E-107B-4BA7-B59E-E9576E6DD739}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{94B35265-EE33-4084-B295-C4A4195102C7}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{94C9EEC7-D1FF-4672-8BF9-06202CF04280}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{94D70DCC-2BFB-41CA-B3F0-228D1DEFCFF8}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{94E69DA8-5E26-4C9D-8012-EF6F41026621}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{955AFA28-42BB-441A-ACC3-E481A1460442}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{95698EAE-7744-49DA-A181-0E9868FD630D}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{95C4E237-3E79-4098-B30C-B5E01E830CCC}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{960E4B8B-1E8E-49AE-A4DA-CDC47A2641E1}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{961BC386-1BF9-4437-8F8C-709878F6C38C}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{9638F284-6D0C-45BB-818C-3971BE2B6B0E}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{9664E87D-A68D-487F-B35E-4DA69199FA45}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{96CD4406-3C92-4F36-944B-CA1B758F2EAD}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{970921EE-CF2D-404D-BD4D-DFFC00EB0C70}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{976BF40D-18CB-4E67-AE50-717F937D88AE}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{9793B348-39C3-4154-AECC-6CABF43D22F1}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{97E47D97-C15E-4C67-881F-555675E9939D}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{980F3034-7620-4F82-994C-61E043BD9C4C}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{98346CFE-FC8D-4C1B-A3C2-BC5A126DF9A5}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{98745F4A-4A8A-4BA8-973A-A452F38B93FF}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{98B599FB-9CFF-407D-9C52-7122A1AA9E75}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{98BBCA4C-D0EE-40A4-8304-7242B8C7DA9F}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{9930FF54-CE21-443D-9578-E093AA97989B}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{9A4D5785-D817-4992-B30B-90A924A756DC}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{9A68458F-0E6B-406E-9037-EA3E5893406B}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{9A835BBF-6F10-4AE0-92FB-C09B36664591}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{9AFEBE72-FD91-4EC8-A216-7941B7624DD8}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{9B36E3F8-802B-4E2E-8E25-0865DCB4E269}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{9B76634F-D945-4BD1-96EF-FCAB78F467C6}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{9BE6D38E-390E-4FAA-BF0B-55D7E9FB1D76}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{9BF54F3E-C68D-4E17-9151-ED94C4C1BA4F}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{9CCEF363-EF23-4C4A-BA61-4213A620BF27}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{9D4348DF-2B4C-47F5-A696-8F08AA197EE5}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{9DDBCB1A-C525-4A48-8BD5-B433F0566F29}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{9E7A2F2F-2D5C-4648-BFD3-35A83B5BBD0C}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{9FB5B7D3-F4D0-41CD-A9B5-D5A3B116D89A}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{A08830A3-B878-4912-9A47-9AD4CB145F68}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{A10870D6-4636-477B-B3DA-1F701A947901}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{A178A7A8-6FDB-4DB0-84CF-BF006BB999AB}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{A253BA54-98D0-4F16-8B5D-70BB2A945397}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{A3049995-E706-47B8-AB2D-3DF0FF8FDF4E}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{A32D9094-68C1-46EC-8101-16BBD9030A4D}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{A3A5E270-F90C-4DF4-BFAD-58C445302EC7}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{A3E73271-FAC7-45D1-AC62-14C14FEA51FD}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{A408FD16-2652-469A-84E8-1657C0EBF26E}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{A43C3876-3524-4144-906C-8CFA7DBA664D}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{A49A1359-7370-49B1-A0A4-2F610C0DCB4F}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{A5082F3E-A9FB-4AE4-9A57-FDA3082FC8BF}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{A54EA1A5-69D0-406C-8F60-5413B91A1795}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{A59AC1E4-BAF0-4CCB-B99F-0DE4651AB4A8}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{A5C2478F-61FA-46A3-9420-BFB91E45DBF6}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{A6A1DDE5-2E84-48A3-82AF-8DF751A00B46}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{A6F5A374-C374-4A82-B2D2-2E22F268E84C}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{A6FFB132-71DB-4E49-B349-930904639AA9}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{A70423BF-7A61-4155-B9AE-00A7D6884E1A}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{A709EE7D-D533-4DCC-BE7F-C8D826AA224A}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{A788D8CB-1077-44F2-9B9D-8DF8101C4B1F}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{A7A42E1D-9314-41B0-AFA3-9CF5CF0C895E}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{A87756B1-3CA1-4AC8-A2C7-19C903CB71D5}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{A8904677-7C0B-4399-8E3A-6C7758442054}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{A8D547CF-599F-4923-BD42-598E10149F69}[/FONT]

 

[amiraa]

[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{A96FA90F-941D-42F6-8A3B-0961573DB7D8}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{A9898F78-F97B-4783-9CCC-E024DF6E22D6}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{A9D62E61-8855-463A-9820-69B76FF4C074}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{AA256C92-B6D1-4837-A139-2A5F2ED43467}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{AA7A118E-F57B-49C0-851E-2F6BBD852A18}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{AB337206-6752-42D0-BC01-1565599171FF}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{AB430C11-D8E0-4145-A35F-B14C29BC36E6}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{ABB69E83-67F9-4BC2-8523-9E8C81ABCD66}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{AC1623B2-A34F-416E-8F7D-7F0338367C69}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{ACB1E640-C7B1-4B8A-917B-A8ACCC05ED3A}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{AD0DD7F3-7ACA-42C4-92EB-1558E2FB2B35}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{AD1CE914-2218-4BD1-8582-BF3007CFC1A1}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{AD274D9D-74C3-4322-9709-DB10C19F24B5}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{AD72520E-D561-49DA-AB19-49253AE9C419}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{AD731078-592A-447D-8F42-A1CAD0ADDC4F}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{AD87075E-69DD-46E8-84A9-E56C85949AAC}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{ADB642BA-4040-45D3-A3C3-632FC91C02B5}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{ADC9D4F4-6D79-41B5-A79B-1830F6BAD35E}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{AEA531A9-DFB9-4D06-9CD0-5CC1C5C83695}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{AED68B49-32B0-4E1B-B8B0-E3009E11E2F5}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{AF42B2AE-CB90-4CE8-90DC-F22FEC1B5FF5}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{AF748795-C830-4738-AB13-6F7C7560BF68}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{B0055000-F921-4E9E-9ADE-85414207FEE8}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{B02AA4CE-0850-4AB2-92DE-BC4FE5C8C985}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{B08B2F3B-B47B-4BD8-B0B7-876ADE5F4CFC}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{B0F85281-4927-468E-91F4-15473B064576}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{B1563468-21F6-4D54-B90A-9DBC47CE70C9}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{B18FBC85-D52D-468E-81BE-C44CD64DE713}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{B1DD39CB-9295-4505-AD98-D084CDA8719E}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{B24C60EC-A08C-4FE3-8FF8-29B2745E6029}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{B2A4EFC2-C53E-4AF5-AE1D-1092AAFDCE77}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{B2A9CB34-5740-48DE-934F-E4131C52B04C}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{B3035201-731C-43DD-8AA5-3AEBE661A1C8}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{B3224650-CE1F-4247-B640-262BECABAB5B}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{B36DEF3A-31FB-4892-ACC0-552D7ECAA285}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{B3C84509-0785-4E65-AA10-6C9B089591FC}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{B450EC52-4235-4658-89B0-4DFC0E3CEA9A}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{B4B9F744-A349-4627-B713-7D357BAC99DD}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{B50F0018-3770-49A5-8DFB-5B9159743084}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{B522FA9F-C342-4DD5-8141-AF434F68E433}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{B593A94E-6CB1-4EC9-B45F-F245CA790BE7}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{B5C88276-EB91-4343-8AC4-33513D92106D}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{B621EA22-9C18-4F4E-A2D8-44BA6FF8600D}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{B62EE9A7-7F7B-47DB-B90F-4C743DA55D0C}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{B63C7E39-630B-40D1-866C-0D3D1387128B}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{B673641C-CC3E-4C1A-8EA9-045D02A39A4D}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{B67A9D85-3486-4069-ACFE-92BA276F4421}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{B6939DD6-C38E-4172-B1FB-A405F3D0CD2D}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{B798333A-9DDE-4CF8-899E-6E0FD9BB9EDD}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{B7FB10AA-F8F6-48BA-8554-EB2596120C09}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{B8B8F2AD-1D5D-4E23-B4CA-FA5B836FCA96}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{B950B6FB-533D-40CA-9111-2B70D981C962}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{B9768F4D-8F75-448B-B1C6-D018000D627A}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{BA224EA2-6CAB-4326-9D5C-509E8F7C2F5F}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{BA473237-7512-48B1-9CDA-4B800011E4B3}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{BA491B93-5AFC-4C11-9D94-D0301C33C550}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{BB0691C9-2D26-4FB8-905C-95216A2E77CF}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{BB17F42C-2D38-4F65-B6D5-31000F8286E5}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{BB9878F5-7C39-4F36-827A-D89866B470E6}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{BBA577FC-C0A0-483F-8D3C-479A533C0490}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{BBE4A14D-58AE-46F9-87C3-BF41869F473D}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{BBF2E07F-27C0-41A2-A58B-7CB50406F16A}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{BBF93621-574C-4E6A-90AB-0108B272F981}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{BCBA14D2-2BE5-4975-BE9A-758EF0CE51F2}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{BD55A482-9FA7-43A7-8985-6AAEFB3D6EC8}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{BD781856-90D5-4635-ABEC-8A98EE453B57}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{BDE189E3-F912-4886-ADC1-CBF4C784238D}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{BDEFBF6B-00CB-4BA3-B031-ED2BE6731626}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{BE14E1BF-AF11-4394-A59D-EE310B8E3BEE}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{BE2CD216-7D35-45FA-9349-DB33A9A0A9BC}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{BEF0A351-A0D1-4D15-B361-113B7E1B2F80}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{BEFD4CA4-41E8-42F2-905F-21F26F3AC455}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{C00A8CAE-8CDD-4A41-B46A-A6DBE2252A7A}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{C03497A4-9FDC-473F-911E-85C7CE2EBD6E}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{C05FB90A-0EE5-4EA3-AFCD-9647938D0667}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{C0DC6549-9288-4EC4-B503-99851B4974D1}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{C0EB5841-EE6C-4B97-A585-1FC5DF8E3B73}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{C0F0B894-6009-4233-A127-B198132F83A8}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{C115B54F-1BD1-4282-9B09-3853917700D7}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{C1B8C0A0-7D63-4351-AC8C-C1A3CEAE1130}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{C1D13B4A-72FD-48A3-B5B0-F873EC5EF078}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{C23CBAEC-E65C-49A5-8FA5-8751ED02DEB5}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{C23FD731-1449-43F7-BDF3-689810BDA869}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{C26039FF-5EB0-4E37-A2CA-3122BEFF65A4}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{C265FDD6-50C1-424C-A52C-3F958776E85E}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{C291703D-C417-4446-A4AA-D8469F18566E}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{C3C3E270-FD20-402D-A7EE-9C20FB3A9C84}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{C4591E20-BB21-4597-BD06-19D247B2C4C7}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{C47E4033-DB61-41D4-AF69-6B5777931595}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{C5B3E109-D75F-49E8-81DF-C03CDE0C58B2}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{C606CE70-9C4B-4BEF-AF7C-673913370CA6}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{C78E6873-3618-429C-AF16-CEE00E773479}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{C7D2DE9D-C088-406D-A86A-80016C5E01FC}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{C8016A96-4328-4215-B52E-5FD10A4C062A}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{C840B8B9-C142-48D8-9A29-861BAD75B849}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{C8C99E6A-5D86-42AC-BFE4-D59D123D670C}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{C95A67F5-6910-4B32-A1A1-A9A067221C38}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{C976C154-7210-478B-AB76-313DCAA54036}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{C994BE0C-1D60-4AC7-857B-819F98B98CF6}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{C9C3CF58-081E-4163-9B90-8A56E815EFCD}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{CA8C6262-68EB-4A32-830E-89A445035F61}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{CAB1ED2B-17F8-4B7B-B051-03DCCE4F59F2}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{CB81BD10-CD09-4576-A86B-FA61C19B3489}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{CB8C5470-093A-436D-BE64-000870F80C4B}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{CC2B38A4-4BA9-4202-9DC7-62A6F95E4038}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{CC33A478-163F-4475-80CD-2330C4B4E8AF}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{CC43C992-FFBE-49DE-892C-38BFFDFFF194}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{CC5E2AAC-850F-4F62-A54A-068DDC706FF2}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{CC70B91E-20C6-42B0-A3AB-74A5ED983DF1}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{CCF07C2C-7953-4D84-81B6-23CD450D3B46}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{CDB5637A-FF63-4B07-8E57-96889F24886A}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{CDE8AF01-B4C3-4929-A4B9-EFD190D651EA}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{CE0B6A53-A1BE-4435-AA5B-6ACFF53578D9}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{CE906143-688E-4BAB-85E9-099B629A0BC5}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{CEAA996F-79C9-4AB2-B474-5B457052AF9B}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{CEFF3480-E14F-4B89-9BF4-DB8808A39DA7}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{CF54145A-F55F-498C-9CC3-CB73D6BF7FF8}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{CF5DBE24-695B-4A53-8BED-C0E7D72E87DF}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{CF8B1A6B-5C65-4631-931B-52667C7F5C1A}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{CFC6849A-4EA3-448F-847C-648BF3D3CEF8}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{D0529331-5BF8-4FCC-95DD-951CC52D25A7}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{D16A2B1C-D867-4C39-A5C3-201E1D99C437}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{D18B5705-E15A-4F34-8DA9-637816937AEB}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{D18F5392-E826-45DD-A3F5-FBC5E40647E6}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{D1ACDD76-CB49-4E1F-8310-4D5C042DCCE7}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{D25697BA-AC8A-4FC5-811A-FE4B1B127087}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{D27EB207-98DE-464D-AF5E-F46CE48B929F}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{D285EA0B-9B8A-4C1E-8BE7-9DC1D9549E3F}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{D2EB3770-3524-456F-82E4-B43BC27E3391}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{D3524A82-687E-4736-87C2-D767FC87E8F9}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{D41F93B9-86AF-4650-81FC-5FDA2199458C}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{D4607424-EC9B-431D-8612-8F0D62D12FAE}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{D4DC8B87-FE7A-4460-81CC-077F7EFAB20C}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{D51A4BB1-C5EA-4A6A-8C83-B61D0436FB6F}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{D527BAC0-FB5D-459D-841B-EDA4D8E8BF52}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{D5B2B5DD-5B96-433A-A009-FF315A55EDA7}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{D5CD0B85-D6F1-4D23-8596-290E50EBC8BF}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{D5E9CFFA-A4CB-4B71-B4B2-2034C6795F0F}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{D60F889E-57B7-42AF-8918-79CC7EF8621F}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{D63219E1-2C49-4C70-B403-9AED1990052D}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{D6333305-113B-4ADA-A668-EAC9F23CC73A}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{D66E2CEE-0D38-471A-A557-E7090C187561}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{D6E6CB8A-53F7-439D-A4DD-565E58EF725D}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{D720C3AF-1AD6-400B-9362-20DBA27F6149}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{D77B1E66-8198-4397-BDC4-E2B116A3AA1E}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{D781512D-F1B0-4E1A-AD51-A68BCBEEE651}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{D7838943-819D-4C82-B375-9FBA575CF1F3}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{D7A5735E-A178-4836-A7E7-3C4A3B6F7983}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{D7A8276B-F66C-4BD4-967E-04BBD9ABE299}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{D7A8DFAA-C25C-4D33-BED2-969C5E533AD5}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{D824D669-C9FC-473A-98A7-B6A23FB9BA63}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{D8DE7CB3-FA43-4E14-9AE7-EAC8C06D4460}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{D8E73E73-0B6C-4B05-9EA5-04B8DCC97947}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{D97BD211-5106-412B-81E2-F287C6FF1ED1}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{D98F3684-758B-4575-8952-F99D5CCA9CE1}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{D9957A3E-9D5D-411E-8010-FAC00F64F8E1}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{DA3C85BE-75B6-4DA7-9209-992D3C9602E5}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{DADBDA0E-53EE-4B30-91B7-73FA6998DD32}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{DB3AF557-B60B-4426-9AD8-0279547D23AD}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{DBBCBA7C-5470-4B6D-B9C0-7E9D49EF92AE}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{DBEBDE2C-4782-4699-BDC0-C0A69F8D5CFA}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{DC2A2F59-0BF9-418F-8457-510A458ADA5C}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{DC7EF414-964C-4389-8738-5DBFDF749F72}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{DD36B2C2-6D18-4553-AFBB-EE23D68BC527}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{DE1431CD-AD23-40FA-8667-E43907FD21E6}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{DEE54851-F03B-44B5-98C5-656BE6234D5E}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{DF48EBBB-1B04-4F67-B4B1-51487A2C3965}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{DFA52ED0-0D9B-48F2-B443-3F0A0CFE8F3F}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{E01EB975-7AC9-462C-B447-1F3090498C7A}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{E06B8557-D825-4566-94CD-990C5E280EB1}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{E222D9E2-36C3-4CAC-88AF-CEC72F5308BD}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{E2A8DD1C-D13B-47D8-A924-04AD3723983D}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{E2B6C5C4-BC4F-4EAA-BFC1-3436E8E15373}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{E2E9DF6F-E839-41B5-BCCB-9FDE00C47D02}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{E3326598-E6CF-49F5-A0F3-76D7B3983944}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{E345094C-3E49-49C2-8393-BB47849B7FDD}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{E446EE36-8752-40F2-AC88-A6F03A977A02}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{E4D672A7-A04C-4515-9657-2C9BF226FF95}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{E512C09B-DA4D-43D6-B6D5-1E81417AAB2F}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{E55C79AF-6884-4306-BAE9-04D813B22480}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{E55FE91E-3355-422A-ABB8-46081AB57E44}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{E6CBA02C-89A0-4A41-AD55-26E84DA10AF3}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{E6DB9237-39BD-4FAD-BA11-EEB4FFAAEB04}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{E6FDBDBA-CEEC-4B59-A515-1FEACD1EFC5C}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{E73CA822-8B5D-47F9-87A6-E6A047B3A1E8}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{E76E18E8-3F17-4444-B83A-34F5B99B779E}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{E7705876-852F-424C-B075-6C39B3EF795B}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{E7FAE5FB-7DC6-4A11-B3F2-AC95DB18BF33}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{E80138B5-4662-491C-AB98-E08B1F23705F}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{E827F900-9CAA-4FC9-9FC8-1492C5DF0EAD}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{E86B8C2E-2D6E-4882-B14E-8611E02708C9}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{E8A2325B-A1F9-4AB9-BA4E-DFCDD3E57A26}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{E8B4AC2B-4877-401D-8BD5-7FBC0C7480FB}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{E8C9E2AB-69C8-4320-BFCA-4F41B0238D40}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{E9CC22BA-A23A-406F-9FDA-CA688AE3BA90}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{E9FE1A9F-9F2E-4EF5-A4EC-8F0A8C5D226B}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{EA09271B-058E-4758-BB6D-086EDD4E7F1D}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{EA4FD5D4-3A51-4F7A-A7E6-74431D2530AB}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{EA767EF9-7BB5-4AB3-804C-57B4573270D1}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{EAC6C00F-311D-434A-BF80-F18A7ADED2A8}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{EB5E982E-BFC9-48DF-8C4F-6BA39BD7B87A}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{EBDA77BA-DE16-4EC9-8570-F3A812BAC23C}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{EC0D1D60-E571-4055-AD15-FA30B5D23936}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{EC2CD714-0E31-4ABE-9608-1E07CD295D6F}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{EC471B2C-667E-4EC4-9775-2CF0BFA56F65}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{EC6C8D66-D9F0-4AD0-9E9E-394E56DAD85F}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{EC7E4E72-1732-4C34-BD73-202F7835B88D}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{ED134989-C484-4A74-AA28-20A4EB2544EB}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{ED6D6667-701A-41D4-883D-065F2C30473C}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{EDB71169-9095-4AAF-A53E-813D1A259537}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{EE4BB761-3C7F-4C45-BDB1-43C989B051B1}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{EEC30EC8-E446-4328-B662-9F1477275629}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{EEC41677-E6CB-4082-A0A8-B7E81D1FBB7F}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{EED36C89-6AE6-44B4-B24E-C14FAA6D2987}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{EF04D9FD-ED34-41EA-A21D-881DFA70004C}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{EF7F256D-0AF5-480D-8FCA-07C9D3509B7A}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{F0D99647-1151-4586-8D2D-0F7FE691AC4D}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{F102178D-5B3C-4504-955B-E559CFF11DA6}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{F12F29B5-8815-477F-8294-A633BC27637B}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{F1A17583-361D-435E-9417-E762DDF90DBD}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{F245BCE7-CFCB-41B3-998F-4AB4085939B5}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{F2589E8A-627F-4193-BF68-C3B569B0F08C}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{F3584F77-1442-429D-A0C4-120F2934AA87}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{F3C3F03F-F695-4D2C-8BF7-50F688296575}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{F3F88168-C4F2-416D-B24F-75099374194B}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{F42DD8EB-8E7C-49CD-85C7-8A601CBE506D}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{F439361E-6F89-4417-B581-92529D2BC05B}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{F56F891A-2354-4114-8F53-1656740369DE}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{F5AE5314-9EC0-466A-B91D-4669E1B66ABD}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{F60B7041-53B0-49C8-A6F2-81B7E2C1F77F}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{F6603664-1F81-4E44-81AE-48A2D5DC7A8D}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{F72BDDF6-A0B3-4EE7-A7EC-938DB96F00A9}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{F75AB81D-7661-4E83-A433-93942BE48DE4}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{F79FBA9B-2ACA-4275-85FD-0CA6CF24FB91}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{F7B70ADC-7FEA-4403-A595-3CDC260104F4}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{F826AEC7-3E1E-4F60-A2E5-98DE95099BC5}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{F8B3F9B0-7A44-4BE4-90FF-453DB9ABA56C}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{F9DDD115-7D96-4721-AA1E-A2F0F8F3F9B1}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{FA643934-31CA-4874-9E47-11672EF9992F}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{FAD8F2B9-4055-4E63-A3D6-7AFB16717001}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{FBA1AF3D-ABA5-463F-9F31-DA458CBD9FF4}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{FBB13ECA-DCD6-4710-9346-1C00173A9758}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{FBCC7B9E-CB2A-4675-8B0C-A821599F40A3}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{FBDDC2F9-A227-4A50-BE85-635B90408987}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{FBE8E186-DF61-4D3A-9649-4B232A8D9375}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{FC2A0B8C-43ED-4CD9-8EF4-A11E1F1BA1E7}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{FCDB24B1-4304-4C64-B4A7-C9C34EB9AB89}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{FD7C976F-DD99-492B-8BC0-3FFA9D586CA5}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{FD897D48-6D29-42FF-9758-BD9A708BDC87}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{FDB13C0D-1350-4208-8700-C2B38B8D6AF0}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{FE442FB1-C442-4028-B4CC-34F5C9DE396B}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{FE4DFF3D-EAAA-43E3-BB1E-9DDC0B201BC3}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{FE6A6E7A-20B0-4F80-9DAF-82037833EDB0}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{FE78F731-3393-4A25-9594-302CBE8F0FF9}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{FEA7B335-C850-4526-BEAB-EB825A8CC468}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{FEDD8FDD-5166-4EC0-AF5F-B192313C548E}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{FEE45216-FFE3-4862-B0B8-F89F635E4C65}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{FEFB2ED0-57C4-450D-9BFC-F954193971B2}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{FF4625D5-84DA-4944-A225-23642EE536C6}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{FF4FFE6D-5482-4EF6-AE6E-285FA29F07F6}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{FF691C97-AAE9-484D-B11C-8FD964C82EAF}[/FONT]
[FONT=arial]Successfully deleted: [Empty Folder] C:\Users\user1\appdata\local\{FFE90CF7-55D8-4C9B-9617-0B09463EA955}[/FONT]
[FONT=arial] [/FONT]
[FONT=arial] [/FONT]
[FONT=arial] [/FONT]
[FONT=arial]~~~ FireFox[/FONT]
[FONT=arial] [/FONT]
[FONT=arial]Emptied folder: C:\Users\user1\AppData\Roaming\mozilla\firefox\profiles\7qjyvmn8.default\minidumps [39 files][/FONT]
[FONT=arial] [/FONT]
[FONT=arial] [/FONT]
[FONT=arial] [/FONT]
[FONT=arial]~~~ Event Viewer Logs were cleared[/FONT]
[FONT=arial] [/FONT]
[FONT=arial] [/FONT]
[FONT=arial] [/FONT]
[FONT=arial] [/FONT]
[FONT=arial] [/FONT]
[FONT=arial]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~[/FONT]
[FONT=arial]Scan was completed on Sun 08/11/2013 at 21:11:09.37[/FONT]
[FONT=arial]End of JRT log[/FONT]
[FONT=arial]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~[/FONT]
[FONT=arial] [/FONT]

 

[Broni]

C:\TDSSKiller_Quarantine\09.08.2013_22.43.37\boot0000\boot0000\tsk0000.dta

Already quarantined by TDSSKiller so no reason to worry.

 

[amiraa]

OTL.txt

OTL logfile created on: 8/11/2013 9:26:59 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user1\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.91 Gb Total Physical Memory | 0.95 Gb Available Physical Memory | 49.78% Memory free
3.82 Gb Paging File | 2.63 Gb Available in Paging File | 68.86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 151.61 Gb Total Space | 30.62 Gb Free Space | 20.20% Space Free | Partition Type: NTFS
Drive D: | 146.39 Gb Total Space | 24.41 Gb Free Space | 16.67% Space Free | Partition Type: NTFS

Computer Name: USER1-PC | User Name: user1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/08/11 21:26:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user1\Desktop\OTL.exe
PRC - [2013/05/10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/07/25 11:56:51 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2012/06/11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE
PRC - [2012/03/12 11:05:33 | 000,232,288 | ---- | M] () -- C:\ProgramData\MobileBrServ\mbbService.exe
PRC - [2011/02/01 22:24:42 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011/02/01 22:24:40 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:64bit: - [2013/05/27 07:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/01/27 11:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/01/27 11:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/07/17 21:42:18 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/07/12 11:43:39 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/06/11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/06/11 16:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE -- (BBSvc)
SRV - [2012/03/12 11:05:33 | 000,232,288 | ---- | M] () [Auto | Running] -- C:\ProgramData\MobileBrServ\mbbService.exe -- (Mobile Broadband HL Service)
SRV - [2011/10/27 10:34:30 | 000,718,384 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011/02/01 22:24:42 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/02/01 22:24:40 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/04/12 19:45:00 | 000,196,976 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/02/12 06:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2013/01/20 15:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/17 12:58:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2011/08/17 12:58:22 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2011/08/17 12:58:20 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2011/08/17 12:58:16 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2011/05/24 09:24:22 | 002,750,464 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011/04/05 05:10:14 | 012,262,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/09 04:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2011/01/14 04:58:30 | 000,413,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/12/03 04:30:00 | 000,067,384 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfusb.sys -- (Tosrfusb)
DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/20 12:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010/10/20 01:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/06/19 01:45:00 | 000,018,872 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosrfec.sys -- (tosrfec)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/08/28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2007/11/09 05:00:30 | 000,026,968 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2820742433-3329283319-3891564071-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2820742433-3329283319-3891564071-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-2820742433-3329283319-3891564071-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2F 49 5A 93 AD A0 CC 01 [binary data]
IE - HKU\S-1-5-21-2820742433-3329283319-3891564071-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2820742433-3329283319-3891564071-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-2820742433-3329283319-3891564071-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.bing.com/"
FF - prefs.js..extensions.enabledAddons: %7B635abd67-4fe9-1b23-4f01-e679fa7484c1%7D:2.6.0.20130418072822
FF - prefs.js..extensions.enabledAddons: %7BC3949AC2-4B17-43ee-B4F1-D26B9D42404D%7D:15.0.5
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.5.109: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.5.109: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.5.109: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.5.109: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\user1\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\user1\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2013/08/04 20:43:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2013/08/04 20:43:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/06/27 21:56:56 | 000,000,000 | ---D | M]

[2012/03/30 10:37:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user1\AppData\Roaming\mozilla\Extensions
[2013/05/13 17:45:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user1\AppData\Roaming\mozilla\Firefox\Profiles\7qjyvmn8.default\extensions
[2013/05/13 17:45:48 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\user1\AppData\Roaming\mozilla\Firefox\Profiles\7qjyvmn8.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2013/06/27 21:57:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/07/17 21:42:19 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/07/17 12:43:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\updated\browser\extensions
[2013/07/17 12:43:01 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\updated\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/08/04 20:43:37 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2012/07/25 11:57:01 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\user1\AppData\Local\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\user1\AppData\Local\Google\Chrome\Application\28.0.1500.95\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\user1\AppData\Local\Google\Chrome\Application\28.0.1500.95\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll
CHR - plugin: Google Update (Enabled) = C:\Users\user1\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll
CHR - Extension: Ultimate YouTube Downloader = C:\Users\user1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfkpkealncpcbfklpgnggcgjjdkbljop\1.0.2.6_0\
CHR - Extension: YouTube = C:\Users\user1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\user1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\user1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Gmail = C:\Users\user1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/08/10 09:55:54 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {C8625893-2C0F-4484-8C18-52B00D5A8BB9} - No CLSID value found.
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2820742433-3329283319-3891564071-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2820742433-3329283319-3891564071-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O7 - HKU\S-1-5-21-2820742433-3329283319-3891564071-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-2820742433-3329283319-3891564071-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{03074C74-2C38-4612-9B84-11E0883164FC}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{052153B5-70C7-4823-9BCB-87C4C60D63F1}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{108258CD-6E8B-499C-853F-DD86BCA5E027}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1A60D7D4-A628-4845-8AD7-80898FDCE243}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{714967F2-70F2-41F4-B5C8-E93517CE7AD1}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AC892722-634C-4108-A320-A398541623A4}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21:64bit: - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\Windows\SysNative\WPDShServiceObj.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/08/11 21:26:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\user1\Desktop\OTL.exe
[2013/08/11 21:05:33 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/08/11 21:02:03 | 000,958,573 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\user1\Desktop\JRT.exe
[2013/08/10 11:27:13 | 000,208,216 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\46453325.sys
[2013/08/10 10:17:05 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/08/10 10:00:03 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/08/10 09:48:38 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/08/10 09:48:38 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/08/10 09:48:38 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/08/10 09:48:32 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/08/10 09:48:07 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/08/10 09:36:43 | 005,102,523 | R--- | C] (Swearware) -- C:\Users\user1\Desktop\ComboFix.exe
[2013/08/09 22:44:34 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013/08/09 21:16:25 | 000,000,000 | ---D | C] -- C:\FRST
[2013/08/09 20:07:55 | 000,000,000 | ---D | C] -- C:\Users\user1\Desktop\RK_Quarantine
[2013/08/08 09:36:24 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Roaming\Malwarebytes
[2013/08/08 09:36:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/08/08 09:35:48 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/08/08 09:35:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/08/08 09:35:22 | 000,000,000 | ---D | C] -- C:\Users\user1\AppData\Local\Programs
[2013/08/08 09:31:22 | 000,000,000 | ---D | C] -- C:\ProgramData\CDB
[2013/08/06 21:22:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013/08/06 20:17:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/08/04 23:56:05 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013/08/04 22:53:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GridinSoft Trojan Killer
[2013/08/02 14:59:04 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2013/07/27 21:54:56 | 000,000,000 | ---D | C] -- C:\Users\user1\Desktop\Ulala Session - Memory [www.k2nblog.com]
[2012/08/01 16:51:58 | 001,737,848 | ---- | C] ((C) T-Comms) -- C:\Users\user1\AppData\Local\TopSpaceHelper.exe

========== Files - Modified Within 30 Days ==========

[2013/08/11 21:27:05 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/08/11 21:26:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\user1\Desktop\OTL.exe
[2013/08/11 21:02:22 | 000,958,573 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\user1\Desktop\JRT.exe
[2013/08/11 20:53:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/11 20:53:38 | 1538,076,672 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/11 20:52:55 | 000,023,824 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/11 20:52:54 | 000,023,824 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/11 20:50:03 | 000,666,633 | ---- | M] () -- C:\Users\user1\Desktop\adwcleaner.exe
[2013/08/10 11:27:14 | 000,208,216 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\46453325.sys
[2013/08/10 09:55:54 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/08/10 09:37:49 | 005,102,523 | R--- | M] (Swearware) -- C:\Users\user1\Desktop\ComboFix.exe
[2013/08/09 22:42:05 | 002,218,636 | ---- | M] () -- C:\Users\user1\Desktop\tdsskiller.zip
[2013/08/08 09:36:00 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/08/06 21:58:24 | 000,000,162 | ---- | M] () -- C:\Windows\Reimage.ini
[2013/08/01 19:18:43 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/08/01 19:18:43 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/08/01 19:18:43 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/07/13 16:19:39 | 000,343,352 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2013/08/11 20:49:45 | 000,666,633 | ---- | C] () -- C:\Users\user1\Desktop\adwcleaner.exe
[2013/08/10 09:48:38 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/08/10 09:48:38 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/08/10 09:48:38 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/08/10 09:48:38 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/08/10 09:48:38 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/08/09 22:41:47 | 002,218,636 | ---- | C] () -- C:\Users\user1\Desktop\tdsskiller.zip
[2013/08/08 09:36:00 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/08/06 00:59:44 | 000,000,162 | ---- | C] () -- C:\Windows\Reimage.ini
[2012/10/05 00:10:14 | 000,000,017 | ---- | C] () -- C:\Users\user1\AppData\Local\resmon.resmoncfg
[2012/09/27 07:45:42 | 000,000,406 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/04/21 16:22:21 | 000,003,584 | ---- | C] () -- C:\Users\user1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/29 21:50:23 | 000,735,726 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/01/01 23:53:41 | 000,000,161 | ---- | C] () -- C:\Windows\AutoKMS.ini

========== ZeroAccess Check ==========

[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/02/24 20:56:15 | 000,000,000 | ---D | M] -- C:\Users\user1\AppData\Roaming\CheeseSoft
[2012/03/02 21:19:54 | 000,000,000 | ---D | M] -- C:\Users\user1\AppData\Roaming\COWON
[2012/01/11 18:54:42 | 000,000,000 | ---D | M] -- C:\Users\user1\AppData\Roaming\EasiestSoft
[2012/03/13 21:06:45 | 000,000,000 | ---D | M] -- C:\Users\user1\AppData\Roaming\Ectaco
[2012/01/26 18:51:08 | 000,000,000 | ---D | M] -- C:\Users\user1\AppData\Roaming\GrabVM
[2012/01/16 11:36:05 | 000,000,000 | ---D | M] -- C:\Users\user1\AppData\Roaming\IrfanView
[2013/07/04 21:26:24 | 000,000,000 | ---D | M] -- C:\Users\user1\AppData\Roaming\Mp3tag
[2012/02/01 00:26:43 | 000,000,000 | ---D | M] -- C:\Users\user1\AppData\Roaming\Opera
[2012/01/13 10:31:45 | 000,000,000 | ---D | M] -- C:\Users\user1\AppData\Roaming\PC Suite
[2011/10/12 10:10:00 | 000,000,000 | ---D | M] -- C:\Users\user1\AppData\Roaming\WinBatch
[2012/01/10 12:43:02 | 000,000,000 | ---D | M] -- C:\Users\user1\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



< End of report >

 

[amiraa]

Extras.txt

OTL Extras logfile created on: 8/11/2013 9:27:00 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\user1\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.91 Gb Total Physical Memory | 0.95 Gb Available Physical Memory | 49.78% Memory free
3.82 Gb Paging File | 2.63 Gb Available in Paging File | 68.86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 151.61 Gb Total Space | 30.62 Gb Free Space | 20.20% Space Free | Partition Type: NTFS
Drive D: | 146.39 Gb Total Space | 24.41 Gb Free Space | 16.67% Space Free | Partition Type: NTFS

Computer Name: USER1-PC | User Name: user1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)

[HKEY_USERS\S-1-5-21-2820742433-3329283319-3891564071-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [GomAudio.Add] -- C:\Program Files (x86)\GRETECH\GomAudio\GOMA.exe /add "%1" (Gretech Corporation)
Directory [GomAudio.AddCur] -- C:\Program Files (x86)\GRETECH\GomAudio\GOMA.exe /addcur "%1" (Gretech Corporation)
Directory [GomAudio.Play] -- C:\Program Files (x86)\GRETECH\GomAudio\GOMA.exe "%1" (Gretech Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [GomAudio.Add] -- C:\Program Files (x86)\GRETECH\GomAudio\GOMA.exe /add "%1" (Gretech Corporation)
Directory [GomAudio.AddCur] -- C:\Program Files (x86)\GRETECH\GomAudio\GOMA.exe /addcur "%1" (Gretech Corporation)
Directory [GomAudio.Play] -- C:\Program Files (x86)\GRETECH\GomAudio\GOMA.exe "%1" (Gretech Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{107B811E-B553-4FCA-9536-B478010CDCA7}" = rport=138 | protocol=17 | dir=out | app=system |
"{1B5D42FA-F130-4644-A9B4-BD804F815B8D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{1D31AC26-E1AC-4FC6-A3B7-710F5A19FFE3}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{1DB14008-C562-45A0-A435-33FEEA11A784}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1DCB3DC0-1B00-4291-A690-4C3A2CA3997A}" = lport=10243 | protocol=6 | dir=in | app=system |
"{204A6AA5-9247-4962-B215-AE31E13E695F}" = lport=3702 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft visual studio 11.0\common7\ide\wdexpress.exe |
"{2A111800-0A03-4184-8870-5E18C501CCDE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2B3179C0-4536-4731-8B87-D74B010D26DD}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{3733C92E-EC05-4014-B40F-9E9C9CEC76FE}" = lport=48113 | protocol=6 | dir=in | name=maconfig_tcp |
"{3848D92A-C1C1-4EB9-9674-722C6B2AEDDA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{3AEC513F-B412-40F0-B657-FC725167FBD4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{42C5D9B6-AD77-4D76-8048-84ABF03184B9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{45E40DFE-8F8F-4DAD-8C05-5E609E15992A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{46BA7FE6-3C69-43E0-B9A9-58B1DDF8A2FA}" = rport=137 | protocol=17 | dir=out | app=system |
"{4BA8D8FE-6809-4D27-AC0B-1BC5E50FCB2D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{51F66EA3-9EE3-4325-BA7E-82C8FE757DFA}" = rport=137 | protocol=17 | dir=out | app=system |
"{5225FC50-5C32-47D8-90BF-DE0CFB5D76C4}" = lport=139 | protocol=6 | dir=in | app=system |
"{6AC55CA7-97D6-42DD-898E-B429E4E85E76}" = lport=138 | protocol=17 | dir=in | app=system |
"{740197B5-9B91-43DC-9448-5F2FAA99E4ED}" = lport=48113 | protocol=17 | dir=in | name=maconfig_udp |
"{749E4E68-5A9D-4310-B9DB-2C57114EA704}" = rport=139 | protocol=6 | dir=out | app=system |
"{7AB8A74F-8F07-419F-ACFC-4498ED2E68B8}" = lport=138 | protocol=17 | dir=in | app=system |
"{7FCC2038-B59D-46F3-9C84-EDFC7E5A5905}" = rport=10243 | protocol=6 | dir=out | app=system |
"{8193A909-AA2C-4855-AB2B-590095767258}" = lport=139 | protocol=6 | dir=in | app=system |
"{8C1C3703-E06E-47A6-9E46-5E64680CA835}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8C4C9F01-E6ED-4EE4-A861-ED9D6069E637}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{8C6DD438-7D20-471A-B7F7-F772EBC1BF19}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8D495CD9-8999-47E1-9FD4-E3827DC44934}" = lport=445 | protocol=6 | dir=in | app=system |
"{8EE53228-67B7-4914-B14B-3A8E2EDDE914}" = rport=10243 | protocol=6 | dir=out | app=system |
"{90CF24F6-73D1-4B73-8826-F63A6297F8AD}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{91B46EBF-2E80-47F7-8B62-70DE1D608599}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{995CC5AD-287C-4E68-B1B7-7AB2CC7A1648}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{99982C45-23E8-4D48-B59B-65083A051144}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9E8DCBD8-03FC-4471-BD94-64B25AB2477D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A046DC63-EA2B-4526-B9C3-BFBD0717119E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A85C8925-6F5D-4A82-9422-45EF52EC4172}" = rport=445 | protocol=6 | dir=out | app=system |
"{AC65631F-E1C0-41C6-B157-8B76363F7EE1}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AC889431-F549-4DEF-994E-0BD7F0D6D985}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AD180B69-8C45-4392-B67A-1B9CDE10EA68}" = lport=137 | protocol=17 | dir=in | app=system |
"{B03059E5-DC95-4E58-BFAA-F67B9522401D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B8A744A2-B4A6-46E1-84DE-5301D35FFB30}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B90224D6-D9C3-4362-B8F0-75B770A06095}" = lport=10243 | protocol=6 | dir=in | app=system |
"{C23F6BAD-3AB2-4513-B6BA-21F4FDA7AF00}" = lport=445 | protocol=6 | dir=in | app=system |
"{C331311B-2823-45E6-8185-B230BF69F466}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C58BFAEB-AAC7-4AF8-B99C-5B45C6C670EF}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{C8A59E0E-8E2D-40C3-9065-A5B852D51944}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{D4C2C258-937B-4900-A8E8-60A5485B161C}" = rport=138 | protocol=17 | dir=out | app=system |
"{DC5FA52D-2EA4-4A63-8CD3-CE3CF4B3D717}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{DE2E4ACF-903B-44CC-9465-F5586837627E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DFBBEF59-F913-4771-9D7A-82369DFFF298}" = rport=445 | protocol=6 | dir=out | app=system |
"{E1D85F95-A94D-4241-9D4E-529F491D7599}" = lport=137 | protocol=17 | dir=in | app=system |
"{E7D9CD4E-5B6C-4799-BAA5-19D8824CA721}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{ECA3A951-0310-4475-BBDA-1FE72C063041}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F72A18A4-7EDF-4EEB-93CF-1CB2D65FF4BA}" = rport=139 | protocol=6 | dir=out | app=system |
"{F7C0BCC9-F469-44E7-8D87-3962621E77F3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F999BC84-123D-41E5-9EAF-2B8213411581}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0724AB95-3DF9-4D09-B350-9DD9C4E64BFD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0EB4BCB4-D1F0-482D-8A49-7F8E6B1007EE}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{1056C5D9-1FDA-49B0-82B8-67545B5403AE}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{153B9447-1F92-4F1E-A34C-2ECA1F4641E0}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{18B79D4B-34AE-4098-BDE0-77EED10409E3}" = protocol=17 | dir=in | app=c:\program files (x86)\pandora.tv\panservice\pandoraservice.exe |
"{1E1EBB85-59F0-4E0C-AFBD-8A19FEE2859C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{24310495-F783-411F-A084-73198978FBE0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{24BEAC3A-4116-4764-A6BC-6C7516F6E208}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{279099E3-6295-4DA4-ACF4-F5A6EEE339B8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{37E3F20F-DE20-4516-B208-CC46191BDD72}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{38E0A04A-D1A6-46F9-8651-F7F87E6CBF78}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3C49D674-E71A-4E51-97E2-92790A5AC132}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{3E6FA183-B04A-4B1A-B0AC-9F614EA990FF}" = protocol=17 | dir=in | app=c:\program files (x86)\pandora.tv\panservice\pandoraservice.exe |
"{49AD4FE5-E495-4266-B3EF-40FFB6736291}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4DA3135C-FE3A-4327-9163-37CEA0209ED3}" = protocol=6 | dir=in | app=c:\program files\hexchat\hexchat.exe |
"{504F4A6F-8606-420D-97A4-993F0BE36D10}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{5260BFDC-33FF-4DD1-A3CA-6DD1226708CD}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{58FA3157-006A-44C5-A0C8-5B72DF6A6D6A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5F4A9561-9F28-4F04-BA7B-95488B3273E2}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{6139F920-28CF-42C2-88F3-A92660C1E375}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{61B5057B-5CD4-4AD3-9D56-A45B44C14EF8}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{63722777-5A39-4A7A-9DC0-700C7D803868}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{668E8137-D0D6-4695-BA6D-2F584E86CA14}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{72065031-1BF3-4F91-B949-0DE7443A32EA}" = dir=in | app=c:\program files (x86)\intel corporation\intel wireless display\widiapp.exe |
"{75F7ED18-0511-4362-A6A1-FD4D619DE3ED}" = protocol=17 | dir=in | app=c:\program files\hexchat\hexchat.exe |
"{7802D448-7359-40BA-A794-2B2AE7A42651}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{7B0CA09B-E132-4AA1-8B28-59AA97CB5C57}" = protocol=17 | dir=in | app=c:\program files\ma-config.com\x64\maconfservice.exe |
"{7B125870-6870-4030-9FAB-FC5A4EE96D41}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"{801DBE9D-8D98-4844-B72B-3BDA734AF2DC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{83A3F6F9-91F0-4770-9B68-429951B3ED23}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{867F4559-0F94-4C5F-805D-18B5C77CD238}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{89EAB2DD-ABB2-46C7-BCEC-67FF20149FE1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8DE4F273-C495-4E3B-A57D-419794E54A09}" = protocol=17 | dir=in | app=c:\program files (x86)\pandora.tv\panservice\panprocess.exe |
"{8EFF36C4-6A9F-43EA-8E2E-D110F4DA99B9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{91252E2F-F5C9-4DF0-9095-5773619F12CF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9B15F693-7BE6-4C83-ACC0-C481A95321E0}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{9CD09840-B549-4F75-9EEB-6BE3B543DAE8}" = protocol=6 | dir=in | app=c:\program files\ma-config.com\x64\maconfservice.exe |
"{A5886F93-A5EC-45A0-A5EA-083FAE123570}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A5D83336-4BD2-455E-9DA5-A0139DD0DB01}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 2050 j510 series\bin\usbsetup.exe |
"{ABF01636-2F0B-4E94-A56E-7BA576A8633C}" = protocol=6 | dir=out | app=system |
"{AD29B28E-7AA3-4C13-8BCB-E7373F378ED2}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{AF4AE69A-970E-423A-BC81-27A1EA6D36DD}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{B1C4D69C-18D4-4195-9AEA-076E55C2ABC7}" = protocol=6 | dir=in | app=c:\program files (x86)\pandora.tv\panservice\pandoraservice.exe |
"{B27FF543-EAF1-45B6-8986-A51A18550C6C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B34D1A9E-FC32-4CA1-995D-B6E75FDDD3F4}" = protocol=6 | dir=out | app=system |
"{B3A5F124-7599-4432-B4B1-18641F3C97AA}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B519406D-B6D6-4E5F-8721-F72DE6F3D43E}" = protocol=17 | dir=in | app=c:\program files (x86)\pandora.tv\panservice\panprocess.exe |
"{B898C53B-71DE-4492-A9BD-BC2CE15796A0}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B8B4E785-9232-4B9A-8B01-74C63AC2AA26}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{BF50F4FD-D9B1-4980-819C-91F92CA0B3BE}" = protocol=6 | dir=in | app=c:\program files (x86)\pandora.tv\panservice\panprocess.exe |
"{C0BBE4C9-AA19-446A-AF60-0DB24D40BDA1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C1A66D63-AEAE-4D23-8C87-F290CD68BEC0}" = protocol=6 | dir=in | app=c:\program files (x86)\pandora.tv\panservice\panprocess.exe |
"{C2C7153B-B407-4FAE-BFBD-25DF369A1374}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{C5126720-2F4F-42F2-B6C5-2CC657CA95FF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CA4FBA7B-F959-46B2-ACC2-2C6D06146C56}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CE5BF45F-D909-41F2-946B-D08F36C49DF9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{D606BCF0-90F3-4E56-8869-4C6C0687392D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{DF386198-E845-4ECD-8902-AC62F27BAA9A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E27BB93D-960D-447D-837C-320EFADDA35D}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 2050 j510 series\bin\usbsetup.exe |
"{E3036447-B911-4E2B-BA11-83D9AA901359}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E5D6BBB5-0577-442D-BDB5-53AB71E874A2}" = protocol=6 | dir=in | app=c:\program files (x86)\pandora.tv\panservice\pandoraservice.exe |
"{EEA677F1-C048-45A7-BEA7-FEA8AC885BCC}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{F10F74AA-0DF1-4194-B732-0B7ACB5FB7F2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F728F723-0067-4F38-9793-5E900E786CB7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F870DF9B-DED2-4B7F-8AD8-5AEF481C2510}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F936AA1A-019D-4E9D-B31F-4BB48EE6C739}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FAFF14EB-AC5B-4725-85AE-84AEBC09783E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"TCP Query User{1E2E52ED-9DFC-4222-8A74-A864DC11D9A8}C:\program files (x86)\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"TCP Query User{6D0D83BF-46DD-4AD9-ADAF-FEFDCBDD8796}C:\program files\hexchat\hexchat.exe" = protocol=6 | dir=in | app=c:\program files\hexchat\hexchat.exe |
"TCP Query User{E37493F8-C5FE-44CF-BE19-A6D716132D7A}E:\programmation\qtchat\release\qtchat.exe" = protocol=6 | dir=in | app=e:\programmation\qtchat\release\qtchat.exe |
"TCP Query User{E4714ADC-D31E-483B-BED7-EE134571BD0A}C:\program files (x86)\valve\portal 2\portal2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\valve\portal 2\portal2.exe |
"UDP Query User{04870D66-C8F2-469A-BBEE-DB139BBAEF25}C:\program files (x86)\valve\portal 2\portal2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\valve\portal 2\portal2.exe |
"UDP Query User{35CE3A0D-04E0-4137-BD84-AA59DAD8ACD3}C:\program files\hexchat\hexchat.exe" = protocol=17 | dir=in | app=c:\program files\hexchat\hexchat.exe |
"UDP Query User{44823339-CF28-4006-8630-458A16074A94}E:\programmation\qtchat\release\qtchat.exe" = protocol=17 | dir=in | app=e:\programmation\qtchat\release\qtchat.exe |
"UDP Query User{61CBD438-7468-4CBE-B824-5321C3052D82}C:\program files (x86)\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EF48631A-7F45-430A-8AD3-B41CFB1D7596}" = HP Deskjet 2050 J510 series Product Improvement Study
"{F2C07BE3-0F88-4D0C-957B-3557699981E9}" = HP Deskjet 2050 J510 series Basic Device Software
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Unlocker" = Unlocker 1.9.1-x64

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{55EB7967-5BB1-4EA2-8AFF-B2F9E487E553}" = PC Connectivity Solution
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}" = HP Deskjet 2050 J510 series Help
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.7)
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CAAB0192-5704-469F-A0BE-2D842D70E93B}_is1" = Sothink FLV Player
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = COWON Media Center - jetAudio Plus VX
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"CCleaner" = CCleaner
"GOM Player" = GOM Player
"GomAudio" = GOM Audio
"HP Photo Creations" = HP Photo Creations
"InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mobile Broadband HL Service" = Mobile Broadband HL Service
"Mozilla Firefox 22.0 (x86 en-US)" = Mozilla Firefox 22.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.49b
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"Office14.SingleImage" = Microsoft Office Home and Business 2010
"Opera 12.15.1748" = Opera 12.15
"RealPlayer 15.0" = RealPlayer
"The KMPlayer" = The KMPlayer (remove only)
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2820742433-3329283319-3891564071-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

< End of report >

 

[Broni]

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
O2 - BHO: (no name) - {C8625893-2C0F-4484-8C18-52B00D5A8BB9} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.


:Services

:Reg

:Files
C:\FRST

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.
Last scans....

Download Security Check from here or here and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
  • Other Services
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, click on List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• NOTE. If Eset won't find any threats, it won't produce any log.

 

[amiraa]

All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C8625893-2C0F-4484-8C18-52B00D5A8BB9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C8625893-2C0F-4484-8C18-52B00D5A8BB9}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\FRST\Quarantine folder moved successfully.
C:\FRST\Logs folder moved successfully.
C:\FRST\Hives\Users\00000002 folder moved successfully.
C:\FRST\Hives\Users\00000001 folder moved successfully.
C:\FRST\Hives\Users folder moved successfully.
C:\FRST\Hives folder moved successfully.
C:\FRST folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56475 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: user1
->Temp folder emptied: 1761262 bytes
->Temporary Internet Files folder emptied: 403130 bytes
->FireFox cache emptied: 77317816 bytes
->Google Chrome cache emptied: 37439239 bytes
->Opera cache emptied: 667754 bytes
->Flash cache emptied: 1471 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 53022 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 95336 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 112.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: user1

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: user1
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 08112013_215022

Files\Folders moved on Reboot...
C:\Users\user1\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\user1\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...