Inactive Possible infection

[malis2007]

I think that I have a malware/virus/trojan..
because before 5 months.. I used to host a server for a game called killingfloor..
with firewall turned off.. to make people able to access my server.. (I know that was dump but you know.. I was just thinking about playing only but now I want security :/ )
anyway.. when I was hosting the server (even when I don't host it).. I used to have the mouse moving alone thing..
and that wasn't a mouse problem.. (I tried more than 10 others mouse's and all were the same..)
so.. I thought that it were a hacker who got a remote access to my computer..
then I started searching and missing with the (services.msc) to stop the remote thing..
anyway.. now.. there is some of the "services" stuff has a missing files.. and I dont know how to restore them.. O_O
system restore = useless
safe mode = useless
oh.. and btw.. the mouse moving thing stopped happening before 2 months from now.. (maybe that hacker felt bored or something from me.. because my laptop was TURNED off in this time limit dude to school and months exams..
so I am just asking the following.. AM I able to restore the services missing files?! IS THERE any way to restore it..?
AND am I able to block that hacker or the remote connection or viruses from my pc?!
ALTHOUGH I scanned my pc with a lot of AV's and all said that I am fine.
uhh.. and by the way.., PLEASE DON'T TELL ME TO DO AFRESH WIN7 INSTALL.. MY DAD WILL KILL ME IF I DID THAT. please.. any other way than that. (because all ppl to do it.. but I simply CANT!(NOT ALLOWED) )



oh.. and here is the malwarebytes QUICK SCAN log :

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.06.18.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16618
ali :: S34N [administrator]

Protection: Enabled

19/06/2013 03:52:39 AM
mbam-log-2013-06-19 (03-52-39).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 290247
Time elapsed: 13 minute(s), 50 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)


(end)

 

[malis2007]

DDS:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16611 BrowserJavaVersion: 10.21.2
Run by ali at 4:32:44 on 2013-06-19
Microsoft Windows 7 Home Premium 6.1.7601.1.1256.20.1033.18.6069.2790 [GMT 2:00]
.
AV: ESET Smart Security 6.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: ESET Smart Security 6.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k NetworkService
C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Program Files (x86)\Internet Download Manager\IDMIntegrator64.exe
C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
C:\Program Files\VistaSwitcher\vswitch64.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files (x86)\FileZilla FTP Client\filezilla.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\notepad.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\mmc.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.ye1.org/
uSearch Page = hxxp://www.google.com
uProxyOverride = <local>
uURLSearchHooks: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - <orphaned>
BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Microsoft Web Test Recorder 10.0 Helper: {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} - C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
EB: Web Test Recorder 10.0: {3142c289-f319-47f5-a594-a827028714c9} -
uRun: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
uRun: [VistaSwitcher] "C:\Program Files\VistaSwitcher\vswitch64.exe" /startup
mRun: [vmware-tray.exe] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
uPolicies-Explorer: NoDriveAutoRun- = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun- = dword:0
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDriveTypeAutoRun = dword:253
mPolicies-Explorer: NoDriveTypeAutoRun = dword:253
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveAutoRun- = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun- = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
IE: ت&صدير إلى Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
LSP: %windir%\system32\vsocklib.dll
TCP: NameServer = 41.128.225.225 41.128.225.226
TCP: Interfaces\{1DF79A7C-6F29-4AAF-B4FD-772F63ACE586} : NameServer = 208.67.220.123,208.67.222.123,192.168.1.1
TCP: Interfaces\{1DF79A7C-6F29-4AAF-B4FD-772F63ACE586} : DHCPNameServer = 41.128.225.225 41.128.225.226
TCP: Interfaces\{1DF79A7C-6F29-4AAF-B4FD-772F63ACE586}\16C696 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{1DF79A7C-6F29-4AAF-B4FD-772F63ACE586}\C696E6B6 : DHCPNameServer = 41.128.225.225 41.128.225.226
TCP: Interfaces\{1DF79A7C-6F29-4AAF-B4FD-772F63ACE586}\D416C69637 : DHCPNameServer = 197.199.255.254 217.52.47.130
TCP: Interfaces\{8A68948D-B161-4ED7-8BBE-9F3776C9E0DF}\16C696 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{D13B58AE-512F-4510-A695-2D1472BC76B5}\16C696 : DHCPNameServer = 213.131.66.248 213.131.65.20
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mWinlogon: Userinit = C:\Windows\System32\userinit.exe
x64-BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} -
x64-Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-STS: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
x64-mASetup: {12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\Windows\System32\ieudinit.exe
Hosts: 127.0.0.1 ads.mcafee.com
Hosts: 127.0.0.1 analytics.microsoft.com
Hosts: 127.0.0.1 metrics.bitdefender.com
Hosts: 127.0.0.1 metrics.mcafee.com
Hosts: 127.0.0.1 om.symantec.com
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
============= SERVICES / DRIVERS ===============
.
R0 77962412;77962412;C:\Windows\System32\drivers\77962412.sys [2013-1-31 460888]
R0 epfwwfp;epfwwfp;C:\Windows\System32\drivers\epfwwfp.sys [2013-2-20 58416]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2010-8-16 24680]
R0 vsock;vSockets Driver;C:\Windows\System32\drivers\vsock.sys [2013-6-19 70256]
R1 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2013-2-20 213416]
R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\System32\drivers\EpfwLWF.sys [2013-1-10 59440]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2013-3-21 1341664]
R2 IDMWFP;IDMWFP;C:\Windows\System32\drivers\idmwfp.sys [2013-3-1 165112]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-6-7 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-6-7 701512]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-1-20 130008]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-3-14 383264]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-4-17 13832]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2012-8-1 917656]
R2 VMwareHostd;VMware Workstation Server;C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [2012-8-15 15680000]
R3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2010-4-14 54824]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-11-20 35104]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2010-7-21 129024]
R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;C:\Windows\System32\drivers\FLxHCIc.sys [2012-11-8 249584]
R3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;C:\Windows\System32\drivers\FLxHCIh.sys [2012-11-8 77040]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-11-20 56344]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-6-7 25928]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-4-19 161384]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2010-5-3 44032]
S3 ANTS Memory Profiler 7 Service;ANTS Memory Profiler 7 Service;C:\Program Files\Red Gate\ANTS Memory Profiler 7\RedGate.Memory.IISService.exe [2013-6-18 143288]
S3 ANTS Performance Profiler 8 Service;ANTS Performance Profiler 8 Service;C:\Program Files\Red Gate\ANTS Performance Profiler 8\RedGate.Profiler.IISService.exe [2013-6-18 194440]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-8-12 57280]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-7-28 1511872]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;C:\Windows\System32\drivers\hitmanpro37.sys [2013-2-6 32152]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\System32\drivers\L1C62x64.sys [2009-6-10 57344]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-1-24 19456]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
S3 ST330;ST330;C:\Windows\System32\drivers\st330.sys [2011-3-22 47616]
S3 STBUS;STBUS;C:\Windows\System32\drivers\stbus.sys [2011-3-22 24576]
S3 STETH;SpeedTouch Ethernet Adapter NT Driver;C:\Windows\System32\drivers\steth.sys [2011-3-22 58880]
S3 stppp;Speedtouch PPP Adapter Adapter;C:\Windows\System32\drivers\stppp.sys [2012-4-14 54272]
S3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\drivers\taphss6.sys [2013-1-10 42184]
S3 Te.Service;Te.Service;C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [2012-7-25 126976]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-1-24 57856]
S3 TurboBoost;Intel(R) Turbo Boost Technology Monitor;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-4-17 134928]
S3 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-11-20 2314240]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]
S3 VBoxUSB;VirtualBox USB;C:\Windows\System32\drivers\VBoxUSB.sys [2012-4-3 117040]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-2-4 1255736]
S4 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2010-11-20 379520]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
S4 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-27 398176]
S4 RsFx0105;RsFx0105 Driver;C:\Windows\System32\drivers\RsFx0105.sys [2011-9-22 311144]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-9-22 431464]
.
=============== File Associations ===============
.
ShellExec: FRONTPG.EXE: edit=C:\PROGRA~2\Office10\FRONTPG.EXE
.
=============== Created Last 30 ================
.
2019-10-09 08:40:57--------d-----w-C:\Users\ali\AppData\Roaming\Crypto Obfuscator For .Net v2012 R2
2013-06-19 00:45:2370256----a-w-C:\Windows\System32\drivers\vsock.sys
2013-06-19 00:45:2367224----a-w-C:\Windows\System32\vsocklib.dll
2013-06-19 00:45:2363128----a-w-C:\Windows\SysWow64\vsocklib.dll
2013-06-19 00:45:1567224----a-w-C:\Windows\System32\drivers\vmx86.sys
2013-06-19 00:44:32357016----a-w-C:\Windows\SysWow64\vmnetdhcp.exe
2013-06-19 00:44:28435864----a-w-C:\Windows\SysWow64\vmnat.exe
2013-06-19 00:44:2830360----a-w-C:\Windows\System32\drivers\vmnetuserif.sys
2013-06-19 00:44:12933528----a-w-C:\Windows\System32\vnetlib64.dll
2013-06-19 00:43:5852376----a-w-C:\Windows\System32\drivers\hcmon.sys
2013-06-19 00:43:25--------d-----w-C:\Program Files\Common Files\VMware
2013-06-19 00:40:30--------d-----w-C:\Program Files (x86)\Common Files\VMware
2013-06-18 23:22:089552976----a-w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0A2836C5-46AC-4DB6-92AE-57D140ACF2A9}\mpengine.dll
2013-06-18 14:06:30--------d-----w-C:\Program Files (x86)\FileZilla Server
2013-06-18 08:13:48--------d-----w-C:\Program Files\Red Gate
2013-06-18 07:19:20--------d-----w-C:\Users\ali\AppData\Local\Temporary Projects
2013-06-17 22:47:309552976------w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-16 01:02:08--------d-----w-C:\Users\ali\AppData\Local\VSIXInstaller
2013-06-14 15:27:37964552------w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-06-14 15:27:37964552------w-C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DF505AB6-D6DF-4288-AE01-C57084102710}\gapaengine.dll
2013-06-13 12:48:092706432----a-w-C:\Windows\System32\mshtml.tlb
2013-06-13 12:48:082706432----a-w-C:\Windows\SysWow64\mshtml.tlb
2013-06-13 12:48:07279040----a-w-C:\Program Files\Internet Explorer\sqmapi.dll
2013-06-13 12:48:07218112----a-w-C:\Program Files (x86)\Internet Explorer\sqmapi.dll
2013-06-13 00:09:031910632----a-w-C:\Windows\System32\drivers\tcpip.sys
2013-06-13 00:04:02751104----a-w-C:\Windows\System32\win32spl.dll
2013-06-13 00:04:02492544----a-w-C:\Windows\SysWow64\win32spl.dll
2013-06-12 23:53:231887232----a-w-C:\Windows\System32\d3d11.dll
2013-06-12 23:53:231505280----a-w-C:\Windows\SysWow64\d3d11.dll
2013-06-11 16:44:01--------d-----w-C:\Program Files (x86)\Common Files\PCSuite
2013-06-11 16:43:32--------d-----w-C:\Program Files (x86)\Common Files\Nokia
2013-06-11 16:43:1225600----a-w-C:\Windows\System32\drivers\pccsmcfdx64.sys
2013-06-11 16:42:32--------d-----w-C:\Program Files (x86)\PC Connectivity Solution
2013-06-11 16:40:37--------d-----w-C:\Program Files (x86)\Nokia
2013-06-11 14:30:13--------d-----w-C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-06-10 19:10:09--------d-----w-C:\Users\ali\AppData\Local\Brice_Lambson
2013-06-10 19:08:08--------d-----w-C:\Program Files\Image Resizer for Windows
2013-06-10 19:08:07--------d-----w-C:\Program Files (x86)\Image Resizer for Windows
2013-06-10 17:47:51438272----a-w-C:\shimgvw.dll
2013-06-10 17:47:5133280----a-w-C:\rundll32.exe
2013-06-07 21:15:21--------d-----w-C:\RegBackup
2013-06-07 20:57:5325928----a-w-C:\Windows\System32\drivers\mbam.sys
2013-06-07 20:57:53--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-06-07 20:34:569460464------w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{784E001D-DE3A-4159-9F7F-61BDDB4A468D}\mpengine.dll
2013-06-07 20:34:529460464----a-w-C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Updates\mpengine.dll
2013-06-07 19:11:0495648----a-w-C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-07 18:55:26--------d-----w-C:\Program Files (x86)\MeteorEntertainment
2013-06-05 11:49:05--------d-----w-C:\Users\ali\AppData\Roaming\NuGet
2013-06-03 11:39:28--------d-----w-C:\Program Files (x86)\Microsoft Web Tools
2013-06-03 10:49:36--------d-----w-C:\Program Files (x86)\Microsoft Security Client
2013-06-03 10:49:33--------d-----w-C:\Program Files\Microsoft Security Client
2013-06-02 21:35:1331----a-w-C:\Windows\SysWow64\wsodpdfcsini.dll
2013-06-02 18:24:28--------d-----w-C:\Program Files\Microsoft Synchronization Services
2013-06-02 18:24:23--------d-----w-C:\Program Files (x86)\Microsoft Synchronization Services
2013-06-02 18:22:06--------d-----w-C:\Program Files\Microsoft Visual Studio 10.0
2013-05-31 19:30:49--------d-----w-C:\Users\ali\AppData\Roaming\Microsoft FxCop
2013-05-30 19:34:08--------d-----w-C:\ProgramData\Microsoft Visual Studio
2013-05-29 13:51:512574304----a-w-C:\ProgramData\Microsoft\VisualStudio\11.0\1033\ResourceCache.dll
2013-05-29 13:28:09--------d-----w-C:\Program Files\Microsoft SQL Server Compact Edition
2013-05-29 13:16:23--------d-----w-C:\Program Files\Application Verifier
2013-05-29 13:16:23--------d-----w-C:\Program Files (x86)\Application Verifier
2013-05-29 13:14:36--------d-----w-C:\ProgramData\Windows App Certification Kit
2013-05-29 13:00:08--------d-----w-C:\Program Files (x86)\Common Files\Microsoft
2013-05-29 12:31:08--------d-----w-C:\Program Files (x86)\Microsoft ASP.NET
2013-05-29 12:28:35--------d-----w-C:\Program Files\Microsoft
2013-05-29 12:28:13--------d-----w-C:\Program Files\IIS Express
2013-05-29 12:28:13--------d-----w-C:\Program Files (x86)\IIS Express
2013-05-29 12:26:21--------d-----w-C:\Program Files (x86)\NuGet
2013-05-29 12:20:52--------d-----w-C:\Program Files (x86)\Microsoft WCF Data Services
2013-05-29 12:20:21--------d-----w-C:\Program Files\IIS
2013-05-29 12:20:21--------d-----w-C:\Program Files (x86)\IIS
2013-05-29 12:02:46--------d-----w-C:\Program Files (x86)\Windows Kits
2013-05-29 11:24:11--------d-----w-C:\Program Files (x86)\HTML Help Workshop
2013-05-29 11:23:53--------d-----w-C:\Program Files (x86)\Microsoft Help Viewer
2013-05-29 11:06:36--------d-----w-C:\Windows\SysWow64\1033
2013-05-29 10:31:17--------d-----w-C:\Program Files (x86)\Common Files\Merge Modules
2013-05-29 10:27:20--------d-----w-C:\Users\ali\AppData\Roaming\ImTOO
2013-05-29 10:26:21--------d-----w-C:\ProgramData\ImTOO
2013-05-29 10:26:21--------d-----w-C:\Program Files (x86)\ImTOO
2013-05-29 10:23:56--------d-----w-C:\Program Files (x86)\Microsoft Visual Studio 11.0
2013-05-29 10:23:55--------d-----w-C:\Windows\System32\1033
2013-05-29 10:23:47--------d-----w-C:\Program Files\Microsoft Visual Studio 11.0
2013-05-29 10:05:18--------d-----w-C:\ProgramData\regid.1991-06.com.microsoft
2013-05-29 10:05:18--------d-----w-C:\ProgramData\Package Cache
2013-05-26 13:12:45--------d-----w-C:\Evolution Games
2013-05-26 12:39:29--------d-----w-C:\Users\ali\AppData\Roaming\GlarySoft
2013-05-26 12:39:29--------d-----w-C:\Program Files (x86)\Absolute Uninstaller
2013-05-26 00:14:39--------d-----w-C:\Windows\CheckSur
2013-05-25 23:31:28--------d-sh--w-C:\$RECYCLE.BIN
.
==================== Find3M ====================
.
2013-06-07 19:10:34866720----a-w-C:\Windows\SysWow64\npDeployJava1.dll
2013-06-07 19:10:33788896----a-w-C:\Windows\SysWow64\deployJava1.dll
2013-05-17 01:25:571767936----a-w-C:\Windows\SysWow64\wininet.dll
2013-05-17 01:25:272877440----a-w-C:\Windows\SysWow64\jscript9.dll
2013-05-17 01:25:2661440----a-w-C:\Windows\SysWow64\iesetup.dll
2013-05-17 01:25:26109056----a-w-C:\Windows\SysWow64\iesysprep.dll
2013-05-17 00:59:032241024----a-w-C:\Windows\System32\wininet.dll
2013-05-17 00:58:103958784----a-w-C:\Windows\System32\jscript9.dll
2013-05-17 00:58:0867072----a-w-C:\Windows\System32\iesetup.dll
2013-05-17 00:58:08136704----a-w-C:\Windows\System32\iesysprep.dll
2013-05-14 12:23:2589600----a-w-C:\Windows\System32\RegisterIEPKEYs.exe
2013-05-14 10:54:46421888----a-w-C:\Windows\SysWow64\RealMediaSplitter.ax
2013-05-14 08:40:1371680----a-w-C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-05-13 05:51:01184320----a-w-C:\Windows\System32\cryptsvc.dll
2013-05-13 05:51:001464320----a-w-C:\Windows\System32\crypt32.dll
2013-05-13 05:51:00139776----a-w-C:\Windows\System32\cryptnet.dll
2013-05-13 05:50:4052224----a-w-C:\Windows\System32\certenc.dll
2013-05-13 04:45:55140288----a-w-C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:551160192----a-w-C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55103936----a-w-C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:551192448----a-w-C:\Windows\System32\certutil.exe
2013-05-13 03:08:10903168----a-w-C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:0643008----a-w-C:\Windows\SysWow64\certenc.dll
2013-05-10 05:49:2730720----a-w-C:\Windows\System32\cryptdlg.dll
2013-05-10 03:20:5424576----a-w-C:\Windows\SysWow64\cryptdlg.dll
2013-05-02 00:06:08278800------w-C:\Windows\System32\MpSigStub.exe
2013-04-17 07:02:061230336----a-w-C:\Windows\SysWow64\WindowsCodecs.dll
2013-04-17 06:24:461424384----a-w-C:\Windows\System32\WindowsCodecs.dll
2013-04-13 05:49:23135168----a-w-C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19350208----a-w-C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19308736----a-w-C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19111104----a-w-C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16474624----a-w-C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:152176512----a-w-C:\Windows\apppatch\AcGenral.dll
2013-04-12 14:45:081656680----a-w-C:\Windows\System32\drivers\ntfs.sys
2013-04-10 06:01:54265064----a-w-C:\Windows\System32\drivers\dxgmms1.sys
2013-04-10 06:01:53983400----a-w-C:\Windows\System32\drivers\dxgkrnl.sys
2013-04-10 03:30:503153920----a-w-C:\Windows\System32\win32k.sys
2013-04-05 00:00:03185344----a-w-C:\Windows\SysWow64\elshyph.dll
2013-04-05 00:00:031054720----a-w-C:\Windows\System32\MsSpellCheckingFacility.exe
2013-04-05 00:00:02226304----a-w-C:\Windows\System32\elshyph.dll
2013-04-05 00:00:02158720----a-w-C:\Windows\SysWow64\msls31.dll
2013-04-05 00:00:00719360----a-w-C:\Windows\SysWow64\mshtmlmedia.dll
2013-04-05 00:00:00150528----a-w-C:\Windows\SysWow64\iexpress.exe
2013-04-05 00:00:00138752----a-w-C:\Windows\SysWow64\wextract.exe
2013-03-25 12:28:02350160----a-w-C:\Windows\System32\drivers\trufos.sys
2013-03-25 12:27:56632064----a-w-C:\Windows\SysWow64\msvcr80.dll
2013-03-25 12:27:55554240----a-w-C:\Windows\SysWow64\msvcp80.dll
2013-03-25 12:27:54572928----a-w-C:\Windows\SysWow64\msvcp90.dll
2013-03-25 12:27:53655872----a-w-C:\Windows\SysWow64\msvcr90.dll
2013-03-25 12:27:5134048----a-w-C:\Windows\SysWow64\eEmpty.exe
2013-03-25 11:14:20963488----a-w-C:\Windows\System32\deployJava1.dll
2013-03-25 11:14:201085344----a-w-C:\Windows\System32\npDeployJava1.dll
2013-03-25 10:58:5073432----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-25 10:58:50693976----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
2012-08-15 09:20:362174976----a-w-C:\Program Files (x86)\Common Files\atimpenc.dll
.
============= FINISH: 4:39:42.77 ===============

 

[malis2007]

Attach :
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 15/01/2011 02:30:05 AM
System Uptime: 18/06/2013 09:59:18 PM (7 hours ago)
.
Motherboard: ASUSTeK Computer Inc. | | N53Jq
Processor: Intel(R) Core(TM) i7 CPU Q 740 @ 1.73GHz | Socket 989 | 919/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 40.638 GiB free.
D: is FIXED (NTFS) - 426 GiB total, 59.482 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Virtual WiFi Miniport Adapter
Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&4240F00&0&01
Manufacturer: Microsoft
Name: Microsoft Virtual WiFi Miniport Adapter
PNP Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP\5&4240F00&0&01
Service: vwifimp
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Bluetooth Device (Personal Area Network)
Device ID: BTH\MS_BTHPAN\7&2F9FD3E4&0&2
Manufacturer: Microsoft
Name: Bluetooth Device (Personal Area Network)
PNP Device ID: BTH\MS_BTHPAN\7&2F9FD3E4&0&2
Service: BthPan
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Bluetooth Device (RFCOMM Protocol TDI)
Device ID: BTH\MS_RFCOMM\7&2F9FD3E4&0&0
Manufacturer: Microsoft
Name: Bluetooth Device (RFCOMM Protocol TDI)
PNP Device ID: BTH\MS_RFCOMM\7&2F9FD3E4&0&0
Service: RFCOMM
.
Class GUID:
Description:
Device ID: ROOT\WPD\0000
Manufacturer:
Name:
PNP Device ID: ROOT\WPD\0000
Service:
.
Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318}
Description: Bluetooth Hands-free Audio
Device ID: BTHENUM\{24DF01A9-3E4F-4C9F-9F66-5AA8AB14F8F4}_LOCALMFG&0000\8&15AC57A2&0&000000000000_00000000
Manufacturer: Broadcom
Name: Bluetooth Hands-free Audio
PNP Device ID: BTHENUM\{24DF01A9-3E4F-4C9F-9F66-5AA8AB14F8F4}_LOCALMFG&0000\8&15AC57A2&0&000000000000_00000000
Service: btwaudio
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{00005005-0000-1000-8000-0002EE000001}_VID&00010001_PID&00A9\8&15AC57A2&0&0025D0B055ED_C00000003
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{00005005-0000-1000-8000-0002EE000001}_VID&00010001_PID&00A9\8&15AC57A2&0&0025D0B055ED_C00000003
Service:
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Atheros AR8131 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
Device ID: PCI\VEN_1969&DEV_1063&SUBSYS_18201043&REV_C0\FF1CF4B9BCAEC5FF00
Manufacturer: Atheros
Name: Atheros AR8131 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
PNP Device ID: PCI\VEN_1969&DEV_1063&SUBSYS_18201043&REV_C0\FF1CF4B9BCAEC5FF00
Service: L1C
.
Class GUID: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Description: Bluetooth Remote Control
Device ID: BTHENUM\{84A1E9B8-12BA-4A9C-8AB0-A43784E0D149}_LOCALMFG&0000\8&15AC57A2&0&000000000000_00000000
Manufacturer: Broadcom
Name: Bluetooth Remote Control
PNP Device ID: BTHENUM\{84A1E9B8-12BA-4A9C-8AB0-A43784E0D149}_LOCALMFG&0000\8&15AC57A2&0&000000000000_00000000
Service: btwrchid
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{00005601-0000-1000-8000-0002EE000001}_VID&00010001_PID&00A9\8&15AC57A2&0&0025D0B055ED_C00000003
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{00005601-0000-1000-8000-0002EE000001}_VID&00010001_PID&00A9\8&15AC57A2&0&0025D0B055ED_C00000003
Service:
.
Class GUID:
Description: Bluetooth Peripheral Device
Device ID: BTHENUM\{00005557-0000-1000-8000-0002EE000001}_VID&00010001_PID&00A9\8&15AC57A2&0&0025D0B055ED_C00000003
Manufacturer:
Name: Bluetooth Peripheral Device
PNP Device ID: BTHENUM\{00005557-0000-1000-8000-0002EE000001}_VID&00010001_PID&00A9\8&15AC57A2&0&0025D0B055ED_C00000003
Service:
.
==== System Restore Points ===================
.
RP605: 12/06/2013 11:05:21 PM - Windows Modules Installer
RP606: 12/06/2013 11:06:19 PM - Windows Modules Installer
RP607: 12/06/2013 11:11:07 PM - Windows Modules Installer
RP608: 12/06/2013 11:16:24 PM - Windows Modules Installer
RP609: 12/06/2013 11:18:24 PM - Windows Modules Installer
RP610: 12/06/2013 11:26:35 PM - Windows Modules Installer
RP611: 13/06/2013 03:00:26 AM - Windows Update
RP612: 13/06/2013 02:47:12 PM - Windows Update
RP613: 16/06/2013 02:58:12 AM - Removed .NET Reflector Desktop
RP614: 16/06/2013 03:01:12 AM - Removed .NET Reflector Visual Studio Extension 8.1
RP615: 17/06/2013 01:11:40 PM - Windows Update
.
==== Hosts File Hijack ======================
.
Hosts: 127.0.0.1 ads.mcafee.com
Hosts: 127.0.0.1 analytics.microsoft.com
Hosts: 127.0.0.1 metrics.bitdefender.com
Hosts: 127.0.0.1 metrics.mcafee.com
Hosts: 127.0.0.1 om.symantec.com
Hosts: 127.0.0.1 ads.bleepingcomputer.com
Hosts: 127.0.0.1 wdcs.trendmicro.com
Hosts: 127.0.0.1www.spywareinfo.com
.
==== Installed Programs ======================
.
Tools for .Net 3.5
بريد Windows Live
تحديث لـ Microsoft Office Excel 2007 Help (KB963678)
تحديث لـ Microsoft Office Powerpoint 2007 Help (KB963669)
تحديث لـ Microsoft Office Word 2007 Help (KB963665)
7-Zip 9.20 (x64 edition)
Absolute Uninstaller 2.9.0.722
Ace Evolution
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop CS
Adobe Photoshop CS5.1 12.1
Adobe Reader 9.5.3 MUI
Adobe Shockwave Player 12.0
Alcor Micro USB Card Reader
ANTS Memory Profiler 7
ANTS Performance Profiler 8
ANTS Profiler Visual Studio Add-in 1
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASUS AI Recovery
ASUS AP Bank
ASUS Data Security Manager
ASUS FancyStart
ASUS LifeFrame3
ASUS Live Update
ASUS MultiFrame
ASUS Power4Gear Hybrid
ASUS SmartLogon
ASUS Splendid Video Enhancement Technology
ASUS Video Magic
ASUS Virtual Camera
ASUS WebStorage
ASUS_N3_Series
ATK Package
AutoHotkey 1.0.48.05
Blend for Visual Studio 2012
Blend for Visual Studio 2012 ENU resources
Blend for Visual Studio Add-in for Adobe FXG Import
Blend for Visual Studio SDK for .NET 4.5
Blend for Visual Studio SDK for Silverlight 5
Boingo Wi-Fi
Bonjour
BOUT Evolution
Canon iP2700 series Printer Driver
Cisco Network Magic
ControlDeck
Cooking Dash
CyberLink LabelPrint
CyberLink MediaShow Espresso
CyberLink PhotoNow
CyberLink Power2Go
CyberLink PowerDirector
CyberLink PowerDVD 9
D3DX10
Dotfuscator and Analytics Community Edition
Dropbox
Entity Framework Designer for Visual Studio 2012 - enu
ESET Smart Security
ETDWare PS/2-x64 7.0.5.13_WHQL
Explorer Suite III
ExpressGate Cloud
Fast Boot
FileZilla Client 3.6.0.2
Fresco Logic USB3.0 Host Controller
Game Park Console
Google Chrome
Google Earth
Google Update Helper
Governor of Poker
Hawken
Hotel Dash Suite Success
Hotfix for Microsoft Visual Basic 2010 Express - ENU (KB2635973)
IIS 8.0 Express
IIS Express Application Compatibility Database for x64
IIS Express Application Compatibility Database for x86
Image Resizer for Windows
Image Resizer for Windows (64 bit)
Imgur Uploader
ImTOO Video Converter Ultimate
Inno Setup version 5.5.1
Intel(R) Management Engine Components
Intel(R) Turbo Boost Technology Monitor
Internet Download Manager
IrfanView (remove only)
iTunes
Java 7 Update 21
Java Auto Updater
JavaScript Tooling
Junk Mail filter update
LocalESPC
LocalESPCui for en-us
Luxor 3
Mahjongg dimensions
Malwarebytes Anti-Malware version 1.75.0.1300
MediaFire Express
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft .NET Framework 4.5
Microsoft .NET Framework 4.5 Multi-Targeting Pack
Microsoft .NET Framework 4.5 SDK
Microsoft Application Error Reporting
Microsoft ASP.NET MVC 3
Microsoft ASP.NET MVC 3 - Visual Studio 2012 Tools Update
Microsoft ASP.NET MVC 4 - Visual Studio 2012 Tools - ENU
Microsoft ASP.NET MVC 4 Runtime
Microsoft ASP.NET Web Pages
Microsoft ASP.NET Web Pages - Visual Studio 2012 Tools
Microsoft ASP.NET Web Pages 2 - Visual Studio 2012 Tools - ENU
Microsoft ASP.NET Web Pages 2 Runtime
Microsoft Expression Blend SDK for .NET 4
Microsoft Expression Blend SDK for Silverlight 4
Microsoft Help Viewer 1.1
Microsoft Help Viewer 2.0
Microsoft LightSwitch for Visual Studio 2012 Core
Microsoft LightSwitch for Visual Studio 2012 CoreRes - ENU
Microsoft LightSwitch for Visual Studio 2012 v3.0 Core
Microsoft LightSwitch for Visual Studio 2012 v3.0 CoreRes - ENU
Microsoft NuGet - Visual Studio 2012
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (Arabic) 2007
Microsoft Office Excel MUI (Arabic) 2007
Microsoft Office File Validation Add-In
Microsoft Office Office 64-bit Components 2007
Microsoft Office Outlook MUI (Arabic) 2007
Microsoft Office PowerPoint MUI (Arabic) 2007
Microsoft Office Professional 2007
Microsoft Office Proof (Arabic) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proofing (Arabic) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (Arabic) 2007
Microsoft Office Shared 64-bit MUI (Arabic) 2007
Microsoft Office Shared MUI (Arabic) 2007
Microsoft Office Word MUI (Arabic) 2007
Microsoft Portable Library Multi-Targeting Pack
Microsoft Portable Library Multi-Targeting Pack Language Pack - enu
Microsoft Report Viewer Add-On for Visual Studio 2012
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Silverlight 4 SDK
Microsoft Silverlight 5 SDK
Microsoft SkyDrive
Microsoft SQL Server 2008 (64-bit)
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2012 Command Line Utilities
Microsoft SQL Server 2012 Data-Tier App Framework
Microsoft SQL Server 2012 Express LocalDB
Microsoft SQL Server 2012 Management Objects
Microsoft SQL Server 2012 Management Objects (x64)
Microsoft SQL Server 2012 Native Client
Microsoft SQL Server 2012 T-SQL Language Service
Microsoft SQL Server 2012 Transact-SQL Compiler Service
Microsoft SQL Server 2012 Transact-SQL ScriptDom
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Compact 3.5 SP2 x64 ENU
Microsoft SQL Server Compact 4.0 SP1 x64 ENU
Microsoft SQL Server Data Tools - enu (11.1.20627.00)
Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20627.00)
Microsoft SQL Server System CLR Types
Microsoft SQL Server System CLR Types (x64)
Microsoft System CLR Types for SQL Server 2012
Microsoft System CLR Types for SQL Server 2012 (x64)
Microsoft Visual Basic 2010 Express - ENU
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
Microsoft Visual C++ 2012 x64 Designtime - 11.0.50727
Microsoft Visual C++ 2012 32bit Compilers - ENU Resources
Microsoft Visual C++ 2012 Compilers
Microsoft Visual C++ 2012 Compilers - ENU Resources
Microsoft Visual C++ 2012 Core Libraries
Microsoft Visual C++ 2012 Extended Libraries
Microsoft Visual C++ 2012 Microsoft Foundation Class Libraries
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106
Microsoft Visual C++ 2012 x64 Debug Runtime - 11.0.51106
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106
Microsoft Visual C++ 2012 x86-x64 Compilers
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
Microsoft Visual C++ 2012 x86 Debug Runtime - 11.0.51106
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU
Microsoft Visual Studio 2010 Office Developer Tools (x64)
Microsoft Visual Studio 2010 Service Pack 1
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
Microsoft Visual Studio 2012 Devenv
Microsoft Visual Studio 2012 Devenv Resources
Microsoft Visual Studio 2012 IntelliTrace Core amd64
Microsoft Visual Studio 2012 IntelliTrace Core x86
Microsoft Visual Studio 2012 IntelliTrace Front End x86
Microsoft Visual Studio 2012 Performance Collection Tools
Microsoft Visual Studio 2012 Performance Collection Tools - ENU
Microsoft Visual Studio 2012 Preparation
Microsoft Visual Studio 2012 SharePoint Developer Tools
Microsoft Visual Studio 2012 SharePoint Developer Tools ENU Language Pack
Microsoft Visual Studio 2012 Shell (Minimum)
Microsoft Visual Studio 2012 Shell (Minimum) Interop Assemblies
Microsoft Visual Studio 2012 Shell (Minimum) Resources
Microsoft Visual Studio 2012 Tools for SQL Server Compact 4.0 SP1 ENU
Microsoft Visual Studio Premium 2012
Microsoft Visual Studio Premium 2012 - ENU
Microsoft Visual Studio Professional 2012
Microsoft Visual Studio Professional 2012 - ENU
Microsoft Visual Studio Team Foundation Server 2012 Object Model
Microsoft Visual Studio Team Foundation Server 2012 Object Model Language Pack - ENU
Microsoft Visual Studio Team Foundation Server 2012 Storyboarding
Microsoft Visual Studio Team Foundation Server 2012 Storyboarding Language Pack - ENU
Microsoft Visual Studio Team Foundation Server 2012 Team Explorer
Microsoft Visual Studio Team Foundation Server 2012 Team Explorer Language Pack - ENU
Microsoft Visual Studio Ultimate 2012
Microsoft Visual Studio Ultimate 2012 - ENU
Microsoft Visual Studio Ultimate 2012 XAML UI Designer Core
Microsoft Visual Studio Ultimate 2012 XAML UI Designer enu Resources
Microsoft Web Deploy 3.0
Microsoft Web Deploy dbSqlPackage Provider - enu
Microsoft Web Developer Tools 2012.2 - Visual Studio 2012
Microsoft Web Platform Installer 4.0
Movie Maker
MSVC80_x64_v2
MSVC90_x64
MSVC90_x86
MSVCRT
MSVCRT_amd64
MSVCRT110
MSVCRT110_amd64
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
MSXML 4.0 SP3 Parser (KB973685)
Net4Switch
Network Magic
Nokia Connectivity Cable Driver
Nokia PC Suite
Notepad++
NVIDIA 3D Vision Driver 311.44
NVIDIA Control Panel 311.44
NVIDIA Display Control Panel
NVIDIA Graphics Driver 311.44
NVIDIA HD Audio Driver 1.3.18.0
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.1031
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.11.3
NVIDIA Update Components
NVIDIA Updatus
Paint Shop Pro 5.0
PC Connectivity Solution
PDF-XChange 4 Pro
Photo Common
Photo Gallery
Plants vs Zombies
PMB
PreEmptive Analytics Visual Studio Components
Prerequisites for SSDT
Pure Networks Platform
RealNetworks - Microsoft Visual C++ 2008 Runtime
Realtek High Definition Audio Driver
RealUpgrade 1.1
Resource Hacker Version 3.6.0
Safari
Security Update for Microsoft .NET Framework 4.5 (KB2737083)
Security Update for Microsoft .NET Framework 4.5 (KB2742613)
Security Update for Microsoft .NET Framework 4.5 (KB2789648)
Security Update for Microsoft .NET Framework 4.5 (KB2804582)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Service Pack 3 for SQL Server 2008 (KB2546951) (64-bit)
Skype™ 6.3
SonicMaster
Sql Server Customer Experience Improvement Program
swMSM
syncables desktop SE
tools-freebsd
tools-linux
tools-netware
tools-solaris
tools-windows
tools-winPre2k
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4.5 (KB2750147)
Update for Microsoft .NET Framework 4.5 (KB2805221)
Update for Microsoft .NET Framework 4.5 (KB2805226)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817327) 32-Bit Edition
Update for Microsoft Visual Studio 2012 (KB2781514)
USB2.0 UVC 2M WebCam
VirusTotal Uploader 2.0
VistaSwitcher
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
Visual Studio 2012 Prerequisites
Visual Studio 2012 Prerequisites - ENU Language Pack
Visual Studio 2012 Update 2 (KB2707250)
Visual Studio Extensions for Windows Library for JavaScript
VLC media player 2.0.6
VMware Workstation
WCF Data Services 5.0 (for OData v3) Primary Components
WCF Data Services Tools for Microsoft Visual Studio 2012
WCF RIA Services V1.0 SP2
WIDCOMM Bluetooth Software
WinDirStat 1.1.2
Windows App Certification Kit Native Components
Windows App Certification Kit x64
Windows Azure Tools for LightSwitch HTML Client for Visual Studio 2012
Windows Driver Package - Broadcom HIDClass (06/11/2009 6.2.0.9500)
Windows Driver Package - Nokia Modem (02/25/2011 4.7)
Windows Driver Package - Nokia Modem (02/25/2011 7.01.0.9)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Runtime Intellisense Content - en-us
Windows Software Development Kit
Windows Software Development Kit DirectX x64 Remote
Windows Software Development Kit DirectX x86 Remote
Windows Software Development Kit for Windows Store Apps
Windows Software Development Kit for Windows Store Apps DirectX x64 Remote
Windows Software Development Kit for Windows Store Apps DirectX x86 Remote
Windows XP Targeting with C++
WinFlash
WinRAR archiver
Wireless Console 3
XnView 1.99.6
Yahoo! Messenger
معرض الصور
.
==== Event Viewer Messages From Past Week ========
.
19/06/2013 04:09:56 AM, Error: ACPI [10] - ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation Region (0x4), Please contact your system vendor for technical assistance.
18/06/2013 10:00:40 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ysyfer
18/06/2013 10:00:07 PM, Error: Service Control Manager [7003] - The Net.Pipe Listener Adapter service depends the following service: was. This service might not be installed.
18/06/2013 10:00:07 PM, Error: Service Control Manager [7003] - The Net.Msmq Listener Adapter service depends the following service: msmq. This service might not be installed.
18/06/2013 10:00:07 PM, Error: Service Control Manager [7001] - The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
18/06/2013 09:59:30 PM, Error: Ntfs [137] - The default transaction resource manager on volume D: encountered a non-retryable error and could not start. The data contains the error code.
18/06/2013 09:59:25 PM, Error: volmgr [46] - Crash dump initialization failed!
18/06/2013 04:06:35 PM, Error: Service Control Manager [7030] - The FileZilla Server FTP server service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
15/06/2013 03:58:33 AM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
14/06/2013 10:22:30 PM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
13/06/2013 03:25:46 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.151.2021.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9506.0 Error code: 0x80072f76 Error description: The requested header was not found
13/06/2013 01:12:57 AM, Error: Microsoft-Windows-WPDClassInstaller [25088] - It was not possible to install drivers for the device WPD_NOKIA_73fd2114_0d73_49c3_9c65_1a2b2c7f6eba. Error code 0xe0000219.
13/06/2013 01:12:57 AM, Error: Microsoft-Windows-DriverFrameworks-UserMode [10101] - The driver package installation has failed. The final status was 0xE0000203.
13/06/2013 01:12:56 AM, Error: Microsoft-Windows-DriverFrameworks-UserMode [10101] - The driver package installation has failed. The final status was 0x3.
12/06/2013 11:47:14 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.151.2021.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9506.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
12/06/2013 11:47:14 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.151.2021.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.9506.0 Error code: 0x80240022 Error description: The program can't check for definition updates.
.
==== End Of File ===========================

 

[malis2007]

And forgot to mention that I have the following AV's :
ESET Smart Security 6
and Malwarebytes anti-malware
and Microsoft Security Essentials...
..

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=========================================

You're running two AV programs, Eset and MSE.
You must uninstall one of them.

Download RogueKiller for 32bit or Roguekiller for 64bit to your Desktop.

• Close all the running programs
• Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
• Otherwise just double-click on RogueKiller.exe
• Pre-scan will start. Let it finish.
• Click on SCAN button.
• Wait until the Status box shows Scan Finished
• Click on Delete.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.
• If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Create new restore point before proceeding with the next step....
How to:
- Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

Download Malwarebytes Anti-Rootkit (MBAR) from HERE

• Unzip downloaded file.
• Open the folder where the contents were unzipped and run mbar.exe
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
• Click on the Cleanup button to remove any threats and reboot if prompted to do so.
• Wait while the system shuts down and the cleanup process is performed.
• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
• When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt

 

[malis2007]

Hey
Thanks alot for replying and trying to help me
I am ready to start.
here is the log from the "Report" button which in the RogueKiller app

RogueKiller V8.6.1 _x64_ [Jun 17 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : https://www.techspot.com/downloads/5562-roguekiller.html
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : ali [Admin rights]
Mode : Remove -- Date : 06/19/2013 08:05:33
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 13 ¤¤¤
[SERVICE][ROGUE ST] HKLM\[...]\CCSet\[...]\Services : 77962412 (C:\Windows\system32\DRIVERS\77962412.sys [7]) -> DELETED
[SERVICE][ROGUE ST] HKLM\[...]\CS001\[...]\Services : 77962412 (C:\Windows\system32\DRIVERS\77962412.sys [7]) -> [0x2] The system cannot find the file specified.
[SERVICE][ROGUE ST] HKLM\[...]\CS002\[...]\Services : 77962412 (C:\Windows\system32\DRIVERS\77962412.sys [7]) -> DELETED
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowUser (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowHelp (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : Mal.Hosts ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 marketing.doubleclickindustries.com --> Potentially malicious!
127.0.0.1 anon.doubleclick.speedera.net --> Potentially malicious!
127.0.0.1 doubleclick.net --> Potentially malicious!
127.0.0.1 ad.doubleclick.net #[MVPS.Criteria] --> Potentially malicious!
127.0.0.1 ad-g.doubleclick.net --> Potentially malicious!
127.0.0.1 ad2.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.ae.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.ar.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.at.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.au.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.be.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.br.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.ca.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.ch.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.cl.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.cn.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.de.doubleclick.net #[Tracking.Cookie] --> Potentially malicious!
127.0.0.1 ad.dk.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.es.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.fi.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.fr.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.gr.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.hk.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.hr.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.hu.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.ie.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.in.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.jp.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.kr.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.it.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.nl.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.no.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.nz.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.pl.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.pt.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.ro.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.ru.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.se.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.sg.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.si.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.terra.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.th.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.tw.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.uk.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.us.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.za.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.n2434.doubleclick.net --> Potentially malicious!
127.0.0.1 ad-emea.doubleclick.net --> Potentially malicious!
127.0.0.1 creatives.doubleclick.net --> Potentially malicious!
127.0.0.1 dfp.doubleclick.net --> Potentially malicious!
127.0.0.1 feedads.g.doubleclick.net --> Potentially malicious!
127.0.0.1 fls.doubleclick.net --> Potentially malicious!
127.0.0.1 fls.uk.doubleclick.net --> Potentially malicious!
127.0.0.1 googleads.g.doubleclick.net #[pagead-dclk.l.google.com] --> Potentially malicious!
127.0.0.1 ir.doubleclick.net --> Potentially malicious!
127.0.0.1 iv.doubleclick.net --> Potentially malicious!
127.0.0.1 m.doubleclick.net --> Potentially malicious!
127.0.0.1 motifcdn.doubleclick.net --> Potentially malicious!
127.0.0.1 motifcdn2.doubleclick.net --> Potentially malicious!
127.0.0.1 n4052ad.doubleclick.net --> Potentially malicious!
127.0.0.1 n4403ad.doubleclick.net --> Potentially malicious!
127.0.0.1 n479ad.doubleclick.net --> Potentially malicious!
127.0.0.1 paypalssl.doubleclick.net --> Potentially malicious!
127.0.0.1 pubads.g.doubleclick.net --> Potentially malicious!
127.0.0.1 s2.video.doubleclick.net --> Potentially malicious!
127.0.0.1 survey.g.doubleclick.net --> Potentially malicious!
127.0.0.1 doubleclick.ne.jp --> Potentially malicious!
127.0.0.1 www3.doubleclick.net --> Potentially malicious!
127.0.0.1 www.doubleclick.net --> Potentially malicious!
127.0.0.1 doubleclick.com --> Potentially malicious!
127.0.0.1 www2.doubleclick.com --> Potentially malicious!
127.0.0.1 www3.doubleclick.com --> Potentially malicious!
127.0.0.1 www.doubleclick.com --> Potentially malicious!
127.0.0.1 ad.rs.doubleclick.net --> Potentially malicious!
127.0.0.1 ad-apac.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.mo.doubleclick.net --> Potentially malicious!
127.0.0.1 adclick.g.doubleclick.net --> Potentially malicious!
127.0.0.1 gan.doubleclick.net --> Potentially malicious!
127.0.0.1 googleads2.g.doubleclick.net --> Potentially malicious!
127.0.0.1 n4061ad.hk.doubleclick.net --> Potentially malicious!
127.0.0.1 securepubads.g.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.bg.doubleclick.net --> Potentially malicious!
127.0.0.1 cm.g.doubleclick.net --> Potentially malicious!
127.0.0.1 stats.g.doubleclick.net --> Potentially malicious!
127.0.0.1 fls.au.doubleclick.net --> Potentially malicious!
127.0.0.1 doubleclick.shockwave.com --> Potentially malicious!
127.0.0.1 www3.webhostingtalk.com #[ad.3ad.doubleclick.net] --> Potentially malicious!
127.0.0.1 ad.mirror.co.uk #[ad.3ad.doubleclick.net] --> Potentially malicious!
127.0.0.1 c.statcounter.com --> Potentially malicious!
127.0.0.1 c1.statcounter.com #[Tracking.Cookie] --> Potentially malicious!
127.0.0.1 c2.statcounter.com #[WebBug] --> Potentially malicious!
127.0.0.1 c3.statcounter.com --> Potentially malicious!
127.0.0.1 c4.statcounter.com --> Potentially malicious!
127.0.0.1 c5.statcounter.com --> Potentially malicious!
127.0.0.1 c6.statcounter.com #[MVPS.Criteria] --> Potentially malicious!
127.0.0.1 c7.statcounter.com --> Potentially malicious!
127.0.0.1 c8.statcounter.com --> Potentially malicious!
127.0.0.1 c10.statcounter.com --> Potentially malicious!
127.0.0.1 c11.statcounter.com --> Potentially malicious!
127.0.0.1 c12.statcounter.com --> Potentially malicious!
127.0.0.1 c13.statcounter.com --> Potentially malicious!
127.0.0.1 c14.statcounter.com --> Potentially malicious!
127.0.0.1 c15.statcounter.com --> Potentially malicious!
127.0.0.1 c16.statcounter.com --> Potentially malicious!
127.0.0.1 c17.statcounter.com --> Potentially malicious!
127.0.0.1 c18.statcounter.com --> Potentially malicious!
127.0.0.1 c19.statcounter.com --> Potentially malicious!
127.0.0.1 c20.statcounter.com --> Potentially malicious!
127.0.0.1 c21.statcounter.com --> Potentially malicious!
127.0.0.1 c22.statcounter.com --> Potentially malicious!
127.0.0.1 c23.statcounter.com --> Potentially malicious!
127.0.0.1 c24.statcounter.com --> Potentially malicious!
127.0.0.1 c25.statcounter.com --> Potentially malicious!
127.0.0.1 c26.statcounter.com --> Potentially malicious!
127.0.0.1 c27.statcounter.com --> Potentially malicious!
127.0.0.1 c28.statcounter.com --> Potentially malicious!
127.0.0.1 c29.statcounter.com --> Potentially malicious!
127.0.0.1 c30.statcounter.com --> Potentially malicious!
127.0.0.1 c31.statcounter.com --> Potentially malicious!
127.0.0.1 c32.statcounter.com --> Potentially malicious!
127.0.0.1 c33.statcounter.com --> Potentially malicious!
127.0.0.1 c34.statcounter.com --> Potentially malicious!
127.0.0.1 c35.statcounter.com --> Potentially malicious!
127.0.0.1 c36.statcounter.com --> Potentially malicious!
127.0.0.1 c37.statcounter.com --> Potentially malicious!
127.0.0.1 c38.statcounter.com --> Potentially malicious!
127.0.0.1 c39.statcounter.com --> Potentially malicious!
127.0.0.1 c40.statcounter.com --> Potentially malicious!
127.0.0.1 c41.statcounter.com --> Potentially malicious!
127.0.0.1 c42.statcounter.com --> Potentially malicious!
127.0.0.1 c43.statcounter.com --> Potentially malicious!
127.0.0.1 c45.statcounter.com --> Potentially malicious!
127.0.0.1 c46.statcounter.com --> Potentially malicious!
127.0.0.1 my.statcounter.com --> Potentially malicious!
127.0.0.1 my8.statcounter.com --> Potentially malicious!
127.0.0.1 s2.statcounter.com --> Potentially malicious!
127.0.0.1 secure.statcounter.com --> Potentially malicious!
127.0.0.1 www.statcounter.com --> Potentially malicious!
127.0.0.1 host3.adhese.be #[ad.be.doubleclick.net] --> Potentially malicious!
127.0.0.1 download-winmx-free.com --> Potentially malicious!
127.0.0.1 www.download-winmx-free.com --> Potentially malicious!
127.0.0.1 www.facebook.com.img335.tk --> Potentially malicious!
127.0.0.1 free-winmx-downloads.com --> Potentially malicious!
127.0.0.1 www.free-winmx-downloads.com --> Potentially malicious!
127.0.0.1 www.google.dospop.com --> Potentially malicious!
127.0.0.1 www.mp3winmx.com --> Potentially malicious!
127.0.0.1 mp3winmx.com --> Potentially malicious!
127.0.0.1 winmx.click-new-download.com --> Potentially malicious!
127.0.0.1 www.winmx.click-new-download.com --> Potentially malicious!
127.0.0.1 winmx-d0wnload.com --> Potentially malicious!
127.0.0.1 www.winmx-d0wnload.com --> Potentially malicious!
127.0.0.1 winmxfrance.com --> Potentially malicious!
127.0.0.1 www.winmxfrance.com --> Potentially malicious!
127.0.0.1 winmx-freebie.com --> Potentially malicious!
127.0.0.1 www.winmx-freebie.com --> Potentially malicious!
127.0.0.1 winmx-music-download.com --> Potentially malicious!
127.0.0.1 www.winmx-music-download.com --> Potentially malicious!
127.0.0.1 www.winmx-usa.com --> Potentially malicious!
127.0.0.1 winmx-usa.com --> Potentially malicious!

127.0.0.1 localhost
::1 localhost #[IPv6]
127.0.0.1 fr.a2dfp.net
127.0.0.1 m.fr.a2dfp.net
127.0.0.1 ad.a8.net
127.0.0.1 asy.a8ww.net
127.0.0.1 abcstats.com
127.0.0.1 a.abv.bg
127.0.0.1 adserver.abv.bg
127.0.0.1 adv.abv.bg
127.0.0.1 bimg.abv.bg
127.0.0.1 ca.abv.bg
127.0.0.1 www2.a-counter.kiev.ua
127.0.0.1 track.acclaimnetwork.com
127.0.0.1 accuserveadsystem.com
127.0.0.1 www.accuserveadsystem.com
127.0.0.1 achmedia.com
127.0.0.1 aconti.net
127.0.0.1 secure.aconti.net
127.0.0.1 www.aconti.net #[Dialer.Aconti]
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD6400BEVT-80A0RT0 +++++
--- User ---
[MBR] 222d6b2c6f0d0cf941277234fd436d0d
[BSP] b8e681ec20f3f51e484d81d4ade624cc : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 63 | Size: 22003 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 45062325 | Size: 152616 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 357623808 | Size: 435858 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_06192013_080533.txt >>
RKreport[0]_S_06192013_080427.txt

 

[malis2007]

And btw.. I found another logfile other than that ^ in my desktop
and here it is :


RogueKiller V8.6.1 _x64_ [Jun 17 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : https://www.techspot.com/downloads/5562-roguekiller.html
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : ali [Admin rights]
Mode : Scan -- Date : 06/19/2013 08:04:27
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 13 ¤¤¤
[SERVICE][ROGUE ST] HKLM\[...]\CCSet\[...]\Services : 77962412 (C:\Windows\system32\DRIVERS\77962412.sys [7]) -> FOUND
[SERVICE][ROGUE ST] HKLM\[...]\CS001\[...]\Services : 77962412 (C:\Windows\system32\DRIVERS\77962412.sys [7]) -> FOUND
[SERVICE][ROGUE ST] HKLM\[...]\CS002\[...]\Services : 77962412 (C:\Windows\system32\DRIVERS\77962412.sys [7]) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowHelp (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : Mal.Hosts ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 marketing.doubleclickindustries.com --> Potentially malicious!
127.0.0.1 anon.doubleclick.speedera.net --> Potentially malicious!
127.0.0.1 doubleclick.net --> Potentially malicious!
127.0.0.1 ad.doubleclick.net #[MVPS.Criteria] --> Potentially malicious!
127.0.0.1 ad-g.doubleclick.net --> Potentially malicious!
127.0.0.1 ad2.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.ae.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.ar.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.at.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.au.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.be.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.br.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.ca.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.ch.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.cl.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.cn.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.de.doubleclick.net #[Tracking.Cookie] --> Potentially malicious!
127.0.0.1 ad.dk.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.es.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.fi.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.fr.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.gr.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.hk.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.hr.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.hu.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.ie.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.in.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.jp.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.kr.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.it.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.nl.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.no.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.nz.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.pl.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.pt.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.ro.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.ru.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.se.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.sg.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.si.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.terra.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.th.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.tw.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.uk.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.us.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.za.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.n2434.doubleclick.net --> Potentially malicious!
127.0.0.1 ad-emea.doubleclick.net --> Potentially malicious!
127.0.0.1 creatives.doubleclick.net --> Potentially malicious!
127.0.0.1 dfp.doubleclick.net --> Potentially malicious!
127.0.0.1 feedads.g.doubleclick.net --> Potentially malicious!
127.0.0.1 fls.doubleclick.net --> Potentially malicious!
127.0.0.1 fls.uk.doubleclick.net --> Potentially malicious!
127.0.0.1 googleads.g.doubleclick.net #[pagead-dclk.l.google.com] --> Potentially malicious!
127.0.0.1 ir.doubleclick.net --> Potentially malicious!
127.0.0.1 iv.doubleclick.net --> Potentially malicious!
127.0.0.1 m.doubleclick.net --> Potentially malicious!
127.0.0.1 motifcdn.doubleclick.net --> Potentially malicious!
127.0.0.1 motifcdn2.doubleclick.net --> Potentially malicious!
127.0.0.1 n4052ad.doubleclick.net --> Potentially malicious!
127.0.0.1 n4403ad.doubleclick.net --> Potentially malicious!
127.0.0.1 n479ad.doubleclick.net --> Potentially malicious!
127.0.0.1 paypalssl.doubleclick.net --> Potentially malicious!
127.0.0.1 pubads.g.doubleclick.net --> Potentially malicious!
127.0.0.1 s2.video.doubleclick.net --> Potentially malicious!
127.0.0.1 survey.g.doubleclick.net --> Potentially malicious!
127.0.0.1 doubleclick.ne.jp --> Potentially malicious!
127.0.0.1 www3.doubleclick.net --> Potentially malicious!
127.0.0.1 www.doubleclick.net --> Potentially malicious!
127.0.0.1 doubleclick.com --> Potentially malicious!
127.0.0.1 www2.doubleclick.com --> Potentially malicious!
127.0.0.1 www3.doubleclick.com --> Potentially malicious!
127.0.0.1 www.doubleclick.com --> Potentially malicious!
127.0.0.1 ad.rs.doubleclick.net --> Potentially malicious!
127.0.0.1 ad-apac.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.mo.doubleclick.net --> Potentially malicious!
127.0.0.1 adclick.g.doubleclick.net --> Potentially malicious!
127.0.0.1 gan.doubleclick.net --> Potentially malicious!
127.0.0.1 googleads2.g.doubleclick.net --> Potentially malicious!
127.0.0.1 n4061ad.hk.doubleclick.net --> Potentially malicious!
127.0.0.1 securepubads.g.doubleclick.net --> Potentially malicious!
127.0.0.1 ad.bg.doubleclick.net --> Potentially malicious!
127.0.0.1 cm.g.doubleclick.net --> Potentially malicious!
127.0.0.1 stats.g.doubleclick.net --> Potentially malicious!
127.0.0.1 fls.au.doubleclick.net --> Potentially malicious!
127.0.0.1 doubleclick.shockwave.com --> Potentially malicious!
127.0.0.1 www3.webhostingtalk.com #[ad.3ad.doubleclick.net] --> Potentially malicious!
127.0.0.1 ad.mirror.co.uk #[ad.3ad.doubleclick.net] --> Potentially malicious!
127.0.0.1 c.statcounter.com --> Potentially malicious!
127.0.0.1 c1.statcounter.com #[Tracking.Cookie] --> Potentially malicious!
127.0.0.1 c2.statcounter.com #[WebBug] --> Potentially malicious!
127.0.0.1 c3.statcounter.com --> Potentially malicious!
127.0.0.1 c4.statcounter.com --> Potentially malicious!
127.0.0.1 c5.statcounter.com --> Potentially malicious!
127.0.0.1 c6.statcounter.com #[MVPS.Criteria] --> Potentially malicious!
127.0.0.1 c7.statcounter.com --> Potentially malicious!
127.0.0.1 c8.statcounter.com --> Potentially malicious!
127.0.0.1 c10.statcounter.com --> Potentially malicious!
127.0.0.1 c11.statcounter.com --> Potentially malicious!
127.0.0.1 c12.statcounter.com --> Potentially malicious!
127.0.0.1 c13.statcounter.com --> Potentially malicious!
127.0.0.1 c14.statcounter.com --> Potentially malicious!
127.0.0.1 c15.statcounter.com --> Potentially malicious!
127.0.0.1 c16.statcounter.com --> Potentially malicious!
127.0.0.1 c17.statcounter.com --> Potentially malicious!
127.0.0.1 c18.statcounter.com --> Potentially malicious!
127.0.0.1 c19.statcounter.com --> Potentially malicious!
127.0.0.1 c20.statcounter.com --> Potentially malicious!
127.0.0.1 c21.statcounter.com --> Potentially malicious!
127.0.0.1 c22.statcounter.com --> Potentially malicious!
127.0.0.1 c23.statcounter.com --> Potentially malicious!
127.0.0.1 c24.statcounter.com --> Potentially malicious!
127.0.0.1 c25.statcounter.com --> Potentially malicious!
127.0.0.1 c26.statcounter.com --> Potentially malicious!
127.0.0.1 c27.statcounter.com --> Potentially malicious!
127.0.0.1 c28.statcounter.com --> Potentially malicious!
127.0.0.1 c29.statcounter.com --> Potentially malicious!
127.0.0.1 c30.statcounter.com --> Potentially malicious!
127.0.0.1 c31.statcounter.com --> Potentially malicious!
127.0.0.1 c32.statcounter.com --> Potentially malicious!
127.0.0.1 c33.statcounter.com --> Potentially malicious!
127.0.0.1 c34.statcounter.com --> Potentially malicious!
127.0.0.1 c35.statcounter.com --> Potentially malicious!
127.0.0.1 c36.statcounter.com --> Potentially malicious!
127.0.0.1 c37.statcounter.com --> Potentially malicious!
127.0.0.1 c38.statcounter.com --> Potentially malicious!
127.0.0.1 c39.statcounter.com --> Potentially malicious!
127.0.0.1 c40.statcounter.com --> Potentially malicious!
127.0.0.1 c41.statcounter.com --> Potentially malicious!
127.0.0.1 c42.statcounter.com --> Potentially malicious!
127.0.0.1 c43.statcounter.com --> Potentially malicious!
127.0.0.1 c45.statcounter.com --> Potentially malicious!
127.0.0.1 c46.statcounter.com --> Potentially malicious!
127.0.0.1 my.statcounter.com --> Potentially malicious!
127.0.0.1 my8.statcounter.com --> Potentially malicious!
127.0.0.1 s2.statcounter.com --> Potentially malicious!
127.0.0.1 secure.statcounter.com --> Potentially malicious!
127.0.0.1 www.statcounter.com --> Potentially malicious!
127.0.0.1 host3.adhese.be #[ad.be.doubleclick.net] --> Potentially malicious!
127.0.0.1 download-winmx-free.com --> Potentially malicious!
127.0.0.1 www.download-winmx-free.com --> Potentially malicious!
127.0.0.1 www.facebook.com.img335.tk --> Potentially malicious!
127.0.0.1 free-winmx-downloads.com --> Potentially malicious!
127.0.0.1 www.free-winmx-downloads.com --> Potentially malicious!
127.0.0.1 www.google.dospop.com --> Potentially malicious!
127.0.0.1 www.mp3winmx.com --> Potentially malicious!
127.0.0.1 mp3winmx.com --> Potentially malicious!
127.0.0.1 winmx.click-new-download.com --> Potentially malicious!
127.0.0.1 www.winmx.click-new-download.com --> Potentially malicious!
127.0.0.1 winmx-d0wnload.com --> Potentially malicious!
127.0.0.1 www.winmx-d0wnload.com --> Potentially malicious!
127.0.0.1 winmxfrance.com --> Potentially malicious!
127.0.0.1 www.winmxfrance.com --> Potentially malicious!
127.0.0.1 winmx-freebie.com --> Potentially malicious!
127.0.0.1 www.winmx-freebie.com --> Potentially malicious!
127.0.0.1 winmx-music-download.com --> Potentially malicious!
127.0.0.1 www.winmx-music-download.com --> Potentially malicious!
127.0.0.1 www.winmx-usa.com --> Potentially malicious!
127.0.0.1 winmx-usa.com --> Potentially malicious!

127.0.0.1 localhost
::1 localhost #[IPv6]
127.0.0.1 fr.a2dfp.net
127.0.0.1 m.fr.a2dfp.net
127.0.0.1 ad.a8.net
127.0.0.1 asy.a8ww.net
127.0.0.1 abcstats.com
127.0.0.1 a.abv.bg
127.0.0.1 adserver.abv.bg
127.0.0.1 adv.abv.bg
127.0.0.1 bimg.abv.bg
127.0.0.1 ca.abv.bg
127.0.0.1 www2.a-counter.kiev.ua
127.0.0.1 track.acclaimnetwork.com
127.0.0.1 accuserveadsystem.com
127.0.0.1 www.accuserveadsystem.com
127.0.0.1 achmedia.com
127.0.0.1 aconti.net
127.0.0.1 secure.aconti.net
127.0.0.1 www.aconti.net #[Dialer.Aconti]
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD6400BEVT-80A0RT0 +++++
--- User ---
[MBR] 222d6b2c6f0d0cf941277234fd436d0d
[BSP] b8e681ec20f3f51e484d81d4ade624cc : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 63 | Size: 22003 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 45062325 | Size: 152616 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 357623808 | Size: 435858 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_06192013_080427.txt >>



by the way.. that log file (was before the file which I posted in the previous post) in my desktop..
and sorry I forgot to mention that I uninstalled the MSE and kept ESET
please wait me till I finish the rest of the steps which you said

 

[malis2007]

Here is the rest.. :

~ Malwarebytes Anti-Rootkit ~

[LEFT]mbar-log-2013-06-19 (08-25-26) :[/LEFT]
[LEFT] [/LEFT]
Malwarebytes Anti-Rootkit BETA 1.06.0.1003
www.malwarebytes.org

Database version: v2013.06.19.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16618
ali :: S34N [administrator]

19/06/2013 08:25:26 AM
mbar-log-2013-06-19 (08-25-26).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: Deep Anti-Rootkit Scan | PUP
Objects scanned: 359034
Time elapsed: 1 hour(s), 20 minute(s), 46 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)


(end)

 

[malis2007]

~ Malwarebytes Anti-Rootkit ~

system-log :
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.0.1003

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16618

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.729000 GHz
Memory total: 6363312128, free: 4000727040

Downloaded database version: v2013.06.19.01
Downloaded database version: v2013.05.22.01
Initializing...
------------ Kernel report ------------
06/19/2013 08:25:14
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\DRIVERS\77962412.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\DRIVERS\vmci.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\vsock.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\AsDsm.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\epfwwfp.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\system32\DRIVERS\nvpciflt.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\eamonm.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\ehdrv.sys
C:\Program Files\ESET\ESET Smart Security\em006_64.dat
C:\Program Files\ESET\ESET Smart Security\em018_64.dat
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\EpfwLWF.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\Drivers\nvBridge.kmd
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\athrx.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\FLxHCIc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\ETD.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\kbfiltr.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\ATK64AMD.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\vmnetadapter.sys
\SystemRoot\system32\DRIVERS\VMNET.SYS
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\DRIVERS\FLxHCIh.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\snp2uvc.sys
\SystemRoot\system32\DRIVERS\STREAM.SYS
\SystemRoot\system32\DRIVERS\sncduvc.SYS
\SystemRoot\system32\drivers\btusbflt.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\drivers\BthEnum.sys
\SystemRoot\system32\DRIVERS\btwavdt.sys
\SystemRoot\system32\DRIVERS\btwl2cap.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\epfw.sys
C:\Program Files\ESET\ESET Smart Security\em008_64.dat
\SystemRoot\system32\DRIVERS\vmnetbridge.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\pnarp.sys
\SystemRoot\system32\DRIVERS\purendis.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\TurboB.sys
\??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\Windows\system32\drivers\hcmon.sys
\??\C:\Windows\system32\drivers\vmx86.sys
\SystemRoot\system32\DRIVERS\idmwfp.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\??\C:\Windows\system32\drivers\vmnetuserif.sys
\SystemRoot\SysWOW64\drivers\vstor2-mntapi10-shared.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\ATMFD.DLL
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa800671a060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa80063c9050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa800671a060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800671ab90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800671a060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80063c1710, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa80063c9050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: E0C5913D

Partition information:

Partition 0 type is Other (0x1c)
Partition is NOT ACTIVE.
Partition starts at LBA: 63 Numsec = 45062262

Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 45062325 Numsec = 312559569
Partition file system is NTFS
Partition is bootable

Partition 2 type is Extended with LBA (0xf)
Partition is NOT ACTIVE.
Partition starts at LBA: 357623808 Numsec = 892637184

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 640135028736 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-1250243728-1250263728)...
Done!
Scan finished
=======================================


Removal queue found; removal started
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_1_45062325_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
Removal finished

 

[malis2007]

And I did the scan only once.. because it said that my pc is clean.. :/

 

[Broni]

Create new restore point before proceeding with the next step....
How to:
- Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Never rename Combofix unless instructed.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  If the connection is not there use restore point you created prior to running Combofix.
• Double click on combofix.exe & follow the prompts.

• 
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

• Double-click on the Rkill desktop icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

 

[malis2007]

The ComboFix "log.txt" :

ComboFix 13-06-18.02 - ali 06/20/2013 7:57.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1256.20.1033.18.6069.4324 [GMT 2:00]
Running from: c:\users\ali\Desktop\ComboFix.exe
AV: ESET Smart Security 6.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET Personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 6.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\prefs.js
c:\program files (x86)\Common Files\Net4Switch.ico
c:\programdata\1346171032.bdinstall.bin
c:\programdata\1346171366.bdinstall.bin
c:\programdata\1346172620.bdinstall.bin
c:\programdata\1346285248.bdinstall.bin
c:\programdata\Safe
c:\programdata\Safe\zsinfo.dat
C:\RunDLL32.exe
c:\users\ali\AppData\Local\assembly\tmp
c:\windows\AsPatch10430001.exe
c:\windows\Debug\dcpromo.log
c:\windows\msvcr71.dll
c:\windows\SysWow64\d2d1debug1.dll
c:\windows\SysWow64\frapsvid.dll
c:\windows\SysWow64\wsodpdfcsini.dll
.
.
((((((((((((((((((((((((( Files Created from 2013-05-20 to 2013-06-20 )))))))))))))))))))))))))))))))
.
.
2019-10-09 08:40 . 2019-10-09 08:40--------d-----w-c:\users\ali\AppData\Roaming\Crypto Obfuscator For .Net v2012 R2
2013-06-20 06:26 . 2013-06-20 06:29--------d-----w-c:\users\ali\AppData\Local\temp
2013-06-20 06:26 . 2013-06-20 06:26--------d-----w-c:\users\DefaultAppPool\AppData\Local\temp
2013-06-20 06:26 . 2013-06-20 06:26--------d-----w-c:\users\Default\AppData\Local\temp
2013-06-20 06:26 . 2013-06-20 06:26--------d-----w-c:\users\Administrator\AppData\Local\temp
2013-06-20 02:25 . 2013-06-20 02:25--------d-----w-c:\users\ali\AppData\Roaming\vlc
2013-06-20 02:19 . 2012-08-21 11:0133240----a-w-c:\windows\system32\drivers\GEARAspiWDM.sys
2013-06-20 02:19 . 2013-06-20 02:19--------d-----w-c:\program files\iPod
2013-06-20 02:19 . 2013-06-20 02:19--------d-----w-c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-20 02:19 . 2013-06-20 02:19--------d-----w-c:\program files\iTunes
2013-06-20 02:19 . 2013-06-20 02:19--------d-----w-c:\program files (x86)\iTunes
2013-06-20 02:07 . 2013-06-20 02:07159744----a-w-c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2013-06-20 02:07 . 2013-06-20 02:07159744----a-w-c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2013-06-20 02:07 . 2013-06-20 02:07159744----a-w-c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2013-06-20 02:07 . 2013-06-20 02:07159744----a-w-c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2013-06-20 02:07 . 2013-06-20 02:07159744----a-w-c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2013-06-20 02:06 . 2013-06-20 02:07--------d-----w-c:\program files (x86)\QuickTime
2013-06-20 01:38 . 2012-08-21 11:01106928----a-w-c:\windows\SysWow64\GEARAspi.dll
2013-06-20 01:38 . 2012-08-21 11:01125872----a-w-c:\windows\system32\GEARAspi64.dll
2013-06-19 05:37 . 2013-06-19 05:37--------d-----w-c:\windows\en
2013-06-19 05:25 . 2013-02-05 20:0657840----a-w-c:\windows\system32\drivers\fssfltr.sys
2013-06-19 05:24 . 2013-06-19 05:25--------d-----w-c:\program files\Windows Live
2013-06-19 05:20 . 2013-06-19 05:205659096-c--a-w-c:\program files (x86)\Common Files\Windows Live\.cache\bf83f4131ce6cac09\skydrivesetup.exe
2013-06-19 05:19 . 2013-06-19 05:1994040-c--a-w-c:\program files (x86)\Common Files\Windows Live\.cache\874194501ce6cac07\DSETUP.dll
2013-06-19 05:19 . 2013-06-19 05:19525656-c--a-w-c:\program files (x86)\Common Files\Windows Live\.cache\874194501ce6cac07\DXSETUP.exe
2013-06-19 05:19 . 2013-06-19 05:191691480-c--a-w-c:\program files (x86)\Common Files\Windows Live\.cache\874194501ce6cac07\dsetup32.dll
2013-06-19 05:18 . 2013-06-19 05:1889944-c--a-w-c:\program files (x86)\Common Files\Windows Live\.cache\77d153b21ce6cac05\DSETUP.dll
2013-06-19 05:18 . 2013-06-19 05:18537432-c--a-w-c:\program files (x86)\Common Files\Windows Live\.cache\77d153b21ce6cac05\DXSETUP.exe
2013-06-19 05:18 . 2013-06-19 05:181801048-c--a-w-c:\program files (x86)\Common Files\Windows Live\.cache\77d153b21ce6cac05\dsetup32.dll
2013-06-19 05:17 . 2013-06-19 05:1789944-c--a-w-c:\program files (x86)\Common Files\Windows Live\.cache\3d445f181ce6cac01\DSETUP.dll
2013-06-19 05:17 . 2013-06-19 05:17537432-c--a-w-c:\program files (x86)\Common Files\Windows Live\.cache\3d445f181ce6cac01\DXSETUP.exe
2013-06-19 05:17 . 2013-06-19 05:171801048-c--a-w-c:\program files (x86)\Common Files\Windows Live\.cache\3d445f181ce6cac01\dsetup32.dll
2013-06-19 04:45 . 2013-06-19 04:45--------d-----w-c:\program files\Types
2013-06-19 00:45 . 2012-07-06 10:3067224----a-w-c:\windows\system32\vsocklib.dll
2013-06-19 00:45 . 2012-07-06 10:2963128----a-w-c:\windows\SysWow64\vsocklib.dll
2013-06-19 00:45 . 2012-07-06 10:2970256----a-w-c:\windows\system32\drivers\vsock.sys
2013-06-19 00:45 . 2012-08-15 13:1867224----a-w-c:\windows\system32\drivers\vmx86.sys
2013-06-19 00:44 . 2012-08-15 13:18357016----a-w-c:\windows\SysWow64\vmnetdhcp.exe
2013-06-19 00:44 . 2012-08-15 13:1830360----a-w-c:\windows\system32\drivers\vmnetuserif.sys
2013-06-19 00:44 . 2012-08-15 13:17435864----a-w-c:\windows\SysWow64\vmnat.exe
2013-06-19 00:44 . 2012-08-15 13:18933528----a-w-c:\windows\system32\vnetlib64.dll
2013-06-19 00:43 . 2012-08-01 15:1052376----a-w-c:\windows\system32\drivers\hcmon.sys
2013-06-19 00:43 . 2013-06-19 00:43--------d-----w-c:\program files\Common Files\VMware
2013-06-19 00:40 . 2013-06-19 00:40--------d-----w-c:\program files (x86)\Common Files\VMware
2013-06-18 14:06 . 2013-06-18 14:33--------d-----w-c:\program files (x86)\FileZilla Server
2013-06-18 08:13 . 2013-06-18 08:14--------d-----w-c:\program files\Red Gate
2013-06-16 01:02 . 2013-06-16 01:02--------d-----w-c:\users\ali\AppData\Local\VSIXInstaller
2013-06-13 12:48 . 2013-06-08 12:282706432----a-w-c:\windows\system32\mshtml.tlb
2013-06-13 12:48 . 2013-06-08 11:132706432----a-w-c:\windows\SysWow64\mshtml.tlb
2013-06-13 12:48 . 2013-06-08 14:08279040----a-w-c:\program files\Internet Explorer\sqmapi.dll
2013-06-13 12:48 . 2013-06-08 11:41218112----a-w-c:\program files (x86)\Internet Explorer\sqmapi.dll
2013-06-13 12:48 . 2013-06-08 14:081365504----a-w-c:\windows\system32\urlmon.dll
2013-06-13 12:48 . 2013-06-08 14:062648064----a-w-c:\windows\system32\iertutil.dll
2013-06-13 12:48 . 2013-06-08 14:06526336----a-w-c:\windows\system32\ieui.dll
2013-06-13 12:47 . 2013-06-08 14:0615404544----a-w-c:\windows\system32\ieframe.dll
2013-06-13 12:47 . 2013-06-08 14:0719233792----a-w-c:\windows\system32\mshtml.dll
2013-06-13 00:09 . 2013-05-08 06:391910632----a-w-c:\windows\system32\drivers\tcpip.sys
2013-06-13 00:04 . 2013-04-26 05:51751104----a-w-c:\windows\system32\win32spl.dll
2013-06-13 00:04 . 2013-04-26 04:55492544----a-w-c:\windows\SysWow64\win32spl.dll
2013-06-12 23:53 . 2013-04-25 23:301505280----a-w-c:\windows\SysWow64\d3d11.dll
2013-06-12 23:53 . 2013-03-31 22:521887232----a-w-c:\windows\system32\d3d11.dll
2013-06-11 16:44 . 2013-06-11 16:44--------d-----w-c:\program files (x86)\Common Files\PCSuite
2013-06-11 16:43 . 2013-06-11 16:43--------d-----w-c:\program files (x86)\Common Files\Nokia
2013-06-11 16:43 . 2008-08-28 09:4425600----a-w-c:\windows\system32\drivers\pccsmcfdx64.sys
2013-06-11 16:42 . 2013-06-11 16:42--------d-----w-c:\program files (x86)\PC Connectivity Solution
2013-06-11 16:40 . 2013-06-11 16:43--------d-----w-c:\program files (x86)\Nokia
2013-06-11 14:30 . 2013-06-19 07:50--------d-----w-c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-06-10 19:10 . 2013-06-10 19:10--------d-----w-c:\users\ali\AppData\Local\Brice_Lambson
2013-06-10 19:08 . 2013-06-10 19:08--------d-----w-c:\program files\Image Resizer for Windows
2013-06-10 19:08 . 2013-06-10 19:08--------d-----w-c:\program files (x86)\Image Resizer for Windows
2013-06-10 17:47 . 2004-08-03 22:56438272----a-w-C:\shimgvw.dll
2013-06-07 21:15 . 2013-06-07 21:15--------d-----w-C:\RegBackup
2013-06-07 20:57 . 2013-06-07 20:58--------d-----w-c:\program files (x86)\Malwarebytes' Anti-Malware
2013-06-07 20:57 . 2013-04-04 12:5025928----a-w-c:\windows\system32\drivers\mbam.sys
2013-06-07 19:11 . 2013-06-07 19:11--------d-----w-c:\program files (x86)\Common Files\Java
2013-06-07 19:11 . 2013-06-07 19:1095648----a-w-c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-07 19:10 . 2013-06-07 19:10--------d-----w-c:\program files (x86)\Java
2013-06-07 18:55 . 2013-06-07 18:55--------d-----w-c:\program files (x86)\MeteorEntertainment
2013-06-06 02:55 . 2013-06-06 02:55--------d-----w-c:\users\Default\AppData\Local\Microsoft Help
2013-06-06 00:33 . 2013-06-06 02:54--------d-----w-c:\program files (x86)\Microsoft Works
2013-06-06 00:31 . 2013-06-06 00:31--------d-----w-c:\program files\Microsoft Office
2013-06-06 00:30 . 2013-06-06 00:30--------d-----r-C:\MSOCache
2013-06-05 11:49 . 2013-06-05 11:49--------d-----w-c:\users\ali\AppData\Roaming\NuGet
2013-06-03 13:52 . 2013-06-03 13:52--------d-----w-c:\program files (x86)\Common Files\Skype
2013-06-03 11:39 . 2013-06-03 11:39--------d-----w-c:\program files (x86)\Microsoft Web Tools
2013-06-02 18:24 . 2013-06-02 18:24--------d-----w-c:\program files\Microsoft Synchronization Services
2013-06-02 18:24 . 2013-06-02 18:24--------d-----w-c:\program files (x86)\Microsoft Synchronization Services
2013-06-02 18:22 . 2013-06-02 18:22--------d-----w-c:\program files\Microsoft Visual Studio 10.0
2013-05-31 19:30 . 2013-05-31 19:30--------d-----w-c:\users\ali\AppData\Roaming\Microsoft FxCop
2013-05-30 19:34 . 2013-05-30 19:34--------d-----w-c:\programdata\Microsoft Visual Studio
2013-05-30 11:34 . 2013-05-30 11:34--------d-----w-c:\program files (x86)\Windows Sidebar
2013-05-30 11:23 . 2013-06-12 21:14181064----a-w-c:\windows\PSEXESVC.EXE
2013-05-29 13:28 . 2013-06-02 18:24--------d-----w-c:\program files\Microsoft SQL Server Compact Edition
2013-05-29 13:16 . 2013-05-29 13:16--------d-----w-c:\program files\Application Verifier
2013-05-29 13:16 . 2013-05-29 13:16--------d-----w-c:\program files (x86)\Application Verifier
2013-05-29 13:14 . 2013-06-03 12:34--------d-----w-c:\programdata\Windows App Certification Kit
2013-05-29 13:00 . 2013-05-29 13:00--------d-----w-c:\program files (x86)\Common Files\Microsoft
2013-05-29 12:31 . 2013-05-29 12:36--------d-----w-c:\program files (x86)\Microsoft ASP.NET
2013-05-29 12:28 . 2013-05-29 12:28--------d-----w-c:\program files\Microsoft
2013-05-29 12:28 . 2013-05-29 12:28--------d-----w-c:\program files\IIS Express
2013-05-29 12:28 . 2013-05-29 12:28--------d-----w-c:\program files (x86)\IIS Express
2013-05-29 12:26 . 2013-05-29 12:26--------d-----w-c:\program files (x86)\NuGet
2013-05-29 12:20 . 2013-05-29 12:20--------d-----w-c:\program files (x86)\Microsoft WCF Data Services
2013-05-29 12:20 . 2013-05-29 12:20--------d-----w-c:\program files\IIS
2013-05-29 12:20 . 2013-05-29 12:20--------d-----w-c:\program files (x86)\IIS
2013-05-29 12:02 . 2013-05-29 12:02--------d-----w-c:\program files (x86)\Windows Kits
2013-05-29 11:24 . 2013-05-29 11:24--------d-----w-c:\program files (x86)\HTML Help Workshop
2013-05-29 11:23 . 2013-05-29 11:23--------d-----w-c:\program files (x86)\Microsoft Help Viewer
2013-05-29 11:06 . 2013-05-29 11:35--------d-----w-c:\windows\SysWow64\1033
2013-05-29 10:31 . 2013-06-03 13:26--------d-----w-c:\program files (x86)\Common Files\Merge Modules
2013-05-29 10:27 . 2013-05-29 10:27--------d-----w-c:\users\ali\AppData\Roaming\ImTOO
2013-05-29 10:26 . 2013-05-29 10:26--------d-----w-c:\programdata\ImTOO
2013-05-29 10:26 . 2013-05-29 10:26--------d-----w-c:\program files (x86)\ImTOO
2013-05-29 10:23 . 2013-05-29 13:46--------d-----w-c:\program files (x86)\Microsoft Visual Studio 11.0
2013-05-29 10:23 . 2013-05-29 11:06--------d-----w-c:\windows\system32\1033
2013-05-29 10:23 . 2013-05-29 10:23--------d-----w-c:\windows\symbols
2013-05-29 10:23 . 2013-06-03 13:28--------d-----w-c:\program files (x86)\Microsoft SDKs
2013-05-29 10:23 . 2013-05-29 10:23--------d-----w-c:\program files\Microsoft Visual Studio 11.0
2013-05-29 10:05 . 2013-06-10 19:07--------d-----w-c:\programdata\Package Cache
2013-05-29 10:05 . 2013-05-29 10:05--------d-----w-c:\programdata\regid.1991-06.com.microsoft
2013-05-26 13:12 . 2013-05-26 13:12--------d-----w-C:\Evolution Games
2013-05-26 12:39 . 2013-06-19 05:11--------d-----w-c:\program files (x86)\Absolute Uninstaller
2013-05-26 12:39 . 2013-06-19 05:09--------d-----w-c:\users\ali\AppData\Roaming\GlarySoft
2013-05-26 10:52 . 2013-05-26 10:52--------d-----w-c:\users\UpdatusUser
2013-05-26 00:14 . 2013-05-26 00:14--------d-----w-c:\windows\CheckSur
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-13 01:03 . 2011-02-04 17:0575825640----a-w-c:\windows\system32\MRT.exe
2013-06-07 19:10 . 2013-03-01 08:35866720----a-w-c:\windows\SysWow64\npDeployJava1.dll
2013-06-07 19:10 . 2012-03-14 18:52788896----a-w-c:\windows\SysWow64\deployJava1.dll
2013-05-14 10:54 . 2013-05-14 10:54421888----a-w-c:\windows\SysWow64\RealMediaSplitter.ax
2013-05-02 00:06 . 2011-02-04 15:49278800------w-c:\windows\system32\MpSigStub.exe
2013-05-01 01:59 . 2013-05-01 01:5994208----a-w-c:\windows\SysWow64\QuickTimeVR.qtx
2013-05-01 01:59 . 2013-05-01 01:5969632----a-w-c:\windows\SysWow64\QuickTime.qts
2013-04-13 05:49 . 2013-05-25 23:25135168----a-w-c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-25 23:25350208----a-w-c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-25 23:25308736----a-w-c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-25 23:25111104----a-w-c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-25 23:25474624----a-w-c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-25 23:252176512----a-w-c:\windows\apppatch\AcGenral.dll
2013-04-08 11:32 . 2013-04-08 11:3225256224----a-w-c:\windows\system32\nvcompiler.dll
2013-04-08 11:32 . 2013-04-08 11:327935352----a-w-c:\windows\SysWow64\nvcuda.dll
2013-04-08 11:32 . 2013-04-08 11:322722592----a-w-c:\windows\SysWow64\nvcuvid.dll
2013-04-08 11:32 . 2013-04-08 11:321988384----a-w-c:\windows\SysWow64\nvcuvenc.dll
2013-04-08 11:32 . 2013-04-08 11:3218061328----a-w-c:\windows\system32\nvd3dumx.dll
2013-04-08 11:32 . 2013-04-08 11:3211077920----a-w-c:\windows\system32\drivers\nvlddmkm.sys
2013-04-08 11:32 . 2010-08-16 13:492833232----a-w-c:\windows\system32\nvapi64.dll
2013-04-08 11:32 . 2010-08-16 13:4915054288----a-w-c:\windows\system32\nvwgf2umx.dll
2013-04-08 11:32 . 2013-04-08 11:3220458784----a-w-c:\windows\SysWow64\nvoglv32.dll
2013-04-08 11:32 . 2013-04-08 11:3226938656----a-w-c:\windows\system32\nvoglv64.dll
2013-04-08 11:32 . 2013-04-08 11:326264680----a-w-c:\windows\SysWow64\nvopencl.dll
2013-04-08 11:32 . 2013-04-08 11:3212642504----a-w-c:\windows\SysWow64\nvwgf2um.dll
2013-04-08 11:32 . 2013-04-08 11:329393344----a-w-c:\windows\system32\nvcuda.dll
2013-04-08 11:32 . 2010-08-16 13:4915135104----a-w-c:\windows\SysWow64\nvd3dum.dll
2013-04-08 11:32 . 2013-04-08 11:327567136----a-w-c:\windows\system32\nvopencl.dll
2013-04-08 11:32 . 2013-04-08 11:321510176----a-w-c:\windows\system32\nvdispgenco64.dll
2013-04-08 11:32 . 2013-04-08 11:322512336----a-w-c:\windows\SysWow64\nvapi.dll
2013-04-08 11:32 . 2013-04-08 11:321814304----a-w-c:\windows\system32\nvdispco64.dll
2013-04-08 11:32 . 2013-04-08 11:3217560352----a-w-c:\windows\SysWow64\nvcompiler.dll
2013-04-08 11:32 . 2013-04-08 11:322906912----a-w-c:\windows\system32\nvcuvid.dll
2013-04-08 11:32 . 2013-04-08 11:322347296----a-w-c:\windows\system32\nvcuvenc.dll
2013-04-05 00:00 . 2013-04-05 00:00185344----a-w-c:\windows\SysWow64\elshyph.dll
2013-04-05 00:00 . 2013-04-05 00:001054720----a-w-c:\windows\system32\MsSpellCheckingFacility.exe
2013-04-05 00:00 . 2013-04-05 00:00226304----a-w-c:\windows\system32\elshyph.dll
2013-04-05 00:00 . 2013-04-05 00:00158720----a-w-c:\windows\SysWow64\msls31.dll
2013-04-05 00:00 . 2013-04-05 00:00719360----a-w-c:\windows\SysWow64\mshtmlmedia.dll
2013-04-05 00:00 . 2013-04-05 00:00150528----a-w-c:\windows\SysWow64\iexpress.exe
2013-04-05 00:00 . 2013-04-05 00:00138752----a-w-c:\windows\SysWow64\wextract.exe
2013-04-04 23:59 . 2013-04-04 23:59523264----a-w-c:\windows\SysWow64\vbscript.dll
2013-04-04 23:59 . 2013-04-04 23:5938400----a-w-c:\windows\SysWow64\imgutil.dll
2013-04-04 23:59 . 2013-04-04 23:59137216----a-w-c:\windows\SysWow64\ieUnatt.exe
2013-04-04 23:59 . 2013-04-04 23:5912800----a-w-c:\windows\SysWow64\mshta.exe
2013-04-04 23:59 . 2013-04-04 23:5973728----a-w-c:\windows\SysWow64\SetIEInstalledDate.exe
2013-04-04 23:59 . 2013-04-04 23:5948640----a-w-c:\windows\SysWow64\mshtmler.dll
2013-04-04 23:59 . 2013-04-04 23:59110592----a-w-c:\windows\SysWow64\IEAdvpack.dll
2013-04-04 23:59 . 2013-04-04 23:5961952----a-w-c:\windows\SysWow64\tdc.ocx
2013-04-04 23:59 . 2013-04-04 23:59361984----a-w-c:\windows\SysWow64\html.iec
2013-04-04 23:59 . 2013-04-04 23:591441280----a-w-c:\windows\SysWow64\inetcpl.cpl
2013-04-04 23:59 . 2013-04-04 23:5923040----a-w-c:\windows\SysWow64\licmgr10.dll
2013-04-04 23:59 . 2013-04-04 23:59441856----a-w-c:\windows\system32\html.iec
2013-04-04 23:59 . 2013-04-04 23:59216064----a-w-c:\windows\system32\msls31.dll
2013-04-04 23:59 . 2013-04-04 23:59197120----a-w-c:\windows\system32\msrating.dll
2013-04-04 23:59 . 2013-04-04 23:59905728----a-w-c:\windows\system32\mshtmlmedia.dll
2013-04-04 23:59 . 2013-04-04 23:5981408----a-w-c:\windows\system32\icardie.dll
2013-04-04 23:59 . 2013-04-04 23:59762368----a-w-c:\windows\system32\ieapfltr.dll
2013-04-04 23:59 . 2013-04-04 23:59452096----a-w-c:\windows\system32\dxtmsft.dll
2013-04-04 23:59 . 2013-04-04 23:59281600----a-w-c:\windows\system32\dxtrans.dll
2013-04-04 23:59 . 2013-04-04 23:5927648----a-w-c:\windows\system32\licmgr10.dll
2013-04-04 23:59 . 2013-04-04 23:59270848----a-w-c:\windows\system32\iedkcs32.dll
2013-04-04 23:59 . 2013-04-04 23:59247296----a-w-c:\windows\system32\webcheck.dll
2013-04-04 23:59 . 2013-04-04 23:59235008----a-w-c:\windows\system32\url.dll
2013-04-04 23:59 . 2013-04-04 23:591509376----a-w-c:\windows\system32\inetcpl.cpl
2013-04-04 23:59 . 2013-04-04 23:591400416----a-w-c:\windows\system32\ieapfltr.dat
2013-04-04 23:59 . 2013-04-04 23:5997280----a-w-c:\windows\system32\mshtmled.dll
2013-04-04 23:59 . 2013-04-04 23:59599552----a-w-c:\windows\system32\vbscript.dll
2013-04-04 23:59 . 2013-04-04 23:59167424----a-w-c:\windows\system32\iexpress.exe
2013-04-04 23:59 . 2013-04-04 23:59144896----a-w-c:\windows\system32\wextract.exe
2013-04-04 23:59 . 2013-04-04 23:59102912----a-w-c:\windows\system32\inseng.dll
2013-04-04 23:59 . 2013-04-04 23:5962976----a-w-c:\windows\system32\pngfilt.dll
2013-04-04 23:59 . 2013-04-04 23:59173568----a-w-c:\windows\system32\ieUnatt.exe
2013-04-04 23:59 . 2013-04-04 23:59149504----a-w-c:\windows\system32\occache.dll
2013-04-04 23:59 . 2013-04-04 23:5952224----a-w-c:\windows\system32\msfeedsbs.dll
2013-04-04 23:59 . 2013-04-04 23:5951200----a-w-c:\windows\system32\imgutil.dll
2013-04-04 23:59 . 2013-04-04 23:5913824----a-w-c:\windows\system32\mshta.exe
2013-04-04 23:59 . 2013-04-04 23:59136192----a-w-c:\windows\system32\iepeers.dll
2013-04-04 23:59 . 2013-04-04 23:5912800----a-w-c:\windows\system32\msfeedssync.exe
2013-04-04 23:59 . 2013-04-04 23:5992160----a-w-c:\windows\system32\SetIEInstalledDate.exe
2013-04-04 23:59 . 2013-04-04 23:5948640----a-w-c:\windows\system32\mshtmler.dll
2013-04-04 23:59 . 2013-04-04 23:59135680----a-w-c:\windows\system32\IEAdvpack.dll
2013-04-04 23:59 . 2013-04-04 23:5977312----a-w-c:\windows\system32\tdc.ocx
2013-03-25 12:34 . 2013-03-25 12:3221404927----a-w-c:\windows\REGBK00.ZIP
2013-03-25 12:28 . 2013-03-25 12:28350160----a-w-c:\windows\system32\drivers\trufos.sys
2013-03-25 12:27 . 2013-03-25 12:27632064----a-w-c:\windows\SysWow64\msvcr80.dll
2013-03-25 12:27 . 2013-03-25 12:27554240----a-w-c:\windows\SysWow64\msvcp80.dll
2013-03-25 12:27 . 2013-03-25 12:27572928----a-w-c:\windows\SysWow64\msvcp90.dll
2013-03-25 12:27 . 2013-03-25 12:27655872----a-w-c:\windows\SysWow64\msvcr90.dll
2013-03-25 12:27 . 2013-03-25 12:2734048----a-w-c:\windows\SysWow64\eEmpty.exe
2013-03-25 11:14 . 2012-07-23 00:19963488----a-w-c:\windows\system32\deployJava1.dll
2013-03-25 11:14 . 2012-07-23 00:191085344----a-w-c:\windows\system32\npDeployJava1.dll
2013-03-25 10:58 . 2012-04-06 01:12693976----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-25 10:58 . 2011-06-05 13:1873432----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-15 09:20 . 2012-08-15 09:202174976----a-w-c:\program files (x86)\Common Files\atimpenc.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-06-19 05:20220632----a-w-c:\users\ali\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-06-19 05:20220632----a-w-c:\users\ali\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-06-19 05:20220632----a-w-c:\users\ali\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 15:08143360----a-w-c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32129272----a-w-c:\users\ali\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32129272----a-w-c:\users\ali\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32129272----a-w-c:\users\ali\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32129272----a-w-c:\users\ali\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2013-03-01 3573624]
"VistaSwitcher"="c:\program files\VistaSwitcher\vswitch64.exe" [2012-05-12 233088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"vmware-tray.exe"="c:\program files (x86)\VMware\VMware Workstation\vmware-tray.exe" [2012-08-15 104088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer9"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
R0 ysyfer;ysyfer; [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 ANTS Memory Profiler 7 Service;ANTS Memory Profiler 7 Service;c:\program files\Red Gate\ANTS Memory Profiler 7\RedGate.Memory.IISService.exe;c:\program files\Red Gate\ANTS Memory Profiler 7\RedGate.Memory.IISService.exe [x]
R3 ANTS Performance Profiler 8 Service;ANTS Performance Profiler 8 Service;c:\program files\Red Gate\ANTS Performance Profiler 8\RedGate.Profiler.IISService.exe;c:\program files\Red Gate\ANTS Performance Profiler 8\RedGate.Profiler.IISService.exe [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys;c:\windows\SYSNATIVE\drivers\hitmanpro37.sys [x]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\645E.tmp;c:\windows\SYSNATIVE\645E.tmp [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
R3 ST330;ST330;c:\windows\system32\DRIVERS\st330.sys;c:\windows\SYSNATIVE\DRIVERS\st330.sys [x]
R3 STBUS;STBUS;c:\windows\system32\DRIVERS\stbus.sys;c:\windows\SYSNATIVE\DRIVERS\stbus.sys [x]
R3 STETH;SpeedTouch Ethernet Adapter NT Driver;c:\windows\system32\DRIVERS\steth.sys;c:\windows\SYSNATIVE\DRIVERS\steth.sys [x]
R3 stppp;Speedtouch PPP Adapter Adapter;c:\windows\system32\DRIVERS\stppp.sys;c:\windows\SYSNATIVE\DRIVERS\stppp.sys [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
R3 Te.Service;Te.Service;c:\program files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe;c:\program files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys;c:\windows\SYSNATIVE\Drivers\VBoxUSB.sys [x]
R3 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [x]
R3 VMwareHostd;VMware Workstation Server;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [x]
R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0105.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]
S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys;c:\windows\SYSNATIVE\drivers\vsock.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi10-shared.sys;SysWOW64\drivers\vstor2-mntapi10-shared.sys [x]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys;c:\windows\SYSNATIVE\drivers\btusbflt.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys;c:\windows\SYSNATIVE\DRIVERS\FLxHCIc.sys [x]
S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys;c:\windows\SYSNATIVE\DRIVERS\FLxHCIh.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-07 20:251165776----a-w-c:\program files (x86)\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 10:37]
.
2012-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-20 07:31]
.
2012-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-20 07:31]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-06-19 05:20244696----a-w-c:\users\ali\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-06-19 05:20244696----a-w-c:\users\ali\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-06-19 05:20244696----a-w-c:\users\ali\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 14:52159744----a-w-c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2011-05-25 07:09227840----a-w-c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2011-05-25 07:09227840----a-w-c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32162552----a-w-c:\users\ali\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32162552----a-w-c:\users\ali\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32162552----a-w-c:\users\ali\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32162552----a-w-c:\users\ali\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-11-15 23:0723496----a-w-c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2013-03-21 6330568]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ye1.org/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: ت&صدير إلى Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 41.128.225.225 41.128.225.226
TCP: Interfaces\{1DF79A7C-6F29-4AAF-B4FD-772F63ACE586}: NameServer = 208.67.222.123,208.67.220.123,192.168.1.1
TCP: Interfaces\{1DF79A7C-6F29-4AAF-B4FD-772F63ACE586}\C696E6B6379737: NameServer = 208.67.222.123,208.67.220.123,192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\645E.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\windows\SysWOW64\WerFault.exe
.
**************************************************************************
.
Completion time: 2013-06-20 08:41:05 - machine was rebooted
ComboFix-quarantined-files.txt 2013-06-20 06:41
.
Pre-Run: 34,262,802,432 bytes free
Post-Run: 33,734,578,176 bytes free
.
- - End Of File - - 0C7365740FF44BAF68DCD1A1FF6B7734

D41D8CD98F00B204E9800998ECF8427E

 

[malis2007]

Oh .., sorry.., I forgot to mention that my laptop is from ASUS :/

 

[Broni]

1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Driver::
ysyfer

ClearJavaCache::

3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt

 

[malis2007]

By the way.. When I Drag and dropped that CFScript into ComboFix.. like how you showed me in the picture.. Combofix started loading its files.. then ASKED me if I want to update or not.. I Clicked yes(sure) like what you said before in your previous post.. but then.. after it has been updated.. combofix started again and popped up the window which has the "agree" button in it.. then combofix started a cmd window again like the first time I ran it.. with the " Completed Stag 1" to 50.. is WHAT I did was right? :/
if no.. then what shall I do now?!
I just think that it started again with out the drag and dropped file.. :/
so.. shall I re-drag and drop the file again..?
Here is the (ComboFix Log) anyway.. :

ComboFix 13-06-21.01 - ali 06/21/2013 7:13.2.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1256.20.1033.18.6069.4307 [GMT 2:00]
Running from: c:\users\ali\Desktop\ComboFix.exe
Command switches used :: c:\users\ali\Desktop\CFScript.txt
AV: ESET Smart Security 6.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET Personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 6.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_ysyfer
.
.
((((((((((((((((((((((((( Files Created from 2013-05-21 to 2013-06-21 )))))))))))))))))))))))))))))))
.
.
2019-10-09 08:40 . 2019-10-09 08:40--------d-----w-c:\users\ali\AppData\Roaming\Crypto Obfuscator For .Net v2012 R2
2013-06-21 06:05 . 2013-06-21 06:08--------d-----w-c:\users\ali\AppData\Local\temp
2013-06-21 06:05 . 2013-06-21 06:05--------d-----w-c:\windows\system32\config\systemprofile\AppData\Local\temp
2013-06-21 06:05 . 2013-06-21 06:05--------d-----w-c:\users\S34N\AppData\Local\temp
2013-06-21 06:05 . 2013-06-21 06:05--------d-----w-c:\users\DefaultAppPool\AppData\Local\temp
2013-06-21 06:05 . 2013-06-21 06:05--------d-----w-c:\users\Default\AppData\Local\temp
2013-06-21 06:05 . 2013-06-21 06:05--------d-----w-c:\users\Administrator\AppData\Local\temp
2013-06-20 09:35 . 2013-06-20 09:35--------d-----w-c:\users\ali\AppData\Local\NVIDIA
2013-06-20 07:05 . 2013-06-20 07:13--------d-----w-c:\windows\gif
2013-06-20 02:25 . 2013-06-20 09:54--------d-----w-c:\users\ali\AppData\Roaming\vlc
2013-06-20 02:19 . 2012-08-21 11:0133240----a-w-c:\windows\system32\drivers\GEARAspiWDM.sys
2013-06-20 02:19 . 2013-06-20 02:19--------d-----w-c:\program files\iPod
2013-06-20 02:19 . 2013-06-20 02:19--------d-----w-c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-06-20 02:19 . 2013-06-20 02:19--------d-----w-c:\program files\iTunes
2013-06-20 02:19 . 2013-06-20 02:19--------d-----w-c:\program files (x86)\iTunes
2013-06-20 02:07 . 2013-06-20 02:07159744----a-w-c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2013-06-20 02:07 . 2013-06-20 02:07159744----a-w-c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2013-06-20 02:07 . 2013-06-20 02:07159744----a-w-c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2013-06-20 02:07 . 2013-06-20 02:07159744----a-w-c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2013-06-20 02:07 . 2013-06-20 02:07159744----a-w-c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2013-06-20 02:06 . 2013-06-20 02:07--------d-----w-c:\program files (x86)\QuickTime
2013-06-20 01:38 . 2012-08-21 11:01106928----a-w-c:\windows\SysWow64\GEARAspi.dll
2013-06-20 01:38 . 2012-08-21 11:01125872----a-w-c:\windows\system32\GEARAspi64.dll
2013-06-19 05:37 . 2013-06-19 05:37--------d-----w-c:\windows\en
2013-06-19 05:25 . 2013-02-05 20:0657840----a-w-c:\windows\system32\drivers\fssfltr.sys
2013-06-19 05:24 . 2013-06-19 05:25--------d-----w-c:\program files\Windows Live
2013-06-19 05:20 . 2013-06-19 05:205659096-c--a-w-c:\program files (x86)\Common Files\Windows Live\.cache\bf83f4131ce6cac09\skydrivesetup.exe
2013-06-19 05:19 . 2013-06-19 05:1994040-c--a-w-c:\program files (x86)\Common Files\Windows Live\.cache\874194501ce6cac07\DSETUP.dll
2013-06-19 05:19 . 2013-06-19 05:19525656-c--a-w-c:\program files (x86)\Common Files\Windows Live\.cache\874194501ce6cac07\DXSETUP.exe
2013-06-19 05:19 . 2013-06-19 05:191691480-c--a-w-c:\program files (x86)\Common Files\Windows Live\.cache\874194501ce6cac07\dsetup32.dll
2013-06-19 05:18 . 2013-06-19 05:1889944-c--a-w-c:\program files (x86)\Common Files\Windows Live\.cache\77d153b21ce6cac05\DSETUP.dll
2013-06-19 05:18 . 2013-06-19 05:18537432-c--a-w-c:\program files (x86)\Common Files\Windows Live\.cache\77d153b21ce6cac05\DXSETUP.exe
2013-06-19 05:18 . 2013-06-19 05:181801048-c--a-w-c:\program files (x86)\Common Files\Windows Live\.cache\77d153b21ce6cac05\dsetup32.dll
2013-06-19 05:17 . 2013-06-19 05:1789944-c--a-w-c:\program files (x86)\Common Files\Windows Live\.cache\3d445f181ce6cac01\DSETUP.dll
2013-06-19 05:17 . 2013-06-19 05:17537432-c--a-w-c:\program files (x86)\Common Files\Windows Live\.cache\3d445f181ce6cac01\DXSETUP.exe
2013-06-19 05:17 . 2013-06-19 05:171801048-c--a-w-c:\program files (x86)\Common Files\Windows Live\.cache\3d445f181ce6cac01\dsetup32.dll
2013-06-19 04:45 . 2013-06-19 04:45--------d-----w-c:\program files\Types
2013-06-19 00:45 . 2012-07-06 10:3067224----a-w-c:\windows\system32\vsocklib.dll
2013-06-19 00:45 . 2012-07-06 10:2963128----a-w-c:\windows\SysWow64\vsocklib.dll
2013-06-19 00:45 . 2012-07-06 10:2970256----a-w-c:\windows\system32\drivers\vsock.sys
2013-06-19 00:45 . 2012-08-15 13:1867224----a-w-c:\windows\system32\drivers\vmx86.sys
2013-06-19 00:44 . 2012-08-15 13:18357016----a-w-c:\windows\SysWow64\vmnetdhcp.exe
2013-06-19 00:44 . 2012-08-15 13:1830360----a-w-c:\windows\system32\drivers\vmnetuserif.sys
2013-06-19 00:44 . 2012-08-15 13:17435864----a-w-c:\windows\SysWow64\vmnat.exe
2013-06-19 00:44 . 2012-08-15 13:18933528----a-w-c:\windows\system32\vnetlib64.dll
2013-06-19 00:43 . 2012-08-01 15:1052376----a-w-c:\windows\system32\drivers\hcmon.sys
2013-06-19 00:43 . 2013-06-19 00:43--------d-----w-c:\program files\Common Files\VMware
2013-06-19 00:40 . 2013-06-19 00:40--------d-----w-c:\program files (x86)\Common Files\VMware
2013-06-18 14:06 . 2013-06-18 14:33--------d-----w-c:\program files (x86)\FileZilla Server
2013-06-18 08:13 . 2013-06-18 08:14--------d-----w-c:\program files\Red Gate
2013-06-16 01:02 . 2013-06-16 01:02--------d-----w-c:\users\ali\AppData\Local\VSIXInstaller
2013-06-13 12:48 . 2013-06-08 12:282706432----a-w-c:\windows\system32\mshtml.tlb
2013-06-13 12:48 . 2013-06-08 11:132706432----a-w-c:\windows\SysWow64\mshtml.tlb
2013-06-13 12:48 . 2013-06-08 14:08279040----a-w-c:\program files\Internet Explorer\sqmapi.dll
2013-06-13 12:48 . 2013-06-08 11:41218112----a-w-c:\program files (x86)\Internet Explorer\sqmapi.dll
2013-06-13 12:48 . 2013-06-08 14:081365504----a-w-c:\windows\system32\urlmon.dll
2013-06-13 12:48 . 2013-06-08 14:062648064----a-w-c:\windows\system32\iertutil.dll
2013-06-13 12:48 . 2013-06-08 14:06526336----a-w-c:\windows\system32\ieui.dll
2013-06-13 12:47 . 2013-06-08 14:0615404544----a-w-c:\windows\system32\ieframe.dll
2013-06-13 12:47 . 2013-06-08 14:0719233792----a-w-c:\windows\system32\mshtml.dll
2013-06-13 00:09 . 2013-05-08 06:391910632----a-w-c:\windows\system32\drivers\tcpip.sys
2013-06-13 00:04 . 2013-04-26 05:51751104----a-w-c:\windows\system32\win32spl.dll
2013-06-13 00:04 . 2013-04-26 04:55492544----a-w-c:\windows\SysWow64\win32spl.dll
2013-06-12 23:53 . 2013-04-25 23:301505280----a-w-c:\windows\SysWow64\d3d11.dll
2013-06-12 23:53 . 2013-03-31 22:521887232----a-w-c:\windows\system32\d3d11.dll
2013-06-11 16:44 . 2013-06-11 16:44--------d-----w-c:\program files (x86)\Common Files\PCSuite
2013-06-11 16:43 . 2013-06-11 16:43--------d-----w-c:\program files (x86)\Common Files\Nokia
2013-06-11 16:43 . 2008-08-28 09:4425600----a-w-c:\windows\system32\drivers\pccsmcfdx64.sys
2013-06-11 16:42 . 2013-06-11 16:42--------d-----w-c:\program files (x86)\PC Connectivity Solution
2013-06-11 16:40 . 2013-06-11 16:43--------d-----w-c:\program files (x86)\Nokia
2013-06-11 14:30 . 2013-06-19 07:50--------d-----w-c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-06-10 19:10 . 2013-06-10 19:10--------d-----w-c:\users\ali\AppData\Local\Brice_Lambson
2013-06-10 19:08 . 2013-06-10 19:08--------d-----w-c:\program files\Image Resizer for Windows
2013-06-10 19:08 . 2013-06-10 19:08--------d-----w-c:\program files (x86)\Image Resizer for Windows
2013-06-10 17:47 . 2004-08-03 22:56438272----a-w-C:\shimgvw.dll
2013-06-07 21:15 . 2013-06-07 21:15--------d-----w-C:\RegBackup
2013-06-07 20:57 . 2013-06-07 20:58--------d-----w-c:\program files (x86)\Malwarebytes' Anti-Malware
2013-06-07 20:57 . 2013-04-04 12:5025928----a-w-c:\windows\system32\drivers\mbam.sys
2013-06-07 19:11 . 2013-06-07 19:11--------d-----w-c:\program files (x86)\Common Files\Java
2013-06-07 19:11 . 2013-06-07 19:1095648----a-w-c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-07 19:10 . 2013-06-07 19:10--------d-----w-c:\program files (x86)\Java
2013-06-07 18:55 . 2013-06-07 18:55--------d-----w-c:\program files (x86)\MeteorEntertainment
2013-06-06 02:55 . 2013-06-06 02:55--------d-----w-c:\users\Default\AppData\Local\Microsoft Help
2013-06-06 00:33 . 2013-06-06 02:54--------d-----w-c:\program files (x86)\Microsoft Works
2013-06-06 00:31 . 2013-06-06 00:31--------d-----w-c:\program files\Microsoft Office
2013-06-06 00:30 . 2013-06-06 00:30--------d-----r-C:\MSOCache
2013-06-05 11:49 . 2013-06-05 11:49--------d-----w-c:\users\ali\AppData\Roaming\NuGet
2013-06-03 13:52 . 2013-06-03 13:52--------d-----w-c:\program files (x86)\Common Files\Skype
2013-06-03 11:39 . 2013-06-03 11:39--------d-----w-c:\program files (x86)\Microsoft Web Tools
2013-06-02 18:24 . 2013-06-02 18:24--------d-----w-c:\program files\Microsoft Synchronization Services
2013-06-02 18:24 . 2013-06-02 18:24--------d-----w-c:\program files (x86)\Microsoft Synchronization Services
2013-06-02 18:22 . 2013-06-02 18:22--------d-----w-c:\program files\Microsoft Visual Studio 10.0
2013-05-31 19:30 . 2013-05-31 19:30--------d-----w-c:\users\ali\AppData\Roaming\Microsoft FxCop
2013-05-30 19:34 . 2013-05-30 19:34--------d-----w-c:\programdata\Microsoft Visual Studio
2013-05-30 11:34 . 2013-05-30 11:34--------d-----w-c:\program files (x86)\Windows Sidebar
2013-05-30 11:23 . 2013-06-12 21:14181064----a-w-c:\windows\PSEXESVC.EXE
2013-05-29 13:28 . 2013-06-02 18:24--------d-----w-c:\program files\Microsoft SQL Server Compact Edition
2013-05-29 13:16 . 2013-05-29 13:16--------d-----w-c:\program files\Application Verifier
2013-05-29 13:16 . 2013-05-29 13:16--------d-----w-c:\program files (x86)\Application Verifier
2013-05-29 13:14 . 2013-06-03 12:34--------d-----w-c:\programdata\Windows App Certification Kit
2013-05-29 13:00 . 2013-05-29 13:00--------d-----w-c:\program files (x86)\Common Files\Microsoft
2013-05-29 12:31 . 2013-05-29 12:36--------d-----w-c:\program files (x86)\Microsoft ASP.NET
2013-05-29 12:28 . 2013-05-29 12:28--------d-----w-c:\program files\Microsoft
2013-05-29 12:28 . 2013-05-29 12:28--------d-----w-c:\program files\IIS Express
2013-05-29 12:28 . 2013-05-29 12:28--------d-----w-c:\program files (x86)\IIS Express
2013-05-29 12:26 . 2013-05-29 12:26--------d-----w-c:\program files (x86)\NuGet
2013-05-29 12:20 . 2013-05-29 12:20--------d-----w-c:\program files (x86)\Microsoft WCF Data Services
2013-05-29 12:20 . 2013-05-29 12:20--------d-----w-c:\program files\IIS
2013-05-29 12:20 . 2013-05-29 12:20--------d-----w-c:\program files (x86)\IIS
2013-05-29 12:02 . 2013-05-29 12:02--------d-----w-c:\program files (x86)\Windows Kits
2013-05-29 11:24 . 2013-05-29 11:24--------d-----w-c:\program files (x86)\HTML Help Workshop
2013-05-29 11:23 . 2013-05-29 11:23--------d-----w-c:\program files (x86)\Microsoft Help Viewer
2013-05-29 11:06 . 2013-05-29 11:35--------d-----w-c:\windows\SysWow64\1033
2013-05-29 10:31 . 2013-06-03 13:26--------d-----w-c:\program files (x86)\Common Files\Merge Modules
2013-05-29 10:27 . 2013-05-29 10:27--------d-----w-c:\users\ali\AppData\Roaming\ImTOO
2013-05-29 10:26 . 2013-05-29 10:26--------d-----w-c:\programdata\ImTOO
2013-05-29 10:26 . 2013-05-29 10:26--------d-----w-c:\program files (x86)\ImTOO
2013-05-29 10:23 . 2013-05-29 13:46--------d-----w-c:\program files (x86)\Microsoft Visual Studio 11.0
2013-05-29 10:23 . 2013-05-29 11:06--------d-----w-c:\windows\system32\1033
2013-05-29 10:23 . 2013-05-29 10:23--------d-----w-c:\windows\symbols
2013-05-29 10:23 . 2013-06-03 13:28--------d-----w-c:\program files (x86)\Microsoft SDKs
2013-05-29 10:23 . 2013-05-29 10:23--------d-----w-c:\program files\Microsoft Visual Studio 11.0
2013-05-29 10:05 . 2013-06-10 19:07--------d-----w-c:\programdata\Package Cache
2013-05-29 10:05 . 2013-05-29 10:05--------d-----w-c:\programdata\regid.1991-06.com.microsoft
2013-05-26 13:12 . 2013-05-26 13:12--------d-----w-C:\Evolution Games
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-13 01:03 . 2011-02-04 17:0575825640----a-w-c:\windows\system32\MRT.exe
2013-06-07 19:10 . 2013-03-01 08:35866720----a-w-c:\windows\SysWow64\npDeployJava1.dll
2013-06-07 19:10 . 2012-03-14 18:52788896----a-w-c:\windows\SysWow64\deployJava1.dll
2013-05-14 10:54 . 2013-05-14 10:54421888----a-w-c:\windows\SysWow64\RealMediaSplitter.ax
2013-05-12 21:42 . 2013-04-08 11:322597344----a-w-c:\windows\SysWow64\nvapi.dll
2013-05-12 21:42 . 2010-08-16 13:492935696----a-w-c:\windows\system32\nvapi64.dll
2013-05-12 21:42 . 2010-08-16 13:4915910736----a-w-c:\windows\system32\nvwgf2umx.dll
2013-05-12 21:42 . 2010-08-16 13:4912426216----a-w-c:\windows\SysWow64\nvd3dum.dll
2013-05-12 20:34 . 2010-08-16 21:066491936----a-w-c:\windows\system32\nvcpl.dll
2013-05-12 20:34 . 2010-08-16 21:063514656----a-w-c:\windows\system32\nvsvc64.dll
2013-05-12 20:34 . 2010-08-16 21:06884512----a-w-c:\windows\system32\nvvsvc.exe
2013-05-12 20:34 . 2010-08-16 21:0663776----a-w-c:\windows\system32\nvshext.dll
2013-05-12 20:34 . 2010-08-16 21:062555680----a-w-c:\windows\system32\nvsvcr.dll
2013-05-12 20:34 . 2010-08-16 21:06237856----a-w-c:\windows\system32\nvmctray.dll
2013-05-12 13:43 . 2013-05-12 13:43566048----a-w-c:\windows\SysWow64\nvStreaming.exe
2013-05-02 00:06 . 2011-02-04 15:49278800------w-c:\windows\system32\MpSigStub.exe
2013-05-01 01:59 . 2013-05-01 01:5994208----a-w-c:\windows\SysWow64\QuickTimeVR.qtx
2013-05-01 01:59 . 2013-05-01 01:5969632----a-w-c:\windows\SysWow64\QuickTime.qts
2013-04-13 05:49 . 2013-05-25 23:25135168----a-w-c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-25 23:25350208----a-w-c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-25 23:25308736----a-w-c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-25 23:25111104----a-w-c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-25 23:25474624----a-w-c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-25 23:252176512----a-w-c:\windows\apppatch\AcGenral.dll
2013-04-08 11:32 . 2013-04-08 11:321510176----a-w-c:\windows\system32\nvdispgenco64.dll
2013-04-08 11:32 . 2013-04-08 11:321814304----a-w-c:\windows\system32\nvdispco64.dll
2013-04-05 00:00 . 2013-04-05 00:00185344----a-w-c:\windows\SysWow64\elshyph.dll
2013-04-05 00:00 . 2013-04-05 00:001054720----a-w-c:\windows\system32\MsSpellCheckingFacility.exe
2013-04-05 00:00 . 2013-04-05 00:00226304----a-w-c:\windows\system32\elshyph.dll
2013-04-05 00:00 . 2013-04-05 00:00158720----a-w-c:\windows\SysWow64\msls31.dll
2013-04-05 00:00 . 2013-04-05 00:00719360----a-w-c:\windows\SysWow64\mshtmlmedia.dll
2013-04-05 00:00 . 2013-04-05 00:00150528----a-w-c:\windows\SysWow64\iexpress.exe
2013-04-05 00:00 . 2013-04-05 00:00138752----a-w-c:\windows\SysWow64\wextract.exe
2013-04-04 23:59 . 2013-04-04 23:59523264----a-w-c:\windows\SysWow64\vbscript.dll
2013-04-04 23:59 . 2013-04-04 23:5938400----a-w-c:\windows\SysWow64\imgutil.dll
2013-04-04 23:59 . 2013-04-04 23:59137216----a-w-c:\windows\SysWow64\ieUnatt.exe
2013-04-04 23:59 . 2013-04-04 23:5912800----a-w-c:\windows\SysWow64\mshta.exe
2013-04-04 23:59 . 2013-04-04 23:5973728----a-w-c:\windows\SysWow64\SetIEInstalledDate.exe
2013-04-04 23:59 . 2013-04-04 23:5948640----a-w-c:\windows\SysWow64\mshtmler.dll
2013-04-04 23:59 . 2013-04-04 23:59110592----a-w-c:\windows\SysWow64\IEAdvpack.dll
2013-04-04 23:59 . 2013-04-04 23:5961952----a-w-c:\windows\SysWow64\tdc.ocx
2013-04-04 23:59 . 2013-04-04 23:59361984----a-w-c:\windows\SysWow64\html.iec
2013-04-04 23:59 . 2013-04-04 23:591441280----a-w-c:\windows\SysWow64\inetcpl.cpl
2013-04-04 23:59 . 2013-04-04 23:5923040----a-w-c:\windows\SysWow64\licmgr10.dll
2013-04-04 23:59 . 2013-04-04 23:59441856----a-w-c:\windows\system32\html.iec
2013-04-04 23:59 . 2013-04-04 23:59216064----a-w-c:\windows\system32\msls31.dll
2013-04-04 23:59 . 2013-04-04 23:59197120----a-w-c:\windows\system32\msrating.dll
2013-04-04 23:59 . 2013-04-04 23:59905728----a-w-c:\windows\system32\mshtmlmedia.dll
2013-04-04 23:59 . 2013-04-04 23:5981408----a-w-c:\windows\system32\icardie.dll
2013-04-04 23:59 . 2013-04-04 23:59762368----a-w-c:\windows\system32\ieapfltr.dll
2013-04-04 23:59 . 2013-04-04 23:59452096----a-w-c:\windows\system32\dxtmsft.dll
2013-04-04 23:59 . 2013-04-04 23:59281600----a-w-c:\windows\system32\dxtrans.dll
2013-04-04 23:59 . 2013-04-04 23:5927648----a-w-c:\windows\system32\licmgr10.dll
2013-04-04 23:59 . 2013-04-04 23:59270848----a-w-c:\windows\system32\iedkcs32.dll
2013-04-04 23:59 . 2013-04-04 23:59247296----a-w-c:\windows\system32\webcheck.dll
2013-04-04 23:59 . 2013-04-04 23:59235008----a-w-c:\windows\system32\url.dll
2013-04-04 23:59 . 2013-04-04 23:591509376----a-w-c:\windows\system32\inetcpl.cpl
2013-04-04 23:59 . 2013-04-04 23:591400416----a-w-c:\windows\system32\ieapfltr.dat
2013-04-04 23:59 . 2013-04-04 23:5997280----a-w-c:\windows\system32\mshtmled.dll
2013-04-04 23:59 . 2013-04-04 23:59599552----a-w-c:\windows\system32\vbscript.dll
2013-04-04 23:59 . 2013-04-04 23:59167424----a-w-c:\windows\system32\iexpress.exe
2013-04-04 23:59 . 2013-04-04 23:59144896----a-w-c:\windows\system32\wextract.exe
2013-04-04 23:59 . 2013-04-04 23:59102912----a-w-c:\windows\system32\inseng.dll
2013-04-04 23:59 . 2013-04-04 23:5962976----a-w-c:\windows\system32\pngfilt.dll
2013-04-04 23:59 . 2013-04-04 23:59173568----a-w-c:\windows\system32\ieUnatt.exe
2013-04-04 23:59 . 2013-04-04 23:59149504----a-w-c:\windows\system32\occache.dll
2013-04-04 23:59 . 2013-04-04 23:5952224----a-w-c:\windows\system32\msfeedsbs.dll
2013-04-04 23:59 . 2013-04-04 23:5951200----a-w-c:\windows\system32\imgutil.dll
2013-04-04 23:59 . 2013-04-04 23:5913824----a-w-c:\windows\system32\mshta.exe
2013-04-04 23:59 . 2013-04-04 23:59136192----a-w-c:\windows\system32\iepeers.dll
2013-04-04 23:59 . 2013-04-04 23:5912800----a-w-c:\windows\system32\msfeedssync.exe
2013-04-04 23:59 . 2013-04-04 23:5992160----a-w-c:\windows\system32\SetIEInstalledDate.exe
2013-04-04 23:59 . 2013-04-04 23:5948640----a-w-c:\windows\system32\mshtmler.dll
2013-04-04 23:59 . 2013-04-04 23:59135680----a-w-c:\windows\system32\IEAdvpack.dll
2013-04-04 23:59 . 2013-04-04 23:5977312----a-w-c:\windows\system32\tdc.ocx
2013-03-25 12:34 . 2013-03-25 12:3221404927----a-w-c:\windows\REGBK00.ZIP
2013-03-25 12:28 . 2013-03-25 12:28350160----a-w-c:\windows\system32\drivers\trufos.sys
2013-03-25 12:27 . 2013-03-25 12:27632064----a-w-c:\windows\SysWow64\msvcr80.dll
2013-03-25 12:27 . 2013-03-25 12:27554240----a-w-c:\windows\SysWow64\msvcp80.dll
2013-03-25 12:27 . 2013-03-25 12:27572928----a-w-c:\windows\SysWow64\msvcp90.dll
2013-03-25 12:27 . 2013-03-25 12:27655872----a-w-c:\windows\SysWow64\msvcr90.dll
2013-03-25 12:27 . 2013-03-25 12:2734048----a-w-c:\windows\SysWow64\eEmpty.exe
2013-03-25 11:14 . 2012-07-23 00:19963488----a-w-c:\windows\system32\deployJava1.dll
2013-03-25 11:14 . 2012-07-23 00:191085344----a-w-c:\windows\system32\npDeployJava1.dll
2013-03-25 10:58 . 2012-04-06 01:12693976----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-25 10:58 . 2011-06-05 13:1873432----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-15 09:20 . 2012-08-15 09:202174976----a-w-c:\program files (x86)\Common Files\atimpenc.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-06-19 05:20220632----a-w-c:\users\ali\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-06-19 05:20220632----a-w-c:\users\ali\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-06-19 05:20220632----a-w-c:\users\ali\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 15:08143360----a-w-c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32129272----a-w-c:\users\ali\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32129272----a-w-c:\users\ali\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32129272----a-w-c:\users\ali\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32129272----a-w-c:\users\ali\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2013-03-01 3573624]
"VistaSwitcher"="c:\program files\VistaSwitcher\vswitch64.exe" [2012-05-12 233088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"vmware-tray.exe"="c:\program files (x86)\VMware\VMware Workstation\vmware-tray.exe" [2012-08-15 104088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 ANTS Memory Profiler 7 Service;ANTS Memory Profiler 7 Service;c:\program files\Red Gate\ANTS Memory Profiler 7\RedGate.Memory.IISService.exe;c:\program files\Red Gate\ANTS Memory Profiler 7\RedGate.Memory.IISService.exe [x]
R3 ANTS Performance Profiler 8 Service;ANTS Performance Profiler 8 Service;c:\program files\Red Gate\ANTS Performance Profiler 8\RedGate.Profiler.IISService.exe;c:\program files\Red Gate\ANTS Performance Profiler 8\RedGate.Profiler.IISService.exe [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys;c:\windows\SYSNATIVE\drivers\hitmanpro37.sys [x]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\645E.tmp;c:\windows\SYSNATIVE\645E.tmp [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
R3 ST330;ST330;c:\windows\system32\DRIVERS\st330.sys;c:\windows\SYSNATIVE\DRIVERS\st330.sys [x]
R3 STBUS;STBUS;c:\windows\system32\DRIVERS\stbus.sys;c:\windows\SYSNATIVE\DRIVERS\stbus.sys [x]
R3 STETH;SpeedTouch Ethernet Adapter NT Driver;c:\windows\system32\DRIVERS\steth.sys;c:\windows\SYSNATIVE\DRIVERS\steth.sys [x]
R3 stppp;Speedtouch PPP Adapter Adapter;c:\windows\system32\DRIVERS\stppp.sys;c:\windows\SYSNATIVE\DRIVERS\stppp.sys [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
R3 Te.Service;Te.Service;c:\program files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe;c:\program files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
R3 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys;c:\windows\SYSNATIVE\Drivers\VBoxUSB.sys [x]
R3 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [x]
R3 VMwareHostd;VMware Workstation Server;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [x]
R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0105.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]
S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys;c:\windows\SYSNATIVE\drivers\vsock.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi10-shared.sys;SysWOW64\drivers\vstor2-mntapi10-shared.sys [x]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys;c:\windows\SYSNATIVE\drivers\btusbflt.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys;c:\windows\SYSNATIVE\DRIVERS\FLxHCIc.sys [x]
S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys;c:\windows\SYSNATIVE\DRIVERS\FLxHCIh.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-07 20:251165776----a-w-c:\program files (x86)\Google\Chrome\Application\27.0.1453.110\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 10:37]
.
2012-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-20 07:31]
.
2012-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-20 07:31]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-06-19 05:20244696----a-w-c:\users\ali\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-06-19 05:20244696----a-w-c:\users\ali\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-06-19 05:20244696----a-w-c:\users\ali\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 14:52159744----a-w-c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2011-05-25 07:09227840----a-w-c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2011-05-25 07:09227840----a-w-c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32162552----a-w-c:\users\ali\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32162552----a-w-c:\users\ali\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32162552----a-w-c:\users\ali\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32162552----a-w-c:\users\ali\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-11-15 23:0723496----a-w-c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2013-03-21 6330568]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-05-16 1012000]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ye1.org/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: ت&صدير إلى Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 41.128.225.225 41.128.225.226
TCP: Interfaces\{1DF79A7C-6F29-4AAF-B4FD-772F63ACE586}: NameServer = 208.67.222.123,208.67.220.123,192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\645E.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Completion time: 2013-06-21 08:19:17 - machine was rebooted
ComboFix-quarantined-files.txt 2013-06-21 06:19
ComboFix2.txt 2013-06-20 06:41
.
Pre-Run: 32,527,597,568 bytes free
Post-Run: 31,856,861,184 bytes free
.
- - End Of File - - 0F232CCB0F42C80AAFA5159466B230AA
D41D8CD98F00B204E9800998ECF8427E

 

[malis2007]

Btw.. I am so sorry about the late reply's.. its due to the difference of the time zones :/
I am (GMT +2) here.. xD

 

[Broni]

Don't worry about it
You did fine.

How is computer doing?

Please download AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
• Double click on adwcleaner.exe to run the tool.
• Click on Delete.
• Confirm each time with Ok.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the contents of that logfile with your next reply.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[malis2007]

Off Topic :
oh well..
first.. I am so sorry for not being able to post acomment to you yesterday.
because I was very busy from 6:00 am to 12:00 am O_O
and I had a very bad conditions :/
Anyway.. thanks for helping me

=======================================================
On Topic :
oh well.. as I can see.. its still the same.. :/
my computer is soooooo slow.. and.. still some services missing files.. and the scheled tasks has bugs.. so is the event viewer I think {I didn't check the event viewer yet.. }..
I just meant to say.. I still have the same problems :/
I hope you can fix it for me

here is the logs :

AdwCleaner[S1].txt :

# AdwCleaner v2.303 - Logfile created 06/23/2013 at 12:23:18
# Updated 08/06/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : ali - S34N
# Boot Mode : Normal
# Running from : C:\Users\ali\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Users\ali\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Users\Public\Desktop\eBay.lnk
Folder Deleted : C:\Program Files (x86)\Common Files\Speedbit
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\Partner

***** [Registry] *****

Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\PIP
Key Deleted : HKCU\Software\SpeedBit
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\SpeedBit
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jplinpmadfkdgipabgcdchbdikologlh
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16618

[OK] Registry is clean.

-\\ Mozilla Firefox v [Unable to get version]

File : C:\Users\ali\AppData\Roaming\Mozilla\Firefox\Profiles\94np9vd1.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v27.0.1453.116

File : C:\Users\ali\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [2401 octets] - [23/06/2013 12:23:18]

########## EOF - C:\AdwCleaner[S1].txt - [2461 octets] ##########

 

[malis2007]

JRT.txt :

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by ali on Sun 06/23/2013 at 12:31:55.36
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\ali\appdata\local\adawarebp"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{002FFCBE-4873-488B-B856-134FEE877304}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{011D7EDC-3DFB-42EC-96AC-A7E56F5384DF}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{0132446C-5EFE-4727-B10B-4F1039F3F6D0}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{02B44E23-4A8D-40DA-A419-00F2695D47B6}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{032353A4-1129-4127-8DB7-7D85F9D2BDA5}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{0384DB47-E32C-4531-B5E9-B88650EC3070}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{03B6E8E4-BC52-4306-A1F3-CBF1E53D4647}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{03C39F31-95D9-4462-9A10-5C88E760A913}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{03E6B322-1FE4-44B2-A374-1737B1E72CBA}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{03FD26E6-BF6E-4C72-912C-57C6906DA983}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{04580177-3DA6-435F-B160-093A128B9546}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{053A617F-6454-4860-9928-B6F21B5779DD}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{05472E9D-DB29-48E4-9FB4-28ABCE7FB9E8}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{05967209-C2F5-4084-B03F-5D2C1BDFE8EA}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{05CE50D6-BE2D-47F4-BE7C-A7F81B91B02D}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{0622BF69-ED13-4C9C-82BF-B886992E63F3}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{06811279-CE40-4E36-AE24-BD5FD072B7F2}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{074FD4FA-2B44-41D2-9021-4E5C32AD009B}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{081E5995-20DB-4E80-B491-B1093802DCE1}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{085FC159-194F-41FC-87E0-C79DE2003FCC}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{08F8451C-F2F2-402A-989C-684F2BAE0B0C}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{0908192D-FAD7-4A13-AA8F-12E1EA22931B}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{09865AEA-5B46-4E2D-911A-FD25EAA734A2}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{098E4284-9D5F-45F7-BD38-716A836DDB57}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{09D47068-8E59-46D8-B54F-8A26619C19A1}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{0B250286-4013-486F-977B-A7949E635628}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{0B49E6FF-BE57-446F-A443-91549D63FD2D}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{0B83BCDF-DBB5-4E07-87A4-74EFA215D34F}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{0BB25C74-1191-48D6-A361-60DB9D6D1A9F}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{0BB3BB0F-4A9E-4F5F-A60B-4E94384FF76C}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{0BF18362-29A0-4E41-A51E-2E98A02D6097}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{0C1FB3CF-CAC8-4E13-A6BC-FA3A76F463A2}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{0D5D2E10-BC5C-4D2C-99B3-483D2C64B2FB}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{0E66B2F0-456E-451D-8DDE-973BE3885746}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{0EC0069F-897F-443C-BC40-298A15810DF4}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{0EC30C9B-5475-4380-8BD0-AFBE8DF2AF3A}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{0F03CC2E-817F-49D5-905D-9FF642C6CFB9}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{0F3BC6E9-9C42-41B8-A601-B6370DE12AA5}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{0F585715-DDA5-43D1-A51E-33BB3628C244}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{0F6D948C-F8A0-4616-A841-468117D92178}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{0FE51C34-4493-405C-AD12-7B288CA00E96}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{103B25A8-04FF-4F1E-975A-5DC770DF15CC}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{107B8566-025D-45F9-B201-36CE3F965F70}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{1086471C-8CC7-478F-8235-173246C2E1ED}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{10EAFEA2-4E99-4FA5-BB89-E3B2D521AAD4}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{1194C683-C7AA-4A86-AD46-F2C7FFB66869}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{12AC0C94-348E-4519-8A9A-67449EB040DA}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{12D1ED8E-3CAF-4DB8-8B46-7A0ECAF96C0D}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{1327B3C1-E572-4E58-9FD3-20E76724D684}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{1333725C-2709-4F06-8AB7-C442480321A4}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{13C2F459-B75D-440B-B487-062B406C5193}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{13F3471D-978D-4FE3-919B-F1E2CBE9E549}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{147AE17A-FECD-446F-A38B-83A530CBA218}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{153536AC-D01E-48E1-B64A-0B023E3CE95B}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{16E8A2A3-62B2-42B8-8746-2E764145EA3D}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{16ECFB86-E045-475E-AB22-B386319187FE}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{180D7C43-9200-413A-85B9-E07F7F2C2041}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{1815A1F9-9E79-47DD-9BB9-A2789BDBE2EA}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{1830875E-D276-41CB-880F-42CC0BC9483A}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{183EE8DB-E8AB-42FB-ABF6-E1EEB5C0F86D}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{1868EE99-FFB8-45E5-85B8-D3DBE581E4B9}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{18EACA42-7E54-4FE6-A719-CAEBEDA8D822}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{1935CC8C-F6ED-42AB-8EF6-46FA37A51B3C}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{19442278-673B-408C-9E5D-CB0C31C7FF73}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{1968691F-EC74-4303-9413-78AE5386150A}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{1AF067E3-16A5-4236-BD42-907F58758DE1}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{1B0B00DE-4A2B-436A-9D48-34E4290F88AF}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{1BECF0B4-348E-4022-8AAD-E63A00845BEE}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{1BF098B0-129A-4B51-B583-FB050696BDAD}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{1C094DDC-BD72-4818-8F26-37A902243D14}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{1C631B6D-7852-4A6B-9D59-23F14CB48ACB}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{1CB11ABA-45AB-41F4-98DA-6C012BEA143C}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{1CD60BD8-047B-4A1E-9E92-AE1569472AFB}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{1D080F69-DD48-4437-B21E-C4CFEE51A3C6}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{1D7C2C3A-A38D-47D0-A5A7-3872DFFED998}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{1E721BDE-A54C-4F73-A822-CA8D1FA287B8}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{1E989540-B4E0-4CB8-A51B-06924575D944}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{1E98FF34-38BF-4AF3-A0C9-57803B2CBA84}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{1EA14108-DC1C-47CB-8C8D-5FD0C18C3E39}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{1EB09719-7D84-4743-832A-EFF0AA606EFF}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{1EB2FFE7-D9A9-45EC-8189-FB28FADADC08}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{1EC31BFE-3D10-4DF5-84DC-F9C8EAACA8A1}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{1F70B2E9-3BA5-4D4D-87C9-55E145A0DE14}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{1FECA442-E690-4F98-ADEE-1249A3C53F66}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{1FF3B883-68B9-4874-BAB0-3536F42C7387}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{200DD771-5205-4D10-9B5C-FF9BC3423CD5}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{205C719E-D901-4C11-A212-879F5268EA5C}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{20A657A4-79BA-448F-8AF3-F93686B44277}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{20CC61E9-A72C-47F1-B6DC-84C5EC9FD6B1}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{20F66AB9-6B46-44AF-AF07-6FCE3739E8A1}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{21307873-8F0C-42CE-91CF-7E32B71299D8}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{21CFBB12-0B25-4C96-863E-9F777BFD7330}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{224C0A85-27C1-44B9-A0D9-6D4A06CB7312}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{22851C46-9151-436A-AC18-7AF46104337A}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{22EC34B8-7418-4CB5-8381-4279712F51B8}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{234124E4-A5D9-40F6-9990-7787C7A1E66B}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{2417F53B-0F82-487C-956A-2EA5D6E8E49D}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{24233E65-652D-49FE-9D74-7163D62ED741}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{2488294A-A76B-4E26-8F52-49F4249D0E2C}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{24A5D672-8334-41FC-B2D1-8A91C7C2758E}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{24F684F7-2A1F-47B5-8EE9-D6C2B30C109B}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{2523EF7C-5BF4-43DA-A244-8444CF5FCA3A}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{258684C6-FFB7-47F0-9C58-0518F17259E8}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{25B845BF-CA1D-4C6F-943F-6E86A7F3685F}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{2658C016-57C5-475E-980C-A686E674E89E}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{26D58324-DB28-4037-B1E0-625CA74166A0}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{273015DC-3A42-41BD-9C18-BA1408E0B767}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{278E78B3-CF25-4E3C-99A5-5929439CBF0E}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{2794B40F-26DC-4EB3-ADAE-2ECEAE90DA0C}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{27A51B6D-EA69-4A76-885A-D6D762C4B721}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{27FCEEB5-1EC5-48B1-9722-3B1BE79F02EC}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{28FD9713-C702-44FE-8539-BBDFAD531B3E}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{2963DD8B-7F09-4C96-892F-90AC2FD561C8}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{299341DD-C3CC-4D4B-B486-84C0520CFA37}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{2A41A161-5861-4CBD-8F11-E359BEFC05B2}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{2A7AE37E-5BCE-464D-8C25-996B22747CFD}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{2A7CF721-6E07-4969-95BB-46B1DE1D3C1C}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{2B667DD3-79E9-4514-821B-04241A10450F}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{2C6CDCB8-B9CD-4E6F-83AE-E716504977C9}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{2C77D99E-0A58-46A1-9CC6-422701E3671E}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{2C9963E9-B8F1-4E8A-8B07-7393B6BB4F0A}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{2CC8D8E5-2778-4778-AFF5-F60A53EFC96A}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{2CCE310C-4DBA-47FC-BCC9-7D58DF92C2CF}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{2EF4566A-9E51-4F56-B2C5-DCC4D1D87EDD}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{2F2BAB31-E9B2-4B96-86A2-480EF21D8166}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{30460B05-340B-4150-BE90-FCF584A785BC}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{30C56008-32B4-4BC7-A2F6-24A4D8E75738}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{30E4F24A-DF5D-47FF-ACC4-88A78D54AF08}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{31A9C9E7-3DC2-46BD-B590-60EC74ECB3D1}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{32353E1F-2F28-4EDC-A44E-EC1607DFAB89}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{3271BD87-FBA8-41CF-9AEE-D5FFFE3E9F3F}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{3277299F-D545-4217-8FBC-4607B44C7F14}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{32F7748E-3402-4175-B007-49AB049C2369}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{33C9AD78-F1EC-4D1F-A2DA-80F9EE89BDBE}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{3426C850-A53D-4740-87A3-C7EE759D7EF7}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{34ECC2EF-56DC-41D1-9D2C-EFE6F5937DA2}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{34EE58B4-E9DB-4CC0-8622-5C6970FF86E3}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{35E321FC-1853-4F09-AA4A-213962A13372}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{360E7EC8-F274-4C30-826B-651E5BF0701B}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{3657B9CA-062D-4F95-8E60-5EAB4FF3E666}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{36C1FABC-C1AD-4F76-9BF8-58DEDAD5C855}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{37090303-03B8-4B9F-964E-755DE093FFCF}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{381B1A80-9E11-48AB-BB14-3886BA5E36B0}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{3840A3FF-C048-4956-89D7-4AC3D4909FE2}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{386C8CFA-4A83-43D3-82F7-E8C77CCD9F58}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{38AE0D75-364A-42F6-8801-C5A76A63D082}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{39282A15-F263-4D1D-B36B-134545CD58EA}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{39902503-8070-4A57-98F4-C2135A36D0E0}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{3AEE895E-3F63-4516-8EB3-94A4F7A1BB05}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{3B0D5381-312A-4C3B-82BA-9BB116A5B182}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{3B3C16AA-437B-4E66-8372-01C1319DCEAA}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{3B732963-E231-492F-B890-E387820B0CA1}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{3C6ECAB9-EF92-4D61-8D48-C5BE1A0C4CF0}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{3CCF3344-5BC7-4A5B-B591-BC183C72BBE7}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{3CDC1D75-0F36-4742-BAD3-5D4B681C34BA}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{3CF263C9-9321-4273-BA08-44710CE6AF59}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{3D17B122-090F-4FE9-965F-27B211A5947B}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{3D4C014D-EC12-4DA8-AE90-CCE83616026B}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{3D59FF3A-3809-46C4-A378-FC1AF0B0BCFE}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{3D6A144E-261C-4FE1-AA64-D293DBF0D1CE}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{3D9D55A7-046A-4E77-B700-C8B071FEF37E}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{3DB1B021-F50E-4DEA-8730-759393636B30}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{3DC3090D-32B1-4503-9456-9104D35C0CD6}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{3E8B32BF-AB5C-4337-8F58-FB19FBB06646}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{3E95078D-7889-427D-8039-2A7D76E2780A}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{3EB8002E-D5BD-419E-94C9-24FEE5A90BDE}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{3ECF18CE-B7AE-4B81-A587-639082F81BED}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{3F7FEAA3-E8A0-45FB-9787-F33C7BEA677A}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{3FBD7123-A54B-475C-A44B-77649943BB7D}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{3FDE01AF-72C6-460F-A7AF-327A61A50E12}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{4086F2E1-C216-4557-9272-6CF3571FC2E4}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{40965B37-FCA9-460B-A7CE-8118440FADEA}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{40DEBAE2-8CE7-4EFE-8360-26A58E9E7DE5}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{419E989A-0893-4610-8E13-4AA2FB523FC1}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{41B7AB5B-C8CE-4EDA-A3C4-6EA7D7DDDC59}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{41BC5CFA-4C89-4355-8442-190CE980B7B4}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{4258C15C-F3C1-43E7-98A0-402D32A99933}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{42A58AE4-70BE-4AD0-A5E0-E0370D87991D}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{44216C17-32FA-4714-9180-50F2BF850E59}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{448142FA-8304-49DD-B583-DD2B3C88E9D5}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{44F27C99-84CA-4424-AC12-9A19F7B342F7}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{44F9888D-9022-4CF2-BD7C-94602CB7F710}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{45B603E4-E50F-4DD6-BC00-9E90A1F9DB70}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{45EAFD74-BCAE-4038-BA47-DD06E8934D9E}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{47411CC0-6CEC-41C4-9101-3B536627E4B8}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{47A00702-910A-4C68-A042-360C39BA97D1}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{47EADE4A-FC16-4038-8299-63E3B9DAC2F8}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{486E3B8A-5D63-4622-94AF-552300D7B2A6}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{48736D25-5F44-49D7-891E-AE296549CF7C}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{48BB6BF1-EE6D-4EE5-84DE-5A8036E9A8C9}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{48F9DA0C-3E76-4DE5-AF25-49F1E6F02BE2}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{4958E7D4-1891-4E1A-AEB7-7374C2965750}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{49CC5A19-E484-43EE-A7CD-EAB9335E8E89}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{49CEF24D-356A-4204-8B44-E042FDA0ACF5}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{4A37597E-7EA2-46CC-8357-091D94DF93A0}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{4A85CEB2-25EF-44CB-8986-940E836422ED}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{4AC7A881-E50D-41AD-8B05-9F5056F5F658}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{4B84BDED-241E-4B66-9A0D-6A76B122A2B6}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{4BA37F77-01A1-4D04-8046-7F25202C4ED0}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{4BA7B212-D858-47E5-B6AD-BA7D28EE5A0E}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{4C44F372-7803-4F83-ACAD-4A3466079234}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{4CBAE016-8809-4AF7-BFF4-FB1A1C8EB21E}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{4D22F5A2-6F2B-4CD5-AE61-6D7CE1034AC9}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{4D291EFF-3495-4108-8F1B-E412806BF17C}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{4D809AC3-E88F-43A9-89AB-72A813D0E430}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{4D9F27B1-6329-48C8-990F-6E34CB046FBE}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{4DCC943F-1BEE-4703-9013-D46C32DFA0B1}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{4DE9DB5E-3363-4D55-8C7C-ECBDA7F7DB20}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{4E7B6FDE-C722-4CD3-A718-CBA4B87E413E}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{4FD0CDFD-56F6-43AB-A3B4-32F70B9701F1}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{4FDA886B-904C-421A-8A5E-3EEB88BE4142}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{4FE71E16-AD99-45B7-9074-EE513CCC7556}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{500A3D74-04A4-4D56-88E6-7E192C7C88D3}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{508F7FDA-8BE7-4FF5-BFC3-D9C0915EFBD3}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{50A6FC89-98B6-4C9B-8B97-4F5B8427CF75}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{51251B3E-7A1D-4775-BF2B-B464CF24A44F}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{526F16AA-D3F8-4DA3-AB9F-9E7859E22728}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{52EBA11D-AEF8-4D17-B00C-205DACD77560}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{53601FB0-BB85-4484-9C6A-4DC991D062CF}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{536D6D4F-5796-4178-BB6A-A59A815D4E5D}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{53E7C08B-DE27-4D17-A20D-07B4113659F4}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{5411244C-57BD-4DE4-A89A-A865F3314BA4}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{541E923E-5C1E-4B2B-8431-78771CBE0CDA}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{5454EE5B-D1E5-4AF1-943A-DCF7F7BD243B}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{548F390E-EB73-46AD-A887-5A1E67C33BFF}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{55B9C53B-8C99-4BEF-AE86-EDB7095F8A38}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{55DFBEC5-1862-4297-A9BF-FE000C2547F5}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{5659C708-DC48-43CF-99D0-CC8124233B06}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{56B12925-0890-4394-9887-1CEA9E4DA891}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{58626F25-AC18-43DB-BF11-6F5E8922800F}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{5877C54C-D63B-4DC2-BCBF-F9754B550AE3}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{59716979-8A3D-4CB8-AF73-0BDC55C24489}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{59CE2FFC-FF8F-41FF-B884-E8F826CA841F}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{59EF1B80-26B1-43BF-AA5C-16B8989CCC16}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{5A00FE12-53A6-4F3C-A94D-6F8F21C5FE3C}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{5B1A28D3-5ECB-4C0D-8063-30FCE08201CE}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{5BA7DBF2-B9A9-4F92-9367-DEBAA06CDF68}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{5C5D1FFC-5A8B-4876-B949-571FD523A84D}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{5C6F19E7-E7F2-4D7E-9448-2C5D38A52C8C}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{5CBA0B70-4DF9-4B3D-A5C6-2F9A94B77E5B}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{5D436B79-8B2B-4466-9C0A-39AD6CC861D2}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{5DB606AC-85AA-4E91-88C8-727F78D6191B}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{5DFCECD4-50EC-4D54-9E08-CA7FE0810656}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{5E029655-6F29-46AF-9BA3-73FFBC950C76}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{5E06C79C-2659-498E-B885-86334525142B}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{5E6B66D2-52A8-4905-8478-73E524CA1BF5}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{5FC36625-DAB9-45A3-BD42-C4271ECD2467}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{5FD1EC03-FD56-4E6F-8E94-CAE8006705BE}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{60C27252-8FE6-47D2-86B8-F52D187F2357}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{60CF56F0-ABAB-4B6E-AFE9-736FD961D696}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{60FBB44A-BC30-41A4-B7DA-239BF0DC4191}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{6179CBB5-6F34-4DFB-80DC-BFFB58589F9B}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{61B56718-3411-45AA-99D3-C3D4F9462048}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{624B731D-AEF1-4B67-9965-FBC27AE07B6E}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{639B4328-AD22-4921-8DA0-0F8DD3792DD7}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{645DAB95-6B49-4543-8539-039DE5D82052}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{6582A0E1-2E1C-4525-BE3A-1B2A53180C5A}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{65A44654-0672-47EB-A393-ABE155BEE182}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{662ACC7E-1F16-4E95-95EA-5E0AE5A4F6D4}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{66339B0F-CD6F-4576-B1A6-E6EA2B8AAA7A}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{663689F4-F74C-4F6C-87C8-0F8534505C1D}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{665B82DE-D9F1-419B-9E2E-70E34BE16A8F}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{6713B6CF-0E75-43A4-8EA1-F5E1B6EB7EDD}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{671C60C1-CE63-4274-BCCE-0C7D4C19696E}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{672D040E-D5C9-4E36-B59F-877C2F94F1A2}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{67584F8D-5CE8-4A11-9787-668CFAA5E4B6}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{6794F7DC-A561-425D-B0BF-E4D1A076DD28}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{68360941-B6B7-4282-8AA8-2BA381EAD774}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{68810E8F-CAA6-4D2D-9523-3D03656CB9EA}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{68E8B09A-F0FE-42B4-9C6B-964CE078BC7F}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{6994EB62-B2E4-48D0-979C-20745EA0E2D2}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{69A36970-5A59-47D8-B0D3-19B22E650A74}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{6A362D51-B221-4ED9-B577-BE96FFD22D55}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{6A8B442E-9113-4AD0-BC90-A4F01C604F77}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{6A93A3E7-E368-4D87-BAC1-A1D8C657633B}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{6AA3D7F4-E9EE-425E-B9E5-AE1BB5190B62}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{6B10D4A9-3F90-4BE5-AA18-F5E0A1AAF9E1}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{6C6C8A0E-FEDD-4FC9-AB14-6AC190A9B852}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{6CD4B645-CBFC-4392-AB79-8E43BE7F1BCC}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{6CF51E68-EF09-48AB-8E92-73398FFF6F3E}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{6D008D9D-4EBE-4E61-A325-D87F8A3C096E}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{6D2F7B38-89D2-448D-A850-84133FD45AE7}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{6DA5E6AC-5CEB-49C1-981D-7958F19AE262}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{6DB6FB74-388C-4052-8B7D-5FE068682CD8}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{6DD9D1FA-D95B-454B-A1BF-50722164D3AF}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{6E45227B-E719-45F0-A349-92741915D80F}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{6E673E89-345D-466D-B648-C1DC59AE72C6}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{6E785053-CBC2-4AC3-A568-2F48421C9607}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{6F9B111E-B2E3-4BC5-A394-CF27F6E85968}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{6FCAC760-613D-494E-B85D-B2D04057F702}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{713ADE4A-A07D-4AD8-8023-E6D56EA4BC35}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{714073CE-9665-4E10-83C0-7C07F268E81E}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{7143B9FB-B614-459D-96D0-EAFE7295F6E0}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{719423F5-B693-45EF-B619-8B10DC15C48B}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{71976D23-4ECC-4DFC-B485-8B85B67877F6}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{71D296B1-B609-427A-8A2E-C4EC670763D6}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{72947C23-93C2-4C7F-AF35-899D2D3191D3}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{72A985C7-8D4A-4DD6-8B59-F78C162505B0}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{7325B3F7-0284-4AF4-AF0E-75652FEB7A59}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{7391D14D-60F4-42D1-AA36-28AFC28E769D}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{73CF6B25-9DE6-4FF4-B22A-20CF7F8B9B92}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{74347026-EEBA-47AA-BA26-88ABEABAC619}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{7467E2E3-D10F-407B-A648-96B372FBB74A}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{749549CD-9866-4E09-A19F-861B7A7CFB3B}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{74F8BFA7-3685-4C84-B769-BF16EA97114C}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{75A9B940-A293-402A-B81C-52E09B4B0F39}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{75DF8323-8727-4738-9EB6-CB959E2F37E0}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{767F1446-22D7-437A-B2FF-6CAD2355756E}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{76D018FA-692F-4E08-B1D2-36109AC559E9}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{77A17210-4E74-4DC6-B208-C725957332A8}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{77C53D17-5444-4CB4-BC78-BD0DA9F05D80}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{7898D01F-39FB-4754-A124-1F2063CD924A}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{78C297C9-6457-483E-AC7E-D3083BC75F3D}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{7A085A9A-5673-4CFA-BA07-5F30A8353CA3}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{7A718100-0036-4DF6-96F8-1DCA00A7CCAC}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{7B06B939-985A-404C-80D5-34041914AD4F}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{7B13B015-BF25-47F6-90EE-32BB499B56EB}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{7B696C71-BC0B-46D5-884D-C63FBD8A0532}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{7B7B9685-34D6-4841-8680-31CB368B252D}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{7C48F3D0-25DF-4768-A163-BE686B45FC6C}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{7C909B5E-91F6-49D3-9D3B-C0C7910BCF6F}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{7CE15C8D-85B5-4257-A5A4-67FE6A45ADD2}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{7CF2CFAB-8005-4591-AEFF-744443973EC6}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{7D56CE9C-68E1-4D00-B47D-B41E0F36DB54}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{7D62E733-47AA-4D45-8AF4-D5D27106C526}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{7E2BB000-41F8-4267-973B-087F84B8D8BD}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{7E99AEF4-867B-4014-81C0-197F17CCD997}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{7EDB8874-16A3-467E-9B91-D88E95D3D6D0}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{7EF9CE08-97C8-4AD4-9F70-866A0D3BC955}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{7F40DDC1-E4B7-4FA4-8F56-8569B6C32DF9}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{7F64E89A-740F-4BD2-B52C-C9838C2B5CE4}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{7FF6E86A-4A35-41F5-9859-0E050CFBEF74}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{813CF436-17CB-42D1-B78F-4C2CA2706A37}

 

[malis2007]

Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{82726490-222F-4927-95CF-8F7FFBC64C6D}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{82857CD4-183F-4E9B-9ACF-63F558B361C0}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{82B08DAC-0FCC-4445-996F-0AC03A730E7A}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{82C8A85B-7F54-4A76-BFCE-21B4F84B2423}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{831275DF-5EBE-4225-B6E7-1E337DECE075}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{831B1097-D713-4870-B1D0-D290471B9606}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{83343B81-609C-4534-BD4F-100C36EBED39}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{83569927-CB56-4F6D-BADE-5AF36C3017ED}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{83F8454D-6D99-484D-89BC-136438475139}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{8470CB3D-1839-4F1B-81FD-453E3B445B67}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{84863541-0F40-499C-811E-44532916A8D1}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{84D3BDB1-7028-45D5-8BFA-3368D76A67ED}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{85CF81A7-D93F-4B39-A2EC-700A76BF1EF9}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{85E78B0C-F002-4997-A988-CD3988AE38CD}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{869A0D67-C754-437B-85B0-EC987A1A375B}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{8716E02A-CEF2-4872-ADF9-0EDD62FA5005}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{8779B2F8-5167-43F1-BCDB-1586475F9ECB}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{87C4301F-6511-4A50-B02D-2D74D8630563}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{87F54B95-3A5F-46D0-8044-E1679266C322}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{8815C6C1-7264-4AD3-AE73-FF4496F1ADFB}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{886F66A7-D466-4FE8-94B3-2D3E4E435902}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{88F05E83-2B25-4F77-A40A-4564A4B5B210}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{89645107-D9A4-4E91-9928-C69A165B78A4}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{8B28746D-FD63-4F82-8AF8-C33E5208B63C}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{8B337FBD-011C-4DDD-8A92-78D23A171A51}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{8B6B2C28-5ED4-48AE-B58D-080F53D784D0}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{8B8EE5E9-18BF-453C-8DF0-BA1DAD6AF8AC}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{8B91EB6F-B906-4CD7-B9AB-95F3A2606EC0}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{8B9857CA-B8A4-4C49-82F4-B6CCEA9D472A}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{8DAB0F9E-2C8E-413A-9769-4FEE6BCF1D43}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{8DCFA73F-755B-4AFE-9C3E-1F84F173821A}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{8E1D5BDB-AF75-4A82-9D3A-1C0789CDDAEA}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{8E5A3976-26A2-46E6-B1FF-9541B88AACF2}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{8F2654F3-0134-4507-9090-F3356462F16F}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{8F56243C-5C02-44D8-91AD-8FFAE8D76166}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{8F68C816-29C8-4550-AD49-56BC40FA8206}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{8F7E36D4-E020-45D4-ACC7-08E1720D877B}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{90786E0F-4B98-43CF-9EA3-966C633BA208}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{90F41BC4-CBF7-4460-8AFE-07DDD5F43F9D}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{9148A40B-F0CF-47DD-B4D0-73B5DD0CEC9A}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{918192AA-65B9-42A8-A0E9-EC080F6FF8A9}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{928993C7-B314-4034-8E9F-EE55E9B036A4}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{92C4BBDA-1B99-4574-83FF-1A6445F01992}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{92D0093C-F5CD-47DF-BE50-5C9375DB757E}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{9306D55A-61B3-4CA8-982C-F4089662F956}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{9313E8B7-B682-4909-89EB-CB7638C9096B}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{937C3561-D752-4034-91CA-EE0771DCAEB7}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{93D0EBB1-BF64-4D9E-9B31-B5E5ACDA3B3A}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{940611FF-7360-4ECA-A902-64BE018C501D}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{9467FDDC-EFE1-4AFD-A496-E94FB8355B64}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{9499F982-BF2F-4906-9D81-63B11CF8C622}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{94B9C886-F606-4E62-8439-B4DB0483A6E5}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{958FC1A8-4643-44FE-BA99-B8419ED29285}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{96E1B93A-773F-4F70-9D8C-20CC2BF8A359}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{97D59F22-5CE1-461B-8E26-0336588755E3}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{9857730B-CE52-4A09-A413-8783E7255AAF}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{98644DEB-C1DE-4898-8D16-69F2F52636A8}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{987C457B-8F0B-485C-9957-1CA21DFC0B79}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{98B7B1ED-422A-48DB-8DA9-66E8369B00E4}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{99106781-4172-4ED2-A8E5-5FDE4D6D4BB8}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{9917407D-9BD1-484C-B7AD-88348D0D0FF4}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{9961A3DF-7844-4EAB-AFC3-39FF7E3CA159}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{99A378B6-409D-4EC1-BBE4-F49B1F8B4B2A}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{99BDA467-4DDA-46E4-8CCD-2B458F27D97E}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{9A961597-79C9-4A74-995F-592C480E5C7C}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{9B033DC8-43BB-43DE-BFFD-38B89FF9A2B6}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{9BC1863B-AEF8-44F6-8B3B-C8ECDEA0860B}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{9BC768AF-07B4-4097-8625-11FFA53A15E1}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{9BD182D9-44FA-48CC-9F39-E73F1A9CE737}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{9BE72F83-7F75-4FF1-B3CB-23D2F793C3AC}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{9D219D88-F9F5-4900-8061-BC62ECD916D0}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{9D2A6E5F-4617-435C-BD6F-97FF3FF29111}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{9D3ED479-0AE7-4FF9-9C67-2745A0334301}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{9D740F75-9E97-4C61-B674-EC893E00FF51}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{9D879F98-1401-421C-84BB-6853693F0E29}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{9DC41EDC-027C-4520-8E14-C70CD5D40A7B}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{9DCA3AD6-5171-4E40-A1C7-90CEBA42263C}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{9DE7510F-DD50-483E-A4AC-D0782C249325}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{9E2749C3-1B34-45AD-92C7-E72D0FC9CCF1}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{9E81BC8F-8A73-41B9-B4C1-B923AE611969}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{9ECA8852-BFA7-4616-9988-D3FE43047B0D}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{9F53B66A-5DAD-411A-8685-4883693E5654}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{9FC1B37B-DF59-4042-8B9C-2DB8B99B8777}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{9FCFFE6C-5F1F-499C-A64B-E8D110E0AC40}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{A01E482C-A3D8-4EB6-AB2E-F0F675DCBFF2}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{A0D2721A-12CD-4AB2-A440-5D3EE0C668B7}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{A226E0EB-8CA2-4013-B1FA-3FD111BD3241}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{A243CAF6-B8F6-4EED-9281-A6C1C7037ABB}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{A2D311AB-AD59-41C8-8EB4-5E4C19F78B02}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{A30CCF93-F6A4-4E28-A247-C56E36120B81}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{A3DCFB95-30D4-4506-BD50-123CB87D3DD5}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{A406DA37-CAF4-4725-90F6-8B969733D53F}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{A426F5AE-78F4-4605-AAFE-BB0F4C0AA6EF}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{A4E8B042-8BC5-40B0-9ACA-16CA4BE20ECC}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{A6118BD8-1FE3-4AB9-9DBA-FAB1B7A5FC5B}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{A7005413-2242-4528-B5BD-861EE28F4C47}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{A711DA95-CE11-429E-A095-72F3D02C3822}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{A7424446-2D75-4B1C-9B63-A89228043238}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{A79514A5-9D3E-4A52-879C-7BEC8DEB10AE}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{A7F607C4-5A10-4B9C-BF8B-60F805563CEC}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{A8472B66-E668-433C-ACC2-1FA616799BCF}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{A8B07C9F-F527-47E4-993F-799110652204}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{A992DCFD-3C72-4BFE-8D51-E59DF326A330}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{A9C42878-2EDA-4387-9C71-7C138916B61E}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{AA02DC5C-082A-49A9-A575-2E505780D2D8}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{AA32E503-719D-47F9-BE9E-A4E3B01CD89D}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{AB084673-EF41-4D72-AE87-CFA57DADA4E7}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{AB40627F-9E6D-4368-B606-C21DC36AB86B}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{AB771FBB-C69E-4367-9BA2-CF63F4B8CDBE}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{ABD0E460-8A81-492D-ACD2-AB5548954DE0}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{ACAF2899-522C-4066-9052-F83CF3C86B23}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{AD36861C-833F-489F-A916-36FB6E3CDBA7}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{AD66315E-C3A0-45E7-937C-805601B14CD4}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{AE8892DF-98DD-451C-8A6F-551FDD542B81}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{AECE10A3-B862-49B0-8153-E938F543D62A}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{AEF79B90-BDC5-4C59-8062-A67A4E3CED68}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{AF631BBF-483A-4336-BF1A-9180F7D0FFE6}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{B0C9A5FC-76E3-4B85-8040-AF62D2FC19FD}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{B2264CCF-7013-4D75-89C9-4A63341D23A8}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{B240EE33-FB6A-4801-94E5-2DF00A6519F2}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{B266B32A-693F-4BC3-BAC1-F9FF874510F1}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{B2FC26C7-9EAB-4121-B307-BC7DB45C8B65}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{B4164BE3-97F3-449D-A21C-DAD89A4E06F4}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{B4902E37-ABBD-433F-B8BA-CD7EE4616163}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{B4982E9D-EDBD-4129-BBBE-8457880D8660}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{B4B5ADFD-C861-4F1F-8692-68F20D34D0B0}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{B53D9AC6-A41A-473B-9930-C217B67F617A}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{B5426F08-3B67-4EA8-A3D8-F38A1D09EDD6}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{B568CF15-4210-4046-A336-059E809F8AF5}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{B56F6F98-D11B-4ECE-9E56-2D241F40B3A3}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{B58A4CED-86CD-4D44-81B3-FA74D2634FE1}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{B622CC57-D3C3-4839-A25B-6C55BF700D8C}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{B6810E78-607D-4587-A8DC-689C79443C59}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{B68C7D3A-71AB-4B5C-9F73-D99E6CE298B7}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{B7DD52E0-F633-4300-8190-B3F8C4E659D9}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{B8428D4E-BDCA-40B2-A356-41794B628ABF}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{B863CE06-B5FF-4F0B-908C-3328894978BF}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{B871B495-8C7B-496E-BAF2-9E859D6693AA}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{B896B401-2C7D-4942-8969-0CE64279FA9B}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{B98507EF-6A28-4CBA-B989-504440FA8836}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{BA15F8F2-1647-4863-85EF-EF42D556F395}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{BA40F120-7FC1-4EE5-93AB-05A44EE1FBE3}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{BA6F45B2-A3B4-47F2-AA72-045BAAA0B8A5}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{BAEC2A2B-90B4-4788-ABBF-BFFAA7E4D710}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{BD22BAB1-D60F-4A8C-BA02-D0FB6E326A98}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{BDCE0CDF-4A87-431E-9D46-70A3C437E4B6}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{BDE80597-11DE-4C86-8E41-B530B0016C71}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{BE568A44-DFA6-485B-A036-FA97ABA05230}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{BE59B43F-52DD-444A-89B1-3F4F40111ADE}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{BE8CBD81-C94F-446F-828E-075209662E35}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{BEB0018A-7F21-43B4-81C1-15C8954130F8}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{BF15A942-C7EA-4A5E-9E07-5E7C8CB2D2B4}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{BFB1BED2-F3DB-4DA6-A61B-5F9066ACFE06}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{C0161B28-CE9D-4DA4-BED2-CF1AACFA30C0}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{C11171AA-7AFE-4EB3-B0F4-3B1D0DDFB5F7}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{C155554F-9736-46E1-9DB3-E7B01B29EE50}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{C2883C76-EF6D-4084-83CF-00AC1CCE4A30}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{C2D08B3F-AFA8-443A-86BA-D394814C9C12}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{C35A08C2-E403-43DE-850D-25FDFBFF1B89}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{C3831119-1F5A-40B9-B458-97B755B84412}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{C39064EB-EACE-4F8E-A152-B87ED0819697}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{C3C4F38E-3C1E-4638-8F38-14C8C5B8FE7E}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{C45B6DC9-DC6F-480F-86FD-F1885306BD02}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{C4C3C437-7DB9-4ADC-AFEB-BE5697002C45}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{C530978A-2645-468A-8D03-D0E2B3E6250B}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{C530FEF9-17C2-4A94-9259-9F7AF1B08894}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{C53262D9-E160-4BFF-B9E4-558DE06678DD}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{C5964CCE-43F5-4794-BF12-6B1B4E87B15E}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{C5BF2F9C-62A5-48BB-A24F-F8BCBBDA9458}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{C5E09A25-2EED-4111-99B8-8ACCB982BBDB}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{C605A728-3109-46E8-ABDB-3241C9776263}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{C6442F56-52CD-4A73-87B4-BD327B94456D}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{C6F7BCBF-C837-4ADE-81A5-96C88B48EC90}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{C7EB25C7-7DBE-4327-863F-537F75F1989E}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{C7FC3405-B38A-4E6F-8B25-53BFC5681352}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{C8491915-BE94-4428-A53A-D3085714046A}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{C84C9A9E-2C71-4120-B996-FC4F6DE80B1D}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{C8830334-45B9-4CA7-B0D3-CE438D563740}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{C90C50DC-BF6F-4C3A-98FC-2A229D731CE4}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{C954CB4B-034F-45FB-BD54-78FF5F6CB43C}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{C95C3F0C-27A4-4ADE-8722-DBC912D5F6E1}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{C9845039-526A-4AE4-A5B6-611CE4AA5167}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{CA7BCBAD-B0E7-4046-9E66-58200D19E707}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{CACB2AF5-35BB-4D03-99DB-5D46D62CA4E2}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{CB02BDFF-F109-4C91-9608-51F2615D8FD9}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{CCD3921A-CAD3-4BEE-A3FB-927D28FEE0DC}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{CD962E93-7340-46C2-8CCE-372EF8D9F329}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{CE58B340-959D-484C-AAC8-F06949A1AD7D}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{CEBD806E-CD9C-489F-BD65-CB35345D22E7}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{CF6E7DD1-B967-44A5-938B-FCFA23FA1BD4}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{CFC3E5CA-3037-47D0-9B03-61B0813BC24B}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{CFD469BB-84E2-4A52-9890-829D8D47C257}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{D03C35A0-8DDB-4BC0-814E-757AF9A1D721}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{D089C3EA-DCFA-45FE-AB74-4B7AC0AB0178}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{D09CE6AC-002F-460A-B47A-F929A0AD86D0}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{D13F0717-B2B9-4649-B7BB-A5638B7BEDC7}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{D5430A0A-A4F4-4943-979B-4D13D4A14119}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{D56F06C9-D941-4C14-9C93-EA8903FA3A86}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{D579A976-B207-4410-A2F5-822A88F3BD4E}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{D5903BA6-9EF1-49FE-9CC3-5BB8673DD23A}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{D5A8FB3F-A547-4DCE-80D5-2FAE244DBDA3}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{D5AEE04C-91B6-4591-823B-35AC639BE56D}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{D625BDB6-B037-413A-9DD8-CE4F9EE694A0}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{D6D197E3-5FFE-44A1-AB35-40089F54D02C}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{D8071330-FD03-41FA-B1F8-68A25EE5DEDB}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{D8DE5FFB-01B9-48EC-964B-72DB00FE2F4A}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{D9A59055-114B-4803-8CB6-FDFC5E412FDC}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{DA280ACD-0F73-4AA0-8210-26461F9D4EBB}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{DA306D19-4606-4EE9-9E46-548A354944E2}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{DA735A37-3635-443B-8F51-9BE53E1CC540}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{DACCEC0A-54B5-4EDF-A1A4-ED49070D8ED2}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{DAD2FE56-4E42-4700-86CC-50209294611F}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{DB21A70A-E890-4339-8C30-1D68979FF04A}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{DB9B16F3-03A6-4014-8FAD-AB43FEF36F72}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{DCCE231D-F4BC-4401-B6AE-4C3B70E77F7A}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{DCDAB9F0-C638-4DCD-ABF5-DB0E68C7F3C4}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{DD3C4972-9E81-42E8-B12F-D96CBD65B8FB}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{DD79DCFE-7C26-427B-B9AF-940DDEE8FBD5}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{DDC2C512-2956-4CFD-B118-AF81FA5654A9}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{DDF7C4B7-A862-4799-AE7F-40D4712E8CA6}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{DE05A347-1A2F-4E13-A761-C3BF72AE90BC}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{DE7AA428-28F3-486C-93FD-96F96BB0AE79}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{DF68AD93-D4D1-4473-B2FE-D772F77F7594}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{DFBF07EE-15BD-4A4C-B8F5-84563749D64F}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{E000404E-C81D-4772-952C-255B83B8E4BC}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{E01FB09A-DFA1-4D7B-9818-1E03AB2912CA}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{E07828D0-866E-41D3-A40B-F8D9C2668AB2}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{E12DF5EC-E14B-456E-AE78-4532A0D0570C}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{E178BF03-2881-4134-A8B0-1C7353FD7F67}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{E1AF70D7-56AA-41AB-B98B-9B637F41FDA1}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{E1D71A6A-749A-449E-92A7-0D747434BEFC}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{E1EADEEC-1D12-4A8C-8026-4CF15ABB8607}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{E1F52EE3-E2BB-4EF6-84FD-0A513BF45B0E}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{E23D7444-F291-4B90-AA5F-BCC6FD8CAEEC}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{E29FE358-D910-4B30-AFBB-424B32EFD21C}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{E4031F6E-E293-4A5F-AAAB-EA8DC51CACD6}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{E4188105-0F25-4D18-8E9C-941CC205BB99}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{E432774D-1660-4177-866E-5FB2F7AB5BCA}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{E45CB480-E4F0-401F-82A7-2E7B340B3489}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{E48D3CE2-4AC0-47AC-B79A-91E195ABB87D}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{E4C4F7A7-E710-4D7C-A226-4EF78FEF3151}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{E4C53E0C-3658-49B0-946C-57FBD416EAA1}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{E4FCC0A1-8B49-4AAE-A0EA-415D25029C6F}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{E5465AFF-536D-4EBC-B9E3-DA5875CDC88A}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{E5F0B010-CC9F-4A0D-8A6A-7F96B0B4DE6A}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{E67AF1F0-6075-4EBF-98FE-4EB447EF3A3A}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{E7226122-8BF3-4782-8AC9-6F19A7177C5C}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{E7614C3D-EEDF-4F49-A21B-928E40B32E89}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{E7CA98A4-CFDC-4AB8-A9E7-8BFE425EC551}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{E816ECAB-0AB1-480B-91A3-B5C5A55D368C}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{E8579FF3-D0E3-4B7F-804F-2B8D68852760}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{E8CBF19C-6851-4E97-8444-57EE6017158A}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{E9230676-F98B-4676-B324-0EE59DF27D20}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{E944EBE9-FBC7-4CC7-8B3F-319D4D79AE6D}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{E98CFE10-1173-4996-9B2A-FA853AF3CD18}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{EB2E521D-65F8-4D06-9EA1-6005E05E4CA1}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{EB6F3FFA-A953-4D00-AE76-30CA24EE2241}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{EBE42314-8831-47EE-90DE-24D571E9DCC0}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{EBFB2C9D-7E64-4F21-B781-E84231A6CFBA}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{EC3DC58C-183A-47B5-A7AB-CEE4BB1E9AE3}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{ECA32F43-DA2D-42A3-8CCF-53740A929399}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{ED764D0B-7434-44D9-BF78-B7CDF007CF35}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{EE0E76BA-229C-455B-9FCA-CB97EDF067CB}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{EE1F833A-7D07-4F0D-907C-7BA34136E429}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{EE7ADF4C-D034-4877-8397-1B8EC53F5181}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{EED3E498-59DD-469B-9A4E-2CCD9E4D58B5}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{EEE899B8-8100-41FD-BB88-250B55E8893C}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{EF8D790E-1220-4E43-939D-5E13A09025A8}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{EFB7ABD4-FA74-4EEE-B194-D65D0C4864EE}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{F22E1FDE-5DED-4B4C-BA71-19B4CA5C6C95}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{F239C14E-B9DB-4AFD-9911-28DF0F9F2CDF}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{F31E1D3B-89CC-4404-AE1F-CD6D174D9D8B}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{F322F8C8-5107-4BE8-BAB5-B7E0D3E82126}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{F3743AF3-B878-4A4E-BC04-5497430C6FC3}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{F39FC0AC-D42F-46E1-86B8-86719958D13C}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{F49C710F-FC72-4984-A976-4DCE763398D8}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{F4A077AB-C2E2-47BE-B8A6-89BBDCD4C3E4}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{F615C2B4-BB79-458B-9C55-7752838E41B0}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{F63215A4-2816-48A4-89C9-BD3500932CC6}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{F6616E7C-5CBA-4B54-BE00-45389713B7D5}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{F6780046-8CA5-4492-81AA-5E5613AF31A3}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{F6C79370-555C-4660-AE3E-56E40919193C}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{F717FE7B-126D-43EA-9DDB-56C6386F37F0}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{F750033C-7597-43A6-BF8A-A5A5D25F6FF4}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{F756BA3F-F2ED-40DF-A696-67037FF9149D}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{F7645873-C239-42E5-882C-16808935A64C}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{F7684A53-8EC2-4A31-A163-49EA2C3623E5}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{F7EC79B2-1426-48EA-B9E0-0C2FF82FDE68}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{F80C337B-8C79-42D7-937C-72875A5C39F3}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{F811C7EB-D855-4638-8150-6275D686A201}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{F8656CDA-7354-40DF-AD6E-58FC36951EAD}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{F8805B9B-57CD-4402-A60B-A2B2AD29E84B}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{F882168E-D137-4F88-A5D3-9AB36174DD2A}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{F889C89D-35F8-45B6-B0ED-A55974FB5CF5}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{F9365D7E-C7A1-4ACE-B362-FEC8CDEA8A02}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{F9BB3479-EA07-4D57-981F-63B25F3A4A6C}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{FD02DAF6-7B5A-440D-B4F5-763DD6132A60}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{FDAF53ED-3198-4B55-B983-D07D760CC1C0}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{FE66CCFC-33AE-4A8E-A09F-C155A4AB0DCB}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{FED29228-B44C-41E0-B089-25C218FDAE74}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{FF09F02E-AF49-4E20-B128-F492E6EFB4AA}
Successfully deleted: [Empty Folder] C:\Users\ali\appdata\local\{FF94A958-8FCC-4536-B0BF-C275D33094C5}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 06/23/2013 at 12:40:49.52
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

[malis2007]

OTL.txt :

OTL logfile created on: 23/06/2013 12:43:28 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ali\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000C01 | Country: Egypt | Language: ARE | Date Format: dd/MM/yyyy

5.93 Gb Total Physical Memory | 4.59 Gb Available Physical Memory | 77.52% Memory free
5.92 Gb Paging File | 4.57 Gb Available in Paging File | 77.06% Paging File free
Paging file location(s): [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149.04 Gb Total Space | 32.28 Gb Free Space | 21.66% Space Free | Partition Type: NTFS
Drive D: | 425.64 Gb Total Space | 50.22 Gb Free Space | 11.80% Space Free | Partition Type: NTFS

Computer Name: S34N | User Name: ali | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/06/23 12:16:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ali\Desktop\OTL.exe
PRC - [2013/05/16 16:44:05 | 001,012,000 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
PRC - [2013/05/16 16:38:39 | 001,826,592 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013/05/12 15:43:32 | 000,413,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013/03/21 15:19:46 | 001,341,664 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
PRC - [2012/08/15 15:18:06 | 000,104,088 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:64bit: - [2013/06/18 10:05:05 | 000,194,440 | ---- | M] (Red Gate Software Ltd.) [On_Demand | Stopped] -- C:\Program Files\Red Gate\ANTS Performance Profiler 8\RedGate.Profiler.IISService.exe -- (ANTS Performance Profiler 8 Service)
SRV:64bit: - [2013/06/18 10:04:54 | 000,143,288 | ---- | M] (Red Gate Software Ltd.) [On_Demand | Stopped] -- C:\Program Files\Red Gate\ANTS Memory Profiler 7\RedGate.Memory.IISService.exe -- (ANTS Memory Profiler 7 Service)
SRV:64bit: - [2013/03/21 15:19:46 | 001,341,664 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2010/06/22 21:20:42 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Disabled | Stopped] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2010/04/17 02:07:42 | 000,134,928 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/08/03 02:54:14 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Disabled | Stopped] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/05/16 16:38:39 | 001,826,592 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/05/12 15:43:32 | 000,413,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013/04/19 15:14:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/03/25 12:37:32 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/15 15:18:40 | 000,357,016 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2012/08/15 15:17:26 | 000,435,864 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2012/08/15 14:36:34 | 015,680,000 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe -- (VMwareHostd)
SRV - [2012/08/15 13:19:58 | 000,079,872 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2012/08/01 17:10:32 | 000,917,656 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService)
SRV - [2012/07/25 18:58:26 | 000,126,976 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe -- (Te.Service)
SRV - [2012/07/25 18:13:16 | 000,139,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe -- (fussvc)
SRV - [2012/07/09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/11/27 00:55:42 | 000,398,176 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2009/12/15 10:39:38 | 000,096,896 | ---- | M] (ASUS) [Disabled | Stopped] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009/10/01 05:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/10/01 05:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2009/06/15 17:30:42 | 000,084,536 | ---- | M] (ASUS) [Disabled | Stopped] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/03/31 02:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/03/25 14:28:02 | 000,350,160 | ---- | M] (BitDefender S.R.L.) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\trufos.sys -- (trufos)
DRV:64bit: - [2013/02/25 07:27:45 | 000,194,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2013/02/20 16:34:58 | 000,131,856 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2013/02/20 11:07:40 | 000,058,416 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
DRV:64bit: - [2013/02/20 11:07:38 | 000,213,416 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2013/02/06 13:57:55 | 000,032,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hitmanpro37.sys -- (hitmanpro37)
DRV:64bit: - [2013/02/05 22:06:06 | 000,057,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2013/01/10 21:44:02 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2013/01/10 15:08:16 | 000,190,232 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
DRV:64bit: - [2013/01/10 15:08:16 | 000,059,440 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EpfwLWF.sys -- (EpfwLWF)
DRV:64bit: - [2013/01/10 15:08:14 | 000,150,616 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/11/22 02:43:14 | 000,165,112 | ---- | M] (Tonec Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\idmwfp.sys -- (IDMWFP)
DRV:64bit: - [2012/11/08 01:52:06 | 000,077,040 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FLxHCIh.sys -- (FLxHCIh)
DRV:64bit: - [2012/11/08 01:42:06 | 000,249,584 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FLxHCIc.sys -- (FLxHCIc)
DRV:64bit: - [2012/08/23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/08/15 15:18:16 | 000,067,224 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2012/08/15 15:18:08 | 000,030,360 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2012/08/15 15:16:52 | 000,045,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2012/08/15 15:16:50 | 000,020,120 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2012/08/01 17:10:36 | 000,052,376 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2012/08/01 17:10:24 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb)
DRV:64bit: - [2012/07/06 12:29:52 | 000,085,104 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2012/07/06 12:29:52 | 000,070,256 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vsock.sys -- (vsock)
DRV:64bit: - [2012/04/14 02:55:20 | 000,054,272 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stppp.sys -- (stppp)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/09/22 21:01:54 | 000,311,144 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0105.sys -- (RsFx0105)
DRV:64bit: - [2011/06/27 01:37:00 | 002,753,536 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011/03/22 11:38:01 | 000,058,880 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\steth.sys -- (STETH)
DRV:64bit: - [2011/03/22 11:38:00 | 000,047,616 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\st330.sys -- (ST330)
DRV:64bit: - [2011/03/22 11:38:00 | 000,024,576 | ---- | M] (THOMSON Telecom Belgium) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stbus.sys -- (STBUS)
DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/15 03:33:02 | 000,035,384 | ---- | M] (ASUSTek Computer Inc) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\AsDsm.sys -- (AsDsm)
DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/08/16 15:49:59 | 000,024,680 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2010/07/21 07:33:49 | 000,129,024 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2010/05/03 05:46:03 | 000,044,032 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2010/04/17 02:07:28 | 000,013,832 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010/04/14 01:01:44 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2010/03/03 13:51:39 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/09/17 22:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/08/20 04:41:37 | 001,800,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC)
DRV:64bit: - [2009/08/05 13:59:48 | 000,987,648 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009/07/20 11:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/07 14:48:44 | 000,035,376 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\purendis.sys -- (purendis)
DRV:64bit: - [2009/07/07 14:48:44 | 000,033,328 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\pnarp.sys -- (pnarp)
DRV:64bit: - [2009/07/01 06:46:51 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/07/01 06:46:47 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/07/01 06:46:39 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/06/10 22:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:34:18 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/13 19:07:20 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2009/04/07 09:33:07 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2008/05/24 03:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2012/07/13 16:13:14 | 000,070,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys -- (VSPerfDrv110)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/02 17:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-131767206-1543947898-356316412-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\ali\Downloads
IE - HKU\S-1-5-21-131767206-1543947898-356316412-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ye1.org/
IE - HKU\S-1-5-21-131767206-1543947898-356316412-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-131767206-1543947898-356316412-1001\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?source...nputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
IE - HKU\S-1-5-21-131767206-1543947898-356316412-1001\..\SearchScopes\{7211B126-D463-4F47-99A6-8810D3DBF6E2}: "URL" = http://www.bing.com/search?FORM=BDKTDF&PC=BDT3&q={searchTerms}&src=IE-SearchBox
IE - HKU\S-1-5-21-131767206-1543947898-356316412-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-131767206-1543947898-356316412-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-21-131767206-1543947898-356316412-1022\..\SearchScopes,DefaultScope =

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: mozilla_cc%40internetdownloadmanager.com:7.3.38
FF - prefs.js..extensions.enabledAddons: %7B8f8fe09b-0bd3-4470-bc1b-8cad42b8203a%7D:0.17
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.0.198: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD [2013/05/27 19:39:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/12/03 19:05:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2013/05/27 19:39:04 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\ali\AppData\Roaming\IDM\idmmzcc5 [2013/03/08 02:38:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\ali\AppData\Roaming\IDM\idmmzcc5 [2013/03/08 02:38:55 | 000,000,000 | ---D | M]

[2013/03/21 01:23:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ali\AppData\Roaming\mozilla\Extensions
[2013/02/06 13:52:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ali\AppData\Roaming\mozilla\Firefox\extensions
[2013/03/21 01:37:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ali\AppData\Roaming\mozilla\Firefox\Profiles\94np9vd1.default\extensions
[2013/03/21 01:37:17 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Users\ali\AppData\Roaming\mozilla\Firefox\Profiles\94np9vd1.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
[2013/03/08 02:38:55 | 000,000,000 | ---D | M] (IDM CC) -- C:\USERS\ALI\APPDATA\ROAMING\IDM\IDMMZCC5

 

[malis2007]

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = http://www.google.com.eg/search?q={searchTerms}
CHR - default_search_provider: suggest_url = ,
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Disabled) = internal-remoting-viewer
CHR - plugin: Native Client (Disabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll
CHR - plugin: Mixesoft Click&Clean Plug-In (Enabled) = C:\Users\ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\8.0.1_0\plugin/npccch32.dll
CHR - plugin: Bitdefender QuickScan (Enabled) = C:\Users\ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\8.0.1_0\plugin/npqscan.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Disabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Disabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Disabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Photo Gallery (Disabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Disabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: PDF-XChange Viewer (Disabled) = C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Disabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Disabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Disabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Disabled) = c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Disabled) = c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll
CHR - plugin: RealPlayer Version Plugin (Disabled) = c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll
CHR - Extension: Magic Actions for YouTube\u2122 = C:\Users\ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\abjcfabbhafbcdfjoecdgepllmpfceif\5.8.6_0\
CHR - Extension: Splendid = C:\Users\ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdfkbdkkfmmckaadapdipihjfaacnkgd\3_0\
CHR - Extension: WOT = C:\Users\ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.4.12_0\
CHR - Extension: Adblock Plus = C:\Users\ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4.1_0\
CHR - Extension: Page load time = C:\Users\ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\fploionmjgeclbkemipmkogoaohcdbig\1.2_0\
CHR - Extension: Click&Clean = C:\Users\ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\8.3_0\
CHR - Extension: AdBlock = C:\Users\ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.65_0\
CHR - Extension: Allow Right-Click = C:\Users\ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\hompjdfbfmmmgflfjdlnkohcplmboaeo\1.2.15_0\
CHR - Extension: New Tab Redirect! = C:\Users\ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna\2.0_0\
CHR - Extension: IDM Integration = C:\Users\ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm\6.15.12.2_0\
CHR - Extension: Smooth Gestures = C:\Users\ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfkgmnnajiljnolcgolmmgnecgldgeld\0.17.7_0\
CHR - Extension: Clock = C:\Users\ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjocghlclkpgheifflemilcnblodjohg\1.16_0\
CHR - Extension: betterChrome - Browse 15% faster = C:\Users\ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbegekjleoplkhibgbmkmnnfffcpfanh\1.2.2_0\
CHR - Extension: Click&Clean App = C:\Users\ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp\8.0_1\
CHR - Extension: Bitdefender QuickScan = C:\Users\ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.118_1\

O1 HOSTS File: ([2013/06/21 11:48:57 | 000,001,058 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 tonec.com
O1 - Hosts: 127.0.0.1 http://www.tonec.com
O1 - Hosts: 127.0.0.1 registeridm.com
O1 - Hosts: 127.0.0.1 http://www.registeridm.com
O1 - Hosts: 127.0.0.1 secure.registeridm.com
O1 - Hosts: 127.0.0.1 internetdownloadmanager.com
O1 - Hosts: 127.0.0.1 http://www.internetdownloadmanager.com
O1 - Hosts: 127.0.0.1 secure.internetdownloadmanager.com
O1 - Hosts: 127.0.0.1 mirror.internetdownloadmanager.com
O1 - Hosts: 127.0.0.1 secure.internetdownloadmanager.com
O1 - Hosts: 127.0.0.1 mirror2.internetdownloadmanager.com
O1 - Hosts: 127.0.0.1 mirror3.internetdownloadmanager.com
O1 - Hosts: 127.0.0.1 mirror3.tonec.com/idman519.exe
O1 - Hosts: 127.0.0.1 mirror3.internetdownloadmanager.com/idman60b.exe
O1 - Hosts: 127.0.0.1 http://mirror3.internetdownloadmanager.com/idman604.exe
O1 - Hosts: 127.0.0.1 http://mirror3.tonec.com/idman604.exe
O1 - Hosts: 127.0.0.1 http://www.internetdownloadmanager.com/buy.html
O1 - Hosts: 127.0.0.1 mirror3.internetdownloadmanager.com/idman604.exe
O1 - Hosts: 127.0.0.1 mirror3.tonec.com/idman604.exe
O1 - Hosts: 127.0.0.1 http://www.internetdownloadmanager.com/buy.html
O2:64bit: - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Microsoft Web Test Recorder 10.0 Helper) - {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} - C:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [vmware-tray.exe] C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
O4 - HKU\S-1-5-21-131767206-1543947898-356316412-1001..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKU\S-1-5-21-131767206-1543947898-356316412-1001..\Run: [VistaSwitcher] C:\Program Files\VistaSwitcher\vswitch64.exe (NTWind Software)
O4 - HKU\S-1-5-21-131767206-1543947898-356316412-1022..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-131767206-1543947898-356316412-1022..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 253
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun- = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun- = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-131767206-1543947898-356316412-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-131767206-1543947898-356316412-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-21-131767206-1543947898-356316412-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun- = 0
O7 - HKU\S-1-5-21-131767206-1543947898-356316412-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun- = 0
O7 - HKU\S-1-5-21-131767206-1543947898-356316412-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-131767206-1543947898-356316412-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 253
O7 - HKU\S-1-5-21-131767206-1543947898-356316412-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-131767206-1543947898-356316412-1022\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:64bit: - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8:64bit: - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 41.128.225.225 41.128.225.226
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1DF79A7C-6F29-4AAF-B4FD-772F63ACE586}: DhcpNameServer = 41.128.225.225 41.128.225.226
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1DF79A7C-6F29-4AAF-B4FD-772F63ACE586}: NameServer = 208.67.222.123,208.67.220.123,192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\gopher - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/03/14 20:30:46 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2013/03/14 20:30:46 | 000,000,000 | R--D | M] - D:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

[malis2007]

========== Files/Folders - Created Within 30 Days ==========

[2019/10/09 10:40:57 | 000,000,000 | ---D | C] -- C:\Users\ali\AppData\Roaming\Crypto Obfuscator For .Net v2012 R2
[2013/06/23 12:31:49 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/06/23 12:30:40 | 000,000,000 | ---D | C] -- C:\JRT
[2013/06/23 12:16:26 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\ali\Desktop\OTL.exe
[2013/06/23 12:15:52 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\ali\Desktop\JRT.exe
[2013/06/21 18:03:09 | 000,000,000 | ---D | C] -- C:\Users\ali\AppData\Local\Temporary Projects
[2013/06/21 17:05:49 | 000,000,000 | ---D | C] -- C:\Program Files\SAMSUNG
[2013/06/21 17:03:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2013/06/21 15:55:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\S34NCS OC
[2013/06/21 15:55:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\S34NCS OC
[2013/06/21 15:45:52 | 000,000,000 | ---D | C] -- C:\Users\ali\Desktop\S34NCS
[2013/06/21 08:19:20 | 000,000,000 | ---D | C] -- C:\Users\ali\AppData\Local\temp
[2013/06/21 08:08:26 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013/06/21 08:05:35 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/06/21 07:09:31 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013/06/20 20:20:13 | 000,000,000 | ---D | C] -- C:\Users\ali\Desktop\Pics
[2013/06/20 20:19:04 | 000,000,000 | ---D | C] -- C:\Users\ali\Desktop\Txt files
[2013/06/20 11:35:45 | 000,000,000 | ---D | C] -- C:\Users\ali\AppData\Local\NVIDIA
[2013/06/20 09:05:12 | 000,000,000 | ---D | C] -- C:\Windows\gif
[2013/06/20 07:53:14 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/06/20 07:53:14 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/06/20 07:53:14 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/06/20 07:52:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/06/20 07:52:44 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/06/20 07:48:25 | 005,081,560 | R--- | C] (Swearware) -- C:\Users\ali\Desktop\ComboFix.exe
[2013/06/20 04:25:45 | 000,000,000 | ---D | C] -- C:\Users\ali\AppData\Roaming\vlc
[2013/06/20 04:25:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013/06/20 04:19:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/06/20 04:19:12 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/06/20 04:19:10 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/06/20 04:19:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/06/20 04:19:10 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/06/20 04:07:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013/06/20 04:06:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2013/06/20 04:03:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
[2013/06/19 14:03:19 | 000,000,000 | ---D | C] -- C:\Users\ali\Desktop\Testing
[2013/06/19 07:37:00 | 000,000,000 | ---D | C] -- C:\Windows\en
[2013/06/19 07:25:04 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2013/06/19 07:24:57 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2013/06/19 06:45:48 | 000,000,000 | ---D | C] -- C:\Program Files\Types
[2013/06/19 02:45:23 | 000,070,256 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vsock.sys
[2013/06/19 02:45:23 | 000,067,224 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\vsocklib.dll
[2013/06/19 02:45:23 | 000,063,128 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vsocklib.dll
[2013/06/19 02:45:15 | 000,067,224 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmx86.sys
[2013/06/19 02:44:32 | 000,357,016 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vmnetdhcp.exe
[2013/06/19 02:44:28 | 000,435,864 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vmnat.exe
[2013/06/19 02:44:28 | 000,030,360 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmnetuserif.sys
[2013/06/19 02:44:12 | 000,933,528 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\vnetlib64.dll
[2013/06/19 02:43:58 | 000,052,376 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\hcmon.sys
[2013/06/19 02:43:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
[2013/06/19 02:43:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\VMware
[2013/06/19 02:40:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\VMware
[2013/06/19 02:40:30 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Shared Virtual Machines
[2013/06/18 16:06:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla Server
[2013/06/18 10:17:13 | 000,000,000 | -H-D | C] -- C:\Users\ali\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2013/06/18 10:14:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Red Gate
[2013/06/18 10:13:48 | 000,000,000 | ---D | C] -- C:\Program Files\Red Gate
[2013/06/16 03:02:08 | 000,000,000 | ---D | C] -- C:\Users\ali\AppData\Local\VSIXInstaller
[2013/06/15 21:46:15 | 000,000,000 | ---D | C] -- C:\Users\ali\Desktop\Skype
[2013/06/12 23:57:45 | 000,000,000 | ---D | C] -- C:\Users\ali\Desktop\VBNet Themes
[2013/06/11 18:40:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nokia
[2013/06/11 16:30:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013/06/10 21:10:09 | 000,000,000 | ---D | C] -- C:\Users\ali\AppData\Local\Brice_Lambson
[2013/06/10 21:08:08 | 000,000,000 | ---D | C] -- C:\Program Files\Image Resizer for Windows
[2013/06/10 21:08:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Image Resizer for Windows
[2013/06/10 21:08:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image Resizer for Windows
[2013/06/07 23:15:21 | 000,000,000 | ---D | C] -- C:\RegBackup
[2013/06/07 22:57:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/06/07 21:11:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/06/07 21:10:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013/06/07 20:55:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MeteorEntertainment
[2013/06/07 20:55:26 | 000,000,000 | ---D | C] -- C:\Users\ali\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Meteor Entertainment
[2013/06/06 02:34:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2013/06/06 02:33:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works
[2013/06/06 02:33:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio
[2013/06/06 02:31:38 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2013/06/06 02:30:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2013/06/06 02:30:35 | 000,000,000 | R--D | C] -- C:\MSOCache
[2013/06/05 13:49:05 | 000,000,000 | ---D | C] -- C:\Users\ali\AppData\Roaming\NuGet
[2013/06/03 15:52:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/06/03 15:52:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013/06/03 13:55:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Expression
[2013/06/03 13:39:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Web Tools
[2013/06/02 23:33:40 | 000,360,448 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\SysWow64\tx4ole14.ocx
[2013/06/02 23:33:39 | 000,610,304 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\SysWow64\tx14_pdf.dll
[2013/06/02 23:33:39 | 000,552,960 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\SysWow64\tx14_rtf.dll
[2013/06/02 23:33:39 | 000,385,024 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\SysWow64\tx14_xml.dll
[2013/06/02 23:33:39 | 000,253,952 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\SysWow64\tx14_png.flt
[2013/06/02 23:33:39 | 000,217,088 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\SysWow64\tx14_tls.dll
[2013/06/02 23:33:39 | 000,073,728 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\SysWow64\tx14_tif.flt
[2013/06/02 23:33:39 | 000,065,536 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\SysWow64\tx14_wnd.dll
[2013/06/02 23:33:39 | 000,053,248 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\SysWow64\tx14_wmf.flt
[2013/06/02 23:33:38 | 001,056,768 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\SysWow64\tx14_dox.dll
[2013/06/02 23:33:38 | 000,765,952 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\SysWow64\tx14.dll
[2013/06/02 23:33:38 | 000,667,648 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\SysWow64\tx14_doc.dll
[2013/06/02 23:33:38 | 000,331,776 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\SysWow64\tx14_css.dll
[2013/06/02 23:33:38 | 000,327,680 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\SysWow64\tx14_obj.dll
[2013/06/02 23:33:38 | 000,249,856 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\SysWow64\tx14_htm.dll
[2013/06/02 23:33:38 | 000,200,704 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\SysWow64\tx14_jpg.flt
[2013/06/02 23:33:38 | 000,131,072 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\SysWow64\tx14_ic.dll
[2013/06/02 23:33:38 | 000,061,440 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\SysWow64\tx14_bmp.flt
[2013/06/02 23:33:38 | 000,057,344 | ---- | C] (The Imaging Source Europe GmbH) -- C:\Windows\SysWow64\tx14_gif.flt
[2013/06/02 23:33:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Word PDF Converter
[2013/06/02 20:24:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2013/06/02 20:24:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2013/06/02 20:23:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010 Express
[2013/06/02 20:22:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 10.0
[2013/05/31 21:30:49 | 000,000,000 | ---D | C] -- C:\Users\ali\AppData\Roaming\Microsoft FxCop
[2013/05/31 03:01:42 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013/05/30 21:34:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Visual Studio
[2013/05/30 13:34:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Sidebar
[2013/05/30 13:23:08 | 000,181,064 | ---- | C] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2013/05/29 15:50:11 | 000,000,000 | ---D | C] -- C:\Users\ali\Documents\Visual Studio 2012
[2013/05/29 15:42:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 5 SDK
[2013/05/29 15:39:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 4 SDK
[2013/05/29 15:28:09 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2013/05/29 15:16:23 | 000,000,000 | ---D | C] -- C:\Program Files\Application Verifier
[2013/05/29 15:16:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Verifier
[2013/05/29 15:14:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows App Certification Kit
[2013/05/29 15:00:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
[2013/05/29 15:00:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Microsoft
[2013/05/29 14:31:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft ASP.NET
[2013/05/29 14:28:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2013/05/29 14:26:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NuGet
[2013/05/29 14:20:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft WCF Data Services
[2013/05/29 14:20:21 | 000,000,000 | ---D | C] -- C:\Program Files\IIS
[2013/05/29 14:20:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IIS
[2013/05/29 14:02:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Kits
[2013/05/29 13:24:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HTML Help Workshop
[2013/05/29 13:23:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Help Viewer
[2013/05/29 13:06:36 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\1033
[2013/05/29 12:31:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Merge Modules
[2013/05/29 12:27:20 | 000,000,000 | ---D | C] -- C:\Users\ali\AppData\Roaming\ImTOO
[2013/05/29 12:26:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImTOO
[2013/05/29 12:24:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2012
[2013/05/29 12:23:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 11.0
[2013/05/29 12:23:55 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\1033
[2013/05/29 12:23:50 | 000,000,000 | ---D | C] -- C:\Windows\symbols
[2013/05/29 12:23:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 11.0
[2013/05/29 12:23:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SDKs
[2013/05/29 12:05:18 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1991-06.com.microsoft
[2013/05/29 12:05:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2013/05/27 19:39:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2013/05/27 19:39:02 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2013/05/26 15:12:45 | 000,000,000 | ---D | C] -- C:\Evolution Games
[2013/05/26 14:58:12 | 000,000,000 | ---D | C] -- C:\Users\ali\Desktop\Ace Evolution
[2013/05/26 14:39:29 | 000,000,000 | ---D | C] -- C:\Users\ali\AppData\Roaming\GlarySoft
[2013/05/26 14:39:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Absolute Uninstaller
[2013/05/26 02:14:39 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
[2012/08/15 11:20:36 | 002,174,976 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Program Files (x86)\Common Files\atimpenc.dll

========== Files - Modified Within 30 Days ==========

[2013/06/23 12:32:03 | 000,010,240 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/23 12:32:03 | 000,010,240 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/23 12:25:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/23 12:16:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ali\Desktop\OTL.exe
[2013/06/23 12:15:56 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\ali\Desktop\JRT.exe
[2013/06/23 12:15:06 | 000,648,201 | ---- | M] () -- C:\Users\ali\Desktop\adwcleaner.exe
[2013/06/22 16:02:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/06/22 03:43:56 | 000,119,458 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/06/22 03:43:56 | 000,087,182 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/06/22 03:43:56 | 000,031,794 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/06/21 17:18:56 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01007.Wdf
[2013/06/21 15:55:10 | 000,000,981 | ---- | M] () -- C:\Users\Public\Desktop\S34NCS OC.lnk
[2013/06/21 11:48:57 | 000,001,058 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/06/21 07:08:46 | 005,081,560 | R--- | M] (Swearware) -- C:\Users\ali\Desktop\ComboFix.exe
[2013/06/20 11:34:38 | 000,001,309 | ---- | M] () -- C:\Users\Public\Desktop\GeForce Experience.lnk
[2013/06/20 04:25:35 | 000,001,028 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/06/20 04:19:46 | 000,001,745 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/06/20 04:07:18 | 000,001,807 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2013/06/19 07:15:13 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/06/19 06:45:49 | 000,000,114 | ---- | M] () -- C:\Users\ali\Desktop\Types.url
[2013/06/19 02:45:33 | 000,000,990 | ---- | M] () -- C:\Users\ali\Application Data\Microsoft\Internet Explorer\Quick Launch\VMware Workstation.lnk
[2013/06/19 02:43:38 | 000,001,024 | ---- | M] () -- C:\.rnd
[2013/06/19 02:43:31 | 000,124,444 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/06/19 02:43:28 | 000,002,089 | ---- | M] () -- C:\Users\Public\Desktop\VMware Workstation.lnk
[2013/06/17 04:16:59 | 000,007,596 | ---- | M] () -- C:\Users\ali\AppData\Local\Resmon.ResmonCfg
[2013/06/16 00:31:29 | 000,000,000 | ---- | M] () -- C:\Users\ali\AppData\Local\debuggee.mdmp
[2013/06/12 23:14:32 | 000,181,064 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2013/06/10 04:04:16 | 000,000,262 | ---- | M] () -- C:\Users\ali\Desktop\CP.bat
[2013/06/08 17:41:27 | 000,394,760 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/06/07 23:16:50 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-S34N-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2013/06/07 00:02:38 | 000,001,095 | ---- | M] () -- C:\Users\ali\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2013/06/05 13:57:23 | 000,000,860 | ---- | M] () -- C:\noavatar.jpg
[2013/05/31 22:48:42 | 000,012,657 | ---- | M] () -- C:\roflmfao.gif
[2013/05/31 21:06:10 | 000,001,209 | ---- | M] () -- C:\Users\ali\Application Data\Microsoft\Internet Explorer\Quick Launch\FileZilla.lnk
[2013/05/30 13:22:54 | 000,001,750 | ---- | M] () -- C:\Users\ali\Desktop\PsExe.lnk
[2013/05/26 16:07:22 | 000,001,475 | ---- | M] () -- C:\Users\ali\Desktop\TFC.lnk
[2013/05/26 16:07:21 | 000,001,913 | ---- | M] () -- C:\Users\ali\Desktop\DsnJumper.lnk
[2013/05/26 16:07:21 | 000,001,440 | ---- | M] () -- C:\Users\ali\Desktop\Unlocker.lnk
[2013/05/26 15:15:52 | 000,001,829 | ---- | M] () -- C:\Users\Public\Desktop\Launch Ace Evolution.lnk
[1 C:\Windows\SysNative\drivers\etc\*.tmp files -> C:\Windows\SysNative\drivers\etc\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/06/23 12:15:00 | 000,648,201 | ---- | C] () -- C:\Users\ali\Desktop\adwcleaner.exe
[2013/06/21 17:18:56 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01007.Wdf
[2013/06/21 15:55:10 | 000,000,981 | ---- | C] () -- C:\Users\Public\Desktop\S34NCS OC.lnk
[2013/06/20 11:34:38 | 000,001,309 | ---- | C] () -- C:\Users\Public\Desktop\GeForce Experience.lnk
[2013/06/20 10:54:35 | 000,020,536 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2013/06/20 07:53:14 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/06/20 07:53:14 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/06/20 07:53:14 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/06/20 07:53:14 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/06/20 07:53:14 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/06/20 04:25:35 | 000,001,028 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/06/20 04:19:46 | 000,001,745 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/06/20 04:07:18 | 000,001,807 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2013/06/19 07:36:41 | 000,001,267 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
[2013/06/19 07:36:29 | 000,001,336 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
[2013/06/19 07:31:34 | 000,001,420 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2013/06/19 07:31:24 | 000,002,448 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2013/06/19 06:45:49 | 000,000,114 | ---- | C] () -- C:\Users\ali\Desktop\Types.url
[2013/06/19 02:45:33 | 000,000,990 | ---- | C] () -- C:\Users\ali\Application Data\Microsoft\Internet Explorer\Quick Launch\VMware Workstation.lnk
[2013/06/19 02:43:38 | 000,001,024 | ---- | C] () -- C:\.rnd
[2013/06/19 02:43:28 | 000,002,089 | ---- | C] () -- C:\Users\Public\Desktop\VMware Workstation.lnk
[2013/06/16 00:31:29 | 000,000,000 | ---- | C] () -- C:\Users\ali\AppData\Local\debuggee.mdmp
[2013/06/07 23:16:50 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-S34N-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2013/06/07 00:02:38 | 000,001,095 | ---- | C] () -- C:\Users\ali\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2013/06/05 13:57:30 | 000,000,860 | ---- | C] () -- C:\noavatar.jpg
[2013/06/05 13:54:25 | 000,024,004 | ---- | C] () -- C:\msoobe.jpg
[2013/06/05 13:52:56 | 000,012,657 | ---- | C] () -- C:\roflmfao.gif
[2013/06/02 23:33:38 | 000,000,530 | ---- | C] () -- C:\Windows\SysWow64\tx14_ic.ini
[2013/05/31 21:06:10 | 000,001,209 | ---- | C] () -- C:\Users\ali\Application Data\Microsoft\Internet Explorer\Quick Launch\FileZilla.lnk
[2013/05/30 13:35:18 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2013/05/30 13:22:20 | 000,001,750 | ---- | C] () -- C:\Users\ali\Desktop\PsExe.lnk
[2013/05/29 14:28:36 | 000,002,021 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Web Platform Installer.lnk
[2013/05/26 15:15:52 | 000,001,829 | ---- | C] () -- C:\Users\Public\Desktop\Launch Ace Evolution.lnk
[2013/05/26 12:22:10 | 000,001,475 | ---- | C] () -- C:\Users\ali\Desktop\TFC.lnk
[2013/03/09 16:13:50 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
[2013/03/08 04:32:31 | 000,000,630 | ---- | C] () -- C:\Windows\cce.INI
[2013/02/19 22:19:30 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\clauth2.dll
[2013/02/19 22:19:30 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\clauth1.dll
[2013/02/19 22:19:30 | 000,000,073 | ---- | C] () -- C:\Windows\SysWow64\ssprs.dll
[2013/02/19 22:19:29 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll
[2013/02/19 22:19:29 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll
[2013/02/12 13:06:52 | 000,091,264 | ---- | C] () -- C:\Windows\SysWow64\EasyHook32.dll
[2013/02/05 21:01:48 | 000,885,970 | ---- | C] () -- C:\Users\ali\AppData\Local\census.cache
[2013/02/05 20:59:16 | 000,143,171 | ---- | C] () -- C:\Users\ali\AppData\Local\ars.cache
[2013/02/05 20:28:20 | 000,000,036 | ---- | C] () -- C:\Users\ali\AppData\Local\housecall.guid.cache
[2013/01/31 10:47:29 | 000,002,143 | ---- | C] () -- C:\Windows\KillSwitch.INI
[2012/06/12 21:46:01 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2012/06/06 18:18:41 | 000,007,596 | ---- | C] () -- C:\Users\ali\AppData\Local\Resmon.ResmonCfg
[2012/06/04 09:32:27 | 000,000,000 | ---- | C] () -- C:\Windows\Net4Switch.INI
[2011/09/22 17:34:44 | 000,007,168 | ---- | C] () -- C:\Users\ali\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/03 20:07:04 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2011/08/04 02:29:36 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/02/20 02:08:34 | 000,000,600 | ---- | C] () -- C:\Users\ali\AppData\Local\PUTTY.RND

========== ZeroAccess Check ==========

[2009/07/14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2010/11/20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/08/29 18:16:31 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Bitdefender
[2012/08/06 05:19:24 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ESET
[2012/08/28 20:01:06 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\Arkadium
[2011/08/28 19:19:02 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\Asus WebStorage
[2012/03/19 17:32:24 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\Avnex
[2011/03/03 22:58:42 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\Blumentals
[2013/03/09 19:43:49 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\Caphyon
[2012/04/19 21:40:00 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2019/10/09 10:40:57 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\Crypto Obfuscator For .Net v2012 R2
[2013/02/03 07:41:13 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\Crypto Obfuscator For .Net v2013
[2013/03/08 16:39:45 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\CrystalIdea Software
[2013/06/23 12:31:06 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\DMCache
[2013/02/22 18:36:42 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\Dropbox
[2011/03/15 01:57:35 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\EeeStorageUploader
[2011/11/06 17:43:27 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\ESET
[2013/01/25 20:04:04 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\Eusing
[2013/05/26 15:12:36 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\Evolution Games
[2013/02/08 20:26:23 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\FFSJ
[2013/03/08 00:50:03 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\FILEminimizerPictures
[2013/06/21 21:05:48 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\FileZilla
[2013/06/19 07:09:13 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\GlarySoft
[2012/07/20 05:55:11 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\HLSW
[2012/07/26 15:58:20 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\http___s34ncs.webs.com_
[2013/06/19 07:59:52 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\IDM
[2013/05/29 12:27:20 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\ImTOO
[2013/02/22 03:36:05 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\IrfanView
[2013/03/08 00:48:53 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\iVeeSoft
[2012/10/13 22:00:13 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\JustDecompile
[2012/08/28 05:19:49 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\kingsoft
[2013/02/01 12:18:41 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\Mipony
[2013/01/27 03:31:52 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\MySQL
[2013/06/22 15:56:15 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\Nokia
[2013/03/20 21:57:02 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\Notepad++
[2011/11/19 16:08:37 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\Nseries
[2013/06/05 13:49:05 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\NuGet
[2013/06/11 18:48:45 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\PC Suite
[2011/03/03 22:41:19 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\phpDesigner
[2013/03/06 15:33:32 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\QFX Software
[2012/08/14 20:11:28 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\QTTabBar
[2013/05/29 09:28:39 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\QuickScan
[2013/02/21 22:57:06 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\Shadow Defender
[2013/06/06 02:14:21 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\SoftGrid Client
[2013/01/26 19:57:59 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\Subversion
[2013/03/04 01:01:29 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\TaskbarHelper
[2012/07/09 09:21:37 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\TeamViewer
[2012/08/15 19:43:51 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\TechSmith
[2012/10/13 21:23:53 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\Telerik
[2011/08/28 19:13:24 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\temp
[2013/03/02 12:40:10 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\TeraCopy
[2012/04/09 23:52:45 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\Thunderbird
[2011/03/21 19:46:16 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\TP
[2012/05/24 23:57:06 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\ts3overlay
[2013/01/26 01:17:49 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\Tunngle
[2012/03/30 15:16:05 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\Unity
[2012/08/06 14:18:34 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\updatetool
[2013/02/24 19:59:21 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\VOS
[2011/04/12 16:09:30 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\Webshots
[2011/02/13 01:25:21 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\Windows Live Writer
[2012/08/17 01:48:59 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\Xilisoft
[2012/09/01 03:54:35 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\XnRetro
[2013/02/23 01:40:56 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\XnView
[2013/02/06 13:52:33 | 000,000,000 | ---D | M] -- C:\Users\ali\AppData\Roaming\Zbshareware Lab

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:981884E7
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:52DBE86F
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:029E021F
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp20FFA63
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:3E7393FC

< End of report >

 

[malis2007]

Extras.txt :

OTL Extras logfile created on: 23/06/2013 12:43:28 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ali\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000C01 | Country: Egypt | Language: ARE | Date Format: dd/MM/yyyy

5.93 Gb Total Physical Memory | 4.59 Gb Available Physical Memory | 77.52% Memory free
5.92 Gb Paging File | 4.57 Gb Available in Paging File | 77.06% Paging File free
Paging file location(s): [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149.04 Gb Total Space | 32.28 Gb Free Space | 21.66% Space Free | Partition Type: NTFS
Drive D: | 425.64 Gb Total Space | 50.22 Gb Free Space | 11.80% Space Free | Partition Type: NTFS

Computer Name: S34N | User Name: ali | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-131767206-1543947898-356316412-1001\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [Browse with XnView] -- "C:\Program Files (x86)\XnView\xnview.exe" "%1" (XnView, http://www.xnview.com)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [takeownership] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [Browse with XnView] -- "C:\Program Files (x86)\XnView\xnview.exe" "%1" (XnView, http://www.xnview.com)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [takeownership] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{051E2E9F-7BFD-4228-B7D4-A52CE49104BF}" = lport=6918 | protocol=6 | dir=in | app=c:\program files (x86)\microsoft visual studio 11.0\common7\ide\devenv.exe |
"{08886AFC-2153-4B89-8EAE-6CA1A82394FF}" = lport=48113 | protocol=17 | dir=in | name=maconfig_udp |
"{327EC8CA-9725-4151-9296-3A73E98931E1}" = lport=6920 | protocol=6 | dir=in | app=c:\program files (x86)\microsoft visual studio 11.0\common7\ide\devenv.exe |
"{3AC476FE-619F-4CA5-A716-59C4DF8B782C}" = lport=6916 | protocol=6 | dir=in | app=c:\program files (x86)\microsoft visual studio 11.0\common7\ide\devenv.exe |
"{5DF8D6C0-AE07-4948-AC13-F942020FC479}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{767AA7A0-C5A6-4DCF-B041-73D0D737A887}" = lport=6918 | protocol=6 | dir=in | app=c:\program files (x86)\microsoft visual studio 11.0\common7\ide\devenv.exe |
"{7B32A450-F3EC-4557-9D38-AA93BE8DCBE0}" = lport=6919 | protocol=6 | dir=in | app=c:\program files (x86)\microsoft visual studio 11.0\common7\ide\devenv.exe |
"{7EDB0F75-43B0-4664-8748-9C48EF9597F8}" = lport=48113 | protocol=6 | dir=in | name=maconfig_tcp |
"{80F8138C-A8D6-475B-A5D7-5FA5B8BA7154}" = lport=6919 | protocol=6 | dir=in | app=c:\program files (x86)\microsoft visual studio 11.0\common7\ide\devenv.exe |
"{92FDAD88-559C-4F3E-BB45-B3AD4045B6C4}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{95823E24-03B6-4A6E-9BC9-6496F1DCE9FF}" = lport=6915 | protocol=6 | dir=in | app=c:\program files (x86)\microsoft visual studio 11.0\common7\ide\devenv.exe |
"{98C6A10A-B7D9-439F-BDCB-5CCDFB50A13C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{AEAD50CC-6684-45C2-BB71-A337843E2438}" = lport=3702 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft visual studio 11.0\common7\ide\devenv.exe |
"{B99ADA06-7F1B-45E0-97CF-111F9757A78F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BAB3F151-1F49-40EC-8A99-53D69EC69738}" = lport=6920 | protocol=6 | dir=in | app=c:\program files (x86)\microsoft visual studio 11.0\common7\ide\devenv.exe |
"{BF8977EA-3AE1-4678-A98D-6F7E47D27208}" = lport=6916 | protocol=6 | dir=in | app=c:\program files (x86)\microsoft visual studio 11.0\common7\ide\devenv.exe |
"{D35FCAD1-99C5-4214-8E47-A2D7ACB638EB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D49D71E2-57DE-4CA7-997C-6BCFADEC1FE5}" = lport=6915 | protocol=6 | dir=in | app=c:\program files (x86)\microsoft visual studio 11.0\common7\ide\devenv.exe |
"{DFD3BA0E-5980-4DFB-8948-7F5FF6FECC38}" = lport=6917 | protocol=6 | dir=in | app=c:\program files (x86)\microsoft visual studio 11.0\common7\ide\devenv.exe |
"{FA512D46-5ADB-436E-8E5A-9EA917A490EC}" = lport=6917 | protocol=6 | dir=in | app=c:\program files (x86)\microsoft visual studio 11.0\common7\ide\devenv.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{179003E3-D926-43A0-8D4C-781AC151F0D6}" = protocol=6 | dir=in | app=c:\program files (x86)\evolution games\bout evolution\evoshield.dll |
"{19C9CE06-AA8E-43E2-ADD1-9AD46CF71F0C}" = dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe |
"{2C829472-496C-4A88-A5A3-CC7C3C75316B}" = protocol=6 | dir=in | app=c:\program files\ma-config.com\x64\maconfservice.exe |
"{31B31C03-B6C5-4BD5-B09D-66FF4712C3BC}" = protocol=17 | dir=in | app=c:\program files (x86)\evolution games\bout evolution\evoshield.dll |
"{38647D2F-45B2-4ABA-8CC2-3C5F9ACE8B4F}" = protocol=6 | dir=in | app=c:\program files (x86)\evolution games\bout evolution\bots.dat |
"{41C85F91-210F-496D-B163-BFFE9DA588AF}" = dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-hostd.exe |
"{43C61BA1-B10A-4D6C-8BA6-B0F5BD0C67C5}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{478D5BF5-A302-447F-BAD5-6D08288D9FF2}" = protocol=17 | dir=in | app=c:\program files\ma-config.com\x64\maconfservice.exe |
"{4B8DAEB7-609A-4965-BCA9-317729532FC6}" = dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-hostd.exe |
"{4E8247C8-283D-409B-82E4-56FA591E2D8F}" = protocol=17 | dir=in | app=c:\program files (x86)\evolution games\bout evolution\bots.exe |
"{54929D0D-DC00-4247-BD90-AE46A9360549}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{71B3782C-75D6-47DB-8610-BD7EFBE2B951}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{761CA7A3-0A93-4183-A784-0B12873942C0}" = protocol=17 | dir=in | app=c:\program files (x86)\evolution games\bout evolution\bots.dat |
"{7F8B1D4D-E16E-4C78-BC25-E49939CCCC04}" = protocol=6 | dir=in | app=c:\program files (x86)\evolution games\bout evolution\bots.exe |
"{B6E939AD-AE8C-49A3-9B4C-CAD532FF967F}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{BAFD61BC-E4EB-4EE6-8DEC-18963B675C40}" = dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe |
"{D77DD020-D224-4667-A0DB-D3D746D4EC63}" = protocol=6 | dir=in | app=c:\users\ali\downloads\solutoinstaller-m7zsa24nwl_u75448245.exe |
"{E675B639-A031-4BC7-8F60-EEBE83C4732C}" = protocol=17 | dir=in | app=c:\users\ali\downloads\solutoinstaller-m7zsa24nwl_u75448245.exe |
"{F091310F-7A2D-4BDA-B7FC-CAD556077EA7}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{078B9199-C2A4-4468-BD5F-C060C51EC895}" = Microsoft Visual Studio 2012 IntelliTrace Core amd64
"{0B497B28-5243-3329-9F10-DBB18E0963E6}" = Microsoft Visual C++ 2012 x64 Debug Runtime - 11.0.51106
"{0D94F75A-0EA6-4951-B3AF-B145FA9E05C6}" = VMware Workstation
"{0E8670B8-3965-4930-ADA6-570348B67153}" = Microsoft SQL Server 2012 Transact-SQL ScriptDom
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2700_series" = Canon iP2700 series Printer Driver
"{13417784-A359-3CDD-8DE1-B7108707D647}" = Visual Studio 2012 Prerequisites - ENU Language Pack
"{13D558FE-A863-402C-B115-160007277033}" = Microsoft SQL Server 2012 Express LocalDB
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
"{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1E6ED082-E32D-4B2B-8B6A-70B094815135}" = Microsoft SQL Server System CLR Types (x64)
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{27EF252D-800C-ED42-9904-459FE0046225}" = Windows Software Development Kit for Windows Store Apps DirectX x64 Remote
"{28D85F24-B685-3364-BB7C-284C88C2FFE5}" = Microsoft Visual Studio Team Foundation Server 2012 Storyboarding
"{2EC3A3E2-E1EA-383D-BE76-D651C7852A05}" = Microsoft Visual Studio Team Foundation Server 2012 Object Model Language Pack - ENU
"{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{2FD0FA0A-7A21-4C4A-B268-1142B54E035E}" = Windows Live Family Safety
"{36E619BC-A234-4EC3-849B-779A7C865A45}" = Microsoft SQL Server 2012 Data-Tier App Framework
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel(R) Turbo Boost Technology Monitor
"{3C28BFD4-90C7-3138-87EF-418DC16E9598}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106
"{3FA063D7-EDC1-AFA8-54AF-0563C7DEE070}" = Windows App Certification Kit Native Components
"{41208EF0-FA40-3824-B330-5D59B666C720}" = Microsoft Visual Studio Team Foundation Server 2012 Object Model
"{43716C93-3E70-4F7A-99D3-C52807F1D902}" = ANTS Memory Profiler 7
"{49D665A2-4C2A-476E-9AB8-FCC425F526FC}" = Microsoft SQL Server 2012 Native Client
"{4A18C875-B374-4868-B7EA-06CF2DD59FCC}" = ESET Smart Security
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
"{54C20CA2-4064-4A3C-B9FE-63CAFC0E9BB4}" = ANTS Performance Profiler 8
"{55EFD1A6-ED8E-3A4C-9581-5E1A1FF244CD}" = Microsoft Visual Studio Team Foundation Server 2012 Storyboarding Language Pack - ENU
"{572E796D-C52B-3797-A685-2FB6F895D4BE}" = Microsoft Visual Studio 2010 Office Developer Tools (x64)
"{5AF4E09F-5C9B-3AAF-B731-544D3DC821DD}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106
"{5EEC477F-8E9B-4420-8829-16E7426227DB}" = Windows Live MIME IFilter
"{5FB4C443-6BD6-1514-2717-3827D65AE6FB}" = Windows Software Development Kit DirectX x64 Remote
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{617CA6E9-D5FB-4017-8130-82E68C56C34D}" = Image Resizer for Windows (64 bit)
"{61862D7C-CDBC-48D5-8AE1-3B8BD1E23BC5}" = Visual Studio 2012 Prerequisites
"{633AB014-DDE6-403E-A302-8920CC32C543}" = Microsoft Visual Studio 2012 Performance Collection Tools
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{704C0303-D20C-45AF-BD2B-556EAF31BE09}" = iCloud
"{73468C65-BC53-4D88-9246-75A5BB014DA2}" = JavaScript Tooling
"{76FF0F03-B707-4332-B5D1-A56C8303514E}" = iTunes
"{78909610-D229-459C-A936-25D92283D3FD}" = Microsoft SQL Server Compact 4.0 SP1 x64 ENU
"{7F2540AD-FD82-427A-8FDC-33EC53C8B17A}" = Fresco Logic USB3.0 Host Controller
"{893F27E6-D6BE-4B9F-80E6-0ADA694A31A8}" = Microsoft SQL Server 2008 Common Files
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0401-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Arabic) 2007
"{925B1099-AE15-48F4-B3C0-35D91F85685F}" = ANTS Profiler Visual Studio Add-in 1
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{993F6DDC-63F8-4BCD-9B28-D941971A9CAC}" = Windows XP Targeting with C++
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}" = Microsoft SQL Server 2012 Command Line Utilities
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{AA72C306-30BE-4BB1-9E42-59552BAD2CDF}" = Microsoft Web Deploy 3.0
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{ADBD6E65-46CB-4A97-9AFB-64963FEACC40}" = Microsoft SQL Server 2008 RsFx Driver
"{B143BE44-8723-315E-9413-011C55873C0E}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 320.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 320.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 320.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 4.11.9
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.24.2
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{BCA26999-EC22-3007-BB79-638913079C9A}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU
"{BEB0F91E-F2EA-48A1-B938-7857ABF2A93D}" = Microsoft SQL Server 2012 Transact-SQL Compiler Service
"{CB0FD760-C6C6-3AF6-AD18-FE3B3B78727D}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{D9F3D00D-E946-3B3D-A4A6-93D5020DB9F7}" = Microsoft Visual C++ 2012 x64 Designtime - 11.0.50727
"{DF167CE3-60E7-44EA-99EC-2507C51F37AE}" = Microsoft SQL Server 2008 Database Engine Shared
"{E2B8249D-895C-4685-8C83-00F3B1A13028}" = Microsoft Web Platform Installer 4.0
"{E38531EE-318C-4EFB-A36B-1A57BFBDAB3C}_is1" = PDF-XChange 4 Pro
"{E5748D30-7E6D-3A8E-BFE6-C1D02C6DDABB}" = Microsoft Help Viewer 1.1
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F1949145-EB64-4DE7-9D81-E6D27937146C}" = Microsoft System CLR Types for SQL Server 2012 (x64)
"{FA0A244E-F3C2-4589-B42A-3D522DE79A42}" = Microsoft SQL Server 2012 Management Objects (x64)
"{FA7394B8-CE65-4F9E-AC99-F372AD365424}" = Microsoft SQL Server 2008 Database Engine Services
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services
"{FE74AC04-F248-4641-B3A9-89C6AA4339CD}" = Microsoft Visual Studio 2012 Performance Collection Tools - ENU
"0E74EB10C05C955C24243E6D3120CDC972FC5B1D" = Windows Driver Package - Broadcom HIDClass (06/11/2009 6.2.0.9500)
"Elantech" = ETDWare PS/2-x64 7.0.5.13_WHQL
"Explorer Suite_is1" = Explorer Suite III
"Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"Types" = Types
"USB2.0 UVC 2M WebCam" = USB2.0 UVC 2M WebCam
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd
"{00EC8ABC-3C5A-40F8-A8CB-E7DCD5ABFA05}" = Microsoft NuGet - Visual Studio 2012
"{02213A81-CB13-7262-5ABE-1FFA2C75559F}" = Windows App Certification Kit x64
"{028B1703-53D5-4013-9C86-41F40F1A3F7B}_is1" = S34NCS OC version 5.0
"{03D562B5-C4E2-4846-A920-33178788BE00}" = Windows Live Communications Platform
"{046806D1-0A38-3FCA-AF84-F71C50A0C363}" = Microsoft Visual Studio Premium 2012
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}" = SonicMaster
"{0BCC836F-0B28-4090-B58A-64883BAA3B2F}" = WCF Data Services 5.0 (for OData v3) Primary Components
"{0C03A66F-1FF0-45F9-8D67-0D806EBFFBA1}" = Blend for Visual Studio SDK for Silverlight 5
"{0F929651-F516-4956-90F2-FFBD2CD5D30E}" = Photo Gallery
"{0FF9CC94-EF23-401E-BDBD-37403D1A2B38}" = Windows Live SOXE Definitions
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{1172AC15-080E-30E3-85B0-FF59AD2E6315}" = Microsoft Visual Studio Ultimate 2012 - ENU
"{1228E4A3-8371-4F9B-BA6F-3D34113811B9}" = Visual Studio Extensions for Windows Library for JavaScript
"{148878BD-A2A5-4CF1-A103-2BA632F41953}" = WCF Data Services Tools for Microsoft Visual Studio 2012
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{1690CE56-2231-4E59-9006-A0876D949EA8}" = Tools for .Net 3.5
"{189AEA94-DAFB-487A-8CEE-F9D3DDE0A748}" = Microsoft Silverlight 4 SDK
"{18D606E9-9650-48DF-8D6E-5AC61C5AD1A9}" = Microsoft Visual Studio 2012 IntelliTrace Front End x86
"{1948E039-EC79-4591-951D-9867A8C14C90}" = Microsoft .NET Framework 4.5 SDK
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware
"{1B9BBB23-65CB-3AEE-BFC6-633E7CA299FD}" = Microsoft Visual Studio Team Foundation Server 2012 Team Explorer Language Pack - ENU
"{1C997E1C-5CE9-4AF3-AAA9-DC65E6090827}" = Microsoft Expression Blend SDK for Silverlight 4
"{1DB43E5A-2F24-4F51-92B0-A2C0EBF5C742}" = Microsoft Report Viewer Add-On for Visual Studio 2012
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7424F8-F992-48BC-90EF-7C4DB0405E3F}" = Alcor Micro USB Card Reader
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = ASUS Video Magic
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{21AF2C88-A2D7-436D-A261-017865640E84}" = Imgur Uploader
"{23176E97-26CB-C72A-19EB-BFB21AC1D15A}" = Windows Software Development Kit DirectX x86 Remote
"{246B0F46-F84E-4857-8C47-F2A86B598BC5}" = Microsoft Visual Studio 2012 Preparation
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2AC01935-3774-4981-98C8-14E93C14372C}" = Windows Live UX Platform Language Pack
"{2B81872B-A054-48DA-BE3B-FA5C164C303A}" = ASUS FancyStart
"{2C0CC01A-DDBC-3AED-AF18-E741242FD727}" = Microsoft Visual Studio Ultimate 2012 XAML UI Designer enu Resources
"{2C76E3DA-BA76-4FAD-B1B1-72B46D639028}" = PreEmptive Analytics Visual Studio Components
"{2F6CE32A-018D-4656-895B-9E5E20D7740A}" = Microsoft ASP.NET MVC 3 - Visual Studio 2012 Tools Update
"{2F8F489A-0476-3129-857B-A553F38B192D}" = Microsoft Visual C++ 2012 Core Libraries
"{30C27CAE-9266-3B47-837D-193C16EDB811}" = Microsoft Visual C++ 2012 x86 Debug Runtime - 11.0.51106
"{31641F51-67B3-4E7C-BC54-21069712CF0D}" = Microsoft Visual C++ 2012 Compilers - ENU Resources
"{330E5D98-20D2-4CA4-AE51-FCB8AA80F634}" = Microsoft Visual Studio 2012 Devenv
"{341697D8-9923-445E-B42A-529E5A99CB7A}" = syncables desktop SE
"{372D17F6-A54E-4A01-B264-1314890FFE61}" = Dotfuscator and Analytics Community Edition
"{37E53780-3944-4A6A-842F-727128E8616E}" = Blend for Visual Studio SDK for .NET 4.5
"{38FC6E9A-F719-431A-A83D-4C86D5FD6555}" = Microsoft Visual Studio 2012 Shell (Minimum) Resources
"{3A523AF9-D32F-4C85-8388-0335731F3405}" = WCF RIA Services V1.0 SP2
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{42F61556-29ED-8122-F39E-6F04EA5FF279}" = Windows Software Development Kit for Windows Store Apps DirectX x86 Remote
"{451526FA-52D1-41F2-B7E2-96343EC95853}" = Windows Azure Tools for LightSwitch HTML Client for Visual Studio 2012
"{45898170-E68C-4F02-AA35-C2186BF347A3}" = Movie Maker
"{46536993-D32D-4460-9312-0ED82225262A}" = Cisco Network Magic
"{499DED08-6FA8-4749-8E94-8526CC9D1CA8}" = ExpressGate Cloud
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{53153071-9EF6-4C3D-AB80-A6696FC06358}" = BOUT Evolution
"{532DBCC8-9468-435C-AEF6-30B7F50735A2}" = Blend for Visual Studio 2012 ENU resources
"{57F20F04-014D-453F-B6A3-AE9485C4DFAB}" = Blend for Visual Studio 2012
"{58E440C4-74D4-445C-B9C1-2984D1BC1971}" = Microsoft LightSwitch for Visual Studio 2012 v3.0 Core
"{5A0EE0F0-E909-4F3B-B437-AAD9252427CB}" = Windows Live Installer
"{5AB7D739-1735-3A9E-BE73-C43507CB4E6F}" = Microsoft Visual Studio 2010 Service Pack 1
"{5B65EF64-1DFA-414A-8C94-7BB726158E21}" = ControlDeck
"{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}" = Microsoft .NET Framework 4.5 Multi-Targeting Pack
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = دعم تطبيق Apple
"{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
"{5E094C92-6288-4F43-AA9A-D452D0218F3F}" = Windows Live Essentials
"{5FF5933C-61A3-4E7C-8029-DC9661DF5DEE}" = Microsoft Visual Studio 2012 IntelliTrace Core x86
"{60D5EF2A-4E0C-2C30-38F6-59C26E134F4A}" = Windows Software Development Kit
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}" = Microsoft ASP.NET Web Pages
"{6389F199-1D6C-4974-9557-693F9DD48736}" = Windows Live Writer Resources
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{69d72156-6582-4556-8637-06f40aa7f85b}" = Image Resizer for Windows
"{6A6F1B4D-1BCE-3703-93D8-4494FB7F1280}" = Microsoft Portable Library Multi-Targeting Pack
"{6B6923B9-8719-425B-916C-CD2908F31AAF}" = Windows Live SOXE
"{6C772996-BFF3-3C8C-860B-B3D48FF05D65}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
"{6D6D43E5-218C-4B05-92D3-2240810F4760}" = Microsoft SQL Server 2012 T-SQL Language Service
"{6DAB46E3-D017-3E2B-85D8-F57A230384C0}" = Microsoft Visual Studio Team Foundation Server 2012 Team Explorer
"{6F066545-40A2-4C38-A8F7-78581CC5C442}" = Microsoft ASP.NET Web Pages - Visual Studio 2012 Tools
"{6FC3B79F-47C6-38AF-B9A9-67DE3C639598}" = Microsoft Visual Studio Premium 2012 - ENU
"{7437A4B9-314F-3B8F-827B-22909146E471}" = Microsoft LightSwitch for Visual Studio 2012 Core
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}" = Microsoft SQL Server 2008 R2 Management Objects
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{790E9425-8570-493F-9AE7-81AFC9E46930}" = Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20627.00)
"{7BF67A61-BE7C-4806-B93C-97F299D6A6FE}" = ASUS AI Recovery
"{7C6F0282-3DCD-4A80-95AC-BB298E821C44}" = Windows Live Writer
"{800F484E-9D69-492D-B656-7BAA32586142}" = Microsoft Visual Studio 2012 Shell (Minimum)
"{808118B1-60D6-4DCF-8077-73A4D3D8BB54}" = Microsoft Visual C++ 2012 x86-x64 Compilers
"{820C677A-41B2-48C3-8136-FEE35A052E73}" = Microsoft Visual Studio 2012 Shell (Minimum) Interop Assemblies
"{834B6E00-F509-40F2-A677-E86261184576}" = Blend for Visual Studio Add-in for Adobe FXG Import
"{8762B098-374D-4900-B68E-34BF2840E694}" = Microsoft Web Developer Tools 2012.2 - Visual Studio 2012
"{877B76B2-F83F-4F5A-B28D-3F398641ADB6}" = Microsoft SQL Server System CLR Types
"{89870E0D-9602-41F8-9E83-14F6849346A4}" = Windows Live Mail
"{89C7E0A7-4D9D-4DCC-8834-A9A2B92D7EBB}" = Photo Gallery
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{90120000-0015-0401-0000-0000000FF1CE}" = Microsoft Office Access MUI (Arabic) 2007
"{90120000-0015-0401-0000-0000000FF1CE}_PROR_{EC74604A-5842-4FE1-8933-76D68C5FA677}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0401-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Arabic) 2007
"{90120000-0016-0401-0000-0000000FF1CE}_PROR_{EC74604A-5842-4FE1-8933-76D68C5FA677}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0401-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Arabic) 2007
"{90120000-0018-0401-0000-0000000FF1CE}_PROR_{EC74604A-5842-4FE1-8933-76D68C5FA677}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0401-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Arabic) 2007
"{90120000-0019-0401-0000-0000000FF1CE}_PROR_{EC74604A-5842-4FE1-8933-76D68C5FA677}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0401-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Arabic) 2007
"{90120000-001A-0401-0000-0000000FF1CE}_PROR_{EC74604A-5842-4FE1-8933-76D68C5FA677}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0401-0000-0000000FF1CE}" = Microsoft Office Word MUI (Arabic) 2007
"{90120000-001B-0401-0000-0000000FF1CE}_PROR_{EC74604A-5842-4FE1-8933-76D68C5FA677}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_PROR_{3E8EA473-ECCE-405F-A9CA-59446AEADD3A}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PROR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0401-1000-0000000FF1CE}_PROR_{4A9F778A-44EE-4922-A976-FF4C84FC51B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0401-0000-0000000FF1CE}" = Microsoft Office Proofing (Arabic) 2007
"{90120000-006E-0401-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Arabic) 2007
"{90120000-006E-0401-0000-0000000FF1CE}_PROR_{4A9F778A-44EE-4922-A976-FF4C84FC51B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9169C939-ED01-446A-BD0C-29873BAF4E48}" = Prerequisites for SSDT
"{93489CA8-6656-33A0-A5AC-E0EDEDB17C3E}" = Microsoft Visual Studio Professional 2012
"{942CC691-5B98-42A3-8BC5-A246BA69D983}" = Microsoft ASP.NET MVC 4 Runtime
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95540FD3-4E2E-40E2-B315-120BB373DC23}" = Microsoft LightSwitch for Visual Studio 2012 v3.0 CoreRes - ENU
"{96F50F87-0F15-4F93-9FE6-387DD9CFB077}" = Microsoft ASP.NET MVC 4 - Visual Studio 2012 Tools - ENU
"{9B3A1C97-A361-463E-8817-444F9F88CDFE}" = Microsoft Expression Blend SDK for .NET 4
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C6D5C94-386A-4DE7-B99F-523D3F167B9A}" = Windows Live Messenger
"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame
"{9D6D7811-43B3-463C-BC79-5D1755269989}" = Net4Switch
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3A6D5EA-B6B5-3C05-BDA8-EAB99C09CDDC}" = Microsoft Visual Studio 2012 SharePoint Developer Tools
"{A453EF2D-13C0-3BB8-833F-C0CF45F604C1}" = Microsoft Visual C++ 2012 Extended Libraries
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAA94EAA-40A4-458C-9D86-D1DA765B51D5}" = Windows Live Writer
"{AAF91344-2808-4D6B-9242-FBE5AF79D60A}" = Windows Live Family Safety
"{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.3 MUI
"{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AFA4B0BF-3289-495A-B949-BA91F39B1A44}" = Entity Framework Designer for Visual Studio 2012 - enu
"{B1465D1D-6427-4CA1-AE29-8B699209E663}" = Microsoft Visual Studio 2012 Devenv Resources
"{B286BAC3-CBE6-4854-BF68-EB72A34CEA56}" = Windows Live Messenger
"{B365E588-6982-46D3-B481-0B47B91FDD5A}" = Ace Evolution
"{B39A6825-EA20-43EA-AB2D-A6BC0298D9A1}" = Movie Maker
"{B40E950B-300A-41B5-A6C1-2FEBEEA1BEEA}" = Microsoft ASP.NET Web Pages 2 - Visual Studio 2012 Tools - ENU
"{B585A11C-4F6E-3532-97D4-3670FE94600D}" = Microsoft Visual C++ 2012 Microsoft Foundation Class Libraries
"{B5DA9D49-9BD8-0F2F-52FC-C7E66BC8D944}" = LocalESPCui for en-us
"{B653A2EC-D816-4498-A4FD-651047AB9DC9}" = Boingo Wi-Fi
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B9F35D86-242E-3FA4-B9F8-A982E0DF918D}" = Microsoft Visual Studio 2012 SharePoint Developer Tools ENU Language Pack
"{BAD0254F-9BDB-3D14-A5AC-9C0EF51F3D09}" = Microsoft Portable Library Multi-Targeting Pack Language Pack - enu
"{BDBE5D2A-AAB7-77BD-7A0E-5006665CE7C6}" = LocalESPC
"{BE4F3A79-8954-499C-AEF9-E8A3BC235677}" = JavaScript Tooling
"{C1BE4600-7D15-3D1E-8AA2-B3241DB1D063}" = Microsoft Visual Studio Ultimate 2012 XAML UI Designer Core
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C6B0EE9E-2128-4448-B7AE-5E2B46E0F0E7}" = Windows Live Photo Common
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{C81452EB-CBCF-B8EB-3124-48C5B3D506B0}" = Windows Runtime Intellisense Content - en-us
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{CFFDC0EC-6924-3347-B047-13339EDBEC28}" = Microsoft Visual Studio Professional 2012 - ENU
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
"{D11F66FF-82B3-DDB8-1146-525370552BE1}" = Windows Software Development Kit for Windows Store Apps
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{D604900F-A275-416C-AF9D-CDEDF58B72DB}" = Windows Live Mail
"{D8EC110F-F88D-4DBA-B84C-C305A550B3D6}" = Microsoft Visual C++ 2012 32bit Compilers - ENU Resources
"{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}" = Microsoft SQL Server 2012 Management Objects
"{DCDEC776-BADD-48B9-8F9A-DFF513C3D7FA}" = Microsoft ASP.NET MVC 3
"{DD7C5FC1-DCA5-487A-AF23-658B1C00243F}" = Photo Common
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1FBB3D4-ADB0-4949-B101-855DA061C735}" = Microsoft Silverlight 5 SDK
"{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}" = Microsoft System CLR Types for SQL Server 2012
"{E3445598-4424-4EE2-B71C-C23325F7FB71}" = Windows Live PIMT Platform
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaShow Espresso
"{E4ADE757-7FE9-322D-9CAE-C77D77A2D2BF}" = Microsoft LightSwitch for Visual Studio 2012 CoreRes - ENU
"{E4C33F5B-1B2F-466E-957E-B274F08151A0}" = Microsoft Web Deploy dbSqlPackage Provider - enu
"{E52C5468-A8E7-4DE5-8F99-057FF2C9BFE8}" = Microsoft Visual C++ 2012 Compilers
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E71E60C1-533E-45A5-8D80-E475E88D2B17}_is1" = Game Park Console
"{E818AE7C-244B-4A50-9C86-C0E4A8B69159}" = Microsoft Visual Studio 2012 Tools for SQL Server Compact 4.0 SP1 ENU
"{E824E81C-80A4-3DFF-B5F9-4842A9FF5F7F}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
"{EA63C5C1-EBBC-477C-9CC7-41454DDFAFF2}" = Microsoft ASP.NET Web Pages 2 Runtime
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{ED784556-66AA-3F17-9B58-7246ACB5C7E4}" = Microsoft Visual Basic 2010 Express - ENU
"{EFA87714-E75A-3BFC-A698-A3AABA5A8A0C}" = Microsoft Visual Studio Ultimate 2012
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{EFBCA571-617D-484A-9ECA-E301BB6D0750}" = Windows Live Writer
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E58739-2B4C-498F-9B0D-FF0F2FD52B61}" = Windows Live UX Platform
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F361FE04-789E-42F3-BBAB-E7B380AA5E06}" = Windows XP Targeting with C++
"{F6F30C28-38AA-4DBA-AE0B-7E30238E61BB}" = Junk Mail filter update
"{f9024a51-ab45-4a46-b597-ce12f74963c7}" = Microsoft Visual Studio Ultimate 2012
"{FA2092C5-7979-412D-A962-6485274AE1EE}" = ASUS Data Security Manager
"{FA804794-2CCB-4301-954F-2C2894698876}" = Microsoft SQL Server Data Tools - enu (11.1.20627.00)
"{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}" = Microsoft SQL Server 2012 Data-Tier App Framework
"{FC467B61-F890-4E29-8585-365DAB66F13E}" = Pure Networks Platform
"{FEB375AB-6EEC-3929-8FAF-188ED81DD8B5}" = Microsoft Help Viewer 2.0
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFC6E93A-B9AD-3F20-9B06-EE20E24AAEAF}" = Microsoft Visual C++ 2012 Core Libraries
"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"ASUS AP Bank_is1" = ASUS AP Bank
"ASUS WebStorage" = ASUS WebStorage
"ASUS_N3_Series" = ASUS_N3_Series
"AutoHotkey" = AutoHotkey 1.0.48.05
"Cooking Dash" = Cooking Dash
"FileZilla Client" = FileZilla Client 3.6.0.2
"Google Chrome" = Google Chrome
"Governor of Poker" = Governor of Poker
"Hotel Dash Suite Success" = Hotel Dash Suite Success
"Inno Setup 5_is1" = Inno Setup version 5.5.1
"InstallShield_{1F7424F8-F992-48BC-90EF-7C4DB0405E3F}" = Alcor Micro USB Card Reader
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = ASUS Video Magic
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{499DED08-6FA8-4749-8E94-8526CC9D1CA8}" = ExpressGate Cloud
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaShow Espresso
"Internet Download Manager" = Internet Download Manager
"IrfanView" = IrfanView (remove only)
"Luxor 3" = Luxor 3
"Mahjongg dimensions" = Mahjongg dimensions
"MediaFire Express 0.15.3.4554" = MediaFire Express
"Microsoft Help Viewer 2.0" = Microsoft Help Viewer 2.0
"Microsoft Visual Basic 2010 Express - ENU" = Microsoft Visual Basic 2010 Express - ENU
"Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1
"Network MagicUninstall" = Network Magic
"Notepad++" = Notepad++
"NVIDIA.Updatus" = NVIDIA Updatus
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Paint Shop Pro 5.0" = Paint Shop Pro 5.0
"Plants vs Zombies" = Plants vs Zombies
"PROR" = Microsoft Office Professional 2007
"ResourceHacker_is1" = Resource Hacker Version 3.6.0
"VistaSwitcher" = VistaSwitcher
"VLC media player" = VLC media player 2.0.7
"VMware_Workstation" = VMware Workstation
"WinLiveSuite" = Windows Live Essentials
"XnView_is1" = XnView 1.99.6
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-131767206-1543947898-356316412-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Hawken" = Hawken
"SkyDriveSetup.exe" = Microsoft SkyDrive
"WinDirStat" = WinDirStat 1.1.2

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 23/06/2013 07:11:10 AM | Computer Name = S34N | Source = Application Error | ID = 1000

Error encountered while reading event logs.

< End of report >

 

[Broni]

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
DRV:64bit: - [2013/03/25 14:28:02 | 000,350,160 | ---- | M] (BitDefender S.R.L.) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\trufos.sys -- (trufos)
IE - HKU\S-1-5-21-131767206-1543947898-356316412-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
CHR - plugin: Bitdefender QuickScan (Enabled) = C:\Users\ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\8.0.1_0\plugin/npqscan.dll
CHR - Extension: Bitdefender QuickScan = C:\Users\ali\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.118_1\
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKU\S-1-5-21-131767206-1543947898-356316412-1022..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\gopher - No CLSID value found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
[2012/08/29 18:16:31 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Bitdefender
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:981884E7
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:52DBE86F
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:029E021F
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:D20FFA63
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:3E7393FC

:Files
C:\FRST

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.
Last scans...

Download Security Check from here or here and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
  • Other Services
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

Please, run F-Secure Online Scanner

• Disable your Antivirus program.
• Checkmark I have read and accepted the license terms.
• Click on Run Check button.
• Quick scan (recommended) option will come pre-checked. Don't change it.
• Click on Start button.
• When scan is done, in Step 3: Clean the files, leave all settings as they're.
• Click Next button.
• Click Full report... button.
• Copy report's content and paste it into your next reply.