TechSpot

Possible infection

Inactive
By malis2007
Jun 18, 2013
Topic Status:
Not open for further replies.
  1. I think that I have a malware/virus/trojan..
    because before 5 months.. I used to host a server for a game called killingfloor..
    with firewall turned off.. to make people able to access my server.. (I know that was dump but you know.. I was just thinking about playing only but now I want security :/ )
    anyway.. when I was hosting the server (even when I don't host it).. I used to have the mouse moving alone thing..
    and that wasn't a mouse problem.. (I tried more than 10 others mouse's and all were the same..)
    so.. I thought that it were a hacker who got a remote access to my computer..
    then I started searching and missing with the (services.msc) to stop the remote thing..
    anyway.. now.. there is some of the "services" stuff has a missing files.. and I dont know how to restore them.. O_O
    system restore = useless
    safe mode = useless
    oh.. and btw.. the mouse moving thing stopped happening before 2 months from now.. (maybe that hacker felt bored or something from me.. because my laptop was TURNED off in this time limit dude to school and months exams..
    so I am just asking the following.. AM I able to restore the services missing files?! IS THERE any way to restore it..?
    AND am I able to block that hacker or the remote connection or viruses from my pc?!
    ALTHOUGH I scanned my pc with a lot of AV's and all said that I am fine.
    uhh.. and by the way.., PLEASE DON'T TELL ME TO DO AFRESH WIN7 INSTALL.. MY DAD WILL KILL ME IF I DID THAT. please.. any other way than that. (because all ppl to do it.. but I simply CANT!(NOT ALLOWED) )



    oh.. and here is the malwarebytes QUICK SCAN log :

    Malwarebytes Anti-Malware (PRO) 1.75.0.1300
    www.malwarebytes.org

    Database version: v2013.06.18.09

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 10.0.9200.16618
    ali :: S34N [administrator]

    Protection: Enabled

    19/06/2013 03:52:39 AM
    mbam-log-2013-06-19 (03-52-39).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
    Scan options disabled:
    Objects scanned: 290247
    Time elapsed: 13 minute(s), 50 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)


    (end)
     
  2. malis2007

    malis2007 TS Rookie Topic Starter Posts: 32

    DDS:

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 10.0.9200.16611 BrowserJavaVersion: 10.21.2
    Run by ali at 4:32:44 on 2013-06-19
    Microsoft Windows 7 Home Premium 6.1.7601.1.1256.20.1033.18.6069.2790 [GMT 2:00]
    .
    AV: ESET Smart Security 6.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
    AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
    SP: ESET Smart Security 6.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
    FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\System32\svchost.exe -k NetworkService
    C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Microsoft Security Client\NisSrv.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\ESET\ESET Smart Security\egui.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files (x86)\Internet Download Manager\IDMan.exe
    C:\Program Files (x86)\Internet Download Manager\IDMIntegrator64.exe
    C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
    C:\Program Files\VistaSwitcher\vswitch64.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\SysWOW64\vmnat.exe
    C:\Windows\SysWOW64\vmnetdhcp.exe
    C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
    C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
    C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
    C:\Windows\system32\wbem\WmiApSrv.exe
    C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
    C:\Program Files (x86)\FileZilla FTP Client\filezilla.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\notepad.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\mmc.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.ye1.org/
    uSearch Page = hxxp://www.google.com
    uProxyOverride = <local>
    uURLSearchHooks: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - <orphaned>
    BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Microsoft Web Test Recorder 10.0 Helper: {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} - C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    EB: Web Test Recorder 10.0: {3142c289-f319-47f5-a594-a827028714c9} -
    uRun: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
    uRun: [VistaSwitcher] "C:\Program Files\VistaSwitcher\vswitch64.exe" /startup
    mRun: [vmware-tray.exe] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
    uPolicies-Explorer: NoDriveAutoRun- = dword:0
    uPolicies-Explorer: NoDriveTypeAutoRun- = dword:0
    uPolicies-Explorer: NoDriveAutoRun = dword:67108863
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:253
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:253
    mPolicies-Explorer: NoDriveAutoRun = dword:67108863
    mPolicies-Explorer: NoDriveAutoRun- = dword:0
    mPolicies-Explorer: NoDriveTypeAutoRun- = dword:0
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
    IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
    IE: ت&صدير إلى Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    LSP: %windir%\system32\vsocklib.dll
    TCP: NameServer = 41.128.225.225 41.128.225.226
    TCP: Interfaces\{1DF79A7C-6F29-4AAF-B4FD-772F63ACE586} : NameServer = 208.67.220.123,208.67.222.123,192.168.1.1
    TCP: Interfaces\{1DF79A7C-6F29-4AAF-B4FD-772F63ACE586} : DHCPNameServer = 41.128.225.225 41.128.225.226
    TCP: Interfaces\{1DF79A7C-6F29-4AAF-B4FD-772F63ACE586}\16C696 : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{1DF79A7C-6F29-4AAF-B4FD-772F63ACE586}\C696E6B6 : DHCPNameServer = 41.128.225.225 41.128.225.226
    TCP: Interfaces\{1DF79A7C-6F29-4AAF-B4FD-772F63ACE586}\D416C69637 : DHCPNameServer = 197.199.255.254 217.52.47.130
    TCP: Interfaces\{8A68948D-B161-4ED7-8BBE-9F3776C9E0DF}\16C696 : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{D13B58AE-512F-4510-A695-2D1472BC76B5}\16C696 : DHCPNameServer = 213.131.66.248 213.131.65.20
    Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-mWinlogon: Userinit = C:\Windows\System32\userinit.exe
    x64-BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -
    x64-Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
    x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    x64-Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    x64-STS: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
    x64-mASetup: {12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\Windows\System32\ieudinit.exe
    Hosts: 127.0.0.1 ads.mcafee.com
    Hosts: 127.0.0.1 analytics.microsoft.com
    Hosts: 127.0.0.1 metrics.bitdefender.com
    Hosts: 127.0.0.1 metrics.mcafee.com
    Hosts: 127.0.0.1 om.symantec.com
    .
    Note: multiple HOSTS entries found. Please refer to Attach.txt
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 77962412;77962412;C:\Windows\System32\drivers\77962412.sys [2013-1-31 460888]
    R0 epfwwfp;epfwwfp;C:\Windows\System32\drivers\epfwwfp.sys [2013-2-20 58416]
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
    R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2010-8-16 24680]
    R0 vsock;vSockets Driver;C:\Windows\System32\drivers\vsock.sys [2013-6-19 70256]
    R1 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2013-2-20 213416]
    R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\System32\drivers\EpfwLWF.sys [2013-1-10 59440]
    R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
    R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2013-3-21 1341664]
    R2 IDMWFP;IDMWFP;C:\Windows\System32\drivers\idmwfp.sys [2013-3-1 165112]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-6-7 418376]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-6-7 701512]
    R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-1-20 130008]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-3-14 383264]
    R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-4-17 13832]
    R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2012-8-1 917656]
    R2 VMwareHostd;VMware Workstation Server;C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [2012-8-15 15680000]
    R3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2010-4-14 54824]
    R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-11-20 35104]
    R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2010-7-21 129024]
    R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;C:\Windows\System32\drivers\FLxHCIc.sys [2012-11-8 249584]
    R3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;C:\Windows\System32\drivers\FLxHCIh.sys [2012-11-8 77040]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-11-20 56344]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-6-7 25928]
    R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-4-19 161384]
    S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2010-5-3 44032]
    S3 ANTS Memory Profiler 7 Service;ANTS Memory Profiler 7 Service;C:\Program Files\Red Gate\ANTS Memory Profiler 7\RedGate.Memory.IISService.exe [2013-6-18 143288]
    S3 ANTS Performance Profiler 8 Service;ANTS Performance Profiler 8 Service;C:\Program Files\Red Gate\ANTS Performance Profiler 8\RedGate.Profiler.IISService.exe [2013-6-18 194440]
    S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-8-12 57280]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-7-28 1511872]
    S3 hitmanpro37;HitmanPro 3.7 Support Driver;C:\Windows\System32\drivers\hitmanpro37.sys [2013-2-6 32152]
    S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\System32\drivers\L1C62x64.sys [2009-6-10 57344]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-1-24 19456]
    S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
    S3 ST330;ST330;C:\Windows\System32\drivers\st330.sys [2011-3-22 47616]
    S3 STBUS;STBUS;C:\Windows\System32\drivers\stbus.sys [2011-3-22 24576]
    S3 STETH;SpeedTouch Ethernet Adapter NT Driver;C:\Windows\System32\drivers\steth.sys [2011-3-22 58880]
    S3 stppp;Speedtouch PPP Adapter Adapter;C:\Windows\System32\drivers\stppp.sys [2012-4-14 54272]
    S3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\drivers\taphss6.sys [2013-1-10 42184]
    S3 Te.Service;Te.Service;C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [2012-7-25 126976]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-1-24 57856]
    S3 TurboBoost;Intel(R) Turbo Boost Technology Monitor;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-4-17 134928]
    S3 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-11-20 2314240]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]
    S3 VBoxUSB;VirtualBox USB;C:\Windows\System32\drivers\VBoxUSB.sys [2012-4-3 117040]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-2-4 1255736]
    S4 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2010-11-20 379520]
    S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
    S4 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-27 398176]
    S4 RsFx0105;RsFx0105 Driver;C:\Windows\System32\drivers\RsFx0105.sys [2011-9-22 311144]
    S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-9-22 431464]
    .
    =============== File Associations ===============
    .
    ShellExec: FRONTPG.EXE: edit=C:\PROGRA~2\Office10\FRONTPG.EXE
    .
    =============== Created Last 30 ================
    .
    2019-10-09 08:40:57--------d-----w-C:\Users\ali\AppData\Roaming\Crypto Obfuscator For .Net v2012 R2
    2013-06-19 00:45:2370256----a-w-C:\Windows\System32\drivers\vsock.sys
    2013-06-19 00:45:2367224----a-w-C:\Windows\System32\vsocklib.dll
    2013-06-19 00:45:2363128----a-w-C:\Windows\SysWow64\vsocklib.dll
    2013-06-19 00:45:1567224----a-w-C:\Windows\System32\drivers\vmx86.sys
    2013-06-19 00:44:32357016----a-w-C:\Windows\SysWow64\vmnetdhcp.exe
    2013-06-19 00:44:28435864----a-w-C:\Windows\SysWow64\vmnat.exe
    2013-06-19 00:44:2830360----a-w-C:\Windows\System32\drivers\vmnetuserif.sys
    2013-06-19 00:44:12933528----a-w-C:\Windows\System32\vnetlib64.dll
    2013-06-19 00:43:5852376----a-w-C:\Windows\System32\drivers\hcmon.sys
    2013-06-19 00:43:25--------d-----w-C:\Program Files\Common Files\VMware
    2013-06-19 00:40:30--------d-----w-C:\Program Files (x86)\Common Files\VMware
    2013-06-18 23:22:089552976----a-w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0A2836C5-46AC-4DB6-92AE-57D140ACF2A9}\mpengine.dll
    2013-06-18 14:06:30--------d-----w-C:\Program Files (x86)\FileZilla Server
    2013-06-18 08:13:48--------d-----w-C:\Program Files\Red Gate
    2013-06-18 07:19:20--------d-----w-C:\Users\ali\AppData\Local\Temporary Projects
    2013-06-17 22:47:309552976------w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2013-06-16 01:02:08--------d-----w-C:\Users\ali\AppData\Local\VSIXInstaller
    2013-06-14 15:27:37964552------w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
    2013-06-14 15:27:37964552------w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DF505AB6-D6DF-4288-AE01-C57084102710}\gapaengine.dll
    2013-06-13 12:48:092706432----a-w-C:\Windows\System32\mshtml.tlb
    2013-06-13 12:48:082706432----a-w-C:\Windows\SysWow64\mshtml.tlb
    2013-06-13 12:48:07279040----a-w-C:\Program Files\Internet Explorer\sqmapi.dll
    2013-06-13 12:48:07218112----a-w-C:\Program Files (x86)\Internet Explorer\sqmapi.dll
    2013-06-13 00:09:031910632----a-w-C:\Windows\System32\drivers\tcpip.sys
    2013-06-13 00:04:02751104----a-w-C:\Windows\System32\win32spl.dll
    2013-06-13 00:04:02492544----a-w-C:\Windows\SysWow64\win32spl.dll
    2013-06-12 23:53:231887232----a-w-C:\Windows\System32\d3d11.dll
    2013-06-12 23:53:231505280----a-w-C:\Windows\SysWow64\d3d11.dll
    2013-06-11 16:44:01--------d-----w-C:\Program Files (x86)\Common Files\PCSuite
    2013-06-11 16:43:32--------d-----w-C:\Program Files (x86)\Common Files\Nokia
    2013-06-11 16:43:1225600----a-w-C:\Windows\System32\drivers\pccsmcfdx64.sys
    2013-06-11 16:42:32--------d-----w-C:\Program Files (x86)\PC Connectivity Solution
    2013-06-11 16:40:37--------d-----w-C:\Program Files (x86)\Nokia
    2013-06-11 14:30:13--------d-----w-C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2013-06-10 19:10:09--------d-----w-C:\Users\ali\AppData\Local\Brice_Lambson
    2013-06-10 19:08:08--------d-----w-C:\Program Files\Image Resizer for Windows
    2013-06-10 19:08:07--------d-----w-C:\Program Files (x86)\Image Resizer for Windows
    2013-06-10 17:47:51438272----a-w-C:\shimgvw.dll
    2013-06-10 17:47:5133280----a-w-C:\rundll32.exe
    2013-06-07 21:15:21--------d-----w-C:\RegBackup
    2013-06-07 20:57:5325928----a-w-C:\Windows\System32\drivers\mbam.sys
    2013-06-07 20:57:53--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2013-06-07 20:34:569460464------w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{784E001D-DE3A-4159-9F7F-61BDDB4A468D}\mpengine.dll
    2013-06-07 20:34:529460464----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Updates\mpengine.dll
    2013-06-07 19:11:0495648----a-w-C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2013-06-07 18:55:26--------d-----w-C:\Program Files (x86)\MeteorEntertainment
    2013-06-05 11:49:05--------d-----w-C:\Users\ali\AppData\Roaming\NuGet
    2013-06-03 11:39:28--------d-----w-C:\Program Files (x86)\Microsoft Web Tools
    2013-06-03 10:49:36--------d-----w-C:\Program Files (x86)\Microsoft Security Client
    2013-06-03 10:49:33--------d-----w-C:\Program Files\Microsoft Security Client
    2013-06-02 21:35:1331----a-w-C:\Windows\SysWow64\wsodpdfcsini.dll
    2013-06-02 18:24:28--------d-----w-C:\Program Files\Microsoft Synchronization Services
    2013-06-02 18:24:23--------d-----w-C:\Program Files (x86)\Microsoft Synchronization Services
    2013-06-02 18:22:06--------d-----w-C:\Program Files\Microsoft Visual Studio 10.0
    2013-05-31 19:30:49--------d-----w-C:\Users\ali\AppData\Roaming\Microsoft FxCop
    2013-05-30 19:34:08--------d-----w-C:\ProgramData\Microsoft Visual Studio
    2013-05-29 13:51:512574304----a-w-C:\ProgramData\Microsoft\VisualStudio\11.0\1033\ResourceCache.dll
    2013-05-29 13:28:09--------d-----w-C:\Program Files\Microsoft SQL Server Compact Edition
    2013-05-29 13:16:23--------d-----w-C:\Program Files\Application Verifier
    2013-05-29 13:16:23--------d-----w-C:\Program Files (x86)\Application Verifier
    2013-05-29 13:14:36--------d-----w-C:\ProgramData\Windows App Certification Kit
    2013-05-29 13:00:08--------d-----w-C:\Program Files (x86)\Common Files\Microsoft
    2013-05-29 12:31:08--------d-----w-C:\Program Files (x86)\Microsoft ASP.NET
    2013-05-29 12:28:35--------d-----w-C:\Program Files\Microsoft
    2013-05-29 12:28:13--------d-----w-C:\Program Files\IIS Express
    2013-05-29 12:28:13--------d-----w-C:\Program Files (x86)\IIS Express
    2013-05-29 12:26:21--------d-----w-C:\Program Files (x86)\NuGet
    2013-05-29 12:20:52--------d-----w-C:\Program Files (x86)\Microsoft WCF Data Services
    2013-05-29 12:20:21--------d-----w-C:\Program Files\IIS
    2013-05-29 12:20:21--------d-----w-C:\Program Files (x86)\IIS
    2013-05-29 12:02:46--------d-----w-C:\Program Files (x86)\Windows Kits
    2013-05-29 11:24:11--------d-----w-C:\Program Files (x86)\HTML Help Workshop
    2013-05-29 11:23:53--------d-----w-C:\Program Files (x86)\Microsoft Help Viewer
    2013-05-29 11:06:36--------d-----w-C:\Windows\SysWow64\1033
    2013-05-29 10:31:17--------d-----w-C:\Program Files (x86)\Common Files\Merge Modules
    2013-05-29 10:27:20--------d-----w-C:\Users\ali\AppData\Roaming\ImTOO
    2013-05-29 10:26:21--------d-----w-C:\ProgramData\ImTOO
    2013-05-29 10:26:21--------d-----w-C:\Program Files (x86)\ImTOO
    2013-05-29 10:23:56--------d-----w-C:\Program Files (x86)\Microsoft Visual Studio 11.0
    2013-05-29 10:23:55--------d-----w-C:\Windows\System32\1033
    2013-05-29 10:23:47--------d-----w-C:\Program Files\Microsoft Visual Studio 11.0
    2013-05-29 10:05:18--------d-----w-C:\ProgramData\regid.1991-06.com.microsoft
    2013-05-29 10:05:18--------d-----w-C:\ProgramData\Package Cache
    2013-05-26 13:12:45--------d-----w-C:\Evolution Games
    2013-05-26 12:39:29--------d-----w-C:\Users\ali\AppData\Roaming\GlarySoft
    2013-05-26 12:39:29--------d-----w-C:\Program Files (x86)\Absolute Uninstaller
    2013-05-26 00:14:39--------d-----w-C:\Windows\CheckSur
    2013-05-25 23:31:28--------d-sh--w-C:\$RECYCLE.BIN
    .
    ==================== Find3M ====================
    .
    2013-06-07 19:10:34866720----a-w-C:\Windows\SysWow64\npDeployJava1.dll
    2013-06-07 19:10:33788896----a-w-C:\Windows\SysWow64\deployJava1.dll
    2013-05-17 01:25:571767936----a-w-C:\Windows\SysWow64\wininet.dll
    2013-05-17 01:25:272877440----a-w-C:\Windows\SysWow64\jscript9.dll
    2013-05-17 01:25:2661440----a-w-C:\Windows\SysWow64\iesetup.dll
    2013-05-17 01:25:26109056----a-w-C:\Windows\SysWow64\iesysprep.dll
    2013-05-17 00:59:032241024----a-w-C:\Windows\System32\wininet.dll
    2013-05-17 00:58:103958784----a-w-C:\Windows\System32\jscript9.dll
    2013-05-17 00:58:0867072----a-w-C:\Windows\System32\iesetup.dll
    2013-05-17 00:58:08136704----a-w-C:\Windows\System32\iesysprep.dll
    2013-05-14 12:23:2589600----a-w-C:\Windows\System32\RegisterIEPKEYs.exe
    2013-05-14 10:54:46421888----a-w-C:\Windows\SysWow64\RealMediaSplitter.ax
    2013-05-14 08:40:1371680----a-w-C:\Windows\SysWow64\RegisterIEPKEYs.exe
    2013-05-13 05:51:01184320----a-w-C:\Windows\System32\cryptsvc.dll
    2013-05-13 05:51:001464320----a-w-C:\Windows\System32\crypt32.dll
    2013-05-13 05:51:00139776----a-w-C:\Windows\System32\cryptnet.dll
    2013-05-13 05:50:4052224----a-w-C:\Windows\System32\certenc.dll
    2013-05-13 04:45:55140288----a-w-C:\Windows\SysWow64\cryptsvc.dll
    2013-05-13 04:45:551160192----a-w-C:\Windows\SysWow64\crypt32.dll
    2013-05-13 04:45:55103936----a-w-C:\Windows\SysWow64\cryptnet.dll
    2013-05-13 03:43:551192448----a-w-C:\Windows\System32\certutil.exe
    2013-05-13 03:08:10903168----a-w-C:\Windows\SysWow64\certutil.exe
    2013-05-13 03:08:0643008----a-w-C:\Windows\SysWow64\certenc.dll
    2013-05-10 05:49:2730720----a-w-C:\Windows\System32\cryptdlg.dll
    2013-05-10 03:20:5424576----a-w-C:\Windows\SysWow64\cryptdlg.dll
    2013-05-02 00:06:08278800------w-C:\Windows\System32\MpSigStub.exe
    2013-04-17 07:02:061230336----a-w-C:\Windows\SysWow64\WindowsCodecs.dll
    2013-04-17 06:24:461424384----a-w-C:\Windows\System32\WindowsCodecs.dll
    2013-04-13 05:49:23135168----a-w-C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
    2013-04-13 05:49:19350208----a-w-C:\Windows\apppatch\AppPatch64\AcLayers.dll
    2013-04-13 05:49:19308736----a-w-C:\Windows\apppatch\AppPatch64\AcGenral.dll
    2013-04-13 05:49:19111104----a-w-C:\Windows\apppatch\AppPatch64\acspecfc.dll
    2013-04-13 04:45:16474624----a-w-C:\Windows\apppatch\AcSpecfc.dll
    2013-04-13 04:45:152176512----a-w-C:\Windows\apppatch\AcGenral.dll
    2013-04-12 14:45:081656680----a-w-C:\Windows\System32\drivers\ntfs.sys
    2013-04-10 06:01:54265064----a-w-C:\Windows\System32\drivers\dxgmms1.sys
    2013-04-10 06:01:53983400----a-w-C:\Windows\System32\drivers\dxgkrnl.sys
    2013-04-10 03:30:503153920----a-w-C:\Windows\System32\win32k.sys
    2013-04-05 00:00:03185344----a-w-C:\Windows\SysWow64\elshyph.dll
    2013-04-05 00:00:031054720----a-w-C:\Windows\System32\MsSpellCheckingFacility.exe
    2013-04-05 00:00:02226304----a-w-C:\Windows\System32\elshyph.dll
    2013-04-05 00:00:02158720----a-w-C:\Windows\SysWow64\msls31.dll
    2013-04-05 00:00:00719360----a-w-C:\Windows\SysWow64\mshtmlmedia.dll
    2013-04-05 00:00:00150528----a-w-C:\Windows\SysWow64\iexpress.exe
    2013-04-05 00:00:00138752----a-w-C:\Windows\SysWow64\wextract.exe
    2013-03-25 12:28:02350160----a-w-C:\Windows\System32\drivers\trufos.sys
    2013-03-25 12:27:56632064----a-w-C:\Windows\SysWow64\msvcr80.dll
    2013-03-25 12:27:55554240----a-w-C:\Windows\SysWow64\msvcp80.dll
    2013-03-25 12:27:54572928----a-w-C:\Windows\SysWow64\msvcp90.dll
    2013-03-25 12:27:53655872----a-w-C:\Windows\SysWow64\msvcr90.dll
    2013-03-25 12:27:5134048----a-w-C:\Windows\SysWow64\eEmpty.exe
    2013-03-25 11:14:20963488----a-w-C:\Windows\System32\deployJava1.dll
    2013-03-25 11:14:201085344----a-w-C:\Windows\System32\npDeployJava1.dll
    2013-03-25 10:58:5073432----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-03-25 10:58:50693976----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-08-15 09:20:362174976----a-w-C:\Program Files (x86)\Common Files\atimpenc.dll
    .
    ============= FINISH: 4:39:42.77 ===============
     
  3. malis2007

    malis2007 TS Rookie Topic Starter Posts: 32

    Attach :
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 15/01/2011 02:30:05 AM
    System Uptime: 18/06/2013 09:59:18 PM (7 hours ago)
    .
    Motherboard: ASUSTeK Computer Inc. | | N53Jq
    Processor: Intel(R) Core(TM) i7 CPU Q 740 @ 1.73GHz | Socket 989 | 919/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 149 GiB total, 40.638 GiB free.
    D: is FIXED (NTFS) - 426 GiB total, 59.482 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft Virtual WiFi Miniport Adapter
    Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&4240F00&0&01
    Manufacturer: Microsoft
    Name: Microsoft Virtual WiFi Miniport Adapter
    PNP Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&4240F00&0&01
    Service: vwifimp
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Bluetooth Device (Personal Area Network)
    Device ID: BTH\MS_BTHPAN\7&2F9FD3E4&0&2
    Manufacturer: Microsoft
    Name: Bluetooth Device (Personal Area Network)
    PNP Device ID: BTH\MS_BTHPAN\7&2F9FD3E4&0&2
    Service: BthPan
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Bluetooth Device (RFCOMM Protocol TDI)
    Device ID: BTH\MS_RFCOMM\7&2F9FD3E4&0&0
    Manufacturer: Microsoft
    Name: Bluetooth Device (RFCOMM Protocol TDI)
    PNP Device ID: BTH\MS_RFCOMM\7&2F9FD3E4&0&0
    Service: RFCOMM
    .
    Class GUID:
    Description:
    Device ID: ROOT\WPD\0000
    Manufacturer:
    Name:
    PNP Device ID: ROOT\WPD\0000
    Service:
    .
    Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318}
    Description: Bluetooth Hands-free Audio
    Device ID: BTHENUM\{24DF01A9-3E4F-4C9F-9F66-5AA8AB14F8F4}_LOCALMFG&0000\8&15AC57A2&0&000000000000_00000000
    Manufacturer: Broadcom
    Name: Bluetooth Hands-free Audio
    PNP Device ID: BTHENUM\{24DF01A9-3E4F-4C9F-9F66-5AA8AB14F8F4}_LOCALMFG&0000\8&15AC57A2&0&000000000000_00000000
    Service: btwaudio
    .
    Class GUID:
    Description: Bluetooth Peripheral Device
    Device ID: BTHENUM\{00005005-0000-1000-8000-0002EE000001}_VID&00010001_PID&00A9\8&15AC57A2&0&0025D0B055ED_C00000003
    Manufacturer:
    Name: Bluetooth Peripheral Device
    PNP Device ID: BTHENUM\{00005005-0000-1000-8000-0002EE000001}_VID&00010001_PID&00A9\8&15AC57A2&0&0025D0B055ED_C00000003
    Service:
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Atheros AR8131 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
    Device ID: PCI\VEN_1969&DEV_1063&SUBSYS_18201043&REV_C0\FF1CF4B9BCAEC5FF00
    Manufacturer: Atheros
    Name: Atheros AR8131 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
    PNP Device ID: PCI\VEN_1969&DEV_1063&SUBSYS_18201043&REV_C0\FF1CF4B9BCAEC5FF00
    Service: L1C
    .
    Class GUID: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
    Description: Bluetooth Remote Control
    Device ID: BTHENUM\{84A1E9B8-12BA-4A9C-8AB0-A43784E0D149}_LOCALMFG&0000\8&15AC57A2&0&000000000000_00000000
    Manufacturer: Broadcom
    Name: Bluetooth Remote Control
    PNP Device ID: BTHENUM\{84A1E9B8-12BA-4A9C-8AB0-A43784E0D149}_LOCALMFG&0000\8&15AC57A2&0&000000000000_00000000
    Service: btwrchid
    .
    Class GUID:
    Description: Bluetooth Peripheral Device
    Device ID: BTHENUM\{00005601-0000-1000-8000-0002EE000001}_VID&00010001_PID&00A9\8&15AC57A2&0&0025D0B055ED_C00000003
    Manufacturer:
    Name: Bluetooth Peripheral Device
    PNP Device ID: BTHENUM\{00005601-0000-1000-8000-0002EE000001}_VID&00010001_PID&00A9\8&15AC57A2&0&0025D0B055ED_C00000003
    Service:
    .
    Class GUID:
    Description: Bluetooth Peripheral Device
    Device ID: BTHENUM\{00005557-0000-1000-8000-0002EE000001}_VID&00010001_PID&00A9\8&15AC57A2&0&0025D0B055ED_C00000003
    Manufacturer:
    Name: Bluetooth Peripheral Device
    PNP Device ID: BTHENUM\{00005557-0000-1000-8000-0002EE000001}_VID&00010001_PID&00A9\8&15AC57A2&0&0025D0B055ED_C00000003
    Service:
    .
    ==== System Restore Points ===================
    .
    RP605: 12/06/2013 11:05:21 PM - Windows Modules Installer
    RP606: 12/06/2013 11:06:19 PM - Windows Modules Installer
    RP607: 12/06/2013 11:11:07 PM - Windows Modules Installer
    RP608: 12/06/2013 11:16:24 PM - Windows Modules Installer
    RP609: 12/06/2013 11:18:24 PM - Windows Modules Installer
    RP610: 12/06/2013 11:26:35 PM - Windows Modules Installer
    RP611: 13/06/2013 03:00:26 AM - Windows Update
    RP612: 13/06/2013 02:47:12 PM - Windows Update
    RP613: 16/06/2013 02:58:12 AM - Removed .NET Reflector Desktop
    RP614: 16/06/2013 03:01:12 AM - Removed .NET Reflector Visual Studio Extension 8.1
    RP615: 17/06/2013 01:11:40 PM - Windows Update
    .
    ==== Hosts File Hijack ======================
    .
    Hosts: 127.0.0.1 ads.mcafee.com
    Hosts: 127.0.0.1 analytics.microsoft.com
    Hosts: 127.0.0.1 metrics.bitdefender.com
    Hosts: 127.0.0.1 metrics.mcafee.com
    Hosts: 127.0.0.1 om.symantec.com
    Hosts: 127.0.0.1 ads.bleepingcomputer.com
    Hosts: 127.0.0.1 wdcs.trendmicro.com
    Hosts: 127.0.0.1www.spywareinfo.com
    .
    ==== Installed Programs ======================
    .
    Tools for .Net 3.5
    بريد Windows Live
    تحديث لـ Microsoft Office Excel 2007 Help (KB963678)
    تحديث لـ Microsoft Office Powerpoint 2007 Help (KB963669)
    تحديث لـ Microsoft Office Word 2007 Help (KB963665)
    7-Zip 9.20 (x64 edition)
    Absolute Uninstaller 2.9.0.722
    Ace Evolution
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Photoshop CS
    Adobe Photoshop CS5.1 12.1
    Adobe Reader 9.5.3 MUI
    Adobe Shockwave Player 12.0
    Alcor Micro USB Card Reader
    ANTS Memory Profiler 7
    ANTS Performance Profiler 8
    ANTS Profiler Visual Studio Add-in 1
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ASUS AI Recovery
    ASUS AP Bank
    ASUS Data Security Manager
    ASUS FancyStart
    ASUS LifeFrame3
    ASUS Live Update
    ASUS MultiFrame
    ASUS Power4Gear Hybrid
    ASUS SmartLogon
    ASUS Splendid Video Enhancement Technology
    ASUS Video Magic
    ASUS Virtual Camera
    ASUS WebStorage
    ASUS_N3_Series
    ATK Package
    AutoHotkey 1.0.48.05
    Blend for Visual Studio 2012
    Blend for Visual Studio 2012 ENU resources
    Blend for Visual Studio Add-in for Adobe FXG Import
    Blend for Visual Studio SDK for .NET 4.5
    Blend for Visual Studio SDK for Silverlight 5
    Boingo Wi-Fi
    Bonjour
    BOUT Evolution
    Canon iP2700 series Printer Driver
    Cisco Network Magic
    ControlDeck
    Cooking Dash
    CyberLink LabelPrint
    CyberLink MediaShow Espresso
    CyberLink PhotoNow
    CyberLink Power2Go
    CyberLink PowerDirector
    CyberLink PowerDVD 9
    D3DX10
    Dotfuscator and Analytics Community Edition
    Dropbox
    Entity Framework Designer for Visual Studio 2012 - enu
    ESET Smart Security
    ETDWare PS/2-x64 7.0.5.13_WHQL
    Explorer Suite III
    ExpressGate Cloud
    Fast Boot
    FileZilla Client 3.6.0.2
    Fresco Logic USB3.0 Host Controller
    Game Park Console
    Google Chrome
    Google Earth
    Google Update Helper
    Governor of Poker
    Hawken
    Hotel Dash Suite Success
    Hotfix for Microsoft Visual Basic 2010 Express - ENU (KB2635973)
    IIS 8.0 Express
    IIS Express Application Compatibility Database for x64
    IIS Express Application Compatibility Database for x86
    Image Resizer for Windows
    Image Resizer for Windows (64 bit)
    Imgur Uploader
    ImTOO Video Converter Ultimate
    Inno Setup version 5.5.1
    Intel(R) Management Engine Components
    Intel(R) Turbo Boost Technology Monitor
    Internet Download Manager
    IrfanView (remove only)
    iTunes
    Java 7 Update 21
    Java Auto Updater
    JavaScript Tooling
    Junk Mail filter update
    LocalESPC
    LocalESPCui for en-us
    Luxor 3
    Mahjongg dimensions
    Malwarebytes Anti-Malware version 1.75.0.1300
    MediaFire Express
    Microsoft .NET Framework 4 Multi-Targeting Pack
    Microsoft .NET Framework 4.5
    Microsoft .NET Framework 4.5 Multi-Targeting Pack
    Microsoft .NET Framework 4.5 SDK
    Microsoft Application Error Reporting
    Microsoft ASP.NET MVC 3
    Microsoft ASP.NET MVC 3 - Visual Studio 2012 Tools Update
    Microsoft ASP.NET MVC 4 - Visual Studio 2012 Tools - ENU
    Microsoft ASP.NET MVC 4 Runtime
    Microsoft ASP.NET Web Pages
    Microsoft ASP.NET Web Pages - Visual Studio 2012 Tools
    Microsoft ASP.NET Web Pages 2 - Visual Studio 2012 Tools - ENU
    Microsoft ASP.NET Web Pages 2 Runtime
    Microsoft Expression Blend SDK for .NET 4
    Microsoft Expression Blend SDK for Silverlight 4
    Microsoft Help Viewer 1.1
    Microsoft Help Viewer 2.0
    Microsoft LightSwitch for Visual Studio 2012 Core
    Microsoft LightSwitch for Visual Studio 2012 CoreRes - ENU
    Microsoft LightSwitch for Visual Studio 2012 v3.0 Core
    Microsoft LightSwitch for Visual Studio 2012 v3.0 CoreRes - ENU
    Microsoft NuGet - Visual Studio 2012
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (Arabic) 2007
    Microsoft Office Excel MUI (Arabic) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Office 64-bit Components 2007
    Microsoft Office Outlook MUI (Arabic) 2007
    Microsoft Office PowerPoint MUI (Arabic) 2007
    Microsoft Office Professional 2007
    Microsoft Office Proof (Arabic) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proofing (Arabic) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (Arabic) 2007
    Microsoft Office Shared 64-bit MUI (Arabic) 2007
    Microsoft Office Shared MUI (Arabic) 2007
    Microsoft Office Word MUI (Arabic) 2007
    Microsoft Portable Library Multi-Targeting Pack
    Microsoft Portable Library Multi-Targeting Pack Language Pack - enu
    Microsoft Report Viewer Add-On for Visual Studio 2012
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft Silverlight 4 SDK
    Microsoft Silverlight 5 SDK
    Microsoft SkyDrive
    Microsoft SQL Server 2008 (64-bit)
    Microsoft SQL Server 2008 Common Files
    Microsoft SQL Server 2008 Database Engine Services
    Microsoft SQL Server 2008 Database Engine Shared
    Microsoft SQL Server 2008 R2 Management Objects
    Microsoft SQL Server 2008 RsFx Driver
    Microsoft SQL Server 2012 Command Line Utilities
    Microsoft SQL Server 2012 Data-Tier App Framework
    Microsoft SQL Server 2012 Express LocalDB
    Microsoft SQL Server 2012 Management Objects
    Microsoft SQL Server 2012 Management Objects (x64)
    Microsoft SQL Server 2012 Native Client
    Microsoft SQL Server 2012 T-SQL Language Service
    Microsoft SQL Server 2012 Transact-SQL Compiler Service
    Microsoft SQL Server 2012 Transact-SQL ScriptDom
    Microsoft SQL Server Compact 3.5 SP2 ENU
    Microsoft SQL Server Compact 3.5 SP2 x64 ENU
    Microsoft SQL Server Compact 4.0 SP1 x64 ENU
    Microsoft SQL Server Data Tools - enu (11.1.20627.00)
    Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20627.00)
    Microsoft SQL Server System CLR Types
    Microsoft SQL Server System CLR Types (x64)
    Microsoft System CLR Types for SQL Server 2012
    Microsoft System CLR Types for SQL Server 2012 (x64)
    Microsoft Visual Basic 2010 Express - ENU
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
    Microsoft Visual C++ 2012 x64 Designtime - 11.0.50727
    Microsoft Visual C++ 2012 32bit Compilers - ENU Resources
    Microsoft Visual C++ 2012 Compilers
    Microsoft Visual C++ 2012 Compilers - ENU Resources
    Microsoft Visual C++ 2012 Core Libraries
    Microsoft Visual C++ 2012 Extended Libraries
    Microsoft Visual C++ 2012 Microsoft Foundation Class Libraries
    Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106
    Microsoft Visual C++ 2012 x64 Debug Runtime - 11.0.51106
    Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106
    Microsoft Visual C++ 2012 x86-x64 Compilers
    Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
    Microsoft Visual C++ 2012 x86 Debug Runtime - 11.0.51106
    Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
    Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
    Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU
    Microsoft Visual Studio 2010 Office Developer Tools (x64)
    Microsoft Visual Studio 2010 Service Pack 1
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
    Microsoft Visual Studio 2012 Devenv
    Microsoft Visual Studio 2012 Devenv Resources
    Microsoft Visual Studio 2012 IntelliTrace Core amd64
    Microsoft Visual Studio 2012 IntelliTrace Core x86
    Microsoft Visual Studio 2012 IntelliTrace Front End x86
    Microsoft Visual Studio 2012 Performance Collection Tools
    Microsoft Visual Studio 2012 Performance Collection Tools - ENU
    Microsoft Visual Studio 2012 Preparation
    Microsoft Visual Studio 2012 SharePoint Developer Tools
    Microsoft Visual Studio 2012 SharePoint Developer Tools ENU Language Pack
    Microsoft Visual Studio 2012 Shell (Minimum)
    Microsoft Visual Studio 2012 Shell (Minimum) Interop Assemblies
    Microsoft Visual Studio 2012 Shell (Minimum) Resources
    Microsoft Visual Studio 2012 Tools for SQL Server Compact 4.0 SP1 ENU
    Microsoft Visual Studio Premium 2012
    Microsoft Visual Studio Premium 2012 - ENU
    Microsoft Visual Studio Professional 2012
    Microsoft Visual Studio Professional 2012 - ENU
    Microsoft Visual Studio Team Foundation Server 2012 Object Model
    Microsoft Visual Studio Team Foundation Server 2012 Object Model Language Pack - ENU
    Microsoft Visual Studio Team Foundation Server 2012 Storyboarding
    Microsoft Visual Studio Team Foundation Server 2012 Storyboarding Language Pack - ENU
    Microsoft Visual Studio Team Foundation Server 2012 Team Explorer
    Microsoft Visual Studio Team Foundation Server 2012 Team Explorer Language Pack - ENU
    Microsoft Visual Studio Ultimate 2012
    Microsoft Visual Studio Ultimate 2012 - ENU
    Microsoft Visual Studio Ultimate 2012 XAML UI Designer Core
    Microsoft Visual Studio Ultimate 2012 XAML UI Designer enu Resources
    Microsoft Web Deploy 3.0
    Microsoft Web Deploy dbSqlPackage Provider - enu
    Microsoft Web Developer Tools 2012.2 - Visual Studio 2012
    Microsoft Web Platform Installer 4.0
    Movie Maker
    MSVC80_x64_v2
    MSVC90_x64
    MSVC90_x86
    MSVCRT
    MSVCRT_amd64
    MSVCRT110
    MSVCRT110_amd64
    MSXML 4.0 SP3 Parser
    MSXML 4.0 SP3 Parser (KB2721691)
    MSXML 4.0 SP3 Parser (KB2758694)
    MSXML 4.0 SP3 Parser (KB973685)
    Net4Switch
    Network Magic
    Nokia Connectivity Cable Driver
    Nokia PC Suite
    Notepad++
    NVIDIA 3D Vision Driver 311.44
    NVIDIA Control Panel 311.44
    NVIDIA Display Control Panel
    NVIDIA Graphics Driver 311.44
    NVIDIA HD Audio Driver 1.3.18.0
    NVIDIA Install Application
    NVIDIA PhysX
    NVIDIA PhysX System Software 9.12.1031
    NVIDIA Stereoscopic 3D Driver
    NVIDIA Update 1.11.3
    NVIDIA Update Components
    NVIDIA Updatus
    Paint Shop Pro 5.0
    PC Connectivity Solution
    PDF-XChange 4 Pro
    Photo Common
    Photo Gallery
    Plants vs Zombies
    PMB
    PreEmptive Analytics Visual Studio Components
    Prerequisites for SSDT
    Pure Networks Platform
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    Realtek High Definition Audio Driver
    RealUpgrade 1.1
    Resource Hacker Version 3.6.0
    Safari
    Security Update for Microsoft .NET Framework 4.5 (KB2737083)
    Security Update for Microsoft .NET Framework 4.5 (KB2742613)
    Security Update for Microsoft .NET Framework 4.5 (KB2789648)
    Security Update for Microsoft .NET Framework 4.5 (KB2804582)
    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
    Service Pack 3 for SQL Server 2008 (KB2546951) (64-bit)
    Skype™ 6.3
    SonicMaster
    Sql Server Customer Experience Improvement Program
    swMSM
    syncables desktop SE
    tools-freebsd
    tools-linux
    tools-netware
    tools-solaris
    tools-windows
    tools-winPre2k
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4.5 (KB2750147)
    Update for Microsoft .NET Framework 4.5 (KB2805221)
    Update for Microsoft .NET Framework 4.5 (KB2805226)
    Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817327) 32-Bit Edition
    Update for Microsoft Visual Studio 2012 (KB2781514)
    USB2.0 UVC 2M WebCam
    VirusTotal Uploader 2.0
    VistaSwitcher
    Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
    Visual Studio 2012 Prerequisites
    Visual Studio 2012 Prerequisites - ENU Language Pack
    Visual Studio 2012 Update 2 (KB2707250)
    Visual Studio Extensions for Windows Library for JavaScript
    VLC media player 2.0.6
    VMware Workstation
    WCF Data Services 5.0 (for OData v3) Primary Components
    WCF Data Services Tools for Microsoft Visual Studio 2012
    WCF RIA Services V1.0 SP2
    WIDCOMM Bluetooth Software
    WinDirStat 1.1.2
    Windows App Certification Kit Native Components
    Windows App Certification Kit x64
    Windows Azure Tools for LightSwitch HTML Client for Visual Studio 2012
    Windows Driver Package - Broadcom HIDClass (06/11/2009 6.2.0.9500)
    Windows Driver Package - Nokia Modem (02/25/2011 4.7)
    Windows Driver Package - Nokia Modem (02/25/2011 7.01.0.9)
    Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Mail
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Photo Common
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Runtime Intellisense Content - en-us
    Windows Software Development Kit
    Windows Software Development Kit DirectX x64 Remote
    Windows Software Development Kit DirectX x86 Remote
    Windows Software Development Kit for Windows Store Apps
    Windows Software Development Kit for Windows Store Apps DirectX x64 Remote
    Windows Software Development Kit for Windows Store Apps DirectX x86 Remote
    Windows XP Targeting with C++
    WinFlash
    WinRAR archiver
    Wireless Console 3
    XnView 1.99.6
    Yahoo! Messenger
    معرض الصور
    .
    ==== Event Viewer Messages From Past Week ========
    .
    19/06/2013 04:09:56 AM, Error: ACPI [10] - ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation Region (0x4), Please contact your system vendor for technical assistance.
    18/06/2013 10:00:40 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ysyfer
    18/06/2013 10:00:07 PM, Error: Service Control Manager [7003] - The Net.Pipe Listener Adapter service depends the following service: was. This service might not be installed.
    18/06/2013 10:00:07 PM, Error: Service Control Manager [7003] - The Net.Msmq Listener Adapter service depends the following service: msmq. This service might not be installed.
    18/06/2013 10:00:07 PM, Error: Service Control Manager [7001] - The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    18/06/2013 09:59:30 PM, Error: Ntfs [137] - The default transaction resource manager on volume D: encountered a non-retryable error and could not start. The data contains the error code.
    18/06/2013 09:59:25 PM, Error: volmgr [46] - Crash dump initialization failed!
    18/06/2013 04:06:35 PM, Error: Service Control Manager [7030] - The FileZilla Server FTP server service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    15/06/2013 03:58:33 AM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
    14/06/2013 10:22:30 PM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    13/06/2013 03:25:46 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.151.2021.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9506.0 Error code: 0x80072f76 Error description: The requested header was not found
    13/06/2013 01:12:57 AM, Error: Microsoft-Windows-WPDClassInstaller [25088] - It was not possible to install drivers for the device WPD_NOKIA_73fd2114_0d73_49c3_9c65_1a2b2c7f6eba. Error code 0xe0000219.
    13/06/2013 01:12:57 AM, Error: Microsoft-Windows-DriverFrameworks-UserMode [10101] - The driver package installation has failed. The final status was 0xE0000203.
    13/06/2013 01:12:56 AM, Error: Microsoft-Windows-DriverFrameworks-UserMode [10101] - The driver package installation has failed. The final status was 0x3.
    12/06/2013 11:47:14 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.151.2021.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9506.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
    12/06/2013 11:47:14 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.151.2021.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9506.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
    .
    ==== End Of File ===========================
     
  4. malis2007

    malis2007 TS Rookie Topic Starter Posts: 32

    And forgot to mention that I have the following AV's :
    ESET Smart Security 6
    and Malwarebytes anti-malware
    and Microsoft Security Essentials...
    ..
     
  5. Broni

    Broni Malware Annihilator Posts: 46,865   +254

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =========================================

    [​IMG] You're running two AV programs, Eset and MSE.
    You must uninstall one of them.

    [​IMG] Download RogueKiller for 32bit or Roguekiller for 64bit to your Desktop.
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to:
    - Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    Download Malwarebytes Anti-Rootkit (MBAR) from HERE
    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
     
  6. malis2007

    malis2007 TS Rookie Topic Starter Posts: 32

    Hey :D
    Thanks alot for replying and trying to help me :D
    I am ready to start.
    here is the log from the "Report" button which in the RogueKiller app

    RogueKiller V8.6.1 _x64_ [Jun 17 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : ali [Admin rights]
    Mode : Remove -- Date : 06/19/2013 08:05:33
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 13 ¤¤¤
    [SERVICE][ROGUE ST] HKLM\[...]\CCSet\[...]\Services : 77962412 (C:\Windows\system32\DRIVERS\77962412.sys [7]) -> DELETED
    [SERVICE][ROGUE ST] HKLM\[...]\CS001\[...]\Services : 77962412 (C:\Windows\system32\DRIVERS\77962412.sys [7]) -> [0x2] The system cannot find the file specified.
    [SERVICE][ROGUE ST] HKLM\[...]\CS002\[...]\Services : 77962412 (C:\Windows\system32\DRIVERS\77962412.sys [7]) -> DELETED
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> REPLACED (1)
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowUser (0) -> REPLACED (1)
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> REPLACED (1)
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> REPLACED (1)
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowHelp (0) -> REPLACED (1)
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> REPLACED (1)
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> REPLACED (1)
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Scheduled tasks : 0 ¤¤¤

    ¤¤¤ Startup Entries : 0 ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ External Hives: ¤¤¤

    ¤¤¤ Infection : Mal.Hosts ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> %SystemRoot%\System32\drivers\etc\hosts

    127.0.0.1 marketing.doubleclickindustries.com --> Potentially malicious!
    127.0.0.1 anon.doubleclick.speedera.net --> Potentially malicious!
    127.0.0.1 doubleclick.net --> Potentially malicious!
    127.0.0.1 ad.doubleclick.net #[MVPS.Criteria] --> Potentially malicious!
    127.0.0.1 ad-g.doubleclick.net --> Potentially malicious!
    127.0.0.1 ad2.doubleclick.net --> Potentially malicious!
    127.0.0.1 ad.ae.doubleclick.net --> Potentially malicious!
    127.0.0.1 ad.ar.doubleclick.net --> Potentially malicious!
    127.0.0.1 ad.at.doubleclick.net --> Potentially malicious!
    127.0.0.1 ad.au.doubleclick.net --> Potentially malicious!
    127.0.0.1 ad.be.doubleclick.net --> Potentially malicious!
    127.0.0.1 ad.br.doubleclick.net --> Potentially malicious!
    127.0.0.1 ad.ca.doubleclick.net --> Potentially malicious!
    127.0.0.1 ad.ch.doubleclick.net --> Potentially malicious!
    127.0.0.1 ad.cl.doubleclick.net --> Potentially malicious!
    127.0.0.1 ad.cn.doubleclick.net --> Potentially malicious!
    127.0.0.1 ad.de.doubleclick.net #[Tracking.Cookie] --> Potentially malicious!
    127.0.0.1 ad.dk.doubleclick.net --> Potentially malicious!
    127.0.0.1 ad.es.doubleclick.net --> Potentially malicious!
    127.0.0.1 ad.fi.doubleclick.net --> Potentially malicious!
    127.0.0.1 ad.fr.doubleclick.net --> Potentially malicious!
    127.0.0.1 ad.gr.doubleclick.net --> Potentially malicious!
    127.0.0.1 ad.hk.doubleclick.net --> Potentially malicious!
    127.0.0.1 ad.hr.doubleclick.net --> Potentially malicious!
    127.0.0.1 ad.hu.doubleclick.net --> Potentially malicious!
    127.0.0.1 ad.ie.doubleclick.net --> Potentially malicious!
    127.0.0.1 ad.in.doubleclick.net --> Potentially malicious!
    127.0.0.1 ad.jp.doubleclick.net --> Potentially malicious!
    127.0.0.1 ad.kr.doubleclick.net --> Potentially malicious!
    127.0.0.1 ad.it.doubleclick.net --> Potentially malicious!
    127.0.0.1 ad.nl.doubleclick.net --> Potentially malicious!
    127.0.0.1 ad.no.doubleclick.net --> Potentially malicious!
    127.0.0.1 ad.nz.doubleclick.net --> Potentially malicious!
    127.0.0.1 ad.pl.doubleclick.net --> Potentially malicious!
    127.0.0.1 ad.pt.doubleclick.net --> Potentially malicious!
    127.0.0.1 ad.ro.doubleclick.net --> Potentially malicious!
    127.0.0.1 ad.ru.doubleclick.net --> Potentially malicious!
    127.0.0.1 ad.se.doubleclick.net --> Potentially malicious!
    127.0.0.1 ad.sg.doubleclick.net --> Potentially malicious!
    127.0.0.1 ad.si.doubleclick.net --> Potentially malicious!
    127.0.0.1 ad.terra.doubleclick.net --> Potentially malicious!
    127.0.0.1 ad.th.doubleclick.net --> Potentially malicious!
    127.0.0.1 ad.tw.doubleclick.net --> Potentially malicious!
    127.0.0.1 ad.uk.doubleclick.net --> Potentially malicious!
    127.0.0.1 ad.us.doubleclick.net --> Potentially malicious!
    127.0.0.1 ad.za.doubleclick.net --> Potentially malicious!
    127.0.0.1 ad.n2434.doubleclick.net --> Potentially malicious!
    127.0.0.1 ad-emea.doubleclick.net --> Potentially malicious!
    127.0.0.1 creatives.doubleclick.net --> Potentially malicious!
    127.0.0.1 dfp.doubleclick.net --> Potentially malicious!
    127.0.0.1 feedads.g.doubleclick.net --> Potentially malicious!
    127.0.0.1 fls.doubleclick.net --> Potentially malicious!
    127.0.0.1 fls.uk.doubleclick.net --> Potentially malicious!
    127.0.0.1 googleads.g.doubleclick.net #[pagead-dclk.l.google.com] --> Potentially malicious!
    127.0.0.1 ir.doubleclick.net --> Potentially malicious!
    127.0.0.1 iv.doubleclick.net --> Potentially malicious!
    127.0.0.1 m.doubleclick.net --> Potentially malicious!
    127.0.0.1 motifcdn.doubleclick.net --> Potentially malicious!
    127.0.0.1 motifcdn2.doubleclick.net --> Potentially malicious!
    127.0.0.1 n4052ad.doubleclick.net --> Potentially malicious!
    127.0.0.1 n4403ad.doubleclick.net --> Potentially malicious!
    127.0.0.1 n479ad.doubleclick.net --> Potentially malicious!
    127.0.0.1 paypalssl.doubleclick.net --> Potentially malicious!
    127.0.0.1 pubads.g.doubleclick.net --> Potentially malicious!
    127.0.0.1 s2.video.doubleclick.net --> Potentially malicious!
    127.0.0.1 survey.g.doubleclick.net --> Potentially malicious!
    127.0.0.1 doubleclick.ne.jp --> Potentially malicious!
    127.0.0.1 www3.doubleclick.net --> Potentially malicious!
    127.0.0.1 www.doubleclick.net --> Potentially malicious!
    127.0.0.1 doubleclick.com --> Potentially malicious!
    127.0.0.1 www2.doubleclick.com --> Potentially malicious!
    127.0.0.1 www3.doubleclick.com --> Potentially malicious!
    127.0.0.1 www.doubleclick.com --> Potentially malicious!
    127.0.0.1 ad.rs.doubleclick.net --> Potentially malicious!
    127.0.0.1 ad-apac.doubleclick.net --> Potentially malicious!
    127.0.0.1 ad.mo.doubleclick.net --> Potentially malicious!
    127.0.0.1 adclick.g.doubleclick.net --> Potentially malicious!
    127.0.0.1 gan.doubleclick.net --> Potentially malicious!
    127.0.0.1 googleads2.g.doubleclick.net --> Potentially malicious!
    127.0.0.1 n4061ad.hk.doubleclick.net --> Potentially malicious!
    127.0.0.1 securepubads.g.doubleclick.net --> Potentially malicious!
    127.0.0.1 ad.bg.doubleclick.net --> Potentially malicious!
    127.0.0.1 cm.g.doubleclick.net --> Potentially malicious!
    127.0.0.1 stats.g.doubleclick.net --> Potentially malicious!
    127.0.0.1 fls.au.doubleclick.net --> Potentially malicious!
    127.0.0.1 doubleclick.shockwave.com --> Potentially malicious!
    127.0.0.1 www3.webhostingtalk.com #[ad.3ad.doubleclick.net] --> Potentially malicious!
    127.0.0.1 ad.mirror.co.uk #[ad.3ad.doubleclick.net] --> Potentially malicious!
    127.0.0.1 c.statcounter.com --> Potentially malicious!
    127.0.0.1 c1.statcounter.com #[Tracking.Cookie] --> Potentially malicious!
    127.0.0.1 c2.statcounter.com #[WebBug] --> Potentially malicious!
    127.0.0.1 c3.statcounter.com --> Potentially malicious!
    127.0.0.1 c4.statcounter.com --> Potentially malicious!
    127.0.0.1 c5.statcounter.com --> Potentially malicious!
    127.0.0.1 c6.statcounter.com #[MVPS.Criteria] --> Potentially malicious!
    127.0.0.1 c7.statcounter.com --> Potentially malicious!
    127.0.0.1 c8.statcounter.com --> Potentially malicious!
    127.0.0.1 c10.statcounter.com --> Potentially malicious!
    127.0.0.1 c11.statcounter.com --> Potentially malicious!
    127.0.0.1 c12.statcounter.com --> Potentially malicious!
    127.0.0.1 c13.statcounter.com --> Potentially malicious!
    127.0.0.1 c14.statcounter.com --> Potentially malicious!
    127.0.0.1 c15.statcounter.com --> Potentially malicious!
    127.0.0.1 c16.statcounter.com --> Potentially malicious!
    127.0.0.1 c17.statcounter.com --> Potentially malicious!
    127.0.0.1 c18.statcounter.com --> Potentially malicious!
    127.0.0.1 c19.statcounter.com --> Potentially malicious!
    127.0.0.1 c20.statcounter.com --> Potentially malicious!
    127.0.0.1 c21.statcounter.com --> Potentially malicious!
    127.0.0.1 c22.statcounter.com --> Potentially malicious!
    127.0.0.1 c23.statcounter.com --> Potentially malicious!
    127.0.0.1 c24.statcounter.com --> Potentially malicious!
    127.0.0.1 c25.statcounter.com --> Potentially malicious!
    127.0.0.1 c26.statcounter.com --> Potentially malicious!
    127.0.0.1 c27.statcounter.com --> Potentially malicious!
    127.0.0.1 c28.statcounter.com --> Potentially malicious!
    127.0.0.1 c29.statcounter.com --> Potentially malicious!
    127.0.0.1 c30.statcounter.com --> Potentially malicious!
    127.0.0.1 c31.statcounter.com --> Potentially malicious!
    127.0.0.1 c32.statcounter.com --> Potentially malicious!
    127.0.0.1 c33.statcounter.com --> Potentially malicious!
    127.0.0.1 c34.statcounter.com --> Potentially malicious!
    127.0.0.1 c35.statcounter.com --> Potentially malicious!
    127.0.0.1 c36.statcounter.com --> Potentially malicious!
    127.0.0.1 c37.statcounter.com --> Potentially malicious!
    127.0.0.1 c38.statcounter.com --> Potentially malicious!
    127.0.0.1 c39.statcounter.com --> Potentially malicious!
    127.0.0.1 c40.statcounter.com --> Potentially malicious!
    127.0.0.1 c41.statcounter.com --> Potentially malicious!
    127.0.0.1 c42.statcounter.com --> Potentially malicious!
    127.0.0.1 c43.statcounter.com --> Potentially malicious!
    127.0.0.1 c45.statcounter.com --> Potentially malicious!
    127.0.0.1 c46.statcounter.com --> Potentially malicious!
    127.0.0.1 my.statcounter.com --> Potentially malicious!
    127.0.0.1 my8.statcounter.com --> Potentially malicious!
    127.0.0.1 s2.statcounter.com --> Potentially malicious!
    127.0.0.1 secure.statcounter.com --> Potentially malicious!
    127.0.0.1 www.statcounter.com --> Potentially malicious!
    127.0.0.1 host3.adhese.be #[ad.be.doubleclick.net] --> Potentially malicious!
    127.0.0.1 download-winmx-free.com --> Potentially malicious!
    127.0.0.1 www.download-winmx-free.com --> Potentially malicious!
    127.0.0.1 www.facebook.com.img335.tk --> Potentially malicious!
    127.0.0.1 free-winmx-downloads.com --> Potentially malicious!
    127.0.0.1 www.free-winmx-downloads.com --> Potentially malicious!
    127.0.0.1 www.google.dospop.com --> Potentially malicious!
    127.0.0.1 www.mp3winmx.com --> Potentially malicious!
    127.0.0.1 mp3winmx.com --> Potentially malicious!
    127.0.0.1 winmx.click-new-download.com --> Potentially malicious!
    127.0.0.1 www.winmx.click-new-download.com --> Potentially malicious!
    127.0.0.1 winmx-d0wnload.com --> Potentially malicious!
    127.0.0.1 www.winmx-d0wnload.com --> Potentially malicious!
    127.0.0.1 winmxfrance.com --> Potentially malicious!
    127.0.0.1 www.winmxfrance.com --> Potentially malicious!
    127.0.0.1 winmx-freebie.com --> Potentially malicious!
    127.0.0.1 www.winmx-freebie.com --> Potentially malicious!
    127.0.0.1 winmx-music-download.com --> Potentially malicious!
    127.0.0.1 www.winmx-music-download.com --> Potentially malicious!
    127.0.0.1 www.winmx-usa.com --> Potentially malicious!
    127.0.0.1 winmx-usa.com --> Potentially malicious!

    127.0.0.1 localhost
    ::1 localhost #[IPv6]
    127.0.0.1 fr.a2dfp.net
    127.0.0.1 m.fr.a2dfp.net
    127.0.0.1 ad.a8.net
    127.0.0.1 asy.a8ww.net
    127.0.0.1 abcstats.com
    127.0.0.1 a.abv.bg
    127.0.0.1 adserver.abv.bg
    127.0.0.1 adv.abv.bg
    127.0.0.1 bimg.abv.bg
    127.0.0.1 ca.abv.bg
    127.0.0.1 www2.a-counter.kiev.ua
    127.0.0.1 track.acclaimnetwork.com
    127.0.0.1 accuserveadsystem.com
    127.0.0.1 www.accuserveadsystem.com
    127.0.0.1 achmedia.com
    127.0.0.1 aconti.net
    127.0.0.1 secure.aconti.net
    127.0.0.1 www.aconti.net #[Dialer.Aconti]
    [...]


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: WDC WD6400BEVT-80A0RT0 +++++
    --- User ---
    [MBR] 222d6b2c6f0d0cf941277234fd436d0d
    [BSP] b8e681ec20f3f51e484d81d4ade624cc : Windows 7/8 MBR Code
    Partition table:
    0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 63 | Size: 22003 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 45062325 | Size: 152616 Mo
    2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 357623808 | Size: 435858 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[0]_D_06192013_080533.txt >>
    RKreport[0]_S_06192013_080427.txt
     
  7. malis2007

    malis2007 TS Rookie Topic Starter Posts: 32

    And btw.. I found another logfile other than that ^ in my desktop :D
    and here it is :


    RogueKiller V8.6.1 _x64_ [Jun 17 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : ali [Admin rights]
    Mode : Scan -- Date : 06/19/2013 08:04:27
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 13 ¤¤¤
    [SERVICE][ROGUE ST] HKLM\[...]\CCSet\[...]\Services : 77962412 (C:\Windows\system32\DRIVERS\77962412.sys [7]) -> FOUND
    [SERVICE][ROGUE ST] HKLM\[...]\CS001\[...]\Services : 77962412 (C:\Windows\system32\DRIVERS\77962412.sys [7]) -> FOUND
    [SERVICE][ROGUE ST] HKLM\[...]\CS002\[...]\Services : 77962412 (C:\Windows\system32\DRIVERS\77962412.sys [7]) -> FOUND
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> FOUND
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Scheduled tasks : 0 ¤¤¤

    ¤¤¤ Startup Entries : 0 ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ External Hives: ¤¤¤

    ¤¤¤ Infection : Mal.Hosts ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> %SystemRoot%\System32\drivers\etc\hosts

    127.0.0.1 marketing.doubleclickindustries.com --> Potentially malicious!
    127.0.0.1 anon.doubleclick.speedera.net --> Potentially malicious!
    127.0.0.1 doubleclick.net --> Potentially malicious!
    127.0.0.1 ad.doubleclick.net #[MVPS.Criteria] --> Potentially malicious!
    127.0.0.1 ad-g.doubleclick.net --> Potentially malicious!
    127.0.0.1 ad2.doubleclick.net --> Potentially malicious!
    127.0.0.1 ad.ae.doubleclick.net --> Potentially malicious!
    127.0.0.1 ad.ar.doubleclick.net --> Potentially malicious!
    127.0.0.1 ad.at.doubleclick.net --> Potentially malicious!
    127.0.0.1 ad.au.doubleclick.net --> Potentially malicious!
    127.0.0.1 ad.be.doubleclick.net --> Potentially malicious!
    127.0.0.1 ad.br.doubleclick.net --> Potentially malicious!
    127.0.0.1 ad.ca.doubleclick.net --> Potentially malicious!
    127.0.0.1 ad.ch.doubleclick.net --> Potentially malicious!
    127.0.0.1 ad.cl.doubleclick.net --> Potentially malicious!
    127.0.0.1 ad.cn.doubleclick.net --> Potentially malicious!
    127.0.0.1 ad.de.doubleclick.net #[Tracking.Cookie] --> Potentially malicious!
    127.0.0.1 ad.dk.doubleclick.net --> Potentially malicious!
    127.0.0.1 ad.es.doubleclick.net --> Potentially malicious!
    127.0.0.1 ad.fi.doubleclick.net --> Potentially malicious!
    127.0.0.1 ad.fr.doubleclick.net --> Potentially malicious!
    127.0.0.1 ad.gr.doubleclick.net --> Potentially malicious!
    127.0.0.1 ad.hk.doubleclick.net --> Potentially malicious!
    127.0.0.1 ad.hr.doubleclick.net --> Potentially malicious!
    127.0.0.1 ad.hu.doubleclick.net --> Potentially malicious!
    127.0.0.1 ad.ie.doubleclick.net --> Potentially malicious!
    127.0.0.1 ad.in.doubleclick.net --> Potentially malicious!
    127.0.0.1 ad.jp.doubleclick.net --> Potentially malicious!
    127.0.0.1 ad.kr.doubleclick.net --> Potentially malicious!
    127.0.0.1 ad.it.doubleclick.net --> Potentially malicious!
    127.0.0.1 ad.nl.doubleclick.net --> Potentially malicious!
    127.0.0.1 ad.no.doubleclick.net --> Potentially malicious!
    127.0.0.1 ad.nz.doubleclick.net --> Potentially malicious!
    127.0.0.1 ad.pl.doubleclick.net --> Potentially malicious!
    127.0.0.1 ad.pt.doubleclick.net --> Potentially malicious!
    127.0.0.1 ad.ro.doubleclick.net --> Potentially malicious!
    127.0.0.1 ad.ru.doubleclick.net --> Potentially malicious!
    127.0.0.1 ad.se.doubleclick.net --> Potentially malicious!
    127.0.0.1 ad.sg.doubleclick.net --> Potentially malicious!
    127.0.0.1 ad.si.doubleclick.net --> Potentially malicious!
    127.0.0.1 ad.terra.doubleclick.net --> Potentially malicious!
    127.0.0.1 ad.th.doubleclick.net --> Potentially malicious!
    127.0.0.1 ad.tw.doubleclick.net --> Potentially malicious!
    127.0.0.1 ad.uk.doubleclick.net --> Potentially malicious!
    127.0.0.1 ad.us.doubleclick.net --> Potentially malicious!
    127.0.0.1 ad.za.doubleclick.net --> Potentially malicious!
    127.0.0.1 ad.n2434.doubleclick.net --> Potentially malicious!
    127.0.0.1 ad-emea.doubleclick.net --> Potentially malicious!
    127.0.0.1 creatives.doubleclick.net --> Potentially malicious!
    127.0.0.1 dfp.doubleclick.net --> Potentially malicious!
    127.0.0.1 feedads.g.doubleclick.net --> Potentially malicious!
    127.0.0.1 fls.doubleclick.net --> Potentially malicious!
    127.0.0.1 fls.uk.doubleclick.net --> Potentially malicious!
    127.0.0.1 googleads.g.doubleclick.net #[pagead-dclk.l.google.com] --> Potentially malicious!
    127.0.0.1 ir.doubleclick.net --> Potentially malicious!
    127.0.0.1 iv.doubleclick.net --> Potentially malicious!
    127.0.0.1 m.doubleclick.net --> Potentially malicious!
    127.0.0.1 motifcdn.doubleclick.net --> Potentially malicious!
    127.0.0.1 motifcdn2.doubleclick.net --> Potentially malicious!
    127.0.0.1 n4052ad.doubleclick.net --> Potentially malicious!
    127.0.0.1 n4403ad.doubleclick.net --> Potentially malicious!
    127.0.0.1 n479ad.doubleclick.net --> Potentially malicious!
    127.0.0.1 paypalssl.doubleclick.net --> Potentially malicious!
    127.0.0.1 pubads.g.doubleclick.net --> Potentially malicious!
    127.0.0.1 s2.video.doubleclick.net --> Potentially malicious!
    127.0.0.1 survey.g.doubleclick.net --> Potentially malicious!
    127.0.0.1 doubleclick.ne.jp --> Potentially malicious!
    127.0.0.1 www3.doubleclick.net --> Potentially malicious!
    127.0.0.1 www.doubleclick.net --> Potentially malicious!
    127.0.0.1 doubleclick.com --> Potentially malicious!
    127.0.0.1 www2.doubleclick.com --> Potentially malicious!
    127.0.0.1 www3.doubleclick.com --> Potentially malicious!
    127.0.0.1 www.doubleclick.com --> Potentially malicious!
    127.0.0.1 ad.rs.doubleclick.net --> Potentially malicious!
    127.0.0.1 ad-apac.doubleclick.net --> Potentially malicious!
    127.0.0.1 ad.mo.doubleclick.net --> Potentially malicious!
    127.0.0.1 adclick.g.doubleclick.net --> Potentially malicious!
    127.0.0.1 gan.doubleclick.net --> Potentially malicious!
    127.0.0.1 googleads2.g.doubleclick.net --> Potentially malicious!
    127.0.0.1 n4061ad.hk.doubleclick.net --> Potentially malicious!
    127.0.0.1 securepubads.g.doubleclick.net --> Potentially malicious!
    127.0.0.1 ad.bg.doubleclick.net --> Potentially malicious!
    127.0.0.1 cm.g.doubleclick.net --> Potentially malicious!
    127.0.0.1 stats.g.doubleclick.net --> Potentially malicious!
    127.0.0.1 fls.au.doubleclick.net --> Potentially malicious!
    127.0.0.1 doubleclick.shockwave.com --> Potentially malicious!
    127.0.0.1 www3.webhostingtalk.com #[ad.3ad.doubleclick.net] --> Potentially malicious!
    127.0.0.1 ad.mirror.co.uk #[ad.3ad.doubleclick.net] --> Potentially malicious!
    127.0.0.1 c.statcounter.com --> Potentially malicious!
    127.0.0.1 c1.statcounter.com #[Tracking.Cookie] --> Potentially malicious!
    127.0.0.1 c2.statcounter.com #[WebBug] --> Potentially malicious!
    127.0.0.1 c3.statcounter.com --> Potentially malicious!
    127.0.0.1 c4.statcounter.com --> Potentially malicious!
    127.0.0.1 c5.statcounter.com --> Potentially malicious!
    127.0.0.1 c6.statcounter.com #[MVPS.Criteria] --> Potentially malicious!
    127.0.0.1 c7.statcounter.com --> Potentially malicious!
    127.0.0.1 c8.statcounter.com --> Potentially malicious!
    127.0.0.1 c10.statcounter.com --> Potentially malicious!
    127.0.0.1 c11.statcounter.com --> Potentially malicious!
    127.0.0.1 c12.statcounter.com --> Potentially malicious!
    127.0.0.1 c13.statcounter.com --> Potentially malicious!
    127.0.0.1 c14.statcounter.com --> Potentially malicious!
    127.0.0.1 c15.statcounter.com --> Potentially malicious!
    127.0.0.1 c16.statcounter.com --> Potentially malicious!
    127.0.0.1 c17.statcounter.com --> Potentially malicious!
    127.0.0.1 c18.statcounter.com --> Potentially malicious!
    127.0.0.1 c19.statcounter.com --> Potentially malicious!
    127.0.0.1 c20.statcounter.com --> Potentially malicious!
    127.0.0.1 c21.statcounter.com --> Potentially malicious!
    127.0.0.1 c22.statcounter.com --> Potentially malicious!
    127.0.0.1 c23.statcounter.com --> Potentially malicious!
    127.0.0.1 c24.statcounter.com --> Potentially malicious!
    127.0.0.1 c25.statcounter.com --> Potentially malicious!
    127.0.0.1 c26.statcounter.com --> Potentially malicious!
    127.0.0.1 c27.statcounter.com --> Potentially malicious!
    127.0.0.1 c28.statcounter.com --> Potentially malicious!
    127.0.0.1 c29.statcounter.com --> Potentially malicious!
    127.0.0.1 c30.statcounter.com --> Potentially malicious!
    127.0.0.1 c31.statcounter.com --> Potentially malicious!
    127.0.0.1 c32.statcounter.com --> Potentially malicious!
    127.0.0.1 c33.statcounter.com --> Potentially malicious!
    127.0.0.1 c34.statcounter.com --> Potentially malicious!
    127.0.0.1 c35.statcounter.com --> Potentially malicious!
    127.0.0.1 c36.statcounter.com --> Potentially malicious!
    127.0.0.1 c37.statcounter.com --> Potentially malicious!
    127.0.0.1 c38.statcounter.com --> Potentially malicious!
    127.0.0.1 c39.statcounter.com --> Potentially malicious!
    127.0.0.1 c40.statcounter.com --> Potentially malicious!
    127.0.0.1 c41.statcounter.com --> Potentially malicious!
    127.0.0.1 c42.statcounter.com --> Potentially malicious!
    127.0.0.1 c43.statcounter.com --> Potentially malicious!
    127.0.0.1 c45.statcounter.com --> Potentially malicious!
    127.0.0.1 c46.statcounter.com --> Potentially malicious!
    127.0.0.1 my.statcounter.com --> Potentially malicious!
    127.0.0.1 my8.statcounter.com --> Potentially malicious!
    127.0.0.1 s2.statcounter.com --> Potentially malicious!
    127.0.0.1 secure.statcounter.com --> Potentially malicious!
    127.0.0.1 www.statcounter.com --> Potentially malicious!
    127.0.0.1 host3.adhese.be #[ad.be.doubleclick.net] --> Potentially malicious!
    127.0.0.1 download-winmx-free.com --> Potentially malicious!
    127.0.0.1 www.download-winmx-free.com --> Potentially malicious!
    127.0.0.1 www.facebook.com.img335.tk --> Potentially malicious!
    127.0.0.1 free-winmx-downloads.com --> Potentially malicious!
    127.0.0.1 www.free-winmx-downloads.com --> Potentially malicious!
    127.0.0.1 www.google.dospop.com --> Potentially malicious!
    127.0.0.1 www.mp3winmx.com --> Potentially malicious!
    127.0.0.1 mp3winmx.com --> Potentially malicious!
    127.0.0.1 winmx.click-new-download.com --> Potentially malicious!
    127.0.0.1 www.winmx.click-new-download.com --> Potentially malicious!
    127.0.0.1 winmx-d0wnload.com --> Potentially malicious!
    127.0.0.1 www.winmx-d0wnload.com --> Potentially malicious!
    127.0.0.1 winmxfrance.com --> Potentially malicious!
    127.0.0.1 www.winmxfrance.com --> Potentially malicious!
    127.0.0.1 winmx-freebie.com --> Potentially malicious!
    127.0.0.1 www.winmx-freebie.com --> Potentially malicious!
    127.0.0.1 winmx-music-download.com --> Potentially malicious!
    127.0.0.1 www.winmx-music-download.com --> Potentially malicious!
    127.0.0.1 www.winmx-usa.com --> Potentially malicious!
    127.0.0.1 winmx-usa.com --> Potentially malicious!

    127.0.0.1 localhost
    ::1 localhost #[IPv6]
    127.0.0.1 fr.a2dfp.net
    127.0.0.1 m.fr.a2dfp.net
    127.0.0.1 ad.a8.net
    127.0.0.1 asy.a8ww.net
    127.0.0.1 abcstats.com
    127.0.0.1 a.abv.bg
    127.0.0.1 adserver.abv.bg
    127.0.0.1 adv.abv.bg
    127.0.0.1 bimg.abv.bg
    127.0.0.1 ca.abv.bg
    127.0.0.1 www2.a-counter.kiev.ua
    127.0.0.1 track.acclaimnetwork.com
    127.0.0.1 accuserveadsystem.com
    127.0.0.1 www.accuserveadsystem.com
    127.0.0.1 achmedia.com
    127.0.0.1 aconti.net
    127.0.0.1 secure.aconti.net
    127.0.0.1 www.aconti.net #[Dialer.Aconti]
    [...]


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: WDC WD6400BEVT-80A0RT0 +++++
    --- User ---
    [MBR] 222d6b2c6f0d0cf941277234fd436d0d
    [BSP] b8e681ec20f3f51e484d81d4ade624cc : Windows 7/8 MBR Code
    Partition table:
    0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 63 | Size: 22003 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 45062325 | Size: 152616 Mo
    2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 357623808 | Size: 435858 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[0]_S_06192013_080427.txt >>



    by the way.. that log file (was before the file which I posted in the previous post) in my desktop..
    and sorry I forgot to mention that I uninstalled the MSE and kept ESET :D
    please wait me till I finish the rest of the steps which you said :D
     
  8. malis2007

    malis2007 TS Rookie Topic Starter Posts: 32

    Here is the rest.. :

    ~ Malwarebytes Anti-Rootkit ~

    mbar-log-2013-06-19 (08-25-26) :
    Malwarebytes Anti-Rootkit BETA 1.06.0.1003
    www.malwarebytes.org

    Database version: v2013.06.19.01

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 10.0.9200.16618
    ali :: S34N [administrator]

    19/06/2013 08:25:26 AM
    mbar-log-2013-06-19 (08-25-26).txt

    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
    Scan options disabled: Deep Anti-Rootkit Scan | PUP
    Objects scanned: 359034
    Time elapsed: 1 hour(s), 20 minute(s), 46 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    Physical Sectors Detected: 0
    (No malicious items detected)


    (end)
     
  9. malis2007

    malis2007 TS Rookie Topic Starter Posts: 32

    ~ Malwarebytes Anti-Rootkit ~

    system-log :
    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.06.0.1003

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.1.7601 Windows 7 Service Pack 1 x64

    Account is Administrative

    Internet Explorer version: 10.0.9200.16618

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
    CPU speed: 1.729000 GHz
    Memory total: 6363312128, free: 4000727040

    Downloaded database version: v2013.06.19.01
    Downloaded database version: v2013.05.22.01
    Initializing...
    ------------ Kernel report ------------
    06/19/2013 08:25:14
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kdcom.dll
    \SystemRoot\system32\mcupdate_GenuineIntel.dll
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\CLFS.SYS
    \SystemRoot\system32\CI.dll
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\system32\drivers\ACPI.sys
    \SystemRoot\system32\drivers\WMILIB.SYS
    \SystemRoot\system32\drivers\msisadrv.sys
    \SystemRoot\system32\drivers\pci.sys
    \SystemRoot\system32\drivers\vdrvroot.sys
    \SystemRoot\system32\DRIVERS\77962412.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\system32\DRIVERS\compbatt.sys
    \SystemRoot\system32\DRIVERS\BATTC.SYS
    \SystemRoot\system32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\system32\drivers\pciide.sys
    \SystemRoot\system32\drivers\PCIIDEX.SYS
    \SystemRoot\system32\DRIVERS\vmci.sys
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\system32\drivers\vsock.sys
    \SystemRoot\system32\DRIVERS\iaStor.sys
    \SystemRoot\system32\drivers\atapi.sys
    \SystemRoot\system32\drivers\ataport.SYS
    \SystemRoot\system32\drivers\msahci.sys
    \SystemRoot\system32\drivers\amdxata.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\system32\drivers\fileinfo.sys
    \SystemRoot\System32\Drivers\AsDsm.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\msrpc.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\DRIVERS\epfwwfp.sys
    \SystemRoot\system32\drivers\volsnap.sys
    \SystemRoot\System32\Drivers\spldr.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\system32\DRIVERS\nvpciflt.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\hwpolicy.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\system32\DRIVERS\disk.sys
    \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    \SystemRoot\system32\DRIVERS\cdrom.sys
    \SystemRoot\system32\DRIVERS\eamonm.sys
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\system32\DRIVERS\ehdrv.sys
    C:\Program Files\ESET\ESET Smart Security\em006_64.dat
    C:\Program Files\ESET\ESET Smart Security\em018_64.dat
    \SystemRoot\System32\drivers\vga.sys
    \SystemRoot\System32\drivers\VIDEOPRT.SYS
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\System32\DRIVERS\RDPCDD.sys
    \SystemRoot\system32\drivers\rdpencdd.sys
    \SystemRoot\system32\drivers\rdprefmp.sys
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\system32\drivers\ws2ifsl.sys
    \SystemRoot\system32\DRIVERS\wfplwf.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\vwififlt.sys
    \SystemRoot\system32\DRIVERS\EpfwLWF.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\drivers\termdd.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\system32\drivers\mssmbios.sys
    \SystemRoot\System32\drivers\discache.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\DRIVERS\blbdrive.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    \SystemRoot\System32\Drivers\nvBridge.kmd
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\dxgmms1.sys
    \SystemRoot\system32\drivers\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\HECIx64.sys
    \SystemRoot\system32\drivers\usbehci.sys
    \SystemRoot\system32\drivers\USBPORT.SYS
    \SystemRoot\system32\DRIVERS\athrx.sys
    \SystemRoot\system32\DRIVERS\vwifibus.sys
    \SystemRoot\system32\DRIVERS\FLxHCIc.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\system32\DRIVERS\i8042prt.sys
    \SystemRoot\system32\DRIVERS\ETD.sys
    \SystemRoot\system32\DRIVERS\mouclass.sys
    \SystemRoot\system32\DRIVERS\kbfiltr.sys
    \SystemRoot\system32\DRIVERS\kbdclass.sys
    \SystemRoot\system32\DRIVERS\CmBatt.sys
    \SystemRoot\system32\DRIVERS\intelppm.sys
    \SystemRoot\system32\DRIVERS\ATK64AMD.sys
    \SystemRoot\system32\drivers\CompositeBus.sys
    \SystemRoot\system32\DRIVERS\AgileVpn.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\drivers\swenum.sys
    \SystemRoot\system32\drivers\ks.sys
    \SystemRoot\system32\drivers\umbus.sys
    \SystemRoot\system32\DRIVERS\vmnetadapter.sys
    \SystemRoot\system32\DRIVERS\VMNET.SYS
    \SystemRoot\system32\DRIVERS\usbhub.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\system32\drivers\nvhda64v.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\drivers\ksthunk.sys
    \SystemRoot\system32\drivers\RTKVHD64.sys
    \SystemRoot\system32\DRIVERS\FLxHCIh.sys
    \SystemRoot\system32\DRIVERS\usbccgp.sys
    \SystemRoot\system32\DRIVERS\snp2uvc.sys
    \SystemRoot\system32\DRIVERS\STREAM.SYS
    \SystemRoot\system32\DRIVERS\sncduvc.SYS
    \SystemRoot\system32\drivers\btusbflt.sys
    \SystemRoot\System32\Drivers\BTHUSB.sys
    \SystemRoot\System32\Drivers\bthport.sys
    \SystemRoot\system32\DRIVERS\hidusb.sys
    \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    \SystemRoot\system32\DRIVERS\mouhid.sys
    \SystemRoot\system32\DRIVERS\kbdhid.sys
    \SystemRoot\system32\drivers\BthEnum.sys
    \SystemRoot\system32\DRIVERS\btwavdt.sys
    \SystemRoot\system32\DRIVERS\btwl2cap.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\Dxapi.sys
    \SystemRoot\system32\DRIVERS\monitor.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\cdd.dll
    \SystemRoot\system32\drivers\luafv.sys
    \??\C:\Windows\system32\drivers\mbam.sys
    \SystemRoot\system32\DRIVERS\epfw.sys
    C:\Program Files\ESET\ESET Smart Security\em008_64.dat
    \SystemRoot\system32\DRIVERS\vmnetbridge.sys
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\nwifi.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\pnarp.sys
    \SystemRoot\system32\DRIVERS\purendis.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\system32\DRIVERS\TurboB.sys
    \??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \??\C:\Windows\system32\drivers\hcmon.sys
    \??\C:\Windows\system32\drivers\vmx86.sys
    \SystemRoot\system32\DRIVERS\idmwfp.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\System32\drivers\tcpipreg.sys
    \??\C:\Windows\system32\drivers\vmnetuserif.sys
    \SystemRoot\SysWOW64\drivers\vstor2-mntapi10-shared.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \SystemRoot\System32\Drivers\fastfat.SYS
    \SystemRoot\System32\ATMFD.DLL
    \??\C:\Windows\system32\drivers\mbamchameleon.sys
    \??\C:\Windows\system32\drivers\mbamswissarmy.sys
    \Windows\System32\ntdll.dll
    \Windows\System32\smss.exe
    \Windows\System32\apisetschema.dll
    \Windows\System32\autochk.exe
    ----------- End -----------
    Done!
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xfffffa800671a060
    Upper Device Driver Name: \Driver\Disk\
    Lower Device Name: \Device\Ide\IAAStorageDevice-1\
    Lower Device Object: 0xfffffa80063c9050
    Lower Device Driver Name: \Driver\iaStor\
    <<<2>>>
    Device number: 0, partition: 2
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xfffffa800671a060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa800671ab90, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa800671a060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    DevicePointer: 0xfffffa80063c1710, DeviceName: Unknown, DriverName: \Driver\ACPI\
    DevicePointer: 0xfffffa80063c9050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    Device number: 0, partition: 2
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning drivers directory: C:\Windows\system32\drivers...
    <<<2>>>
    Device number: 0, partition: 2
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Done!
    Drive 0
    Scanning MBR on drive 0...
    Inspecting partition table:
    MBR Signature: 55AA
    Disk Signature: E0C5913D

    Partition information:

    Partition 0 type is Other (0x1c)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63 Numsec = 45062262

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 45062325 Numsec = 312559569
    Partition file system is NTFS
    Partition is bootable

    Partition 2 type is Extended with LBA (0xf)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 357623808 Numsec = 892637184

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Disk Size: 640135028736 bytes
    Sector size: 512 bytes

    Scanning physical sectors of unpartitioned space on drive 0 (1-62-1250243728-1250263728)...
    Done!
    Scan finished
    =======================================


    Removal queue found; removal started
    Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
    Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_1_45062325_i.mbam...
    Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
    Removal finished
     
  10. malis2007

    malis2007 TS Rookie Topic Starter Posts: 32

    And I did the scan only once.. because it said that my pc is clean.. :/
     
  11. Broni

    Broni Malware Annihilator Posts: 46,865   +254

    [​IMG] Create new restore point before proceeding with the next step....
    How to:
    - Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
    - Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
    - Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
    - XP: http://support.microsoft.com/kb/948247

    [​IMG] Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
     
  12. malis2007

    malis2007 TS Rookie Topic Starter Posts: 32

    The ComboFix "log.txt" :

    ComboFix 13-06-18.02 - ali 06/20/2013 7:57.1.8 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1256.20.1033.18.6069.4324 [GMT 2:00]
    Running from: c:\users\ali\Desktop\ComboFix.exe
    AV: ESET Smart Security 6.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
    FW: ESET Personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
    SP: ESET Smart Security 6.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\prefs.js
    c:\program files (x86)\Common Files\Net4Switch.ico
    c:\programdata\1346171032.bdinstall.bin
    c:\programdata\1346171366.bdinstall.bin
    c:\programdata\1346172620.bdinstall.bin
    c:\programdata\1346285248.bdinstall.bin
    c:\programdata\Safe
    c:\programdata\Safe\zsinfo.dat
    C:\RunDLL32.exe
    c:\users\ali\AppData\Local\assembly\tmp
    c:\windows\AsPatch10430001.exe
    c:\windows\Debug\dcpromo.log
    c:\windows\msvcr71.dll
    c:\windows\SysWow64\d2d1debug1.dll
    c:\windows\SysWow64\frapsvid.dll
    c:\windows\SysWow64\wsodpdfcsini.dll
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-05-20 to 2013-06-20 )))))))))))))))))))))))))))))))
    .
    .
    2019-10-09 08:40 . 2019-10-09 08:40--------d-----w-c:\users\ali\AppData\Roaming\Crypto Obfuscator For .Net v2012 R2
    2013-06-20 06:26 . 2013-06-20 06:29--------d-----w-c:\users\ali\AppData\Local\temp
    2013-06-20 06:26 . 2013-06-20 06:26--------d-----w-c:\users\DefaultAppPool\AppData\Local\temp
    2013-06-20 06:26 . 2013-06-20 06:26--------d-----w-c:\users\Default\AppData\Local\temp
    2013-06-20 06:26 . 2013-06-20 06:26--------d-----w-c:\users\Administrator\AppData\Local\temp
    2013-06-20 02:25 . 2013-06-20 02:25--------d-----w-c:\users\ali\AppData\Roaming\vlc
    2013-06-20 02:19 . 2012-08-21 11:0133240----a-w-c:\windows\system32\drivers\GEARAspiWDM.sys
    2013-06-20 02:19 . 2013-06-20 02:19--------d-----w-c:\program files\iPod
    2013-06-20 02:19 . 2013-06-20 02:19--------d-----w-c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
    2013-06-20 02:19 . 2013-06-20 02:19--------d-----w-c:\program files\iTunes
    2013-06-20 02:19 . 2013-06-20 02:19--------d-----w-c:\program files (x86)\iTunes
    2013-06-20 02:07 . 2013-06-20 02:07159744----a-w-c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
    2013-06-20 02:07 . 2013-06-20 02:07159744----a-w-c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
    2013-06-20 02:07 . 2013-06-20 02:07159744----a-w-c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
    2013-06-20 02:07 . 2013-06-20 02:07159744----a-w-c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
    2013-06-20 02:07 . 2013-06-20 02:07159744----a-w-c:\program files\Internet Explorer\Plugins\npqtplugin.dll
    2013-06-20 02:06 . 2013-06-20 02:07--------d-----w-c:\program files (x86)\QuickTime
    2013-06-20 01:38 . 2012-08-21 11:01106928----a-w-c:\windows\SysWow64\GEARAspi.dll
    2013-06-20 01:38 . 2012-08-21 11:01125872----a-w-c:\windows\system32\GEARAspi64.dll
    2013-06-19 05:37 . 2013-06-19 05:37--------d-----w-c:\windows\en
    2013-06-19 05:25 . 2013-02-05 20:0657840----a-w-c:\windows\system32\drivers\fssfltr.sys
    2013-06-19 05:24 . 2013-06-19 05:25--------d-----w-c:\program files\Windows Live
    2013-06-19 05:20 . 2013-06-19 05:205659096-c--a-w-c:\program files (x86)\Common Files\Windows Live\.cache\bf83f4131ce6cac09\skydrivesetup.exe
    2013-06-19 05:19 . 2013-06-19 05:1994040-c--a-w-c:\program files (x86)\Common Files\Windows Live\.cache\874194501ce6cac07\DSETUP.dll
    2013-06-19 05:19 . 2013-06-19 05:19525656-c--a-w-c:\program files (x86)\Common Files\Windows Live\.cache\874194501ce6cac07\DXSETUP.exe
    2013-06-19 05:19 . 2013-06-19 05:191691480-c--a-w-c:\program files (x86)\Common Files\Windows Live\.cache\874194501ce6cac07\dsetup32.dll
    2013-06-19 05:18 . 2013-06-19 05:1889944-c--a-w-c:\program files (x86)\Common Files\Windows Live\.cache\77d153b21ce6cac05\DSETUP.dll
    2013-06-19 05:18 . 2013-06-19 05:18537432-c--a-w-c:\program files (x86)\Common Files\Windows Live\.cache\77d153b21ce6cac05\DXSETUP.exe
    2013-06-19 05:18 . 2013-06-19 05:181801048-c--a-w-c:\program files (x86)\Common Files\Windows Live\.cache\77d153b21ce6cac05\dsetup32.dll
    2013-06-19 05:17 . 2013-06-19 05:1789944-c--a-w-c:\program files (x86)\Common Files\Windows Live\.cache\3d445f181ce6cac01\DSETUP.dll
    2013-06-19 05:17 . 2013-06-19 05:17537432-c--a-w-c:\program files (x86)\Common Files\Windows Live\.cache\3d445f181ce6cac01\DXSETUP.exe
    2013-06-19 05:17 . 2013-06-19 05:171801048-c--a-w-c:\program files (x86)\Common Files\Windows Live\.cache\3d445f181ce6cac01\dsetup32.dll
    2013-06-19 04:45 . 2013-06-19 04:45--------d-----w-c:\program files\Types
    2013-06-19 00:45 . 2012-07-06 10:3067224----a-w-c:\windows\system32\vsocklib.dll
    2013-06-19 00:45 . 2012-07-06 10:2963128----a-w-c:\windows\SysWow64\vsocklib.dll
    2013-06-19 00:45 . 2012-07-06 10:2970256----a-w-c:\windows\system32\drivers\vsock.sys
    2013-06-19 00:45 . 2012-08-15 13:1867224----a-w-c:\windows\system32\drivers\vmx86.sys
    2013-06-19 00:44 . 2012-08-15 13:18357016----a-w-c:\windows\SysWow64\vmnetdhcp.exe
    2013-06-19 00:44 . 2012-08-15 13:1830360----a-w-c:\windows\system32\drivers\vmnetuserif.sys
    2013-06-19 00:44 . 2012-08-15 13:17435864----a-w-c:\windows\SysWow64\vmnat.exe
    2013-06-19 00:44 . 2012-08-15 13:18933528----a-w-c:\windows\system32\vnetlib64.dll
    2013-06-19 00:43 . 2012-08-01 15:1052376----a-w-c:\windows\system32\drivers\hcmon.sys
    2013-06-19 00:43 . 2013-06-19 00:43--------d-----w-c:\program files\Common Files\VMware
    2013-06-19 00:40 . 2013-06-19 00:40--------d-----w-c:\program files (x86)\Common Files\VMware
    2013-06-18 14:06 . 2013-06-18 14:33--------d-----w-c:\program files (x86)\FileZilla Server
    2013-06-18 08:13 . 2013-06-18 08:14--------d-----w-c:\program files\Red Gate
    2013-06-16 01:02 . 2013-06-16 01:02--------d-----w-c:\users\ali\AppData\Local\VSIXInstaller
    2013-06-13 12:48 . 2013-06-08 12:282706432----a-w-c:\windows\system32\mshtml.tlb
    2013-06-13 12:48 . 2013-06-08 11:132706432----a-w-c:\windows\SysWow64\mshtml.tlb
    2013-06-13 12:48 . 2013-06-08 14:08279040----a-w-c:\program files\Internet Explorer\sqmapi.dll
    2013-06-13 12:48 . 2013-06-08 11:41218112----a-w-c:\program files (x86)\Internet Explorer\sqmapi.dll
    2013-06-13 12:48 . 2013-06-08 14:081365504----a-w-c:\windows\system32\urlmon.dll
    2013-06-13 12:48 . 2013-06-08 14:062648064----a-w-c:\windows\system32\iertutil.dll
    2013-06-13 12:48 . 2013-06-08 14:06526336----a-w-c:\windows\system32\ieui.dll
    2013-06-13 12:47 . 2013-06-08 14:0615404544----a-w-c:\windows\system32\ieframe.dll
    2013-06-13 12:47 . 2013-06-08 14:0719233792----a-w-c:\windows\system32\mshtml.dll
    2013-06-13 00:09 . 2013-05-08 06:391910632----a-w-c:\windows\system32\drivers\tcpip.sys
    2013-06-13 00:04 . 2013-04-26 05:51751104----a-w-c:\windows\system32\win32spl.dll
    2013-06-13 00:04 . 2013-04-26 04:55492544----a-w-c:\windows\SysWow64\win32spl.dll
    2013-06-12 23:53 . 2013-04-25 23:301505280----a-w-c:\windows\SysWow64\d3d11.dll
    2013-06-12 23:53 . 2013-03-31 22:521887232----a-w-c:\windows\system32\d3d11.dll
    2013-06-11 16:44 . 2013-06-11 16:44--------d-----w-c:\program files (x86)\Common Files\PCSuite
    2013-06-11 16:43 . 2013-06-11 16:43--------d-----w-c:\program files (x86)\Common Files\Nokia
    2013-06-11 16:43 . 2008-08-28 09:4425600----a-w-c:\windows\system32\drivers\pccsmcfdx64.sys
    2013-06-11 16:42 . 2013-06-11 16:42--------d-----w-c:\program files (x86)\PC Connectivity Solution
    2013-06-11 16:40 . 2013-06-11 16:43--------d-----w-c:\program files (x86)\Nokia
    2013-06-11 14:30 . 2013-06-19 07:50--------d-----w-c:\programdata\Malwarebytes' Anti-Malware (portable)
    2013-06-10 19:10 . 2013-06-10 19:10--------d-----w-c:\users\ali\AppData\Local\Brice_Lambson
    2013-06-10 19:08 . 2013-06-10 19:08--------d-----w-c:\program files\Image Resizer for Windows
    2013-06-10 19:08 . 2013-06-10 19:08--------d-----w-c:\program files (x86)\Image Resizer for Windows
    2013-06-10 17:47 . 2004-08-03 22:56438272----a-w-C:\shimgvw.dll
    2013-06-07 21:15 . 2013-06-07 21:15--------d-----w-C:\RegBackup
    2013-06-07 20:57 . 2013-06-07 20:58--------d-----w-c:\program files (x86)\Malwarebytes' Anti-Malware
    2013-06-07 20:57 . 2013-04-04 12:5025928----a-w-c:\windows\system32\drivers\mbam.sys
    2013-06-07 19:11 . 2013-06-07 19:11--------d-----w-c:\program files (x86)\Common Files\Java
    2013-06-07 19:11 . 2013-06-07 19:1095648----a-w-c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2013-06-07 19:10 . 2013-06-07 19:10--------d-----w-c:\program files (x86)\Java
    2013-06-07 18:55 . 2013-06-07 18:55--------d-----w-c:\program files (x86)\MeteorEntertainment
    2013-06-06 02:55 . 2013-06-06 02:55--------d-----w-c:\users\Default\AppData\Local\Microsoft Help
    2013-06-06 00:33 . 2013-06-06 02:54--------d-----w-c:\program files (x86)\Microsoft Works
    2013-06-06 00:31 . 2013-06-06 00:31--------d-----w-c:\program files\Microsoft Office
    2013-06-06 00:30 . 2013-06-06 00:30--------d-----r-C:\MSOCache
    2013-06-05 11:49 . 2013-06-05 11:49--------d-----w-c:\users\ali\AppData\Roaming\NuGet
    2013-06-03 13:52 . 2013-06-03 13:52--------d-----w-c:\program files (x86)\Common Files\Skype
    2013-06-03 11:39 . 2013-06-03 11:39--------d-----w-c:\program files (x86)\Microsoft Web Tools
    2013-06-02 18:24 . 2013-06-02 18:24--------d-----w-c:\program files\Microsoft Synchronization Services
    2013-06-02 18:24 . 2013-06-02 18:24--------d-----w-c:\program files (x86)\Microsoft Synchronization Services
    2013-06-02 18:22 . 2013-06-02 18:22--------d-----w-c:\program files\Microsoft Visual Studio 10.0
    2013-05-31 19:30 . 2013-05-31 19:30--------d-----w-c:\users\ali\AppData\Roaming\Microsoft FxCop
    2013-05-30 19:34 . 2013-05-30 19:34--------d-----w-c:\programdata\Microsoft Visual Studio
    2013-05-30 11:34 . 2013-05-30 11:34--------d-----w-c:\program files (x86)\Windows Sidebar
    2013-05-30 11:23 . 2013-06-12 21:14181064----a-w-c:\windows\PSEXESVC.EXE
    2013-05-29 13:28 . 2013-06-02 18:24--------d-----w-c:\program files\Microsoft SQL Server Compact Edition
    2013-05-29 13:16 . 2013-05-29 13:16--------d-----w-c:\program files\Application Verifier
    2013-05-29 13:16 . 2013-05-29 13:16--------d-----w-c:\program files (x86)\Application Verifier
    2013-05-29 13:14 . 2013-06-03 12:34--------d-----w-c:\programdata\Windows App Certification Kit
    2013-05-29 13:00 . 2013-05-29 13:00--------d-----w-c:\program files (x86)\Common Files\Microsoft
    2013-05-29 12:31 . 2013-05-29 12:36--------d-----w-c:\program files (x86)\Microsoft ASP.NET
    2013-05-29 12:28 . 2013-05-29 12:28--------d-----w-c:\program files\Microsoft
    2013-05-29 12:28 . 2013-05-29 12:28--------d-----w-c:\program files\IIS Express
    2013-05-29 12:28 . 2013-05-29 12:28--------d-----w-c:\program files (x86)\IIS Express
    2013-05-29 12:26 . 2013-05-29 12:26--------d-----w-c:\program files (x86)\NuGet
    2013-05-29 12:20 . 2013-05-29 12:20--------d-----w-c:\program files (x86)\Microsoft WCF Data Services
    2013-05-29 12:20 . 2013-05-29 12:20--------d-----w-c:\program files\IIS
    2013-05-29 12:20 . 2013-05-29 12:20--------d-----w-c:\program files (x86)\IIS
    2013-05-29 12:02 . 2013-05-29 12:02--------d-----w-c:\program files (x86)\Windows Kits
    2013-05-29 11:24 . 2013-05-29 11:24--------d-----w-c:\program files (x86)\HTML Help Workshop
    2013-05-29 11:23 . 2013-05-29 11:23--------d-----w-c:\program files (x86)\Microsoft Help Viewer
    2013-05-29 11:06 . 2013-05-29 11:35--------d-----w-c:\windows\SysWow64\1033
    2013-05-29 10:31 . 2013-06-03 13:26--------d-----w-c:\program files (x86)\Common Files\Merge Modules
    2013-05-29 10:27 . 2013-05-29 10:27--------d-----w-c:\users\ali\AppData\Roaming\ImTOO
    2013-05-29 10:26 . 2013-05-29 10:26--------d-----w-c:\programdata\ImTOO
    2013-05-29 10:26 . 2013-05-29 10:26--------d-----w-c:\program files (x86)\ImTOO
    2013-05-29 10:23 . 2013-05-29 13:46--------d-----w-c:\program files (x86)\Microsoft Visual Studio 11.0
    2013-05-29 10:23 . 2013-05-29 11:06--------d-----w-c:\windows\system32\1033
    2013-05-29 10:23 . 2013-05-29 10:23--------d-----w-c:\windows\symbols
    2013-05-29 10:23 . 2013-06-03 13:28--------d-----w-c:\program files (x86)\Microsoft SDKs
    2013-05-29 10:23 . 2013-05-29 10:23--------d-----w-c:\program files\Microsoft Visual Studio 11.0
    2013-05-29 10:05 . 2013-06-10 19:07--------d-----w-c:\programdata\Package Cache
    2013-05-29 10:05 . 2013-05-29 10:05--------d-----w-c:\programdata\regid.1991-06.com.microsoft
    2013-05-26 13:12 . 2013-05-26 13:12--------d-----w-C:\Evolution Games
    2013-05-26 12:39 . 2013-06-19 05:11--------d-----w-c:\program files (x86)\Absolute Uninstaller
    2013-05-26 12:39 . 2013-06-19 05:09--------d-----w-c:\users\ali\AppData\Roaming\GlarySoft
    2013-05-26 10:52 . 2013-05-26 10:52--------d-----w-c:\users\UpdatusUser
    2013-05-26 00:14 . 2013-05-26 00:14--------d-----w-c:\windows\CheckSur
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-06-13 01:03 . 2011-02-04 17:0575825640----a-w-c:\windows\system32\MRT.exe
    2013-06-07 19:10 . 2013-03-01 08:35866720----a-w-c:\windows\SysWow64\npDeployJava1.dll
    2013-06-07 19:10 . 2012-03-14 18:52788896----a-w-c:\windows\SysWow64\deployJava1.dll
    2013-05-14 10:54 . 2013-05-14 10:54421888----a-w-c:\windows\SysWow64\RealMediaSplitter.ax
    2013-05-02 00:06 . 2011-02-04 15:49278800------w-c:\windows\system32\MpSigStub.exe
    2013-05-01 01:59 . 2013-05-01 01:5994208----a-w-c:\windows\SysWow64\QuickTimeVR.qtx
    2013-05-01 01:59 . 2013-05-01 01:5969632----a-w-c:\windows\SysWow64\QuickTime.qts
    2013-04-13 05:49 . 2013-05-25 23:25135168----a-w-c:\windows\apppatch\AppPatch64\AcXtrnal.dll
    2013-04-13 05:49 . 2013-05-25 23:25350208----a-w-c:\windows\apppatch\AppPatch64\AcLayers.dll
    2013-04-13 05:49 . 2013-05-25 23:25308736----a-w-c:\windows\apppatch\AppPatch64\AcGenral.dll
    2013-04-13 05:49 . 2013-05-25 23:25111104----a-w-c:\windows\apppatch\AppPatch64\acspecfc.dll
    2013-04-13 04:45 . 2013-05-25 23:25474624----a-w-c:\windows\apppatch\AcSpecfc.dll
    2013-04-13 04:45 . 2013-05-25 23:252176512----a-w-c:\windows\apppatch\AcGenral.dll
    2013-04-08 11:32 . 2013-04-08 11:3225256224----a-w-c:\windows\system32\nvcompiler.dll
    2013-04-08 11:32 . 2013-04-08 11:327935352----a-w-c:\windows\SysWow64\nvcuda.dll
    2013-04-08 11:32 . 2013-04-08 11:322722592----a-w-c:\windows\SysWow64\nvcuvid.dll
    2013-04-08 11:32 . 2013-04-08 11:321988384----a-w-c:\windows\SysWow64\nvcuvenc.dll
    2013-04-08 11:32 . 2013-04-08 11:3218061328----a-w-c:\windows\system32\nvd3dumx.dll
    2013-04-08 11:32 . 2013-04-08 11:3211077920----a-w-c:\windows\system32\drivers\nvlddmkm.sys
    2013-04-08 11:32 . 2010-08-16 13:492833232----a-w-c:\windows\system32\nvapi64.dll
    2013-04-08 11:32 . 2010-08-16 13:4915054288----a-w-c:\windows\system32\nvwgf2umx.dll
    2013-04-08 11:32 . 2013-04-08 11:3220458784----a-w-c:\windows\SysWow64\nvoglv32.dll
    2013-04-08 11:32 . 2013-04-08 11:3226938656----a-w-c:\windows\system32\nvoglv64.dll
    2013-04-08 11:32 . 2013-04-08 11:326264680----a-w-c:\windows\SysWow64\nvopencl.dll
    2013-04-08 11:32 . 2013-04-08 11:3212642504----a-w-c:\windows\SysWow64\nvwgf2um.dll
    2013-04-08 11:32 . 2013-04-08 11:329393344----a-w-c:\windows\system32\nvcuda.dll
    2013-04-08 11:32 . 2010-08-16 13:4915135104----a-w-c:\windows\SysWow64\nvd3dum.dll
    2013-04-08 11:32 . 2013-04-08 11:327567136----a-w-c:\windows\system32\nvopencl.dll
    2013-04-08 11:32 . 2013-04-08 11:321510176----a-w-c:\windows\system32\nvdispgenco64.dll
    2013-04-08 11:32 . 2013-04-08 11:322512336----a-w-c:\windows\SysWow64\nvapi.dll
    2013-04-08 11:32 . 2013-04-08 11:321814304----a-w-c:\windows\system32\nvdispco64.dll
    2013-04-08 11:32 . 2013-04-08 11:3217560352----a-w-c:\windows\SysWow64\nvcompiler.dll
    2013-04-08 11:32 . 2013-04-08 11:322906912----a-w-c:\windows\system32\nvcuvid.dll
    2013-04-08 11:32 . 2013-04-08 11:322347296----a-w-c:\windows\system32\nvcuvenc.dll
    2013-04-05 00:00 . 2013-04-05 00:00185344----a-w-c:\windows\SysWow64\elshyph.dll
    2013-04-05 00:00 . 2013-04-05 00:001054720----a-w-c:\windows\system32\MsSpellCheckingFacility.exe
    2013-04-05 00:00 . 2013-04-05 00:00226304----a-w-c:\windows\system32\elshyph.dll
    2013-04-05 00:00 . 2013-04-05 00:00158720----a-w-c:\windows\SysWow64\msls31.dll
    2013-04-05 00:00 . 2013-04-05 00:00719360----a-w-c:\windows\SysWow64\mshtmlmedia.dll
    2013-04-05 00:00 . 2013-04-05 00:00150528----a-w-c:\windows\SysWow64\iexpress.exe
    2013-04-05 00:00 . 2013-04-05 00:00138752----a-w-c:\windows\SysWow64\wextract.exe
    2013-04-04 23:59 . 2013-04-04 23:59523264----a-w-c:\windows\SysWow64\vbscript.dll
    2013-04-04 23:59 . 2013-04-04 23:5938400----a-w-c:\windows\SysWow64\imgutil.dll
    2013-04-04 23:59 . 2013-04-04 23:59137216----a-w-c:\windows\SysWow64\ieUnatt.exe
    2013-04-04 23:59 . 2013-04-04 23:5912800----a-w-c:\windows\SysWow64\mshta.exe
    2013-04-04 23:59 . 2013-04-04 23:5973728----a-w-c:\windows\SysWow64\SetIEInstalledDate.exe
    2013-04-04 23:59 . 2013-04-04 23:5948640----a-w-c:\windows\SysWow64\mshtmler.dll
    2013-04-04 23:59 . 2013-04-04 23:59110592----a-w-c:\windows\SysWow64\IEAdvpack.dll
    2013-04-04 23:59 . 2013-04-04 23:5961952----a-w-c:\windows\SysWow64\tdc.ocx
    2013-04-04 23:59 . 2013-04-04 23:59361984----a-w-c:\windows\SysWow64\html.iec
    2013-04-04 23:59 . 2013-04-04 23:591441280----a-w-c:\windows\SysWow64\inetcpl.cpl
    2013-04-04 23:59 . 2013-04-04 23:5923040----a-w-c:\windows\SysWow64\licmgr10.dll
    2013-04-04 23:59 . 2013-04-04 23:59441856----a-w-c:\windows\system32\html.iec
    2013-04-04 23:59 . 2013-04-04 23:59216064----a-w-c:\windows\system32\msls31.dll
    2013-04-04 23:59 . 2013-04-04 23:59197120----a-w-c:\windows\system32\msrating.dll
    2013-04-04 23:59 . 2013-04-04 23:59905728----a-w-c:\windows\system32\mshtmlmedia.dll
    2013-04-04 23:59 . 2013-04-04 23:5981408----a-w-c:\windows\system32\icardie.dll
    2013-04-04 23:59 . 2013-04-04 23:59762368----a-w-c:\windows\system32\ieapfltr.dll
    2013-04-04 23:59 . 2013-04-04 23:59452096----a-w-c:\windows\system32\dxtmsft.dll
    2013-04-04 23:59 . 2013-04-04 23:59281600----a-w-c:\windows\system32\dxtrans.dll
    2013-04-04 23:59 . 2013-04-04 23:5927648----a-w-c:\windows\system32\licmgr10.dll
    2013-04-04 23:59 . 2013-04-04 23:59270848----a-w-c:\windows\system32\iedkcs32.dll
    2013-04-04 23:59 . 2013-04-04 23:59247296----a-w-c:\windows\system32\webcheck.dll
    2013-04-04 23:59 . 2013-04-04 23:59235008----a-w-c:\windows\system32\url.dll
    2013-04-04 23:59 . 2013-04-04 23:591509376----a-w-c:\windows\system32\inetcpl.cpl
    2013-04-04 23:59 . 2013-04-04 23:591400416----a-w-c:\windows\system32\ieapfltr.dat
    2013-04-04 23:59 . 2013-04-04 23:5997280----a-w-c:\windows\system32\mshtmled.dll
    2013-04-04 23:59 . 2013-04-04 23:59599552----a-w-c:\windows\system32\vbscript.dll
    2013-04-04 23:59 . 2013-04-04 23:59167424----a-w-c:\windows\system32\iexpress.exe
    2013-04-04 23:59 . 2013-04-04 23:59144896----a-w-c:\windows\system32\wextract.exe
    2013-04-04 23:59 . 2013-04-04 23:59102912----a-w-c:\windows\system32\inseng.dll
    2013-04-04 23:59 . 2013-04-04 23:5962976----a-w-c:\windows\system32\pngfilt.dll
    2013-04-04 23:59 . 2013-04-04 23:59173568----a-w-c:\windows\system32\ieUnatt.exe
    2013-04-04 23:59 . 2013-04-04 23:59149504----a-w-c:\windows\system32\occache.dll
    2013-04-04 23:59 . 2013-04-04 23:5952224----a-w-c:\windows\system32\msfeedsbs.dll
    2013-04-04 23:59 . 2013-04-04 23:5951200----a-w-c:\windows\system32\imgutil.dll
    2013-04-04 23:59 . 2013-04-04 23:5913824----a-w-c:\windows\system32\mshta.exe
    2013-04-04 23:59 . 2013-04-04 23:59136192----a-w-c:\windows\system32\iepeers.dll
    2013-04-04 23:59 . 2013-04-04 23:5912800----a-w-c:\windows\system32\msfeedssync.exe
    2013-04-04 23:59 . 2013-04-04 23:5992160----a-w-c:\windows\system32\SetIEInstalledDate.exe
    2013-04-04 23:59 . 2013-04-04 23:5948640----a-w-c:\windows\system32\mshtmler.dll
    2013-04-04 23:59 . 2013-04-04 23:59135680----a-w-c:\windows\system32\IEAdvpack.dll
    2013-04-04 23:59 . 2013-04-04 23:5977312----a-w-c:\windows\system32\tdc.ocx
    2013-03-25 12:34 . 2013-03-25 12:3221404927----a-w-c:\windows\REGBK00.ZIP
    2013-03-25 12:28 . 2013-03-25 12:28350160----a-w-c:\windows\system32\drivers\trufos.sys
    2013-03-25 12:27 . 2013-03-25 12:27632064----a-w-c:\windows\SysWow64\msvcr80.dll
    2013-03-25 12:27 . 2013-03-25 12:27554240----a-w-c:\windows\SysWow64\msvcp80.dll
    2013-03-25 12:27 . 2013-03-25 12:27572928----a-w-c:\windows\SysWow64\msvcp90.dll
    2013-03-25 12:27 . 2013-03-25 12:27655872----a-w-c:\windows\SysWow64\msvcr90.dll
    2013-03-25 12:27 . 2013-03-25 12:2734048----a-w-c:\windows\SysWow64\eEmpty.exe
    2013-03-25 11:14 . 2012-07-23 00:19963488----a-w-c:\windows\system32\deployJava1.dll
    2013-03-25 11:14 . 2012-07-23 00:191085344----a-w-c:\windows\system32\npDeployJava1.dll
    2013-03-25 10:58 . 2012-04-06 01:12693976----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
    2013-03-25 10:58 . 2011-06-05 13:1873432----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-08-15 09:20 . 2012-08-15 09:202174976----a-w-c:\program files (x86)\Common Files\atimpenc.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
    @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
    [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
    2013-06-19 05:20220632----a-w-c:\users\ali\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
    @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
    [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
    2013-06-19 05:20220632----a-w-c:\users\ali\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
    @="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
    [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
    2013-06-19 05:20220632----a-w-c:\users\ali\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
    @="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
    [HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
    2007-06-01 15:08143360----a-w-c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32129272----a-w-c:\users\ali\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32129272----a-w-c:\users\ali\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32129272----a-w-c:\users\ali\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32129272----a-w-c:\users\ali\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2013-03-01 3573624]
    "VistaSwitcher"="c:\program files\VistaSwitcher\vswitch64.exe" [2012-05-12 233088]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "vmware-tray.exe"="c:\program files (x86)\VMware\VMware Workstation\vmware-tray.exe" [2012-08-15 104088]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "mixer9"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
    @=""
    .
    R0 ysyfer;ysyfer; [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
    R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
    R3 ANTS Memory Profiler 7 Service;ANTS Memory Profiler 7 Service;c:\program files\Red Gate\ANTS Memory Profiler 7\RedGate.Memory.IISService.exe;c:\program files\Red Gate\ANTS Memory Profiler 7\RedGate.Memory.IISService.exe [x]
    R3 ANTS Performance Profiler 8 Service;ANTS Performance Profiler 8 Service;c:\program files\Red Gate\ANTS Performance Profiler 8\RedGate.Profiler.IISService.exe;c:\program files\Red Gate\ANTS Performance Profiler 8\RedGate.Profiler.IISService.exe [x]
    R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
    R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys;c:\windows\SYSNATIVE\drivers\hitmanpro37.sys [x]
    R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
    R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\645E.tmp;c:\windows\SYSNATIVE\645E.tmp [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
    R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
    R3 ST330;ST330;c:\windows\system32\DRIVERS\st330.sys;c:\windows\SYSNATIVE\DRIVERS\st330.sys [x]
    R3 STBUS;STBUS;c:\windows\system32\DRIVERS\stbus.sys;c:\windows\SYSNATIVE\DRIVERS\stbus.sys [x]
    R3 STETH;SpeedTouch Ethernet Adapter NT Driver;c:\windows\system32\DRIVERS\steth.sys;c:\windows\SYSNATIVE\DRIVERS\steth.sys [x]
    R3 stppp;Speedtouch PPP Adapter Adapter;c:\windows\system32\DRIVERS\stppp.sys;c:\windows\SYSNATIVE\DRIVERS\stppp.sys [x]
    R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
    R3 Te.Service;Te.Service;c:\program files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe;c:\program files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
    R3 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
    R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
    R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys;c:\windows\SYSNATIVE\Drivers\VBoxUSB.sys [x]
    R3 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [x]
    R3 VMwareHostd;VMware Workstation Server;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    R4 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
    R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
    R4 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [x]
    R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0105.sys [x]
    R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
    S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
    S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
    S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]
    S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys;c:\windows\SYSNATIVE\drivers\vsock.sys [x]
    S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
    S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
    S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x]
    S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
    S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [x]
    S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]
    S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
    S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
    S2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi10-shared.sys;SysWOW64\drivers\vstor2-mntapi10-shared.sys [x]
    S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys;c:\windows\SYSNATIVE\drivers\btusbflt.sys [x]
    S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
    S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
    S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys;c:\windows\SYSNATIVE\DRIVERS\FLxHCIc.sys [x]
    S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys;c:\windows\SYSNATIVE\DRIVERS\FLxHCIh.sys [x]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-06-07 20:251165776----a-w-c:\program files (x86)\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-06-20 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 10:37]
    .
    2012-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-20 07:31]
    .
    2012-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-20 07:31]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
    @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
    [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
    2013-06-19 05:20244696----a-w-c:\users\ali\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
    @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
    [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
    2013-06-19 05:20244696----a-w-c:\users\ali\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
    @="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
    [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
    2013-06-19 05:20244696----a-w-c:\users\ali\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
    @="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
    [HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
    2007-06-01 14:52159744----a-w-c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
    @="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
    [HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
    2011-05-25 07:09227840----a-w-c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
    @="{64174815-8D98-4CE6-8646-4C039977D808}"
    [HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
    2011-05-25 07:09227840----a-w-c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32162552----a-w-c:\users\ali\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32162552----a-w-c:\users\ali\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32162552----a-w-c:\users\ali\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32162552----a-w-c:\users\ali\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
    @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
    [HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
    2012-11-15 23:0723496----a-w-c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2013-03-21 6330568]
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.ye1.org/
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = <local>
    IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
    IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
    IE: ت&صدير إلى Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 41.128.225.225 41.128.225.226
    TCP: Interfaces\{1DF79A7C-6F29-4AAF-B4FD-772F63ACE586}: NameServer = 208.67.222.123,208.67.220.123,192.168.1.1
    TCP: Interfaces\{1DF79A7C-6F29-4AAF-B4FD-772F63ACE586}\C696E6B6379737: NameServer = 208.67.222.123,208.67.220.123,192.168.1.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
    BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll
    Toolbar-Locked - (no file)
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\MEMSWEEP2]
    "ImagePath"="\??\c:\windows\system32\645E.tmp"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    c:\windows\SysWOW64\WerFault.exe
    .
    **************************************************************************
    .
    Completion time: 2013-06-20 08:41:05 - machine was rebooted
    ComboFix-quarantined-files.txt 2013-06-20 06:41
    .
    Pre-Run: 34,262,802,432 bytes free
    Post-Run: 33,734,578,176 bytes free
    .
    - - End Of File - - 0C7365740FF44BAF68DCD1A1FF6B7734

    D41D8CD98F00B204E9800998ECF8427E
     
  13. malis2007

    malis2007 TS Rookie Topic Starter Posts: 32

    Oh .., sorry.., I forgot to mention that my laptop is from ASUS :/
     
  14. Broni

    Broni Malware Annihilator Posts: 46,865   +254

    1. Please open Notepad (Start>All Programs>Accessories>Notepad).

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    Driver::
    ysyfer
    
    ClearJavaCache::
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
  15. malis2007

    malis2007 TS Rookie Topic Starter Posts: 32

    By the way.. When I Drag and dropped that CFScript into ComboFix.. like how you showed me in the picture.. Combofix started loading its files.. then ASKED me if I want to update or not.. I Clicked yes(sure) like what you said before in your previous post.. but then.. after it has been updated.. combofix started again and popped up the window which has the "agree" button in it.. then combofix started a cmd window again like the first time I ran it.. with the " Completed Stag 1" to 50.. is WHAT I did was right? :/
    if no.. then what shall I do now?!
    I just think that it started again with out the drag and dropped file.. :/
    so.. shall I re-drag and drop the file again..?
    Here is the (ComboFix Log) anyway.. :

    ComboFix 13-06-21.01 - ali 06/21/2013 7:13.2.8 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1256.20.1033.18.6069.4307 [GMT 2:00]
    Running from: c:\users\ali\Desktop\ComboFix.exe
    Command switches used :: c:\users\ali\Desktop\CFScript.txt
    AV: ESET Smart Security 6.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
    FW: ESET Personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
    SP: ESET Smart Security 6.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_ysyfer
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-05-21 to 2013-06-21 )))))))))))))))))))))))))))))))
    .
    .
    2019-10-09 08:40 . 2019-10-09 08:40--------d-----w-c:\users\ali\AppData\Roaming\Crypto Obfuscator For .Net v2012 R2
    2013-06-21 06:05 . 2013-06-21 06:08--------d-----w-c:\users\ali\AppData\Local\temp
    2013-06-21 06:05 . 2013-06-21 06:05--------d-----w-c:\windows\system32\config\systemprofile\AppData\Local\temp
    2013-06-21 06:05 . 2013-06-21 06:05--------d-----w-c:\users\S34N\AppData\Local\temp
    2013-06-21 06:05 . 2013-06-21 06:05--------d-----w-c:\users\DefaultAppPool\AppData\Local\temp
    2013-06-21 06:05 . 2013-06-21 06:05--------d-----w-c:\users\Default\AppData\Local\temp
    2013-06-21 06:05 . 2013-06-21 06:05--------d-----w-c:\users\Administrator\AppData\Local\temp
    2013-06-20 09:35 . 2013-06-20 09:35--------d-----w-c:\users\ali\AppData\Local\NVIDIA
    2013-06-20 07:05 . 2013-06-20 07:13--------d-----w-c:\windows\gif
    2013-06-20 02:25 . 2013-06-20 09:54--------d-----w-c:\users\ali\AppData\Roaming\vlc
    2013-06-20 02:19 . 2012-08-21 11:0133240----a-w-c:\windows\system32\drivers\GEARAspiWDM.sys
    2013-06-20 02:19 . 2013-06-20 02:19--------d-----w-c:\program files\iPod
    2013-06-20 02:19 . 2013-06-20 02:19--------d-----w-c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
    2013-06-20 02:19 . 2013-06-20 02:19--------d-----w-c:\program files\iTunes
    2013-06-20 02:19 . 2013-06-20 02:19--------d-----w-c:\program files (x86)\iTunes
    2013-06-20 02:07 . 2013-06-20 02:07159744----a-w-c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
    2013-06-20 02:07 . 2013-06-20 02:07159744----a-w-c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
    2013-06-20 02:07 . 2013-06-20 02:07159744----a-w-c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
    2013-06-20 02:07 . 2013-06-20 02:07159744----a-w-c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
    2013-06-20 02:07 . 2013-06-20 02:07159744----a-w-c:\program files\Internet Explorer\Plugins\npqtplugin.dll
    2013-06-20 02:06 . 2013-06-20 02:07--------d-----w-c:\program files (x86)\QuickTime
    2013-06-20 01:38 . 2012-08-21 11:01106928----a-w-c:\windows\SysWow64\GEARAspi.dll
    2013-06-20 01:38 . 2012-08-21 11:01125872----a-w-c:\windows\system32\GEARAspi64.dll
    2013-06-19 05:37 . 2013-06-19 05:37--------d-----w-c:\windows\en
    2013-06-19 05:25 . 2013-02-05 20:0657840----a-w-c:\windows\system32\drivers\fssfltr.sys
    2013-06-19 05:24 . 2013-06-19 05:25--------d-----w-c:\program files\Windows Live
    2013-06-19 05:20 . 2013-06-19 05:205659096-c--a-w-c:\program files (x86)\Common Files\Windows Live\.cache\bf83f4131ce6cac09\skydrivesetup.exe
    2013-06-19 05:19 . 2013-06-19 05:1994040-c--a-w-c:\program files (x86)\Common Files\Windows Live\.cache\874194501ce6cac07\DSETUP.dll
    2013-06-19 05:19 . 2013-06-19 05:19525656-c--a-w-c:\program files (x86)\Common Files\Windows Live\.cache\874194501ce6cac07\DXSETUP.exe
    2013-06-19 05:19 . 2013-06-19 05:191691480-c--a-w-c:\program files (x86)\Common Files\Windows Live\.cache\874194501ce6cac07\dsetup32.dll
    2013-06-19 05:18 . 2013-06-19 05:1889944-c--a-w-c:\program files (x86)\Common Files\Windows Live\.cache\77d153b21ce6cac05\DSETUP.dll
    2013-06-19 05:18 . 2013-06-19 05:18537432-c--a-w-c:\program files (x86)\Common Files\Windows Live\.cache\77d153b21ce6cac05\DXSETUP.exe
    2013-06-19 05:18 . 2013-06-19 05:181801048-c--a-w-c:\program files (x86)\Common Files\Windows Live\.cache\77d153b21ce6cac05\dsetup32.dll
    2013-06-19 05:17 . 2013-06-19 05:1789944-c--a-w-c:\program files (x86)\Common Files\Windows Live\.cache\3d445f181ce6cac01\DSETUP.dll
    2013-06-19 05:17 . 2013-06-19 05:17537432-c--a-w-c:\program files (x86)\Common Files\Windows Live\.cache\3d445f181ce6cac01\DXSETUP.exe
    2013-06-19 05:17 . 2013-06-19 05:171801048-c--a-w-c:\program files (x86)\Common Files\Windows Live\.cache\3d445f181ce6cac01\dsetup32.dll
    2013-06-19 04:45 . 2013-06-19 04:45--------d-----w-c:\program files\Types
    2013-06-19 00:45 . 2012-07-06 10:3067224----a-w-c:\windows\system32\vsocklib.dll
    2013-06-19 00:45 . 2012-07-06 10:2963128----a-w-c:\windows\SysWow64\vsocklib.dll
    2013-06-19 00:45 . 2012-07-06 10:2970256----a-w-c:\windows\system32\drivers\vsock.sys
    2013-06-19 00:45 . 2012-08-15 13:1867224----a-w-c:\windows\system32\drivers\vmx86.sys
    2013-06-19 00:44 . 2012-08-15 13:18357016----a-w-c:\windows\SysWow64\vmnetdhcp.exe
    2013-06-19 00:44 . 2012-08-15 13:1830360----a-w-c:\windows\system32\drivers\vmnetuserif.sys
    2013-06-19 00:44 . 2012-08-15 13:17435864----a-w-c:\windows\SysWow64\vmnat.exe
    2013-06-19 00:44 . 2012-08-15 13:18933528----a-w-c:\windows\system32\vnetlib64.dll
    2013-06-19 00:43 . 2012-08-01 15:1052376----a-w-c:\windows\system32\drivers\hcmon.sys
    2013-06-19 00:43 . 2013-06-19 00:43--------d-----w-c:\program files\Common Files\VMware
    2013-06-19 00:40 . 2013-06-19 00:40--------d-----w-c:\program files (x86)\Common Files\VMware
    2013-06-18 14:06 . 2013-06-18 14:33--------d-----w-c:\program files (x86)\FileZilla Server
    2013-06-18 08:13 . 2013-06-18 08:14--------d-----w-c:\program files\Red Gate
    2013-06-16 01:02 . 2013-06-16 01:02--------d-----w-c:\users\ali\AppData\Local\VSIXInstaller
    2013-06-13 12:48 . 2013-06-08 12:282706432----a-w-c:\windows\system32\mshtml.tlb
    2013-06-13 12:48 . 2013-06-08 11:132706432----a-w-c:\windows\SysWow64\mshtml.tlb
    2013-06-13 12:48 . 2013-06-08 14:08279040----a-w-c:\program files\Internet Explorer\sqmapi.dll
    2013-06-13 12:48 . 2013-06-08 11:41218112----a-w-c:\program files (x86)\Internet Explorer\sqmapi.dll
    2013-06-13 12:48 . 2013-06-08 14:081365504----a-w-c:\windows\system32\urlmon.dll
    2013-06-13 12:48 . 2013-06-08 14:062648064----a-w-c:\windows\system32\iertutil.dll
    2013-06-13 12:48 . 2013-06-08 14:06526336----a-w-c:\windows\system32\ieui.dll
    2013-06-13 12:47 . 2013-06-08 14:0615404544----a-w-c:\windows\system32\ieframe.dll
    2013-06-13 12:47 . 2013-06-08 14:0719233792----a-w-c:\windows\system32\mshtml.dll
    2013-06-13 00:09 . 2013-05-08 06:391910632----a-w-c:\windows\system32\drivers\tcpip.sys
    2013-06-13 00:04 . 2013-04-26 05:51751104----a-w-c:\windows\system32\win32spl.dll
    2013-06-13 00:04 . 2013-04-26 04:55492544----a-w-c:\windows\SysWow64\win32spl.dll
    2013-06-12 23:53 . 2013-04-25 23:301505280----a-w-c:\windows\SysWow64\d3d11.dll
    2013-06-12 23:53 . 2013-03-31 22:521887232----a-w-c:\windows\system32\d3d11.dll
    2013-06-11 16:44 . 2013-06-11 16:44--------d-----w-c:\program files (x86)\Common Files\PCSuite
    2013-06-11 16:43 . 2013-06-11 16:43--------d-----w-c:\program files (x86)\Common Files\Nokia
    2013-06-11 16:43 . 2008-08-28 09:4425600----a-w-c:\windows\system32\drivers\pccsmcfdx64.sys
    2013-06-11 16:42 . 2013-06-11 16:42--------d-----w-c:\program files (x86)\PC Connectivity Solution
    2013-06-11 16:40 . 2013-06-11 16:43--------d-----w-c:\program files (x86)\Nokia
    2013-06-11 14:30 . 2013-06-19 07:50--------d-----w-c:\programdata\Malwarebytes' Anti-Malware (portable)
    2013-06-10 19:10 . 2013-06-10 19:10--------d-----w-c:\users\ali\AppData\Local\Brice_Lambson
    2013-06-10 19:08 . 2013-06-10 19:08--------d-----w-c:\program files\Image Resizer for Windows
    2013-06-10 19:08 . 2013-06-10 19:08--------d-----w-c:\program files (x86)\Image Resizer for Windows
    2013-06-10 17:47 . 2004-08-03 22:56438272----a-w-C:\shimgvw.dll
    2013-06-07 21:15 . 2013-06-07 21:15--------d-----w-C:\RegBackup
    2013-06-07 20:57 . 2013-06-07 20:58--------d-----w-c:\program files (x86)\Malwarebytes' Anti-Malware
    2013-06-07 20:57 . 2013-04-04 12:5025928----a-w-c:\windows\system32\drivers\mbam.sys
    2013-06-07 19:11 . 2013-06-07 19:11--------d-----w-c:\program files (x86)\Common Files\Java
    2013-06-07 19:11 . 2013-06-07 19:1095648----a-w-c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2013-06-07 19:10 . 2013-06-07 19:10--------d-----w-c:\program files (x86)\Java
    2013-06-07 18:55 . 2013-06-07 18:55--------d-----w-c:\program files (x86)\MeteorEntertainment
    2013-06-06 02:55 . 2013-06-06 02:55--------d-----w-c:\users\Default\AppData\Local\Microsoft Help
    2013-06-06 00:33 . 2013-06-06 02:54--------d-----w-c:\program files (x86)\Microsoft Works
    2013-06-06 00:31 . 2013-06-06 00:31--------d-----w-c:\program files\Microsoft Office
    2013-06-06 00:30 . 2013-06-06 00:30--------d-----r-C:\MSOCache
    2013-06-05 11:49 . 2013-06-05 11:49--------d-----w-c:\users\ali\AppData\Roaming\NuGet
    2013-06-03 13:52 . 2013-06-03 13:52--------d-----w-c:\program files (x86)\Common Files\Skype
    2013-06-03 11:39 . 2013-06-03 11:39--------d-----w-c:\program files (x86)\Microsoft Web Tools
    2013-06-02 18:24 . 2013-06-02 18:24--------d-----w-c:\program files\Microsoft Synchronization Services
    2013-06-02 18:24 . 2013-06-02 18:24--------d-----w-c:\program files (x86)\Microsoft Synchronization Services
    2013-06-02 18:22 . 2013-06-02 18:22--------d-----w-c:\program files\Microsoft Visual Studio 10.0
    2013-05-31 19:30 . 2013-05-31 19:30--------d-----w-c:\users\ali\AppData\Roaming\Microsoft FxCop
    2013-05-30 19:34 . 2013-05-30 19:34--------d-----w-c:\programdata\Microsoft Visual Studio
    2013-05-30 11:34 . 2013-05-30 11:34--------d-----w-c:\program files (x86)\Windows Sidebar
    2013-05-30 11:23 . 2013-06-12 21:14181064----a-w-c:\windows\PSEXESVC.EXE
    2013-05-29 13:28 . 2013-06-02 18:24--------d-----w-c:\program files\Microsoft SQL Server Compact Edition
    2013-05-29 13:16 . 2013-05-29 13:16--------d-----w-c:\program files\Application Verifier
    2013-05-29 13:16 . 2013-05-29 13:16--------d-----w-c:\program files (x86)\Application Verifier
    2013-05-29 13:14 . 2013-06-03 12:34--------d-----w-c:\programdata\Windows App Certification Kit
    2013-05-29 13:00 . 2013-05-29 13:00--------d-----w-c:\program files (x86)\Common Files\Microsoft
    2013-05-29 12:31 . 2013-05-29 12:36--------d-----w-c:\program files (x86)\Microsoft ASP.NET
    2013-05-29 12:28 . 2013-05-29 12:28--------d-----w-c:\program files\Microsoft
    2013-05-29 12:28 . 2013-05-29 12:28--------d-----w-c:\program files\IIS Express
    2013-05-29 12:28 . 2013-05-29 12:28--------d-----w-c:\program files (x86)\IIS Express
    2013-05-29 12:26 . 2013-05-29 12:26--------d-----w-c:\program files (x86)\NuGet
    2013-05-29 12:20 . 2013-05-29 12:20--------d-----w-c:\program files (x86)\Microsoft WCF Data Services
    2013-05-29 12:20 . 2013-05-29 12:20--------d-----w-c:\program files\IIS
    2013-05-29 12:20 . 2013-05-29 12:20--------d-----w-c:\program files (x86)\IIS
    2013-05-29 12:02 . 2013-05-29 12:02--------d-----w-c:\program files (x86)\Windows Kits
    2013-05-29 11:24 . 2013-05-29 11:24--------d-----w-c:\program files (x86)\HTML Help Workshop
    2013-05-29 11:23 . 2013-05-29 11:23--------d-----w-c:\program files (x86)\Microsoft Help Viewer
    2013-05-29 11:06 . 2013-05-29 11:35--------d-----w-c:\windows\SysWow64\1033
    2013-05-29 10:31 . 2013-06-03 13:26--------d-----w-c:\program files (x86)\Common Files\Merge Modules
    2013-05-29 10:27 . 2013-05-29 10:27--------d-----w-c:\users\ali\AppData\Roaming\ImTOO
    2013-05-29 10:26 . 2013-05-29 10:26--------d-----w-c:\programdata\ImTOO
    2013-05-29 10:26 . 2013-05-29 10:26--------d-----w-c:\program files (x86)\ImTOO
    2013-05-29 10:23 . 2013-05-29 13:46--------d-----w-c:\program files (x86)\Microsoft Visual Studio 11.0
    2013-05-29 10:23 . 2013-05-29 11:06--------d-----w-c:\windows\system32\1033
    2013-05-29 10:23 . 2013-05-29 10:23--------d-----w-c:\windows\symbols
    2013-05-29 10:23 . 2013-06-03 13:28--------d-----w-c:\program files (x86)\Microsoft SDKs
    2013-05-29 10:23 . 2013-05-29 10:23--------d-----w-c:\program files\Microsoft Visual Studio 11.0
    2013-05-29 10:05 . 2013-06-10 19:07--------d-----w-c:\programdata\Package Cache
    2013-05-29 10:05 . 2013-05-29 10:05--------d-----w-c:\programdata\regid.1991-06.com.microsoft
    2013-05-26 13:12 . 2013-05-26 13:12--------d-----w-C:\Evolution Games
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-06-13 01:03 . 2011-02-04 17:0575825640----a-w-c:\windows\system32\MRT.exe
    2013-06-07 19:10 . 2013-03-01 08:35866720----a-w-c:\windows\SysWow64\npDeployJava1.dll
    2013-06-07 19:10 . 2012-03-14 18:52788896----a-w-c:\windows\SysWow64\deployJava1.dll
    2013-05-14 10:54 . 2013-05-14 10:54421888----a-w-c:\windows\SysWow64\RealMediaSplitter.ax
    2013-05-12 21:42 . 2013-04-08 11:322597344----a-w-c:\windows\SysWow64\nvapi.dll
    2013-05-12 21:42 . 2010-08-16 13:492935696----a-w-c:\windows\system32\nvapi64.dll
    2013-05-12 21:42 . 2010-08-16 13:4915910736----a-w-c:\windows\system32\nvwgf2umx.dll
    2013-05-12 21:42 . 2010-08-16 13:4912426216----a-w-c:\windows\SysWow64\nvd3dum.dll
    2013-05-12 20:34 . 2010-08-16 21:066491936----a-w-c:\windows\system32\nvcpl.dll
    2013-05-12 20:34 . 2010-08-16 21:063514656----a-w-c:\windows\system32\nvsvc64.dll
    2013-05-12 20:34 . 2010-08-16 21:06884512----a-w-c:\windows\system32\nvvsvc.exe
    2013-05-12 20:34 . 2010-08-16 21:0663776----a-w-c:\windows\system32\nvshext.dll
    2013-05-12 20:34 . 2010-08-16 21:062555680----a-w-c:\windows\system32\nvsvcr.dll
    2013-05-12 20:34 . 2010-08-16 21:06237856----a-w-c:\windows\system32\nvmctray.dll
    2013-05-12 13:43 . 2013-05-12 13:43566048----a-w-c:\windows\SysWow64\nvStreaming.exe
    2013-05-02 00:06 . 2011-02-04 15:49278800------w-c:\windows\system32\MpSigStub.exe
    2013-05-01 01:59 . 2013-05-01 01:5994208----a-w-c:\windows\SysWow64\QuickTimeVR.qtx
    2013-05-01 01:59 . 2013-05-01 01:5969632----a-w-c:\windows\SysWow64\QuickTime.qts
    2013-04-13 05:49 . 2013-05-25 23:25135168----a-w-c:\windows\apppatch\AppPatch64\AcXtrnal.dll
    2013-04-13 05:49 . 2013-05-25 23:25350208----a-w-c:\windows\apppatch\AppPatch64\AcLayers.dll
    2013-04-13 05:49 . 2013-05-25 23:25308736----a-w-c:\windows\apppatch\AppPatch64\AcGenral.dll
    2013-04-13 05:49 . 2013-05-25 23:25111104----a-w-c:\windows\apppatch\AppPatch64\acspecfc.dll
    2013-04-13 04:45 . 2013-05-25 23:25474624----a-w-c:\windows\apppatch\AcSpecfc.dll
    2013-04-13 04:45 . 2013-05-25 23:252176512----a-w-c:\windows\apppatch\AcGenral.dll
    2013-04-08 11:32 . 2013-04-08 11:321510176----a-w-c:\windows\system32\nvdispgenco64.dll
    2013-04-08 11:32 . 2013-04-08 11:321814304----a-w-c:\windows\system32\nvdispco64.dll
    2013-04-05 00:00 . 2013-04-05 00:00185344----a-w-c:\windows\SysWow64\elshyph.dll
    2013-04-05 00:00 . 2013-04-05 00:001054720----a-w-c:\windows\system32\MsSpellCheckingFacility.exe
    2013-04-05 00:00 . 2013-04-05 00:00226304----a-w-c:\windows\system32\elshyph.dll
    2013-04-05 00:00 . 2013-04-05 00:00158720----a-w-c:\windows\SysWow64\msls31.dll
    2013-04-05 00:00 . 2013-04-05 00:00719360----a-w-c:\windows\SysWow64\mshtmlmedia.dll
    2013-04-05 00:00 . 2013-04-05 00:00150528----a-w-c:\windows\SysWow64\iexpress.exe
    2013-04-05 00:00 . 2013-04-05 00:00138752----a-w-c:\windows\SysWow64\wextract.exe
    2013-04-04 23:59 . 2013-04-04 23:59523264----a-w-c:\windows\SysWow64\vbscript.dll
    2013-04-04 23:59 . 2013-04-04 23:5938400----a-w-c:\windows\SysWow64\imgutil.dll
    2013-04-04 23:59 . 2013-04-04 23:59137216----a-w-c:\windows\SysWow64\ieUnatt.exe
    2013-04-04 23:59 . 2013-04-04 23:5912800----a-w-c:\windows\SysWow64\mshta.exe
    2013-04-04 23:59 . 2013-04-04 23:5973728----a-w-c:\windows\SysWow64\SetIEInstalledDate.exe
    2013-04-04 23:59 . 2013-04-04 23:5948640----a-w-c:\windows\SysWow64\mshtmler.dll
    2013-04-04 23:59 . 2013-04-04 23:59110592----a-w-c:\windows\SysWow64\IEAdvpack.dll
    2013-04-04 23:59 . 2013-04-04 23:5961952----a-w-c:\windows\SysWow64\tdc.ocx
    2013-04-04 23:59 . 2013-04-04 23:59361984----a-w-c:\windows\SysWow64\html.iec
    2013-04-04 23:59 . 2013-04-04 23:591441280----a-w-c:\windows\SysWow64\inetcpl.cpl
    2013-04-04 23:59 . 2013-04-04 23:5923040----a-w-c:\windows\SysWow64\licmgr10.dll
    2013-04-04 23:59 . 2013-04-04 23:59441856----a-w-c:\windows\system32\html.iec
    2013-04-04 23:59 . 2013-04-04 23:59216064----a-w-c:\windows\system32\msls31.dll
    2013-04-04 23:59 . 2013-04-04 23:59197120----a-w-c:\windows\system32\msrating.dll
    2013-04-04 23:59 . 2013-04-04 23:59905728----a-w-c:\windows\system32\mshtmlmedia.dll
    2013-04-04 23:59 . 2013-04-04 23:5981408----a-w-c:\windows\system32\icardie.dll
    2013-04-04 23:59 . 2013-04-04 23:59762368----a-w-c:\windows\system32\ieapfltr.dll
    2013-04-04 23:59 . 2013-04-04 23:59452096----a-w-c:\windows\system32\dxtmsft.dll
    2013-04-04 23:59 . 2013-04-04 23:59281600----a-w-c:\windows\system32\dxtrans.dll
    2013-04-04 23:59 . 2013-04-04 23:5927648----a-w-c:\windows\system32\licmgr10.dll
    2013-04-04 23:59 . 2013-04-04 23:59270848----a-w-c:\windows\system32\iedkcs32.dll
    2013-04-04 23:59 . 2013-04-04 23:59247296----a-w-c:\windows\system32\webcheck.dll
    2013-04-04 23:59 . 2013-04-04 23:59235008----a-w-c:\windows\system32\url.dll
    2013-04-04 23:59 . 2013-04-04 23:591509376----a-w-c:\windows\system32\inetcpl.cpl
    2013-04-04 23:59 . 2013-04-04 23:591400416----a-w-c:\windows\system32\ieapfltr.dat
    2013-04-04 23:59 . 2013-04-04 23:5997280----a-w-c:\windows\system32\mshtmled.dll
    2013-04-04 23:59 . 2013-04-04 23:59599552----a-w-c:\windows\system32\vbscript.dll
    2013-04-04 23:59 . 2013-04-04 23:59167424----a-w-c:\windows\system32\iexpress.exe
    2013-04-04 23:59 . 2013-04-04 23:59144896----a-w-c:\windows\system32\wextract.exe
    2013-04-04 23:59 . 2013-04-04 23:59102912----a-w-c:\windows\system32\inseng.dll
    2013-04-04 23:59 . 2013-04-04 23:5962976----a-w-c:\windows\system32\pngfilt.dll
    2013-04-04 23:59 . 2013-04-04 23:59173568----a-w-c:\windows\system32\ieUnatt.exe
    2013-04-04 23:59 . 2013-04-04 23:59149504----a-w-c:\windows\system32\occache.dll
    2013-04-04 23:59 . 2013-04-04 23:5952224----a-w-c:\windows\system32\msfeedsbs.dll
    2013-04-04 23:59 . 2013-04-04 23:5951200----a-w-c:\windows\system32\imgutil.dll
    2013-04-04 23:59 . 2013-04-04 23:5913824----a-w-c:\windows\system32\mshta.exe
    2013-04-04 23:59 . 2013-04-04 23:59136192----a-w-c:\windows\system32\iepeers.dll
    2013-04-04 23:59 . 2013-04-04 23:5912800----a-w-c:\windows\system32\msfeedssync.exe
    2013-04-04 23:59 . 2013-04-04 23:5992160----a-w-c:\windows\system32\SetIEInstalledDate.exe
    2013-04-04 23:59 . 2013-04-04 23:5948640----a-w-c:\windows\system32\mshtmler.dll
    2013-04-04 23:59 . 2013-04-04 23:59135680----a-w-c:\windows\system32\IEAdvpack.dll
    2013-04-04 23:59 . 2013-04-04 23:5977312----a-w-c:\windows\system32\tdc.ocx
    2013-03-25 12:34 . 2013-03-25 12:3221404927----a-w-c:\windows\REGBK00.ZIP
    2013-03-25 12:28 . 2013-03-25 12:28350160----a-w-c:\windows\system32\drivers\trufos.sys
    2013-03-25 12:27 . 2013-03-25 12:27632064----a-w-c:\windows\SysWow64\msvcr80.dll
    2013-03-25 12:27 . 2013-03-25 12:27554240----a-w-c:\windows\SysWow64\msvcp80.dll
    2013-03-25 12:27 . 2013-03-25 12:27572928----a-w-c:\windows\SysWow64\msvcp90.dll
    2013-03-25 12:27 . 2013-03-25 12:27655872----a-w-c:\windows\SysWow64\msvcr90.dll
    2013-03-25 12:27 . 2013-03-25 12:2734048----a-w-c:\windows\SysWow64\eEmpty.exe
    2013-03-25 11:14 . 2012-07-23 00:19963488----a-w-c:\windows\system32\deployJava1.dll
    2013-03-25 11:14 . 2012-07-23 00:191085344----a-w-c:\windows\system32\npDeployJava1.dll
    2013-03-25 10:58 . 2012-04-06 01:12693976----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
    2013-03-25 10:58 . 2011-06-05 13:1873432----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-08-15 09:20 . 2012-08-15 09:202174976----a-w-c:\program files (x86)\Common Files\atimpenc.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
    @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
    [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
    2013-06-19 05:20220632----a-w-c:\users\ali\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
    @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
    [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
    2013-06-19 05:20220632----a-w-c:\users\ali\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
    @="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
    [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
    2013-06-19 05:20220632----a-w-c:\users\ali\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
    @="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
    [HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
    2007-06-01 15:08143360----a-w-c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32129272----a-w-c:\users\ali\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32129272----a-w-c:\users\ali\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32129272----a-w-c:\users\ali\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32129272----a-w-c:\users\ali\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2013-03-01 3573624]
    "VistaSwitcher"="c:\program files\VistaSwitcher\vswitch64.exe" [2012-05-12 233088]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "vmware-tray.exe"="c:\program files (x86)\VMware\VMware Workstation\vmware-tray.exe" [2012-08-15 104088]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
    @=""
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
    R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
    R3 ANTS Memory Profiler 7 Service;ANTS Memory Profiler 7 Service;c:\program files\Red Gate\ANTS Memory Profiler 7\RedGate.Memory.IISService.exe;c:\program files\Red Gate\ANTS Memory Profiler 7\RedGate.Memory.IISService.exe [x]
    R3 ANTS Performance Profiler 8 Service;ANTS Performance Profiler 8 Service;c:\program files\Red Gate\ANTS Performance Profiler 8\RedGate.Profiler.IISService.exe;c:\program files\Red Gate\ANTS Performance Profiler 8\RedGate.Profiler.IISService.exe [x]
    R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
    R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys;c:\windows\SYSNATIVE\drivers\hitmanpro37.sys [x]
    R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
    R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\645E.tmp;c:\windows\SYSNATIVE\645E.tmp [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
    R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
    R3 ST330;ST330;c:\windows\system32\DRIVERS\st330.sys;c:\windows\SYSNATIVE\DRIVERS\st330.sys [x]
    R3 STBUS;STBUS;c:\windows\system32\DRIVERS\stbus.sys;c:\windows\SYSNATIVE\DRIVERS\stbus.sys [x]
    R3 STETH;SpeedTouch Ethernet Adapter NT Driver;c:\windows\system32\DRIVERS\steth.sys;c:\windows\SYSNATIVE\DRIVERS\steth.sys [x]
    R3 stppp;Speedtouch PPP Adapter Adapter;c:\windows\system32\DRIVERS\stppp.sys;c:\windows\SYSNATIVE\DRIVERS\stppp.sys [x]
    R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
    R3 Te.Service;Te.Service;c:\program files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe;c:\program files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
    R3 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
    R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
    R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys;c:\windows\SYSNATIVE\Drivers\VBoxUSB.sys [x]
    R3 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [x]
    R3 VMwareHostd;VMware Workstation Server;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    R4 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
    R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
    R4 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [x]
    R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0105.sys [x]
    R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
    S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
    S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
    S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]
    S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys;c:\windows\SYSNATIVE\drivers\vsock.sys [x]
    S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
    S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
    S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x]
    S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
    S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [x]
    S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]
    S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
    S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
    S2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi10-shared.sys;SysWOW64\drivers\vstor2-mntapi10-shared.sys [x]
    S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys;c:\windows\SYSNATIVE\drivers\btusbflt.sys [x]
    S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
    S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
    S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys;c:\windows\SYSNATIVE\DRIVERS\FLxHCIc.sys [x]
    S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys;c:\windows\SYSNATIVE\DRIVERS\FLxHCIh.sys [x]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-06-07 20:251165776----a-w-c:\program files (x86)\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-06-21 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 10:37]
    .
    2012-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-20 07:31]
    .
    2012-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-20 07:31]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
    c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll [BU]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
    @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
    [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
    2013-06-19 05:20244696----a-w-c:\users\ali\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
    @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
    [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
    2013-06-19 05:20244696----a-w-c:\users\ali\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
    @="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
    [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
    2013-06-19 05:20244696----a-w-c:\users\ali\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
    @="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
    [HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
    2007-06-01 14:52159744----a-w-c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
    @="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
    [HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
    2011-05-25 07:09227840----a-w-c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
    @="{64174815-8D98-4CE6-8646-4C039977D808}"
    [HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
    2011-05-25 07:09227840----a-w-c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32162552----a-w-c:\users\ali\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32162552----a-w-c:\users\ali\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32162552----a-w-c:\users\ali\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32162552----a-w-c:\users\ali\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
    @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
    [HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
    2012-11-15 23:0723496----a-w-c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2013-03-21 6330568]
    "Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-05-16 1012000]
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.ye1.org/
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = <local>
    IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
    IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
    IE: ت&صدير إلى Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 41.128.225.225 41.128.225.226
    TCP: Interfaces\{1DF79A7C-6F29-4AAF-B4FD-772F63ACE586}: NameServer = 208.67.222.123,208.67.220.123,192.168.1.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\MEMSWEEP2]
    "ImagePath"="\??\c:\windows\system32\645E.tmp"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    .
    **************************************************************************
    .
    Completion time: 2013-06-21 08:19:17 - machine was rebooted
    ComboFix-quarantined-files.txt 2013-06-21 06:19
    ComboFix2.txt 2013-06-20 06:41
    .
    Pre-Run: 32,527,597,568 bytes free
    Post-Run: 31,856,861,184 bytes free
    .
    - - End Of File - - 0F232CCB0F42C80AAFA5159466B230AA
    D41D8CD98F00B204E9800998ECF8427E
     
  16. malis2007

    malis2007 TS Rookie Topic Starter Posts: 32

    Btw.. I am so sorry about the late reply's.. its due to the difference of the time zones :/
    I am (GMT +2) here.. xD
     
  17. Broni

    Broni Malware Annihilator Posts: 46,865   +254

    Don't worry about it :)
    You did fine.

    How is computer doing?

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    [​IMG] Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  18. malis2007

    malis2007 TS Rookie Topic Starter Posts: 32

    Off Topic :
    oh well..
    first.. I am so sorry for not being able to post acomment to you yesterday.
    because I was very busy from 6:00 am to 12:00 am O_O
    and I had a very bad conditions :/
    Anyway.. thanks for helping me :D

    =======================================================
    On Topic :
    oh well.. as I can see.. its still the same.. :/
    my computer is soooooo slow.. and.. still some services missing files.. and the scheled tasks has bugs.. so is the event viewer I think {I didn't check the event viewer yet.. :D}..
    I just meant to say.. I still have the same problems :/
    I hope you can fix it for me :D

    here is the logs :

    AdwCleaner[S1].txt :

    # AdwCleaner v2.303 - Logfile created 06/23/2013 at 12:23:18
    # Updated 08/06/2013 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : ali - S34N
    # Boot Mode : Normal
    # Running from : C:\Users\ali\Desktop\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    File Deleted : C:\Users\ali\AppData\Local\Temp\Uninstall.exe
    File Deleted : C:\Users\Public\Desktop\eBay.lnk
    Folder Deleted : C:\Program Files (x86)\Common Files\Speedbit
    Folder Deleted : C:\ProgramData\boost_interprocess
    Folder Deleted : C:\ProgramData\Partner

    ***** [Registry] *****

    Key Deleted : HKCU\Software\APN PIP
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
    Key Deleted : HKCU\Software\PIP
    Key Deleted : HKCU\Software\SpeedBit
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\Software\Iminent
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKLM\Software\PIP
    Key Deleted : HKLM\Software\SpeedBit
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jplinpmadfkdgipabgcdchbdikologlh
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v10.0.9200.16618

    [OK] Registry is clean.

    -\\ Mozilla Firefox v [Unable to get version]

    File : C:\Users\ali\AppData\Roaming\Mozilla\Firefox\Profiles\94np9vd1.default\prefs.js

    [OK] File is clean.

    -\\ Google Chrome v27.0.1453.116

    File : C:\Users\ali\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[S1].txt - [2401 octets] - [23/06/2013 12:23:18]

    ########## EOF - C:\AdwCleaner[S1].txt - [2461 octets] ##########
     
  19. malis2007

    malis2007 TS Rookie Topic Starter Posts: 32

    JRT.txt :

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 4.9.4 (05.06.2013:1)
    OS: Windows 7 Home Premium x64
    Ran by ali on Sun 06/23/2013 at 12:31:55.36
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys



    ~~~ Files



    ~~~ Folders

    Successfully deleted: [Folder] "C:\Users\ali\appdata\local\adawarebp"
    Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{002FFCBE-4873-488B-B856-134FEE877304}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{011D7EDC-3DFB-42EC-96AC-A7E56F5384DF}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{0132446C-5EFE-4727-B10B-4F1039F3F6D0}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{02B44E23-4A8D-40DA-A419-00F2695D47B6}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{032353A4-1129-4127-8DB7-7D85F9D2BDA5}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{0384DB47-E32C-4531-B5E9-B88650EC3070}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{03B6E8E4-BC52-4306-A1F3-CBF1E53D4647}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{03C39F31-95D9-4462-9A10-5C88E760A913}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{03E6B322-1FE4-44B2-A374-1737B1E72CBA}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{03FD26E6-BF6E-4C72-912C-57C6906DA983}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{04580177-3DA6-435F-B160-093A128B9546}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{053A617F-6454-4860-9928-B6F21B5779DD}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{05472E9D-DB29-48E4-9FB4-28ABCE7FB9E8}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{05967209-C2F5-4084-B03F-5D2C1BDFE8EA}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{05CE50D6-BE2D-47F4-BE7C-A7F81B91B02D}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{0622BF69-ED13-4C9C-82BF-B886992E63F3}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{06811279-CE40-4E36-AE24-BD5FD072B7F2}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{074FD4FA-2B44-41D2-9021-4E5C32AD009B}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{081E5995-20DB-4E80-B491-B1093802DCE1}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{085FC159-194F-41FC-87E0-C79DE2003FCC}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{08F8451C-F2F2-402A-989C-684F2BAE0B0C}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{0908192D-FAD7-4A13-AA8F-12E1EA22931B}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{09865AEA-5B46-4E2D-911A-FD25EAA734A2}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{098E4284-9D5F-45F7-BD38-716A836DDB57}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{09D47068-8E59-46D8-B54F-8A26619C19A1}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{0B250286-4013-486F-977B-A7949E635628}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{0B49E6FF-BE57-446F-A443-91549D63FD2D}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{0B83BCDF-DBB5-4E07-87A4-74EFA215D34F}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{0BB25C74-1191-48D6-A361-60DB9D6D1A9F}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{0BB3BB0F-4A9E-4F5F-A60B-4E94384FF76C}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{0BF18362-29A0-4E41-A51E-2E98A02D6097}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{0C1FB3CF-CAC8-4E13-A6BC-FA3A76F463A2}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{0D5D2E10-BC5C-4D2C-99B3-483D2C64B2FB}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{0E66B2F0-456E-451D-8DDE-973BE3885746}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{0EC0069F-897F-443C-BC40-298A15810DF4}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{0EC30C9B-5475-4380-8BD0-AFBE8DF2AF3A}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{0F03CC2E-817F-49D5-905D-9FF642C6CFB9}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{0F3BC6E9-9C42-41B8-A601-B6370DE12AA5}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{0F585715-DDA5-43D1-A51E-33BB3628C244}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{0F6D948C-F8A0-4616-A841-468117D92178}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{0FE51C34-4493-405C-AD12-7B288CA00E96}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{103B25A8-04FF-4F1E-975A-5DC770DF15CC}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{107B8566-025D-45F9-B201-36CE3F965F70}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{1086471C-8CC7-478F-8235-173246C2E1ED}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{10EAFEA2-4E99-4FA5-BB89-E3B2D521AAD4}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{1194C683-C7AA-4A86-AD46-F2C7FFB66869}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{12AC0C94-348E-4519-8A9A-67449EB040DA}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{12D1ED8E-3CAF-4DB8-8B46-7A0ECAF96C0D}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{1327B3C1-E572-4E58-9FD3-20E76724D684}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{1333725C-2709-4F06-8AB7-C442480321A4}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{13C2F459-B75D-440B-B487-062B406C5193}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{13F3471D-978D-4FE3-919B-F1E2CBE9E549}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{147AE17A-FECD-446F-A38B-83A530CBA218}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{153536AC-D01E-48E1-B64A-0B023E3CE95B}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{16E8A2A3-62B2-42B8-8746-2E764145EA3D}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{16ECFB86-E045-475E-AB22-B386319187FE}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{180D7C43-9200-413A-85B9-E07F7F2C2041}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{1815A1F9-9E79-47DD-9BB9-A2789BDBE2EA}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{1830875E-D276-41CB-880F-42CC0BC9483A}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{183EE8DB-E8AB-42FB-ABF6-E1EEB5C0F86D}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{1868EE99-FFB8-45E5-85B8-D3DBE581E4B9}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{18EACA42-7E54-4FE6-A719-CAEBEDA8D822}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{1935CC8C-F6ED-42AB-8EF6-46FA37A51B3C}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{19442278-673B-408C-9E5D-CB0C31C7FF73}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{1968691F-EC74-4303-9413-78AE5386150A}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{1AF067E3-16A5-4236-BD42-907F58758DE1}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{1B0B00DE-4A2B-436A-9D48-34E4290F88AF}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{1BECF0B4-348E-4022-8AAD-E63A00845BEE}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{1BF098B0-129A-4B51-B583-FB050696BDAD}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{1C094DDC-BD72-4818-8F26-37A902243D14}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{1C631B6D-7852-4A6B-9D59-23F14CB48ACB}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{1CB11ABA-45AB-41F4-98DA-6C012BEA143C}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{1CD60BD8-047B-4A1E-9E92-AE1569472AFB}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{1D080F69-DD48-4437-B21E-C4CFEE51A3C6}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{1D7C2C3A-A38D-47D0-A5A7-3872DFFED998}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{1E721BDE-A54C-4F73-A822-CA8D1FA287B8}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{1E989540-B4E0-4CB8-A51B-06924575D944}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{1E98FF34-38BF-4AF3-A0C9-57803B2CBA84}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{1EA14108-DC1C-47CB-8C8D-5FD0C18C3E39}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{1EB09719-7D84-4743-832A-EFF0AA606EFF}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{1EB2FFE7-D9A9-45EC-8189-FB28FADADC08}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{1EC31BFE-3D10-4DF5-84DC-F9C8EAACA8A1}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{1F70B2E9-3BA5-4D4D-87C9-55E145A0DE14}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{1FECA442-E690-4F98-ADEE-1249A3C53F66}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{1FF3B883-68B9-4874-BAB0-3536F42C7387}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{200DD771-5205-4D10-9B5C-FF9BC3423CD5}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{205C719E-D901-4C11-A212-879F5268EA5C}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{20A657A4-79BA-448F-8AF3-F93686B44277}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{20CC61E9-A72C-47F1-B6DC-84C5EC9FD6B1}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{20F66AB9-6B46-44AF-AF07-6FCE3739E8A1}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{21307873-8F0C-42CE-91CF-7E32B71299D8}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{21CFBB12-0B25-4C96-863E-9F777BFD7330}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{224C0A85-27C1-44B9-A0D9-6D4A06CB7312}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{22851C46-9151-436A-AC18-7AF46104337A}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{22EC34B8-7418-4CB5-8381-4279712F51B8}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{234124E4-A5D9-40F6-9990-7787C7A1E66B}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{2417F53B-0F82-487C-956A-2EA5D6E8E49D}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{24233E65-652D-49FE-9D74-7163D62ED741}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{2488294A-A76B-4E26-8F52-49F4249D0E2C}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{24A5D672-8334-41FC-B2D1-8A91C7C2758E}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{24F684F7-2A1F-47B5-8EE9-D6C2B30C109B}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{2523EF7C-5BF4-43DA-A244-8444CF5FCA3A}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{258684C6-FFB7-47F0-9C58-0518F17259E8}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{25B845BF-CA1D-4C6F-943F-6E86A7F3685F}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{2658C016-57C5-475E-980C-A686E674E89E}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{26D58324-DB28-4037-B1E0-625CA74166A0}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{273015DC-3A42-41BD-9C18-BA1408E0B767}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{278E78B3-CF25-4E3C-99A5-5929439CBF0E}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{2794B40F-26DC-4EB3-ADAE-2ECEAE90DA0C}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{27A51B6D-EA69-4A76-885A-D6D762C4B721}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{27FCEEB5-1EC5-48B1-9722-3B1BE79F02EC}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{28FD9713-C702-44FE-8539-BBDFAD531B3E}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{2963DD8B-7F09-4C96-892F-90AC2FD561C8}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{299341DD-C3CC-4D4B-B486-84C0520CFA37}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{2A41A161-5861-4CBD-8F11-E359BEFC05B2}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{2A7AE37E-5BCE-464D-8C25-996B22747CFD}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{2A7CF721-6E07-4969-95BB-46B1DE1D3C1C}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{2B667DD3-79E9-4514-821B-04241A10450F}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{2C6CDCB8-B9CD-4E6F-83AE-E716504977C9}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{2C77D99E-0A58-46A1-9CC6-422701E3671E}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{2C9963E9-B8F1-4E8A-8B07-7393B6BB4F0A}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{2CC8D8E5-2778-4778-AFF5-F60A53EFC96A}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{2CCE310C-4DBA-47FC-BCC9-7D58DF92C2CF}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{2EF4566A-9E51-4F56-B2C5-DCC4D1D87EDD}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{2F2BAB31-E9B2-4B96-86A2-480EF21D8166}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{30460B05-340B-4150-BE90-FCF584A785BC}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{30C56008-32B4-4BC7-A2F6-24A4D8E75738}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{30E4F24A-DF5D-47FF-ACC4-88A78D54AF08}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{31A9C9E7-3DC2-46BD-B590-60EC74ECB3D1}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{32353E1F-2F28-4EDC-A44E-EC1607DFAB89}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{3271BD87-FBA8-41CF-9AEE-D5FFFE3E9F3F}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{3277299F-D545-4217-8FBC-4607B44C7F14}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{32F7748E-3402-4175-B007-49AB049C2369}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{33C9AD78-F1EC-4D1F-A2DA-80F9EE89BDBE}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{3426C850-A53D-4740-87A3-C7EE759D7EF7}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{34ECC2EF-56DC-41D1-9D2C-EFE6F5937DA2}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{34EE58B4-E9DB-4CC0-8622-5C6970FF86E3}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{35E321FC-1853-4F09-AA4A-213962A13372}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{360E7EC8-F274-4C30-826B-651E5BF0701B}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{3657B9CA-062D-4F95-8E60-5EAB4FF3E666}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{36C1FABC-C1AD-4F76-9BF8-58DEDAD5C855}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{37090303-03B8-4B9F-964E-755DE093FFCF}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{381B1A80-9E11-48AB-BB14-3886BA5E36B0}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{3840A3FF-C048-4956-89D7-4AC3D4909FE2}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{386C8CFA-4A83-43D3-82F7-E8C77CCD9F58}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{38AE0D75-364A-42F6-8801-C5A76A63D082}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{39282A15-F263-4D1D-B36B-134545CD58EA}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{39902503-8070-4A57-98F4-C2135A36D0E0}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{3AEE895E-3F63-4516-8EB3-94A4F7A1BB05}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{3B0D5381-312A-4C3B-82BA-9BB116A5B182}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{3B3C16AA-437B-4E66-8372-01C1319DCEAA}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{3B732963-E231-492F-B890-E387820B0CA1}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{3C6ECAB9-EF92-4D61-8D48-C5BE1A0C4CF0}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{3CCF3344-5BC7-4A5B-B591-BC183C72BBE7}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{3CDC1D75-0F36-4742-BAD3-5D4B681C34BA}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{3CF263C9-9321-4273-BA08-44710CE6AF59}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{3D17B122-090F-4FE9-965F-27B211A5947B}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{3D4C014D-EC12-4DA8-AE90-CCE83616026B}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{3D59FF3A-3809-46C4-A378-FC1AF0B0BCFE}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{3D6A144E-261C-4FE1-AA64-D293DBF0D1CE}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{3D9D55A7-046A-4E77-B700-C8B071FEF37E}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{3DB1B021-F50E-4DEA-8730-759393636B30}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{3DC3090D-32B1-4503-9456-9104D35C0CD6}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{3E8B32BF-AB5C-4337-8F58-FB19FBB06646}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{3E95078D-7889-427D-8039-2A7D76E2780A}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{3EB8002E-D5BD-419E-94C9-24FEE5A90BDE}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{3ECF18CE-B7AE-4B81-A587-639082F81BED}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{3F7FEAA3-E8A0-45FB-9787-F33C7BEA677A}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{3FBD7123-A54B-475C-A44B-77649943BB7D}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{3FDE01AF-72C6-460F-A7AF-327A61A50E12}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{4086F2E1-C216-4557-9272-6CF3571FC2E4}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{40965B37-FCA9-460B-A7CE-8118440FADEA}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{40DEBAE2-8CE7-4EFE-8360-26A58E9E7DE5}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{419E989A-0893-4610-8E13-4AA2FB523FC1}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{41B7AB5B-C8CE-4EDA-A3C4-6EA7D7DDDC59}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{41BC5CFA-4C89-4355-8442-190CE980B7B4}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{4258C15C-F3C1-43E7-98A0-402D32A99933}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{42A58AE4-70BE-4AD0-A5E0-E0370D87991D}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{44216C17-32FA-4714-9180-50F2BF850E59}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{448142FA-8304-49DD-B583-DD2B3C88E9D5}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{44F27C99-84CA-4424-AC12-9A19F7B342F7}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{44F9888D-9022-4CF2-BD7C-94602CB7F710}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{45B603E4-E50F-4DD6-BC00-9E90A1F9DB70}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{45EAFD74-BCAE-4038-BA47-DD06E8934D9E}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{47411CC0-6CEC-41C4-9101-3B536627E4B8}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{47A00702-910A-4C68-A042-360C39BA97D1}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{47EADE4A-FC16-4038-8299-63E3B9DAC2F8}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{486E3B8A-5D63-4622-94AF-552300D7B2A6}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{48736D25-5F44-49D7-891E-AE296549CF7C}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{48BB6BF1-EE6D-4EE5-84DE-5A8036E9A8C9}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{48F9DA0C-3E76-4DE5-AF25-49F1E6F02BE2}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{4958E7D4-1891-4E1A-AEB7-7374C2965750}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{49CC5A19-E484-43EE-A7CD-EAB9335E8E89}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{49CEF24D-356A-4204-8B44-E042FDA0ACF5}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{4A37597E-7EA2-46CC-8357-091D94DF93A0}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{4A85CEB2-25EF-44CB-8986-940E836422ED}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{4AC7A881-E50D-41AD-8B05-9F5056F5F658}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{4B84BDED-241E-4B66-9A0D-6A76B122A2B6}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{4BA37F77-01A1-4D04-8046-7F25202C4ED0}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{4BA7B212-D858-47E5-B6AD-BA7D28EE5A0E}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{4C44F372-7803-4F83-ACAD-4A3466079234}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{4CBAE016-8809-4AF7-BFF4-FB1A1C8EB21E}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{4D22F5A2-6F2B-4CD5-AE61-6D7CE1034AC9}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{4D291EFF-3495-4108-8F1B-E412806BF17C}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{4D809AC3-E88F-43A9-89AB-72A813D0E430}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{4D9F27B1-6329-48C8-990F-6E34CB046FBE}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{4DCC943F-1BEE-4703-9013-D46C32DFA0B1}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{4DE9DB5E-3363-4D55-8C7C-ECBDA7F7DB20}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{4E7B6FDE-C722-4CD3-A718-CBA4B87E413E}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{4FD0CDFD-56F6-43AB-A3B4-32F70B9701F1}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{4FDA886B-904C-421A-8A5E-3EEB88BE4142}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{4FE71E16-AD99-45B7-9074-EE513CCC7556}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{500A3D74-04A4-4D56-88E6-7E192C7C88D3}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{508F7FDA-8BE7-4FF5-BFC3-D9C0915EFBD3}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{50A6FC89-98B6-4C9B-8B97-4F5B8427CF75}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{51251B3E-7A1D-4775-BF2B-B464CF24A44F}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{526F16AA-D3F8-4DA3-AB9F-9E7859E22728}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{52EBA11D-AEF8-4D17-B00C-205DACD77560}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{53601FB0-BB85-4484-9C6A-4DC991D062CF}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{536D6D4F-5796-4178-BB6A-A59A815D4E5D}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{53E7C08B-DE27-4D17-A20D-07B4113659F4}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{5411244C-57BD-4DE4-A89A-A865F3314BA4}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{541E923E-5C1E-4B2B-8431-78771CBE0CDA}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{5454EE5B-D1E5-4AF1-943A-DCF7F7BD243B}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{548F390E-EB73-46AD-A887-5A1E67C33BFF}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{55B9C53B-8C99-4BEF-AE86-EDB7095F8A38}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{55DFBEC5-1862-4297-A9BF-FE000C2547F5}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{5659C708-DC48-43CF-99D0-CC8124233B06}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{56B12925-0890-4394-9887-1CEA9E4DA891}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{58626F25-AC18-43DB-BF11-6F5E8922800F}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{5877C54C-D63B-4DC2-BCBF-F9754B550AE3}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{59716979-8A3D-4CB8-AF73-0BDC55C24489}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{59CE2FFC-FF8F-41FF-B884-E8F826CA841F}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{59EF1B80-26B1-43BF-AA5C-16B8989CCC16}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{5A00FE12-53A6-4F3C-A94D-6F8F21C5FE3C}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{5B1A28D3-5ECB-4C0D-8063-30FCE08201CE}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{5BA7DBF2-B9A9-4F92-9367-DEBAA06CDF68}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{5C5D1FFC-5A8B-4876-B949-571FD523A84D}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{5C6F19E7-E7F2-4D7E-9448-2C5D38A52C8C}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{5CBA0B70-4DF9-4B3D-A5C6-2F9A94B77E5B}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{5D436B79-8B2B-4466-9C0A-39AD6CC861D2}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{5DB606AC-85AA-4E91-88C8-727F78D6191B}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{5DFCECD4-50EC-4D54-9E08-CA7FE0810656}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{5E029655-6F29-46AF-9BA3-73FFBC950C76}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{5E06C79C-2659-498E-B885-86334525142B}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{5E6B66D2-52A8-4905-8478-73E524CA1BF5}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{5FC36625-DAB9-45A3-BD42-C4271ECD2467}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{5FD1EC03-FD56-4E6F-8E94-CAE8006705BE}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{60C27252-8FE6-47D2-86B8-F52D187F2357}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{60CF56F0-ABAB-4B6E-AFE9-736FD961D696}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{60FBB44A-BC30-41A4-B7DA-239BF0DC4191}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{6179CBB5-6F34-4DFB-80DC-BFFB58589F9B}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{61B56718-3411-45AA-99D3-C3D4F9462048}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{624B731D-AEF1-4B67-9965-FBC27AE07B6E}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{639B4328-AD22-4921-8DA0-0F8DD3792DD7}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{645DAB95-6B49-4543-8539-039DE5D82052}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{6582A0E1-2E1C-4525-BE3A-1B2A53180C5A}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{65A44654-0672-47EB-A393-ABE155BEE182}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{662ACC7E-1F16-4E95-95EA-5E0AE5A4F6D4}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{66339B0F-CD6F-4576-B1A6-E6EA2B8AAA7A}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{663689F4-F74C-4F6C-87C8-0F8534505C1D}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{665B82DE-D9F1-419B-9E2E-70E34BE16A8F}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{6713B6CF-0E75-43A4-8EA1-F5E1B6EB7EDD}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{671C60C1-CE63-4274-BCCE-0C7D4C19696E}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{672D040E-D5C9-4E36-B59F-877C2F94F1A2}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{67584F8D-5CE8-4A11-9787-668CFAA5E4B6}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{6794F7DC-A561-425D-B0BF-E4D1A076DD28}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{68360941-B6B7-4282-8AA8-2BA381EAD774}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{68810E8F-CAA6-4D2D-9523-3D03656CB9EA}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{68E8B09A-F0FE-42B4-9C6B-964CE078BC7F}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{6994EB62-B2E4-48D0-979C-20745EA0E2D2}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{69A36970-5A59-47D8-B0D3-19B22E650A74}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{6A362D51-B221-4ED9-B577-BE96FFD22D55}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{6A8B442E-9113-4AD0-BC90-A4F01C604F77}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{6A93A3E7-E368-4D87-BAC1-A1D8C657633B}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{6AA3D7F4-E9EE-425E-B9E5-AE1BB5190B62}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{6B10D4A9-3F90-4BE5-AA18-F5E0A1AAF9E1}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{6C6C8A0E-FEDD-4FC9-AB14-6AC190A9B852}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{6CD4B645-CBFC-4392-AB79-8E43BE7F1BCC}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{6CF51E68-EF09-48AB-8E92-73398FFF6F3E}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{6D008D9D-4EBE-4E61-A325-D87F8A3C096E}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{6D2F7B38-89D2-448D-A850-84133FD45AE7}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{6DA5E6AC-5CEB-49C1-981D-7958F19AE262}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{6DB6FB74-388C-4052-8B7D-5FE068682CD8}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{6DD9D1FA-D95B-454B-A1BF-50722164D3AF}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{6E45227B-E719-45F0-A349-92741915D80F}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{6E673E89-345D-466D-B648-C1DC59AE72C6}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{6E785053-CBC2-4AC3-A568-2F48421C9607}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{6F9B111E-B2E3-4BC5-A394-CF27F6E85968}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{6FCAC760-613D-494E-B85D-B2D04057F702}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{713ADE4A-A07D-4AD8-8023-E6D56EA4BC35}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{714073CE-9665-4E10-83C0-7C07F268E81E}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{7143B9FB-B614-459D-96D0-EAFE7295F6E0}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{719423F5-B693-45EF-B619-8B10DC15C48B}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{71976D23-4ECC-4DFC-B485-8B85B67877F6}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{71D296B1-B609-427A-8A2E-C4EC670763D6}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{72947C23-93C2-4C7F-AF35-899D2D3191D3}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{72A985C7-8D4A-4DD6-8B59-F78C162505B0}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{7325B3F7-0284-4AF4-AF0E-75652FEB7A59}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{7391D14D-60F4-42D1-AA36-28AFC28E769D}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{73CF6B25-9DE6-4FF4-B22A-20CF7F8B9B92}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{74347026-EEBA-47AA-BA26-88ABEABAC619}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{7467E2E3-D10F-407B-A648-96B372FBB74A}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{749549CD-9866-4E09-A19F-861B7A7CFB3B}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{74F8BFA7-3685-4C84-B769-BF16EA97114C}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{75A9B940-A293-402A-B81C-52E09B4B0F39}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{75DF8323-8727-4738-9EB6-CB959E2F37E0}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{767F1446-22D7-437A-B2FF-6CAD2355756E}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{76D018FA-692F-4E08-B1D2-36109AC559E9}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{77A17210-4E74-4DC6-B208-C725957332A8}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{77C53D17-5444-4CB4-BC78-BD0DA9F05D80}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{7898D01F-39FB-4754-A124-1F2063CD924A}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{78C297C9-6457-483E-AC7E-D3083BC75F3D}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{7A085A9A-5673-4CFA-BA07-5F30A8353CA3}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{7A718100-0036-4DF6-96F8-1DCA00A7CCAC}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{7B06B939-985A-404C-80D5-34041914AD4F}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{7B13B015-BF25-47F6-90EE-32BB499B56EB}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{7B696C71-BC0B-46D5-884D-C63FBD8A0532}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{7B7B9685-34D6-4841-8680-31CB368B252D}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{7C48F3D0-25DF-4768-A163-BE686B45FC6C}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{7C909B5E-91F6-49D3-9D3B-C0C7910BCF6F}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{7CE15C8D-85B5-4257-A5A4-67FE6A45ADD2}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{7CF2CFAB-8005-4591-AEFF-744443973EC6}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{7D56CE9C-68E1-4D00-B47D-B41E0F36DB54}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{7D62E733-47AA-4D45-8AF4-D5D27106C526}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{7E2BB000-41F8-4267-973B-087F84B8D8BD}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{7E99AEF4-867B-4014-81C0-197F17CCD997}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{7EDB8874-16A3-467E-9B91-D88E95D3D6D0}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{7EF9CE08-97C8-4AD4-9F70-866A0D3BC955}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{7F40DDC1-E4B7-4FA4-8F56-8569B6C32DF9}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{7F64E89A-740F-4BD2-B52C-C9838C2B5CE4}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{7FF6E86A-4A35-41F5-9859-0E050CFBEF74}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{813CF436-17CB-42D1-B78F-4C2CA2706A37}
     
  20. malis2007

    malis2007 TS Rookie Topic Starter Posts: 32

    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{82726490-222F-4927-95CF-8F7FFBC64C6D}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{82857CD4-183F-4E9B-9ACF-63F558B361C0}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{82B08DAC-0FCC-4445-996F-0AC03A730E7A}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{82C8A85B-7F54-4A76-BFCE-21B4F84B2423}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{831275DF-5EBE-4225-B6E7-1E337DECE075}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{831B1097-D713-4870-B1D0-D290471B9606}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{83343B81-609C-4534-BD4F-100C36EBED39}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{83569927-CB56-4F6D-BADE-5AF36C3017ED}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{83F8454D-6D99-484D-89BC-136438475139}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{8470CB3D-1839-4F1B-81FD-453E3B445B67}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{84863541-0F40-499C-811E-44532916A8D1}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{84D3BDB1-7028-45D5-8BFA-3368D76A67ED}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{85CF81A7-D93F-4B39-A2EC-700A76BF1EF9}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{85E78B0C-F002-4997-A988-CD3988AE38CD}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{869A0D67-C754-437B-85B0-EC987A1A375B}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{8716E02A-CEF2-4872-ADF9-0EDD62FA5005}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{8779B2F8-5167-43F1-BCDB-1586475F9ECB}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{87C4301F-6511-4A50-B02D-2D74D8630563}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{87F54B95-3A5F-46D0-8044-E1679266C322}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{8815C6C1-7264-4AD3-AE73-FF4496F1ADFB}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{886F66A7-D466-4FE8-94B3-2D3E4E435902}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{88F05E83-2B25-4F77-A40A-4564A4B5B210}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{89645107-D9A4-4E91-9928-C69A165B78A4}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{8B28746D-FD63-4F82-8AF8-C33E5208B63C}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{8B337FBD-011C-4DDD-8A92-78D23A171A51}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{8B6B2C28-5ED4-48AE-B58D-080F53D784D0}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{8B8EE5E9-18BF-453C-8DF0-BA1DAD6AF8AC}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{8B91EB6F-B906-4CD7-B9AB-95F3A2606EC0}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{8B9857CA-B8A4-4C49-82F4-B6CCEA9D472A}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{8DAB0F9E-2C8E-413A-9769-4FEE6BCF1D43}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{8DCFA73F-755B-4AFE-9C3E-1F84F173821A}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{8E1D5BDB-AF75-4A82-9D3A-1C0789CDDAEA}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{8E5A3976-26A2-46E6-B1FF-9541B88AACF2}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{8F2654F3-0134-4507-9090-F3356462F16F}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{8F56243C-5C02-44D8-91AD-8FFAE8D76166}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{8F68C816-29C8-4550-AD49-56BC40FA8206}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{8F7E36D4-E020-45D4-ACC7-08E1720D877B}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{90786E0F-4B98-43CF-9EA3-966C633BA208}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{90F41BC4-CBF7-4460-8AFE-07DDD5F43F9D}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{9148A40B-F0CF-47DD-B4D0-73B5DD0CEC9A}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{918192AA-65B9-42A8-A0E9-EC080F6FF8A9}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{928993C7-B314-4034-8E9F-EE55E9B036A4}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{92C4BBDA-1B99-4574-83FF-1A6445F01992}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{92D0093C-F5CD-47DF-BE50-5C9375DB757E}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{9306D55A-61B3-4CA8-982C-F4089662F956}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{9313E8B7-B682-4909-89EB-CB7638C9096B}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{937C3561-D752-4034-91CA-EE0771DCAEB7}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{93D0EBB1-BF64-4D9E-9B31-B5E5ACDA3B3A}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{940611FF-7360-4ECA-A902-64BE018C501D}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{9467FDDC-EFE1-4AFD-A496-E94FB8355B64}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{9499F982-BF2F-4906-9D81-63B11CF8C622}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{94B9C886-F606-4E62-8439-B4DB0483A6E5}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{958FC1A8-4643-44FE-BA99-B8419ED29285}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{96E1B93A-773F-4F70-9D8C-20CC2BF8A359}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{97D59F22-5CE1-461B-8E26-0336588755E3}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{9857730B-CE52-4A09-A413-8783E7255AAF}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{98644DEB-C1DE-4898-8D16-69F2F52636A8}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{987C457B-8F0B-485C-9957-1CA21DFC0B79}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{98B7B1ED-422A-48DB-8DA9-66E8369B00E4}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{99106781-4172-4ED2-A8E5-5FDE4D6D4BB8}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{9917407D-9BD1-484C-B7AD-88348D0D0FF4}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{9961A3DF-7844-4EAB-AFC3-39FF7E3CA159}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{99A378B6-409D-4EC1-BBE4-F49B1F8B4B2A}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{99BDA467-4DDA-46E4-8CCD-2B458F27D97E}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{9A961597-79C9-4A74-995F-592C480E5C7C}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{9B033DC8-43BB-43DE-BFFD-38B89FF9A2B6}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{9BC1863B-AEF8-44F6-8B3B-C8ECDEA0860B}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{9BC768AF-07B4-4097-8625-11FFA53A15E1}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{9BD182D9-44FA-48CC-9F39-E73F1A9CE737}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{9BE72F83-7F75-4FF1-B3CB-23D2F793C3AC}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{9D219D88-F9F5-4900-8061-BC62ECD916D0}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{9D2A6E5F-4617-435C-BD6F-97FF3FF29111}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{9D3ED479-0AE7-4FF9-9C67-2745A0334301}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{9D740F75-9E97-4C61-B674-EC893E00FF51}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{9D879F98-1401-421C-84BB-6853693F0E29}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{9DC41EDC-027C-4520-8E14-C70CD5D40A7B}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{9DCA3AD6-5171-4E40-A1C7-90CEBA42263C}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{9DE7510F-DD50-483E-A4AC-D0782C249325}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{9E2749C3-1B34-45AD-92C7-E72D0FC9CCF1}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{9E81BC8F-8A73-41B9-B4C1-B923AE611969}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{9ECA8852-BFA7-4616-9988-D3FE43047B0D}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{9F53B66A-5DAD-411A-8685-4883693E5654}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{9FC1B37B-DF59-4042-8B9C-2DB8B99B8777}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{9FCFFE6C-5F1F-499C-A64B-E8D110E0AC40}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{A01E482C-A3D8-4EB6-AB2E-F0F675DCBFF2}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{A0D2721A-12CD-4AB2-A440-5D3EE0C668B7}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{A226E0EB-8CA2-4013-B1FA-3FD111BD3241}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{A243CAF6-B8F6-4EED-9281-A6C1C7037ABB}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{A2D311AB-AD59-41C8-8EB4-5E4C19F78B02}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{A30CCF93-F6A4-4E28-A247-C56E36120B81}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{A3DCFB95-30D4-4506-BD50-123CB87D3DD5}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{A406DA37-CAF4-4725-90F6-8B969733D53F}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{A426F5AE-78F4-4605-AAFE-BB0F4C0AA6EF}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{A4E8B042-8BC5-40B0-9ACA-16CA4BE20ECC}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{A6118BD8-1FE3-4AB9-9DBA-FAB1B7A5FC5B}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{A7005413-2242-4528-B5BD-861EE28F4C47}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{A711DA95-CE11-429E-A095-72F3D02C3822}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{A7424446-2D75-4B1C-9B63-A89228043238}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{A79514A5-9D3E-4A52-879C-7BEC8DEB10AE}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{A7F607C4-5A10-4B9C-BF8B-60F805563CEC}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{A8472B66-E668-433C-ACC2-1FA616799BCF}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{A8B07C9F-F527-47E4-993F-799110652204}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{A992DCFD-3C72-4BFE-8D51-E59DF326A330}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{A9C42878-2EDA-4387-9C71-7C138916B61E}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{AA02DC5C-082A-49A9-A575-2E505780D2D8}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{AA32E503-719D-47F9-BE9E-A4E3B01CD89D}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{AB084673-EF41-4D72-AE87-CFA57DADA4E7}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{AB40627F-9E6D-4368-B606-C21DC36AB86B}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{AB771FBB-C69E-4367-9BA2-CF63F4B8CDBE}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{ABD0E460-8A81-492D-ACD2-AB5548954DE0}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{ACAF2899-522C-4066-9052-F83CF3C86B23}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{AD36861C-833F-489F-A916-36FB6E3CDBA7}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{AD66315E-C3A0-45E7-937C-805601B14CD4}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{AE8892DF-98DD-451C-8A6F-551FDD542B81}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{AECE10A3-B862-49B0-8153-E938F543D62A}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{AEF79B90-BDC5-4C59-8062-A67A4E3CED68}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{AF631BBF-483A-4336-BF1A-9180F7D0FFE6}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{B0C9A5FC-76E3-4B85-8040-AF62D2FC19FD}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{B2264CCF-7013-4D75-89C9-4A63341D23A8}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{B240EE33-FB6A-4801-94E5-2DF00A6519F2}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{B266B32A-693F-4BC3-BAC1-F9FF874510F1}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{B2FC26C7-9EAB-4121-B307-BC7DB45C8B65}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{B4164BE3-97F3-449D-A21C-DAD89A4E06F4}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{B4902E37-ABBD-433F-B8BA-CD7EE4616163}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{B4982E9D-EDBD-4129-BBBE-8457880D8660}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{B4B5ADFD-C861-4F1F-8692-68F20D34D0B0}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{B53D9AC6-A41A-473B-9930-C217B67F617A}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{B5426F08-3B67-4EA8-A3D8-F38A1D09EDD6}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{B568CF15-4210-4046-A336-059E809F8AF5}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{B56F6F98-D11B-4ECE-9E56-2D241F40B3A3}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{B58A4CED-86CD-4D44-81B3-FA74D2634FE1}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{B622CC57-D3C3-4839-A25B-6C55BF700D8C}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{B6810E78-607D-4587-A8DC-689C79443C59}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{B68C7D3A-71AB-4B5C-9F73-D99E6CE298B7}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{B7DD52E0-F633-4300-8190-B3F8C4E659D9}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{B8428D4E-BDCA-40B2-A356-41794B628ABF}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{B863CE06-B5FF-4F0B-908C-3328894978BF}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{B871B495-8C7B-496E-BAF2-9E859D6693AA}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{B896B401-2C7D-4942-8969-0CE64279FA9B}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{B98507EF-6A28-4CBA-B989-504440FA8836}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{BA15F8F2-1647-4863-85EF-EF42D556F395}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{BA40F120-7FC1-4EE5-93AB-05A44EE1FBE3}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{BA6F45B2-A3B4-47F2-AA72-045BAAA0B8A5}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{BAEC2A2B-90B4-4788-ABBF-BFFAA7E4D710}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{BD22BAB1-D60F-4A8C-BA02-D0FB6E326A98}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{BDCE0CDF-4A87-431E-9D46-70A3C437E4B6}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{BDE80597-11DE-4C86-8E41-B530B0016C71}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{BE568A44-DFA6-485B-A036-FA97ABA05230}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{BE59B43F-52DD-444A-89B1-3F4F40111ADE}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{BE8CBD81-C94F-446F-828E-075209662E35}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{BEB0018A-7F21-43B4-81C1-15C8954130F8}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{BF15A942-C7EA-4A5E-9E07-5E7C8CB2D2B4}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{BFB1BED2-F3DB-4DA6-A61B-5F9066ACFE06}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{C0161B28-CE9D-4DA4-BED2-CF1AACFA30C0}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{C11171AA-7AFE-4EB3-B0F4-3B1D0DDFB5F7}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{C155554F-9736-46E1-9DB3-E7B01B29EE50}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{C2883C76-EF6D-4084-83CF-00AC1CCE4A30}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{C2D08B3F-AFA8-443A-86BA-D394814C9C12}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{C35A08C2-E403-43DE-850D-25FDFBFF1B89}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{C3831119-1F5A-40B9-B458-97B755B84412}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{C39064EB-EACE-4F8E-A152-B87ED0819697}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{C3C4F38E-3C1E-4638-8F38-14C8C5B8FE7E}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{C45B6DC9-DC6F-480F-86FD-F1885306BD02}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{C4C3C437-7DB9-4ADC-AFEB-BE5697002C45}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{C530978A-2645-468A-8D03-D0E2B3E6250B}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{C530FEF9-17C2-4A94-9259-9F7AF1B08894}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{C53262D9-E160-4BFF-B9E4-558DE06678DD}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{C5964CCE-43F5-4794-BF12-6B1B4E87B15E}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{C5BF2F9C-62A5-48BB-A24F-F8BCBBDA9458}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{C5E09A25-2EED-4111-99B8-8ACCB982BBDB}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{C605A728-3109-46E8-ABDB-3241C9776263}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{C6442F56-52CD-4A73-87B4-BD327B94456D}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{C6F7BCBF-C837-4ADE-81A5-96C88B48EC90}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{C7EB25C7-7DBE-4327-863F-537F75F1989E}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{C7FC3405-B38A-4E6F-8B25-53BFC5681352}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{C8491915-BE94-4428-A53A-D3085714046A}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{C84C9A9E-2C71-4120-B996-FC4F6DE80B1D}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{C8830334-45B9-4CA7-B0D3-CE438D563740}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{C90C50DC-BF6F-4C3A-98FC-2A229D731CE4}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{C954CB4B-034F-45FB-BD54-78FF5F6CB43C}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{C95C3F0C-27A4-4ADE-8722-DBC912D5F6E1}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{C9845039-526A-4AE4-A5B6-611CE4AA5167}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{CA7BCBAD-B0E7-4046-9E66-58200D19E707}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{CACB2AF5-35BB-4D03-99DB-5D46D62CA4E2}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{CB02BDFF-F109-4C91-9608-51F2615D8FD9}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{CCD3921A-CAD3-4BEE-A3FB-927D28FEE0DC}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{CD962E93-7340-46C2-8CCE-372EF8D9F329}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{CE58B340-959D-484C-AAC8-F06949A1AD7D}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{CEBD806E-CD9C-489F-BD65-CB35345D22E7}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{CF6E7DD1-B967-44A5-938B-FCFA23FA1BD4}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{CFC3E5CA-3037-47D0-9B03-61B0813BC24B}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{CFD469BB-84E2-4A52-9890-829D8D47C257}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{D03C35A0-8DDB-4BC0-814E-757AF9A1D721}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{D089C3EA-DCFA-45FE-AB74-4B7AC0AB0178}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{D09CE6AC-002F-460A-B47A-F929A0AD86D0}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{D13F0717-B2B9-4649-B7BB-A5638B7BEDC7}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{D5430A0A-A4F4-4943-979B-4D13D4A14119}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{D56F06C9-D941-4C14-9C93-EA8903FA3A86}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{D579A976-B207-4410-A2F5-822A88F3BD4E}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{D5903BA6-9EF1-49FE-9CC3-5BB8673DD23A}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{D5A8FB3F-A547-4DCE-80D5-2FAE244DBDA3}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{D5AEE04C-91B6-4591-823B-35AC639BE56D}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{D625BDB6-B037-413A-9DD8-CE4F9EE694A0}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{D6D197E3-5FFE-44A1-AB35-40089F54D02C}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{D8071330-FD03-41FA-B1F8-68A25EE5DEDB}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{D8DE5FFB-01B9-48EC-964B-72DB00FE2F4A}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{D9A59055-114B-4803-8CB6-FDFC5E412FDC}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{DA280ACD-0F73-4AA0-8210-26461F9D4EBB}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{DA306D19-4606-4EE9-9E46-548A354944E2}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{DA735A37-3635-443B-8F51-9BE53E1CC540}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{DACCEC0A-54B5-4EDF-A1A4-ED49070D8ED2}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{DAD2FE56-4E42-4700-86CC-50209294611F}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{DB21A70A-E890-4339-8C30-1D68979FF04A}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{DB9B16F3-03A6-4014-8FAD-AB43FEF36F72}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{DCCE231D-F4BC-4401-B6AE-4C3B70E77F7A}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{DCDAB9F0-C638-4DCD-ABF5-DB0E68C7F3C4}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{DD3C4972-9E81-42E8-B12F-D96CBD65B8FB}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{DD79DCFE-7C26-427B-B9AF-940DDEE8FBD5}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{DDC2C512-2956-4CFD-B118-AF81FA5654A9}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{DDF7C4B7-A862-4799-AE7F-40D4712E8CA6}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{DE05A347-1A2F-4E13-A761-C3BF72AE90BC}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{DE7AA428-28F3-486C-93FD-96F96BB0AE79}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{DF68AD93-D4D1-4473-B2FE-D772F77F7594}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{DFBF07EE-15BD-4A4C-B8F5-84563749D64F}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{E000404E-C81D-4772-952C-255B83B8E4BC}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{E01FB09A-DFA1-4D7B-9818-1E03AB2912CA}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{E07828D0-866E-41D3-A40B-F8D9C2668AB2}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{E12DF5EC-E14B-456E-AE78-4532A0D0570C}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{E178BF03-2881-4134-A8B0-1C7353FD7F67}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{E1AF70D7-56AA-41AB-B98B-9B637F41FDA1}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{E1D71A6A-749A-449E-92A7-0D747434BEFC}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{E1EADEEC-1D12-4A8C-8026-4CF15ABB8607}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{E1F52EE3-E2BB-4EF6-84FD-0A513BF45B0E}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{E23D7444-F291-4B90-AA5F-BCC6FD8CAEEC}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{E29FE358-D910-4B30-AFBB-424B32EFD21C}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{E4031F6E-E293-4A5F-AAAB-EA8DC51CACD6}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{E4188105-0F25-4D18-8E9C-941CC205BB99}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{E432774D-1660-4177-866E-5FB2F7AB5BCA}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{E45CB480-E4F0-401F-82A7-2E7B340B3489}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{E48D3CE2-4AC0-47AC-B79A-91E195ABB87D}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{E4C4F7A7-E710-4D7C-A226-4EF78FEF3151}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{E4C53E0C-3658-49B0-946C-57FBD416EAA1}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{E4FCC0A1-8B49-4AAE-A0EA-415D25029C6F}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{E5465AFF-536D-4EBC-B9E3-DA5875CDC88A}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{E5F0B010-CC9F-4A0D-8A6A-7F96B0B4DE6A}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{E67AF1F0-6075-4EBF-98FE-4EB447EF3A3A}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{E7226122-8BF3-4782-8AC9-6F19A7177C5C}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{E7614C3D-EEDF-4F49-A21B-928E40B32E89}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{E7CA98A4-CFDC-4AB8-A9E7-8BFE425EC551}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{E816ECAB-0AB1-480B-91A3-B5C5A55D368C}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{E8579FF3-D0E3-4B7F-804F-2B8D68852760}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{E8CBF19C-6851-4E97-8444-57EE6017158A}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{E9230676-F98B-4676-B324-0EE59DF27D20}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{E944EBE9-FBC7-4CC7-8B3F-319D4D79AE6D}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{E98CFE10-1173-4996-9B2A-FA853AF3CD18}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{EB2E521D-65F8-4D06-9EA1-6005E05E4CA1}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{EB6F3FFA-A953-4D00-AE76-30CA24EE2241}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{EBE42314-8831-47EE-90DE-24D571E9DCC0}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{EBFB2C9D-7E64-4F21-B781-E84231A6CFBA}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{EC3DC58C-183A-47B5-A7AB-CEE4BB1E9AE3}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{ECA32F43-DA2D-42A3-8CCF-53740A929399}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{ED764D0B-7434-44D9-BF78-B7CDF007CF35}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{EE0E76BA-229C-455B-9FCA-CB97EDF067CB}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{EE1F833A-7D07-4F0D-907C-7BA34136E429}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{EE7ADF4C-D034-4877-8397-1B8EC53F5181}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{EED3E498-59DD-469B-9A4E-2CCD9E4D58B5}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{EEE899B8-8100-41FD-BB88-250B55E8893C}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{EF8D790E-1220-4E43-939D-5E13A09025A8}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{EFB7ABD4-FA74-4EEE-B194-D65D0C4864EE}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{F22E1FDE-5DED-4B4C-BA71-19B4CA5C6C95}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{F239C14E-B9DB-4AFD-9911-28DF0F9F2CDF}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{F31E1D3B-89CC-4404-AE1F-CD6D174D9D8B}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{F322F8C8-5107-4BE8-BAB5-B7E0D3E82126}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{F3743AF3-B878-4A4E-BC04-5497430C6FC3}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{F39FC0AC-D42F-46E1-86B8-86719958D13C}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{F49C710F-FC72-4984-A976-4DCE763398D8}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{F4A077AB-C2E2-47BE-B8A6-89BBDCD4C3E4}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{F615C2B4-BB79-458B-9C55-7752838E41B0}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{F63215A4-2816-48A4-89C9-BD3500932CC6}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{F6616E7C-5CBA-4B54-BE00-45389713B7D5}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{F6780046-8CA5-4492-81AA-5E5613AF31A3}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{F6C79370-555C-4660-AE3E-56E40919193C}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{F717FE7B-126D-43EA-9DDB-56C6386F37F0}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{F750033C-7597-43A6-BF8A-A5A5D25F6FF4}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{F756BA3F-F2ED-40DF-A696-67037FF9149D}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{F7645873-C239-42E5-882C-16808935A64C}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{F7684A53-8EC2-4A31-A163-49EA2C3623E5}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{F7EC79B2-1426-48EA-B9E0-0C2FF82FDE68}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{F80C337B-8C79-42D7-937C-72875A5C39F3}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{F811C7EB-D855-4638-8150-6275D686A201}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{F8656CDA-7354-40DF-AD6E-58FC36951EAD}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{F8805B9B-57CD-4402-A60B-A2B2AD29E84B}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{F882168E-D137-4F88-A5D3-9AB36174DD2A}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{F889C89D-35F8-45B6-B0ED-A55974FB5CF5}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{F9365D7E-C7A1-4ACE-B362-FEC8CDEA8A02}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{F9BB3479-EA07-4D57-981F-63B25F3A4A6C}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{FD02DAF6-7B5A-440D-B4F5-763DD6132A60}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{FDAF53ED-3198-4B55-B983-D07D760CC1C0}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{FE66CCFC-33AE-4A8E-A09F-C155A4AB0DCB}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{FED29228-B44C-41E0-B089-25C218FDAE74}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{FF09F02E-AF49-4E20-B128-F492E6EFB4AA}
    Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{FF94A958-8FCC-4536-B0BF-C275D33094C5}



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Sun 06/23/2013 at 12:40:49.52
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  21. malis2007

    malis2007 TS Rookie Topic Starter Posts: 32

    OTL.txt :

    OTL logfile created on: 23/06/2013 12:43:28 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ali\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16614)
    Locale: 00000C01 | Country: Egypt | Language: ARE | Date Format: dd/MM/yyyy

    5.93 Gb Total Physical Memory | 4.59 Gb Available Physical Memory | 77.52% Memory free
    5.92 Gb Paging File | 4.57 Gb Available in Paging File | 77.06% Paging File free
    Paging file location(s): [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 149.04 Gb Total Space | 32.28 Gb Free Space | 21.66% Space Free | Partition Type: NTFS
    Drive D: | 425.64 Gb Total Space | 50.22 Gb Free Space | 11.80% Space Free | Partition Type: NTFS

    Computer Name: S34N | User Name: ali | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/06/23 12:16:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ali\Desktop\OTL.exe
    PRC - [2013/05/16 16:44:05 | 001,012,000 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
    PRC - [2013/05/16 16:38:39 | 001,826,592 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    PRC - [2013/05/12 15:43:32 | 000,413,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2013/03/21 15:19:46 | 001,341,664 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
    PRC - [2012/08/15 15:18:06 | 000,104,088 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe


    ========== Modules (No Company Name) ==========


    ========== Services (SafeList) ==========

    SRV:64bit: - [2013/06/18 10:05:05 | 000,194,440 | ---- | M] (Red Gate Software Ltd.) [On_Demand | Stopped] -- C:\Program Files\Red Gate\ANTS Performance Profiler 8\RedGate.Profiler.IISService.exe -- (ANTS Performance Profiler 8 Service)
    SRV:64bit: - [2013/06/18 10:04:54 | 000,143,288 | ---- | M] (Red Gate Software Ltd.) [On_Demand | Stopped] -- C:\Program Files\Red Gate\ANTS Memory Profiler 7\RedGate.Memory.IISService.exe -- (ANTS Memory Profiler 7 Service)
    SRV:64bit: - [2013/03/21 15:19:46 | 001,341,664 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
    SRV:64bit: - [2010/06/22 21:20:42 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Disabled | Stopped] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
    SRV:64bit: - [2010/04/17 02:07:42 | 000,134,928 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
    SRV:64bit: - [2009/08/03 02:54:14 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Disabled | Stopped] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
    SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2013/05/16 16:38:39 | 001,826,592 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
    SRV - [2013/05/12 15:43:32 | 000,413,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2013/04/19 15:14:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2013/03/25 12:37:32 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/08/15 15:18:40 | 000,357,016 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
    SRV - [2012/08/15 15:17:26 | 000,435,864 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
    SRV - [2012/08/15 14:36:34 | 015,680,000 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe -- (VMwareHostd)
    SRV - [2012/08/15 13:19:58 | 000,079,872 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
    SRV - [2012/08/01 17:10:32 | 000,917,656 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService)
    SRV - [2012/07/25 18:58:26 | 000,126,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe -- (Te.Service)
    SRV - [2012/07/25 18:13:16 | 000,139,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe -- (fussvc)
    SRV - [2012/07/09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/11/27 00:55:42 | 000,398,176 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
    SRV - [2009/12/15 10:39:38 | 000,096,896 | ---- | M] (ASUS) [Disabled | Stopped] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
    SRV - [2009/10/01 05:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
    SRV - [2009/10/01 05:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
    SRV - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
    SRV - [2009/06/15 17:30:42 | 000,084,536 | ---- | M] (ASUS) [Disabled | Stopped] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
    SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2008/03/31 02:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2013/03/25 14:28:02 | 000,350,160 | ---- | M] (BitDefender S.R.L.) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\trufos.sys -- (trufos)
    DRV:64bit: - [2013/02/25 07:27:45 | 000,194,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
    DRV:64bit: - [2013/02/20 16:34:58 | 000,131,856 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
    DRV:64bit: - [2013/02/20 11:07:40 | 000,058,416 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
    DRV:64bit: - [2013/02/20 11:07:38 | 000,213,416 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
    DRV:64bit: - [2013/02/06 13:57:55 | 000,032,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hitmanpro37.sys -- (hitmanpro37)
    DRV:64bit: - [2013/02/05 22:06:06 | 000,057,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
    DRV:64bit: - [2013/01/10 21:44:02 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
    DRV:64bit: - [2013/01/10 15:08:16 | 000,190,232 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
    DRV:64bit: - [2013/01/10 15:08:16 | 000,059,440 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EpfwLWF.sys -- (EpfwLWF)
    DRV:64bit: - [2013/01/10 15:08:14 | 000,150,616 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
    DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2012/11/22 02:43:14 | 000,165,112 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\idmwfp.sys -- (IDMWFP)
    DRV:64bit: - [2012/11/08 01:52:06 | 000,077,040 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FLxHCIh.sys -- (FLxHCIh)
    DRV:64bit: - [2012/11/08 01:42:06 | 000,249,584 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FLxHCIc.sys -- (FLxHCIc)
    DRV:64bit: - [2012/08/23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2012/08/23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2012/08/15 15:18:16 | 000,067,224 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
    DRV:64bit: - [2012/08/15 15:18:08 | 000,030,360 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
    DRV:64bit: - [2012/08/15 15:16:52 | 000,045,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
    DRV:64bit: - [2012/08/15 15:16:50 | 000,020,120 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
    DRV:64bit: - [2012/08/01 17:10:36 | 000,052,376 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
    DRV:64bit: - [2012/08/01 17:10:24 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb)
    DRV:64bit: - [2012/07/06 12:29:52 | 000,085,104 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
    DRV:64bit: - [2012/07/06 12:29:52 | 000,070,256 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vsock.sys -- (vsock)
    DRV:64bit: - [2012/04/14 02:55:20 | 000,054,272 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stppp.sys -- (stppp)
    DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2011/09/22 21:01:54 | 000,311,144 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0105.sys -- (RsFx0105)
    DRV:64bit: - [2011/06/27 01:37:00 | 002,753,536 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
    DRV:64bit: - [2011/03/22 11:38:01 | 000,058,880 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\steth.sys -- (STETH)
    DRV:64bit: - [2011/03/22 11:38:00 | 000,047,616 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\st330.sys -- (ST330)
    DRV:64bit: - [2011/03/22 11:38:00 | 000,024,576 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stbus.sys -- (STBUS)
    DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/01/15 03:33:02 | 000,035,384 | ---- | M] (ASUSTek Computer Inc) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\AsDsm.sys -- (AsDsm)
    DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/08/16 15:49:59 | 000,024,680 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
    DRV:64bit: - [2010/07/21 07:33:49 | 000,129,024 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
    DRV:64bit: - [2010/05/03 05:46:03 | 000,044,032 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
    DRV:64bit: - [2010/04/17 02:07:28 | 000,013,832 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
    DRV:64bit: - [2010/04/14 01:01:44 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
    DRV:64bit: - [2010/03/03 13:51:39 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2009/09/17 22:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
    DRV:64bit: - [2009/08/20 04:41:37 | 001,800,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC)
    DRV:64bit: - [2009/08/05 13:59:48 | 000,987,648 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
    DRV:64bit: - [2009/07/20 11:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
    DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/07 14:48:44 | 000,035,376 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\purendis.sys -- (purendis)
    DRV:64bit: - [2009/07/07 14:48:44 | 000,033,328 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\pnarp.sys -- (pnarp)
    DRV:64bit: - [2009/07/01 06:46:51 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
    DRV:64bit: - [2009/07/01 06:46:47 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
    DRV:64bit: - [2009/07/01 06:46:39 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
    DRV:64bit: - [2009/06/10 22:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
    DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 22:34:18 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
    DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/13 19:07:20 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
    DRV:64bit: - [2009/04/07 09:33:07 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
    DRV:64bit: - [2008/05/24 03:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
    DRV - [2012/07/13 16:13:14 | 000,070,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys -- (VSPerfDrv110)
    DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
    DRV - [2009/07/02 17:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
    IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
    IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7


    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-131767206-1543947898-356316412-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\ali\Downloads
    IE - HKU\S-1-5-21-131767206-1543947898-356316412-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ye1.org/
    IE - HKU\S-1-5-21-131767206-1543947898-356316412-1001\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-21-131767206-1543947898-356316412-1001\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
    IE - HKU\S-1-5-21-131767206-1543947898-356316412-1001\..\SearchScopes\{7211B126-D463-4F47-99A6-8810D3DBF6E2}: "URL" = http://www.bing.com/search?FORM=BDKTDF&PC=BDT3&q={searchTerms}&src=IE-SearchBox
    IE - HKU\S-1-5-21-131767206-1543947898-356316412-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-131767206-1543947898-356316412-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

    IE - HKU\S-1-5-21-131767206-1543947898-356316412-1022\..\SearchScopes,DefaultScope =

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledAddons: mozilla_cc%40internetdownloadmanager.com:7.3.38
    FF - prefs.js..extensions.enabledAddons: %7B8f8fe09b-0bd3-4470-bc1b-8cad42b8203a%7D:0.17
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
    FF - HKLM\Software\MozillaPlugins\google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)

    64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD [2013/05/27 19:39:04 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/03 19:05:03 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2013/05/27 19:39:04 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\ali\AppData\Roaming\IDM\idmmzcc5 [2013/03/08 02:38:55 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\ali\AppData\Roaming\IDM\idmmzcc5 [2013/03/08 02:38:55 | 000,000,000 | ---D | M]

    [2013/03/21 01:23:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ali\AppData\Roaming\mozilla\Extensions
    [2013/02/06 13:52:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ali\AppData\Roaming\mozilla\Firefox\extensions
    [2013/03/21 01:37:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ali\AppData\Roaming\mozilla\Firefox\Profiles\94np9vd1.default\extensions
    [2013/03/21 01:37:17 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Users\ali\AppData\Roaming\mozilla\Firefox\Profiles\94np9vd1.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
    [2013/03/08 02:38:55 | 000,000,000 | ---D | M] (IDM CC) -- C:\USERS\ALI\APPDATA\ROAMING\IDM\IDMMZCC5
     
  22. malis2007

    malis2007 TS Rookie Topic Starter Posts: 32

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = http://www.google.com.eg/search?q={searchTerms}
    CHR - default_search_provider: suggest_url = ,
    CHR - homepage: http://www.google.com/
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Disabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Disabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll
    CHR - plugin: Mixesoft Click&Clean Plug-In (Enabled) = C:\Users\ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\8.0.1_0\plugin/npccch32.dll
    CHR - plugin: Bitdefender QuickScan (Enabled) = C:\Users\ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\8.0.1_0\plugin/npqscan.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Microsoft Office 2010 (Disabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    CHR - plugin: Google Earth Plugin (Disabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Silverlight Plug-In (Disabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
    CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
    CHR - plugin: Photo Gallery (Disabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: iTunes Application Detector (Disabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: PDF-XChange Viewer (Disabled) = C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll
    CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Disabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
    CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Disabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
    CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Disabled) = C:\Windows\SysWOW64\npDeployJava1.dll
    CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Disabled) = c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll
    CHR - plugin: RealJukebox NS Plugin (Disabled) = c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll
    CHR - plugin: RealPlayer Version Plugin (Disabled) = c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll
    CHR - Extension: Magic Actions for YouTube\u2122 = C:\Users\ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif\5.8.6_0\
    CHR - Extension: Splendid = C:\Users\ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdfkbdkkfmmckaadapdipihjfaacnkgd\3_0\
    CHR - Extension: WOT = C:\Users\ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.4.12_0\
    CHR - Extension: Adblock Plus = C:\Users\ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4.1_0\
    CHR - Extension: Page load time = C:\Users\ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\fploionmjgeclbkemipmkogoaohcdbig\1.2_0\
    CHR - Extension: Click&Clean = C:\Users\ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\8.3_0\
    CHR - Extension: AdBlock = C:\Users\ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.65_0\
    CHR - Extension: Allow Right-Click = C:\Users\ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\hompjdfbfmmmgflfjdlnkohcplmboaeo\1.2.15_0\
    CHR - Extension: New Tab Redirect! = C:\Users\ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna\2.0_0\
    CHR - Extension: IDM Integration = C:\Users\ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm\6.15.12.2_0\
    CHR - Extension: Smooth Gestures = C:\Users\ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfkgmnnajiljnolcgolmmgnecgldgeld\0.17.7_0\
    CHR - Extension: Clock = C:\Users\ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjocghlclkpgheifflemilcnblodjohg\1.16_0\
    CHR - Extension: betterChrome - Browse 15% faster = C:\Users\ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbegekjleoplkhibgbmkmnnfffcpfanh\1.2.2_0\
    CHR - Extension: Click&Clean App = C:\Users\ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp\8.0_1\
    CHR - Extension: Bitdefender QuickScan = C:\Users\ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.118_1\

    O1 HOSTS File: ([2013/06/21 11:48:57 | 000,001,058 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: 127.0.0.1 tonec.com
    O1 - Hosts: 127.0.0.1 http://www.tonec.com
    O1 - Hosts: 127.0.0.1 registeridm.com
    O1 - Hosts: 127.0.0.1 http://www.registeridm.com
    O1 - Hosts: 127.0.0.1 secure.registeridm.com
    O1 - Hosts: 127.0.0.1 internetdownloadmanager.com
    O1 - Hosts: 127.0.0.1 http://www.internetdownloadmanager.com
    O1 - Hosts: 127.0.0.1 secure.internetdownloadmanager.com
    O1 - Hosts: 127.0.0.1 mirror.internetdownloadmanager.com
    O1 - Hosts: 127.0.0.1 secure.internetdownloadmanager.com
    O1 - Hosts: 127.0.0.1 mirror2.internetdownloadmanager.com
    O1 - Hosts: 127.0.0.1 mirror3.internetdownloadmanager.com
    O1 - Hosts: 127.0.0.1 mirror3.tonec.com/idman519.exe
    O1 - Hosts: 127.0.0.1 mirror3.internetdownloadmanager.com/idman60b.exe
    O1 - Hosts: 127.0.0.1 http://mirror3.internetdownloadmanager.com/idman604.exe
    O1 - Hosts: 127.0.0.1 http://mirror3.tonec.com/idman604.exe
    O1 - Hosts: 127.0.0.1 http://www.internetdownloadmanager.com/buy.html
    O1 - Hosts: 127.0.0.1 mirror3.internetdownloadmanager.com/idman604.exe
    O1 - Hosts: 127.0.0.1 mirror3.tonec.com/idman604.exe
    O1 - Hosts: 127.0.0.1 http://www.internetdownloadmanager.com/buy.html
    O2:64bit: - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
    O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Microsoft Web Test Recorder 10.0 Helper) - {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} - C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
    O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
    O4 - HKLM..\Run: [vmware-tray.exe] C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
    O4 - HKU\S-1-5-21-131767206-1543947898-356316412-1001..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.)
    O4 - HKU\S-1-5-21-131767206-1543947898-356316412-1001..\Run: [VistaSwitcher] C:\Program Files\VistaSwitcher\vswitch64.exe (NTWind Software)
    O4 - HKU\S-1-5-21-131767206-1543947898-356316412-1022..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-131767206-1543947898-356316412-1022..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 253
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun- = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun- = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-131767206-1543947898-356316412-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-131767206-1543947898-356316412-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
    O7 - HKU\S-1-5-21-131767206-1543947898-356316412-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun- = 0
    O7 - HKU\S-1-5-21-131767206-1543947898-356316412-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun- = 0
    O7 - HKU\S-1-5-21-131767206-1543947898-356316412-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKU\S-1-5-21-131767206-1543947898-356316412-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 253
    O7 - HKU\S-1-5-21-131767206-1543947898-356316412-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\S-1-5-21-131767206-1543947898-356316412-1022\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8:64bit: - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
    O8:64bit: - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
    O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
    O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 41.128.225.225 41.128.225.226
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1DF79A7C-6F29-4AAF-B4FD-772F63ACE586}: DhcpNameServer = 41.128.225.225 41.128.225.226
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1DF79A7C-6F29-4AAF-B4FD-772F63ACE586}: NameServer = 208.67.222.123,208.67.220.123,192.168.1.1
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\gopher - No CLSID value found
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2013/03/14 20:30:46 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
    O32 - AutoRun File - [2013/03/14 20:30:46 | 000,000,000 | R--D | M] - D:\autorun.inf -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

     
  23. malis2007

    malis2007 TS Rookie Topic Starter Posts: 32

    ========== Files/Folders - Created Within 30 Days ==========

    [2019/10/09 10:40:57 | 000,000,000 | ---D | C] -- C:\Users\ali\AppData\Roaming\Crypto Obfuscator For .Net v2012 R2
    [2013/06/23 12:31:49 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
    [2013/06/23 12:30:40 | 000,000,000 | ---D | C] -- C:\JRT
    [2013/06/23 12:16:26 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\ali\Desktop\OTL.exe
    [2013/06/23 12:15:52 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\ali\Desktop\JRT.exe
    [2013/06/21 18:03:09 | 000,000,000 | ---D | C] -- C:\Users\ali\AppData\Local\Temporary Projects
    [2013/06/21 17:05:49 | 000,000,000 | ---D | C] -- C:\Program Files\SAMSUNG
    [2013/06/21 17:03:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
    [2013/06/21 15:55:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\S34NCS OC
    [2013/06/21 15:55:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\S34NCS OC
    [2013/06/21 15:45:52 | 000,000,000 | ---D | C] -- C:\Users\ali\Desktop\S34NCS
    [2013/06/21 08:19:20 | 000,000,000 | ---D | C] -- C:\Users\ali\AppData\Local\temp
    [2013/06/21 08:08:26 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2013/06/21 08:05:35 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2013/06/21 07:09:31 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2013/06/20 20:20:13 | 000,000,000 | ---D | C] -- C:\Users\ali\Desktop\Pics
    [2013/06/20 20:19:04 | 000,000,000 | ---D | C] -- C:\Users\ali\Desktop\Txt files
    [2013/06/20 11:35:45 | 000,000,000 | ---D | C] -- C:\Users\ali\AppData\Local\NVIDIA
    [2013/06/20 09:05:12 | 000,000,000 | ---D | C] -- C:\Windows\gif
    [2013/06/20 07:53:14 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2013/06/20 07:53:14 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2013/06/20 07:53:14 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2013/06/20 07:52:59 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2013/06/20 07:52:44 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2013/06/20 07:48:25 | 005,081,560 | R--- | C] (Swearware) -- C:\Users\ali\Desktop\ComboFix.exe
    [2013/06/20 04:25:45 | 000,000,000 | ---D | C] -- C:\Users\ali\AppData\Roaming\vlc
    [2013/06/20 04:25:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
    [2013/06/20 04:19:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    [2013/06/20 04:19:12 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2013/06/20 04:19:10 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2013/06/20 04:19:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
    [2013/06/20 04:19:10 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    [2013/06/20 04:07:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
    [2013/06/20 04:06:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
    [2013/06/20 04:03:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
    [2013/06/19 14:03:19 | 000,000,000 | ---D | C] -- C:\Users\ali\Desktop\Testing
    [2013/06/19 07:37:00 | 000,000,000 | ---D | C] -- C:\Windows\en
    [2013/06/19 07:25:04 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
    [2013/06/19 07:24:57 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
    [2013/06/19 06:45:48 | 000,000,000 | ---D | C] -- C:\Program Files\Types
    [2013/06/19 02:45:23 | 000,070,256 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vsock.sys
    [2013/06/19 02:45:23 | 000,067,224 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\vsocklib.dll
    [2013/06/19 02:45:23 | 000,063,128 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vsocklib.dll
    [2013/06/19 02:45:15 | 000,067,224 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmx86.sys
    [2013/06/19 02:44:32 | 000,357,016 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vmnetdhcp.exe
    [2013/06/19 02:44:28 | 000,435,864 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vmnat.exe
    [2013/06/19 02:44:28 | 000,030,360 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmnetuserif.sys
    [2013/06/19 02:44:12 | 000,933,528 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\vnetlib64.dll
    [2013/06/19 02:43:58 | 000,052,376 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\hcmon.sys
    [2013/06/19 02:43:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
    [2013/06/19 02:43:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\VMware
    [2013/06/19 02:40:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\VMware
    [2013/06/19 02:40:30 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Shared Virtual Machines
    [2013/06/18 16:06:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla Server
    [2013/06/18 10:17:13 | 000,000,000 | -H-D | C] -- C:\Users\ali\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
    [2013/06/18 10:14:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Red Gate
    [2013/06/18 10:13:48 | 000,000,000 | ---D | C] -- C:\Program Files\Red Gate
    [2013/06/16 03:02:08 | 000,000,000 | ---D | C] -- C:\Users\ali\AppData\Local\VSIXInstaller
    [2013/06/15 21:46:15 | 000,000,000 | ---D | C] -- C:\Users\ali\Desktop\Skype
    [2013/06/12 23:57:45 | 000,000,000 | ---D | C] -- C:\Users\ali\Desktop\VBNet Themes
    [2013/06/11 18:40:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nokia
    [2013/06/11 16:30:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    [2013/06/10 21:10:09 | 000,000,000 | ---D | C] -- C:\Users\ali\AppData\Local\Brice_Lambson
    [2013/06/10 21:08:08 | 000,000,000 | ---D | C] -- C:\Program Files\Image Resizer for Windows
    [2013/06/10 21:08:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Image Resizer for Windows
    [2013/06/10 21:08:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image Resizer for Windows
    [2013/06/07 23:15:21 | 000,000,000 | ---D | C] -- C:\RegBackup
    [2013/06/07 22:57:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2013/06/07 21:11:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
    [2013/06/07 21:10:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
    [2013/06/07 20:55:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MeteorEntertainment
    [2013/06/07 20:55:26 | 000,000,000 | ---D | C] -- C:\Users\ali\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Meteor Entertainment
    [2013/06/06 02:34:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
    [2013/06/06 02:33:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works
    [2013/06/06 02:33:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio
    [2013/06/06 02:31:38 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
    [2013/06/06 02:30:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
    [2013/06/06 02:30:35 | 000,000,000 | R--D | C] -- C:\MSOCache
    [2013/06/05 13:49:05 | 000,000,000 | ---D | C] -- C:\Users\ali\AppData\Roaming\NuGet
    [2013/06/03 15:52:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    [2013/06/03 15:52:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
    [2013/06/03 13:55:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Expression
    [2013/06/03 13:39:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Web Tools
    [2013/06/02 23:33:40 | 000,360,448 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\SysWow64\tx4ole14.ocx
    [2013/06/02 23:33:39 | 000,610,304 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\SysWow64\tx14_pdf.dll
    [2013/06/02 23:33:39 | 000,552,960 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\SysWow64\tx14_rtf.dll
    [2013/06/02 23:33:39 | 000,385,024 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\SysWow64\tx14_xml.dll
    [2013/06/02 23:33:39 | 000,253,952 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\SysWow64\tx14_png.flt
    [2013/06/02 23:33:39 | 000,217,088 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\SysWow64\tx14_tls.dll
    [2013/06/02 23:33:39 | 000,073,728 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\SysWow64\tx14_tif.flt
    [2013/06/02 23:33:39 | 000,065,536 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\SysWow64\tx14_wnd.dll
    [2013/06/02 23:33:39 | 000,053,248 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\SysWow64\tx14_wmf.flt
    [2013/06/02 23:33:38 | 001,056,768 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\SysWow64\tx14_dox.dll
    [2013/06/02 23:33:38 | 000,765,952 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\SysWow64\tx14.dll
    [2013/06/02 23:33:38 | 000,667,648 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\SysWow64\tx14_doc.dll
    [2013/06/02 23:33:38 | 000,331,776 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\SysWow64\tx14_css.dll
    [2013/06/02 23:33:38 | 000,327,680 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\SysWow64\tx14_obj.dll
    [2013/06/02 23:33:38 | 000,249,856 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\SysWow64\tx14_htm.dll
    [2013/06/02 23:33:38 | 000,200,704 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\SysWow64\tx14_jpg.flt
    [2013/06/02 23:33:38 | 000,131,072 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\SysWow64\tx14_ic.dll
    [2013/06/02 23:33:38 | 000,061,440 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\SysWow64\tx14_bmp.flt
    [2013/06/02 23:33:38 | 000,057,344 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\SysWow64\tx14_gif.flt
    [2013/06/02 23:33:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Word PDF Converter
    [2013/06/02 20:24:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
    [2013/06/02 20:24:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services
    [2013/06/02 20:23:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010 Express
    [2013/06/02 20:22:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 10.0
    [2013/05/31 21:30:49 | 000,000,000 | ---D | C] -- C:\Users\ali\AppData\Roaming\Microsoft FxCop
    [2013/05/31 03:01:42 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
    [2013/05/30 21:34:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Visual Studio
    [2013/05/30 13:34:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Sidebar
    [2013/05/30 13:23:08 | 000,181,064 | ---- | C] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
    [2013/05/29 15:50:11 | 000,000,000 | ---D | C] -- C:\Users\ali\Documents\Visual Studio 2012
    [2013/05/29 15:42:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 5 SDK
    [2013/05/29 15:39:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 4 SDK
    [2013/05/29 15:28:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
    [2013/05/29 15:16:23 | 000,000,000 | ---D | C] -- C:\Program Files\Application Verifier
    [2013/05/29 15:16:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Verifier
    [2013/05/29 15:14:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows App Certification Kit
    [2013/05/29 15:00:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
    [2013/05/29 15:00:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Microsoft
    [2013/05/29 14:31:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft ASP.NET
    [2013/05/29 14:28:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
    [2013/05/29 14:26:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NuGet
    [2013/05/29 14:20:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft WCF Data Services
    [2013/05/29 14:20:21 | 000,000,000 | ---D | C] -- C:\Program Files\IIS
    [2013/05/29 14:20:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IIS
    [2013/05/29 14:02:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Kits
    [2013/05/29 13:24:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HTML Help Workshop
    [2013/05/29 13:23:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Help Viewer
    [2013/05/29 13:06:36 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\1033
    [2013/05/29 12:31:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Merge Modules
    [2013/05/29 12:27:20 | 000,000,000 | ---D | C] -- C:\Users\ali\AppData\Roaming\ImTOO
    [2013/05/29 12:26:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImTOO
    [2013/05/29 12:24:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2012
    [2013/05/29 12:23:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 11.0
    [2013/05/29 12:23:55 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\1033
    [2013/05/29 12:23:50 | 000,000,000 | ---D | C] -- C:\Windows\symbols
    [2013/05/29 12:23:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 11.0
    [2013/05/29 12:23:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SDKs
    [2013/05/29 12:05:18 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1991-06.com.microsoft
    [2013/05/29 12:05:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
    [2013/05/27 19:39:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
    [2013/05/27 19:39:02 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
    [2013/05/26 15:12:45 | 000,000,000 | ---D | C] -- C:\Evolution Games
    [2013/05/26 14:58:12 | 000,000,000 | ---D | C] -- C:\Users\ali\Desktop\Ace Evolution
    [2013/05/26 14:39:29 | 000,000,000 | ---D | C] -- C:\Users\ali\AppData\Roaming\GlarySoft
    [2013/05/26 14:39:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Absolute Uninstaller
    [2013/05/26 02:14:39 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
    [2012/08/15 11:20:36 | 002,174,976 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Program Files (x86)\Common Files\atimpenc.dll

    ========== Files - Modified Within 30 Days ==========

    [2013/06/23 12:32:03 | 000,010,240 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/06/23 12:32:03 | 000,010,240 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/06/23 12:25:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/06/23 12:16:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ali\Desktop\OTL.exe
    [2013/06/23 12:15:56 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\ali\Desktop\JRT.exe
    [2013/06/23 12:15:06 | 000,648,201 | ---- | M] () -- C:\Users\ali\Desktop\adwcleaner.exe
    [2013/06/22 16:02:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013/06/22 03:43:56 | 000,119,458 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2013/06/22 03:43:56 | 000,087,182 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2013/06/22 03:43:56 | 000,031,794 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2013/06/21 17:18:56 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01007.Wdf
    [2013/06/21 15:55:10 | 000,000,981 | ---- | M] () -- C:\Users\Public\Desktop\S34NCS OC.lnk
    [2013/06/21 11:48:57 | 000,001,058 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2013/06/21 07:08:46 | 005,081,560 | R--- | M] (Swearware) -- C:\Users\ali\Desktop\ComboFix.exe
    [2013/06/20 11:34:38 | 000,001,309 | ---- | M] () -- C:\Users\Public\Desktop\GeForce Experience.lnk
    [2013/06/20 04:25:35 | 000,001,028 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
    [2013/06/20 04:19:46 | 000,001,745 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2013/06/20 04:07:18 | 000,001,807 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
    [2013/06/19 07:15:13 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2013/06/19 06:45:49 | 000,000,114 | ---- | M] () -- C:\Users\ali\Desktop\Types.url
    [2013/06/19 02:45:33 | 000,000,990 | ---- | M] () -- C:\Users\ali\Application Data\Microsoft\Internet Explorer\Quick Launch\VMware Workstation.lnk
    [2013/06/19 02:43:38 | 000,001,024 | ---- | M] () -- C:\.rnd
    [2013/06/19 02:43:31 | 000,124,444 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2013/06/19 02:43:28 | 000,002,089 | ---- | M] () -- C:\Users\Public\Desktop\VMware Workstation.lnk
    [2013/06/17 04:16:59 | 000,007,596 | ---- | M] () -- C:\Users\ali\AppData\Local\Resmon.ResmonCfg
    [2013/06/16 00:31:29 | 000,000,000 | ---- | M] () -- C:\Users\ali\AppData\Local\debuggee.mdmp
    [2013/06/12 23:14:32 | 000,181,064 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
    [2013/06/10 04:04:16 | 000,000,262 | ---- | M] () -- C:\Users\ali\Desktop\CP.bat
    [2013/06/08 17:41:27 | 000,394,760 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2013/06/07 23:16:50 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-S34N-Microsoft-Windows-7-Home-Premium-(64-bit).dat
    [2013/06/07 00:02:38 | 000,001,095 | ---- | M] () -- C:\Users\ali\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
    [2013/06/05 13:57:23 | 000,000,860 | ---- | M] () -- C:\noavatar.jpg
    [2013/05/31 22:48:42 | 000,012,657 | ---- | M] () -- C:\roflmfao.gif
    [2013/05/31 21:06:10 | 000,001,209 | ---- | M] () -- C:\Users\ali\Application Data\Microsoft\Internet Explorer\Quick Launch\FileZilla.lnk
    [2013/05/30 13:22:54 | 000,001,750 | ---- | M] () -- C:\Users\ali\Desktop\PsExe.lnk
    [2013/05/26 16:07:22 | 000,001,475 | ---- | M] () -- C:\Users\ali\Desktop\TFC.lnk
    [2013/05/26 16:07:21 | 000,001,913 | ---- | M] () -- C:\Users\ali\Desktop\DsnJumper.lnk
    [2013/05/26 16:07:21 | 000,001,440 | ---- | M] () -- C:\Users\ali\Desktop\Unlocker.lnk
    [2013/05/26 15:15:52 | 000,001,829 | ---- | M] () -- C:\Users\Public\Desktop\Launch Ace Evolution.lnk
    [1 C:\Windows\SysNative\drivers\etc\*.tmp files -> C:\Windows\SysNative\drivers\etc\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/06/23 12:15:00 | 000,648,201 | ---- | C] () -- C:\Users\ali\Desktop\adwcleaner.exe
    [2013/06/21 17:18:56 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01007.Wdf
    [2013/06/21 15:55:10 | 000,000,981 | ---- | C] () -- C:\Users\Public\Desktop\S34NCS OC.lnk
    [2013/06/20 11:34:38 | 000,001,309 | ---- | C] () -- C:\Users\Public\Desktop\GeForce Experience.lnk
    [2013/06/20 10:54:35 | 000,020,536 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
    [2013/06/20 07:53:14 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2013/06/20 07:53:14 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2013/06/20 07:53:14 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2013/06/20 07:53:14 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2013/06/20 07:53:14 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2013/06/20 04:25:35 | 000,001,028 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
    [2013/06/20 04:19:46 | 000,001,745 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2013/06/20 04:07:18 | 000,001,807 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
    [2013/06/19 07:36:41 | 000,001,267 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
    [2013/06/19 07:36:29 | 000,001,336 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
    [2013/06/19 07:31:34 | 000,001,420 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
    [2013/06/19 07:31:24 | 000,002,448 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
    [2013/06/19 06:45:49 | 000,000,114 | ---- | C] () -- C:\Users\ali\Desktop\Types.url
    [2013/06/19 02:45:33 | 000,000,990 | ---- | C] () -- C:\Users\ali\Application Data\Microsoft\Internet Explorer\Quick Launch\VMware Workstation.lnk
    [2013/06/19 02:43:38 | 000,001,024 | ---- | C] () -- C:\.rnd
    [2013/06/19 02:43:28 | 000,002,089 | ---- | C] () -- C:\Users\Public\Desktop\VMware Workstation.lnk
    [2013/06/16 00:31:29 | 000,000,000 | ---- | C] () -- C:\Users\ali\AppData\Local\debuggee.mdmp
    [2013/06/07 23:16:50 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-S34N-Microsoft-Windows-7-Home-Premium-(64-bit).dat
    [2013/06/07 00:02:38 | 000,001,095 | ---- | C] () -- C:\Users\ali\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
    [2013/06/05 13:57:30 | 000,000,860 | ---- | C] () -- C:\noavatar.jpg
    [2013/06/05 13:54:25 | 000,024,004 | ---- | C] () -- C:\msoobe.jpg
    [2013/06/05 13:52:56 | 000,012,657 | ---- | C] () -- C:\roflmfao.gif
    [2013/06/02 23:33:38 | 000,000,530 | ---- | C] () -- C:\Windows\SysWow64\tx14_ic.ini
    [2013/05/31 21:06:10 | 000,001,209 | ---- | C] () -- C:\Users\ali\Application Data\Microsoft\Internet Explorer\Quick Launch\FileZilla.lnk
    [2013/05/30 13:35:18 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
    [2013/05/30 13:22:20 | 000,001,750 | ---- | C] () -- C:\Users\ali\Desktop\PsExe.lnk
    [2013/05/29 14:28:36 | 000,002,021 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Web Platform Installer.lnk
    [2013/05/26 15:15:52 | 000,001,829 | ---- | C] () -- C:\Users\Public\Desktop\Launch Ace Evolution.lnk
    [2013/05/26 12:22:10 | 000,001,475 | ---- | C] () -- C:\Users\ali\Desktop\TFC.lnk
    [2013/03/09 16:13:50 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
    [2013/03/08 04:32:31 | 000,000,630 | ---- | C] () -- C:\Windows\cce.INI
    [2013/02/19 22:19:30 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\clauth2.dll
    [2013/02/19 22:19:30 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\clauth1.dll
    [2013/02/19 22:19:30 | 000,000,073 | ---- | C] () -- C:\Windows\SysWow64\ssprs.dll
    [2013/02/19 22:19:29 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll
    [2013/02/19 22:19:29 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll
    [2013/02/12 13:06:52 | 000,091,264 | ---- | C] () -- C:\Windows\SysWow64\EasyHook32.dll
    [2013/02/05 21:01:48 | 000,885,970 | ---- | C] () -- C:\Users\ali\AppData\Local\census.cache
    [2013/02/05 20:59:16 | 000,143,171 | ---- | C] () -- C:\Users\ali\AppData\Local\ars.cache
    [2013/02/05 20:28:20 | 000,000,036 | ---- | C] () -- C:\Users\ali\AppData\Local\housecall.guid.cache
    [2013/01/31 10:47:29 | 000,002,143 | ---- | C] () -- C:\Windows\KillSwitch.INI
    [2012/06/12 21:46:01 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
    [2012/06/06 18:18:41 | 000,007,596 | ---- | C] () -- C:\Users\ali\AppData\Local\Resmon.ResmonCfg
    [2012/06/04 09:32:27 | 000,000,000 | ---- | C] () -- C:\Windows\Net4Switch.INI
    [2011/09/22 17:34:44 | 000,007,168 | ---- | C] () -- C:\Users\ali\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/09/03 20:07:04 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
    [2011/08/04 02:29:36 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
    [2011/02/20 02:08:34 | 000,000,600 | ---- | C] () -- C:\Users\ali\AppData\Local\PUTTY.RND

    ========== ZeroAccess Check ==========

    [2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2012/08/29 18:16:31 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Bitdefender
    [2012/08/06 05:19:24 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ESET
    [2012/08/28 20:01:06 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\Arkadium
    [2011/08/28 19:19:02 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\Asus WebStorage
    [2012/03/19 17:32:24 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\Avnex
    [2011/03/03 22:58:42 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\Blumentals
    [2013/03/09 19:43:49 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\Caphyon
    [2012/04/19 21:40:00 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2019/10/09 10:40:57 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\Crypto Obfuscator For .Net v2012 R2
    [2013/02/03 07:41:13 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\Crypto Obfuscator For .Net v2013
    [2013/03/08 16:39:45 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\CrystalIdea Software
    [2013/06/23 12:31:06 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\DMCache
    [2013/02/22 18:36:42 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\Dropbox
    [2011/03/15 01:57:35 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\EeeStorageUploader
    [2011/11/06 17:43:27 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\ESET
    [2013/01/25 20:04:04 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\Eusing
    [2013/05/26 15:12:36 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\Evolution Games
    [2013/02/08 20:26:23 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\FFSJ
    [2013/03/08 00:50:03 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\FILEminimizerPictures
    [2013/06/21 21:05:48 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\FileZilla
    [2013/06/19 07:09:13 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\GlarySoft
    [2012/07/20 05:55:11 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\HLSW
    [2012/07/26 15:58:20 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\http___s34ncs.webs.com_
    [2013/06/19 07:59:52 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\IDM
    [2013/05/29 12:27:20 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\ImTOO
    [2013/02/22 03:36:05 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\IrfanView
    [2013/03/08 00:48:53 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\iVeeSoft
    [2012/10/13 22:00:13 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\JustDecompile
    [2012/08/28 05:19:49 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\kingsoft
    [2013/02/01 12:18:41 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\Mipony
    [2013/01/27 03:31:52 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\MySQL
    [2013/06/22 15:56:15 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\Nokia
    [2013/03/20 21:57:02 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\Notepad++
    [2011/11/19 16:08:37 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\Nseries
    [2013/06/05 13:49:05 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\NuGet
    [2013/06/11 18:48:45 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\PC Suite
    [2011/03/03 22:41:19 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\phpDesigner
    [2013/03/06 15:33:32 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\QFX Software
    [2012/08/14 20:11:28 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\QTTabBar
    [2013/05/29 09:28:39 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\QuickScan
    [2013/02/21 22:57:06 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\Shadow Defender
    [2013/06/06 02:14:21 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\SoftGrid Client
    [2013/01/26 19:57:59 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\Subversion
    [2013/03/04 01:01:29 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\TaskbarHelper
    [2012/07/09 09:21:37 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\TeamViewer
    [2012/08/15 19:43:51 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\TechSmith
    [2012/10/13 21:23:53 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\Telerik
    [2011/08/28 19:13:24 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\temp
    [2013/03/02 12:40:10 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\TeraCopy
    [2012/04/09 23:52:45 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\Thunderbird
    [2011/03/21 19:46:16 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\TP
    [2012/05/24 23:57:06 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\ts3overlay
    [2013/01/26 01:17:49 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\Tunngle
    [2012/03/30 15:16:05 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\Unity
    [2012/08/06 14:18:34 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\updatetool
    [2013/02/24 19:59:21 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\VOS
    [2011/04/12 16:09:30 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\Webshots
    [2011/02/13 01:25:21 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\Windows Live Writer
    [2012/08/17 01:48:59 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\Xilisoft
    [2012/09/01 03:54:35 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\XnRetro
    [2013/02/23 01:40:56 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\XnView
    [2013/02/06 13:52:33 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\Zbshareware Lab

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:981884E7
    @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:52DBE86F
    @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:029E021F
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:D20FFA63
    @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:3E7393FC

    < End of report >
     
  24. malis2007

    malis2007 TS Rookie Topic Starter Posts: 32

    Extras.txt :

    OTL Extras logfile created on: 23/06/2013 12:43:28 PM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ali\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16614)
    Locale: 00000C01 | Country: Egypt | Language: ARE | Date Format: dd/MM/yyyy

    5.93 Gb Total Physical Memory | 4.59 Gb Available Physical Memory | 77.52% Memory free
    5.92 Gb Paging File | 4.57 Gb Available in Paging File | 77.06% Paging File free
    Paging file location(s): [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 149.04 Gb Total Space | 32.28 Gb Free Space | 21.66% Space Free | Partition Type: NTFS
    Drive D: | 425.64 Gb Total Space | 50.22 Gb Free Space | 11.80% Space Free | Partition Type: NTFS

    Computer Name: S34N | User Name: ali | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = htmlfile] -- Reg Error: Key error. File not found
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- Reg Error: Key error. File not found
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    [HKEY_USERS\S-1-5-21-131767206-1543947898-356316412-1001\SOFTWARE\Classes\<extension>]
    .html [@ = htmlfile] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- Reg Error: Key error.
    htmlfile [opennew] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
    Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
    Directory [Browse with XnView] -- "C:\Program Files (x86)\XnView\xnview.exe" "%1" (XnView, http://www.xnview.com)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
    Directory [takeownership] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- Reg Error: Key error.
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- Reg Error: Key error.
    htmlfile [opennew] -- Reg Error: Key error.
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
    Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
    Directory [Browse with XnView] -- "C:\Program Files (x86)\XnView\xnview.exe" "%1" (XnView, http://www.xnview.com)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
    Directory [takeownership] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- Reg Error: Key error.
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{051E2E9F-7BFD-4228-B7D4-A52CE49104BF}" = lport=6918 | protocol=6 | dir=in | app=c:\program files (x86)\microsoft visual studio 11.0\common7\ide\devenv.exe |
    "{08886AFC-2153-4B89-8EAE-6CA1A82394FF}" = lport=48113 | protocol=17 | dir=in | name=maconfig_udp |
    "{327EC8CA-9725-4151-9296-3A73E98931E1}" = lport=6920 | protocol=6 | dir=in | app=c:\program files (x86)\microsoft visual studio 11.0\common7\ide\devenv.exe |
    "{3AC476FE-619F-4CA5-A716-59C4DF8B782C}" = lport=6916 | protocol=6 | dir=in | app=c:\program files (x86)\microsoft visual studio 11.0\common7\ide\devenv.exe |
    "{5DF8D6C0-AE07-4948-AC13-F942020FC479}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
    "{767AA7A0-C5A6-4DCF-B041-73D0D737A887}" = lport=6918 | protocol=6 | dir=in | app=c:\program files (x86)\microsoft visual studio 11.0\common7\ide\devenv.exe |
    "{7B32A450-F3EC-4557-9D38-AA93BE8DCBE0}" = lport=6919 | protocol=6 | dir=in | app=c:\program files (x86)\microsoft visual studio 11.0\common7\ide\devenv.exe |
    "{7EDB0F75-43B0-4664-8748-9C48EF9597F8}" = lport=48113 | protocol=6 | dir=in | name=maconfig_tcp |
    "{80F8138C-A8D6-475B-A5D7-5FA5B8BA7154}" = lport=6919 | protocol=6 | dir=in | app=c:\program files (x86)\microsoft visual studio 11.0\common7\ide\devenv.exe |
    "{92FDAD88-559C-4F3E-BB45-B3AD4045B6C4}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{95823E24-03B6-4A6E-9BC9-6496F1DCE9FF}" = lport=6915 | protocol=6 | dir=in | app=c:\program files (x86)\microsoft visual studio 11.0\common7\ide\devenv.exe |
    "{98C6A10A-B7D9-439F-BDCB-5CCDFB50A13C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{AEAD50CC-6684-45C2-BB71-A337843E2438}" = lport=3702 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft visual studio 11.0\common7\ide\devenv.exe |
    "{B99ADA06-7F1B-45E0-97CF-111F9757A78F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{BAB3F151-1F49-40EC-8A99-53D69EC69738}" = lport=6920 | protocol=6 | dir=in | app=c:\program files (x86)\microsoft visual studio 11.0\common7\ide\devenv.exe |
    "{BF8977EA-3AE1-4678-A98D-6F7E47D27208}" = lport=6916 | protocol=6 | dir=in | app=c:\program files (x86)\microsoft visual studio 11.0\common7\ide\devenv.exe |
    "{D35FCAD1-99C5-4214-8E47-A2D7ACB638EB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{D49D71E2-57DE-4CA7-997C-6BCFADEC1FE5}" = lport=6915 | protocol=6 | dir=in | app=c:\program files (x86)\microsoft visual studio 11.0\common7\ide\devenv.exe |
    "{DFD3BA0E-5980-4DFB-8948-7F5FF6FECC38}" = lport=6917 | protocol=6 | dir=in | app=c:\program files (x86)\microsoft visual studio 11.0\common7\ide\devenv.exe |
    "{FA512D46-5ADB-436E-8E5A-9EA917A490EC}" = lport=6917 | protocol=6 | dir=in | app=c:\program files (x86)\microsoft visual studio 11.0\common7\ide\devenv.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{179003E3-D926-43A0-8D4C-781AC151F0D6}" = protocol=6 | dir=in | app=c:\program files (x86)\evolution games\bout evolution\evoshield.dll |
    "{19C9CE06-AA8E-43E2-ADD1-9AD46CF71F0C}" = dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe |
    "{2C829472-496C-4A88-A5A3-CC7C3C75316B}" = protocol=6 | dir=in | app=c:\program files\ma-config.com\x64\maconfservice.exe |
    "{31B31C03-B6C5-4BD5-B09D-66FF4712C3BC}" = protocol=17 | dir=in | app=c:\program files (x86)\evolution games\bout evolution\evoshield.dll |
    "{38647D2F-45B2-4ABA-8CC2-3C5F9ACE8B4F}" = protocol=6 | dir=in | app=c:\program files (x86)\evolution games\bout evolution\bots.dat |
    "{41C85F91-210F-496D-B163-BFFE9DA588AF}" = dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-hostd.exe |
    "{43C61BA1-B10A-4D6C-8BA6-B0F5BD0C67C5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{478D5BF5-A302-447F-BAD5-6D08288D9FF2}" = protocol=17 | dir=in | app=c:\program files\ma-config.com\x64\maconfservice.exe |
    "{4B8DAEB7-609A-4965-BCA9-317729532FC6}" = dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-hostd.exe |
    "{4E8247C8-283D-409B-82E4-56FA591E2D8F}" = protocol=17 | dir=in | app=c:\program files (x86)\evolution games\bout evolution\bots.exe |
    "{54929D0D-DC00-4247-BD90-AE46A9360549}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
    "{71B3782C-75D6-47DB-8610-BD7EFBE2B951}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
    "{761CA7A3-0A93-4183-A784-0B12873942C0}" = protocol=17 | dir=in | app=c:\program files (x86)\evolution games\bout evolution\bots.dat |
    "{7F8B1D4D-E16E-4C78-BC25-E49939CCCC04}" = protocol=6 | dir=in | app=c:\program files (x86)\evolution games\bout evolution\bots.exe |
    "{B6E939AD-AE8C-49A3-9B4C-CAD532FF967F}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
    "{BAFD61BC-E4EB-4EE6-8DEC-18963B675C40}" = dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe |
    "{D77DD020-D224-4667-A0DB-D3D746D4EC63}" = protocol=6 | dir=in | app=c:\users\ali\downloads\solutoinstaller-m7zsa24nwl_u75448245.exe |
    "{E675B639-A031-4BC7-8F60-EEBE83C4732C}" = protocol=17 | dir=in | app=c:\users\ali\downloads\solutoinstaller-m7zsa24nwl_u75448245.exe |
    "{F091310F-7A2D-4BDA-B7FC-CAD556077EA7}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{078B9199-C2A4-4468-BD5F-C060C51EC895}" = Microsoft Visual Studio 2012 IntelliTrace Core amd64
    "{0B497B28-5243-3329-9F10-DBB18E0963E6}" = Microsoft Visual C++ 2012 x64 Debug Runtime - 11.0.51106
    "{0D94F75A-0EA6-4951-B3AF-B145FA9E05C6}" = VMware Workstation
    "{0E8670B8-3965-4930-ADA6-570348B67153}" = Microsoft SQL Server 2012 Transact-SQL ScriptDom
    "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2700_series" = Canon iP2700 series Printer Driver
    "{13417784-A359-3CDD-8DE1-B7108707D647}" = Visual Studio 2012 Prerequisites - ENU Language Pack
    "{13D558FE-A863-402C-B115-160007277033}" = Microsoft SQL Server 2012 Express LocalDB
    "{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
    "{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
    "{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219
    "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    "{1E6ED082-E32D-4B2B-8B6A-70B094815135}" = Microsoft SQL Server System CLR Types (x64)
    "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
    "{27EF252D-800C-ED42-9904-459FE0046225}" = Windows Software Development Kit for Windows Store Apps DirectX x64 Remote
    "{28D85F24-B685-3364-BB7C-284C88C2FFE5}" = Microsoft Visual Studio Team Foundation Server 2012 Storyboarding
    "{2EC3A3E2-E1EA-383D-BE76-D651C7852A05}" = Microsoft Visual Studio Team Foundation Server 2012 Object Model Language Pack - ENU
    "{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program
    "{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
    "{2FD0FA0A-7A21-4C4A-B268-1142B54E035E}" = Windows Live Family Safety
    "{36E619BC-A234-4EC3-849B-779A7C865A45}" = Microsoft SQL Server 2012 Data-Tier App Framework
    "{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel(R) Turbo Boost Technology Monitor
    "{3C28BFD4-90C7-3138-87EF-418DC16E9598}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106
    "{3FA063D7-EDC1-AFA8-54AF-0563C7DEE070}" = Windows App Certification Kit Native Components
    "{41208EF0-FA40-3824-B330-5D59B666C720}" = Microsoft Visual Studio Team Foundation Server 2012 Object Model
    "{43716C93-3E70-4F7A-99D3-C52807F1D902}" = ANTS Memory Profiler 7
    "{49D665A2-4C2A-476E-9AB8-FCC425F526FC}" = Microsoft SQL Server 2012 Native Client
    "{4A18C875-B374-4868-B7EA-06CF2DD59FCC}" = ESET Smart Security
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
    "{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
    "{54C20CA2-4064-4A3C-B9FE-63CAFC0E9BB4}" = ANTS Performance Profiler 8
    "{55EFD1A6-ED8E-3A4C-9581-5E1A1FF244CD}" = Microsoft Visual Studio Team Foundation Server 2012 Storyboarding Language Pack - ENU
    "{572E796D-C52B-3797-A685-2FB6F895D4BE}" = Microsoft Visual Studio 2010 Office Developer Tools (x64)
    "{5AF4E09F-5C9B-3AAF-B731-544D3DC821DD}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106
    "{5EEC477F-8E9B-4420-8829-16E7426227DB}" = Windows Live MIME IFilter
    "{5FB4C443-6BD6-1514-2717-3827D65AE6FB}" = Windows Software Development Kit DirectX x64 Remote
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{617CA6E9-D5FB-4017-8130-82E68C56C34D}" = Image Resizer for Windows (64 bit)
    "{61862D7C-CDBC-48D5-8AE1-3B8BD1E23BC5}" = Visual Studio 2012 Prerequisites
    "{633AB014-DDE6-403E-A302-8920CC32C543}" = Microsoft Visual Studio 2012 Performance Collection Tools
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{704C0303-D20C-45AF-BD2B-556EAF31BE09}" = iCloud
    "{73468C65-BC53-4D88-9246-75A5BB014DA2}" = JavaScript Tooling
    "{76FF0F03-B707-4332-B5D1-A56C8303514E}" = iTunes
    "{78909610-D229-459C-A936-25D92283D3FD}" = Microsoft SQL Server Compact 4.0 SP1 x64 ENU
    "{7F2540AD-FD82-427A-8FDC-33EC53C8B17A}" = Fresco Logic USB3.0 Host Controller
    "{893F27E6-D6BE-4B9F-80E6-0ADA694A31A8}" = Microsoft SQL Server 2008 Common Files
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0401-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Arabic) 2007
    "{925B1099-AE15-48F4-B3C0-35D91F85685F}" = ANTS Profiler Visual Studio Add-in 1
    "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{993F6DDC-63F8-4BCD-9B28-D941971A9CAC}" = Windows XP Targeting with C++
    "{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
    "{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}" = Microsoft SQL Server 2012 Command Line Utilities
    "{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
    "{AA72C306-30BE-4BB1-9E42-59552BAD2CDF}" = Microsoft Web Deploy 3.0
    "{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
    "{ADBD6E65-46CB-4A97-9AFB-64963FEACC40}" = Microsoft SQL Server 2008 RsFx Driver
    "{B143BE44-8723-315E-9413-011C55873C0E}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 320.18
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 320.18
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 320.18
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.5
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.1031
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 4.11.9
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.24.2
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{BCA26999-EC22-3007-BB79-638913079C9A}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU
    "{BEB0F91E-F2EA-48A1-B938-7857ABF2A93D}" = Microsoft SQL Server 2012 Transact-SQL Compiler Service
    "{CB0FD760-C6C6-3AF6-AD18-FE3B3B78727D}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
    "{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared
    "{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
    "{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
    "{D9F3D00D-E946-3B3D-A4A6-93D5020DB9F7}" = Microsoft Visual C++ 2012 x64 Designtime - 11.0.50727
    "{DF167CE3-60E7-44EA-99EC-2507C51F37AE}" = Microsoft SQL Server 2008 Database Engine Shared
    "{E2B8249D-895C-4685-8C83-00F3B1A13028}" = Microsoft Web Platform Installer 4.0
    "{E38531EE-318C-4EFB-A36B-1A57BFBDAB3C}_is1" = PDF-XChange 4 Pro
    "{E5748D30-7E6D-3A8E-BFE6-C1D02C6DDABB}" = Microsoft Help Viewer 1.1
    "{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
    "{F1949145-EB64-4DE7-9D81-E6D27937146C}" = Microsoft System CLR Types for SQL Server 2012 (x64)
    "{FA0A244E-F3C2-4589-B42A-3D522DE79A42}" = Microsoft SQL Server 2012 Management Objects (x64)
    "{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = Microsoft SQL Server 2008 Database Engine Services
    "{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services
    "{FE74AC04-F248-4641-B3A9-89C6AA4339CD}" = Microsoft Visual Studio 2012 Performance Collection Tools - ENU
    "0E74EB10C05C955C24243E6D3120CDC972FC5B1D" = Windows Driver Package - Broadcom HIDClass (06/11/2009 6.2.0.9500)
    "Elantech" = ETDWare PS/2-x64 7.0.5.13_WHQL
    "Explorer Suite_is1" = Explorer Suite III
    "Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1
    "Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
    "Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
    "NVIDIA Display Control Panel" = NVIDIA Display Control Panel
    "Types" = Types
    "USB2.0 UVC 2M WebCam" = USB2.0 UVC 2M WebCam
    "WinRAR archiver" = WinRAR archiver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd
    "{00EC8ABC-3C5A-40F8-A8CB-E7DCD5ABFA05}" = Microsoft NuGet - Visual Studio 2012
    "{02213A81-CB13-7262-5ABE-1FFA2C75559F}" = Windows App Certification Kit x64
    "{028B1703-53D5-4013-9C86-41F40F1A3F7B}_is1" = S34NCS OC version 5.0
    "{03D562B5-C4E2-4846-A920-33178788BE00}" = Windows Live Communications Platform
    "{046806D1-0A38-3FCA-AF84-F71C50A0C363}" = Microsoft Visual Studio Premium 2012
    "{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
    "{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}" = SonicMaster
    "{0BCC836F-0B28-4090-B58A-64883BAA3B2F}" = WCF Data Services 5.0 (for OData v3) Primary Components
    "{0C03A66F-1FF0-45F9-8D67-0D806EBFFBA1}" = Blend for Visual Studio SDK for Silverlight 5
    "{0F929651-F516-4956-90F2-FFBD2CD5D30E}" = Photo Gallery
    "{0FF9CC94-EF23-401E-BDBD-37403D1A2B38}" = Windows Live SOXE Definitions
    "{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
    "{1172AC15-080E-30E3-85B0-FF59AD2E6315}" = Microsoft Visual Studio Ultimate 2012 - ENU
    "{1228E4A3-8371-4F9B-BA6F-3D34113811B9}" = Visual Studio Extensions for Windows Library for JavaScript
    "{148878BD-A2A5-4CF1-A103-2BA632F41953}" = WCF Data Services Tools for Microsoft Visual Studio 2012
    "{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
    "{1690CE56-2231-4E59-9006-A0876D949EA8}" = Tools for .Net 3.5
    "{189AEA94-DAFB-487A-8CEE-F9D3DDE0A748}" = Microsoft Silverlight 4 SDK
    "{18D606E9-9650-48DF-8D6E-5AC61C5AD1A9}" = Microsoft Visual Studio 2012 IntelliTrace Front End x86
    "{1948E039-EC79-4591-951D-9867A8C14C90}" = Microsoft .NET Framework 4.5 SDK
    "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
    "{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware
    "{1B9BBB23-65CB-3AEE-BFC6-633E7CA299FD}" = Microsoft Visual Studio Team Foundation Server 2012 Team Explorer Language Pack - ENU
    "{1C997E1C-5CE9-4AF3-AAA9-DC65E6090827}" = Microsoft Expression Blend SDK for Silverlight 4
    "{1DB43E5A-2F24-4F51-92B0-A2C0EBF5C742}" = Microsoft Report Viewer Add-On for Visual Studio 2012
    "{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F7424F8-F992-48BC-90EF-7C4DB0405E3F}" = Alcor Micro USB Card Reader
    "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = ASUS Video Magic
    "{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
    "{21AF2C88-A2D7-436D-A261-017865640E84}" = Imgur Uploader
    "{23176E97-26CB-C72A-19EB-BFB21AC1D15A}" = Windows Software Development Kit DirectX x86 Remote
    "{246B0F46-F84E-4857-8C47-F2A86B598BC5}" = Microsoft Visual Studio 2012 Preparation
    "{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
    "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
    "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
    "{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
    "{2AC01935-3774-4981-98C8-14E93C14372C}" = Windows Live UX Platform Language Pack
    "{2B81872B-A054-48DA-BE3B-FA5C164C303A}" = ASUS FancyStart
    "{2C0CC01A-DDBC-3AED-AF18-E741242FD727}" = Microsoft Visual Studio Ultimate 2012 XAML UI Designer enu Resources
    "{2C76E3DA-BA76-4FAD-B1B1-72B46D639028}" = PreEmptive Analytics Visual Studio Components
    "{2F6CE32A-018D-4656-895B-9E5E20D7740A}" = Microsoft ASP.NET MVC 3 - Visual Studio 2012 Tools Update
    "{2F8F489A-0476-3129-857B-A553F38B192D}" = Microsoft Visual C++ 2012 Core Libraries
    "{30C27CAE-9266-3B47-837D-193C16EDB811}" = Microsoft Visual C++ 2012 x86 Debug Runtime - 11.0.51106
    "{31641F51-67B3-4E7C-BC54-21069712CF0D}" = Microsoft Visual C++ 2012 Compilers - ENU Resources
    "{330E5D98-20D2-4CA4-AE51-FCB8AA80F634}" = Microsoft Visual Studio 2012 Devenv
    "{341697D8-9923-445E-B42A-529E5A99CB7A}" = syncables desktop SE
    "{372D17F6-A54E-4A01-B264-1314890FFE61}" = Dotfuscator and Analytics Community Edition
    "{37E53780-3944-4A6A-842F-727128E8616E}" = Blend for Visual Studio SDK for .NET 4.5
    "{38FC6E9A-F719-431A-A83D-4C86D5FD6555}" = Microsoft Visual Studio 2012 Shell (Minimum) Resources
    "{3A523AF9-D32F-4C85-8388-0335731F3405}" = WCF RIA Services V1.0 SP2
    "{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
    "{42F61556-29ED-8122-F39E-6F04EA5FF279}" = Windows Software Development Kit for Windows Store Apps DirectX x86 Remote
    "{451526FA-52D1-41F2-B7E2-96343EC95853}" = Windows Azure Tools for LightSwitch HTML Client for Visual Studio 2012
    "{45898170-E68C-4F02-AA35-C2186BF347A3}" = Movie Maker
    "{46536993-D32D-4460-9312-0ED82225262A}" = Cisco Network Magic
    "{499DED08-6FA8-4749-8E94-8526CC9D1CA8}" = ExpressGate Cloud
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
    "{53153071-9EF6-4C3D-AB80-A6696FC06358}" = BOUT Evolution
    "{532DBCC8-9468-435C-AEF6-30B7F50735A2}" = Blend for Visual Studio 2012 ENU resources
    "{57F20F04-014D-453F-B6A3-AE9485C4DFAB}" = Blend for Visual Studio 2012
    "{58E440C4-74D4-445C-B9C1-2984D1BC1971}" = Microsoft LightSwitch for Visual Studio 2012 v3.0 Core
    "{5A0EE0F0-E909-4F3B-B437-AAD9252427CB}" = Windows Live Installer
    "{5AB7D739-1735-3A9E-BE73-C43507CB4E6F}" = Microsoft Visual Studio 2010 Service Pack 1
    "{5B65EF64-1DFA-414A-8C94-7BB726158E21}" = ControlDeck
    "{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}" = Microsoft .NET Framework 4.5 Multi-Targeting Pack
    "{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = دعم تطبيق Apple
    "{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
    "{5E094C92-6288-4F43-AA9A-D452D0218F3F}" = Windows Live Essentials
    "{5FF5933C-61A3-4E7C-8029-DC9661DF5DEE}" = Microsoft Visual Studio 2012 IntelliTrace Core x86
    "{60D5EF2A-4E0C-2C30-38F6-59C26E134F4A}" = Windows Software Development Kit
    "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
    "{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}" = Microsoft ASP.NET Web Pages
    "{6389F199-1D6C-4974-9557-693F9DD48736}" = Windows Live Writer Resources
    "{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{69d72156-6582-4556-8637-06f40aa7f85b}" = Image Resizer for Windows
    "{6A6F1B4D-1BCE-3703-93D8-4494FB7F1280}" = Microsoft Portable Library Multi-Targeting Pack
    "{6B6923B9-8719-425B-916C-CD2908F31AAF}" = Windows Live SOXE
    "{6C772996-BFF3-3C8C-860B-B3D48FF05D65}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
    "{6D6D43E5-218C-4B05-92D3-2240810F4760}" = Microsoft SQL Server 2012 T-SQL Language Service
    "{6DAB46E3-D017-3E2B-85D8-F57A230384C0}" = Microsoft Visual Studio Team Foundation Server 2012 Team Explorer
    "{6F066545-40A2-4C38-A8F7-78581CC5C442}" = Microsoft ASP.NET Web Pages - Visual Studio 2012 Tools
    "{6FC3B79F-47C6-38AF-B9A9-67DE3C639598}" = Microsoft Visual Studio Premium 2012 - ENU
    "{7437A4B9-314F-3B8F-827B-22909146E471}" = Microsoft LightSwitch for Visual Studio 2012 Core
    "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
    "{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}" = Microsoft SQL Server 2008 R2 Management Objects
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{790E9425-8570-493F-9AE7-81AFC9E46930}" = Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20627.00)
    "{7BF67A61-BE7C-4806-B93C-97F299D6A6FE}" = ASUS AI Recovery
    "{7C6F0282-3DCD-4A80-95AC-BB298E821C44}" = Windows Live Writer
    "{800F484E-9D69-492D-B656-7BAA32586142}" = Microsoft Visual Studio 2012 Shell (Minimum)
    "{808118B1-60D6-4DCF-8077-73A4D3D8BB54}" = Microsoft Visual C++ 2012 x86-x64 Compilers
    "{820C677A-41B2-48C3-8136-FEE35A052E73}" = Microsoft Visual Studio 2012 Shell (Minimum) Interop Assemblies
    "{834B6E00-F509-40F2-A677-E86261184576}" = Blend for Visual Studio Add-in for Adobe FXG Import
    "{8762B098-374D-4900-B68E-34BF2840E694}" = Microsoft Web Developer Tools 2012.2 - Visual Studio 2012
    "{877B76B2-F83F-4F5A-B28D-3F398641ADB6}" = Microsoft SQL Server System CLR Types
    "{89870E0D-9602-41F8-9E83-14F6849346A4}" = Windows Live Mail
    "{89C7E0A7-4D9D-4DCC-8834-A9A2B92D7EBB}" = Photo Gallery
    "{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
    "{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
    "{90120000-0015-0401-0000-0000000FF1CE}" = Microsoft Office Access MUI (Arabic) 2007
    "{90120000-0015-0401-0000-0000000FF1CE}_PROR_{EC74604A-5842-4FE1-8933-76D68C5FA677}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0401-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Arabic) 2007
    "{90120000-0016-0401-0000-0000000FF1CE}_PROR_{EC74604A-5842-4FE1-8933-76D68C5FA677}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0401-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Arabic) 2007
    "{90120000-0018-0401-0000-0000000FF1CE}_PROR_{EC74604A-5842-4FE1-8933-76D68C5FA677}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0401-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Arabic) 2007
    "{90120000-0019-0401-0000-0000000FF1CE}_PROR_{EC74604A-5842-4FE1-8933-76D68C5FA677}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0401-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Arabic) 2007
    "{90120000-001A-0401-0000-0000000FF1CE}_PROR_{EC74604A-5842-4FE1-8933-76D68C5FA677}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0401-0000-0000000FF1CE}" = Microsoft Office Word MUI (Arabic) 2007
    "{90120000-001B-0401-0000-0000000FF1CE}_PROR_{EC74604A-5842-4FE1-8933-76D68C5FA677}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
    "{90120000-001F-0401-0000-0000000FF1CE}_PROR_{3E8EA473-ECCE-405F-A9CA-59446AEADD3A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_PROR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_PROR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002A-0000-1000-0000000FF1CE}_PROR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0401-1000-0000000FF1CE}_PROR_{4A9F778A-44EE-4922-A976-FF4C84FC51B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002C-0401-0000-0000000FF1CE}" = Microsoft Office Proofing (Arabic) 2007
    "{90120000-006E-0401-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Arabic) 2007
    "{90120000-006E-0401-0000-0000000FF1CE}_PROR_{4A9F778A-44EE-4922-A976-FF4C84FC51B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
    "{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{9169C939-ED01-446A-BD0C-29873BAF4E48}" = Prerequisites for SSDT
    "{93489CA8-6656-33A0-A5AC-E0EDEDB17C3E}" = Microsoft Visual Studio Professional 2012
    "{942CC691-5B98-42A3-8BC5-A246BA69D983}" = Microsoft ASP.NET MVC 4 Runtime
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
    "{95540FD3-4E2E-40E2-B315-120BB373DC23}" = Microsoft LightSwitch for Visual Studio 2012 v3.0 CoreRes - ENU
    "{96F50F87-0F15-4F93-9FE6-387DD9CFB077}" = Microsoft ASP.NET MVC 4 - Visual Studio 2012 Tools - ENU
    "{9B3A1C97-A361-463E-8817-444F9F88CDFE}" = Microsoft Expression Blend SDK for .NET 4
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9C6D5C94-386A-4DE7-B99F-523D3F167B9A}" = Windows Live Messenger
    "{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame
    "{9D6D7811-43B3-463C-BC79-5D1755269989}" = Net4Switch
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A3A6D5EA-B6B5-3C05-BDA8-EAB99C09CDDC}" = Microsoft Visual Studio 2012 SharePoint Developer Tools
    "{A453EF2D-13C0-3BB8-833F-C0CF45F604C1}" = Microsoft Visual C++ 2012 Extended Libraries
    "{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AAA94EAA-40A4-458C-9D86-D1DA765B51D5}" = Windows Live Writer
    "{AAF91344-2808-4D6B-9242-FBE5AF79D60A}" = Windows Live Family Safety
    "{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris
    "{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
    "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.3 MUI
    "{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k
    "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
    "{AFA4B0BF-3289-495A-B949-BA91F39B1A44}" = Entity Framework Designer for Visual Studio 2012 - enu
    "{B1465D1D-6427-4CA1-AE29-8B699209E663}" = Microsoft Visual Studio 2012 Devenv Resources
    "{B286BAC3-CBE6-4854-BF68-EB72A34CEA56}" = Windows Live Messenger
    "{B365E588-6982-46D3-B481-0B47B91FDD5A}" = Ace Evolution
    "{B39A6825-EA20-43EA-AB2D-A6BC0298D9A1}" = Movie Maker
    "{B40E950B-300A-41B5-A6C1-2FEBEEA1BEEA}" = Microsoft ASP.NET Web Pages 2 - Visual Studio 2012 Tools - ENU
    "{B585A11C-4F6E-3532-97D4-3670FE94600D}" = Microsoft Visual C++ 2012 Microsoft Foundation Class Libraries
    "{B5DA9D49-9BD8-0F2F-52FC-C7E66BC8D944}" = LocalESPCui for en-us
    "{B653A2EC-D816-4498-A4FD-651047AB9DC9}" = Boingo Wi-Fi
    "{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
    "{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
    "{B9F35D86-242E-3FA4-B9F8-A982E0DF918D}" = Microsoft Visual Studio 2012 SharePoint Developer Tools ENU Language Pack
    "{BAD0254F-9BDB-3D14-A5AC-9C0EF51F3D09}" = Microsoft Portable Library Multi-Targeting Pack Language Pack - enu
    "{BDBE5D2A-AAB7-77BD-7A0E-5006665CE7C6}" = LocalESPC
    "{BE4F3A79-8954-499C-AEF9-E8A3BC235677}" = JavaScript Tooling
    "{C1BE4600-7D15-3D1E-8AA2-B3241DB1D063}" = Microsoft Visual Studio Ultimate 2012 XAML UI Designer Core
    "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
    "{C6B0EE9E-2128-4448-B7AE-5E2B46E0F0E7}" = Windows Live Photo Common
    "{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
    "{C81452EB-CBCF-B8EB-3124-48C5B3D506B0}" = Windows Runtime Intellisense Content - en-us
    "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
    "{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
    "{CFFDC0EC-6924-3347-B047-13339EDBEC28}" = Microsoft Visual Studio Professional 2012 - ENU
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
    "{D11F66FF-82B3-DDB8-1146-525370552BE1}" = Windows Software Development Kit for Windows Store Apps
    "{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
    "{D604900F-A275-416C-AF9D-CDEDF58B72DB}" = Windows Live Mail
    "{D8EC110F-F88D-4DBA-B84C-C305A550B3D6}" = Microsoft Visual C++ 2012 32bit Compilers - ENU Resources
    "{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}" = Microsoft SQL Server 2012 Management Objects
    "{DCDEC776-BADD-48B9-8F9A-DFF513C3D7FA}" = Microsoft ASP.NET MVC 3
    "{DD7C5FC1-DCA5-487A-AF23-658B1C00243F}" = Photo Common
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E1FBB3D4-ADB0-4949-B101-855DA061C735}" = Microsoft Silverlight 5 SDK
    "{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}" = Microsoft System CLR Types for SQL Server 2012
    "{E3445598-4424-4EE2-B71C-C23325F7FB71}" = Windows Live PIMT Platform
    "{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaShow Espresso
    "{E4ADE757-7FE9-322D-9CAE-C77D77A2D2BF}" = Microsoft LightSwitch for Visual Studio 2012 CoreRes - ENU
    "{E4C33F5B-1B2F-466E-957E-B274F08151A0}" = Microsoft Web Deploy dbSqlPackage Provider - enu
    "{E52C5468-A8E7-4DE5-8F99-057FF2C9BFE8}" = Microsoft Visual C++ 2012 Compilers
    "{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
    "{E71E60C1-533E-45A5-8D80-E475E88D2B17}_is1" = Game Park Console
    "{E818AE7C-244B-4A50-9C86-C0E4A8B69159}" = Microsoft Visual Studio 2012 Tools for SQL Server Compact 4.0 SP1 ENU
    "{E824E81C-80A4-3DFF-B5F9-4842A9FF5F7F}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
    "{EA63C5C1-EBBC-477C-9CC7-41454DDFAFF2}" = Microsoft ASP.NET Web Pages 2 Runtime
    "{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
    "{ED784556-66AA-3F17-9B58-7246ACB5C7E4}" = Microsoft Visual Basic 2010 Express - ENU
    "{EFA87714-E75A-3BFC-A698-A3AABA5A8A0C}" = Microsoft Visual Studio Ultimate 2012
    "{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
    "{EFBCA571-617D-484A-9ECA-E301BB6D0750}" = Windows Live Writer
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F0E58739-2B4C-498F-9B0D-FF0F2FD52B61}" = Windows Live UX Platform
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F361FE04-789E-42F3-BBAB-E7B380AA5E06}" = Windows XP Targeting with C++
    "{F6F30C28-38AA-4DBA-AE0B-7E30238E61BB}" = Junk Mail filter update
    "{f9024a51-ab45-4a46-b597-ce12f74963c7}" = Microsoft Visual Studio Ultimate 2012
    "{FA2092C5-7979-412D-A962-6485274AE1EE}" = ASUS Data Security Manager
    "{FA804794-2CCB-4301-954F-2C2894698876}" = Microsoft SQL Server Data Tools - enu (11.1.20627.00)
    "{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}" = Microsoft SQL Server 2012 Data-Tier App Framework
    "{FC467B61-F890-4E29-8585-365DAB66F13E}" = Pure Networks Platform
    "{FEB375AB-6EEC-3929-8FAF-188ED81DD8B5}" = Microsoft Help Viewer 2.0
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "{FFC6E93A-B9AD-3F20-9B06-EE20E24AAEAF}" = Microsoft Visual C++ 2012 Core Libraries
    "{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 12.0
    "ASUS AP Bank_is1" = ASUS AP Bank
    "ASUS WebStorage" = ASUS WebStorage
    "ASUS_N3_Series" = ASUS_N3_Series
    "AutoHotkey" = AutoHotkey 1.0.48.05
    "Cooking Dash" = Cooking Dash
    "FileZilla Client" = FileZilla Client 3.6.0.2
    "Google Chrome" = Google Chrome
    "Governor of Poker" = Governor of Poker
    "Hotel Dash Suite Success" = Hotel Dash Suite Success
    "Inno Setup 5_is1" = Inno Setup version 5.5.1
    "InstallShield_{1F7424F8-F992-48BC-90EF-7C4DB0405E3F}" = Alcor Micro USB Card Reader
    "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = ASUS Video Magic
    "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
    "InstallShield_{499DED08-6FA8-4749-8E94-8526CC9D1CA8}" = ExpressGate Cloud
    "InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
    "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
    "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
    "InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
    "InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaShow Espresso
    "Internet Download Manager" = Internet Download Manager
    "IrfanView" = IrfanView (remove only)
    "Luxor 3" = Luxor 3
    "Mahjongg dimensions" = Mahjongg dimensions
    "MediaFire Express 0.15.3.4554" = MediaFire Express
    "Microsoft Help Viewer 2.0" = Microsoft Help Viewer 2.0
    "Microsoft Visual Basic 2010 Express - ENU" = Microsoft Visual Basic 2010 Express - ENU
    "Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1
    "Network MagicUninstall" = Network Magic
    "Notepad++" = Notepad++
    "NVIDIA.Updatus" = NVIDIA Updatus
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "Paint Shop Pro 5.0" = Paint Shop Pro 5.0
    "Plants vs Zombies" = Plants vs Zombies
    "PROR" = Microsoft Office Professional 2007
    "ResourceHacker_is1" = Resource Hacker Version 3.6.0
    "VistaSwitcher" = VistaSwitcher
    "VLC media player" = VLC media player 2.0.7
    "VMware_Workstation" = VMware Workstation
    "WinLiveSuite" = Windows Live Essentials
    "XnView_is1" = XnView 1.99.6
    "Yahoo! Messenger" = Yahoo! Messenger

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-131767206-1543947898-356316412-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Dropbox" = Dropbox
    "Hawken" = Hawken
    "SkyDriveSetup.exe" = Microsoft SkyDrive
    "WinDirStat" = WinDirStat 1.1.2

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 23/06/2013 07:11:10 AM | Computer Name = S34N | Source = Application Error | ID = 1000

    Error encountered while reading event logs.

    < End of report >
     
  25. Broni

    Broni Malware Annihilator Posts: 46,865   +254

    [​IMG] Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Code:
    :OTL
    DRV:64bit: - [2013/03/25 14:28:02 | 000,350,160 | ---- | M] (BitDefender S.R.L.) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\trufos.sys -- (trufos)
    IE - HKU\S-1-5-21-131767206-1543947898-356316412-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    FF - user.js - File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    CHR - plugin: Bitdefender QuickScan (Enabled) = C:\Users\ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\8.0.1_0\plugin/npqscan.dll
    CHR - Extension: Bitdefender QuickScan = C:\Users\ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.118_1\
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4 - HKU\S-1-5-21-131767206-1543947898-356316412-1022..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\gopher - No CLSID value found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    [2012/08/29 18:16:31 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Bitdefender
    @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:981884E7
    @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:52DBE86F
    @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:029E021F
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:D20FFA63
    @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:3E7393FC
    
    :Files
    C:\FRST
    
    :Commands
    [purity]
    [emptytemp]
    [emptyjava]
    [emptyflash]
    [Reboot]
    
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.
    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
      • Other Services
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    [​IMG] Please, run F-Secure Online Scanner

    • Disable your Antivirus program.
    • Checkmark I have read and accepted the license terms.
    • Click on Run Check button.
    • Quick scan (recommended) option will come pre-checked. Don't change it.
    • Click on Start button.
    • When scan is done, in Step 3: Clean the files, leave all settings as they're.
    • Click Next button.
    • Click Full report... button.
    • Copy report's content and paste it into your next reply.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.