Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

web address hijacked


  • This topic is locked This topic is locked
11 replies to this topic

#1 kadada007

kadada007

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:57 PM

Posted 08 May 2014 - 06:30 AM

I have set my home page to yahoo as default but this alnaddy.com hijacked my home page can't get rid of it. please guys help. is there anything I can delete to speedup my computer please advise

 

Attached Files



BC AdBot (Login to Remove)

 


m

#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,904 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:57 AM

Posted 08 May 2014 - 10:14 AM

Hello and Welcome on board kadada007 :welcome:,

my Name is Machiavelli and I will assist you with your problem.
If you booted into safe mode on your computer then print my instructions!
I'm in the 'Malware Staff Team' and will provide you with advice:

To remove Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do. just ask me! Please stay in contact with me until the problem is fixed.

Below are a few tips:
  • Removing Malware is usually very difficult.
    We need to search and analyse a lot of files. As this is done in our free time, please be patient especially if I don't answer every day!
  • Please follow these instructions
    If you don't follow the instructions your computer may crash. If you fix your PC by yourself, this can be very risky!
  • Please stay in contact with me until your problem is resolved
    As Malware may not be totally removed in one session or in one day, please stay in contact with me until the problem is resolved.
  • Please don't run any other tools without consulting with me as this can complicate finding and removing all Malware
    Don't run any tools while I'm fixing your PC. That is counter productive and again, will only complicate finding and removing all Malware!
  • Read my post completely
    If you don't do so, you may make mistakes that could result in your System crashing by your own actions!
 

HJT is outdated today, so we will use another tool for it.

Please download OTL (by OldTimer) (if you haven't already) from the link below and save it to your Desktop.
 

Download Mirror #1

  • Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the customFix.png.pagespeed.ce.jU5V4w6MU1.pn box in OTL. To do that:
    • Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.

    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    qmgr.dll
    mpsvc.dll
    winsock.*
    rpcss.dll
    /md5stop
    dir "%systemdrive%\*" /S /A:L /C
    CREATERESTOREPOINT

  • Open otlicon.png on the desktop. To do that:
    • XP users: Double click on the OTL icon.
    • Vista / 7 Users: Right click on the icon and click Run as Administrator)
  • Make sure all other windows are closed.
    • You will see a console like the one below:

      OTL_Main_Tutorial.gif
      • Click the box beside Scan All Users at the top of the console
      • If you have a 64bit Windows, click the box beside Include 64bit Scans at the top of the console.
      • Make sure the Output box at the top is set to Standard Output.
      • Check the boxes beside LOP Check and Purity Check.
      • Make sure that Use Safe List is checked under Extra Registry.
      • Place the mouse pointer inside the customFix.png.pagespeed.ce.jU5V4w6MU1.pn box, right click and click Paste. This will put the above script inside OTL
      • Click the runscanbutton.png.pagespeed.ce.KPQ_c3iHh button. Do not change any settings unless otherwise told to do so.
      • Let the scan run uninterrupted.
      • When the scan completes, it will open OTL.Txt on the desktop.
      • Please copy the contents of these files and paste it into your reply. To do that:
        • On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
        • Right click inside the forum post window then click Paste. This will paste the contents of the OTL.txt file in the in the post window.
      • Please do the same for the Extras.txt

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 kadada007

kadada007
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:57 PM

Posted 11 May 2014 - 10:20 AM

Hi Machiavelli

thanks for helping me. I did as you instructed OLL and here are the log files

Attached Files

  • Attached File  OTL.Txt   466.5KB   1 downloads


#4 kadada007

kadada007
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:57 PM

Posted 11 May 2014 - 10:24 AM

Hi Again Machiavelli

here is the extra files.....I could not attach it because it said it is too big.


OTL Extras logfile created on: 5/11/2014 5:16:51 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\hani\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
5.48 Gb Total Physical Memory | 3.71 Gb Available Physical Memory | 67.66% Memory free
10.96 Gb Paging File | 9.10 Gb Available in Paging File | 83.08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 570.42 Gb Total Space | 186.25 Gb Free Space | 32.65% Space Free | Partition Type: NTFS
Drive D: | 21.58 Gb Total Space | 2.32 Gb Free Space | 10.77% Space Free | Partition Type: NTFS
Drive E: | 3.96 Gb Total Space | 1.08 Gb Free Space | 27.28% Space Free | Partition Type: FAT32
Drive G: | 437.43 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: HANI-HP | User Name: hani | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-915086793-469876900-2717650570-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AutoUpdateDisableNotify" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0697CE4F-A3A6-4C7F-93F2-281FBE4D8763}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{0E4B756C-991F-41C6-8C87-9E806C7987DB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{149BCAA2-9615-4341-B98E-9E3FECA1801D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{20753124-B1D4-4571-A10C-DBA8731B461F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{26D3CB77-D209-423D-8FD6-63209143E314}" = rport=137 | protocol=17 | dir=out | app=system |
"{2C2E456D-F1E3-4495-B36A-BB96893BFDFF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{32D6C6F3-2094-41FC-8E0A-441F99677CA9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3ABD14CD-C51E-44D0-9A33-A33AC1A5BA8A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3B849F21-6273-43B0-A34E-3D92645CE6EE}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4EE0AFCB-3AD5-41D4-88BE-CA02067310DA}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{52BE66B1-1B0B-4672-B9AE-8FBCC42C932B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5EF2CFA2-41AB-4C4E-B3B1-C43F19D229B3}" = rport=445 | protocol=6 | dir=out | app=system |
"{672CF0C7-B30D-470B-8C1F-070CEDC4164B}" = lport=10243 | protocol=6 | dir=in | app=system |
"{6FE45A98-BA83-4CFE-8CA2-8CA12720F2C6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{77C4C33C-7C1F-4369-A504-03403BDE0243}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{8A1460BF-6C46-4959-AB00-712172E02198}" = lport=138 | protocol=17 | dir=in | app=system |
"{9A4BCB92-7BC4-4583-8759-EF080C8E9B41}" = rport=139 | protocol=6 | dir=out | app=system |
"{9A71EA33-25BA-4C48-B4CD-858D4AA87869}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{A60979EC-C411-4165-9C95-E68EC66539FE}" = lport=139 | protocol=6 | dir=in | app=system |
"{AAD47BE2-9A08-4570-8D95-6AB4D19BDE96}" = rport=138 | protocol=17 | dir=out | app=system |
"{AC11359D-596E-4E03-BA59-DC76C10182E8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B72F59F4-F1C9-4E37-A97B-F62C2046A477}" = lport=445 | protocol=6 | dir=in | app=system |
"{D1EF07F5-F3D2-4D3B-9510-56E83358DB4D}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{D618AC02-8EAD-4E2F-910F-55008C451048}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{E29F921A-2FB0-4707-83A8-BEB835598032}" = rport=10243 | protocol=6 | dir=out | app=system |
"{E72895C7-5DE9-4B56-9C70-C4D2247A4D23}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EFF1D10F-FF71-435A-AC92-B4CF457F57FB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F53F25CB-AA9B-4FE1-87DE-AFDE055309F0}" = lport=137 | protocol=17 | dir=in | app=system |
"{F91BD14B-3B53-46BE-8468-24BC08458A5F}" = lport=53754 | protocol=6 | dir=in | name=akamai netsession interface |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{022E5159-7EE8-465D-B78E-17DB97A53797}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{03BDDCFE-CFCE-4F80-8C46-14911C3BB318}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{046A4A7B-54CC-4A89-B540-6687534D58A5}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{053415BF-9968-4774-BC05-3C0A2EFEC0E8}" = protocol=17 | dir=in | app=c:\program files (x86)\yourfiledownloader\downloader.exe |
"{055595CD-2C12-4D38-84D1-B5503D917B86}" = protocol=6 | dir=in | app=c:\users\hani\appdata\roaming\utorrent\utorrent.exe |
"{063CC6C5-943F-4C5E-B138-01EB7C43ED6B}" = protocol=6 | dir=in | app=c:\users\hani\appdata\roaming\utorrent\utorrent.exe |
"{07833EFD-11F4-4A23-85AB-64796AD39EB2}" = protocol=6 | dir=in | app=c:\program files (x86)\goforfiles\goforfilesdl.exe |
"{25D7D83A-D073-446F-ACE8-0CB7003CCBF7}" = protocol=17 | dir=in | app=c:\program files (x86)\nuance\nuance cloud connector\wosvsssvr2003.exe |
"{26F1DFF4-C320-440B-9B1F-998E2A5B80E2}" = protocol=6 | dir=in | app=c:\program files (x86)\red sky\downtango\downtango.exe |
"{279DE777-6B88-4838-BA39-F41480ED44CA}" = protocol=17 | dir=in | app=c:\program files (x86)\goforfiles\goforfilesdl.exe |
"{283C77C8-9129-4722-8F50-06819510F388}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\indivdrm.exe |
"{2B51A777-71D0-4D58-BD64-E797444462C1}" = protocol=17 | dir=in | app=c:\program files\freedom scientific\activator\2.0\fsclientactivator.exe |
"{2E4CACF7-378C-423D-9902-675EE9CC5008}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{350F46D9-1838-43AE-9C4B-18B25D7018CF}" = protocol=17 | dir=in | app=c:\program files (x86)\yourfiledownloader\downloader.exe |
"{3546755E-3922-47F3-ACFC-928020F6D937}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{35B0933D-8E96-44B2-B5F2-4DAFB5A61177}" = protocol=17 | dir=in | app=c:\users\hani\appdata\roaming\utorrent\utorrent.exe |
"{3750E1C1-370B-475B-B303-1AD5086F16E6}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{3F0EBE02-E8FA-4732-A896-CE957BFD0D16}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{3F832683-A1F6-4FC0-BB65-30A529979616}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4009A278-6D82-490F-A3DA-E5626A05016D}" = protocol=6 | dir=in | app=c:\program files (x86)\yourfiledownloader\yourfile.exe |
"{406CABC0-A818-4F4D-8C0C-31EC3611A111}" = protocol=6 | dir=in | app=c:\program files (x86)\goforfiles\goforfiles.exe |
"{42B819AF-6FF7-4898-8C94-2F20498AFF49}" = dir=in | app=c:\users\hani\appdata\local\tnt2\2.0.0.1760\tnt2user.exe |
"{43D4DD72-8E68-496C-80EB-49F21ED5164B}" = protocol=6 | dir=in | app=c:\program files (x86)\expressfiles\expressfiles.exe |
"{4A6C7D71-F95D-4A27-AA25-289053E437BD}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{53E52939-A57C-4F73-BC79-E93564634569}" = dir=in | app=c:\users\hani\appdata\local\tnt2\2.0.0.1760\tnt2user.exe |
"{546BC741-04F3-40E1-A8C9-EC735E7E2E75}" = protocol=17 | dir=in | app=c:\program files (x86)\red sky\downtango\pyload-dist\pyloadcore.exe |
"{5493522E-2867-4C9C-9D9F-CF53C59DBF7E}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |
"{5B17EF16-389A-4D60-B375-8B56546A64EC}" = protocol=6 | dir=in | app=c:\users\hani\appdata\local\akamai\netsession_win.exe |
"{60AAD868-72A1-495A-ABB0-485D31E48D1B}" = protocol=6 | dir=in | app=c:\program files (x86)\nuance\nuance cloud connector\gladinetclient.exe |
"{61C41AB6-FFDE-43B2-8090-CCFBB6DF6FEB}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{636636BD-0152-4E26-81D1-8E7F83A520CB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6838037A-F12E-46C3-9CDC-392AE18115EC}" = protocol=6 | dir=in | app=c:\program files (x86)\expressfiles\expressdl.exe |
"{6846491F-C5C5-4786-ADE7-A8D3D1AB41FB}" = protocol=17 | dir=in | app=c:\users\hani\appdata\roaming\dropbox\bin\dropbox.exe |
"{6896D5D0-C6E8-46F6-8597-429823660E99}" = protocol=17 | dir=in | app=c:\program files (x86)\nuance\nuance cloud connector\gladinetclient.exe |
"{6CFA8649-18E6-4F7D-94E0-A30B1A66F655}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{75182EFF-79BC-4814-8B6D-9FD8585CE499}" = protocol=6 | dir=in | app=c:\users\hani\appdata\roaming\dropbox\bin\dropbox.exe |
"{7569DB3C-6394-404F-8ACF-A3BF84F0584E}" = dir=out | app=c:\program files (x86)\protected search\protectedsearch.exe |
"{77B9CF85-A4BE-45F1-A43E-26C2D739B093}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{80D06D4B-9DF3-43BC-8C16-6CDD82F5CAEC}" = protocol=17 | dir=in | app=c:\program files (x86)\goforfiles\goforfilesdl.exe |
"{846DD020-E0CE-4542-AEF3-6142A263ECC7}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{85DADBBF-96B8-4779-8171-9893634764F6}" = protocol=17 | dir=in | app=c:\users\hani\appdata\roaming\utorrent\utorrent.exe |
"{934A05A1-539F-43F7-B7D2-4FE67B2CF436}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpwarrantychecker.exe |
"{93A02F65-8CF6-4433-9A6C-828BD9D0BD56}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"{946CC499-71A1-48E9-AB41-ADE7CE8D912F}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\indivdrm.exe |
"{952F7364-764A-4BE7-8ADC-8A628D33FCD1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{96101363-A8EF-4403-97F1-9EB14A2D5AD0}" = dir=in | app=c:\program files (x86)\rosettastoneltdservices\rosettastonedaemon.exe |
"{992B96D7-000B-4885-9DFE-9342907CB93C}" = protocol=6 | dir=in | app=c:\program files (x86)\nuance\nuance cloud connector\wosvsssvr.exe |
"{9A5DF6FE-1ABD-46E5-961D-63B768654E83}" = dir=in | app=c:\program files (x86)\protected search\protectedsearch.exe |
"{9BF513DA-CA85-4FAA-B5CF-A4F71A351AC5}" = protocol=17 | dir=in | app=c:\users\hani\downloads\bittorrent(1).exe |
"{9CEA9421-B3B5-42DE-97D9-6B340D8EDE44}" = protocol=17 | dir=in | app=c:\program files (x86)\goforfiles\goforfiles.exe |
"{A0058899-5C17-4F54-8B5F-04779C70D9A2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A24250A8-7849-4928-B968-0E6BD91416E1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A27F9816-89E3-4FA0-BA45-66E86C72531B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A649DDCD-8A56-4EE6-BB92-743C33AC4C24}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A77E12DD-E1DF-4E71-BC6F-7FDF203170A4}" = dir=in | app=c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpdevicedetection3.exe |
"{ABE4A858-C816-4752-AE31-35E66E0A04F8}" = protocol=6 | dir=in | app=c:\program files (x86)\goforfiles\goforfilesdl.exe |
"{B2033D42-8DB1-44A3-B5F6-2330D0DDD4AE}" = protocol=6 | dir=in | app=c:\program files (x86)\yourfiledownloader\yourfile.exe |
"{B3E35F4F-DDF5-4A47-9E7A-4193565411FF}" = protocol=17 | dir=in | app=c:\program files (x86)\expressfiles\expressfiles.exe |
"{B4156417-F862-48EB-9863-E00DB729DC3F}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |
"{B7F926DC-3CF4-4B25-B3F3-E3935DBF6229}" = protocol=17 | dir=in | app=c:\users\hani\appdata\local\akamai\netsession_win.exe |
"{B7FFE287-2C86-4EE7-B31A-7E5C79198464}" = protocol=6 | dir=in | app=c:\program files (x86)\nuance\nuance cloud connector\wosvsssvr2003.exe |
"{BDB31B44-B1C1-4B5B-B5A7-60454121D990}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C362BDCE-20D4-4D5E-8055-A07A32DE13C8}" = protocol=17 | dir=in | app=c:\program files (x86)\red sky\downtango\downtango.exe |
"{C4AD6B7A-F1D9-4189-A247-3C911E24B37D}" = protocol=6 | dir=in | app=c:\program files\freedom scientific\activator\2.0\fsclientactivator.exe |
"{C784823E-4E0A-4D25-B485-F70F561FD328}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"{CA9B666B-C4BB-44E8-AEAB-17E815135665}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{CC65E910-9CA3-4FDD-BD6A-98F68287C8AA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CD270720-B421-4D5D-82FF-C947C2BA6D24}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CDDD3AEF-7BB4-4B89-AFE2-CF7FE1435AB0}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D1955E98-ABD7-48D8-809C-1D1471991886}" = protocol=6 | dir=out | app=c:\program files (x86)\rosettastoneltdservices\rosettastonedaemon.exe |
"{D4742516-819C-407C-BDB3-722AB3F5450B}" = protocol=17 | dir=in | app=c:\program files (x86)\yourfiledownloader\yourfile.exe |
"{D766F555-AB1C-4421-81F0-DA107FAC5523}" = protocol=6 | dir=in | app=c:\program files (x86)\goforfiles\goforfiles.exe |
"{D9C6CA75-2387-4BF8-B481-0DAD619A6FF3}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{DC6ECBAE-8FFB-4493-BF8A-D718A97D6A4F}" = protocol=17 | dir=in | app=c:\program files (x86)\expressfiles\expressdl.exe |
"{DD77DD61-F904-452F-A629-0D2E3641EBD8}" = protocol=17 | dir=in | app=c:\program files (x86)\goforfiles\goforfiles.exe |
"{DF348561-1231-49AF-AB29-744F86D3ED3C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E5569589-6965-44A3-AD20-F5A4ADEFEDF8}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{EA14C01B-1DAC-4E6F-B8C9-5AD8EC13900B}" = protocol=17 | dir=in | app=c:\program files (x86)\yourfiledownloader\yourfile.exe |
"{EA40A85D-2D9C-4D9F-9461-71742BAA1FCA}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{EB0C8CBC-3B64-408E-B18C-62C4037EB842}" = protocol=17 | dir=in | app=c:\program files (x86)\nuance\nuance cloud connector\wosvsssvr.exe |
"{EC58AF1C-4604-4AAC-9374-86C9F5845A61}" = protocol=6 | dir=out | app=c:\program files (x86)\rosettastoneltdservices\rosettastoneltdservices.exe |
"{ECDFE25B-EB5D-492A-B102-48F3367FF56D}" = protocol=6 | dir=out | app=system |
"{EE7ADA0B-F4DD-49B7-BCA8-882451DF7297}" = protocol=6 | dir=in | app=c:\program files (x86)\yourfiledownloader\downloader.exe |
"{EF239C45-654B-471B-8AED-E21C48162DC8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F024AF66-079B-45E2-B890-AEC864A0F34D}" = protocol=6 | dir=in | app=c:\program files (x86)\red sky\downtango\pyload-dist\pyloadcore.exe |
"{F67ACE9E-19A2-45D2-BE8F-873917CD02C7}" = protocol=6 | dir=in | app=c:\program files (x86)\yourfiledownloader\downloader.exe |
"{F876E36C-753F-43B2-8046-148C22176B61}" = protocol=6 | dir=in | app=c:\users\hani\downloads\bittorrent(1).exe |
"{F8917B2B-C534-49FF-BCB4-3DC6C4AE7EAA}" = dir=in | app=c:\program files (x86)\rosettastoneltdservices\rosettastoneltdservices.exe |
"TCP Query User{A2245AFB-7E1C-4704-AE69-AC53C98416EB}C:\users\hani\appdata\roaming\mjusbsp\magicjack.exe" = protocol=6 | dir=in | app=c:\users\hani\appdata\roaming\mjusbsp\magicjack.exe |
"TCP Query User{F1AFC8C8-2B62-445E-9FEE-68A503889618}C:\users\hani\appdata\roaming\mjusbsp\magicjack.exe" = protocol=6 | dir=in | app=c:\users\hani\appdata\roaming\mjusbsp\magicjack.exe |
"UDP Query User{5D8E2D5B-B4BA-414C-9012-A775FC0B4943}C:\users\hani\appdata\roaming\mjusbsp\magicjack.exe" = protocol=17 | dir=in | app=c:\users\hani\appdata\roaming\mjusbsp\magicjack.exe |
"UDP Query User{96F59BA6-3FBB-4670-A361-426634A36D01}C:\users\hani\appdata\roaming\mjusbsp\magicjack.exe" = protocol=17 | dir=in | app=c:\users\hani\appdata\roaming\mjusbsp\magicjack.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.2 (r693)
"{0265C49B-BABA-4797-9AC8-AA69EE08B4AD}" = Freedom Scientific Video Intercept
"{054EF02F-95D8-48F4-9EEB-2F9CE3072ED8}" = AuthenTec TrueAPI
"{0576788F-2993-455F-80CD-980114095103}" = HP Security Assistant
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1CCBF2EE-E481-4A55-B7AF-EE729078B5EE}" = Freedom Scientific Ocr
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{259683DC-DC35-407E-B470-1E4AAD5D6DC4}" = Freedom Scientific Talking Installer 15.0
"{283F4698-9A83-4D53-976C-0A6D29ACC6E7}" = Freedom Scientific XQilla 2.0
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{2AD45E41-2EA5-485E-81C7-9CE47A1D5BC3}" = Freedom Scientific Braille
"{2FD3DC87-EC8D-78D2-1D3A-F4D6E7531BAF}" = AMD Fuel
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5691110B-7FF5-4622-95FC-63AF49E4C4EB}" = Freedom Scientific WOW64 Proxy
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6032497A-4479-462B-ADB8-A0A372BB9A23}" = HP Application Assistant
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6C654742-DA97-4B78-B1CA-A0859A9B1243}" = Freedom Scientific UIAHooks 1.0
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6ECDAC2F-12C1-E49B-448E-6002368967E0}" = AMD Steady Video Plug-In
"{771ACF6D-1A05-4195-9739-3EBBDE3A2AA3}" = Freedom Scientific FSReader 3.0
"{787136D2-F0F8-4625-AA3F-72D7795AC842}" = Apple Mobile Device Support
"{79174AF2-6CB1-42F5-981E-66DCA49391D0}" = Validity WBF DDK
"{7A6B4BF8-961E-4A50-BE30-6721DAF83739}" = Document Express DjVu Plug-in
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CA3FD8F-9FDC-4050-AAD5-57876E79BF28}" = Freedom Scientific JAWS Training Table Of Contents DAISY Files
"{8E508198-1782-4ABD-AB02-246357C7AF41}" = Freedom Scientific Document Server
"{8F889A47-3BEC-4CFA-8C15-8BF61FECD28B}" = Freedom Scientific Error Reporting
"{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-003D-0000-1000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9FDFA3D9-C04C-4123-811D-DBD3F574F431}" = Freedom Scientific FSRibbonSrv 1.0
"{A334FFCA-53ED-4C84-9A60-48CA885382AB}" = Freedom Scientific Utilities
"{A82CCA82-3219-42A5-9AF4-E29F56D02E36}" = Freedom Scientific Synth
"{ACD449FA-9DF3-779D-DA68-11D486963225}" = AMD Catalyst Install Manager
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{AF6A5953-FE5F-451C-BD86-D0EB3F76A6E0}" = Freedom Scientific Elevation
"{B79DA7A6-18A4-4147-9B49-A1AD9CB613FA}" = Nuance PDF Converter Enterprise 7
"{B8BA155B-1E75-405F-9CB4-8A99615D09DC}" = iTunes
"{BF1E75D0-E7AF-4BEA-9FBC-567F0C54BDF9}" = HP Launch Box
"{BF92729B-1505-55D8-DAD4-4727CDB02FF6}" = ccc-utility64
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{DFB497E0-CE3F-40FC-9596-FC7A48775DE4}" = HP 3D DriveGuard
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"8461-7759-5462-8226" = Vuze
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 9.10.0.1629
"CCleaner" = CCleaner
"ErrorReportingClient" = Freedom Scientific Error Reporting
"FSOcr64" = Freedom Scientific Ocr
"FSReader3.0" = Freedom Scientific FSReader 3.0
"FSVI" = Freedom Scientific Video Intercept
"Office14.SingleImage" = Microsoft Office Home and Business 2010
"PacFunction" = PacFunction
"SynTPDeinstKey" = Synaptics TouchPad Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00A42832-B21A-4296-B5F4-D296D0BC4A3E}" = HP Quick Launch
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0535D679-6FFB-2CAB-F7FF-7B05D6D6CAB5}" = CCC Help Chinese Standard
"{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{11AF9A96-6D83-4C3B-8DCB-16EA2A358E3F}" = HP CoolSense
"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = HP MovieStore
"{16F1B95A-F813-7600-EFA5-A97CB11222BC}" = CCC Help French
"{17A5CB1F-712A-41D2-FBBB-4A881EBA9B17}" = CCC Help Polish
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1DFA0C99-6E2E-46F4-B242-51C7CF41DDE5}" = HP Software Framework
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20DBF540-DF10-0A5C-7443-F139A84CC1F5}" = CCC Help Dutch
"{21CC6030-B1EA-3E53-DF36-38054A1596B4}" = CCC Help Turkish
"{26A24AE4-039D-4CA4-87B4-2F83217051FF}" = Java 7 Update 51
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{29819186-C15B-D50E-AB2E-8C24E2619273}" = CCC Help Portuguese
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{314F8264-25FB-C833-1017-3A0E0846112C}" = CCC Help Hungarian
"{3167966F-9811-30EF-6093-B7B95E2F19B7}" = Catalyst Control Center Graphics Previews Common
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{346DAD45-38D4-B63C-C372-1E2BC136DE69}" = CCC Help Finnish
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3615560A-3601-4727-B44D-853BEF395F5C}" = Elevated Installer
"{3677D4D8-E5E0-49FC-B86E-06541CF00BBE}" = opensource
"{3A83B36C-17B9-4832-445A-7A9DF377BB12}" = CCC Help Swedish
"{4010ADCB-1347-D570-FCF1-3002CABEBD2F}" = Rosetta Stone TOTALe
"{418BAAD1-754D-48B4-B078-46EF4F25AF42}" = Google Drive
"{423FBEB8-21C6-4720-A8DA-B19B06FDB607}" = HP SimplePass 2012
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{58A2F6F8-6009-CC35-2A83-DB5F922003DE}" = CCC Help Czech
"{5E21F3A1-9E84-DC22-1C62-0DB056EC7344}" = CCC Help Japanese
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6146B9DC-C33D-11E2-BDE1-984BE15F174E}" = Evernote v. 4.6.6
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6EFD0C42-4CC1-4716-A0CA-21C1A062CF34}" = AMD System Monitor
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.2.3
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{712C9875-89BA-44E4-966A-106DF3141740}" = Garmin Express Tray
"{72006F50-7AE2-4066-A4C2-EFDB297D0574}" = Refined Elliott Trader 1.2.2
"{741006D1-7B2B-4E33-B2B0-831F282EEF64}" = Blio
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BB2EF8A-5376-4BAE-96D0-38BE49501F40}" = Rosetta Stone Ltd Services
"{7D3A7C2E-DC30-4726-AF81-9DFCCF88DC1E}" = Garmin Express
"{7E799992-5DA0-4A1A-9443-B1836B063FEC}" = HP Power Manager
"{81C9D048-B677-3CDD-7E20-3AF8DBFC4A0A}" = Catalyst Control Center Localization All
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{870163D1-4D3A-198C-5414-889F1F4347AE}" = CCC Help Korean
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8A1FEA5E-8DB8-AD80-5C14-AEF33D16EF5A}" = Rosetta Stone TOTALe
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MovieStore
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93335AAC-9F8B-54DF-7DB5-2C98D0DC2111}" = CCC Help Chinese Traditional
"{9471d6bd-67a9-40f6-a420-2ae4f08ef003}" = Garmin Express
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A5A9BA6-5B13-4D31-8B00-438FF59B02F0}" = Freedom Scientific OmniPage
"{9BCA64E3-D180-4F13-8014-5E62947150C1}" = HP Documentation
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CBFFF67-CB9F-4D77-9093-1B456381EC9D}" = Freedom Scientific Ocr
"{9D3D8C60-A55F-4123-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}" = Apple Application Support
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.06)
"{AD0AAA4D-9A81-8B10-EB28-3C1372987DE7}" = CCC Help Italian
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4F17D6A-12A3-5403-6050-32A5B4A31F31}" = Catalyst Control Center InstallProxy
"{B79DA7A6-18A4-4147-9B49-A1AD9CB613FA}" = Nuance PDF Converter Enterprise 7
"{BB285C9F-C821-4770-8970-56C4AB52C87E}" = Skype Click to Call
"{BB359D20-3F9B-4302-A537-9A04B2A702EA}" = Excel 2007 Data Analysis and Business Modeling
"{BB4FC2AD-DF12-4EE1-8AA7-2C0A26B5E2FB}" = HP QuickWeb
"{BFBA7F3A-1F10-4754-ADEC-A8CFBB4F925B}_is1" = ePub Reader for Windows version 5.0
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C55C2A19-BAD2-287A-1D7A-9D5FF5FD526E}" = AMD VISION Engine Control Center
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BE}" = WinZip 15.0
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2601DD7-7B50-4E43-8423-3F9F433F6971}" = Nuance Cloud Connector
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D46914D5-CA39-1A40-3CEC-9368E9C28568}" = CCC Help Greek
"{DBCD5E64-7379-4648-9444-8A6558DCB614}" = HP Recovery Manager
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DEA477E5-F916-973D-E1AB-3CDC735FDB58}" = CCC Help Norwegian
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}" = HP Support Assistant
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1" = SpeedUpMyPC
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E96CAA2A-0244-4A2A-8403-0C3C9534778B}" = ESU for Microsoft Windows 7 SP1
"{EA0E4DD2-7CD7-9583-0BE6-AFF3DF09E3E4}" = CCC Help Thai
"{ED1BD69A-07E3-418C-91F1-D856582581BF}" = HP On Screen Display
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0A76517-2D1D-8DE3-F3B7-121B6A1990E8}" = CCC Help English
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F30403FF-0146-4633-AAC5-D5CD5C50AE70}" = Catalyst Control Center - Branding
"{F35C5FE9-57EC-9936-5738-D7EB3EA73B28}" = CCC Help Spanish
"{F4708461-A1E0-0657-1FC6-FACFEEA55CBE}" = CCC Help Russian
"{F4DA19E5-A560-4313-8623-3493DCE3C681}" = Freedom Scientific Synthesizer Eloquence
"{F4EB5AE1-0065-0752-FF11-1E45ABCD443A}" = CCC Help Danish
"{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}" = HP Setup
"{FAEE61D3-2A5E-4F7F-926F-77AAC08CE4DD}" = Sentinel System Driver Installer 7.5.0
"{FC2150C5-A1AF-6238-9632-E5BB8739C0BC}" = CCC Help German
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"1ClickMovie-Download V9.0" = 1ClickMovie-Download V9.0
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Digital Editions 3.0" = Adobe Digital Editions 3.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 13 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AVS Audio Converter_is1" = AVS Audio Converter 7.2
"AVS Audio Editor_is1" = AVS Audio Editor 7.2
"AVS Audio Recorder_is1" = AVS Audio Recorder 4.0
"AVS Disc Creator_is1" = AVS Disc Creator 5.2
"AVS Document Converter_is1" = AVS Document Converter 2.3.1
"AVS DVD Copy_is1" = AVS DVD Copy 4.1.2.283
"AVS Image Converter_is1" = AVS Image Converter 3.1.1.275
"AVS Media Player_is1" = AVS Media Player 4.2.2.104
"AVS Photo Editor_is1" = AVS Photo Editor 2.2.1.140
"AVS Registry Cleaner_is1" = AVS Registry Cleaner 2.3.2.257
"AVS Ringtone Maker 1.6_is1" = AVS Ringtone Maker version 1.6
"AVS Video Editor_is1" = AVS Video Editor 6.5
"AVS Video Recorder_is1" = AVS Video Recorder 2.6
"AVS Video ReMaker_is1" = AVS Video ReMaker 4.3.1.160
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 8.5
"AVSCoverEditor2_is1" = AVS Cover Editor 2.0.1.3
"com.rosettastone.rosettastonetotale" = Rosetta Stone TOTALe
"FSOcr" = Freedom Scientific Ocr
"FSOmniPage" = Freedom Scientific OmniPage
"Google Chrome" = Google Chrome
"HP DVB-T TV Tuner" = HP DVB-T TV Tuner 8.0.64.43
"IamFX MT4" = IamFX MT4
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"MetaStock Professional 11.0" = MetaStock Professional 11.0
"Mozilla Firefox 17.0.1 (x86 en-US)" = Mozilla Firefox 17.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"N360" = Norton 360
"OANDA - MetaTrader" = OANDA - MetaTrader
"onewebsearch EasyLink" =
"OpenVPN" = OpenVPN 2.2.1
"SaxoMT4" = SaxoMT4
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 2.1.3
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WTA-06da509d-31c8-4f61-a640-ac935e155251" = Blackhawk Striker 2
"WTA-0fcd69d3-87c6-4b6a-9a95-2fd39f9ba1d2" = Farm Frenzy
"WTA-10a1fc88-8c7a-4625-bfe4-c2ada380c50d" = Mah Jong Medley
"WTA-2052994c-756d-4776-ab9b-917ca3ef3c5a" = Polar Bowler
"WTA-229558b2-d3f4-49ac-a286-4d99587577f8" = Luxor HD
"WTA-2a180a0d-b4a3-44f6-b590-eb5df87f4df3" = Bejeweled 3
"WTA-2a999180-fa78-45da-bde5-c893325f7c40" = Hoyle Card Games
"WTA-3a900e77-a9da-46ea-ad2a-1db8a25b3bbd" = Zuma's Revenge
"WTA-493e9431-f82f-4da4-9c17-2a1628ac061d" = Polar Golfer
"WTA-516a1900-183e-4086-8460-3731bf9f3ee4" = Farmscapes
"WTA-63b5bb75-2d2d-43e5-a3ae-cd493c6b4ea4" = Torchlight
"WTA-710c1783-7675-45b0-90c5-0145fa00de5a" = John Deere Drive Green
"WTA-76292097-1479-4203-9b49-367fc0e837ec" = Penguins!
"WTA-8b98dc94-4580-4a5e-aaf7-b507a7d8ef3c" = Poker Superstars III
"WTA-962bc21c-3b50-4e29-98a1-7a04a6697607" = Chuzzle Deluxe
"WTA-b65a9662-7ed8-4b5c-a353-1902fe2d9e9e" = Jewel Quest Mysteries: The Seventh Gate Collector's Edition
"WTA-b8593d0c-6c84-4427-b540-02c0710c2042" = FATE
"WTA-c735bbf9-ebf5-40e5-a347-08ccace13707" = Letters from Nowhere 2
"WTA-d6af9557-041a-45b8-9676-8d2b78089c55" = RollerCoaster Tycoon 3: Platinum
"WTA-de3dcf44-522d-4153-8da8-698c5e4cb7e1" = Plants vs. Zombies - Game of the Year
"WTA-e115501e-10c3-4e73-8fe9-569002b87744" = Cradle of Rome 2
"WTA-e666f520-2151-4e45-a609-a6e223ffa76c" = Dora's World Adventure
"WTA-eda8fd8f-45e6-47ea-89e0-b68b06a704ac" = Jewel Match 3
"WTA-ee205b5e-45b2-4da4-88a5-15dc6c87cdd5" = Virtual Villagers 4 - The Tree of Life
"WTA-f83bd8b3-7fe9-474c-9635-5d6ec858ac99" = Final Drive Fury
"WTA-ff39f9af-4404-4104-a258-0cee7d306aa2" = The Treasures of Mystery Island: The Ghost Ship
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-915086793-469876900-2717650570-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"magicJack" = magicJack
"Mozilla Firefox 28.0 (x86 en-US)" = Mozilla Firefox 28.0 (x86 en-US)
"uTorrent" = µTorrent
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 5/8/2014 12:29:56 AM | Computer Name = hani-HP | Source = WinMgmt | ID = 10
Description =
 
Error - 5/8/2014 12:38:29 AM | Computer Name = hani-HP | Source = WinMgmt | ID = 10
Description =
 
Error - 5/8/2014 1:49:11 PM | Computer Name = hani-HP | Source = WinMgmt | ID = 10
Description =
 
Error - 5/8/2014 11:57:14 PM | Computer Name = hani-HP | Source = WinMgmt | ID = 10
Description =
 
Error - 5/9/2014 5:29:36 AM | Computer Name = hani-HP | Source = Application Error | ID = 1000
Description = Faulting application name: FlashPlayerPlugin_13_0_0_206.exe, version:
 13.0.0.206, time stamp: 0x53519bd9  Faulting module name: FlashPlayerPlugin_13_0_0_206.exe,
 version: 13.0.0.206, time stamp: 0x53519bd9  Exception code: 0x40000015  Fault offset:
 0x00017fd0  Faulting process id: 0x958  Faulting application start time: 0x01cf6b3cfd065e39
Faulting
 application path: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe
Faulting
 module path: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe
Report
 Id: 6f8c6d09-d75c-11e3-aaa3-082e5f98414a
 
Error - 5/9/2014 5:39:44 AM | Computer Name = hani-HP | Source = WinMgmt | ID = 10
Description =
 
Error - 5/10/2014 2:53:53 AM | Computer Name = hani-HP | Source = WinMgmt | ID = 10
Description =
 
Error - 5/10/2014 11:54:06 AM | Computer Name = hani-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 5/10/2014 11:54:06 AM | Computer Name = hani-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9766
 
Error - 5/10/2014 11:54:06 AM | Computer Name = hani-HP | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9766
 
[ Hewlett-Packard Events ]
Error - 1/22/2013 7:22:45 AM | Computer Name = hani-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261   at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Message: Object reference not set to an instance of an object.  StackTrace:
   at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Source: HP.SupportFramework.Utilities    Name: HPSF.exe  Version: 07.00.01.01
Path:
 C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: en-US
RAM:
 5609  Ram Utilization: 30  TargetSite: Void loadActiveCheckResult(Boolean)  
 
Error - 1/22/2013 8:01:05 AM | Computer Name = hani-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261   at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Message: Object reference not set to an instance of an object.  StackTrace:
   at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Source: HP.SupportFramework.Utilities    Name: HPSF.exe  Version: 07.00.01.01
Path:
 C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: en-US
RAM:
 5609  Ram Utilization: 30  TargetSite: Void loadActiveCheckResult(Boolean)  
 
Error - 1/22/2013 11:58:19 PM | Computer Name = hani-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261   at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Message: Object reference not set to an instance of an object.  StackTrace:
   at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Source: HP.SupportFramework.Utilities    Name: HPSF.exe  Version: 07.00.01.01
Path:
 C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: en-US
RAM:
 5609  Ram Utilization: 30  TargetSite: Void loadActiveCheckResult(Boolean)  
 
Error - 1/24/2013 2:48:29 PM | Computer Name = hani-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261   at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Message: Object reference not set to an instance of an object.  StackTrace:
   at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Source: HP.SupportFramework.Utilities    Name: HPSF.exe  Version: 07.00.01.01
Path:
 C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: en-US
RAM:
 5609  Ram Utilization: 30  TargetSite: Void loadActiveCheckResult(Boolean)  
 
Error - 1/25/2013 4:22:39 PM | Computer Name = hani-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261   at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Message: Object reference not set to an instance of an object.  StackTrace:
   at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Source: HP.SupportFramework.Utilities    Name: HPSF.exe  Version: 07.00.01.01
Path:
 C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: en-US
RAM:
 5609  Ram Utilization: 30  TargetSite: Void loadActiveCheckResult(Boolean)  
 
Error - 1/26/2013 12:19:46 PM | Computer Name = hani-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261   at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Message: Object reference not set to an instance of an object.  StackTrace:
   at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Source: HP.SupportFramework.Utilities    Name: HPSF.exe  Version: 07.00.01.01
Path:
 C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: en-US
RAM:
 5609  Ram Utilization:   TargetSite: Void loadActiveCheckResult(Boolean)  
 
Error - 1/27/2013 9:16:24 AM | Computer Name = hani-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261   at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Message: Object reference not set to an instance of an object.  StackTrace:
   at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Source: HP.SupportFramework.Utilities    Name: HPSF.exe  Version: 07.00.01.01
Path:
 C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: en-US
RAM:
 5609  Ram Utilization: 30  TargetSite: Void loadActiveCheckResult(Boolean)  
 
Error - 1/29/2013 12:41:45 AM | Computer Name = hani-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261   at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Message: Object reference not set to an instance of an object.  StackTrace:
   at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Source: HP.SupportFramework.Utilities    Name: HPSF.exe  Version: 07.00.01.01
Path:
 C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: en-US
RAM:
 5609  Ram Utilization: 30  TargetSite: Void loadActiveCheckResult(Boolean)  
 
Error - 1/29/2013 8:24:39 AM | Computer Name = hani-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261   at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Message: Object reference not set to an instance of an object.  StackTrace:
   at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Source: HP.SupportFramework.Utilities    Name: HPSF.exe  Version: 07.00.01.01
Path:
 C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: en-US
RAM:
 5609  Ram Utilization: 40  TargetSite: Void loadActiveCheckResult(Boolean)  
 
Error - 1/29/2013 2:56:06 PM | Computer Name = hani-HP | Source = HPSF.exe | ID = 2000
Description = HP Error ID: -2147467261   at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Message: Object reference not set to an instance of an object.  StackTrace:
   at HP.SupportFramework.Utilities.HPSAIssues.ActionItemCollection.loadActiveCheckResult(Boolean
 includeIgnored)  Source: HP.SupportFramework.Utilities    Name: HPSF.exe  Version: 07.00.01.01
Path:
 C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe  Format: en-US
RAM:
 5609  Ram Utilization: 30  TargetSite: Void loadActiveCheckResult(Boolean)  
 
[ HP Software Framework Events ]
Error - 9/18/2012 8:07:27 AM | Computer Name = hani-HP | Source = CaslWmi | ID = 5
Description = 2012/09/18 16:07:27.132|00001CE0|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 9/25/2012 8:45:42 AM | Computer Name = hani-HP | Source = CaslWmi | ID = 5
Description = 2012/09/25 16:45:42.824|00001F04|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 9/25/2012 8:45:45 AM | Computer Name = hani-HP | Source = CaslWmi | ID = 5
Description = 2012/09/25 16:45:45.262|00001C34|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 10/2/2012 8:50:38 AM | Computer Name = hani-HP | Source = CaslWmi | ID = 5
Description = 2012/10/02 16:50:38.005|00001AD4|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 10/2/2012 8:50:39 AM | Computer Name = hani-HP | Source = CaslWmi | ID = 5
Description = 2012/10/02 16:50:39.798|00001BA8|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 10/9/2012 9:13:46 AM | Computer Name = hani-HP | Source = CaslWmi | ID = 5
Description = 2012/10/09 17:13:46.746|00001288|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 10/9/2012 9:13:49 AM | Computer Name = hani-HP | Source = CaslWmi | ID = 5
Description = 2012/10/09 17:13:49.466|000016FC|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 10/16/2012 8:26:18 AM | Computer Name = hani-HP | Source = CaslWmi | ID = 5
Description = 2012/10/16 16:26:18.624|00001A24|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 10/16/2012 8:26:20 AM | Computer Name = hani-HP | Source = CaslWmi | ID = 5
Description = 2012/10/16 16:26:20.555|000019BC|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
Error - 10/16/2012 8:26:32 AM | Computer Name = hani-HP | Source = CaslWmi | ID = 5
Description = 2012/10/16 16:26:32.027|00001944|Error      |[CaslWmi]CommandFolio::A{hpCasl.enReturnCode(int&)}|Error
 0xe_BIOS_INVALID_COMMAND_TYPE from BIOS WMI call Read/2Eh while getting Folio state
 
[ System Events ]
Error - 5/8/2014 11:57:10 PM | Computer Name = hani-HP | Source = Service Control Manager | ID = 7000
Description = The Hotspot Shield Service service failed to start due to the following
 error:   %%3
 
Error - 5/8/2014 11:57:10 PM | Computer Name = hani-HP | Source = Service Control Manager | ID = 7000
Description = The nvda service failed to start due to the following error:   %%2
 
Error - 5/9/2014 5:39:28 AM | Computer Name = hani-HP | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Garmin
 Core Update Service service to connect.
 
Error - 5/9/2014 5:39:28 AM | Computer Name = hani-HP | Source = Service Control Manager | ID = 7000
Description = The Garmin Core Update Service service failed to start due to the
following error:   %%1053
 
Error - 5/9/2014 5:39:32 AM | Computer Name = hani-HP | Source = Service Control Manager | ID = 7000
Description = The Hotspot Shield Service service failed to start due to the following
 error:   %%3
 
Error - 5/9/2014 5:39:34 AM | Computer Name = hani-HP | Source = Service Control Manager | ID = 7000
Description = The nvda service failed to start due to the following error:   %%3
 
Error - 5/10/2014 2:53:50 AM | Computer Name = hani-HP | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Garmin
 Core Update Service service to connect.
 
Error - 5/10/2014 2:53:50 AM | Computer Name = hani-HP | Source = Service Control Manager | ID = 7000
Description = The Garmin Core Update Service service failed to start due to the
following error:   %%1053
 
Error - 5/10/2014 2:53:50 AM | Computer Name = hani-HP | Source = Service Control Manager | ID = 7000
Description = The Hotspot Shield Service service failed to start due to the following
 error:   %%3
 
Error - 5/10/2014 2:53:51 AM | Computer Name = hani-HP | Source = Service Control Manager | ID = 7000
Description = The nvda service failed to start due to the following error:   %%3
 
 
< End of report >
 

 



#5 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,904 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:57 AM

Posted 11 May 2014 - 11:49 AM

Hey,
you have much Adware. Please move the OTL.exe to your Desktop.
 
Step 1: P2P Warning

IMPORTANT I see, you have one or more P2P (Person to Person) programs installed.

1.) You have following P2P program installed: BitTorrent
2.) If you download files from non-documented sources per a P2P File sharing Program, you can expect a infection of malware. That isn't good for your PC. A long time ago File-sharing with P2P programs like UTorrent was fairly safe. But at this time it isn't true any more. Of course you can use P2P programs at your own risk, but that is maybe your source of your infection. It would be nice if you read thishere. So after reading the text you will recognize why you shouldn't have them.
3.) Please read this reports about the danger of P2P Programs:4.) I would recommend that you uninstall the above. That would be nice. If you like to uninstall the P2P Program, you can do it via Start >> Control Panel >> Add or Remove Programs
5.) If you want to keep the program on your computer , don't use it while we are fixing your computer! 
 
Step 2: SideBar Advice

In your logs I see that Windows SideBar is running! At the moment Windows SideBar has a security vulnerability and so I recommend you to disable it for a while. More information is here so far I noticed.

To disable Windows SideBar please follow the instructions below:
  • Download the FixIt from here to your Desktop
  • Double click on MicrosoftFixit50906.msi and follow the prompts to disable Windows SideBar and gadgets. Once finished, reboot your computer if not advised to do so.
Step 3: Uninstalls
  • Click on the Start Start%20Orb.jpg button and select Control Panel
  • Click on Programs then click on Uninstall a program
  • You will now see a list of your installed software, double click on the following one by one to uninstall them:
    • SpeedUpMyPC
    • 1ClickMovie-Download V9.0
    • magicJack
  • Once you have done this, reboot your computer
Step 4: Adwarecleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1
  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.
Note: The log can also be found in here: C:\AdwCleaner\

Step 5: Junkware Removal Tool

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 6: OTL QuickScan
  • Run OTL by double-clicking on it. (If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on OTL.exe and select Run as Administrator)
  • Click Quick Scan to start OTL.
  • When OTL finishes scanning, a logs, OTL.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.
Step 7: Question

How is your PC running? 

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#6 kadada007

kadada007
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:57 PM

Posted 12 May 2014 - 08:44 AM

Hi

great job. alnaddy.com is fixed. I could not find 1clickdownload in the uninstall

here OTL file...

OTL logfile created on: 5/12/2014 5:11:13 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\hani\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
5.48 Gb Total Physical Memory | 3.17 Gb Available Physical Memory | 57.78% Memory free
10.96 Gb Paging File | 8.69 Gb Available in Paging File | 79.36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 570.42 Gb Total Space | 178.35 Gb Free Space | 31.27% Space Free | Partition Type: NTFS
Drive D: | 21.58 Gb Total Space | 2.32 Gb Free Space | 10.77% Space Free | Partition Type: NTFS
Drive E: | 3.96 Gb Total Space | 1.08 Gb Free Space | 27.28% Space Free | Partition Type: FAT32
 
Computer Name: HANI-HP | User Name: hani | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/05/11 17:05:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\hani\Downloads\OTL.exe
PRC - [2014/05/10 14:25:13 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2014/04/30 21:52:02 | 001,864,368 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe
PRC - [2014/04/29 16:37:17 | 001,270,352 | ---- | M] (BitTorrent Inc.) -- C:\Users\hani\AppData\Roaming\uTorrent\uTorrent.exe
PRC - [2014/04/11 19:45:50 | 001,764,992 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
PRC - [2014/04/11 19:45:42 | 001,390,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
PRC - [2014/03/12 12:09:49 | 000,265,040 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\n360.exe
PRC - [2014/01/03 04:46:10 | 030,714,328 | ---- | M] (Dropbox, Inc.) -- C:\Users\hani\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/12/21 10:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/09/19 08:46:58 | 000,250,200 | ---- | M] (Garmin Ltd or its subsidiaries) -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
PRC - [2013/05/13 20:09:12 | 000,270,624 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/02/17 13:02:44 | 000,052,584 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PDF Professional 7\NuanceWDS.exe
PRC - [2012/02/17 13:02:08 | 000,135,016 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PDF Professional 7\PDFProFiltSrv.exe
PRC - [2012/02/15 23:58:00 | 000,034,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2012/01/24 21:08:40 | 000,029,552 | ---- | M] (Gladinet, INC) -- C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GladFileMonSvc.exe
PRC - [2011/09/29 02:42:14 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2011/08/26 14:58:00 | 000,260,424 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe
PRC - [2011/08/26 14:57:40 | 000,653,128 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2012\TouchControl.exe
PRC - [2011/08/26 14:57:14 | 000,142,664 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass 2012\BioMonitor.exe
PRC - [2011/03/31 18:19:44 | 001,646,056 | ---- | M] (Rosetta Stone Ltd.) -- C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
PRC - [2009/09/24 15:17:39 | 000,778,072 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009/09/24 15:17:32 | 001,169,232 | ---- | M] (Lavasoft) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2008/01/07 11:04:10 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\AstSrv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/05/10 14:25:12 | 003,839,088 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014/04/30 21:52:02 | 016,351,920 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll
MOD - [2014/01/03 04:45:04 | 003,558,400 | ---- | M] () -- C:\Users\hani\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2013/10/19 03:55:02 | 025,100,288 | ---- | M] () -- C:\Users\hani\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2009/10/01 17:06:15 | 005,409,632 | ---- | M] () -- C:\Program Files (x86)\Lavasoft\Ad-Aware\Resources.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/03/06 12:29:14 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 09:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/12/04 16:36:16 | 000,311,808 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2012/12/04 16:36:14 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2011/09/29 06:12:18 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/09/28 17:19:38 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011/05/27 22:20:12 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2010/10/11 14:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/23 06:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2014/05/10 14:25:12 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/04/30 21:52:04 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/04/19 10:25:23 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2014/04/11 19:45:50 | 001,764,992 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)
SRV - [2014/04/11 19:45:42 | 001,390,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc)
SRV - [2014/03/12 12:09:49 | 000,265,040 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\N360.exe -- (N360)
SRV - [2013/12/21 10:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/11/04 18:31:56 | 000,092,160 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/19 08:46:58 | 000,250,200 | ---- | M] (Garmin Ltd or its subsidiaries) [Auto | Running] -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe -- (Garmin Core Update Service)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/05/13 20:09:12 | 000,270,624 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/02/17 13:02:08 | 000,135,016 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Nuance\PDF Professional 7\PDFProFiltSrv.exe -- (PDFProFiltSrv)
SRV - [2012/02/15 23:58:00 | 000,034,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2012/01/24 21:08:40 | 000,029,552 | ---- | M] (Gladinet, INC) [Auto | Running] -- C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GladFileMonSvc.exe -- (GladFileMonSvc)
SRV - [2011/08/26 14:58:00 | 000,260,424 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP SimplePass 2012\TrueSuiteService.exe -- (FPLService)
SRV - [2011/07/01 13:46:40 | 000,014,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2011/06/29 05:12:08 | 002,413,056 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2011/03/31 18:19:44 | 001,646,056 | ---- | M] (Rosetta Stone Ltd.) [Auto | Running] -- C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe -- (RosettaStoneDaemon)
SRV - [2010/10/12 21:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2009/09/24 15:17:32 | 001,169,232 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/06/11 01:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/01/07 11:04:10 | 000,057,344 | ---- | M] () [Auto | Running] -- C:\Windows\SysWow64\\AstSrv.exe -- (Ast Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/03/25 00:12:06 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2014/03/25 00:09:40 | 000,044,744 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\hssdrv6.sys -- (HssDRV6)
DRV:64bit: - [2014/03/04 08:18:12 | 001,148,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1502000.026\symefa64.sys -- (SymEFA)
DRV:64bit: - [2014/02/18 05:32:41 | 000,593,112 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1502000.026\symnets.sys -- (SymNetS)
DRV:64bit: - [2014/02/13 05:59:49 | 000,875,736 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\1502000.026\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2014/01/14 19:32:04 | 000,022,600 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV:64bit: - [2014/01/09 17:28:28 | 000,177,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013/12/05 11:31:58 | 000,029,712 | ---- | M] (Freedom Scientific, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\fsKMgr.dll -- (Freedom Scientific Kernel Manager)
DRV:64bit: - [2013/12/05 11:31:58 | 000,015,856 | ---- | M] (Freedom Scientific, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fsvidmir.sys -- (fsvidmir_service)
DRV:64bit: - [2013/09/27 06:45:56 | 000,264,280 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1502000.026\ironx64.sys -- (SymIRON)
DRV:64bit: - [2013/09/26 06:50:25 | 000,162,392 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1502000.026\ccsetx64.sys -- (ccSet_N360)
DRV:64bit: - [2013/09/10 06:47:26 | 000,493,656 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1502000.026\symds64.sys -- (SymDS)
DRV:64bit: - [2013/09/10 05:49:49 | 000,036,952 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1502000.026\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2013/07/24 19:02:55 | 000,034,816 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/03/04 16:24:27 | 000,040,344 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/12/04 16:36:16 | 000,535,552 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 10:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/09 22:36:04 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/11/09 22:36:04 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/09/29 06:52:48 | 010,210,304 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/09/29 05:34:54 | 000,317,952 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/07/19 04:11:10 | 001,145,448 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2011/07/16 16:53:54 | 000,214,144 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdxhc.sys -- (amdxhc)
DRV:64bit: - [2011/07/16 16:53:54 | 000,096,896 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdhub30.sys -- (amdhub30)
DRV:64bit: - [2011/07/01 13:46:40 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2011/06/10 06:19:54 | 001,451,056 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/05/31 04:03:34 | 000,338,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2011/05/27 22:20:12 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011/05/27 22:20:12 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011/04/16 14:37:50 | 000,079,488 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2011/04/16 14:37:50 | 000,040,064 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2011/02/17 20:11:08 | 000,428,136 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/11/21 07:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 07:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/21 07:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 07:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/17 21:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/07/28 20:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/02/18 20:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/09/23 16:55:23 | 000,069,152 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2009/07/14 05:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 05:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 05:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/11 01:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/11 01:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/11 01:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/11 00:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/11 00:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/11 00:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 00:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 00:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 00:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/07/11 07:05:00 | 000,145,448 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\sentinel64.sys -- (Sentinel64)
DRV - [2014/05/08 19:19:26 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140511.032\ex64.sys -- (NAVEX15)
DRV - [2014/05/08 19:19:26 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140511.032\eng64.sys -- (NAVENG)
DRV - [2014/03/27 18:11:04 | 000,525,016 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140509.001\IDSviA64.sys -- (IDSVia64)
DRV - [2014/03/19 05:24:11 | 001,525,976 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140409.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2014/01/08 01:00:00 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2014/01/08 01:00:00 | 000,137,648 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/07/14 05:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{9B33A587-F242-4C55-8F58-B2C69DF97B9A}: "URL" = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{756D1D40-E491-4E1D-9BC6-5B37CEDE646E}: "URL" = http://www.arabyonline.com/search/?q={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=6.4.1.14
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=6.4.1.14
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=6.4.1.14
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=6.4.1.14
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-915086793-469876900-2717650570-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKU\S-1-5-21-915086793-469876900-2717650570-1001\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/HPNOT/1
IE - HKU\S-1-5-21-915086793-469876900-2717650570-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-915086793-469876900-2717650570-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-915086793-469876900-2717650570-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com?type=586383&fr=spigot-yhp-ie
IE - HKU\S-1-5-21-915086793-469876900-2717650570-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/
IE - HKU\S-1-5-21-915086793-469876900-2717650570-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Search Bar =
IE - HKU\S-1-5-21-915086793-469876900-2717650570-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page =
IE - HKU\S-1-5-21-915086793-469876900-2717650570-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Start Default_Page_URL =
IE - HKU\S-1-5-21-915086793-469876900-2717650570-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page =
IE - HKU\S-1-5-21-915086793-469876900-2717650570-1001\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-915086793-469876900-2717650570-1001\..\SearchScopes\{1CCF4FF2-4D37-47FE-BB1A-4F8478D48596}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10513
IE - HKU\S-1-5-21-915086793-469876900-2717650570-1001\..\SearchScopes\{313A452C-7537-4717-8F9E-B00A5B1C2B3F}: "URL" = http://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10511
IE - HKU\S-1-5-21-915086793-469876900-2717650570-1001\..\SearchScopes\{756D1D40-E491-4E1D-9BC6-5B37CEDE646E}: "URL" = http://www.arabyonline.com/search/?q={searchTerms}
IE - HKU\S-1-5-21-915086793-469876900-2717650570-1001\..\SearchScopes\{D2BF4DF6-4720-477D-8B26-24C6B4B56DB0}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=512435&p={searchTerms}
IE - HKU\S-1-5-21-915086793-469876900-2717650570-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-915086793-469876900-2717650570-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;localhost;10.*;192.168.*;127.0.0.1:895;127.0.0.1:896;<local>
IE - HKU\S-1-5-21-915086793-469876900-2717650570-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8555;https=127.0.0.1:8555
 
========== FireFox ==========
 
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledAddons: %7B195A3098-0BD5-4e90-AE22-BA1C540AFD1E%7D:4.1.0
FF - prefs.js..extensions.enabledAddons: %7B5384767E-00D9-40E9-B72F-9CC39D655D6F%7D:1.4.2.4
FF - prefs.js..extensions.enabledAddons: nuance%40pdf7:1.0
FF - prefs.js..extensions.enabledAddons: %7BBBDA0591-3099-440a-AA10-41764D9DB4DB%7D:12.2.0.5%20-%201
FF - prefs.js..extensions.enabledAddons: %7B2D3F3651-74B9-4795-BDEC-6DA2F431CB62%7D:2014.7.1.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@caminova.com/DjVuPlugin: C:\Program Files\Caminova\Document Express DjVu Plug-in\npdjvu.dll (Caminova, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@caminova.com/DjVuPlugin: C:\Program Files (x86)\Caminova\Document Express DjVu Plug-in\npdjvu.dll (Caminova, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@mozilla.zeniko.ch/PDFlite_Browser_Plugin: C:\Program Files (x86)\PDFlite\npPdfViewer.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Professional 7\bin\nppdf.dll (Zeon Corporation)
FF - HKCU\Software\MozillaPlugins\@mozilla.zeniko.ch/PDFlite_Browser_Plugin:  File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\ [2014/05/12 16:43:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2014/01/10 10:08:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012/12/11 19:29:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hani\AppData\Roaming\Mozilla\Extensions
[2014/05/12 16:40:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hani\AppData\Roaming\Mozilla\Firefox\Profiles\cubkj7nh.default-1371349374129\extensions
[2013/11/27 17:56:32 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\hani\AppData\Roaming\Mozilla\Firefox\Profiles\cubkj7nh.default-1371349374129\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2013/12/02 20:40:03 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\hani\AppData\Roaming\Mozilla\Firefox\Profiles\cubkj7nh.default-1371349374129\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2014/05/05 16:44:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\hani\AppData\Roaming\Mozilla\Firefox\Profiles\cubkj7nh.default-1371349374129\extensions\trash
[2014/04/09 23:58:56 | 000,009,420 | ---- | M] () (No name found) -- C:\Users\hani\AppData\Roaming\Mozilla\Firefox\Profiles\cubkj7nh.default-1371349374129\extensions\firefox@pacfunction.info.xpi
[2013/08/01 18:10:02 | 000,000,915 | ---- | M] () -- C:\Users\hani\AppData\Roaming\Mozilla\Firefox\Profiles\cubkj7nh.default-1371349374129\searchplugins\yahoo.xml
[2014/05/10 14:25:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2014/05/10 14:25:03 | 000,000,000 | ---D | M] (TrueSuite Website Logon) -- C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com
[2014/05/10 14:25:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/05/10 14:25:14 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/05/07 15:43:37 | 000,000,000 | ---D | M] (PDF Converter 7.1) -- C:\PROGRAM FILES (X86)\NUANCE\PDF PROFESSIONAL 7\FIREFOX
[2014/05/12 16:43:16 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\COFFPLGN
[2014/01/10 10:08:27 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
 
========== Chrome  ==========
 
CHR - default_search_provider: Conduit Search (Enabled)
CHR - default_search_provider: search_url = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=wnzp_14_14_ff&cd=2XzuyEtN2Y1L1QzutBtDtCtDyB0AtAtC0C0CyDyD0Azy0CyBtN0D0Tzu0SzztByDtN1L2XzutBtFtCzztFzztFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDyE0FtDtB0CtDyCtGtAyByEtCtG0DyCzy0DtGyBzyzyyEtGyE0FtCyByEtBzy0CtCyDyBtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyD0DyD0D0FyCyEtG0AyBtDtCtG0D0A0EzytG0D0C0DyCtGtC0E0F0A0Bzz0A0A0FyC0EtB2Q&cr=207179627&ir=
CHR - default_search_provider: suggest_url = http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms},
CHR - plugin: Error reading preferences file
CHR - Extension: Website Logon = C:\Users\hani\AppData\Local\Google\Chrome\User Data\Default\Extensions\debkinhcgejcbfgjiaalomcmkedjmiaa\1.0_1\
CHR - Extension: Skype Click to Call = C:\Users\hani\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.1.15383.6004_0\
CHR - Extension: Norton Identity Protection = C:\Users\hani\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.7.0.43_0\
CHR - Extension: Google Wallet = C:\Users\hani\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
 
O1 HOSTS File: ([2009/06/11 01:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine64\21.2.0.38\coieplg.dll (Symantec Corporation)
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2012\x64\IEBHO.dll (HP)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (PacFunction) - {3983585e-5d14-4d1d-a257-35b0d52f2dfc} - Reg Error: Value error. File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Professional 7\bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\coieplg.dll (Symantec Corporation)
O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (safe. saaaVee) - {823D981C-F8F8-57B7-2071-5116A7F59ACF} - Reg Error: Value error. File not found
O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2012\IEBHO.dll (HP)
O2 - BHO: (Evernote extension) - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files (x86)\Nuance\PDF Professional 7\bin\ZeonIEFavClient.dll (Zeon Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3:64bit: - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.2.0.38\coieplg.dll (Symantec Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (DocuCom PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Nuance\PDF Professional 7\bin\ZeonIEFavClient.dll (Zeon Corporation)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-915086793-469876900-2717650570-1001\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.2.0.38\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-915086793-469876900-2717650570-1001\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-915086793-469876900-2717650570-1001..\Run: [BitTorrent] "C:\Users\hani\AppData\Roaming\BitTorrent\BitTorrent.exe"  /MINIMIZED File not found
O4 - HKU\S-1-5-21-915086793-469876900-2717650570-1001..\Run: [cdloader] C:\Users\hani\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKU\S-1-5-21-915086793-469876900-2717650570-1001..\Run: [uTorrent] C:\Users\hani\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\hani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\hani\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-915086793-469876900-2717650570-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O7 - HKU\S-1-5-21-915086793-469876900-2717650570-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionAction = http://hp.digitalriver.com/DRHM/store?Action=DisplayProductSearchResultsPage&SiteID=hpappli&Locale=en_US&keywords=%w
O7 - HKU\S-1-5-21-915086793-469876900-2717650570-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionName = Find Software on HP Download Store (Microsoft Corporation)
O8:64bit: - Extra context menu item: Clip Image - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4 File not found
O8:64bit: - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not found
O8:64bit: - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not found
O8:64bit: - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
O8:64bit: - Extra context menu item: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html ()
O8:64bit: - Extra context menu item: Open with Nuance PDF Converter 7 - C:\Program Files (x86)\Nuance\PDF Professional 7\cnvres_eng.dll (Nuance Communications, Inc.)
O8 - Extra context menu item: Clip Image - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=4 File not found
O8 - Extra context menu item: Clip selection - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3 File not found
O8 - Extra context menu item: Clip this page - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1 File not found
O8 - Extra context menu item: Clip URL - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0 File not found
O8 - Extra context menu item: New Note - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html ()
O8 - Extra context menu item: Open with Nuance PDF Converter 7 - C:\Program Files (x86)\Nuance\PDF Professional 7\cnvres_eng.dll (Nuance Communications, Inc.)
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{90E9AE33-E312-4D0D-ABE0-8322AF19F000}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C73897F2-ABE9-4382-A414-88D217E16236}: DhcpNameServer = 108.171.112.22 108.171.120.22
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\SkypeIEPlugin.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/05/12 16:49:40 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/05/12 16:39:48 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll
[2014/05/12 16:38:48 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/05/10 19:27:37 | 000,000,000 | -HSD | C] -- C:\Users\hani\AppData\Local\EmieUserList
[2014/05/10 19:27:37 | 000,000,000 | -HSD | C] -- C:\Users\hani\AppData\Local\EmieSiteList
[2014/05/10 14:25:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/05/09 13:31:38 | 000,000,000 | ---D | C] -- C:\Users\hani\Desktop\fx trading forex
[2014/05/09 10:06:20 | 000,000,000 | ---D | C] -- C:\Users\hani\AppData\Roaming\dvdcss
[2014/05/09 08:24:35 | 000,000,000 | ---D | C] -- C:\Users\hani\Desktop\adobe
[2014/05/08 16:28:16 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/05/08 08:32:01 | 000,000,000 | ---D | C] -- C:\Users\hani\AppData\Local\gladinet
[2014/05/07 22:22:53 | 000,000,000 | ---D | C] -- C:\Users\hani\AppData\Roaming\Zeon
[2014/05/07 15:46:24 | 000,000,000 | -H-D | C] -- C:\Gladinet
[2014/05/07 15:45:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nuance Cloud Connector
[2014/05/07 15:43:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nuance PDF Converter Enterprise 7
[2014/05/07 15:43:40 | 000,000,000 | ---D | C] -- C:\Windows\PIXTRAN
[2014/05/07 15:42:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ScanSoft Shared
[2014/05/07 15:42:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Zeon
[2014/05/07 15:42:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nuance
[2014/05/06 22:29:49 | 000,000,000 | --SD | C] -- C:\Windows\SysNative\CompatTel
[2014/05/06 16:45:54 | 000,000,000 | ---D | C] -- C:\Users\hani\AppData\Roaming\vlc
[2014/05/06 16:45:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2014/05/06 16:37:56 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014/05/05 17:31:34 | 000,000,000 | ---D | C] -- C:\Users\hani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU
[2014/05/05 17:28:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU
[2014/05/05 17:28:06 | 001,005,928 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\Windows\SysWow64\libeay32.dll
[2014/05/05 17:27:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVS4YOU
[2014/05/05 16:47:52 | 000,000,000 | ---D | C] -- C:\Users\hani\AppData\Roaming\AVS4YOU
[2014/05/05 16:46:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVSMedia
[2014/05/05 16:46:49 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU
[2014/05/05 16:41:22 | 000,000,000 | ---D | C] -- C:\Users\hani\AppData\Roaming\VMware
[2014/05/04 20:45:30 | 000,000,000 | ---D | C] -- C:\ProgramData\VMware
[2014/05/01 16:14:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/05/01 16:14:41 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/05/01 16:14:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2014/04/28 21:36:50 | 000,000,000 | R--D | C] -- C:\Users\hani\Downloads
[2014/04/26 20:25:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rosetta Stone
[2014/04/26 20:24:32 | 000,000,000 | ---D | C] -- C:\ProgramData\RosettaStoneLtdServices
[2014/04/26 20:24:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RosettaStoneLtdServices
[2014/04/26 20:23:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2014/04/26 20:23:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rosetta Stone
[2014/04/24 16:21:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SaxoMT4
[2014/04/24 16:21:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SaxoMT4
[2014/04/22 17:12:37 | 000,069,152 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
[2014/04/22 16:20:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2014/04/22 16:20:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2014/04/22 15:41:17 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2014/04/22 15:40:21 | 000,000,000 | -H-D | C] -- C:\ProgramData\{42E04EE4-AB57-407A-9691-3FFA8B8FEBBE}
[2014/04/22 15:37:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2014/04/21 16:41:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2014/04/21 16:41:21 | 000,000,000 | ---D | C] -- C:\Users\hani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2014/04/20 19:46:16 | 000,000,000 | R--D | C] -- C:\Users\hani\Google Drive
[2014/04/20 19:44:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
[2014/04/19 11:05:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes
[2014/04/19 11:05:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Elaborate Bytes
[2014/04/19 10:25:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared
[2014/04/19 10:23:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Rosetta Stone Backups
[2014/04/19 10:23:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Rosetta Stone
[2014/04/19 10:21:28 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2014/04/18 11:36:36 | 000,000,000 | ---D | C] -- C:\Users\hani\AppData\Local\WinZip
[2014/04/18 11:36:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2014/04/18 11:35:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinZip
[2014/04/17 18:13:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ePub Reader
[2014/04/17 18:13:04 | 000,000,000 | ---D | C] -- C:\ePub Reader
[2014/04/17 14:22:04 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2014/04/17 14:21:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2014/04/17 13:53:26 | 000,000,000 | ---D | C] -- C:\Users\hani\Desktop\computer software
[2014/04/15 19:03:32 | 000,000,000 | ---D | C] -- C:\Users\hani\AppData\Roaming\AdobeUM
[2014/04/15 17:02:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Equis International
[2014/04/15 17:01:26 | 002,586,112 | ---- | C] (Steema Software SL) -- C:\Windows\SysWow64\TeeChart5.ocx
[2014/04/15 17:01:26 | 000,057,344 | ---- | C] (Nalpeiron Ltd.) -- C:\Windows\SysWow64\AstSrv.exe
[2014/04/15 17:01:25 | 000,519,680 | ---- | C] (FarPoint Technologies, Inc.) -- C:\Windows\SysWow64\SS32D25.DLL
[2014/04/15 17:01:25 | 000,028,160 | ---- | C] (Equis International) -- C:\Windows\SysWow64\MetaStockShellExtension.dll
[2014/04/15 17:01:20 | 000,671,836 | ---- | C] (Equis International) -- C:\Windows\SysWow64\OLVI11.dll
[2014/04/15 17:01:20 | 000,438,341 | ---- | C] (eSignal, a division of Interactive Data Corporation) -- C:\Windows\SysWow64\dbcapi.dll
[2014/04/15 17:01:20 | 000,217,167 | ---- | C] (Equis International) -- C:\Windows\SysWow64\EqNotify.dll
[2014/04/15 17:01:20 | 000,204,873 | ---- | C] (Equis International) -- C:\Windows\SysWow64\msfl11.dll
[2014/04/15 17:01:20 | 000,036,864 | ---- | C] (Equis International) -- C:\Windows\SysWow64\EqCCWrapper.dll
[2014/04/15 17:01:20 | 000,030,720 | ---- | C] (Forefront, Incorporated) -- C:\Windows\SysWow64\ffJmpWeb.dll
[2014/04/15 17:01:17 | 000,000,000 | ---D | C] -- C:\Windows\OptionScope
[2014/04/15 17:01:17 | 000,000,000 | ---D | C] -- C:\MetaStock Data
[2014/04/15 17:01:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Equis
[2014/04/15 17:01:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Equis
[2014/04/14 15:56:00 | 003,827,168 | ---- | C] (MetaQuotes Software Corp.) -- C:\Windows\SysNative\MetaViewer64.dll
[2014/04/14 15:56:00 | 000,000,000 | ---D | C] -- C:\Users\hani\AppData\Roaming\MetaQuotes
[2014/04/14 15:55:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IamFX MT4
[2014/04/14 15:55:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IamFX MT4
[2014/04/12 20:37:01 | 000,000,000 | ---D | C] -- C:\Users\hani\AppData\Local\ElevatedDiagnostics
[2 C:\Users\hani\Desktop\*.tmp files -> C:\Users\hani\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/05/12 17:08:28 | 000,013,217 | ---- | M] () -- C:\Users\hani\Desktop\OTL - Shortcut.lnk
[2014/05/12 17:02:21 | 000,001,393 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/05/12 16:51:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/05/12 16:50:06 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/05/12 16:50:06 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/05/12 16:42:47 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/05/12 16:42:46 | 000,000,412 | ---- | M] () -- C:\Windows\tasks\PC Optimizer Pro64 startups.job
[2014/05/12 16:42:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/05/12 16:42:36 | 116,842,495 | -HS- | M] () -- C:\hiberfil.sys
[2014/05/12 16:40:23 | 000,001,164 | ---- | M] () -- C:\Users\hani\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/05/12 16:40:23 | 000,000,190 | ---- | M] () -- C:\Users\hani\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2014/05/12 16:40:23 | 000,000,170 | ---- | M] () -- C:\Users\hani\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2014/05/12 16:37:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/05/12 16:29:08 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForhani.job
[2014/05/12 06:15:25 | 000,001,047 | ---- | M] () -- C:\Users\hani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/05/11 17:12:22 | 000,326,844 | ---- | M] () -- C:\Users\hani\Desktop\web address hijacked - Virus, Trojan, Spyware, and Malware Removal Logs.pdf
[2014/05/10 19:27:27 | 000,782,470 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/05/10 19:27:27 | 000,662,634 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/05/10 19:27:27 | 000,122,470 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/05/06 15:26:35 | 000,345,528 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/05/05 16:08:07 | 006,871,629 | ---- | M] () -- C:\Users\hani\Desktop\[McNeil_A.J.,_Frey_R.,_Embrechts_P.]_Quantitative_(bookos-z1.org).pdf
[2014/05/04 20:47:02 | 000,001,024 | ---- | M] () -- C:\Windows\SysWow64\%TMP%
[2014/05/04 20:46:46 | 000,800,056 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014/04/26 20:29:43 | 000,001,119 | ---- | M] () -- C:\Users\Public\Desktop\Rosetta Stone TOTALe.lnk
[2014/04/25 12:41:13 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/04/25 11:45:51 | 419,705,087 | R--- | M] () -- C:\Users\hani\Desktop\rock n learn spanish4.m4v
[2014/04/22 20:42:57 | 000,000,036 | ---- | M] () -- C:\Windows\RET.INI
[2014/04/22 16:20:50 | 000,001,166 | ---- | M] () -- C:\Users\hani\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2014/04/22 15:21:48 | 000,000,426 | ---- | M] () -- C:\AVScanner.ini
[2014/04/21 19:11:55 | 000,001,780 | ---- | M] () -- C:\Users\hani\Desktop\PeerBlock.lnk
[2014/04/18 11:36:21 | 000,002,247 | ---- | M] () -- C:\Users\Public\Desktop\WinZip.lnk
[2014/04/17 15:53:08 | 016,203,937 | ---- | M] () -- C:\Users\hani\Desktop\Financial Institutions Management A Risk Management Approach.pdf
[2014/04/17 14:21:17 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2014/04/15 17:02:59 | 000,000,000 | ---- | M] () -- C:\Windows\regset.INI
[2014/04/14 15:55:56 | 003,827,168 | ---- | M] (MetaQuotes Software Corp.) -- C:\Windows\SysNative\MetaViewer64.dll
[2 C:\Users\hani\Desktop\*.tmp files -> C:\Users\hani\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/05/12 17:08:28 | 000,013,217 | ---- | C] () -- C:\Users\hani\Desktop\OTL - Shortcut.lnk
[2014/05/12 06:15:24 | 000,001,047 | ---- | C] () -- C:\Users\hani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/05/11 17:11:29 | 000,326,844 | ---- | C] () -- C:\Users\hani\Desktop\web address hijacked - Virus, Trojan, Spyware, and Malware Removal Logs.pdf
[2014/05/08 10:29:39 | 000,000,328 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForhani.job
[2014/05/05 16:08:04 | 006,871,629 | ---- | C] () -- C:\Users\hani\Desktop\[McNeil_A.J.,_Frey_R.,_Embrechts_P.]_Quantitative_(bookos-z1.org).pdf
[2014/05/04 20:47:02 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\%TMP%
[2014/04/26 20:26:43 | 000,001,119 | ---- | C] () -- C:\Users\Public\Desktop\Rosetta Stone TOTALe.lnk
[2014/04/25 11:31:20 | 419,705,087 | R--- | C] () -- C:\Users\hani\Desktop\rock n learn spanish4.m4v
[2014/04/23 06:18:26 | 000,015,688 | ---- | C] () -- C:\Windows\SysNative\lsdelete.exe
[2014/04/22 16:56:04 | 000,000,426 | ---- | C] () -- C:\AVScanner.ini
[2014/04/22 16:20:50 | 000,001,166 | ---- | C] () -- C:\Users\hani\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2014/04/18 11:36:20 | 000,002,247 | ---- | C] () -- C:\Users\Public\Desktop\WinZip.lnk
[2014/04/17 15:52:59 | 016,203,937 | ---- | C] () -- C:\Users\hani\Desktop\Financial Institutions Management A Risk Management Approach.pdf
[2014/04/17 14:21:17 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2014/04/17 14:21:17 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2014/04/15 17:02:59 | 000,000,000 | ---- | C] () -- C:\Windows\regset.INI
[2014/04/15 17:01:20 | 000,164,864 | ---- | C] () -- C:\Windows\SysWow64\patchw32.dll
[2014/04/15 17:01:20 | 000,158,720 | ---- | C] () -- C:\Windows\SysWow64\LFCMP61N.DLL
[2014/04/15 17:01:20 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\Lfpng61n.dll
[2014/04/15 17:01:20 | 000,043,008 | ---- | C] () -- C:\Windows\SysWow64\LTFIL61N.DLL
[2014/04/15 17:01:20 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\MSWTHK32.DLL
[2014/04/15 17:01:20 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\IMPLODE.DLL
[2014/04/15 17:01:20 | 000,003,360 | ---- | C] () -- C:\Windows\SysWow64\MSWTHK16.DLL
[2014/04/05 21:39:20 | 000,000,043 | ---- | C] () -- C:\Users\hani\AppData\Roaming\WB.CFG
[2014/04/04 22:09:22 | 000,000,218 | ---- | C] () -- C:\Users\hani\AppData\Local\recently-used.xbel
[2013/12/24 11:10:04 | 000,000,036 | ---- | C] () -- C:\Windows\RET.INI
[2013/05/27 20:06:11 | 000,004,895 | ---- | C] () -- C:\Windows\wininit.ini
[2013/04/15 20:37:44 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2012/08/08 07:52:23 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
 
========== ZeroAccess Check ==========
 
[2009/07/14 08:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 06:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 05:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 05:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 07:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 05:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/05/06 16:40:50 | 000,000,000 | ---D | M] -- C:\Users\hani\AppData\Roaming\Azureus
[2013/07/24 16:11:12 | 000,000,000 | ---D | M] -- C:\Users\hani\AppData\Roaming\Baidu Security
[2014/04/05 09:44:05 | 000,000,000 | ---D | M] -- C:\Users\hani\AppData\Roaming\BitTorrent
[2014/04/06 16:55:15 | 000,000,000 | ---D | M] -- C:\Users\hani\AppData\Roaming\CDisplayEx
[2014/04/04 22:09:22 | 000,000,000 | ---D | M] -- C:\Users\hani\AppData\Roaming\deluge
[2014/05/12 16:43:51 | 000,000,000 | ---D | M] -- C:\Users\hani\AppData\Roaming\Dropbox
[2013/05/07 16:05:12 | 000,000,000 | ---D | M] -- C:\Users\hani\AppData\Roaming\Easy BitTorrent Client
[2013/07/31 08:20:32 | 000,000,000 | ---D | M] -- C:\Users\hani\AppData\Roaming\FDRLab
[2014/04/10 21:01:58 | 000,000,000 | ---D | M] -- C:\Users\hani\AppData\Roaming\Freedom Scientific
[2013/10/26 09:34:07 | 000,000,000 | ---D | M] -- C:\Users\hani\AppData\Roaming\Garmin
[2014/04/14 15:59:32 | 000,000,000 | ---D | M] -- C:\Users\hani\AppData\Roaming\MetaQuotes
[2013/03/31 10:14:46 | 000,000,000 | ---D | M] -- C:\Users\hani\AppData\Roaming\mjusbsp
[2014/05/07 15:44:12 | 000,000,000 | ---D | M] -- C:\Users\hani\AppData\Roaming\Nuance
[2014/04/10 20:40:16 | 000,000,000 | ---D | M] -- C:\Users\hani\AppData\Roaming\nvda
[2013/09/15 20:35:36 | 000,000,000 | ---D | M] -- C:\Users\hani\AppData\Roaming\PDF Writer
[2014/04/06 15:20:39 | 000,000,000 | ---D | M] -- C:\Users\hani\AppData\Roaming\PeaZip
[2013/05/07 16:09:27 | 000,000,000 | ---D | M] -- C:\Users\hani\AppData\Roaming\qBittorrent
[2014/04/10 19:46:51 | 000,000,000 | ---D | M] -- C:\Users\hani\AppData\Roaming\rmi
[2012/06/05 14:59:39 | 000,000,000 | ---D | M] -- C:\Users\hani\AppData\Roaming\Synaptics
[2012/06/11 22:27:06 | 000,000,000 | ---D | M] -- C:\Users\hani\AppData\Roaming\TeamViewer
[2013/05/07 20:19:18 | 000,000,000 | ---D | M] -- C:\Users\hani\AppData\Roaming\TFP
[2014/05/12 17:39:25 | 000,000,000 | ---D | M] -- C:\Users\hani\AppData\Roaming\uTorrent
[2012/09/13 12:53:18 | 000,000,000 | ---D | M] -- C:\Users\hani\AppData\Roaming\Windows Live Writer
[2014/05/07 22:22:53 | 000,000,000 | ---D | M] -- C:\Users\hani\AppData\Roaming\Zeon
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:373E1720

< End of report >
 



#7 kadada007

kadada007
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:57 PM

Posted 12 May 2014 - 08:47 AM

here is jrt file...the forum won't let me attach adwcleaner file it says it is too big

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by hani on Mon 05/12/2014 at 16:49:47.13
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\fixcleaner
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\electrolyrics
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-915086793-469876900-2717650570-1001\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\fixcleaner
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\torchsetupfull_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\torchsetupfull_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetup-r563-n-bf_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetup-r563-n-bf_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\iLividSetup-r563-n-bf_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\iLividSetup-r563-n-bf_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{18782EB6-31F9-404B-A831-E905487F63EB}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9B33A587-F242-4C55-8F58-B2C69DF97B9A}



~~~ Files

Successfully disinfected: [Shortcut] C:\Users\hani\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
Successfully disinfected: [Shortcut] C:\Users\hani\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
Successfully disinfected: [Shortcut] C:\Users\hani\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk
Successfully disinfected: [Shortcut] C:\Users\Public\Desktop\Mozilla Firefox.lnk



~~~ Folders

Successfully deleted: [Folder] "C:\Users\hani\AppData\Roaming\fixcleaner"
Successfully deleted: [Folder] "C:\Program Files (x86)\fixcleaner"
Successfully deleted: [Empty Folder] C:\Users\hani\appdata\local\{0CB5C2C9-F345-491B-B6DA-6FE07A2C521C}
Successfully deleted: [Empty Folder] C:\Users\hani\appdata\local\{16F15775-E24E-41AB-9CB8-010036D41581}
Successfully deleted: [Empty Folder] C:\Users\hani\appdata\local\{27EE3A7A-590F-4322-86C3-2CB12D9E91A1}
Successfully deleted: [Empty Folder] C:\Users\hani\appdata\local\{281B784C-3876-4FD6-A6C6-C17385F6D771}
Successfully deleted: [Empty Folder] C:\Users\hani\appdata\local\{3DAB6063-E418-4873-9712-3279D440FE0C}
Successfully deleted: [Empty Folder] C:\Users\hani\appdata\local\{4A240E16-5AF9-48DE-80D7-08F128D69995}
Successfully deleted: [Empty Folder] C:\Users\hani\appdata\local\{540C3356-7A0A-4058-A631-638723C4794D}
Successfully deleted: [Empty Folder] C:\Users\hani\appdata\local\{6C8802A9-6493-4FE9-BE6F-1B64987D5207}
Successfully deleted: [Empty Folder] C:\Users\hani\appdata\local\{737DF8C3-0B3D-4590-B59B-C039AF55C113}
Successfully deleted: [Empty Folder] C:\Users\hani\appdata\local\{79B8FF2C-D1B2-454A-B6DF-B0CEA2BB58CA}
Successfully deleted: [Empty Folder] C:\Users\hani\appdata\local\{8B44AB4D-93FF-477A-BAE6-A01EA200C72F}
Successfully deleted: [Empty Folder] C:\Users\hani\appdata\local\{9597EB66-2BF9-41B1-A134-794BD42BC795}
Successfully deleted: [Empty Folder] C:\Users\hani\appdata\local\{9795F053-CB71-479C-8523-2AA0EEE77729}
Successfully deleted: [Empty Folder] C:\Users\hani\appdata\local\{9BF681D7-9FF1-4259-8312-BBAB47F1888A}
Successfully deleted: [Empty Folder] C:\Users\hani\appdata\local\{A7FF0DCD-F75A-4D94-852E-4F7C825DA1E4}
Successfully deleted: [Empty Folder] C:\Users\hani\appdata\local\{B049C11F-3498-4F7A-8986-E154DC41B8A2}
Successfully deleted: [Empty Folder] C:\Users\hani\appdata\local\{B83E629B-4DFB-421D-A141-9668C88A598F}
Successfully deleted: [Empty Folder] C:\Users\hani\appdata\local\{CA66A8DF-BFD8-466F-B374-BDAA8CB3E3A7}
Successfully deleted: [Empty Folder] C:\Users\hani\appdata\local\{D5B1FBA1-D6CC-4908-BB32-4BF0BCC970B1}
Successfully deleted: [Empty Folder] C:\Users\hani\appdata\local\{D98B44BD-B283-4D61-8BD4-AA688AF0627F}
Successfully deleted: [Empty Folder] C:\Users\hani\appdata\local\{DA3A807A-929C-422E-82B5-C18C2F76496F}
Successfully deleted: [Empty Folder] C:\Users\hani\appdata\local\{E59E4FD4-9D76-40C0-B93A-40F1320AFF01}
Successfully deleted: [Empty Folder] C:\Users\hani\appdata\local\{E99F143E-05E3-4180-BCC0-2D063A9062B9}
Successfully deleted: [Empty Folder] C:\Users\hani\appdata\local\{FC32571A-5C98-4FDE-A506-BEF03071ECBD}



~~~ FireFox

Successfully deleted the following from C:\Users\hani\AppData\Roaming\mozilla\firefox\profiles\cubkj7nh.default-1371349374129\prefs.js

user_pref("extensions.a0f1ebb0b873c4137a5f19b9ca22849971152da4e8ec5417f9a4b8c7bbf9cb4a4com51382.51382.cookie.testingGaq.value", "%22hxxp%3A//extclickmedia-maynemyltf.netdna-ss
user_pref("extensions.a0f1ebb0b873c4137a5f19b9ca22849971152da4e8ec5417f9a4b8c7bbf9cb4a4com51382.51382.name", "1ClickMovie-Download V9.0");
user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.cookie.testingGaq.value", "%22hxxp%3A//extclickmedia-maynemyltf.netdna-ss
user_pref("extensions.a5a6bf058b9784b84a2ec6f5462cfccb210120365d3c04ec986245fac2592d0dfcom51390.51390.name", "Torntv V9.0");
user_pref("keyword.URL", "hxxp://search.us.com/serp?guid={409B52B8-9571-4649-A0C3-7DCF4964F8C8}&action=default_search&serpv=5&k=");
user_pref("searchreset.backup.keyword.URL", "hxxp://search.us.com/serp?guid={409B52B8-9571-4649-A0C3-7DCF4964F8C8}&action=default_search&serpv=5&k=");
Emptied folder: C:\Users\hani\AppData\Roaming\mozilla\firefox\profiles\cubkj7nh.default-1371349374129\minidumps [111 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 05/12/2014 at 17:02:22.98
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#8 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,904 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:57 AM

Posted 12 May 2014 - 09:17 AM

Attach the Adwarecleaner log by clicking on More Reply Options and then on Choose File

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#9 kadada007

kadada007
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:57 PM

Posted 13 May 2014 - 07:46 AM

here is the file



#10 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,904 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:57 AM

Posted 13 May 2014 - 10:18 AM

OK forgot to mention after you Chosen a file you have to click on Attach This File. There's is no attachment.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#11 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,904 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:57 AM

Posted 16 May 2014 - 06:12 AM

Are you still with me?

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#12 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,904 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:57 AM

Posted 17 May 2014 - 04:41 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users