Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Search Enhance


  • Please log in to reply
7 replies to this topic

#1 AdibM

AdibM

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 14 May 2012 - 09:09 AM

Search Enhance is a little pop-up that appears under nearly any field in which I try to type something. I suppose it's a BHO, but I can't figure out how to get rid of it. SpyBot didn't find anything, and I'm not sure HijackThis did, either. Here's my log:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:34:29 AM, on 5/14/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
C:\Users\Adib\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\windows\SysWOW64\rundll32.exe
C:\windows\SysWOW64\rundll32.exe
C:\windows\SysWOW64\rundll32.exe
C:\windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Users\Adib\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
D:\Steam\Steam.exe
C:\Users\Adib\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Adib\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Adib\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Adib\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Adib\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Adib\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Adib\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Adib\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Adib\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Adib\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Adib\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Adib\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Adib\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Adib\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Adib\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Adib\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Adib\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Adib\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Adib\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Adib\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Users\Adib\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Adib\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Adib\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Adib\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Adib\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\SysWOW64\rundll32.exe
C:\Users\Adib\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Adib\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Adib\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Adib\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\foobar2000\foobar2000.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTE.EXE
C:\Users\Adib\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Adib\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Adib\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
C:\Users\Adib\Desktop\HijackThis.exe
C:\windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tosavethechildren.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {32b29df0-2237-4370-9a29-37cebb730e9b} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [APLangApp] "C:\Program Files (x86)\AnyPC Client\APLangApp.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Adib\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [FileHippo.com] "C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe" /background
O4 - HKCU\..\Run: [MusicManager] "C:\Users\Adib\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
O4 - HKCU\..\Run: [ShowBatteryBar] "C:\Program Files\BatteryBar\ShowBatteryBar.exe" show
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Adib\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
O4 - HKCU\..\Run: [chromium] C:\Users\Adib\AppData\Local\Google\Chrome\Application\chrome.exe --no-startup-window
O4 - HKCU\..\RunOnce: [Shockwave Updater] "C:\windows\SysWOW64\Adobe\Shockwave 11\SwHelper_1163633.exe" -Update
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Facebook Messenger.lnk = Adib\AppData\Local\Facebook\Messenger\2.0.4478.0\FacebookMessenger.exe
O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll/cmsidewiki.html
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
O9 - Extra button: HiDownload - {F4FBA929-A891-492C-A0F6-5C79CC4F1742} - C:\Program Files (x86)\StreamingStar\HiDownload_Platinum\HiDownloadPlatinum.exe (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file)
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file)
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O19 - User stylesheet: C:\ads.css
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Rezip - Unknown owner - C:\windows\SysWOW64\Rezip.exe
O23 - Service: RosettaStoneDaemon - Rosetta Stone Ltd. - C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Spybot S&D 2 Live Protection Service (SDHookService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: Cisco AnyConnect Secure Mobility Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: WDDMService - WDC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
O23 - Service: WD File Management Engine (WDFME) - Unknown owner - C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe
O23 - Service: WD File Management Shadow Engine (WDSC) - Unknown owner - C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDSC.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 18386 bytes

BC AdBot (Login to Remove)

 


#2 Gammo

Gammo

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:57 AM

Posted 14 May 2012 - 01:07 PM

We need to create an OTL Report
Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Check the box that says Scan All Users.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

Posted Image

Please post the final results, good or bad. We like to know!
My help is always free, but if I have helped you, please consider making a donation to help me continue the fight against malware! Posted Image


#3 AdibM

AdibM
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 18 May 2012 - 02:58 PM

OTL Extras logfile created on: 5/18/2012 2:43:59 PM - Run 1
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\Adib\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.86 Gb Total Physical Memory | 1.13 Gb Available Physical Memory | 29.31% Memory free
7.73 Gb Paging File | 3.18 Gb Available in Paging File | 41.19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100.00 Gb Total Space | 42.77 Gb Free Space | 42.77% Space Free | Partition Type: NTFS
Drive D: | 350.66 Gb Total Space | 83.51 Gb Free Space | 23.81% Space Free | Partition Type: NTFS
Drive F: | 4.20 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: ADIB-PC | User Name: Adib | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFWSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFWSvc.exe:*:Enabled:Spybot-S&D 2 Firewall service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDMonSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDMonSvc.exe:*:Enabled:Spybot-S&D 2 On-Access monitor service
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDSODSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDSODSvc.exe:*:Enabled:Spybot-S&D 2 Scan On Demand service
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFWSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFWSvc.exe:*:Enabled:Spybot-S&D 2 Firewall service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDMonSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDMonSvc.exe:*:Enabled:Spybot-S&D 2 On-Access monitor service
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDSODSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDSODSvc.exe:*:Enabled:Spybot-S&D 2 Scan On Demand service
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01273BC8-66A0-4401-BEDE-F297F8588DD1}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{031BB9ED-F380-4271-9B34-C20559D2113A}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{1A590734-1988-4127-B7B1-4A7859316B24}" = lport=139 | protocol=6 | dir=in | app=system |
"{213A0A08-F8A9-469C-9EB4-17F3F1C36DE9}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{33E7AEA3-F597-401B-908F-4E4DDC4E9DC1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{36A43C64-2293-46ED-9489-1494831FE201}" = lport=10243 | protocol=6 | dir=in | app=system |
"{383232F1-F57F-4436-A815-7091197E7BA4}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{3B792E6B-59B7-4636-B4DE-07C9D5549C02}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4C961C56-3974-4ED7-AB1E-47E50EF40C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4F65980A-A250-4406-B4DF-85D7BC8FA068}" = rport=138 | protocol=17 | dir=out | app=system |
"{552401E5-968A-4C98-910D-DAE79F855687}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{62690EED-7665-4929-9173-2083CD9E113F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6A36DBF8-EFB3-420C-8D57-4B58A70B6B01}" = lport=137 | protocol=17 | dir=in | app=system |
"{6DC57B63-5F82-4C4B-B21F-B4ED8AE30B8F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{783EF3E9-4F9F-4813-9F09-1893EF673073}" = lport=445 | protocol=6 | dir=in | app=system |
"{93D7F097-4947-47B5-9D78-72C4FEF72FEE}" = rport=10243 | protocol=6 | dir=out | app=system |
"{9E19D050-D62F-4B2F-97F4-8FEE24AF9E33}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{A006A859-83F5-4F38-8AFC-FB5FDCBECAC0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A6697C2A-ABBB-491C-AAC0-87862BE67BFF}" = rport=139 | protocol=6 | dir=out | app=system |
"{A7C34DFD-AC2A-4CB7-BBBB-E9459D3FE8CE}" = lport=138 | protocol=17 | dir=in | app=system |
"{AB4D6867-E548-4729-A694-52809334C517}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{AC3F376A-1D2C-4550-A7C9-199F374A073F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{AD8A2253-B22C-462F-9E99-7584AF0E9C18}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AF5E86EA-BC85-4220-82E6-3B7FD5348EC4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CAC2D319-706F-47B2-B77F-4FCB064B9208}" = rport=445 | protocol=6 | dir=out | app=system |
"{CCB0766E-712E-4387-99D9-F32013D7B862}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CD61E03C-5B6E-4643-BE59-6DE3DCA1D5B4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D5F001F8-13FD-4CD2-9EC2-1743F792EE32}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D6C014F6-C304-4D5E-B8E8-F9FD67A7FF76}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DDF56E00-0689-4923-A004-CCCB1F0B8AED}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{E46D177D-F7EF-426F-AC5F-CA8A8C064FF6}" = rport=137 | protocol=17 | dir=out | app=system |
"{F85EAB47-CD70-4DEB-A0B5-A384BB97A179}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{016CB595-C523-4C9E-B83A-20AF2B3DA8CA}" = protocol=6 | dir=in | app=c:\users\adib\appdata\roaming\dropbox\bin\dropbox.exe |
"{01F1DD18-072B-4A43-A558-84C93AE94957}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{021023A3-BE0A-478F-8258-B24DDEA52CB4}" = protocol=17 | dir=in | app=c:\program files (x86)\tango\tango.exe |
"{0236679C-C71A-4351-9AE8-DB9536F3896B}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\frozen synapse\frozensynapse.exe |
"{026FEE7A-F147-4E2E-B86D-48FAE84E12CC}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\blocks that matter\btm_launcher_win.exe |
"{027E993D-6052-4FD3-BA86-A12B779A6343}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0541E4B9-C557-4C66-9F32-DB1B1EFEA9E2}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\world of goo\worldofgoo.exe |
"{065578F4-BFC8-4322-9ADA-37FD6E6EB416}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\gratuitous space battles\gsb.exe |
"{070E3A5C-F394-4802-B7EB-2CA80C8B939B}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{0F5136C1-151B-493A-90F8-65FD8FA6A46C}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\multiwinia\multiwinia.exe |
"{0FBCE76C-9E99-478A-92AD-679FCBBB3737}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\bastion\bastion.exe |
"{1392D5D6-C869-417A-A384-ABFCF2DD09DC}" = dir=in | app=c:\program files (x86)\rosettastoneltdservices\rosettastoneltdservices.exe |
"{1417F586-8A45-4471-88B2-8CF328E7DD86}" = dir=in | app=c:\program files (x86)\rosettastoneltdservices\rosettastonedaemon.exe |
"{144780D0-0F10-4A38-9818-A9D0D1242B03}" = protocol=6 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{144EF3D9-7AC6-480E-A9A6-DAE3404C5EF5}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\cogs\cogs.exe |
"{154AA47E-03CF-4238-A1AA-31F769AA54EF}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\frozen synapse\frozensynapse.exe |
"{15EE4436-F64C-460D-8355-4A627DD0272C}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\nightsky\nightsky.exe |
"{167286AF-14AF-4362-8977-586147BAC99B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1675973E-6A4C-43A2-B2CD-51F042448949}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\serious sam hd the second encounter\bin\samhd_tse_unrestricted.exe |
"{1752D77D-98E1-4972-9D65-6C57AA5D1968}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\serious sam hd the second encounter\bin\samhd_tse.exe |
"{181D644F-5682-4A42-912C-659676C394B5}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\cogs\cogs.exe |
"{192F0951-8032-40C1-9CC5-34EEA2EDB347}" = protocol=17 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |
"{1D74640C-D894-4E65-908F-48A2A4A5E0FD}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{1E6D3FA8-44E4-44E5-A8D6-A7F1DF305F5E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1F9BABC0-C8E9-46B9-9584-524F9BD63EC1}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\doom 2\doom2.bat |
"{1FA64807-2279-432A-A505-90B51B8646B7}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\nightsky\nightsky.exe |
"{1FB3F9A9-8966-4851-8341-E970302042B9}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\ares\ares.exe |
"{21532A71-A443-4170-825E-2E7FFC1D9FE1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{234697D1-6E89-4161-B999-23190819654B}" = protocol=17 | dir=in | app=c:\program files (x86)\yahoo!\messenger\yahoomessenger.exe |
"{2583CE3A-343D-4102-8D06-B8EDFD96297D}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\sanctum\binaries\win32\sanctumgame-win32-shipping.exe |
"{25E4EDD8-CB08-47A6-A80E-9877646EBA03}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\serious sam classic the second encounter\bin\seriouseditor.exe |
"{26DE8E94-BCAB-407B-864A-B29464CB8466}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\shadowgrounds\shadowgroundslauncher.exe |
"{26E21202-F0EE-47B6-88AA-E1A9A244B825}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\avadon the black fortress\avadon.exe |
"{2A42E998-33E2-4287-B096-BF7D354C7BF6}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{2AB98DA9-A3DB-4ECD-BF34-6B32B3FC2469}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{2F024C43-B389-4058-ACDC-74A9B7BE1439}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\dino d-day\dinodday.exe |
"{30DF1888-98E4-4DE6-B114-E5EF23AFCE07}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\lugaru hd\lugaru.exe |
"{31ADE004-226C-4674-8BB4-C484DCD7F844}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\penumbra overture\redist\penumbra.exe |
"{3551C01B-284E-4C9F-8D25-96628C97EDDF}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\darwinia\darwinia.exe |
"{35BBE4F2-19DA-4D61-AE01-41EBD2AFBC48}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{36CF8E0C-3873-4F74-A0A8-1B619FCB766B}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\serious sam classic the first encounter\bin\seriouseditor.exe |
"{397ED560-C440-4498-A63B-85B24A60459C}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{3A00D07A-E91E-4D71-9FAB-BB2178B2BD45}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{3B733792-5165-464B-8A48-C61BE5FAB646}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |
"{3BE56999-6227-42B8-ADAD-893C59AE81B9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{3CA599E0-59FD-46ED-A1DE-AA84186DC17D}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\dino d-day\dinodday.exe |
"{418C3F05-222E-4B1D-AD12-BD016DABA8F1}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\bastion\bastion.exe |
"{418DB10E-6F9A-45EE-9EEE-25DA1D065349}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{422E9EEE-5E37-4C84-AD76-10A7B1C263D0}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\osmos\osmos.exe |
"{44D4AEA4-1D84-49C7-90A4-70104E9DBB9A}" = protocol=17 | dir=in | app=c:\users\adib\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{4558A27B-35B8-40EC-B53D-CFCA1BED6704}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{464BA818-730F-410E-9754-D779A59EEE9B}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{468C9B43-5EF4-4DC4-9EF6-DD7243591AAF}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\dino d-day\srcds.exe |
"{489E0BD6-72F3-472C-9BBB-B4587799897C}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\serious sam hd the second encounter\bin\samhd_tse.exe |
"{4A4134C5-E465-46F2-A107-EA17E62A16E5}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\bit.trip runner\runner.exe |
"{4D9D4729-9894-482A-AB89-F6607F30313B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{4EAF7A8C-CF3E-4912-A217-0B5916177A6C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4FAA19AD-FA3F-42B3-A13B-983896C4C9C7}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\world of goo\worldofgoo.exe |
"{5038D0C2-98C1-4C31-A0FB-67D93E137F1A}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{51222274-DA70-426C-90C3-BCB11E20844B}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\ares\ares.exe |
"{53D00799-4B69-4A19-BB3C-5D039946B2B6}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\serious sam classic the first encounter\bin\seriouseditor.exe |
"{569AE8EB-E459-4913-8486-6ED91CFBC2F6}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\serious sam hd the second encounter\bin\samhd_tse_unrestricted.exe |
"{56CCCF65-CDD9-4CB4-BE05-AE1EF65E0BBE}" = protocol=6 | dir=in | app=c:\users\adib\appdata\local\google\chrome\application\chrome.exe |
"{5786D61C-6DE6-4B46-A33A-B2F0D84A1F01}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\edge\edge.exe |
"{588A5FF6-7980-4030-B3E0-8DF9680A34C8}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{5929892A-8C08-4A52-BAC6-4A8D4C20A3EA}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\the binding of isaac\isaac.exe |
"{5936F65A-27D9-4CE1-91F9-A7DD0B163679}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe |
"{599106F3-35D2-4484-87A5-BA58FA463D21}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\cthulhu saves the world\cstw.exe |
"{64CBA21B-76C3-4807-B732-BC0EEB46D14D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6503A575-1332-48D2-91B3-6FC82DE93637}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\serious sam hd the second encounter\bin\samhd_tse_unrestricted.exe |
"{6535C450-B645-450F-A0F6-8A21CE7CC0B4}" = protocol=6 | dir=in | app=c:\program files (x86)\tango\tango.exe |
"{6835C37B-F81D-495B-8436-ECC925094740}" = protocol=17 | dir=in | app=c:\users\adib\appdata\local\google\chrome\application\chrome.exe |
"{68516740-39C6-4EDA-A612-99104568EF9E}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\shank\bin\shank.exe |
"{68A5680C-4CAD-403B-BEA6-BBC8167EA9B7}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\ares\ares.exe |
"{6A4C7F01-369E-4EB1-92A3-FAA05BD35AC0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{6B695AF3-10DE-42AE-B41B-C0B07CB8975B}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe |
"{6BAFFFB0-0287-4DCD-9550-8F26C1B2C557}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\serious sam classic the first encounter\bin\serioussam.exe |
"{6BBB1D7F-E3BF-4292-B7D6-34B7CDE67387}" = protocol=6 | dir=in | app=c:\users\adib\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{6E0ACA2F-17F9-470D-A979-606751605003}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\dino d-day\bin\sdklauncher.exe |
"{6E2C090C-8E08-4721-812E-942190E52D7D}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\blackwell unbound\unbound.exe |
"{6FCD7834-50E4-42CA-B4B1-90A55BA864DE}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe |
"{7090B947-4DEC-49C0-83E6-F3286DC7DF17}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\doom 2\doom2 + mouse.bat |
"{7091C493-8D8C-407F-8E40-539D513F71A8}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{735E086D-930F-41E4-B7AE-BB5859952294}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\gratuitous space battles\gsb.exe |
"{735E76D1-9768-4C6F-A373-E89F0385BD32}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\sanctum\binaries\win32\sanctumgame-win32-shipping.exe |
"{77237C57-CDA6-4ACE-9D6F-8319C17CB322}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\blackwell convergence\convergence.exe |
"{79AC9BBB-17FD-4E34-9454-450D8C7A2E74}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\shadowgrounds\shadowgrounds.exe |
"{7BCD9BB4-712D-4504-A03C-9D66E5B45D02}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\blocks that matter\btm_launcher_win.exe |
"{7E2DF6FB-F750-4A88-B756-30F29A89D027}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\serious sam classic the second encounter\bin\seriouseditor.exe |
"{7ED1923F-C177-49EA-8C4C-F2F58D5353B2}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\sanctum\binaries\win32\sanctumgame-win32-shipping.exe |
"{7F8EE3C9-3F1C-47A8-B7B0-2E76F20B5FBD}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\bit.trip runner\runner.exe |
"{8075209C-9728-4991-8873-9F27BE8FD744}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\serious sam hd the first encounter\bin\samhd.exe |
"{807B2C3B-1C45-45B8-8A8E-89A26A532DD4}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\serious sam classic the first encounter\bin\serioussam.exe |
"{81958427-C7CC-4AFB-BC2D-8AF95C6AE5CA}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\the binding of isaac\isaac.exe |
"{8476C9A9-4C82-4992-AA04-87E9468C72FE}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\multiwinia\multiwinia.exe |
"{8683B797-EE3D-4A26-98D2-7157AF3F0B30}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{86D21DF0-169C-4C52-8E8C-0944E3FD923D}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{8A30D821-DED4-48A2-AFCB-19873D0FC3A2}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\eets\eets.exe |
"{8AA4EE1C-FE27-4383-8C6B-0A2355BE3520}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{8BCF377D-D302-44AD-9A03-2935E906C24A}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\blackwell unbound\unbound.exe |
"{8C09CEF5-13DD-4B65-82E4-D25D1B41862C}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\lugaru hd\lugaru.exe |
"{8D24C5A5-790E-4793-92D0-1F00224DB935}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\uplink\uplink.exe |
"{8D5ECC22-6D10-44B5-BB7A-36A61F3ABEBE}" = protocol=6 | dir=in | app=c:\users\adib\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{8F572163-1216-4223-99A0-D96BDB707FF1}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\osmos\osmos.exe |
"{9323923E-89B2-43AD-943F-6D26144D6AF7}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\serious sam classic the second encounter\bin\serioussam.exe |
"{9562ECC9-9810-44D1-B852-784EAAA0709C}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\serious sam hd the first encounter\bin\samhd.exe |
"{9770C934-9BB2-4213-858E-B50AA106301D}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |
"{9775BE43-CCBB-434C-B338-8E3500E57BD4}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\serious sam classic the second encounter\bin\seriousmodeler.exe |
"{98329E03-3BC6-4F30-8911-2CFF9DA758F4}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A037688E-9517-473C-B160-3A6ED75167C2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{A0C8B125-5C6B-418B-A814-D417BD5759A0}" = dir=in | app=e:\setup\hpznui40.exe |
"{A15C3379-7BD4-4185-86B6-E8CD599948A6}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\revenge of the titans\revengeofthetitans.exe |
"{A3118ED4-EB8D-4C4D-9D26-BD3D12E2AB4E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A37CD954-7777-40FB-9660-296D94A0544F}" = protocol=17 | dir=in | app=c:\users\adib\appdata\roaming\dropbox\bin\dropbox.exe |
"{A5F448A1-A91D-4D02-AF6E-52E638E53307}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{A5FC0C98-7BE8-44F1-AB34-1654553E4301}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\dino d-day\srcds.exe |
"{A7018877-F926-4E8B-979B-FBF9AB908C01}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A72B377B-19DA-43DA-A270-0B2BFFF9ADAB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A7620D57-6881-40FC-8499-9C2C3157F12F}" = protocol=17 | dir=in | app=c:\users\adib\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{A7AFE7AB-0CEA-44E6-90EA-40061C23A4AE}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\dino d-day\dinodday.exe |
"{A7D1B911-880F-4A1B-A9DE-ADF13A22BB93}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\serious sam classic the first encounter\bin\seriousmodeler.exe |
"{A7F1A7E2-F90F-46E1-8416-68B5CF42704F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AA412536-E1FB-4123-926C-DAD538EA8D31}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\dino d-day\bin\sdklauncher.exe |
"{AAD0BB3D-680C-4614-962A-5C53127F4A90}" = protocol=6 | dir=in | app=c:\users\adib\appdata\roaming\spotify\spotify.exe |
"{AC2C4725-CD75-4D13-A9BA-2F5FAE5C8D50}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{B41F438F-9AE5-4F8D-B684-82E76CBF0D82}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{B47C7849-7A73-4671-877A-D2766E880060}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\blackwell legacy\blackwell1.exe |
"{B5122A7F-EB3F-489C-A237-A230F8442879}" = protocol=6 | dir=out | app=system |
"{B55B761F-C95F-4CF7-9961-6A969E0B8EAC}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\doom 2\doom2.bat |
"{B5FC04CA-ACA7-48F5-88BC-75574C7013C5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B663BF9D-097B-4F19-AE58-DCA9AE50168B}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\cthulhu saves the world\cstw.exe |
"{B83C68ED-B923-4526-A441-83794DBCE9D9}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |
"{B89B2817-B50B-40B6-947D-BC417CF4B17C}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{BC7F737F-BE5E-4531-85A6-2DB26CF36157}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{BF1AB10A-5DF9-45F8-9B4F-3035B004C249}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\serious sam hd the second encounter\bin\samhd_tse.exe |
"{BF63DFDA-E737-41DE-9FA0-5E2CBF61E0E9}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\ares\ares.exe |
"{C0969896-A9D8-4EB0-A028-072710C0D7AB}" = protocol=6 | dir=out | app=c:\program files (x86)\rosettastoneltdservices\rosettastoneltdservices.exe |
"{C23093AA-9374-4D1D-B5D8-F598C4BC1722}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\serious sam classic the first encounter\bin\seriousmodeler.exe |
"{C4B3231E-3BB2-434F-8EBD-FBDA80D084C5}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\frozen synapse\frozensynapse.exe |
"{C7F76D10-9182-4C0E-BE56-C6116F219F6A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CD6B4C8A-9F62-496F-9441-41280875855C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D106C6F2-1B94-4A3E-AA2E-8CAFE3167EB8}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\shadowgrounds\shadowgrounds.exe |
"{D174F24C-11DD-4A87-AB54-E33480F1FC43}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\serious sam hd the second encounter\bin\samhd_tse_unrestricted.exe |
"{D2C213C6-21F2-4475-8E25-847658DBC55A}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |
"{D3DDB72A-7B38-4ABF-B043-F905A3121664}" = protocol=17 | dir=in | app=c:\users\adib\appdata\roaming\spotify\spotify.exe |
"{D4018112-9DAB-48BE-9520-B31B99EBFDC1}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{D48B477D-8843-4D4C-A076-0998344F41D0}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\dino d-day\bin\sdklauncher.exe |
"{D520B71A-0C0A-4005-8BD2-8417527C0DC1}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\penumbra overture\redist\penumbra.exe |
"{D5B6DFFB-EC02-4385-B40A-ACA05F8F232F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D81A12F4-0ACC-4462-9B09-80735BBCA2F2}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\frozen synapse\frozensynapse.exe |
"{D8970C68-B6F2-46A2-B717-04ADEB257306}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\serious sam hd the second encounter\bin\samhd_tse.exe |
"{D8E57560-D62C-4D51-8D0A-1656946FC125}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\avadon the black fortress\avadon.exe |
"{D95C8C32-DBF3-41A2-AA27-12413B25E4A3}" = protocol=6 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |
"{DB018DEA-759A-4A6F-B7F2-1BA774B3E9E0}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\eets\eets.exe |
"{DB05B06F-0D3F-4E36-96CA-5AD777A30D1D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DB85F4A8-8A65-4937-9F81-AD9F57CD9659}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\blackwell convergence\convergence.exe |
"{DD034C4F-E5B6-4B52-BF5B-43CE14FC4F69}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\dino d-day\bin\sdklauncher.exe |
"{DE88DFEF-9169-4B50-8439-5E2E6AA0537B}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\dino d-day\dinodday.exe |
"{E0439147-F426-4645-B06F-22C983A13D6F}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\serious sam classic the second encounter\bin\seriousmodeler.exe |
"{E3709C7D-B139-4B1A-8A71-351736FEA0A2}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\doom 2\doom2 + mouse.bat |
"{E416EAB2-D052-4359-A72C-0DBC0A29E4DB}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\shadowgrounds\shadowgroundslauncher.exe |
"{E42BF993-6EFC-4BE1-919C-C266F8989DA2}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\serious sam classic the second encounter\bin\serioussam.exe |
"{E68658DE-AACD-4CC2-B694-44C60ADAEF96}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\darwinia\darwinia.exe |
"{E792EC53-8F7D-464F-88F2-662821724714}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\audiosurf\engine\questviewer.exe |
"{E842C81D-8E10-42FA-967C-CF9C3AB4F8CD}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{E8EE8B11-6EC1-4823-A0F3-719BD40AB47A}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\blackwell legacy\blackwell1.exe |
"{E96F62D3-C97D-4B46-8F66-C95DED95CABD}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{EABE76C7-6D04-4DE7-BD9F-CCC25018A9D5}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\shank\bin\shank.exe |
"{EB169DEC-F753-40EF-986F-7779D7D9D8E7}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\revenge of the titans\revengeofthetitans.exe |
"{EC127A7E-8DA4-41AC-BE0C-0238A651E9A4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{EC8052EB-6015-4AF4-A40B-7D7C15766512}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\sanctum\binaries\win32\sanctumgame-win32-shipping.exe |
"{F1D5520A-DA3F-455A-8FCE-073D6CC2111F}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\uplink\uplink.exe |
"{F515857F-4697-4716-9324-529B0B0AD795}" = protocol=6 | dir=out | app=c:\program files (x86)\rosettastoneltdservices\rosettastonedaemon.exe |
"{F53F4688-AE9C-466F-9DA6-C1F061189213}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{F7B705AE-A45B-4083-9A58-EEEF26E78F15}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\edge\edge.exe |
"{F92715F4-AB25-45C7-9829-1985D9060745}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\audiosurf\engine\questviewer.exe |
"{FEF04F8A-476D-4636-BE39-0C9544D0CFDB}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"TCP Query User{016B03C9-ECE8-42D8-A413-FE4EF9FE3933}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{08C21D15-E163-4DCC-9DA1-1A9CAE54F7FD}C:\program files (x86)\spybot - search & destroy 2\sdtray.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spybot - search & destroy 2\sdtray.exe |
"TCP Query User{0D19D3EB-0FE2-457A-ACCF-854E768DAE5E}D:\steam\steamapps\adibm\team fortress 2 beta\hl2.exe" = protocol=6 | dir=in | app=d:\steam\steamapps\adibm\team fortress 2 beta\hl2.exe |
"TCP Query User{27667638-F360-4547-AFF8-03A93F10E918}D:\steam\steamapps\adibm\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=d:\steam\steamapps\adibm\team fortress 2\hl2.exe |
"TCP Query User{291632E4-8F49-4A08-B880-3485CDF72F9E}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"TCP Query User{38BD282B-851A-4B3E-BD6E-F6251AF3B1E4}C:\program files (x86)\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"TCP Query User{39D09891-B333-4478-9BF9-A38B4FAF8A20}D:\steam\steamapps\common\worms reloaded\wormsreloaded.exe" = protocol=6 | dir=in | app=d:\steam\steamapps\common\worms reloaded\wormsreloaded.exe |
"TCP Query User{430592FE-DB3C-4843-9620-0B1EDD27DA0D}C:\program files (x86)\tango\tango.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tango\tango.exe |
"TCP Query User{475DA0E3-9E3B-48C2-8B0B-2D558BA9389D}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{49197367-6837-4C74-BA62-3C17E971468B}C:\windows\syswow64\java.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\java.exe |
"TCP Query User{819C20EE-4E23-4E3F-A32B-A5E3A2164F9A}C:\program files (x86)\livestation\livestation.exe" = protocol=6 | dir=in | app=c:\program files (x86)\livestation\livestation.exe |
"TCP Query User{84D2F30F-F1C7-4C43-901F-C6EA44AC2F49}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"TCP Query User{8B623D70-54F6-40BC-B912-53B8410E2F5C}C:\program files (x86)\foobar2000\foobar2000.exe" = protocol=6 | dir=in | app=c:\program files (x86)\foobar2000\foobar2000.exe |
"TCP Query User{8BB3F911-486F-4086-AD6A-A7A7CD46EAF8}C:\users\adib\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\adib\appdata\roaming\spotify\spotify.exe |
"TCP Query User{95606BAB-C619-43FE-89AF-8E0B05D68BD0}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{96CDA3BB-900A-409F-B028-A49F98631CBE}D:\steam\steamapps\common\worms reloaded\wormsreloaded.exe" = protocol=6 | dir=in | app=d:\steam\steamapps\common\worms reloaded\wormsreloaded.exe |
"TCP Query User{A429E9D0-B95F-467E-9134-CA3A67527445}D:\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=6 | dir=in | app=d:\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe |
"TCP Query User{B5654997-1E74-4413-9003-853C7A9AA1BF}C:\program files (x86)\paltalk messenger\paltalk.exe" = protocol=6 | dir=in | app=c:\program files (x86)\paltalk messenger\paltalk.exe |
"TCP Query User{B69EF4D8-8C63-49C7-B3F4-003490E9178C}C:\users\adib\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\adib\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{C92851FA-D607-4EDC-B10E-D7FA8E194B43}C:\program files (x86)\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |
"TCP Query User{C9CE6D11-0B80-42AC-B482-C29B85623895}C:\program files (x86)\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"TCP Query User{E9F0BB1C-2C54-4591-83EC-EF91B9B919D2}C:\program files (x86)\spybot - search & destroy 2\sdtray.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spybot - search & destroy 2\sdtray.exe |
"UDP Query User{15B6333C-C4B0-452F-A637-785F97F71CE9}C:\program files (x86)\tango\tango.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tango\tango.exe |
"UDP Query User{2C4975E0-65FB-4DE7-813A-9D8CA3FB4517}D:\steam\steamapps\adibm\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=d:\steam\steamapps\adibm\team fortress 2\hl2.exe |
"UDP Query User{2DFB0814-79F6-481F-9AE1-05EC151949BE}D:\steam\steamapps\common\worms reloaded\wormsreloaded.exe" = protocol=17 | dir=in | app=d:\steam\steamapps\common\worms reloaded\wormsreloaded.exe |
"UDP Query User{32B6D86D-571C-4FF0-BE93-EEBEF3752EBB}C:\program files (x86)\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files (x86)\oovoo\oovoo.exe |
"UDP Query User{3648CB30-1429-4FB9-A417-841E61C8F7CF}C:\program files (x86)\foobar2000\foobar2000.exe" = protocol=17 | dir=in | app=c:\program files (x86)\foobar2000\foobar2000.exe |
"UDP Query User{3CF4F642-2964-4C66-BDAB-48FE3911B96A}D:\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=17 | dir=in | app=d:\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe |
"UDP Query User{6448E86A-24A4-4A63-8A39-4CDEB5C78AA8}C:\users\adib\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\adib\appdata\roaming\spotify\spotify.exe |
"UDP Query User{7BEB9CAF-7C77-4D41-8C4E-521957A76ED3}C:\program files (x86)\paltalk messenger\paltalk.exe" = protocol=17 | dir=in | app=c:\program files (x86)\paltalk messenger\paltalk.exe |
"UDP Query User{82B6FBD1-82F7-4701-AB41-71349DB805F1}C:\program files (x86)\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mirc\mirc.exe |
"UDP Query User{8EA66372-E3BF-41BF-A196-BF203139ED26}C:\windows\syswow64\java.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\java.exe |
"UDP Query User{A2A6DC45-F130-4D17-9135-8ECADD031F12}C:\program files (x86)\spybot - search & destroy 2\sdtray.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spybot - search & destroy 2\sdtray.exe |
"UDP Query User{A724D2CD-B0F0-4A1D-9D42-A536600BEE74}D:\steam\steamapps\common\worms reloaded\wormsreloaded.exe" = protocol=17 | dir=in | app=d:\steam\steamapps\common\worms reloaded\wormsreloaded.exe |
"UDP Query User{A77E6568-5E5F-4091-9449-DB89C8DDE7BB}C:\users\adib\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\adib\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{B70D92E4-2119-4D47-94DC-541966850A0B}C:\program files (x86)\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spotify\spotify.exe |
"UDP Query User{C22543DF-4324-4A75-B7B8-DA9DF62C13C6}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{CD1ACBCE-955C-4508-A6A1-300981CCD4AB}C:\program files (x86)\spybot - search & destroy 2\sdtray.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spybot - search & destroy 2\sdtray.exe |
"UDP Query User{CF84BB70-FD4B-4C5C-AFD8-33F86D0356BE}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe |
"UDP Query User{DD789C9F-B4F4-4394-AC80-C60181E144AE}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{E1AB1327-4964-4B3B-B598-32B8C3784FEB}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{F33B1758-A567-4493-AF3B-5D773A7B7FF9}C:\program files (x86)\livestation\livestation.exe" = protocol=17 | dir=in | app=c:\program files (x86)\livestation\livestation.exe |
"UDP Query User{F43531E9-B4A4-40C7-9D7F-C7C00B5E0543}D:\steam\steamapps\adibm\team fortress 2 beta\hl2.exe" = protocol=17 | dir=in | app=d:\steam\steamapps\adibm\team fortress 2 beta\hl2.exe |
"UDP Query User{FDA93AF6-CD9D-4121-B1DF-43177A080943}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1FB31F44-D4D0-4D76-944A-A1A5D79FD321}" = Windows Live Family Safety
"{2012D762-5DCA-455A-B5FE-EDF79BC93E18}" = HP Photosmart C4700 All-In-One Driver Software 13.0 Rel .6
"{26A24AE4-039D-4CA4-87B4-2F86416026FF}" = Java™ 6 Update 26 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417004FF}" = Java™ 7 Update 4 (64-bit)
"{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1" = Media Player Classic - Home Cinema v1.5.0.2827 x64
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6F482C75-174D-42EB-A2CF-B00A1F354F7B}" = WD SmartWare
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B2C4509-2B9F-4303-BA74-E2F9BB773F03}" = Oracle VM VirtualBox 4.1.8
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{D8CC254C-C671-4664-9A38-FA368D1E2C97}" = SES Driver
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E77543EE-6FB5-4FF6-AB70-635392C8C756}" = Microsoft Security Client
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"3932CA781A7894D20116FDF60F878301800EA8AB" = Windows Driver Package - Broadcom Bluetooth (09/11/2009 6.2.0.9407)
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"422991454CB076E9B856C21BBF99AF2B82317EDA" = Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM (03/06/2009 1.0.0008.0)
"6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1" = Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"BatteryBar" = BatteryBar (remove only)
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA Drivers" = NVIDIA Drivers
"Speccy" = Speccy
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.11 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = Google Gmail Notifier
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0659E943-DDF4-44FC-9FEE-A13B09F8BB08}" = Adobe Flash Media Live Encoder 3.2
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BDA096C-3550-4F7D-8612-A7AAA3D35712}_is1" = FLV to MP3 Converter
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}" = EasyBatteryManager
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1AFA1FEF-8CF9-4A51-AC46-64FAA7F3D9E2}" = AnyPC Client
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A14A830-8B20-49EE-852B-75E6FC23B999}" = Zekr [Indo Pak]
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EF0D7ED-F944-4E0D-AC78-7DA00C0B81E4}_is1" = Penumbra Episode 1
"{3212AA30-4503-4D30-ADF3-F0DA00C3FDCC}" = Rosetta Stone Ltd Services
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34B76DCB-BF7C-440F-B058-C84172C1E338}" = Easy Network Manager
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{3EED7541-55F8-4DC6-B9CD-28762D71310E}" = Samsung R-Series
"{4010ADCB-1347-D570-FCF1-3002CABEBD2F}" = Rosetta Stone TOTALe
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{52EFF266-98B7-4094-BD24-65490ED8E45D}" = Facebook Messenger 2.1.4520.0
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5DBC79DA-87D2-376D-A65D-B14097C06C71}" = Google Talk Plugin
"{5F5D8937-508B-440F-9C1B-19CB78DBB834}" = Pocket Tanks Deluxe
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1" = Gyazo 1.0
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}" = BatteryLifeExtender
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E3C0F37-2280-4043-BAD0-3C9E5EB723EC}" = Google Drive
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}" = ChargeableUSB
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A436BE6E-A20F-41B8-ABD7-851AAD42FF8D}" = Livestation
"{A55F4F9F-CCA8-4732-AA1F-0390A4A50947}" = C4700
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{ADB1DE83-FC42-4C3F-B64B-2AF2215EF88B}" = Cisco AnyConnect Secure Mobility Client
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy 2
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C615B4A6-DDE8-4325-BCF8-E53E913D95E9}_is1" = AMR to MP3 Converter 1.4
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D56D4A9A-B94D-4055-9FC1-B4E33A26C2B8}" = Rosetta Stone TOTALe
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel® Turbo Boost Technology Driver
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E36F3199-C282-47CA-BAC7-2B77D247E760}" = PS_AIO_06_C4700_SW_Min
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2BC3383-F000-410C-A038-3846ADBE8D90}" = REALTEK Wireless LAN Software
"{F3C3DA7F-B988-81B3-B44E-8EDC6E5E3392}" = Canabalt
"{FA8FCCB3-0BFC-4730-9C7F-68270287C968}" = Cisco AnyConnect Diagnostics and Reporting Tool
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"3GP to MP3 Converter_is1" = 3GP to MP3 Converter
"5513-1208-7298-9440" = JDownloader 0.9
"ActiveTouchMeetingClient" = WebEx
"Adobe AIR" = Adobe AIR
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.12
"AMIP_foobar2000" = AMIP for foobar2000 (remove only)
"Ap PDF to WORD_is1" = Ap PDF to WORD
"ASIO4ALL" = ASIO4ALL
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.14 (Unicode)
"Canabalt2P-AIR" = Canabalt
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client
"com.rosettastone.rosettastonetotale.8F5798B43604FA41C65B6F3DA7D3E38B6B065643.1" = Rosetta Stone TOTALe
"Cool Edit Pro 2.1" = Cool Edit Pro 2.1
"DAEMON Tools Lite" = DAEMON Tools Lite
"dBpoweramp [Arrange Audio] Codec" = dBpoweramp [Arrange Audio] Codec
"dBpoweramp [Audio Info] Codec" = dBpoweramp [Audio Info] Codec
"dBpoweramp [Channel Split] Codec" = dBpoweramp [Channel Split] Codec
"dBpoweramp [ID Tag Update] Codec" = dBpoweramp [ID Tag Update] Codec
"dBpoweramp [Length Split] Codec" = dBpoweramp [Length Split] Codec
"dBpoweramp [Multi Encoder] Codec" = dBpoweramp [Multi Encoder] Codec
"dBpoweramp [ReplayGain] Codec" = dBpoweramp [ReplayGain] Codec
"dBpoweramp [Tag From Filename] Codec" = dBpoweramp [Tag From Filename] Codec
"dBpoweramp DSP Effects" = dBpoweramp DSP Effects
"dBpoweramp m4a Codec" = dBpoweramp m4a Codec
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"dBpoweramp Ogg Vorbis Codec" = dBpoweramp Ogg Vorbis Codec
"dBPowerAMP Real Audio (Helix) Encoder" = dBPowerAMP Real Audio (Helix) Encoder
"dBpoweramp Windows Media Audio 10 Codec" = dBpoweramp Windows Media Audio 10 Codec
"Digital Editions" = Adobe Digital Editions
"DiskAid_is1" = DiskAid 5.05
"EpicBot" = EpicBot
"Exact Audio Copy" = Exact Audio Copy 1.0beta3
"FileHippo.com" = FileHippo.com Update Checker
"FileZilla Client" = FileZilla Client 3.5.3
"FL Studio 9" = FL Studio 9
"FLV Player2.0.25" = FLV Player
"foobar2000" = foobar2000 v1.1.12 beta 6
"Fotosizer" = Fotosizer 1.34
"Free Sound Recorder_is1" = Free Sound Recorder v9.3.1
"Glace" = Glace
"Graboid Video" = Graboid Video 2.03
"HandBrake" = HandBrake 0.9.6
"Hardcore" = Hardcore
"HiDownload Platinum_is1" = HiDownloadPlatinum
"HyperCam 2" = HyperCam 2
"Hyperionics DB Toolbar" = Hyperionics DB Toolbar
"IL Download Manager" = IL Download Manager
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Marvell Miniport Driver" = Marvell Miniport Driver
"mIRC" = mIRC
"Mozilla Firefox 13.0 (x86 en-US)" = Mozilla Firefox 13.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"OpenSSL (32-bit)_is1" = OpenSSL 1.0.0d (32-bit)
"Oregon Trail 5" = Oregon Trail 5
"PalTalk8.2" = Paltalk Messenger
"Pocket Tanks_is1" = Pocket Tanks v1.3
"PoiZone" = PoiZone
"RealPlayer 15.0" = RealPlayer
"Sawer" = Sawer
"Spotify" = Spotify
"Steam App 112100" = Avadon: The Black Fortress
"Steam App 220" = Half-Life 2
"Steam App 26500" = Cogs
"Steam App 340" = Half-Life 2: Lost Coast
"Steam App 380" = Half-Life 2: Episode One
"Steam App 38740" = EDGE
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 520" = Team Fortress 2 Beta
"Steam App 56400" = Warhammer® 40,000®: Dawn of War® II – Retribution™
"Steam App 61600" = Zen Bound® 2
"Steam App 91200" = Anomaly Warzone Earth
"Swiff Player_is1" = Swiff Player 1.7.2
"TeamViewer 7" = TeamViewer 7
"Toxic Biohazard" = Toxic Biohazard
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.0.1
"Voxatron" = Voxatron 0.1.3
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1237017809-3849795662-887355980-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"MusicManager" = Music Manager
"Spotify" = Spotify
"SwiftKit" = SwiftKit
"Tango" = Tango
"The Oil Blue" = The Oil Blue

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

OTL logfile created on: 5/18/2012 2:43:30 PM - Run 1
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\Adib\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.86 Gb Total Physical Memory | 1.13 Gb Available Physical Memory | 29.31% Memory free
7.73 Gb Paging File | 3.18 Gb Available in Paging File | 41.19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100.00 Gb Total Space | 42.77 Gb Free Space | 42.77% Space Free | Partition Type: NTFS
Drive D: | 350.66 Gb Total Space | 83.51 Gb Free Space | 23.81% Space Free | Partition Type: NTFS
Drive F: | 4.20 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: ADIB-PC | User Name: Adib | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/18 14:40:00 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Adib\Desktop\OTL.exe
PRC - [2012/05/11 08:26:18 | 001,773,568 | ---- | M] () -- C:\Program Files (x86)\foobar2000\foobar2000.exe
PRC - [2012/05/10 14:09:44 | 013,805,568 | ---- | M] (Google Inc.) -- C:\Users\Adib\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
PRC - [2012/05/02 18:33:00 | 011,396,840 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2012/03/31 14:22:04 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2012/03/30 16:00:44 | 000,161,336 | ---- | M] (Google) -- C:\Users\Adib\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2012/03/23 15:03:37 | 000,180,648 | ---- | M] (Google Inc.) -- C:\Users\Adib\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe
PRC - [2012/02/15 11:32:12 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2012/01/02 13:53:10 | 001,242,448 | ---- | M] (Valve Corporation) -- D:\Steam\Steam.exe
PRC - [2011/12/14 06:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2011/10/05 16:45:56 | 000,130,976 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe
PRC - [2011/10/05 16:45:42 | 000,169,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2011/10/05 16:45:40 | 000,955,816 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2011/10/05 16:45:38 | 000,892,336 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2011/09/09 11:08:54 | 000,475,088 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
PRC - [2011/05/21 19:43:27 | 000,399,736 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2010/05/17 14:45:32 | 001,615,176 | ---- | M] (Rosetta Stone Ltd.) -- C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
PRC - [2010/01/18 21:34:48 | 002,201,192 | ---- | M] (SEC) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
PRC - [2009/12/04 02:59:28 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/11/20 15:49:14 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe
PRC - [2009/11/03 23:11:48 | 000,835,072 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2009/10/13 05:03:04 | 000,716,800 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2009/07/16 06:08:20 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
PRC - [2009/03/05 04:54:50 | 000,311,296 | ---- | M] () -- C:\Windows\SysWOW64\Rezip.exe
PRC - [2005/07/15 16:48:33 | 000,479,232 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/18 14:34:59 | 000,063,488 | -H-- | M] () -- C:\Users\Adib\AppData\Local\Temp\~1D7A.tmp
MOD - [2012/05/18 14:34:59 | 000,063,488 | -H-- | M] () -- C:\Users\Adib\AppData\Local\Temp\~1C70.tmp
MOD - [2012/05/11 08:26:18 | 001,773,568 | ---- | M] () -- C:\Program Files (x86)\foobar2000\foobar2000.exe
MOD - [2012/05/11 08:25:14 | 001,419,264 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_input_std.dll
MOD - [2012/05/11 08:21:06 | 000,915,456 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_ui_std.dll
MOD - [2012/05/11 08:19:38 | 000,150,016 | ---- | M] () -- C:\Program Files (x86)\foobar2000\shared.dll
MOD - [2012/05/10 13:58:32 | 000,344,064 | ---- | M] () -- C:\Users\Adib\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll
MOD - [2012/05/10 13:58:22 | 000,346,624 | ---- | M] () -- C:\Users\Adib\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll
MOD - [2012/05/10 13:57:28 | 000,198,656 | ---- | M] () -- C:\Users\Adib\AppData\Local\Programs\Google\MusicManager\libaacdec.dll
MOD - [2012/05/10 13:57:16 | 000,364,032 | ---- | M] () -- C:\Users\Adib\AppData\Local\Programs\Google\MusicManager\libid3tag.dll
MOD - [2012/05/04 16:35:31 | 001,169,408 | ---- | M] () -- C:\Users\Adib\AppData\Local\Temp\_MEI53322\wx._core_.pyd
MOD - [2012/05/04 16:35:31 | 000,731,136 | ---- | M] () -- C:\Users\Adib\AppData\Local\Temp\_MEI53322\wx._misc_.pyd
MOD - [2012/05/04 16:35:31 | 000,571,392 | ---- | M] () -- C:\Users\Adib\AppData\Local\Temp\_MEI53322\pysqlite2._sqlite.pyd
MOD - [2012/05/04 16:35:31 | 000,354,304 | ---- | M] () -- C:\Users\Adib\AppData\Local\Temp\_MEI53322\pythoncom26.dll
MOD - [2012/05/04 16:35:31 | 000,263,168 | ---- | M] () -- C:\Users\Adib\AppData\Local\Temp\_MEI53322\win32com.shell.shell.pyd
MOD - [2012/05/04 16:35:31 | 000,153,088 | ---- | M] () -- C:\Users\Adib\AppData\Local\Temp\_MEI53322\pyexpat.pyd
MOD - [2012/05/04 16:35:31 | 000,110,592 | ---- | M] () -- C:\Users\Adib\AppData\Local\Temp\_MEI53322\PyWinTypes26.dll
MOD - [2012/05/04 16:35:31 | 000,096,256 | ---- | M] () -- C:\Users\Adib\AppData\Local\Temp\_MEI53322\win32api.pyd
MOD - [2012/05/04 16:35:31 | 000,086,016 | ---- | M] () -- C:\Users\Adib\AppData\Local\Temp\_MEI53322\_elementtree.pyd
MOD - [2012/05/04 16:35:31 | 000,073,728 | ---- | M] () -- C:\Users\Adib\AppData\Local\Temp\_MEI53322\_ctypes.pyd
MOD - [2012/05/04 16:35:31 | 000,070,656 | ---- | M] () -- C:\Users\Adib\AppData\Local\Temp\_MEI53322\wx._html2.pyd
MOD - [2012/05/04 16:35:31 | 000,040,448 | ---- | M] () -- C:\Users\Adib\AppData\Local\Temp\_MEI53322\_socket.pyd
MOD - [2012/05/04 16:35:31 | 000,011,776 | ---- | M] () -- C:\Users\Adib\AppData\Local\Temp\_MEI53322\win32crypt.pyd
MOD - [2012/05/04 16:35:28 | 000,807,424 | ---- | M] () -- C:\Users\Adib\AppData\Local\Temp\_MEI53322\wx._windows_.pyd
MOD - [2012/05/04 16:35:28 | 000,645,120 | ---- | M] () -- C:\Users\Adib\AppData\Local\Temp\_MEI53322\_ssl.pyd
MOD - [2012/05/04 16:35:28 | 000,311,808 | ---- | M] () -- C:\Users\Adib\AppData\Local\Temp\_MEI53322\_hashlib.pyd
MOD - [2012/05/04 16:35:28 | 000,121,856 | ---- | M] () -- C:\Users\Adib\AppData\Local\Temp\_MEI53322\wx._wizard.pyd
MOD - [2012/05/04 16:35:28 | 000,111,104 | ---- | M] () -- C:\Users\Adib\AppData\Local\Temp\_MEI53322\win32file.pyd
MOD - [2012/05/04 16:35:28 | 000,036,352 | ---- | M] () -- C:\Users\Adib\AppData\Local\Temp\_MEI53322\win32process.pyd
MOD - [2012/05/04 16:35:25 | 001,056,256 | ---- | M] () -- C:\Users\Adib\AppData\Local\Temp\_MEI53322\wx._controls_.pyd
MOD - [2012/05/04 16:35:25 | 000,792,576 | ---- | M] () -- C:\Users\Adib\AppData\Local\Temp\_MEI53322\wx._gdi_.pyd
MOD - [2012/05/04 16:35:25 | 000,167,936 | ---- | M] () -- C:\Users\Adib\AppData\Local\Temp\_MEI53322\win32gui.pyd
MOD - [2012/05/04 16:35:25 | 000,039,424 | ---- | M] () -- C:\Users\Adib\AppData\Local\Temp\_MEI53322\win32inet.pyd
MOD - [2012/05/04 16:35:25 | 000,017,920 | ---- | M] () -- C:\Users\Adib\AppData\Local\Temp\_MEI53322\win32event.pyd
MOD - [2012/05/04 16:35:25 | 000,011,776 | ---- | M] () -- C:\Users\Adib\AppData\Local\Temp\_MEI53322\select.pyd
MOD - [2012/04/29 08:49:26 | 008,743,584 | ---- | M] () -- C:\Users\Adib\AppData\Local\Google\Chrome\User Data\NPAPIFlash\gcswf32.dll
MOD - [2012/04/21 12:12:12 | 020,297,512 | ---- | M] () -- D:\Steam\bin\libcef.dll
MOD - [2012/04/21 12:12:09 | 000,907,048 | ---- | M] () -- D:\Steam\bin\chromehtml.dll
MOD - [2012/04/21 12:12:07 | 000,123,192 | ---- | M] () -- D:\Steam\bin\avutil-51.dll
MOD - [2012/04/21 12:12:01 | 000,190,776 | ---- | M] () -- D:\Steam\bin\avformat-53.dll
MOD - [2012/04/21 12:11:59 | 001,099,576 | ---- | M] () -- D:\Steam\bin\avcodec-53.dll
MOD - [2012/04/09 08:52:35 | 000,440,816 | ---- | M] () -- C:\Users\Adib\AppData\Local\Google\Chrome\Application\20.0.1096.1\ppgooglenaclpluginchrome.dll
MOD - [2012/04/09 08:52:34 | 003,921,904 | ---- | M] () -- C:\Users\Adib\AppData\Local\Google\Chrome\Application\20.0.1096.1\pdf.dll
MOD - [2012/04/09 08:51:13 | 000,552,944 | ---- | M] () -- C:\Users\Adib\AppData\Local\Google\Chrome\Application\20.0.1096.1\libglesv2.dll
MOD - [2012/04/09 08:51:12 | 000,117,744 | ---- | M] () -- C:\Users\Adib\AppData\Local\Google\Chrome\Application\20.0.1096.1\libegl.dll
MOD - [2012/04/09 08:50:56 | 000,134,656 | ---- | M] () -- C:\Users\Adib\AppData\Local\Google\Chrome\Application\20.0.1096.1\avutil-51.dll
MOD - [2012/04/09 08:50:55 | 000,250,368 | ---- | M] () -- C:\Users\Adib\AppData\Local\Google\Chrome\Application\20.0.1096.1\avformat-54.dll
MOD - [2012/04/09 08:50:54 | 002,375,680 | ---- | M] () -- C:\Users\Adib\AppData\Local\Google\Chrome\Application\20.0.1096.1\avcodec-54.dll
MOD - [2012/01/22 14:04:36 | 000,365,056 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_albumlist.dll
MOD - [2012/01/22 14:04:36 | 000,276,480 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_dsp_std.dll
MOD - [2012/01/22 14:04:18 | 000,485,376 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_converter.dll
MOD - [2012/01/22 14:04:18 | 000,283,136 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_rgscan.dll
MOD - [2012/01/22 14:04:16 | 000,299,008 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_cdda.dll
MOD - [2012/01/08 08:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/15 07:13:46 | 004,254,560 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2011/02/18 06:50:22 | 000,371,712 | ---- | M] () -- C:\Users\Adib\AppData\Roaming\foobar2000\user-components\foo_sid\foo_sid.dll
MOD - [2010/04/21 07:48:00 | 000,066,560 | ---- | M] () -- C:\Program Files (x86)\foobar2000\zlib1.dll
MOD - [2010/03/24 21:17:36 | 008,794,464 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2009/12/04 03:04:32 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/12/04 02:59:54 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2006/08/11 22:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/11/11 14:36:38 | 000,282,616 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2010/11/11 14:36:38 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/09/08 10:42:42 | 000,288,256 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV:64bit: - [2009/10/02 04:39:44 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/05/07 08:13:43 | 000,112,568 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/04 14:50:08 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/05 11:37:38 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/12/14 06:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011/09/09 11:08:54 | 000,475,088 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent)
SRV - [2011/06/12 17:17:20 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/06/06 19:09:13 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/06/06 11:36:00 | 004,005,936 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2010/09/08 10:45:10 | 001,034,752 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe -- (WDFME)
SRV - [2010/09/08 10:44:42 | 000,485,376 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDSC.exe -- (WDSC)
SRV - [2010/05/17 14:45:32 | 001,615,176 | ---- | M] (Rosetta Stone Ltd.) [Auto | Running] -- C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe -- (RosettaStoneDaemon)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/20 12:55:20 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/05 04:54:50 | 000,311,296 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\Rezip.exe -- (Rezip)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/24 22:01:51 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/02/15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/12/19 14:45:22 | 000,146,736 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2011/09/09 10:59:19 | 000,106,408 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\acsock64.sys -- (acsock)
DRV:64bit: - [2011/08/19 02:46:06 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tapoas.sys -- (tapoas)
DRV:64bit: - [2011/05/23 13:45:27 | 000,026,536 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/10/24 21:25:38 | 000,072,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2010/09/23 01:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/06/10 03:45:38 | 001,605,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/11/25 16:32:58 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/11/20 01:09:48 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/10/09 22:16:28 | 000,293,936 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/10/02 11:47:38 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/09/28 04:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/08/28 22:15:32 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/08/28 22:15:26 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/01 15:46:58 | 000,052,264 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2009/06/27 09:55:10 | 000,083,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009/06/10 15:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 15:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/28 01:38:04 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/07 18:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2009/11/19 22:49:12 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/02/03 12:12:40] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl -- ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054})
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005/01/01 22:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
DRV - [2002/07/17 17:20:32 | 000,084,832 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ASPI32.SYS -- (ASPI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2704262


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1237017809-3849795662-887355980-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKU\S-1-5-21-1237017809-3849795662-887355980-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.tosavethechildren.com/
IE - HKU\S-1-5-21-1237017809-3849795662-887355980-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKU\S-1-5-21-1237017809-3849795662-887355980-1001\..\URLSearchHook: {32b29df0-2237-4370-9a29-37cebb730e9b} - No CLSID value found
IE - HKU\S-1-5-21-1237017809-3849795662-887355980-1001\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-1237017809-3849795662-887355980-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1237017809-3849795662-887355980-1001\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN_en___US422
IE - HKU\S-1-5-21-1237017809-3849795662-887355980-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-1237017809-3849795662-887355980-1001\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2704262
IE - HKU\S-1-5-21-1237017809-3849795662-887355980-1001\..\SearchScopes\{CE3A3FD1-0A27-07DC-3FED-9D0FBEBC1CD0}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z131&form=ZGAIDF&install_date=20110918&iesrc={referrer:source}
IE - HKU\S-1-5-21-1237017809-3849795662-887355980-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1237017809-3849795662-887355980-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "DuckDuckGo (SSL)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://tosavethechildren.com/"
FF - prefs.js..keyword.URL: "http://www.bing.com/search?pc=Z131&form=ZGAADF&install_date=20110918&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Adib\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Adib\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Adib\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Adib\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Adib\AppData\Local\Facebook\Messenger\2.1.4520.0\npFbDesktopPlugin.dll (Facebook, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/03/31 14:23:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/07 08:13:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/03/31 14:24:06 | 000,000,000 | ---D | M]

[2011/04/02 09:07:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adib\AppData\Roaming\Mozilla\Extensions
[2012/05/10 21:16:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adib\AppData\Roaming\Mozilla\Firefox\Profiles\1vitw2aw.default\extensions
[2012/05/10 21:16:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adib\AppData\Roaming\Mozilla\Firefox\Profiles\1vitw2aw.default\extensions\staged
[2011/09/18 14:58:19 | 000,001,945 | ---- | M] () -- C:\Users\Adib\AppData\Roaming\Mozilla\Firefox\Profiles\1vitw2aw.default\searchplugins\bing-zugo.xml
[2012/02/22 21:39:47 | 000,001,982 | ---- | M] () -- C:\Users\Adib\AppData\Roaming\Mozilla\Firefox\Profiles\1vitw2aw.default\searchplugins\duckduckgo-ssl.xml
[2012/04/29 10:58:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/04/14 13:32:52 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/05/07 08:13:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions
[2012/05/06 21:12:46 | 000,523,514 | ---- | M] () (No name found) -- C:\USERS\ADIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1VITW2AW.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
[2012/02/29 08:36:05 | 000,009,489 | ---- | M] () (No name found) -- C:\USERS\ADIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1VITW2AW.DEFAULT\EXTENSIONS\{E6C93316-271E-4B3D-8D7E-FE11B4350AEB}.XPI
[2012/05/07 08:13:43 | 000,085,432 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/04/18 15:17:44 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/04/25 17:58:48 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/09/08 18:58:11 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old
[2012/04/25 17:58:48 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: DuckDuckGo (Enabled)
CHR - default_search_provider: search_url = http://duckduckgo.com/?q={searchTerms}
CHR - default_search_provider: suggest_url = ,
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Adib\AppData\Local\Google\Chrome\Application\20.0.1096.1\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Adib\AppData\Local\Google\Chrome\Application\20.0.1096.1\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Adib\AppData\Local\Google\Chrome\User Data\NPAPIFlash\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Adib\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.132\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Users\Adib\AppData\Local\Google\Chrome\Application\plugins\npatgpc.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Adib\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Adib\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: PDF-XChange Viewer (Enabled) = C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Facebook Desktop (Enabled) = C:\Users\Adib\AppData\Local\Facebook\Messenger\2.0.4478.0\npFbDesktopPlugin.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\windows\system32\Adobe\Director\np32dsw.dll
CHR - Extension: YouTube = C:\Users\Adib\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Adib\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Offline Google Mail = C:\Users\Adib\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk\1.18_0\
CHR - Extension: Google Calendar = C:\Users\Adib\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\
CHR - Extension: Silver Bird = C:\Users\Adib\AppData\Local\Google\Chrome\User Data\Default\Extensions\encaiiljifbdbjlphpgpiimidegddhic\1.9.8.8_0\
CHR - Extension: Google Analytics Opt-out Add-on (by Google) = C:\Users\Adib\AppData\Local\Google\Chrome\User Data\Default\Extensions\fllaojicojecljbmefodhfapmkghcbnh\0.9.0_0\
CHR - Extension: AdBlock = C:\Users\Adib\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.33_0\
CHR - Extension: Google+Tweet = C:\Users\Adib\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpkkapjfdcpbcikllbmjlkhjhppollom\1.17.133_0\
CHR - Extension: TinEye Reverse Image Search = C:\Users\Adib\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl\1.1.1_0\
CHR - Extension: Keep My Opt-Outs = C:\Users\Adib\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhnjdplhmcnkiecampfdgfjilccfpfoe\1.0.14_0\
CHR - Extension: bitly | a simple URL shortener = C:\Users\Adib\AppData\Local\Google\Chrome\User Data\Default\Extensions\iabeihobmhlgpkcgjiloemdbofjbdcic\1.3.1.5_0\
CHR - Extension: Wolfram|Alpha (Official) = C:\Users\Adib\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikmmbnkodelanopcbphjfnnlajjpjpno\1.0.1_0\
CHR - Extension: Social Fixer = C:\Users\Adib\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipjaijdkhejnbfpodmofannadgfokfnm\6.601_0\
CHR - Extension: Disconnect = C:\Users\Adib\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\3.1.1_0\
CHR - Extension: Disconnect = C:\Users\Adib\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\3.4.0_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Adib\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Klout (beta) = C:\Users\Adib\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjaakbhpcbpmojkhpiaacepfcaniglak\1.5_0\
CHR - Extension: YouTube to MP3 = C:\Users\Adib\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkippmhiimpgejpacdkdgladdckocicj\0.0.3_0\
CHR - Extension: Reddit Enhancement Suite = C:\Users\Adib\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb\4.1.2_0\
CHR - Extension: Two-Click JDownloader = C:\Users\Adib\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljhooappahaeilmbekgcokgjjplambgo\2.6.6_0\
CHR - Extension: Google Mail Checker = C:\Users\Adib\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\3.2_0\
CHR - Extension: Ghostery = C:\Users\Adib\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\3.0.0_0\
CHR - Extension: RSS Subscription Extension (by Google) = C:\Users\Adib\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd\2.1.3_0\
CHR - Extension: Runescape Toolbar For Google Chrome = C:\Users\Adib\AppData\Local\Google\Chrome\User Data\Default\Extensions\omkoedpgiabakfkoefehjfmnlkpepfmp\1.5.2_0\
CHR - Extension: Gmail = C:\Users\Adib\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/05/10 10:31:05 | 000,442,727 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15208 more lines...
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1237017809-3849795662-887355980-1001\..\Toolbar\WebBrowser: (Hyperionics DB Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\Hyperionics DB Toolbar\tbcore3.dll ()
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [APLangApp] C:\Program Files (x86)\AnyPC Client\APLangApp.exe (DoctorSoft)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1237017809-3849795662-887355980-1001..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1237017809-3849795662-887355980-1001..\Run: [Facebook Update] C:\Users\Adib\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-1237017809-3849795662-887355980-1001..\Run: [FileHippo.com] C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKU\S-1-5-21-1237017809-3849795662-887355980-1001..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKU\S-1-5-21-1237017809-3849795662-887355980-1001..\Run: [MusicManager] C:\Users\Adib\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (Google Inc.)
O4 - HKU\S-1-5-21-1237017809-3849795662-887355980-1001..\Run: [ShowBatteryBar] C:\Program Files\BatteryBar\ShowBatteryBar.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-1237017809-3849795662-887355980-1001..\RunOnce: [Shockwave Updater] C:\windows\SysWOW64\Adobe\Shockwave 11\SwHelper_1163633.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Adib\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\Adib\AppData\Local\Facebook\Messenger\2.1.4520.0\FacebookMessenger.exe (Facebook)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-1237017809-3849795662-887355980-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll/cmsidewiki.html File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 10.4.0)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 10.4.0)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{29E62139-F579-43A8-8644-1DD0D84E5411}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\dssrequest - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest - No CLSID value found
O18 - Protocol\Handler\sacore - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{5af904ff-833f-11e1-ba6d-85ba554c84f7}\Shell - "" = AutoRun
O33 - MountPoints2\{5af904ff-833f-11e1-ba6d-85ba554c84f7}\Shell\AutoRun\command - "" = F:\PLAY.EXE
O33 - MountPoints2\{5af904ff-833f-11e1-ba6d-85ba554c84f7}\Shell\install\command - "" = F:\INSTALL\_SETUP.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sdnclean64.exe)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/18 14:39:57 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Adib\Desktop\OTL.exe
[2012/05/18 14:30:17 | 000,000,000 | ---D | C] -- C:\Users\Adib\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook
[2012/05/04 16:48:09 | 000,000,000 | ---D | C] -- C:\Users\Adib\AppData\Roaming\dvdcss
[2012/05/02 08:44:14 | 000,000,000 | ---D | C] -- C:\Users\Adib\Desktop\Ocean
[2012/04/24 22:01:51 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\windows\SysNative\drivers\dtsoftbus01.sys
[2012/04/24 11:55:38 | 000,000,000 | --SD | C] -- C:\Users\Adib\Google Drive
[2012/04/24 11:54:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
[2012/04/22 11:10:25 | 000,000,000 | ---D | C] -- C:\Users\Adib\Documents\My Digital Editions
[2012/04/21 10:08:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2012/04/21 10:08:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2012/04/18 15:18:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[4 C:\Users\Adib\Desktop\*.tmp files -> C:\Users\Adib\Desktop\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/18 14:49:27 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/05/18 14:43:44 | 000,000,852 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1237017809-3849795662-887355980-1001Core.job
[2012/05/18 14:40:00 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Adib\Desktop\OTL.exe
[2012/05/18 14:37:01 | 000,000,902 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-1237017809-3849795662-887355980-1001Core.job
[2012/05/18 14:35:06 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/18 14:30:41 | 000,000,924 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-1237017809-3849795662-887355980-1001UA.job
[2012/05/18 14:30:18 | 000,001,330 | ---- | M] () -- C:\Users\Adib\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
[2012/05/18 14:29:06 | 000,000,904 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1237017809-3849795662-887355980-1001UA.job
[2012/05/18 14:29:06 | 000,000,898 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/18 14:28:27 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/05/13 20:03:23 | 000,000,040 | ---- | M] () -- C:\Users\Adib\jagex_cl_runescape_LIVE.dat
[2012/05/13 18:24:16 | 000,001,292 | ---- | M] () -- C:\Users\Adib\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2012/05/13 18:02:03 | 007,598,583 | ---- | M] () -- C:\Users\Adib\Desktop\Iio - Is It Love - Radio Edit -.mp3
[2012/05/13 17:35:56 | 000,782,702 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/05/13 17:35:56 | 000,662,630 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/05/13 17:35:56 | 000,122,426 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/05/10 10:31:07 | 000,000,344 | ---- | M] () -- C:\windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2012/05/10 10:31:05 | 000,442,727 | R--- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2012/05/08 22:17:38 | 007,142,518 | ---- | M] () -- C:\Users\Adib\Desktop\Naghi_shahin najafi[BARGmusic].mp3
[2012/05/08 10:32:26 | 004,818,218 | ---- | M] () -- C:\Users\Adib\Desktop\E.G. Browne — Catalogue and Description of 27 Bábí Manuscripts (Continued from Page 499).pdf
[2012/05/08 10:31:15 | 004,133,056 | ---- | M] () -- C:\Users\Adib\Desktop\E.G. Browne — Catalogue and Description of 27 Bábí Manuscripts.pdf
[2012/05/08 10:29:40 | 010,160,126 | ---- | M] () -- C:\Users\Adib\Desktop\E.G. Browne — The Bábís of Persia. II. Their Literature and Doctrines.pdf
[2012/05/08 10:28:44 | 004,107,620 | ---- | M] () -- C:\Users\Adib\Desktop\E.G. Browne — The Bábís of Persia. I. Sketch of Their History, and Personal Experiences amongst Them.pdf
[2012/05/07 17:07:30 | 000,014,144 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/07 17:07:30 | 000,014,144 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/07 11:55:18 | 000,271,700 | ---- | M] () -- C:\Users\Adib\Desktop\EUF Report - Austin, TX.pdf
[2012/05/06 15:42:42 | 000,102,334 | ---- | M] () -- C:\Users\Adib\Desktop\batman_begins_soundtrack_2005.jpg
[2012/05/06 13:16:02 | 017,190,587 | ---- | M] () -- C:\Users\Adib\Desktop\The NSA of Iran's Response to Dolgorukov Memoirs, 126BE edition, 1970.pdf
[2012/05/04 18:03:33 | 000,000,044 | ---- | M] () -- C:\Users\Adib\jagex_cl_runescape_LIVE1.dat
[2012/05/04 16:52:33 | 000,298,696 | -H-- | M] () -- C:\windows\SysWow64\mlfcache.dat
[2012/05/04 16:31:13 | 000,000,360 | ---- | M] () -- C:\windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2012/05/04 16:30:32 | 000,000,304 | -HS- | M] () -- C:\windows\tasks\Ilepjg.job
[2012/05/04 16:30:15 | 000,625,104 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/05/04 16:29:52 | 3111,555,072 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/04 16:29:50 | 346,481,813 | ---- | M] () -- C:\windows\MEMORY.DMP
[2012/05/03 11:45:35 | 000,442,727 | R--- | M] () -- C:\windows\SysNative\drivers\etc\hosts.20120510-103105.backup
[2012/04/30 13:45:52 | 001,063,248 | ---- | M] () -- C:\Users\Adib\Desktop\Universe Prompt.mp3
[2012/04/29 17:22:06 | 000,028,079 | ---- | M] () -- C:\Users\Adib\Desktop\Shamloo with cigarette.jpg
[2012/04/28 08:04:42 | 008,947,258 | ---- | M] () -- C:\Users\Adib\Desktop\Universe Prompt.wav
[2012/04/24 22:01:51 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\windows\SysNative\drivers\dtsoftbus01.sys
[2012/04/24 11:06:26 | 007,307,046 | ---- | M] () -- C:\Users\Adib\Desktop\One Hundred Thousand Veils.mp3
[2012/04/22 11:10:21 | 000,002,202 | ---- | M] () -- C:\Users\Adib\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Digital Editions.lnk
[2012/04/20 16:05:47 | 120,079,960 | ---- | M] () -- C:\Users\Adib\Desktop\Nuqtat al-Kaf (1851 Princeton edition).pdf
[2012/04/19 10:31:02 | 000,442,727 | R--- | M] () -- C:\windows\SysNative\drivers\etc\hosts.20120426-104555.backup
[2012/04/19 10:31:02 | 000,442,727 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts.20120503-114535.backup
[2012/04/18 16:50:39 | 003,214,524 | ---- | M] () -- C:\Users\Adib\Desktop\mansour.ghararemoon yadet nare.mp3
[4 C:\Users\Adib\Desktop\*.tmp files -> C:\Users\Adib\Desktop\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/13 18:01:32 | 007,598,583 | ---- | C] () -- C:\Users\Adib\Desktop\Iio - Is It Love - Radio Edit -.mp3
[2012/05/08 22:17:35 | 007,142,518 | ---- | C] () -- C:\Users\Adib\Desktop\Naghi_shahin najafi[BARGmusic].mp3
[2012/05/08 10:32:32 | 004,818,218 | ---- | C] () -- C:\Users\Adib\Desktop\E.G. Browne — Catalogue and Description of 27 Bábí Manuscripts (Continued from Page 499).pdf
[2012/05/08 10:31:23 | 004,133,056 | ---- | C] () -- C:\Users\Adib\Desktop\E.G. Browne — Catalogue and Description of 27 Bábí Manuscripts.pdf
[2012/05/08 10:29:49 | 010,160,126 | ---- | C] () -- C:\Users\Adib\Desktop\E.G. Browne — The Bábís of Persia. II. Their Literature and Doctrines.pdf
[2012/05/08 10:28:54 | 004,107,620 | ---- | C] () -- C:\Users\Adib\Desktop\E.G. Browne — The Bábís of Persia. I. Sketch of Their History, and Personal Experiences amongst Them.pdf
[2012/05/07 11:55:16 | 000,271,700 | ---- | C] () -- C:\Users\Adib\Desktop\EUF Report - Austin, TX.pdf
[2012/05/06 15:42:48 | 000,102,334 | ---- | C] () -- C:\Users\Adib\Desktop\batman_begins_soundtrack_2005.jpg
[2012/05/06 13:07:36 | 017,190,587 | ---- | C] () -- C:\Users\Adib\Desktop\The NSA of Iran's Response to Dolgorukov Memoirs, 126BE edition, 1970.pdf
[2012/04/30 13:45:42 | 001,063,248 | ---- | C] () -- C:\Users\Adib\Desktop\Universe Prompt.mp3
[2012/04/29 17:22:32 | 000,028,079 | ---- | C] () -- C:\Users\Adib\Desktop\Shamloo with cigarette.jpg
[2012/04/28 08:03:09 | 008,947,258 | ---- | C] () -- C:\Users\Adib\Desktop\Universe Prompt.wav
[2012/04/24 11:06:21 | 007,307,046 | ---- | C] () -- C:\Users\Adib\Desktop\One Hundred Thousand Veils.mp3
[2012/04/22 11:10:21 | 000,002,202 | ---- | C] () -- C:\Users\Adib\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Digital Editions.lnk
[2012/04/22 11:10:21 | 000,002,190 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Digital Editions.lnk
[2012/04/20 16:02:40 | 120,079,960 | ---- | C] () -- C:\Users\Adib\Desktop\Nuqtat al-Kaf (1851 Princeton edition).pdf
[2012/04/18 16:48:52 | 003,214,524 | ---- | C] () -- C:\Users\Adib\Desktop\mansour.ghararemoon yadet nare.mp3
[2012/04/12 21:06:41 | 000,000,000 | ---- | C] () -- C:\windows\setup32.INI
[2012/01/29 10:49:02 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\wmtog32.dat
[2012/01/22 20:28:12 | 000,201,678 | ---- | C] () -- C:\windows\hpoins43.dat
[2011/12/07 16:13:27 | 000,004,608 | ---- | C] () -- C:\Users\Adib\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/05 12:36:23 | 000,001,952 | ---- | C] () -- C:\windows\Sandboxie.ini
[2011/08/07 11:26:27 | 000,039,181 | ---- | C] () -- C:\windows\wininit.ini
[2011/08/05 17:01:51 | 000,000,114 | ---- | C] () -- C:\Users\Adib\AppData\Roaming\wklnhst.dat
[2011/07/24 08:41:29 | 000,009,728 | ---- | C] () -- C:\windows\SysWow64\BASSMOD.dll
[2011/06/15 13:24:15 | 000,004,096 | ---- | C] () -- C:\windows\d3dx.dat
[2011/05/27 22:47:17 | 000,000,262 | ---- | C] () -- C:\windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2011/04/29 15:39:32 | 000,000,036 | ---- | C] () -- C:\Users\Adib\AppData\Local\housecall.guid.cache
[2011/04/25 15:02:38 | 000,776,486 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/04/09 11:24:14 | 000,000,109 | ---- | C] () -- C:\Users\Adib\AppData\Roaming\RSBot_Accounts.ini
[2011/04/02 09:07:29 | 000,000,000 | ---- | C] () -- C:\windows\nsreg.dat
[2011/03/26 12:55:21 | 000,003,190 | ---- | C] () -- C:\windows\SysWow64\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.dat
[2011/03/26 12:55:03 | 000,011,412 | ---- | C] () -- C:\windows\SysWow64\SpoonUninstall-dBPowerAMP Real Audio (Helix) Encoder.dat
[2011/03/26 12:54:55 | 000,003,009 | ---- | C] () -- C:\windows\SysWow64\SpoonUninstall-dBpoweramp Ogg Vorbis Codec.dat
[2011/03/26 12:54:40 | 000,003,297 | ---- | C] () -- C:\windows\SysWow64\SpoonUninstall-dBpoweramp m4a Codec.dat
[2011/03/13 12:38:16 | 000,298,696 | -H-- | C] () -- C:\windows\SysWow64\mlfcache.dat
[2011/03/12 18:40:37 | 000,000,056 | -H-- | C] () -- C:\windows\SysWow64\ezsidmv.dat
[2011/03/12 14:27:05 | 000,002,869 | ---- | C] () -- C:\windows\SysWow64\SpoonUninstall-dBpoweramp [Tag From Filename] Codec.dat
[2011/03/12 14:27:00 | 000,002,900 | ---- | C] () -- C:\windows\SysWow64\SpoonUninstall-dBpoweramp [ReplayGain] Codec.dat
[2011/03/12 14:26:56 | 000,003,002 | ---- | C] () -- C:\windows\SysWow64\SpoonUninstall-dBpoweramp [Multi Encoder] Codec.dat
[2011/03/12 14:26:51 | 000,002,862 | ---- | C] () -- C:\windows\SysWow64\SpoonUninstall-dBpoweramp [Length Split] Codec.dat
[2011/03/12 14:26:47 | 000,002,836 | ---- | C] () -- C:\windows\SysWow64\SpoonUninstall-dBpoweramp [ID Tag Update] Codec.dat
[2011/03/12 14:26:42 | 000,002,999 | ---- | C] () -- C:\windows\SysWow64\SpoonUninstall-dBpoweramp [Channel Split] Codec.dat
[2011/03/12 14:26:36 | 000,002,871 | ---- | C] () -- C:\windows\SysWow64\SpoonUninstall-dBpoweramp [Audio Info] Codec.dat
[2011/03/12 14:26:30 | 000,002,879 | ---- | C] () -- C:\windows\SysWow64\SpoonUninstall-dBpoweramp [Arrange Audio] Codec.dat
[2011/03/12 14:25:36 | 000,011,005 | ---- | C] () -- C:\windows\SysWow64\SpoonUninstall-dBpoweramp DSP Effects.dat
[2011/03/12 14:25:33 | 000,415,408 | ---- | C] () -- C:\windows\SysWow64\SpoonUninstall.exe
[2011/03/12 14:25:33 | 000,014,645 | ---- | C] () -- C:\windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat

========== LOP Check ==========

[2011/09/09 08:35:29 | 000,000,000 | ---D | M] -- C:\Users\Adib\AppData\Roaming\.minecraft
[2011/03/28 09:39:43 | 000,000,000 | ---D | M] -- C:\Users\Adib\AppData\Roaming\Amazon
[2012/04/08 21:09:25 | 000,000,000 | ---D | M] -- C:\Users\Adib\AppData\Roaming\Audacity
[2011/07/20 13:46:14 | 000,000,000 | ---D | M] -- C:\Users\Adib\AppData\Roaming\BatteryBar
[2011/09/02 16:53:38 | 000,000,000 | ---D | M] -- C:\Users\Adib\AppData\Roaming\Braid
[2012/05/04 16:49:15 | 000,000,000 | ---D | M] -- C:\Users\Adib\AppData\Roaming\DAEMON Tools Lite
[2011/05/21 17:45:55 | 000,000,000 | ---D | M] -- C:\Users\Adib\AppData\Roaming\dBpoweramp
[2011/05/10 11:43:10 | 000,000,000 | ---D | M] -- C:\Users\Adib\AppData\Roaming\DeadMage
[2011/11/23 17:38:35 | 000,000,000 | ---D | M] -- C:\Users\Adib\AppData\Roaming\DiskAid
[2011/12/09 08:59:48 | 000,000,000 | ---D | M] -- C:\Users\Adib\AppData\Roaming\Dropbox
[2012/01/22 16:02:40 | 000,000,000 | ---D | M] -- C:\Users\Adib\AppData\Roaming\EAC
[2012/03/13 14:06:02 | 000,000,000 | ---D | M] -- C:\Users\Adib\AppData\Roaming\EpicBot
[2012/02/19 17:23:30 | 000,000,000 | ---D | M] -- C:\Users\Adib\AppData\Roaming\FileZilla
[2012/05/13 17:47:09 | 000,000,000 | ---D | M] -- C:\Users\Adib\AppData\Roaming\foobar2000
[2011/12/07 13:57:12 | 000,000,000 | ---D | M] -- C:\Users\Adib\AppData\Roaming\Free Sound Recorder
[2011/07/28 22:00:55 | 000,000,000 | ---D | M] -- C:\Users\Adib\AppData\Roaming\GetRightToGo
[2011/07/25 16:37:27 | 000,000,000 | ---D | M] -- C:\Users\Adib\AppData\Roaming\GrabPro
[2011/03/12 12:25:34 | 000,000,000 | ---D | M] -- C:\Users\Adib\AppData\Roaming\Gyazo
[2012/03/19 15:31:43 | 000,000,000 | ---D | M] -- C:\Users\Adib\AppData\Roaming\HandBrake
[2011/06/23 15:15:54 | 000,000,000 | ---D | M] -- C:\Users\Adib\AppData\Roaming\Livestation
[2011/06/23 15:15:54 | 000,000,000 | ---D | M] -- C:\Users\Adib\AppData\Roaming\Mchid
[2011/12/19 18:12:05 | 000,000,000 | ---D | M] -- C:\Users\Adib\AppData\Roaming\Nicalis
[2011/06/07 18:29:18 | 000,000,000 | ---D | M] -- C:\Users\Adib\AppData\Roaming\Notepad++
[2011/10/20 19:34:15 | 000,000,000 | ---D | M] -- C:\Users\Adib\AppData\Roaming\ooVoo Details
[2011/07/25 16:53:52 | 000,000,000 | ---D | M] -- C:\Users\Adib\AppData\Roaming\Orbit
[2011/05/16 14:57:00 | 000,000,000 | ---D | M] -- C:\Users\Adib\AppData\Roaming\Paltalk
[2011/06/15 13:38:59 | 000,000,000 | ---D | M] -- C:\Users\Adib\AppData\Roaming\Peter Brinson and Kurosh ValaNejad
[2011/09/15 16:29:53 | 000,000,000 | ---D | M] -- C:\Users\Adib\AppData\Roaming\Polynomial
[2011/07/25 16:38:02 | 000,000,000 | ---D | M] -- C:\Users\Adib\AppData\Roaming\ProgSense
[2012/01/19 19:35:15 | 000,000,000 | ---D | M] -- C:\Users\Adib\AppData\Roaming\Spotify
[2011/07/07 22:52:55 | 000,000,000 | ---D | M] -- C:\Users\Adib\AppData\Roaming\SystemRequirementsLab
[2012/01/10 11:26:46 | 000,000,000 | ---D | M] -- C:\Users\Adib\AppData\Roaming\TeamViewer
[2011/08/05 17:01:53 | 000,000,000 | ---D | M] -- C:\Users\Adib\AppData\Roaming\Template
[2011/05/26 22:14:38 | 000,000,000 | ---D | M] -- C:\Users\Adib\AppData\Roaming\Tracker Software
[2012/05/18 14:48:27 | 000,000,000 | ---D | M] -- C:\Users\Adib\AppData\Roaming\uTorrent
[2011/10/31 22:56:46 | 000,000,000 | ---D | M] -- C:\Users\Adib\AppData\Roaming\Voxatron
[2011/07/08 12:02:07 | 000,000,000 | ---D | M] -- C:\Users\Adib\AppData\Roaming\webex
[2011/03/15 17:51:01 | 000,000,000 | ---D | M] -- C:\Users\Adib\AppData\Roaming\Windows Live Writer
[2011/10/27 13:02:18 | 000,000,000 | ---D | M] -- C:\Users\Adib\AppData\Roaming\XBMC
[2012/05/04 16:31:13 | 000,000,360 | ---- | M] () -- C:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
[2012/05/18 14:37:01 | 000,000,902 | ---- | M] () -- C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1237017809-3849795662-887355980-1001Core.job
[2012/05/18 14:30:41 | 000,000,924 | ---- | M] () -- C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1237017809-3849795662-887355980-1001UA.job
[2012/05/04 16:30:32 | 000,000,304 | -HS- | M] () -- C:\windows\Tasks\Ilepjg.job
[2012/05/10 10:31:07 | 000,000,344 | ---- | M] () -- C:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
[2012/03/15 07:56:39 | 000,000,328 | ---- | M] () -- C:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
[2009/07/14 00:08:49 | 000,028,928 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2011/09/13 10:41:45 | 004,065,489 | ---- | M] ()(C:\Users\Adib\Desktop\Parisa Tasnif-e Dashti ????? ???, ????? ????.mp3) -- C:\Users\Adib\Desktop\Parisa Tasnif-e Dashti بستهٔ دام, تصنيف دشتی.mp3
[2011/09/13 10:41:43 | 004,065,489 | ---- | C] ()(C:\Users\Adib\Desktop\Parisa Tasnif-e Dashti ????? ???, ????? ????.mp3) -- C:\Users\Adib\Desktop\Parisa Tasnif-e Dashti بستهٔ دام, تصنيف دشتی.mp3
[2011/04/05 11:08:10 | 000,013,148 | ---- | M] ()(C:\Users\Adib\Documents\????????? ???????? ??????? ????? ???????? ?????????? ?????.docx) -- C:\Users\Adib\Documents\فَٱجْعَلْ دَرْعَكَ ذِكْرِي ثُمَّ حِصْنَكَ التَوَّكُل عَلَی.docx
[2011/03/23 19:21:30 | 000,013,148 | ---- | C] ()(C:\Users\Adib\Documents\????????? ???????? ??????? ????? ???????? ?????????? ?????.docx) -- C:\Users\Adib\Documents\فَٱجْعَلْ دَرْعَكَ ذِكْرِي ثُمَّ حِصْنَكَ التَوَّكُل عَلَی.docx

< End of report >

OTL logfile created on: 5/18/2012 2:43:30 PM - Run 1
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\Adib\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.86 Gb Total Physical Memory | 1.13 Gb Available Physical Memory | 29.31% Memory free
7.73 Gb Paging File | 3.18 Gb Available in Paging File | 41.19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100.00 Gb Total Space | 42.77 Gb Free Space | 42.77% Space Free | Partition Type: NTFS
Drive D: | 350.66 Gb Total Space | 83.51 Gb Free Space | 23.81% Space Free | Partition Type: NTFS
Drive F: | 4.20 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: ADIB-PC | User Name: Adib | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/18 14:40:00 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Adib\Desktop\OTL.exe
PRC - [2012/05/11 08:26:18 | 001,773,568 | ---- | M] () -- C:\Program Files (x86)\foobar2000\foobar2000.exe
PRC - [2012/05/10 14:09:44 | 013,805,568 | ---- | M] (Google Inc.) -- C:\Users\Adib\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
PRC - [2012/05/02 18:33:00 | 011,396,840 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2012/03/31 14:22:04 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2012/03/30 16:00:44 | 000,161,336 | ---- | M] (Google) -- C:\Users\Adib\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2012/03/23 15:03:37 | 000,180,648 | ---- | M] (Google Inc.) -- C:\Users\Adib\AppData\Local\Google\Update\1.3.21.111\GoogleCrashHandler.exe
PRC - [2012/02/15 11:32:12 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2012/01/02 13:53:10 | 001,242,448 | ---- | M] (Valve Corporation) -- D:\Steam\Steam.exe
PRC - [2011/12/14 06:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2011/10/05 16:45:56 | 000,130,976 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe
PRC - [2011/10/05 16:45:42 | 000,169,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2011/10/05 16:45:40 | 000,955,816 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2011/10/05 16:45:38 | 000,892,336 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2011/09/09 11:08:54 | 000,475,088 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
PRC - [2011/05/21 19:43:27 | 000,399,736 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2010/05/17 14:45:32 | 001,615,176 | ---- | M] (Rosetta Stone Ltd.) -- C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
PRC - [2010/01/18 21:34:48 | 002,201,192 | ---- | M] (SEC) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
PRC - [2009/12/04 02:59:28 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/11/20 15:49:14 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe
PRC - [2009/11/03 23:11:48 | 000,835,072 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2009/10/13 05:03:04 | 000,716,800 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2009/07/16 06:08:20 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
PRC - [2009/03/05 04:54:50 | 000,311,296 | ---- | M] () -- C:\Windows\SysWOW64\Rezip.exe
PRC - [2005/07/15 16:48:33 | 000,479,232 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/18 14:34:59 | 000,063,488 | -H-- | M] () -- C:\Users\Adib\AppData\Local\Temp\~1D7A.tmp
MOD - [2012/05/18 14:34:59 | 000,063,488 | -H-- | M] () -- C:\Users\Adib\AppData\Local\Temp\~1C70.tmp
MOD - [2012/05/11 08:26:18 | 001,773,568 | ---- | M] () -- C:\Program Files (x86)\foobar2000\foobar2000.exe
MOD - [2012/05/11 08:25:14 | 001,419,264 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_input_std.dll
MOD - [2012/05/11 08:21:06 | 000,915,456 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_ui_std.dll
MOD - [2012/05/11 08:19:38 | 000,150,016 | ---- | M] () -- C:\Program Files (x86)\foobar2000\shared.dll
MOD - [2012/05/10 13:58:32 | 000,344,064 | ---- | M] () -- C:\Users\Adib\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll
MOD - [2012/05/10 13:58:22 | 000,346,624 | ---- | M] () -- C:\Users\Adib\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll
MOD - [2012/05/10 13:57:28 | 000,198,656 | ---- | M] () -- C:\Users\Adib\AppData\Local\Programs\Google\MusicManager\libaacdec.dll
MOD - [2012/05/10 13:57:16 | 000,364,032 | ---- | M] () -- C:\Users\Adib\AppData\Local\Programs\Google\MusicManager\libid3tag.dll
MOD - [2012/05/04 16:35:31 | 001,169,408 | ---- | M] () -- C:\Users\Adib\AppData\Local\Temp\_MEI53322\wx._core_.pyd
MOD - [2012/05/04 16:35:31 | 000,731,136 | ---- | M] () -- C:\Users\Adib\AppData\Local\Temp\_MEI53322\wx._misc_.pyd
MOD - [2012/05/04 16:35:31 | 000,571,392 | ---- | M] () -- C:\Users\Adib\AppData\Local\Temp\_MEI53322\pysqlite2._sqlite.pyd
MOD - [2012/05/04 16:35:31 | 000,354,304 | ---- | M] () -- C:\Users\Adib\AppData\Local\Temp\_MEI53322\pythoncom26.dll
MOD - [2012/05/04 16:35:31 | 000,263,168 | ---- | M] () -- C:\Users\Adib\AppData\Local\Temp\_MEI53322\win32com.shell.shell.pyd
MOD - [2012/05/04 16:35:31 | 000,153,088 | ---- | M] () -- C:\Users\Adib\AppData\Local\Temp\_MEI53322\pyexpat.pyd
MOD - [2012/05/04 16:35:31 | 000,110,592 | ---- | M] () -- C:\Users\Adib\AppData\Local\Temp\_MEI53322\PyWinTypes26.dll
MOD - [2012/05/04 16:35:31 | 000,096,256 | ---- | M] () -- C:\Users\Adib\AppData\Local\Temp\_MEI53322\win32api.pyd
MOD - [2012/05/04 16:35:31 | 000,086,016 | ---- | M] () -- C:\Users\Adib\AppData\Local\Temp\_MEI53322\_elementtree.pyd
MOD - [2012/05/04 16:35:31 | 000,073,728 | ---- | M] () -- C:\Users\Adib\AppData\Local\Temp\_MEI53322\_ctypes.pyd
MOD - [2012/05/04 16:35:31 | 000,070,656 | ---- | M] () -- C:\Users\Adib\AppData\Local\Temp\_MEI53322\wx._html2.pyd
MOD - [2012/05/04 16:35:31 | 000,040,448 | ---- | M] () -- C:\Users\Adib\AppData\Local\Temp\_MEI53322\_socket.pyd
MOD - [2012/05/04 16:35:31 | 000,011,776 | ---- | M] () -- C:\Users\Adib\AppData\Local\Temp\_MEI53322\win32crypt.pyd
MOD - [2012/05/04 16:35:28 | 000,807,424 | ---- | M] () -- C:\Users\Adib\AppData\Local\Temp\_MEI53322\wx._windows_.pyd
MOD - [2012/05/04 16:35:28 | 000,645,120 | ---- | M] () -- C:\Users\Adib\AppData\Local\Temp\_MEI53322\_ssl.pyd
MOD - [2012/05/04 16:35:28 | 000,311,808 | ---- | M] () -- C:\Users\Adib\AppData\Local\Temp\_MEI53322\_hashlib.pyd
MOD - [2012/05/04 16:35:28 | 000,121,856 | ---- | M] () -- C:\Users\Adib\AppData\Local\Temp\_MEI53322\wx._wizard.pyd
MOD - [2012/05/04 16:35:28 | 000,111,104 | ---- | M] () -- C:\Users\Adib\AppData\Local\Temp\_MEI53322\win32file.pyd
MOD - [2012/05/04 16:35:28 | 000,036,352 | ---- | M] () -- C:\Users\Adib\AppData\Local\Temp\_MEI53322\win32process.pyd
MOD - [2012/05/04 16:35:25 | 001,056,256 | ---- | M] () -- C:\Users\Adib\AppData\Local\Temp\_MEI53322\wx._controls_.pyd
MOD - [2012/05/04 16:35:25 | 000,792,576 | ---- | M] () -- C:\Users\Adib\AppData\Local\Temp\_MEI53322\wx._gdi_.pyd
MOD - [2012/05/04 16:35:25 | 000,167,936 | ---- | M] () -- C:\Users\Adib\AppData\Local\Temp\_MEI53322\win32gui.pyd
MOD - [2012/05/04 16:35:25 | 000,039,424 | ---- | M] () -- C:\Users\Adib\AppData\Local\Temp\_MEI53322\win32inet.pyd
MOD - [2012/05/04 16:35:25 | 000,017,920 | ---- | M] () -- C:\Users\Adib\AppData\Local\Temp\_MEI53322\win32event.pyd
MOD - [2012/05/04 16:35:25 | 000,011,776 | ---- | M] () -- C:\Users\Adib\AppData\Local\Temp\_MEI53322\select.pyd
MOD - [2012/04/29 08:49:26 | 008,743,584 | ---- | M] () -- C:\Users\Adib\AppData\Local\Google\Chrome\User Data\NPAPIFlash\gcswf32.dll
MOD - [2012/04/21 12:12:12 | 020,297,512 | ---- | M] () -- D:\Steam\bin\libcef.dll
MOD - [2012/04/21 12:12:09 | 000,907,048 | ---- | M] () -- D:\Steam\bin\chromehtml.dll
MOD - [2012/04/21 12:12:07 | 000,123,192 | ---- | M] () -- D:\Steam\bin\avutil-51.dll
MOD - [2012/04/21 12:12:01 | 000,190,776 | ---- | M] () -- D:\Steam\bin\avformat-53.dll
MOD - [2012/04/21 12:11:59 | 001,099,576 | ---- | M] () -- D:\Steam\bin\avcodec-53.dll
MOD - [2012/04/09 08:52:35 | 000,440,816 | ---- | M] () -- C:\Users\Adib\AppData\Local\Google\Chrome\Application\20.0.1096.1\ppgooglenaclpluginchrome.dll
MOD - [2012/04/09 08:52:34 | 003,921,904 | ---- | M] () -- C:\Users\Adib\AppData\Local\Google\Chrome\Application\20.0.1096.1\pdf.dll
MOD - [2012/04/09 08:51:13 | 000,552,944 | ---- | M] () -- C:\Users\Adib\AppData\Local\Google\Chrome\Application\20.0.1096.1\libglesv2.dll
MOD - [2012/04/09 08:51:12 | 000,117,744 | ---- | M] () -- C:\Users\Adib\AppData\Local\Google\Chrome\Application\20.0.1096.1\libegl.dll
MOD - [2012/04/09 08:50:56 | 000,134,656 | ---- | M] () -- C:\Users\Adib\AppData\Local\Google\Chrome\Application\20.0.1096.1\avutil-51.dll
MOD - [2012/04/09 08:50:55 | 000,250,368 | ---- | M] () -- C:\Users\Adib\AppData\Local\Google\Chrome\Application\20.0.1096.1\avformat-54.dll
MOD - [2012/04/09 08:50:54 | 002,375,680 | ---- | M] () -- C:\Users\Adib\AppData\Local\Google\Chrome\Application\20.0.1096.1\avcodec-54.dll
MOD - [2012/01/22 14:04:36 | 000,365,056 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_albumlist.dll
MOD - [2012/01/22 14:04:36 | 000,276,480 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_dsp_std.dll
MOD - [2012/01/22 14:04:18 | 000,485,376 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_converter.dll
MOD - [2012/01/22 14:04:18 | 000,283,136 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_rgscan.dll
MOD - [2012/01/22 14:04:16 | 000,299,008 | ---- | M] () -- C:\Program Files (x86)\foobar2000\components\foo_cdda.dll
MOD - [2012/01/08 08:41:12 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/15 07:13:46 | 004,254,560 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2011/02/18 06:50:22 | 000,371,712 | ---- | M] () -- C:\Users\Adib\AppData\Roaming\foobar2000\user-components\foo_sid\foo_sid.dll
MOD - [2010/04/21 07:48:00 | 000,066,560 | ---- | M] () -- C:\Program Files (x86)\foobar2000\zlib1.dll
MOD - [2010/03/24 21:17:36 | 008,794,464 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2009/12/04 03:04:32 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/12/04 02:59:54 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2006/08/11 22:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/11/11 14:36:38 | 000,282,616 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2010/11/11 14:36:38 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/09/08 10:42:42 | 000,288,256 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV:64bit: - [2009/10/02 04:39:44 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/05/07 08:13:43 | 000,112,568 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/04 14:50:08 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/05 11:37:38 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/12/14 06:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011/09/09 11:08:54 | 000,475,088 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent)
SRV - [2011/06/12 17:17:20 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/06/06 19:09:13 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/06/06 11:36:00 | 004,005,936 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2010/09/08 10:45:10 | 001,034,752 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe -- (WDFME)
SRV - [2010/09/08 10:44:42 | 000,485,376 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDSC.exe -- (WDSC)
SRV - [2010/05/17 14:45:32 | 001,615,176 | ---- | M] (Rosetta Stone Ltd.) [Auto | Running] -- C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe -- (RosettaStoneDaemon)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/20 12:55:20 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/05 04:54:50 | 000,311,296 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\Rezip.exe -- (Rezip)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/24 22:01:51 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/02/15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/12/19 14:45:22 | 000,146,736 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2011/09/09 10:59:19 | 000,106,408 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\acsock64.sys -- (acsock)
DRV:64bit: - [2011/08/19 02:46:06 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tapoas.sys -- (tapoas)
DRV:64bit: - [2011/05/23 13:45:27 | 000,026,536 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/10/24 21:25:38 | 000,072,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2010/09/23 01:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/06/10 03:45:38 | 001,605,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/11/25 16:32:58 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/11/20 01:09:48 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/10/09 22:16:28 | 000,293,936 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/10/02 11:47:38 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/09/28 04:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/08/28 22:15:32 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/08/28 22:15:26 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/01 15:46:58 | 000,052,264 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2009/06/27 09:55:10 | 000,083,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009/06/10 15:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 15:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/28 01:38:04 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/07 18:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2009/11/19 22:49:12 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/02/03 12:12:40] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl -- ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054})
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005/01/01 22:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
DRV - [2002/07/17 17:20:32 | 000,084,832 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ASPI32.SYS -- (ASPI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2704262


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1237017809-3849795662-887355980-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKU\S-1-5-21-1237017809-3849795662-887355980-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.tosavethechildren.com/
IE - HKU\S-1-5-21-1237017809-3849795662-887355980-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKU\S-1-5-21-1237017809-3849795662-887355980-1001\..\URLSearchHook: {32b29df0-2237-4370-9a29-37cebb730e9b} - No CLSID value found
IE - HKU\S-1-5-21-1237017809-3849795662-887355980-1001\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-1237017809-3849795662-887355980-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1237017809-3849795662-887355980-1001\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN_en___US422
IE - HKU\S-1-5-21-1237017809-3849795662-887355980-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-1237017809-3849795662-887355980-1001\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2704262
IE - HKU\S-1-5-21-1237017809-3849795662-887355980-1001\..\SearchScopes\{CE3A3FD1-0A27-07DC-3FED-9D0FBEBC1CD0}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z131&form=ZGAIDF&install_date=20110918&iesrc={referrer:source}
IE - HKU\S-1-5-21-1237017809-3849795662-887355980-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1237017809-3849795662-887355980-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "DuckDuckGo (SSL)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://tosavethechildren.com/"
FF - prefs.js..keyword.URL: "http://www.bing.com/search?pc=Z131&form=ZGAADF&install_date=20110918&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.2.72: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.2.72: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.2.72: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.2.72: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Adib\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Adib\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Adib\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Adib\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Adib\AppData\Local\Facebook\Messenger\2.1.4520.0\npFbDesktopPlugin.dll (Facebook, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/03/31 14:23:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/07 08:13:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/03/31 14:24:06 | 000,000,000 | ---D | M]

[2011/04/02 09:07:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adib\AppData\Roaming\Mozilla\Extensions
[2012/05/10 21:16:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adib\AppData\Roaming\Mozilla\Firefox\Profiles\1vitw2aw.default\extensions
[2012/05/10 21:16:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Adib\AppData\Roaming\Mozilla\Firefox\Profiles\1vitw2aw.default\extensions\staged
[2011/09/18 14:58:19 | 000,001,945 | ---- | M] () -- C:\Users\Adib\AppData\Roaming\Mozilla\Firefox\Profiles\1vitw2aw.default\searchplugins\bing-zugo.xml
[2012/02/22 21:39:47 | 000,001,982 | ---- | M] () -- C:\Users\Adib\AppData\Roaming\Mozilla\Firefox\Profiles\1vitw2aw.default\searchplugins\duckduckgo-ssl.xml
[2012/04/29 10:58:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/04/14 13:32:52 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/05/07 08:13:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions
[2012/05/06 21:12:46 | 000,523,514 | ---- | M] () (No name found) -- C:\USERS\ADIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1VITW2AW.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
[2012/02/29 08:36:05 | 000,009,489 | ---- | M] () (No name found) -- C:\USERS\ADIB\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1VITW2AW.DEFAULT\EXTENSIONS\{E6C93316-271E-4B3D-8D7E-FE11B4350AEB}.XPI
[2012/05/07 08:13:43 | 000,085,432 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/04/18 15:17:44 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/04/25 17:58:48 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/09/08 18:58:11 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old
[2012/04/25 17:58:48 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: DuckDuckGo (Enabled)
CHR - default_search_provider: search_url = http://duckduckgo.com/?q={searchTerms}
CHR - default_search_provider: suggest_url = ,
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Adib\AppData\Local\Google\Chrome\Application\20.0.1096.1\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Adib\AppData\Local\Google\Chrome\Application\20.0.1096.1\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Adib\AppData\Local\Google\Chrome\User Data\NPAPIFlash\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Adib\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.132\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Users\Adib\AppData\Local\Google\Chrome\Application\plugins\npatgpc.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Adib\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Adib\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: PDF-XChange Viewer (Enabled) = C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Facebook Desktop (Enabled) = C:\Users\Adib\AppData\Local\Facebook\Messenger\2.0.4478.0\npFbDesktopPlugin.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\windows\system32\Adobe\Director\np32dsw.dll
CHR - Extension: YouTube = C:\Users\Adib\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Adib\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Offline Google Mail = C:\Users\Adib\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk\1.18_0\
CHR - Extension: Google Calendar = C:\Users\Adib\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\
CHR - Extension: Silver Bird = C:\Users\Adib\AppData\Local\Google\Chrome\User Data\Default\Extensions\encaiiljifbdbjlphpgpiimidegddhic\1.9.8.8_0\
CHR - Extension: Google Analytics Opt-out Add-on (by Google) = C:\Users\Adib\AppData\Local\Google\Chrome\User Data\Default\Extensions\fllaojicojecljbmefodhfapmkghcbnh\0.9.0_0\
CHR - Extension: AdBlock = C:\Users\Adib\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.33_0\
CHR - Extension: Google+Tweet = C:\Users\Adib\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpkkapjfdcpbcikllbmjlkhjhppollom\1.17.133_0\
CHR - Extension: TinEye Reverse Image Search = C:\Users\Adib\AppData\Local\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl\1.1.1_0\
CHR - Extension: Keep My Opt-Outs = C:\Users\Adib\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhnjdplhmcnkiecampfdgfjilccfpfoe\1.0.14_0\
CHR - Extension: bitly | a simple URL shortener = C:\Users\Adib\AppData\Local\Google\Chrome\User Data\Default\Extensions\iabeihobmhlgpkcgjiloemdbofjbdcic\1.3.1.5_0\
CHR - Extension: Wolfram|Alpha (Official) = C:\Users\Adib\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikmmbnkodelanopcbphjfnnlajjpjpno\1.0.1_0\
CHR - Extension: Social Fixer = C:\Users\Adib\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipjaijdkhejnbfpodmofannadgfokfnm\6.601_0\
CHR - Extension: Disconnect = C:\Users\Adib\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\3.1.1_0\
CHR - Extension: Disconnect = C:\Users\Adib\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo\3.4.0_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Adib\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Klout (beta) = C:\Users\Adib\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjaakbhpcbpmojkhpiaacepfcaniglak\1.5_0\
CHR - Extension: YouTube to MP3 = C:\Users\Adib\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkippmhiimpgejpacdkdgladdckocicj\0.0.3_0\
CHR - Extension: Reddit Enhancement Suite = C:\Users\Adib\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb\4.1.2_0\
CHR - Extension: Two-Click JDownloader = C:\Users\Adib\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljhooappahaeilmbekgcokgjjplambgo\2.6.6_0\
CHR - Extension: Google Mail Checker = C:\Users\Adib\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\3.2_0\
CHR - Extension: Ghostery = C:\Users\Adib\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\3.0.0_0\
CHR - Extension: RSS Subscription Extension (by Google) = C:\Users\Adib\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd\2.1.3_0\
CHR - Extension: Runescape Toolbar For Google Chrome = C:\Users\Adib\AppData\Local\Google\Chrome\User Data\Default\Extensions\omkoedpgiabakfkoefehjfmnlkpepfmp\1.5.2_0\
CHR - Extension: Gmail = C:\Users\Adib\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/05/10 10:31:05 | 000,442,727 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15208 more lines...
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1237017809-3849795662-887355980-1001\..\Toolbar\WebBrowser: (Hyperionics DB Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\Hyperionics DB Toolbar\tbcore3.dll ()
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [APLangApp] C:\Program Files (x86)\AnyPC Client\APLangApp.exe (DoctorSoft)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1237017809-3849795662-887355980-1001..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1237017809-3849795662-887355980-1001..\Run: [Facebook Update] C:\Users\Adib\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-1237017809-3849795662-887355980-1001..\Run: [FileHippo.com] C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKU\S-1-5-21-1237017809-3849795662-887355980-1001..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKU\S-1-5-21-1237017809-3849795662-887355980-1001..\Run: [MusicManager] C:\Users\Adib\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (Google Inc.)
O4 - HKU\S-1-5-21-1237017809-3849795662-887355980-1001..\Run: [ShowBatteryBar] C:\Program Files\BatteryBar\ShowBatteryBar.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-1237017809-3849795662-887355980-1001..\RunOnce: [Shockwave Updater] C:\windows\SysWOW64\Adobe\Shockwave 11\SwHelper_1163633.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Adib\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\Adib\AppData\Local\Facebook\Messenger\2.1.4520.0\FacebookMessenger.exe (Facebook)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-1237017809-3849795662-887355980-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll/cmsidewiki.html File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 10.4.0)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 10.4.0)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{29E62139-F579-43A8-8644-1DD0D84E5411}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\dssrequest - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest - No CLSID value found
O18 - Protocol\Handler\sacore - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{5af904ff-833f-11e1-ba6d-85ba554c84f7}\Shell - "" = AutoRun
O33 - MountPoints2\{5af904ff-833f-11e1-ba6d-85ba554c84f7}\Shell\AutoRun\command - "" = F:\PLAY.EXE
O33 - MountPoints2\{5af904ff-833f-11e1-ba6d-85ba554c84f7}\Shell\install\command - "" = F:\INSTALL\_SETUP.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sdnclean64.exe)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/18 14:39:57 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Adib\Desktop\OTL.exe
[2012/05/18 14:30:17 | 000,000,000 | ---D | C] -- C:\Users\Adib\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook
[2012/05/04 16:48:09 | 000,000,000 | ---D | C] -- C:\Users\Adib\AppData\Roaming\dvdcss
[2012/05/02 08:44:14 | 000,000,000 | ---D | C] -- C:\Users\Adib\Desktop\Ocean
[2012/04/24 22:01:51 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\windows\SysNative\drivers\dtsoftbus01.sys
[2012/04/24 11:55:38 | 000,000,000 | --SD | C] -- C:\Users\Adib\Google Drive
[2012/04/24 11:54:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
[2012/04/22 11:10:25 | 000,000,000 | ---D | C] -- C:\Users\Adib\Documents\My Digital Editions
[2012/04/21 10:08:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2012/04/21 10:08:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2012/04/18 15:18:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[4 C:\Users\Adib\Desktop\*.tmp files -> C:\Users\Adib\Desktop\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/18 14:49:27 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/05/18 14:43:44 | 000,000,852 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1237017809-3849795662-887355980-1001Core.job
[2012/05/18 14:40:00 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Adib\Desktop\OTL.exe
[2012/05/18 14:37:01 | 000,000,902 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-1237017809-3849795662-887355980-1001Core.job
[2012/05/18 14:35:06 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/18 14:30:41 | 000,000,924 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-1237017809-3849795662-887355980-1001UA.job
[2012/05/18 14:30:18 | 000,001,330 | ---- | M] () -- C:\Users\Adib\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
[2012/05/18 14:29:06 | 000,000,904 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1237017809-3849795662-887355980-1001UA.job
[2012/05/18 14:29:06 | 000,000,898 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/18 14:28:27 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/05/13 20:03:23 | 000,000,040 | ---- | M] () -- C:\Users\Adib\jagex_cl_runescape_LIVE.dat
[2012/05/13 18:24:16 | 000,001,292 | ---- | M] () -- C:\Users\Adib\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2012/05/13 18:02:03 | 007,598,583 | ---- | M] () -- C:\Users\Adib\Desktop\Iio - Is It Love - Radio Edit -.mp3
[2012/05/13 17:35:56 | 000,782,702 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/05/13 17:35:56 | 000,662,630 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/05/13 17:35:56 | 000,122,426 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/05/10 10:31:07 | 000,000,344 | ---- | M] () -- C:\windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2012/05/10 10:31:05 | 000,442,727 | R--- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2012/05/08 22:17:38 | 007,142,518 | ---- | M] () -- C:\Users\Adib\Desktop\Naghi_shahin najafi[BARGmusic].mp3
[2012/05/08 10:32:26 | 004,818,218 | ---- | M] () -- C:\Users\Adib\Desktop\E.G. Browne — Catalogue and Description of 27 Bábí Manuscripts (Continued from Page 499).pdf
[2012/05/08 10:31:15 | 004,133,056 | ---- | M] () -- C:\Users\Adib\Desktop\E.G. Browne — Catalogue and Description of 27 Bábí Manuscripts.pdf
[2012/05/08 10:29:40 | 010,160,126 | ---- | M] () -- C:\Users\Adib\Desktop\E.G. Browne — The Bábís of Persia. II. Their Literature and Doctrines.pdf
[2012/05/08 10:28:44 | 004,107,620 | ---- | M] () -- C:\Users\Adib\Desktop\E.G. Browne — The Bábís of Persia. I. Sketch of Their History, and Personal Experiences amongst Them.pdf
[2012/05/07 17:07:30 | 000,014,144 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/07 17:07:30 | 000,014,144 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/07 11:55:18 | 000,271,700 | ---- | M] () -- C:\Users\Adib\Desktop\EUF Report - Austin, TX.pdf
[2012/05/06 15:42:42 | 000,102,334 | ---- | M] () -- C:\Users\Adib\Desktop\batman_begins_soundtrack_2005.jpg
[2012/05/06 13:16:02 | 017,190,587 | ---- | M] () -- C:\Users\Adib\Desktop\The NSA of Iran's Response to Dolgorukov Memoirs, 126BE edition, 1970.pdf
[2012/05/04 18:03:33 | 000,000,044 | ---- | M] () -- C:\Users\Adib\jagex_cl_runescape_LIVE1.dat
[2012/05/04 16:52:33 | 000,298,696 | -H-- | M] () -- C:\windows\SysWow64\mlfcache.dat
[2012/05/04 16:31:13 | 000,000,360 | ---- | M] () -- C:\windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2012/05/04 16:30:32 | 000,000,304 | -HS- | M] () -- C:\windows\tasks\Ilepjg.job
[2012/05/04 16:30:15 | 000,625,104 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/05/04 16:29:52 | 3111,555,072 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/04 16:29:50 | 346,481,813 | ---- | M] () -- C:\windows\MEMORY.DMP
[2012/05/03 11:45:35 | 000,442,727 | R--- | M] () -- C:\windows\SysNative\drivers\etc\hosts.20120510-103105.backup
[2012/04/30 13:45:52 | 001,063,248 | ---- | M] () -- C:\Users\Adib\Desktop\Universe Prompt.mp3
[2012/04/29 17:22:06 | 000,028,079 | ---- | M] () -- C:\Users\Adib\Desktop\Shamloo with cigarette.jpg
[2012/04/28 08:04:42 | 008,947,258 | ---- | M] () -- C:\Users\Adib\Desktop\Universe Prompt.wav
[2012/04/24 22:01:51 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\windows\SysNative\drivers\dtsoftbus01.sys
[2012/04/24 11:06:26 | 007,307,046 | ---- | M] () -- C:\Users\Adib\Desktop\One Hundred Thousand Veils.mp3
[2012/04/22 11:10:21 | 000,002,202 | ---- | M] () -- C:\Users\Adib\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Digital Editions.lnk
[2012/04/20 16:05:47 | 120,079,960 | ---- | M] () -- C:\Users\Adib\Desktop\Nuqtat al-Kaf (1851 Princeton edition).pdf
[2012/04/19 10:31:02 | 000,442,727 | R--- | M] () -- C:\windows\SysNative\drivers\etc\hosts.20120426-104555.backup
[2012/04/19 10:31:02 | 000,442,727 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts.20120503-114535.backup
[2012/04/18 16:50:39 | 003,214,524 | ---- | M] () -- C:\Users\Adib\Desktop\mansour.ghararemoon yadet nare.mp3
[4 C:\Users\Adib\Desktop\*.tmp files -> C:\Users\Adib\Desktop\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/13 18:01:32 | 007,598,583 | ---- | C] () -- C:\Users\Adib\Desktop\Iio - Is It Love - Radio Edit -.mp3
[2012/05/08 22:17:35 | 007,142,518 | ---- | C] () -- C:\Users\Adib\Desktop\Naghi_shahin najafi[BARGmusic].mp3
[2012/05/08 10:32:32 | 004,818,218 | ---- | C] () -- C:\Users\Adib\Desktop\E.G. Browne — Catalogue and Description of 27 Bábí Manuscripts (Continued from Page 499).pdf
[2012/05/08 10:31:23 | 004,133,056 | ---- | C] () -- C:\Users\Adib\Desktop\E.G. Browne — Catalogue and Description of 27 Bábí Manuscripts.pdf
[2012/05/08 10:29:49 | 010,160,126 | ---- | C] () -- C:\Users\Adib\Desktop\E.G. Browne — The Bábís of Persia. II. Their Literature and Doctrines.pdf
[2012/05/08 10:28:54 | 004,107,620 | ---- | C] () -- C:\Users\Adib\Desktop\E.G. Browne — The Bábís of Persia. I. Sketch of Their History, and Personal Experiences amongst Them.pdf
[2012/05/07 11:55:16 | 000,271,700 | ---- | C] () -- C:\Users\Adib\Desktop\EUF Report - Austin, TX.pdf
[2012/05/06 15:42:48 | 000,102,334 | ---- | C] () -- C:\Users\Adib\Desktop\batman_begins_soundtrack_2005.jpg
[2012/05/06 13:07:36 | 017,190,587 | ---- | C] () -- C:\Users\Adib\Desktop\The NSA of Iran's Response to Dolgorukov Memoirs, 126BE edition, 1970.pdf
[2012/04/30 13:45:42 | 001,063,248 | ---- | C] () -- C:\Users\Adib\Desktop\Universe Prompt.mp3
[2012/04/29 17:22:32 | 000,028,079 | ---- | C] () -- C:\Users\Adib\Desktop\Shamloo with cigarette.jpg
[2012/04/28 08:03:09 | 008,947,258 | ---- | C] () -- C:\Users\Adib\Desktop\Universe Prompt.wav
[2012/04/24 11:06:21 | 007,307,046 | ---- | C] () -- C:\Users\Adib\Desktop\One Hundred Thousand Veils.mp3
[2012/04/22 11:10:21 | 000,002,202 | ---- | C] () -- C:\Users\Adib\Application Data\Microsoft\Internet Explorer\Quick Launch\Adobe Digital Editions.lnk
[2012/04/22 11:10:21 | 000,002,190 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Digital Editions.lnk
[2012/04/20 16:02:40 | 120,079,960 | ---- | C] () -- C:\Users\Adib\Desktop\Nuqtat al-Kaf (1851 Princeton edition).pdf
[2012/04/18 16:48:52 | 003,214,524 | ---- | C] () -- C:\Users\Adib\Desktop\mansour.ghararemoon yadet nare.mp3
[2012/04/12 21:06:41 | 000,000,000 | ---- | C] () -- C:\windows\setup32.INI
[2012/01/29 10:49:02 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\wmtog32.dat
[2012/01/22 20:28:12 | 000,201,678 | ---- | C] () -- C:\windows\hpoins43.dat
[2011/12/07 16:13:27 | 000,004,608 | ---- | C] () -- C:\Users\Adib\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/05 12:36:23 | 000,001,952 | ---- | C] () -- C:\windows\Sandboxie.ini
[2011/08/07 11:26:27 | 000,039,181 | ---- | C] () -- C:\windows\wininit.ini
[2011/08/05 17:01:51 | 000,000,114 | ---- | C] () -- C:\Users\Adib\AppData\Roaming\wklnhst.dat
[2011/07/24 08:41:29 | 000,009,728 | ---- | C] () -- C:\windows\SysWow64\BASSMOD.dll
[2011/06/15 13:24:15 | 000,004,096 | ---- | C] () -- C:\windows\d3dx.dat
[2011/05/27 22:47:17 | 000,000,262 | ---- | C] () -- C:\windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2011/04/29 15:39:32 | 000,000,036 | ---- | C] () -- C:\Users\Adib\AppData\Local\housecall.guid.cache
[2011/04/25 15:02:38 | 000,776,486 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/04/09 11:24:14 | 000,000,109 | ---- | C] () -- C:\Users\Adib\AppData\Roaming\RSBot_Accounts.ini
[2011/04/02 09:07:29 | 000,000,000 | ---- | C] () -- C:\windows\nsreg.dat
[2011/03/26 12:55:21 | 000,003,190 | ---- | C] () -- C:\windows\SysWow64\SpoonUninstall-dBpoweramp Windows Media Audio 10 Codec.dat
[2011/03/26 12:55:03 | 000,011,412 | ---- | C] () -- C:\windows\SysWow64\SpoonUninstall-dBPowerAMP Real Audio (Helix) Encoder.dat
[2011/03/26 12:54:55 | 000,003,009 | ---- | C] () -- C:\windows\SysWow64\SpoonUninstall-dBpoweramp Ogg Vorbis Codec.dat
[2011/03/26 12:54:40 | 000,003,297 | ---- | C] () -- C:\windows\SysWow64\SpoonUninstall-dBpoweramp m4a Codec.dat
[2011/03/13 12:38:16 | 000,298,696 | -H-- | C] () -- C:\windows\SysWow64\mlfcache.dat
[2011/03/12 18:40:37 | 000,000,056 | -H-- | C] () -- C:\windows\SysWow64\ezsidmv.dat
[2011/03/12 14:27:05 | 000,002,869 | ---- | C] () -- C:\windows\SysWow64\SpoonUninstall-dBpoweramp [Tag From Filename] Codec.dat
[2011/03/12 14:27:00 | 000,002,900 | ---- | C] () -- C:\windows\SysWow64\SpoonUninstall-dBpoweramp [ReplayGain] Codec.dat
[2011/03/12 14:26:56 | 000,003,002 | ---- | C] () -- C:\windows\SysWow64\SpoonUninstall-dBpoweramp [Multi Encoder] Codec.dat
[2011/03/12 14:26:51 | 000,002,862 | ---- | C] () -- C:\windows\SysWow64\SpoonUninstall-dBpoweramp [Length Split] Codec.dat
[2011/03/12 14:26:47 | 000,002,836 | ---- | C] () -- C:\windows\SysWow64\SpoonUninstall-dBpoweramp [ID Tag Update] Codec.dat
[2011/03/12 14:26:42 | 000,002,999 | ---- | C] () -- C:\windows\SysWow64\SpoonUninstall-dBpoweramp [Channel Split] Codec.dat
[2011/03/12 14:26:36 | 000,002,871 | ---- | C] () -- C:\windows\SysWow64\SpoonUninstall-dBpoweramp [Audio Info] Codec.dat
[2011/03/12 14:26:30 | 000,002,879 | ---- | C] () -- C:\windows\SysWow64\SpoonUninstall-dBpoweramp [Arrange Audio] Codec.dat
[2011/03/12 14:25:36 | 000,011,005 | ---- | C] () -- C:\windows\SysWow64\SpoonUninstall-dBpoweramp DSP Effects.dat
[2011/03/12 14:25:33 | 000,415,408 | ---- | C] () -- C:\windows\SysWow64\SpoonUninstall.exe
[2011/03/12 14:25:33 | 000,014,645 | ---- | C] () -- C:\windows\SysWow64\SpoonUninstall-dBpoweramp Music Converter.dat

========== LOP Check ==========

[2011/09/09 08:35:29 | 000,000,000 | ---D | M] -- C:\Users\Adib\AppData\Roaming\.minecraft
[2011/03/28 09:39:43 | 000,000,000 | ---D | M] -- C:\Users\Adib\AppData\Roaming\Amazon
[2012/04/08 21:09:25 | 000,000,000 | ---D | M] -- C:\Users\Adib\AppData\Roaming\Audacity
[2011/07/20 13:46:14 | 000,000,000 | ---D | M] -- C:\Users\Adib\AppData\Roaming\BatteryBar
[2011/09/02 16:53:38 | 000,000,000 | ---D | M] -- C:\Users\Adib\AppData\Roaming\Braid
[2012/05/04 16:49:15 | 000,000,000 | ---D | M] -- C:\Users\Adib\AppData\Roaming\DAEMON Tools Lite
[2011/05/21 17:45:55 | 000,000,000 | ---D | M] -- C:\Users\Adib\AppData\Roaming\dBpoweramp
[2011/05/10 11:43:10 | 000,000,000 | ---D | M] -- C:\Users\Adib\AppData\Roaming\DeadMage
[2011/11/23 17:38:35 | 000,000,000 | ---D | M] -- C:\Users\Adib\AppData\Roaming\DiskAid
[2011/12/09 08:59:48 | 000,000,000 | ---D | M] -- C:\Users\Adib\AppData\Roaming\Dropbox
[2012/01/22 16:02:40 | 000,000,000 | ---D | M] -- C:\Users\Adib\AppData\Roaming\EAC
[2012/03/13 14:06:02 | 000,000,000 | ---D | M] -- C:\Users\Adib\AppData\Roaming\EpicBot
[2012/02/19 17:23:30 | 000,000,000 | ---D | M] -- C:\Users\Adib\AppData\Roaming\FileZilla
[2012/05/13 17:47:09 | 000,000,000 | ---D | M] -- C:\Users\Adib\AppData\Roaming\foobar2000
[2011/12/07 13:57:12 | 000,000,000 | ---D | M] -- C:\Users\Adib\AppData\Roaming\Free Sound Recorder
[2011/07/28 22:00:55 | 000,000,000 | ---D | M] -- C:\Users\Adib\AppData\Roaming\GetRightToGo
[2011/07/25 16:37:27 | 000,000,000 | ---D | M] -- C:\Users\Adib\AppData\Roaming\GrabPro
[2011/03/12 12:25:34 | 000,000,000 | ---D | M] -- C:\Users\Adib\AppData\Roaming\Gyazo
[2012/03/19 15:31:43 | 000,000,000 | ---D | M] -- C:\Users\Adib\AppData\Roaming\HandBrake
[2011/06/23 15:15:54 | 000,000,000 | ---D | M] -- C:\Users\Adib\AppData\Roaming\Livestation
[2011/06/23 15:15:54 | 000,000,000 | ---D | M] -- C:\Users\Adib\AppData\Roaming\Mchid
[2011/12/19 18:12:05 | 000,000,000 | ---D | M] -- C:\Users\Adib\AppData\Roaming\Nicalis
[2011/06/07 18:29:18 | 000,000,000 | ---D | M] -- C:\Users\Adib\AppData\Roaming\Notepad++
[2011/10/20 19:34:15 | 000,000,000 | ---D | M] -- C:\Users\Adib\AppData\Roaming\ooVoo Details
[2011/07/25 16:53:52 | 000,000,000 | ---D | M] -- C:\Users\Adib\AppData\Roaming\Orbit
[2011/05/16 14:57:00 | 000,000,000 | ---D | M] -- C:\Users\Adib\AppData\Roaming\Paltalk
[2011/06/15 13:38:59 | 000,000,000 | ---D | M] -- C:\Users\Adib\AppData\Roaming\Peter Brinson and Kurosh ValaNejad
[2011/09/15 16:29:53 | 000,000,000 | ---D | M] -- C:\Users\Adib\AppData\Roaming\Polynomial
[2011/07/25 16:38:02 | 000,000,000 | ---D | M] -- C:\Users\Adib\AppData\Roaming\ProgSense
[2012/01/19 19:35:15 | 000,000,000 | ---D | M] -- C:\Users\Adib\AppData\Roaming\Spotify
[2011/07/07 22:52:55 | 000,000,000 | ---D | M] -- C:\Users\Adib\AppData\Roaming\SystemRequirementsLab
[2012/01/10 11:26:46 | 000,000,000 | ---D | M] -- C:\Users\Adib\AppData\Roaming\TeamViewer
[2011/08/05 17:01:53 | 000,000,000 | ---D | M] -- C:\Users\Adib\AppData\Roaming\Template
[2011/05/26 22:14:38 | 000,000,000 | ---D | M] -- C:\Users\Adib\AppData\Roaming\Tracker Software
[2012/05/18 14:48:27 | 000,000,000 | ---D | M] -- C:\Users\Adib\AppData\Roaming\uTorrent
[2011/10/31 22:56:46 | 000,000,000 | ---D | M] -- C:\Users\Adib\AppData\Roaming\Voxatron
[2011/07/08 12:02:07 | 000,000,000 | ---D | M] -- C:\Users\Adib\AppData\Roaming\webex
[2011/03/15 17:51:01 | 000,000,000 | ---D | M] -- C:\Users\Adib\AppData\Roaming\Windows Live Writer
[2011/10/27 13:02:18 | 000,000,000 | ---D | M] -- C:\Users\Adib\AppData\Roaming\XBMC
[2012/05/04 16:31:13 | 000,000,360 | ---- | M] () -- C:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
[2012/05/18 14:37:01 | 000,000,902 | ---- | M] () -- C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1237017809-3849795662-887355980-1001Core.job
[2012/05/18 14:30:41 | 000,000,924 | ---- | M] () -- C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1237017809-3849795662-887355980-1001UA.job
[2012/05/04 16:30:32 | 000,000,304 | -HS- | M] () -- C:\windows\Tasks\Ilepjg.job
[2012/05/10 10:31:07 | 000,000,344 | ---- | M] () -- C:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
[2012/03/15 07:56:39 | 000,000,328 | ---- | M] () -- C:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
[2009/07/14 00:08:49 | 000,028,928 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2011/09/13 10:41:45 | 004,065,489 | ---- | M] ()(C:\Users\Adib\Desktop\Parisa Tasnif-e Dashti ????? ???, ????? ????.mp3) -- C:\Users\Adib\Desktop\Parisa Tasnif-e Dashti بستهٔ دام, تصنيف دشتی.mp3
[2011/09/13 10:41:43 | 004,065,489 | ---- | C] ()(C:\Users\Adib\Desktop\Parisa Tasnif-e Dashti ????? ???, ????? ????.mp3) -- C:\Users\Adib\Desktop\Parisa Tasnif-e Dashti بستهٔ دام, تصنيف دشتی.mp3
[2011/04/05 11:08:10 | 000,013,148 | ---- | M] ()(C:\Users\Adib\Documents\????????? ???????? ??????? ????? ???????? ?????????? ?????.docx) -- C:\Users\Adib\Documents\فَٱجْعَلْ دَرْعَكَ ذِكْرِي ثُمَّ حِصْنَكَ التَوَّكُل عَلَی.docx
[2011/03/23 19:21:30 | 000,013,148 | ---- | C] ()(C:\Users\Adib\Documents\????????? ???????? ??????? ????? ???????? ?????????? ?????.docx) -- C:\Users\Adib\Documents\فَٱجْعَلْ دَرْعَكَ ذِكْرِي ثُمَّ حِصْنَكَ التَوَّكُل عَلَی.docx

< End of report >

#4 Gammo

Gammo

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:57 AM

Posted 19 May 2012 - 03:03 AM

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2704262
    IE - HKU\S-1-5-21-1237017809-3849795662-887355980-1001\..\URLSearchHook: {32b29df0-2237-4370-9a29-37cebb730e9b} - No CLSID value found
    IE - HKU\S-1-5-21-1237017809-3849795662-887355980-1001\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2704262
    [2011/09/18 14:58:19 | 000,001,945 | ---- | M] () -- C:\Users\Adib\AppData\Roaming\Mozilla\Firefox\Profiles\1vitw2aw.default\searchplugins\bing-zugo.xml
    O3 - HKU\S-1-5-21-1237017809-3849795662-887355980-1001\..\Toolbar\WebBrowser: (Hyperionics DB Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\Hyperionics DB Toolbar\tbcore3.dll ()
    [4 C:\Users\Adib\Desktop\*.tmp files -> C:\Users\Adib\Desktop\*.tmp -> ]
    [1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
    [2012/05/04 16:30:32 | 000,000,304 | -HS- | M] () -- C:\windows\tasks\Ilepjg.job
    
    :Services
    
    :Reg
    
    :Files
    ipconfig /flushdns /c
    C:\Program Files (x86)\Hyperionics DB Toolbar
    
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [emptyflash]
    [createrestorepoint]
    [reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done



Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

Posted Image

Please post the final results, good or bad. We like to know!
My help is always free, but if I have helped you, please consider making a donation to help me continue the fight against malware! Posted Image


#5 AdibM

AdibM
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 19 May 2012 - 07:57 AM

My computer is running much faster now, but I still have Search Enhance :(:


ComboFix 12-05-19.01 - Adib 05/19/2012 7:12.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3957.1988 [GMT -5:00]
Running from: c:\users\Adib\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Spybot - Search & Destroy *Disabled/Updated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Adib\AppData\Local\Minibar
c:\users\Adib\AppData\Local\Minibar\chrome\background.html
c:\users\Adib\AppData\Local\Minibar\chrome\cached_http_request.js
c:\users\Adib\AppData\Local\Minibar\chrome\extension_info.json
c:\users\Adib\AppData\Local\Minibar\chrome\icons\icon128.png
c:\users\Adib\AppData\Local\Minibar\chrome\icons\icon19.png
c:\users\Adib\AppData\Local\Minibar\chrome\icons\icon32.png
c:\users\Adib\AppData\Local\Minibar\chrome\icons\icon48.png
c:\users\Adib\AppData\Local\Minibar\chrome\includes\content.js
c:\users\Adib\AppData\Local\Minibar\chrome\includes\content_kango.js
c:\users\Adib\AppData\Local\Minibar\chrome\includes\content_messaging.js
c:\users\Adib\AppData\Local\Minibar\chrome\includes\content_userscript.js
c:\users\Adib\AppData\Local\Minibar\chrome\kango-ui\button.js
c:\users\Adib\AppData\Local\Minibar\chrome\kango-ui\ui.js
c:\users\Adib\AppData\Local\Minibar\chrome\kango\browser.js
c:\users\Adib\AppData\Local\Minibar\chrome\kango\console.js
c:\users\Adib\AppData\Local\Minibar\chrome\kango\event_listener.js
c:\users\Adib\AppData\Local\Minibar\chrome\kango\initialize.js
c:\users\Adib\AppData\Local\Minibar\chrome\kango\io.js
c:\users\Adib\AppData\Local\Minibar\chrome\kango\jsonstorage.js
c:\users\Adib\AppData\Local\Minibar\chrome\kango\kango.js
c:\users\Adib\AppData\Local\Minibar\chrome\kango\lang.js
c:\users\Adib\AppData\Local\Minibar\chrome\kango\messaging.js
c:\users\Adib\AppData\Local\Minibar\chrome\kango\userscript_engine.js
c:\users\Adib\AppData\Local\Minibar\chrome\kango\xhr.js
c:\users\Adib\AppData\Local\Minibar\chrome\main.js
c:\users\Adib\AppData\Local\Minibar\chrome\manifest.json
c:\users\Adib\AppData\Local\Minibar\chrome\minibar\actions.js
c:\users\Adib\AppData\Local\Minibar\chrome\minibar\cachedxhr.js
c:\users\Adib\AppData\Local\Minibar\chrome\minibar\config.js
c:\users\Adib\AppData\Local\Minibar\chrome\minibar\macros.js
c:\users\Adib\AppData\Local\Minibar\chrome\minibar\minibar.js
c:\users\Adib\AppData\Local\Minibar\chrome\popup.html
c:\users\Adib\AppData\Local\Minibar\chrome\popup.js
c:\users\Adib\AppData\Local\Minibar\chrome\tab.html
c:\users\Adib\AppData\Local\Minibar\chrome\tab.js
c:\users\Adib\AppData\Local\Minibar\chrome_installer.js
c:\users\Adib\AppData\Local\Minibar\common.js
c:\users\Adib\AppData\Local\Minibar\install.json
c:\users\Adib\AppData\Local\Minibar\minibar.crx
c:\users\Adib\AppData\Local\Minibar\sqlite3.exe
c:\users\Adib\AppData\Local\Minibar\Uninstall.exe
c:\users\Adib\AppData\Local\Temp\_MEI58802\_ctypes.pyd
c:\users\Adib\AppData\Local\Temp\_MEI58802\_elementtree.pyd
c:\users\Adib\AppData\Local\Temp\_MEI58802\_hashlib.pyd
c:\users\Adib\AppData\Local\Temp\_MEI58802\_socket.pyd
c:\users\Adib\AppData\Local\Temp\_MEI58802\_ssl.pyd
c:\users\Adib\AppData\Local\Temp\_MEI58802\pyexpat.pyd
c:\users\Adib\AppData\Local\Temp\_MEI58802\pysqlite2._sqlite.pyd
c:\users\Adib\AppData\Local\Temp\_MEI58802\python26.dll
c:\users\Adib\AppData\Local\Temp\_MEI58802\pythoncom26.dll
c:\users\Adib\AppData\Local\Temp\_MEI58802\PyWinTypes26.dll
c:\users\Adib\AppData\Local\Temp\_MEI58802\select.pyd
c:\users\Adib\AppData\Local\Temp\_MEI58802\win32api.pyd
c:\users\Adib\AppData\Local\Temp\_MEI58802\win32com.shell.shell.pyd
c:\users\Adib\AppData\Local\Temp\_MEI58802\win32crypt.pyd
c:\users\Adib\AppData\Local\Temp\_MEI58802\win32event.pyd
c:\users\Adib\AppData\Local\Temp\_MEI58802\win32file.pyd
c:\users\Adib\AppData\Local\Temp\_MEI58802\win32gui.pyd
c:\users\Adib\AppData\Local\Temp\_MEI58802\win32inet.pyd
c:\users\Adib\AppData\Local\Temp\_MEI58802\win32process.pyd
c:\users\Adib\AppData\Local\Temp\_MEI58802\wx._controls_.pyd
c:\users\Adib\AppData\Local\Temp\_MEI58802\wx._core_.pyd
c:\users\Adib\AppData\Local\Temp\_MEI58802\wx._gdi_.pyd
c:\users\Adib\AppData\Local\Temp\_MEI58802\wx._html2.pyd
c:\users\Adib\AppData\Local\Temp\_MEI58802\wx._misc_.pyd
c:\users\Adib\AppData\Local\Temp\_MEI58802\wx._windows_.pyd
c:\users\Adib\AppData\Local\Temp\_MEI58802\wx._wizard.pyd
c:\users\Adib\AppData\Local\Temp\_MEI58802\wxbase293u_net_vc.dll
c:\users\Adib\AppData\Local\Temp\_MEI58802\wxbase293u_vc.dll
c:\users\Adib\AppData\Local\Temp\_MEI58802\wxmsw293u_adv_vc.dll
c:\users\Adib\AppData\Local\Temp\_MEI58802\wxmsw293u_core_vc.dll
c:\users\Adib\AppData\Local\Temp\_MEI58802\wxmsw293u_html_vc.dll
c:\users\Adib\AppData\Local\Temp\_MEI58802\wxmsw293u_webview_vc.dll
D:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-04-19 to 2012-05-19 )))))))))))))))))))))))))))))))
.
.
2012-05-19 12:22 . 2012-05-19 12:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-19 11:46 . 2012-05-19 11:46 -------- d-----w- C:\_OTL
2012-05-18 20:17 . 2012-05-19 12:06 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D3EF1317-05D8-4022-8437-5E5D366AE246}\offreg.dll
2012-05-18 20:12 . 2012-05-18 20:15 -------- d-----w- c:\program files (x86)\GetFLV
2012-05-18 19:40 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D3EF1317-05D8-4022-8437-5E5D366AE246}\mpengine.dll
2012-05-04 21:48 . 2012-05-04 21:49 -------- d-----w- c:\users\Adib\AppData\Roaming\dvdcss
2012-05-03 22:11 . 2012-05-03 22:11 -------- d-----w- c:\users\Default\AppData\Local\Google
2012-04-29 15:58 . 2012-04-25 22:58 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-04-29 15:58 . 2012-04-25 22:58 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-04-25 03:01 . 2012-04-25 03:01 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-04-24 16:55 . 2012-05-19 12:42 -------- d-s---w- c:\users\Adib\Google Drive
2012-04-21 15:08 . 2012-04-25 03:01 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-04 19:50 . 2011-11-08 17:21 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-04 19:50 . 2011-03-11 22:35 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-04 19:49 . 2011-11-08 18:49 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-29 16:05 . 2011-12-14 17:38 955848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-04-29 16:05 . 2011-04-25 20:10 839112 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-18 20:17 . 2011-03-11 22:46 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-13 08:46 . 2011-07-02 03:19 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-04-04 20:56 . 2011-03-11 21:53 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-31 19:22 . 2011-11-28 17:55 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Adib\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Adib\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Adib\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Adib\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FileHippo.com"="c:\program files (x86)\FileHippo.com\UpdateChecker.exe" [2012-03-26 306688]
"MusicManager"="c:\users\Adib\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2012-05-10 13805568]
"ShowBatteryBar"="c:\program files\BatteryBar\ShowBatteryBar.exe" [2009-05-28 89600]
"Facebook Update"="c:\users\Adib\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-12-01 137536]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2012-05-02 11396840]
"chromium"="c:\users\Adib\AppData\Local\Google\Chrome\Application\chrome.exe" [2012-04-09 1246192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2009-11-20 75048]
"APLangApp"="c:\program files (x86)\AnyPC Client\APLangApp.exe" [2009-11-20 13312]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files (x86)\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-03-31 296056]
.
c:\users\Adib\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Facebook Messenger.lnk - c:\users\Adib\AppData\Local\Facebook\Messenger\2.1.4520.0\FacebookMessenger.exe [2012-5-17 200704]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-3-29 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-9-8 6163456]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-11 135664]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-04-05 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 257696]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 dump_wmimmc;dump_wmimmc;c:\program files (x86)\steam\steamapps\common\ava\Binaries\GameGuard\dump_wmimmc.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-11 135664]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-07 112568]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x]
S1 SDHookDriver;Spybot-S&D 2 Hook Driver;c:\program files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [2011-10-05 48888]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2010/02/03 12:12];c:\program files (x86)\CyberLink\PowerDVD8\000.fcl [2009-11-20 03:49 146928]
S2 Rezip;Rezip;c:\windows\SysWOW64\Rezip.exe [2009-03-05 311296]
S2 RosettaStoneDaemon;RosettaStoneDaemon;c:\program files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe [2010-05-17 1615176]
S2 SDHookService;Spybot S&D 2 Live Protection Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe [2011-10-05 130976]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2011-10-05 892336]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2011-10-05 955816]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2011-10-05 169624]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-14 2984832]
S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2011-09-09 475088]
S2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-09-08 288256]
S2 WDFME;WD File Management Engine;c:\program files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe [2010-09-08 1034752]
S2 WDSC;WD File Management Shadow Engine;c:\program files (x86)\Western Digital\WD Smartware\Front Parlor\WDSC.exe [2010-09-08 485376]
S3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2011-11-08 19:50]
.
2012-05-19 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2011-05-21 21:46]
.
2012-05-18 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1237017809-3849795662-887355980-1001Core.job
- c:\users\Adib\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-01 19:03]
.
2012-05-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1237017809-3849795662-887355980-1001UA.job
- c:\users\Adib\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-12-01 19:03]
.
2012-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-11 21:45]
.
2012-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-11 21:45]
.
2012-05-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1237017809-3849795662-887355980-1001Core.job
- c:\users\Adib\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-24 22:20]
.
2012-05-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1237017809-3849795662-887355980-1001UA.job
- c:\users\Adib\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-24 22:20]
.
2012-05-10 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2011-05-21 21:46]
.
2012-03-15 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2011-09-18 21:46]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Adib\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Adib\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Adib\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Adib\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-05-02 23:31 779776 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-05-02 23:31 779776 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-05-02 23:31 779776 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-05-02 23:31 779776 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-15 9644576]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-07 16413288]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.tosavethechildren.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D1E1F7ED622A0E5D.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Adib\AppData\Roaming\Mozilla\Firefox\Profiles\1vitw2aw.default\
FF - prefs.js: browser.search.selectedEngine - DuckDuckGo (SSL)
FF - prefs.js: browser.startup.homepage - hxxp://tosavethechildren.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z131&form=ZGAADF&install_date=20110918&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Notify-SDWinLogon - SDWinLogon.dll
SafeBoot-mcmscsvc
SafeBoot-MCODS
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-dBpoweramp DSP Effects - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp m4a Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Ogg Vorbis Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBPowerAMP Real Audio (Helix) Encoder - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp Windows Media Audio 10 Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [Arrange Audio] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [Audio Info] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [Channel Split] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [ID Tag Update] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [Length Split] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [Multi Encoder] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [ReplayGain] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-dBpoweramp [Tag From Filename] Codec - c:\windows\system32\SpoonUninstall.exe
AddRemove-Hyperionics DB Toolbar - c:\program files (x86)\Hyperionics DB Toolbar\UninstallToolbar.exe
AddRemove-{FBBC4667-2521-4E78-B1BD-8706F774549B} - c:\programdata\{E85781E1-08F4-413E-86A1-CCEF4E1B12CB}\Best Buy Software Installer Setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD8\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1237017809-3849795662-887355980-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1237017809-3849795662-887355980-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
.
**************************************************************************
.
Completion time: 2012-05-19 07:49:44 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-19 12:49
.
Pre-Run: 49,300,811,776 bytes free
Post-Run: 48,659,251,200 bytes free
.
- - End Of File - - A3FAAC13C6AD065D3A6FC4A4392113F0

Edited by AdibM, 19 May 2012 - 08:01 AM.


#6 Gammo

Gammo

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:57 AM

Posted 19 May 2012 - 09:11 AM

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



In which web browser(s) do you have the Search Enhance malware? Internet Explorer, Mozilla Firefox, Google Chrome? Or in multiple?

Posted Image

Please post the final results, good or bad. We like to know!
My help is always free, but if I have helped you, please consider making a donation to help me continue the fight against malware! Posted Image


#7 AdibM

AdibM
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:57 PM

Posted 19 May 2012 - 11:01 AM

No malicious items were detected.

It looks like I only have the malware on Google Chrome. I do not have it on Mozilla Firefox or Internet Explorer.

EDIT: Now that I check again, it seems to have gone away on Chrome. This is very strange.


Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.19.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Adib :: ADIB-PC [administrator]

5/19/2012 10:36:08 AM
mbam-log-2012-05-19 (10-36-08).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 210758
Time elapsed: 5 minute(s), 14 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Edited by AdibM, 19 May 2012 - 11:07 AM.


#8 Gammo

Gammo

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:57 AM

Posted 19 May 2012 - 12:40 PM

Your logs appear to be clean now. There is only a bit of cleanup that we will deal with in this post, as well as prevention from future infections. ^_^

Remove Combofix now that we're done with it.
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
    Posted Image
  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • Download OTC to your desktop and run it
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Keep a backup of your important files
Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Make proper use of your anti-virus and firewall
You should keep your anti-virus and firewall guard enabled at all times, don't shut them off unless there's a specific reason to do so.

Also, regularly performing a full system scan with your anti-virus program is a good idea to make sure nothing has slipped through your protection. Once every two weeks works well for many people. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

Keep in mind that anti-virus programs are far from perfect. They don't protect you against every piece of malware that's out there, so don't trust them blindly. If an anti-virus reports a file as 'clean' then it's doesn't necessarily has to mean it is.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Keep all your software updated
It is important to keep up on system updates from Microsoft by regularly checking their website at: http://windowsupdate.microsoft.com/, as these patch critical security vulnerabilities and help to keep you safe.

It's also important to keep programs up to date so that malware doesn't exploit any old security flaws. FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Java and Adobe Reader are two of the main security vulnerabilities. You can find the latest version of Java here, you will want the Java SE Runtime Environment (JRE) one. You can find the latest version of Adobe Reader here.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Use a safer web browser
Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a couple good free alternatives: Google Chrome and Opera. Both are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these.

The WOT add-on will nicely help to enhance your security, no matter which web browser you use. This add-on tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Some other security programs

It is wise these days to have a few security programs installed and running on your machine except from just an anti-virus and a firewall. I will list some of them.
  • A good anti-spyware program installed on your pc is very important to help remove any spyware that may have gotten on your computer. I highly recommend Malwarebytes' Anti-Malware.
  • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites in the future.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Be careful
Having security programs installed is very helpful to you, but none of them have the gift of human thought. The best way to make sure you don't get infected is to exercise common sense. Be careful of what websites you visit - if a site looks suspicious, trust your instincts and get out of there. Be careful of what attachments you open in emails and files you download from websites - check them over carefully to make sure that you know what you're getting.

Using peer-to-peer programs (eg: LimeWire, BitTorrent, uTorrent, Kazaa) or downloading cracks and keygens is something else to avoid. These are the most common way to get infected. Malware writers use these programs to spread infections as it is the easiest way for them. The majority of infections we see in the Malware Removal forum are due to people using p2p programs to download cracks/keygens/warez. These are not only illegal, but will always contain some form of malware. You have no way of verifying that the things you download are legitimate or that they don't contain malware. Even with an up to date anti-virus and firewall, some of these things will still infect you. It is highly recommend that you uninstall all peer-to-peer programs. It just isn't worth it.

Other common ways of getting infected are dis-reputable sites forcing you to download and install a codec. Or viruses using Instant Messaging programs (Windows Live Messenger, MSN Messenger, AIM) to send a file claiming it to be "photos" from a friend, only for it to turn out to be a virus.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Slow computer?
If your computer begins to slow down in the future for no particular reason, your first step should not be to come to the malware forum. As your computer ages and is used, it's parts wear, files and programs accumulate, and its performance can decrease. To restore your computer's performance to its best possible level, follow the steps in this page written by malware expert Miekiemoes.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I'll leave this thread open for a couple days in case you come across any lingering problems that need fixing, then I'll close it up. If you need it reopened for any reason just shoot me a PM. It's been a pleasure working with you, now best of luck!

Cheers,
Gammo :cool:

Posted Image

Please post the final results, good or bad. We like to know!
My help is always free, but if I have helped you, please consider making a donation to help me continue the fight against malware! Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users