Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Go to first new post WhiteSmoke virus?
Go to first new post possable infection request help ( hijack ...
Go to first new post Cannot download files (including Microso ...
Go to first new post windows XP OBJECT DELAY LOAD
Go to first new post Please check my log...Computer running S ...
Go to first new post Unable to use HJT
Go to first new post Files keep deleting themselves! NEED HEL ...
Go to first new post After virus: CMD loads before desktop
Go to first new post Firefox -> google -> url hijack
Go to first new post Unable to run malware programs, Proxy Se ...
Go to first new post Trojan virus
Go to first new post Unknown Command Prompt running after eve ...
Go to first new post WmiPrvSE.exe hogging CPU 30 - 50%
Go to first new post bitcoin miner infected on my PC
Go to first new post Ransomware encrypted my files. All files ...
Search Search
Search for:
Tech Support Guy Forums > > >

Memory issues ?

(In Progress)
(!)

Reply
Page 1 of 4 1 234
axle1's Avatar
Computer Specs
Member with 30 posts.
THREAD STARTER
  
Join Date: Jul 2012
Experience: Beginner
05-Jul-2012, 08:30 PM #1
Memory issues ?
Hey, recently i've noticed a series of issues arise regarding the speed and overall capabilities of my computer. My computer was running perfectly, then when i turned it on yesterday, i noticed a large decrease in speed. When i tried to open my browser google chrome, it would open for 1 second then diplay a message about memory issues and close suddenly, at first i thought it was just a issue with google so i used internet explorer. When i tried to open my DAW cubase, i was hit again with a error message stating that my memory was too low, which was impossible because for the last year it has been fair more than adequate. I opened a few games (World of warcraft, counter strike source, diablo 3) and all of them presented a series of issues. Now counter strike source wouldn't even open when i click on it, ditto for diablo 3. Though world of warcraft presents a error message stating the following:
=========================================================================== ===
World of WarCraft: Retail Build (build 15595)
Exe: C:\Program Files (x86)\World of Warcraft\Wow.exe
Time: Jul 6, 2012 10:23:54.844 AM
User:
Computer:
------------------------------------------------------------------------------
This application has encountered a critical error:
Not enough storage is available to process this command.
Program: C:\Program Files (x86)\World of Warcraft\Wow.exe
ProcessID: 5144
Function: new
Requested 3179632 bytes of memory

WoWBuild: 15595
Version: 4.3.4
Type: WoW
Platform: X86
Patch data download failed.
Failed to parse patch data from server 'http://enUS.patch.battle.net:1119/patch'
InstallID: 'WoW'
Manifest is valid.

None of this has happened before, also a series of programs on my computer were deleted such as Guitar Pro 6, Axe edit and Pod edit. When i try to log into windows live messager it just stays at the loading page and does not load-in, same with windows live mail.

So far i have tried restarting my computer and going in safe-mode with networking and using Avast, ccleaner and malware bytes to find the source of the problem, it found varios problem, and i deleted/removed them after the scans, but still the problem comes back.

Can someone please help me find this problem ?

Thanks!
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 8,514 posts.
  
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
06-Jul-2012, 03:02 AM #2
axle1's Avatar
Computer Specs
Member with 30 posts.
THREAD STARTER
  
Join Date: Jul 2012
Experience: Beginner
06-Jul-2012, 03:53 AM #3
the hijackthis report:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:44:07 PM, on 6/07/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
C:\Program Files (x86)\D-Link\DWA-131 revA\WlanWpsSvc.exe
C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\lg_fwupdate\fwupdate.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files\Fractal Audio\Axe-Fx II Driver\FASUSBAudioCpl.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Windows Live\Companion\companionuser.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
R3 - URLSearchHook: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
R3 - URLSearchHook: NCH EN Toolbar - {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll
F2 - REG:system.ini: UserInit=userinit.exe,C:\Users\SoroushG\AppData\Local\pwegcyvw\xdvspyfk.exe ,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: NCH EN - {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
O2 - BHO: Incredibar.com Helper Object - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (file missing)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll (file missing)
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Vuze Remote - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll
O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
O3 - Toolbar: NCH EN Toolbar - {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll (file missing)
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files (x86)\lg_fwupdate\fwupdate.exe" blrun
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\SoroushG\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files (x86)\Logitech\Vid HD\Vid.exe" -bootmode
O4 - HKCU\..\Run: [XdvSpyfk] C:\Users\SoroushG\AppData\Local\pwegcyvw\xdvspyfk.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2309646660-4243879331-1040206939-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2309646660-4243879331-1040206939-1000\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Startup: CurseClientStartup.ccip
O4 - Global Startup: FASUSBAudio Control Panel Autostart.lnk = C:\Program Files\Fractal Audio\Axe-Fx II Driver\FASUSBAudioCpl.exe
O4 - Global Startup: Wireless Connection Manager.lnk = ?
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater11.1.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WlanWpsSvc - Unknown owner - C:\Program Files (x86)\D-Link\DWA-131 revA\WlanWpsSvc.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 17832 bytes


the dds report :

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by SoroushG at 17:46:34 on 2012-07-06
Microsoft Windows 7 Professional 6.1.7601.1.1252.61.1033.18.8173.5096 [GMT 10:00]
.
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
C:\Program Files (x86)\D-Link\DWA-131 revA\WlanWpsSvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\lg_fwupdate\fwupdate.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files\Fractal Audio\Axe-Fx II Driver\FASUSBAudioCpl.exe
C:\Users\SoroushG\AppData\Local\Apps\2.0\05GP3TR2.87K\NZNXH8EZ.2TG\curs..ti on_9e9e83ddf3ed3ead_0005.0001_31b318dc2771b66c\CurseClient.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Windows Live\Companion\companionuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Hijackthis\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
c:\program files\windows defender\MpCmdRun.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: SearchHook Class: {bc86e1ab-eda5-4059-938f-ce307b0c6f0a} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
uURLSearchHooks: NCH EN Toolbar: {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll
mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
mURLSearchHooks: NCH EN Toolbar: {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll
mWinlogon: Userinit=userinit.exe,C:\Users\SoroushG\AppData\Local\pwegcyvw\xdvspyfk.exe ,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: NCH EN Toolbar: {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Incredibar.com Helper Object: {6e13dde1-2b6e-46ce-8b66-dc8bf36f6b99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
BHO: Yontoo: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
TB: NCH EN Toolbar: {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
uRun: [Facebook Update] "C:\Users\SoroushG\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Logitech Vid] "C:\Program Files (x86)\Logitech\Vid HD\Vid.exe" -bootmode
uRun: [XdvSpyfk] C:\Users\SoroushG\AppData\Local\pwegcyvw\xdvspyfk.exe
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
mRun: [LGODDFU] "C:\Program Files (x86)\lg_fwupdate\fwupdate.exe" blrun
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\SoroushG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
StartupFolder: C:\Users\SoroushG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xdvspyfk.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FASUSB~1.LNK - C:\Program Files\Fractal Audio\Axe-Fx II Driver\FASUSBAudioCpl.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WIRELE~1.LNK - C:\Program Files (x86)\D-Link\DWA-131 revA\wirelesscm.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 10.0.0.138
TCP: Interfaces\{B7FFD0F4-84B6-42D2-AB03-671310DE1C8D} : DhcpNameServer = 10.0.0.138
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: NCH EN Toolbar: {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll
BHO-X64: NCH EN - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Incredibar.com Helper Object: {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll
BHO-X64: Incredibar.com Helper Object - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
BHO-X64: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll
BHO-X64: Searchqu Toolbar - No File
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
BHO-X64: Vuze Remote - No File
BHO-X64: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll
BHO-X64: Yontoo Layers - No File
TB-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
TB-X64: NCH EN Toolbar: {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
TB-X64: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll
mRun-x64: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun-x64: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
mRun-x64: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun-x64: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun-x64: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun-x64: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
mRun-x64: [LGODDFU] "C:\Program Files (x86)\lg_fwupdate\fwupdate.exe" blrun
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgfwfd;AVG network filter service;C:\Windows\system32\DRIVERS\avgfwd6a.sys --> C:\Windows\system32\DRIVERS\avgfwd6a.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-23 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-13 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-12 140672]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2012\avgfws.exe [2012-3-23 2321520]
R2 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-26 223464]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-5-11 2214504]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2012-2-15 793048]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-6-19 3048136]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-5-20 378472]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
R2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [2012-6-12 935480]
R2 WlanWpsSvc;WlanWpsSvc;C:\Program Files (x86)\D-Link\DWA-131 revA\WlanWpsSvc.exe [2012-1-29 167936]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\system32\drivers\asmthub3.sys --> C:\Windows\system32\drivers\asmthub3.sys [?]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\system32\drivers\asmtxhci.sys --> C:\Windows\system32\drivers\asmtxhci.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\drivers\HECIx64.sys --> C:\Windows\system32\drivers\HECIx64.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;C:\Windows\system32\DRIVERS\RTL81 92su.sys --> C:\Windows\system32\DRIVERS\RTL8192su.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-4-30 5106744]
S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-7-6 136176]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-5 654408]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-9 257224]
S3 axefx2load;Fractal Audio Systems AxeFx2 USB Service;C:\Windows\system32\Drivers\axefx2load.sys --> C:\Windows\system32\Drivers\axefx2load.sys [?]
S3 CompFilter64;UVCCompositeFilter;C:\Windows\system32\DRIVERS\lvbflt64.sys --> C:\Windows\system32\DRIVERS\lvbflt64.sys [?]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 fasusbaudio;fasusbaudio;C:\Windows\system32\DRIVERS\fasusbaudio_x64.sys --> C:\Windows\system32\DRIVERS\fasusbaudio_x64.sys [?]
S3 fasusbaudioks;fasusbaudioks;C:\Windows\system32\DRIVERS\fasusbaudioks_x64.s ys --> C:\Windows\system32\DRIVERS\fasusbaudioks_x64.sys [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-7-6 136176]
S3 L6PODHDBEAN;Service - Line 6 POD HD;C:\Windows\system32\Drivers\L6PODHDBEAN64.sys --> C:\Windows\system32\Drivers\L6PODHDBEAN64.sys [?]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
S3 LVUVC64;Logitech HD Webcam C615(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
S3 ManyCam;ManyCam Virtual Webcam;C:\Windows\system32\DRIVERS\mcvidrv_x64.sys --> C:\Windows\system32\DRIVERS\mcvidrv_x64.sys [?]
S3 mcaudrv_simple;ManyCam Virtual Microphone;C:\Windows\system32\drivers\mcaudrv_x64.sys --> C:\Windows\system32\drivers\mcaudrv_x64.sys [?]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RDID1102;A-PRO;C:\Windows\system32\Drivers\rdwm1102.sys --> C:\Windows\system32\Drivers\rdwm1102.sys [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-07-06 06:54:14 8917360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BFE74FE1-E349-44AA-B98F-F68273001356}\mpengine.dll
2012-07-06 05:48:38 -------- d-----w- C:\Users\SoroushG\AppData\Roaming\SUPERAntiSpyware.com
2012-07-06 05:48:29 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-07-06 05:48:29 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-07-06 00:05:09 -------- d-----w- C:\Program Files\CCleaner
2012-07-05 23:59:11 -------- d-----w- C:\Users\SoroushG\AppData\Local\{C1B402D2-D3BA-40F8-BC7A-B3772E0EBBD3}
2012-07-05 23:58:59 -------- d-----w- C:\Users\SoroushG\AppData\Local\{0E38F27E-CBE1-42AF-9CD3-2CBE33919736}
2012-07-05 13:08:03 41224 ----a-w- C:\Windows\avastSS.scr
2012-07-05 10:55:36 -------- d-----w- C:\Users\SoroushG\AppData\Roaming\Malwarebytes
2012-07-05 10:55:33 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-07-05 10:55:33 -------- d-----w- C:\ProgramData\Malwarebytes
2012-07-05 10:55:33 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-05 10:01:43 -------- d-----w- C:\Users\SoroushG\AppData\Local\{67031DE5-EA40-413C-AEFF-B40AB524FBE0}
2012-07-05 10:00:21 -------- d-----w- C:\Users\SoroushG\AppData\Local\{607FCE63-D690-45CC-8D1C-9E0C9D571E45}
2012-07-05 02:29:56 -------- d-----w- C:\ProgramData\AVAST Software
2012-07-05 02:29:56 -------- d-----w- C:\Program Files\AVAST Software
2012-07-05 02:19:41 -------- d-----w- C:\Users\SoroushG\AppData\Roaming\AVG
2012-07-04 23:40:57 -------- d-----w- C:\Users\SoroushG\AppData\Local\{31028D46-6376-4A4C-8D94-4F774BB18969}
2012-07-04 23:40:43 -------- d-----w- C:\Users\SoroushG\AppData\Local\{7DBC4632-A2FD-4C8E-BB64-3D59A4978C95}
2012-07-04 14:24:57 -------- d-----w- C:\Program Files (x86)\Excel Password Unlocker
2012-07-04 14:24:17 -------- d-----w- C:\Users\SoroushG\AppData\Local\lptmp846331700
2012-07-04 13:40:26 -------- d-----w- C:\Users\SoroushG\AppData\Roaming\Password Solutions
2012-07-04 13:40:26 -------- d-----w- C:\Program Files (x86)\Password Solutions
2012-07-04 02:48:01 -------- d-----w- C:\Users\SoroushG\AppData\Local\{D8761A1E-DE68-4E26-8C74-5D35BAA846B9}
2012-07-04 02:47:48 -------- d-----w- C:\Users\SoroushG\AppData\Local\{2E2FF6BD-2010-4DA2-B86F-E65DE3BC96EE}
2012-07-03 08:37:47 -------- d-----w- C:\Users\SoroushG\AppData\Local\{A21D24A6-ECA6-4AEE-8E8C-C92C5321F2A3}
2012-07-03 08:37:36 -------- d-----w- C:\Users\SoroushG\AppData\Local\{E8A81F9E-27AF-40DB-8B4F-C44822D3C61B}
2012-07-02 03:14:43 -------- d-----w- C:\Users\SoroushG\AppData\Local\{9A549004-65D5-4013-8F19-719F2679DB9C}
2012-07-02 03:14:26 -------- d-----w- C:\Users\SoroushG\AppData\Local\{CF88E378-F4A9-42FC-9B8B-432E48E65ABA}
2012-07-02 00:26:01 -------- d-----w- C:\Users\SoroushG\AppData\Local\{72806CA8-E0B5-4C30-B34D-5B8C6048E3F6}
2012-07-02 00:25:41 -------- d-----w- C:\Users\SoroushG\AppData\Local\{21796185-53A2-4599-9060-7FEA66735773}
2012-07-01 11:27:48 -------- d-----w- C:\Users\SoroushG\AppData\Local\{4D64FEA3-5594-4B3D-941C-B87CC4F29F8B}
2012-07-01 11:27:37 -------- d-----w- C:\Users\SoroushG\AppData\Local\{3B5E776B-FF33-4502-8D5A-D23DB4E975D6}
2012-06-30 23:27:11 -------- d-----w- C:\Users\SoroushG\AppData\Local\{2CC2EA68-101D-4AC8-927A-DD6BB5988C90}
2012-06-30 23:26:59 -------- d-----w- C:\Users\SoroushG\AppData\Local\{57ADDCE6-3DBF-4A83-B330-E60CBA271C94}
2012-06-30 15:00:21 -------- d-----w- C:\Trilogy Data
2012-06-30 15:00:14 -------- d-----w- C:\Program Files (x86)\Spectrasonics
2012-06-30 14:59:36 -------- d-----w- C:\Program Files (x86)\Waves
2012-06-30 14:50:29 -------- d-----w- C:\Program Files (x86)\Native Instruments
2012-06-30 14:49:55 -------- d-----w- C:\Program Files (x86)\Sonnox
2012-06-30 10:36:45 -------- d-----w- C:\Users\SoroushG\AppData\Local\{2F82FAF3-D563-4122-A575-CD397A2448C1}
2012-06-30 10:36:24 -------- d-----w- C:\Users\SoroushG\AppData\Local\{830BF62E-CC3E-4843-ABE4-BAEA9347A8D5}
2012-06-30 03:04:42 -------- d-----w- C:\Program Files (x86)\World of Warcraft
2012-06-29 22:35:43 -------- d-----w- C:\Users\SoroushG\AppData\Local\{E544DE00-88B2-42E8-A011-EC4305BBFA3E}
2012-06-29 22:35:19 -------- d-----w- C:\Users\SoroushG\AppData\Local\{D7E1177B-AB1E-4606-B41E-3F5D6C38C674}
2012-06-29 10:40:34 -------- d-----w- C:\Program Files (x86)\MagicISO
2012-06-29 00:22:52 -------- d-----w- C:\Users\SoroushG\AppData\Local\{44EBF1E6-00D8-433E-A7B4-771BCDD6F3FF}
2012-06-29 00:22:37 -------- d-----w- C:\Users\SoroushG\AppData\Local\{C609EB48-6DCE-4BC6-B032-D81A94C6903F}
2012-06-27 23:31:18 -------- d-----w- C:\Users\SoroushG\AppData\Local\{E695CE18-BFF6-40E9-BD7A-BA607DB91678}
2012-06-27 23:31:05 -------- d-----w- C:\Users\SoroushG\AppData\Local\{35127017-37AD-40DE-9B74-B2BB9CF821D5}
2012-06-27 07:34:15 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment
2012-06-27 07:32:10 -------- d-----w- C:\ProgramData\Blizzard Entertainment
2012-06-27 04:51:26 -------- d-----w- C:\Users\SoroushG\AppData\Roaming\Windows Live Writer
2012-06-27 04:51:26 -------- d-----w- C:\Users\SoroushG\AppData\Local\Windows Live Writer
2012-06-27 01:34:40 -------- d-----w- C:\Users\SoroushG\AppData\Local\{8F41FA2E-C4A3-46E1-917D-E8630D0161A9}
2012-06-27 01:34:25 -------- d-----w- C:\Users\SoroushG\AppData\Local\{B0C8A2B4-C472-4201-AACE-86BE581E6089}
2012-06-27 01:33:34 -------- d-----w- C:\Users\SoroushG\AppData\Local\{0B64CF55-BF9F-4261-B721-EA56D5A4BF61}
2012-06-26 05:41:36 -------- d-----w- C:\Users\SoroushG\AppData\Local\{71F570FD-DF0D-4A22-ACB4-57838066C69F}
2012-06-26 05:41:25 -------- d-----w- C:\Users\SoroushG\AppData\Local\{34BE6047-4E04-46BA-B1EE-12E190E7E223}
2012-06-26 03:56:20 -------- d-----w- C:\Users\SoroushG\AppData\Roaming\DT
2012-06-26 01:27:56 -------- d-----w- C:\Users\SoroushG\AppData\Local\{C0A8ADCD-88C3-412C-8677-C3C435349018}
2012-06-25 12:29:47 -------- d-----w- C:\Users\SoroushG\AppData\Local\The Lord of the Rings Online
2012-06-25 12:15:44 -------- d-----w- C:\Users\SoroushG\AppData\Local\Turbine
2012-06-25 12:15:39 -------- d-----w- C:\Users\SoroushG\AppData\Local\ApplicationHistory
2012-06-25 12:13:23 -------- d-----w- C:\Windows\SysWow64\URTTEMP
2012-06-25 05:00:24 -------- d-----w- C:\Program Files (x86)\Peavey Electronics
2012-06-25 01:20:00 -------- d-----w- C:\Users\SoroushG\AppData\Local\{E361E427-DDA2-4A26-A84A-BC4EF5B7969B}
2012-06-25 01:19:39 -------- d-----w- C:\Users\SoroushG\AppData\Local\{F4D5CBDE-D47A-4392-86E0-2DB028265AE1}
2012-06-24 06:01:48 -------- d-----w- C:\Fraps
2012-06-24 01:43:21 -------- d-----w- C:\Users\SoroushG\AppData\Local\{0E19CD5A-9723-43E7-98E5-3BAF335EF7FB}
2012-06-24 01:43:06 -------- d-----w- C:\Users\SoroushG\AppData\Local\{966CCC46-6D4B-4AE3-847F-C3E85642BFEB}
2012-06-22 21:43:54 -------- d-----w- C:\Users\SoroushG\AppData\Local\{3C39D5E1-CEA9-45CC-9698-0570CB9EE45B}
2012-06-22 21:43:43 -------- d-----w- C:\Users\SoroushG\AppData\Local\{483B828B-61BF-4753-88F6-EDF2617B44E2}
2012-06-22 01:16:10 -------- d-----w- C:\Users\SoroushG\AppData\Local\{98BC77A8-33C5-48D3-ABD4-1D06BB71B8F3}
2012-06-22 01:15:52 -------- d-----w- C:\Users\SoroushG\AppData\Local\{F4A899ED-0C79-4E1C-BE52-4A37B047B3B4}
2012-06-21 01:24:15 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-21 01:23:51 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-21 01:23:28 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-21 01:23:28 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-21 01:21:46 -------- d-----w- C:\Users\SoroushG\AppData\Local\{68DCE7B6-9EAA-41E0-9902-628A6125DC34}
2012-06-21 01:21:34 -------- d-----w- C:\Users\SoroushG\AppData\Local\{6942A2E5-B4CE-4F3A-AD79-0F86D329CC8C}
2012-06-20 13:05:50 -------- d-----w- C:\Users\SoroushG\AppData\Local\{22B85FDD-8F12-4AF4-8370-DA757B97812F}
2012-06-20 13:05:18 -------- d-----w- C:\Users\SoroushG\AppData\Local\{F463C38B-2471-4190-89DF-17CA10B1B6BD}
2012-06-20 00:43:31 -------- d-----w- C:\Users\SoroushG\AppData\Local\{DE9AEF90-A6E9-498A-8833-41331AB71C41}
2012-06-20 00:43:09 -------- d-----w- C:\Users\SoroushG\AppData\Local\{4DD2A456-530F-470A-AAFA-682ECDE92B33}
2012-06-19 09:29:41 -------- d-----w- C:\Users\SoroushG\AppData\Local\{626836D4-0EB4-4EB0-BD11-3B5BE3F6EE3E}
2012-06-19 09:29:29 -------- d-----w- C:\Users\SoroushG\AppData\Local\{94843AA3-85B0-4892-9193-21E1A1445A0F}
2012-06-19 06:32:09 -------- d-----w- C:\Windows\en
2012-06-19 06:28:58 48488 ----a-w- C:\Windows\System32\drivers\fssfltr.sys
2012-06-19 06:25:44 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\5b1457501cd4de402\MeshBetaRemover.exe
2012-06-19 06:25:43 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\5ac01b941cd4de401\DSETUP.dll
2012-06-19 06:25:43 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\5ac01b941cd4de401\DXSETUP.exe
2012-06-19 06:25:43 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\5ac01b941cd4de401\dsetup32.dll
2012-06-19 06:25:02 -------- d-----w- C:\Users\SoroushG\AppData\Local\{D45BDE16-5FF7-4976-881F-876264CBC21B}
2012-06-19 06:24:52 -------- d-----w- C:\Users\SoroushG\AppData\Local\{9AA287EC-C2F0-486A-8741-582B485605F8}
2012-06-19 06:24:44 -------- d-----w- C:\Users\SoroushG\AppData\Local\{442B03E5-3269-47BA-A6FF-25812E5AD5ED}
2012-06-19 06:24:10 -------- d-----w- C:\Users\SoroushG\AppData\Local\{4A5C3B8D-F648-4ACF-8409-06EE327A6FF1}
2012-06-19 06:23:59 -------- d-----w- C:\Users\SoroushG\AppData\Local\{4CD83659-AEAC-4442-A8F5-863673D75A20}
2012-06-19 01:03:37 -------- d-----w- C:\Users\SoroushG\AppData\Local\{35D33BAA-BAAB-4BE2-BAF5-35A532DF4EEE}
2012-06-19 01:03:20 -------- d-----w- C:\Users\SoroushG\AppData\Local\{B24636FC-C08F-4825-AD3E-3964C1B5F194}
2012-06-18 01:34:40 -------- d-----w- C:\Users\SoroushG\AppData\Local\{8B4B664C-3952-4D05-B108-6B54B93F117B}
2012-06-17 04:53:58 -------- dc----w- C:\ProgramData\{00E0164B-B182-4800-96DA-F8D39B3A7189}
2012-06-17 04:26:18 -------- d-----w- C:\Program Files (x86)\Common Files\Digidesign
2012-06-17 04:20:14 -------- d-----w- C:\ProgramData\Native Instruments
2012-06-17 04:16:48 -------- dc----w- C:\ProgramData\{A2B67EC8-CE44-4813-AAC0-BACC1FAF50BE}
2012-06-17 00:28:07 -------- d-----w- C:\Users\SoroushG\AppData\Local\{A540FEBA-9B37-4E66-B00B-1697F0E1DA6B}
2012-06-17 00:27:42 -------- d-----w- C:\Users\SoroushG\AppData\Local\{63428F11-FD4B-4774-AFE6-207BE54A3723}
2012-06-16 06:45:16 -------- d-----w- C:\Users\SoroushG\AppData\Local\{1AAEA756-E723-491E-AEDD-0D76786DA611}
2012-06-16 05:30:59 -------- d-----w- C:\Users\SoroushG\AppData\Local\{352FFB28-97F8-4F9E-827C-35D5B4571005}
2012-06-16 00:29:47 -------- d-----w- C:\Users\SoroushG\AppData\Local\{BA9ABC80-8513-42EE-98EA-93532F549A56}
2012-06-15 06:53:36 -------- d-----w- C:\Users\SoroushG\AppData\Local\{83D0127F-9954-433E-A21A-87B30ABFCBB0}
2012-06-15 00:02:48 -------- d-----w- C:\Users\SoroushG\AppData\Local\{78F44B19-9A1E-41DE-A5FD-A955295160D5}
2012-06-14 00:55:02 -------- d-----w- C:\sprays
2012-06-13 08:06:02 -------- d-----w- C:\Users\SoroushG\AppData\Local\Native Instruments
2012-06-13 07:55:15 -------- dc-h--w- C:\ProgramData\{07D9EF15-1E96-4C9C-911C-4C7AAC443789}
2012-06-13 07:47:29 -------- dc-h--w- C:\ProgramData\{6268CC84-62BB-4890-B980-FC891FC3470E}
2012-06-13 07:45:46 -------- dc-h--w- C:\ProgramData\{018739C5-9E1C-4C10-A298-77A80A04AD61}
2012-06-13 07:40:20 -------- d-----w- C:\Program Files\Native Instruments
2012-06-13 07:40:15 -------- dc-h--w- C:\ProgramData\{BC727A25-34B7-4B46-9D69-E54457E6DD1C}
2012-06-13 02:58:25 -------- d-----w- C:\Users\SoroushG\AppData\Local\{B03898B9-1D59-47F7-84D6-71FCA0404E14}
2012-06-13 02:58:14 -------- d-----w- C:\Users\SoroushG\AppData\Local\{CC6BF45B-2EFC-4F36-B11F-2C1CA4FB3B1E}
2012-06-12 13:42:19 -------- d-----w- C:\Users\SoroushG\AppData\Local\{11E4D9E2-908E-4964-B490-F285235017F2}
2012-06-12 13:42:08 -------- d-----w- C:\Users\SoroushG\AppData\Local\{46325B03-9328-4242-9851-3B94B714E51A}
2012-06-11 21:56:10 -------- d-----w- C:\Users\SoroushG\AppData\Local\{B5A99E22-52E4-4524-8869-5932982C8491}
2012-06-11 21:55:44 -------- d-----w- C:\Users\SoroushG\AppData\Local\{E0164F7C-F795-433B-981C-DC1079878410}
2012-06-11 09:31:12 -------- d-----w- C:\Program Files (x86)\Metal Gear Solid
2012-06-11 08:20:08 -------- d-----w- C:\Users\SoroushG\AppData\Local\{BB9A8EDC-E8B9-4576-A9D6-1F266EB3A5E7}
2012-06-11 08:19:57 -------- d-----w- C:\Users\SoroushG\AppData\Local\{5FADC5E5-8B06-4512-AA77-B32CC21B6D16}
2012-06-11 06:39:16 -------- d-----w- C:\Users\SoroushG\AppData\Local\{55B0E70E-5135-40E2-938A-7CD4E56669C5}
2012-06-11 06:39:05 -------- d-----w- C:\Users\SoroushG\AppData\Local\{B000A583-96D9-40A6-9EE3-2720F79BD9AA}
2012-06-11 06:14:52 -------- d-----w- C:\Users\SoroushG\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446 A847B240591D2C99B.1
2012-06-11 05:26:51 -------- d-----w- C:\Users\SoroushG\AppData\Local\{91092E88-3601-41B1-ADA2-46785ECF5914}
2012-06-11 05:26:40 -------- d-----w- C:\Users\SoroushG\AppData\Local\{4741695C-4DCD-46B2-957B-F12912FA2A3E}
2012-06-10 23:51:11 -------- d-----w- C:\Users\SoroushG\AppData\Local\{9CA8CEF3-A073-473D-BC03-695B0FAEF028}
2012-06-10 23:50:56 -------- d-----w- C:\Users\SoroushG\AppData\Local\{834A0EE4-2506-415D-879C-ADE41755E55A}
2012-06-10 12:07:41 -------- d-----w- C:\Users\SoroushG\AppData\Local\{5AD72470-0390-4321-B357-729073F25461}
2012-06-10 09:31:28 -------- d-----w- C:\Users\SoroushG\AppData\Local\{40AE7C9A-AE59-4ACC-95BC-625E26849429}
2012-06-10 03:42:06 -------- d-----w- C:\Users\SoroushG\AppData\Local\{B3833BD4-9888-4362-AC36-36A1C3F07B8F}
2012-06-10 03:16:44 -------- d-----w- C:\Users\SoroushG\AppData\Local\{A16CBAAC-5D1C-4FC7-9993-161052139F43}
2012-06-10 03:16:34 -------- d-----w- C:\Users\SoroushG\AppData\Local\{E6C37B77-75CF-4962-8CC5-6EFA66B5A0BD}
2012-06-09 04:26:22 -------- d-----w- C:\Users\SoroushG\AppData\Local\{64130B91-4DD2-4EF6-928E-A8C8D1E917A5}
2012-06-09 04:26:06 -------- d-----w- C:\Users\SoroushG\AppData\Local\{67302E7F-FB11-46A1-96A0-D89F472A252A}
2012-06-08 12:37:01 -------- d-----w- C:\Users\SoroushG\AppData\Local\{0C80EA14-FA64-4BE3-8F43-F7AC04303062}
2012-06-08 03:20:52 -------- d-----w- C:\Users\SoroushG\AppData\Local\{8FA41823-C95A-4DF7-A191-69BED11DA485}
2012-06-08 03:20:41 -------- d-----w- C:\Users\SoroushG\AppData\Local\{A4F3262D-A05F-4880-B614-CABE4D143233}
2012-06-08 00:35:19 -------- d-----w- C:\Users\SoroushG\AppData\Local\{52EA9A05-84FF-4311-8B98-757EAA3C9F0D}
2012-06-08 00:35:08 -------- d-----w- C:\Users\SoroushG\AppData\Local\{1AB8A017-A855-4D75-98F8-E54FBA759A95}
2012-06-07 00:32:46 -------- d-----w- C:\Users\SoroushG\AppData\Local\{ABE37A04-90FC-43F7-88DB-687232F8D949}
2012-06-07 00:32:35 -------- d-----w- C:\Users\SoroushG\AppData\Local\{98309290-86E9-4717-AF66-1A7F1B153909}
2012-06-06 11:54:32 -------- d-----w- C:\V6_presets (2)
2012-06-06 11:54:22 -------- d-----w- C:\axefx2_6p01
2012-06-06 10:39:54 -------- d-----w- C:\Users\SoroushG\AppData\Local\{35F2DCB1-C874-4B99-8BF0-46840707EE7F}
2012-06-06 10:39:44 -------- d-----w- C:\Users\SoroushG\AppData\Local\{77C28A31-291D-4CF4-9D86-16CFCF9933F0}
.
==================== Find3M ====================
.
2012-06-25 01:23:02 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-25 01:23:02 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-05-04 23:21:08 8769696 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-30 03:49:51 723230 ----a-w- C:\Windows\unins000.exe
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-04-18 18:50:26 28480 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2012-04-07 12:31:40 3216384 ----a-w- C:\Windows\System32\msi.dll
2012-04-07 11:26:29 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
.
============= FINISH: 17:47:29.87 ===============
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 8,514 posts.
  
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
06-Jul-2012, 04:52 AM #4
Please download OTM by OldTimer.
Alternative Mirror 1
Alternative Mirror 2
Save it to your desktop.
Double click OTM.exe to start the tool. Vista or Windows 7 users right click and select Run as Administrator. Be aware all processes will stopped during run, also Desktop will disappear, this will be put back on completion....
  • Copy the text from the code box belowbelow to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    Code:
    :reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon]
"UserInit"="C:\\WINDOWS\\system32\\userinit.exe,"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"XdvSpyfk"=-
:Services
:Files
ipconfig /flushdns /c
C:\Users\SoroushG\AppData\Local\pwegcyvw
:Commands
[EmptyTemp]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

If the machine reboots, the Results log can be found here:

c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log

Where mmddyyyy_hhmmss is the date of the tool run.


Next,

Please download Malwarebytes Anti-Malware and save it to your desktop.
Alernative D/L mirror
Alternative D/L mirror

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Post those two logs...

Kevin
axle1's Avatar
Computer Specs
Member with 30 posts.
THREAD STARTER
  
Join Date: Jul 2012
Experience: Beginner
06-Jul-2012, 05:20 AM #5
All processes killed
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon\\"U serInit"|"C:\\WINDOWS\\system32\\userinit.exe," /E : value set successfully!
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\XdvSpyfk deleted successfully.
========== SERVICES/DRIVERS ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\SoroushG\Desktop\cmd.bat deleted successfully.
C:\Users\SoroushG\Desktop\cmd.txt deleted successfully.
C:\Users\SoroushG\AppData\Local\pwegcyvw folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56478 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: SoroushG
->Temp folder emptied: 26467204 bytes
->Temporary Internet Files folder emptied: 244345798 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 13191887 bytes
->Flash cache emptied: 4298 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 706764 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\ Temporary Internet Files folder emptied: 79108 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows \Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 272.00 mb


OTM by OldTimer - Version 3.1.21.0 log created on 07062012_190644
Files moved on Reboot...
C:\Users\SoroushG\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\SoroushG\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\SoroushG\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZGQAP99G\AjaxHistoryFrame[1].htm moved successfully.
C:\Users\SoroushG\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZGQAP99G\B6040797;sz=160x600;ord=134047475[1].htm moved successfully.
C:\Users\SoroushG\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZGQAP99G\direct;auc.1019905978415219439;ai.172558735.2461 26409;ac.1341533877-6691057;wi.160;hi.600;cp.0[1].htm moved successfully.
C:\Users\SoroushG\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZGQAP99G\tt[1].htm moved successfully.
C:\Users\SoroushG\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZGQAP99G\xmlProxy[1].htm moved successfully.
C:\Users\SoroushG\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LCGM5ZIQ\default[1].htm moved successfully.
C:\Users\SoroushG\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LCGM5ZIQ\emily[1].htm moved successfully.
C:\Users\SoroushG\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LCGM5ZIQ\iframe[1].htm moved successfully.
C:\Users\SoroushG\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LCGM5ZIQ\resourcespreload[1].htm moved successfully.
C:\Users\SoroushG\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JF6JKK1Y\1059846-memory-issues[1].htm moved successfully.
C:\Users\SoroushG\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JF6JKK1Y\addons-v4[1].htm moved successfully.
C:\Users\SoroushG\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JF6JKK1Y\EditMessageLight[1].htm moved successfully.
C:\Users\SoroushG\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JF6JKK1Y\Messenger[1].htm moved successfully.
C:\Users\SoroushG\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JF6JKK1Y\resourcespreload[1].htm moved successfully.
C:\Users\SoroushG\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G36RBGT1\InboxLight[1].htm moved successfully.
C:\Users\SoroushG\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G36RBGT1\resourcespreload[1].htm moved successfully.
C:\Users\SoroushG\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\94LF0WN1\LocalStorage[1].htm moved successfully.
C:\Users\SoroushG\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\94LF0WN1\WebIMPop[1].htm moved successfully.
C:\Users\SoroushG\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2SCUGHLD\300x250iframeintlv2[1].htm moved successfully.
C:\Users\SoroushG\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2SCUGHLD\addons-tracker-v4[1].htm moved successfully.
C:\Users\SoroushG\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2SCUGHLD\adloader[1].htm moved successfully.
C:\Users\SoroushG\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2SCUGHLD\RteFrame_16.2.7040.0620[1].htm moved successfully.
C:\Users\SoroushG\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1P6KTL9D\xmlProxy[1].htm moved successfully.
Registry entries deleted on Reboot...
axle1's Avatar
Computer Specs
Member with 30 posts.
THREAD STARTER
  
Join Date: Jul 2012
Experience: Beginner
06-Jul-2012, 05:28 AM #6
i tried to download malware bytes, but as i installed it, all that happened was it came up with some message then went away quickly, it keeps doing it. It says that malware bytes is either missing or corrupt ?
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 8,514 posts.
  
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
06-Jul-2012, 05:51 AM #7
Download OTL from any of the following links and save to your Desktop:

Link 1
Link 2
Link 3
  • Double click on the icon to run it, Vista or Windows 7 users right click and select Run as Administartor. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top, make sure Standard output is selected.
  • Select Scan all users
  • Under the Extra Registry section, check Use SafeList
  • In the lower right corner, checkmark "LOP Check" and checkmark "Purity Check".
  • Under the Custom Scan box paste this in:

    Code:
    netsvcs
%systemroot%\*. /mp /s
%systemroot%\*. /rp /s
msconfig
%SYSTEMDRIVE%\*.exe
%LOCALAPPDATA%\*.exe
/md5start
consrv.dll
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT
  • Click the button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them in your reply

Kevin
axle1's Avatar
Computer Specs
Member with 30 posts.
THREAD STARTER
  
Join Date: Jul 2012
Experience: Beginner
06-Jul-2012, 07:03 AM #8
OTL text :

OTL logfile created on: 6/07/2012 8:41:47 PM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\SoroushG\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

7.98 Gb Total Physical Memory | 5.93 Gb Available Physical Memory | 74.27% Memory free
31.90 Gb Paging File | 0.39 Gb Available in Paging File | 1.21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1853.24 Gb Total Space | 1345.43 Gb Free Space | 72.60% Space Free | Partition Type: NTFS
Drive I: | 3.74 Gb Total Space | 2.91 Gb Free Space | 77.97% Space Free | Partition Type: FAT32

Computer Name: SOROUSHG-PC | User Name: SoroushG | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/06 20:05:48 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\SoroushG\Desktop\OTL.exe
PRC - [2012/06/19 17:32:30 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/06/12 08:54:35 | 000,935,480 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
PRC - [2012/03/23 05:57:00 | 002,321,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
PRC - [2012/02/26 12:25:44 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2012/02/22 15:57:16 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/02/03 01:16:56 | 002,671,936 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
PRC - [2012/01/18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2012/01/04 21:24:50 | 000,793,048 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2012/01/04 21:24:50 | 000,103,896 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
PRC - [2012/01/03 23:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/11/11 14:08:06 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011/10/25 11:40:44 | 000,389,120 | ---- | M] () -- C:\Program Files\Fractal Audio\Axe-Fx II Driver\FASUSBAudioCpl.exe
PRC - [2011/07/29 09:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/05/25 17:25:28 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/05/20 21:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009/12/15 12:47:00 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/10/26 12:16:00 | 000,223,464 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
PRC - [2009/10/26 12:15:56 | 000,375,000 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
PRC - [2008/10/01 17:43:12 | 000,548,864 | ---- | M] (BL) -- C:\Program Files (x86)\lg_fwupdate\fwupdate.exe
PRC - [2008/06/26 18:09:36 | 000,167,936 | ---- | M] () -- C:\Program Files (x86)\D-Link\DWA-131 revA\WlanWpsSvc.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/19 21:28:32 | 020,313,384 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2012/06/19 21:28:30 | 000,895,312 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2012/06/19 21:28:28 | 000,123,192 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012/06/19 21:28:26 | 000,190,776 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012/06/19 21:28:24 | 001,099,576 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2011/11/11 14:08:18 | 007,956,504 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2011/11/11 14:08:18 | 000,342,552 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2011/11/11 14:08:18 | 000,128,536 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2011/11/11 14:08:18 | 000,029,208 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2011/11/11 14:08:06 | 002,145,304 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2011/11/01 22:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 22:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/10/25 11:40:44 | 000,389,120 | ---- | M] () -- C:\Program Files\Fractal Audio\Axe-Fx II Driver\FASUSBAudioCpl.exe
MOD - [2011/10/17 03:04:58 | 000,176,128 | ---- | M] () -- C:\Program Files\Fractal Audio\Axe-Fx II Driver\tusbaudioapi.dll
MOD - [2011/07/29 09:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/29 09:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2009/12/15 12:49:20 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/12/15 12:46:38 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2009/06/27 09:11:12 | 000,503,202 | ---- | M] () -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/08/12 09:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/14 11:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 11:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/06/25 11:23:02 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/19 21:28:34 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/06/19 17:32:30 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/06/12 08:54:35 | 000,935,480 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe -- (vToolbarUpdater11.1.0)
SRV - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/03/23 05:57:00 | 002,321,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgfws.exe -- (avgfws)
SRV - [2012/02/22 15:57:16 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2012/01/18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2012/01/04 21:24:50 | 000,793,048 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2012/01/03 23:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/25 17:25:28 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/05/20 21:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/26 12:16:00 | 000,223,464 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009/06/11 07:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/06/26 18:09:36 | 000,167,936 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\D-Link\DWA-131 revA\WlanWpsSvc.exe -- (WlanWpsSvc)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/06/27 11:58:24 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | Disabled | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/03/19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/01 16:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 20:34:36 | 000,028,160 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys -- (mcaudrv_simple)
DRV:64bit: - [2012/02/22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/02/06 14:42:54 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2012/01/18 16:44:14 | 000,025,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvbflt64.sys -- (CompFilter64)
DRV:64bit: - [2012/01/18 06:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech HD Webcam C615(UVC)
DRV:64bit: - [2012/01/18 06:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2012/01/11 16:11:20 | 000,034,304 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys -- (ManyCam)
DRV:64bit: - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/12/23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/12/01 06:13:44 | 000,772,096 | ---- | M] (Line 6) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L6PODHDBEAN64.sys -- (L6PODHDBEAN)
DRV:64bit: - [2011/11/01 10:51:44 | 000,055,600 | ---- | M] (Cypress Semiconductor) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\axefx2load.sys -- (axefx2load)
DRV:64bit: - [2011/11/01 10:51:42 | 000,246,576 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fasusbaudio_x64.sys -- (fasusbaudio)
DRV:64bit: - [2011/11/01 10:51:42 | 000,053,040 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fasusbaudioks_x64.sys -- (fasusbaudioks)
DRV:64bit: - [2011/08/02 16:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/07/23 02:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/13 07:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/05/25 17:25:48 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/05/23 01:03:28 | 000,048,992 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)
DRV:64bit: - [2011/03/11 16:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 16:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/16 17:11:08 | 000,428,136 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/11/21 13:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 13:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/21 13:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 13:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/20 02:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010/10/15 19:42:48 | 000,356,328 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2010/10/15 19:42:48 | 000,121,320 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2009/09/19 04:39:17 | 000,081,920 | ---- | M] (Roland Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rdwm1102.sys -- (RDID1102)
DRV:64bit: - [2009/08/20 10:00:10 | 000,664,576 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su)
DRV:64bit: - [2009/07/14 11:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 11:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 11:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/11 06:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 06:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 06:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 06:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/07/14 11:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src...q={searchTerms}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2309646660-4243879331-1040206939-1000\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKU\S-1-5-21-2309646660-4243879331-1040206939-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2309646660-4243879331-1040206939-1000\..\SearchScopes\{38D687C0-F3EC-4d85-9887-00EC7128D9FA}: "URL" = http://www.google.com/custom?client=...q={searchTerms}
IE - HKU\S-1-5-21-2309646660-4243879331-1040206939-1000\..\SearchScopes\{4C32567E-83DA-4704-BD72-476E6B4F28BD}: "URL" = http://au.search.yahoo.com/search?p=...cevm&type=EGMB
IE - HKU\S-1-5-21-2309646660-4243879331-1040206939-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2309646660-4243879331-1040206939-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2309646660-4243879331-1040206939-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
IE - HKU\S-1-5-21-2309646660-4243879331-1040206939-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-AU
IE - HKU\S-1-5-21-2309646660-4243879331-1040206939-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2B 68 4C 5F 19 DE CC 01 [binary data]
IE - HKU\S-1-5-21-2309646660-4243879331-1040206939-1001\..\URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2309646660-4243879331-1040206939-1001\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2309646660-4243879331-1040206939-1001\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKU\S-1-5-21-2309646660-4243879331-1040206939-1001\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKU\S-1-5-21-2309646660-4243879331-1040206939-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={search...0084c9b242f885
IE - HKU\S-1-5-21-2309646660-4243879331-1040206939-1001\..\SearchScopes\{5C0523FF-71F5-46ce-87CA-AD87DFD5E6DF}: "URL" = http://www.bing.com/search?q={search...SPLBR2&pc=SPLH
IE - HKU\S-1-5-21-2309646660-4243879331-1040206939-1001\..\SearchScopes\{859C9482-2722-4421-9FF3-7CECB3136CDF}: "URL" = http://au.search.yahoo.com/search?p=...evm&type=STDVM
IE - HKU\S-1-5-21-2309646660-4243879331-1040206939-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={1...r&d=2012-05-12 23:04:27&v=11.0.0.9&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-2309646660-4243879331-1040206939-1001\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src...q={searchTerms}
IE - HKU\S-1-5-21-2309646660-4243879331-1040206939-1001\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb133/...R8rs10ZHT&i=26
IE - HKU\S-1-5-21-2309646660-4243879331-1040206939-1001\..\SearchScopes\{D8400222-D414-4e98-B038-9798204DFB95}: "URL" = http://www.google.com/cse?cx=partner...q={searchTerms}
IE - HKU\S-1-5-21-2309646660-4243879331-1040206939-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2309646660-4243879331-1040206939-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\SoroushG\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling .dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/02/15 15:05:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.7\ [2012/07/05 11:56:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/07/05 11:56:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/05 11:56:04 | 000,000,000 | ---D | M]

[2012/04/30 13:50:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Search the web (Babylon) (Enabled)
CHR - default_search_provider: search_url = http://search.babylon.com/?q={search...0084c9b242f885
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:ins tantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.47\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.47\gcswf32.dll
CHR - plugin: Skype Click to Call (Enabled) = C:\Users\SoroushG\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.0.0.10297_0\npSk ypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\SoroushG\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling .dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll

O1 HOSTS File: ([2009/06/11 07:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (NCH EN Toolbar) - {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll File not found
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll File not found
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
O3:64bit: - HKLM\..\Toolbar: (no name) - !{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (NCH EN Toolbar) - {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll File not found
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LGODDFU] C:\Program Files (x86)\lg_fwupdate\fwupdate.exe (BL)
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2309646660-4243879331-1040206939-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2309646660-4243879331-1040206939-1001..\Run: [DAEMON Tools Pro Agent] C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-2309646660-4243879331-1040206939-1001..\Run: [Facebook Update] C:\Users\SoroushG\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-2309646660-4243879331-1040206939-1001..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-2309646660-4243879331-1040206939-1001..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-2309646660-4243879331-1040206939-1001..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-2309646660-4243879331-1040206939-1001..\Run: [XdvSpyfk] C:\Users\SoroushG\AppData\Local\pwegcyvw\xdvspyfk.exe File not found
O4 - HKU\S-1-5-21-2309646660-4243879331-1040206939-1001..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2309646660-4243879331-1040206939-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\SoroushG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts.../ieawsdc64.cab (Microsoft Office Template and Media Control)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B7FFD0F4-84B6-42D2-AB03-671310DE1C8D}: DhcpNameServer = 10.0.0.138
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Users\SoroushG\AppData\Local\pwegcyvw\xdvspyfk.exe) - C:\Users\SoroushG\AppData\Local\pwegcyvw\xdvspyfk.exe File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{91e33863-5070-11e1-971c-f46d049d9437}\Shell - "" = AutoRun
O33 - MountPoints2\{91e33863-5070-11e1-971c-f46d049d9437}\Shell\AutoRun\command - "" = J:\SETUP.EXE
O33 - MountPoints2\{91e33863-5070-11e1-971c-f46d049d9437}\Shell\configure\command - "" = J:\SETUP.EXE
O33 - MountPoints2\{91e33863-5070-11e1-971c-f46d049d9437}\Shell\install\command - "" = J:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/07/06 20:05:48 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\SoroushG\Desktop\OTL.exe
[2012/07/06 19:24:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/06 19:24:47 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/07/06 19:24:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/07/06 19:11:12 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\pwegcyvw
[2012/07/06 19:06:44 | 000,000,000 | ---D | C] -- C:\_OTM
[2012/07/06 18:53:56 | 000,522,240 | ---- | C] (OldTimer Tools) -- C:\Users\SoroushG\Desktop\OTM.exe
[2012/07/06 17:46:27 | 000,607,260 | ---- | C] (Swearware) -- C:\Users\SoroushG\Desktop\dds.com
[2012/07/06 17:43:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hijackthis
[2012/07/06 15:48:38 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Roaming\SUPERAntiSpyware.com
[2012/07/06 15:48:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/07/06 15:48:29 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/07/06 15:48:29 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/07/06 14:44:06 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\Desktop\SARA
[2012/07/06 10:05:09 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/07/06 09:59:11 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{C1B402D2-D3BA-40F8-BC7A-B3772E0EBBD3}
[2012/07/06 09:58:59 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{0E38F27E-CBE1-42AF-9CD3-2CBE33919736}
[2012/07/05 23:20:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/07/05 23:08:36 | 000,355,856 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/07/05 23:08:26 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/07/05 23:08:03 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/07/05 20:55:36 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Roaming\Malwarebytes
[2012/07/05 20:55:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/07/05 20:01:43 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{67031DE5-EA40-413C-AEFF-B40AB524FBE0}
[2012/07/05 20:00:21 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{607FCE63-D690-45CC-8D1C-9E0C9D571E45}
[2012/07/05 12:31:11 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/07/05 12:29:56 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/07/05 12:29:56 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/07/05 12:19:41 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Roaming\AVG
[2012/07/05 10:54:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2012/07/05 10:54:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012/07/05 09:40:57 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{31028D46-6376-4A4C-8D94-4F774BB18969}
[2012/07/05 09:40:43 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{7DBC4632-A2FD-4C8E-BB64-3D59A4978C95}
[2012/07/05 00:24:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Excel Password Unlocker
[2012/07/05 00:24:17 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\lptmp846331700
[2012/07/04 23:40:27 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Office Password Recovery PRO
[2012/07/04 23:40:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Office Password Recovery PRO
[2012/07/04 23:40:26 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Roaming\Password Solutions
[2012/07/04 23:40:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Password Solutions
[2012/07/04 23:40:26 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\Documents\My Password Recovery
[2012/07/04 23:37:49 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\Documents\extract
[2012/07/04 12:48:01 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{D8761A1E-DE68-4E26-8C74-5D35BAA846B9}
[2012/07/04 12:47:48 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{2E2FF6BD-2010-4DA2-B86F-E65DE3BC96EE}
[2012/07/03 18:37:47 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{A21D24A6-ECA6-4AEE-8E8C-C92C5321F2A3}
[2012/07/03 18:37:36 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{E8A81F9E-27AF-40DB-8B4F-C44822D3C61B}
[2012/07/02 20:50:29 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\Documents\half life 2 episode 2
[2012/07/02 13:14:43 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{9A549004-65D5-4013-8F19-719F2679DB9C}
[2012/07/02 13:14:26 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{CF88E378-F4A9-42FC-9B8B-432E48E65ABA}
[2012/07/02 10:26:01 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{72806CA8-E0B5-4C30-B34D-5B8C6048E3F6}
[2012/07/02 10:25:41 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{21796185-53A2-4599-9060-7FEA66735773}
[2012/07/01 21:27:48 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{4D64FEA3-5594-4B3D-941C-B87CC4F29F8B}
[2012/07/01 21:27:37 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{3B5E776B-FF33-4502-8D5A-D23DB4E975D6}
[2012/07/01 09:41:50 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse
[2012/07/01 09:27:11 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{2CC2EA68-101D-4AC8-927A-DD6BB5988C90}
[2012/07/01 09:26:59 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{57ADDCE6-3DBF-4A83-B330-E60CBA271C94}
[2012/07/01 01:01:58 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\Documents\daemon
[2012/07/01 01:00:21 | 000,000,000 | ---D | C] -- C:\Trilogy Data
[2012/07/01 01:00:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spectrasonics
[2012/07/01 00:59:47 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Waves
[2012/07/01 00:59:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Waves
[2012/07/01 00:50:31 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Native Instruments Reaktor 5
[2012/07/01 00:50:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Native Instruments
[2012/07/01 00:49:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sonnox
[2012/06/30 20:36:45 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{2F82FAF3-D563-4122-A575-CD397A2448C1}
[2012/06/30 20:36:24 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{830BF62E-CC3E-4843-ABE4-BAEA9347A8D5}
[2012/06/30 13:04:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
[2012/06/30 13:04:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\World of Warcraft
[2012/06/30 08:35:43 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{E544DE00-88B2-42E8-A011-EC4305BBFA3E}
[2012/06/30 08:35:19 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{D7E1177B-AB1E-4606-B41E-3F5D6C38C674}
[2012/06/29 20:40:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicISO
[2012/06/29 20:40:34 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MagicISO
[2012/06/29 20:40:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MagicISO
[2012/06/29 10:22:52 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{44EBF1E6-00D8-433E-A7B4-771BCDD6F3FF}
[2012/06/29 10:22:37 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{C609EB48-6DCE-4BC6-B032-D81A94C6903F}
[2012/06/28 19:41:09 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\Documents\My Curse
[2012/06/28 09:31:18 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{E695CE18-BFF6-40E9-BD7A-BA607DB91678}
[2012/06/28 09:31:05 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{35127017-37AD-40DE-9B74-B2BB9CF821D5}
[2012/06/27 17:34:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2012/06/27 17:32:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2012/06/27 14:51:26 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Roaming\Windows Live Writer
[2012/06/27 14:51:26 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\Windows Live Writer
[2012/06/27 11:34:40 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{8F41FA2E-C4A3-46E1-917D-E8630D0161A9}
[2012/06/27 11:34:25 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{B0C8A2B4-C472-4201-AACE-86BE581E6089}
[2012/06/27 11:33:34 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{0B64CF55-BF9F-4261-B721-EA56D5A4BF61}
[2012/06/26 15:41:36 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{71F570FD-DF0D-4A22-ACB4-57838066C69F}
[2012/06/26 15:41:25 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{34BE6047-4E04-46BA-B1EE-12E190E7E223}
[2012/06/26 13:56:20 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Roaming\DT
[2012/06/26 11:27:56 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{C0A8ADCD-88C3-412C-8677-C3C435349018}
[2012/06/25 22:29:47 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\Documents\The Lord of the Rings Online
[2012/06/25 22:29:47 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\The Lord of the Rings Online
[2012/06/25 22:15:44 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\Turbine
[2012/06/25 22:15:39 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\ApplicationHistory
[2012/06/25 22:13:23 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\URTTEMP
[2012/06/25 15:00:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ReValver Mk III
[2012/06/25 15:00:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Peavey Electronics
[2012/06/25 11:20:00 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{E361E427-DDA2-4A26-A84A-BC4EF5B7969B}
[2012/06/25 11:19:39 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{F4D5CBDE-D47A-4392-86E0-2DB028265AE1}
[2012/06/24 16:16:46 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\Documents\fraps
[2012/06/24 16:01:48 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fraps
[2012/06/24 16:01:48 | 000,000,000 | ---D | C] -- C:\Fraps
[2012/06/24 11:43:21 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{0E19CD5A-9723-43E7-98E5-3BAF335EF7FB}
[2012/06/24 11:43:06 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{966CCC46-6D4B-4AE3-847F-C3E85642BFEB}
[2012/06/23 07:43:54 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{3C39D5E1-CEA9-45CC-9698-0570CB9EE45B}
[2012/06/23 07:43:43 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{483B828B-61BF-4753-88F6-EDF2617B44E2}
[2012/06/22 11:16:10 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{98BC77A8-33C5-48D3-ABD4-1D06BB71B8F3}
[2012/06/22 11:15:52 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{F4A899ED-0C79-4E1C-BE52-4A37B047B3B4}
[2012/06/21 11:24:15 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012/06/21 11:24:15 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012/06/21 11:24:15 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012/06/21 11:23:51 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012/06/21 11:23:51 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012/06/21 11:23:51 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012/06/21 11:23:28 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012/06/21 11:23:28 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012/06/21 11:21:46 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{68DCE7B6-9EAA-41E0-9902-628A6125DC34}
[2012/06/21 11:21:34 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{6942A2E5-B4CE-4F3A-AD79-0F86D329CC8C}
[2012/06/20 23:05:50 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{22B85FDD-8F12-4AF4-8370-DA757B97812F}
[2012/06/20 23:05:18 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{F463C38B-2471-4190-89DF-17CA10B1B6BD}
[2012/06/20 10:43:31 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{DE9AEF90-A6E9-498A-8833-41331AB71C41}
[2012/06/20 10:43:09 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{4DD2A456-530F-470A-AAFA-682ECDE92B33}
[2012/06/19 19:29:41 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{626836D4-0EB4-4EB0-BD11-3B5BE3F6EE3E}
[2012/06/19 19:29:29 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{94843AA3-85B0-4892-9193-21E1A1445A0F}
[2012/06/19 16:32:09 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012/06/19 16:28:58 | 000,048,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fssfltr.sys
[2012/06/19 16:25:02 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{D45BDE16-5FF7-4976-881F-876264CBC21B}
[2012/06/19 16:24:52 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{9AA287EC-C2F0-486A-8741-582B485605F8}
[2012/06/19 16:24:44 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{442B03E5-3269-47BA-A6FF-25812E5AD5ED}
[2012/06/19 16:24:10 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{4A5C3B8D-F648-4ACF-8409-06EE327A6FF1}
[2012/06/19 16:23:59 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{4CD83659-AEAC-4442-A8F5-863673D75A20}
[2012/06/19 11:03:37 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{35D33BAA-BAAB-4BE2-BAF5-35A532DF4EEE}
[2012/06/19 11:03:20 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{B24636FC-C08F-4825-AD3E-3964C1B5F194}
[2012/06/18 11:34:40 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{8B4B664C-3952-4D05-B108-6B54B93F117B}
[2012/06/17 14:53:58 | 000,000,000 | ---D | C] -- C:\ProgramData\{00E0164B-B182-4800-96DA-F8D39B3A7189}
[2012/06/17 14:26:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Digidesign
[2012/06/17 14:20:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Native Instruments
[2012/06/17 14:16:48 | 000,000,000 | ---D | C] -- C:\ProgramData\{A2B67EC8-CE44-4813-AAC0-BACC1FAF50BE}
[2012/06/17 10:28:07 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{A540FEBA-9B37-4E66-B00B-1697F0E1DA6B}
[2012/06/17 10:27:42 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{63428F11-FD4B-4774-AFE6-207BE54A3723}
[2012/06/16 16:45:16 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{1AAEA756-E723-491E-AEDD-0D76786DA611}
[2012/06/16 15:30:59 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{352FFB28-97F8-4F9E-827C-35D5B4571005}
[2012/06/16 10:29:47 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{BA9ABC80-8513-42EE-98EA-93532F549A56}
[2012/06/15 16:53:36 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{83D0127F-9954-433E-A21A-87B30ABFCBB0}
[2012/06/15 10:02:48 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{78F44B19-9A1E-41DE-A5FD-A955295160D5}
[2012/06/14 17:00:28 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\Documents\Youcam
[2012/06/14 10:55:02 | 000,000,000 | ---D | C] -- C:\sprays
[2012/06/14 00:47:30 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/06/14 00:47:30 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/06/14 00:47:29 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/06/14 00:47:29 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/06/14 00:47:27 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/06/14 00:47:27 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/06/14 00:47:26 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/06/14 00:47:26 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/06/14 00:47:24 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/06/14 00:47:24 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/06/14 00:47:23 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/06/14 00:47:23 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/06/14 00:47:22 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/06/13 18:06:02 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\Native Instruments
[2012/06/13 18:00:53 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\Documents\Native Instruments
[2012/06/13 17:55:15 | 000,000,000 | -H-D | C] -- C:\ProgramData\{07D9EF15-1E96-4C9C-911C-4C7AAC443789}
[2012/06/13 17:47:29 | 000,000,000 | -H-D | C] -- C:\ProgramData\{6268CC84-62BB-4890-B980-FC891FC3470E}
[2012/06/13 17:45:46 | 000,000,000 | -H-D | C] -- C:\ProgramData\{018739C5-9E1C-4C10-A298-77A80A04AD61}
[2012/06/13 17:40:20 | 000,000,000 | ---D | C] -- C:\Program Files\Native Instruments
[2012/06/13 17:40:15 | 000,000,000 | -H-D | C] -- C:\ProgramData\{BC727A25-34B7-4B46-9D69-E54457E6DD1C}
[2012/06/13 15:29:39 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/06/13 15:29:39 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/06/13 15:29:39 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/06/13 15:29:28 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/06/13 15:29:28 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/06/13 15:29:28 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/06/13 15:29:26 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012/06/13 15:29:18 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/06/13 15:29:18 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012/06/13 12:58:25 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{B03898B9-1D59-47F7-84D6-71FCA0404E14}
[2012/06/13 12:58:14 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{CC6BF45B-2EFC-4F36-B11F-2C1CA4FB3B1E}
[2012/06/12 23:42:19 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{11E4D9E2-908E-4964-B490-F285235017F2}
[2012/06/12 23:42:08 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{46325B03-9328-4242-9851-3B94B714E51A}
[2012/06/12 07:56:10 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{B5A99E22-52E4-4524-8869-5932982C8491}
[2012/06/12 07:55:44 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{E0164F7C-F795-433B-981C-DC1079878410}
[2012/06/11 20:00:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Utilities
[2012/06/11 19:33:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Metal Gear Solid
[2012/06/11 19:31:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Metal Gear Solid
[2012/06/11 18:20:08 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{BB9A8EDC-E8B9-4576-A9D6-1F266EB3A5E7}
[2012/06/11 18:19:57 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{5FADC5E5-8B06-4512-AA77-B32CC21B6D16}
[2012/06/11 16:39:16 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{55B0E70E-5135-40E2-938A-7CD4E56669C5}
[2012/06/11 16:39:05 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{B000A583-96D9-40A6-9EE3-2720F79BD9AA}
[2012/06/11 16:14:52 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446 A847B240591D2C99B.1
[2012/06/11 15:26:51 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{91092E88-3601-41B1-ADA2-46785ECF5914}
[2012/06/11 15:26:40 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{4741695C-4DCD-46B2-957B-F12912FA2A3E}
[2012/06/11 09:51:11 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{9CA8CEF3-A073-473D-BC03-695B0FAEF028}
[2012/06/11 09:50:56 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{834A0EE4-2506-415D-879C-ADE41755E55A}
[2012/06/10 22:07:41 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{5AD72470-0390-4321-B357-729073F25461}
[2012/06/10 19:31:28 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{40AE7C9A-AE59-4ACC-95BC-625E26849429}
[2012/06/10 13:42:06 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{B3833BD4-9888-4362-AC36-36A1C3F07B8F}
[2012/06/10 13:16:44 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{A16CBAAC-5D1C-4FC7-9993-161052139F43}
[2012/06/10 13:16:34 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{E6C37B77-75CF-4962-8CC5-6EFA66B5A0BD}
[2012/06/09 21:27:49 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\Desktop\Sleep Studies
[2012/06/09 21:25:12 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\Desktop\USB Dad
[2012/06/09 14:26:22 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{64130B91-4DD2-4EF6-928E-A8C8D1E917A5}
[2012/06/09 14:26:06 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{67302E7F-FB11-46A1-96A0-D89F472A252A}
[2012/06/08 22:37:01 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{0C80EA14-FA64-4BE3-8F43-F7AC04303062}
[2012/06/08 13:20:52 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{8FA41823-C95A-4DF7-A191-69BED11DA485}
[2012/06/08 13:20:41 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{A4F3262D-A05F-4880-B614-CABE4D143233}
[2012/06/08 10:35:19 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{52EA9A05-84FF-4311-8B98-757EAA3C9F0D}
[2012/06/08 10:35:08 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{1AB8A017-A855-4D75-98F8-E54FBA759A95}
[2012/06/07 10:32:46 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{ABE37A04-90FC-43F7-88DB-687232F8D949}
[2012/06/07 10:32:35 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{98309290-86E9-4717-AF66-1A7F1B153909}
[2012/06/06 21:54:32 | 000,000,000 | ---D | C] -- C:\V6_presets (2)
[2012/06/06 21:54:22 | 000,000,000 | ---D | C] -- C:\axefx2_6p01

========== Files - Modified Within 30 Days ==========

[2012/07/06 20:30:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/06 20:21:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/06 20:14:11 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/06 20:05:48 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\SoroushG\Desktop\OTL.exe
[2012/07/06 19:24:48 | 000,001,144 | ---- | M] () -- C:\Users\SoroushG\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/07/06 19:24:48 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/06 19:18:00 | 000,020,528 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/06 19:18:00 | 000,020,528 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/06 19:11:13 | 000,000,271 | ---- | M] () -- C:\Windows\lgfwup.ini
[2012/07/06 19:10:27 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/06 19:10:20 | 2132,721,663 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/06 18:53:57 | 000,522,240 | ---- | M] (OldTimer Tools) -- C:\Users\SoroushG\Desktop\OTM.exe
[2012/07/06 18:48:01 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2309646660-4243879331-1040206939-1001UA.job
[2012/07/06 17:46:28 | 000,607,260 | ---- | M] (Swearware) -- C:\Users\SoroushG\Desktop\dds.com
[2012/07/06 16:55:42 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2012/07/06 15:48:32 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/07/06 14:44:47 | 000,792,978 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/06 14:44:47 | 000,673,446 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/06 14:44:47 | 000,129,440 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/06 10:05:10 | 000,000,829 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/07/05 20:32:48 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/07/05 20:02:35 | 000,000,318 | ---- | M] () -- C:\Users\SoroushG\Desktop\Curse Client.appref-ms
[2012/07/04 23:37:51 | 000,093,536 | -H-- | M] () -- C:\Users\SoroushG\Desktop\WX82wvJL
[2012/07/04 02:21:52 | 000,355,856 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/07/04 02:21:52 | 000,059,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/07/04 02:21:32 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/07/04 02:21:18 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/07/03 21:48:00 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2309646660-4243879331-1040206939-1001Core.job
[2012/06/29 20:40:35 | 000,001,810 | ---- | M] () -- C:\Users\SoroushG\Desktop\MagicISO.lnk
[2012/06/28 19:41:07 | 000,000,000 | ---- | M] () -- C:\Users\SoroushG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
[2012/06/27 11:58:24 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/06/26 13:56:28 | 000,000,218 | ---- | M] () -- C:\Users\SoroushG\.recently-used.xbel
[2012/06/25 22:16:00 | 000,000,096 | ---- | M] () -- C:\Users\SoroushG\AppData\Local\fusioncache.dat
[2012/06/25 22:15:19 | 000,800,674 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/06/25 11:23:02 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/06/25 11:23:02 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/06/24 16:01:48 | 000,000,569 | ---- | M] () -- C:\Users\SoroushG\Desktop\Fraps.lnk
[2012/06/14 09:59:51 | 000,300,024 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/11 22:26:17 | 100,193,302 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/06/11 20:45:36 | 000,057,316 | ---- | M] () -- C:\Users\SoroushG\Documents\paul_gilbert_curse_of_castle_dragon.gp5
[2012/06/11 20:00:53 | 000,002,221 | ---- | M] () -- C:\Users\Public\Desktop\Express Zip File Compression Software.lnk
[2012/06/11 10:25:32 | 000,256,779 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/06/09 13:11:41 | 000,128,176 | ---- | M] () -- C:\Users\SoroushG\Documents\born_of_osiris_devastate.gp5
[2012/06/09 13:11:33 | 000,005,988 | ---- | M] () -- C:\Users\SoroushG\Documents\born_of_osiris_dissimulation.gp5
[2012/06/09 13:11:22 | 000,004,953 | ---- | M] () -- C:\Users\SoroushG\Documents\born_of_osiris_behold_sweeps.gp5
[2012/06/09 13:11:14 | 000,141,087 | ---- | M] () -- C:\Users\SoroushG\Documents\born_of_osiris_recreate.gp5
[2012/06/09 13:11:04 | 000,095,249 | ---- | M] () -- C:\Users\SoroushG\Documents\born_of_osiris_singularity.gp5

========== Files Created - No Company Name ==========

[2012/07/06 19:24:48 | 000,001,144 | ---- | C] () -- C:\Users\SoroushG\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/07/06 19:24:48 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/06 15:48:32 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/07/06 10:05:10 | 000,000,829 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/07/06 10:04:06 | 000,000,902 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/06 10:04:05 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/05 20:02:35 | 000,000,318 | ---- | C] () -- C:\Users\SoroushG\Desktop\Curse Client.appref-ms
[2012/07/05 12:31:13 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012/07/04 23:37:15 | 000,093,536 | -H-- | C] () -- C:\Users\SoroushG\Desktop\WX82wvJL
[2012/06/30 13:04:42 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2012/06/29 20:40:35 | 000,001,810 | ---- | C] () -- C:\Users\SoroushG\Desktop\MagicISO.lnk
[2012/06/28 19:41:07 | 000,000,000 | ---- | C] () -- C:\Users\SoroushG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
[2012/06/26 13:56:28 | 000,000,218 | ---- | C] () -- C:\Users\SoroushG\.recently-used.xbel
[2012/06/25 22:16:00 | 000,000,096 | ---- | C] () -- C:\Users\SoroushG\AppData\Local\fusioncache.dat
[2012/06/24 16:01:48 | 000,000,569 | ---- | C] () -- C:\Users\SoroushG\Desktop\Fraps.lnk
[2012/06/11 20:45:36 | 000,057,316 | ---- | C] () -- C:\Users\SoroushG\Documents\paul_gilbert_curse_of_castle_dragon.gp5
[2012/06/11 20:00:53 | 000,002,221 | ---- | C] () -- C:\Users\Public\Desktop\Express Zip File Compression Software.lnk
[2012/06/11 20:00:53 | 000,001,893 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Zip File Compression Software.lnk
[2012/06/09 13:11:41 | 000,128,176 | ---- | C] () -- C:\Users\SoroushG\Documents\born_of_osiris_devastate.gp5
[2012/06/09 13:11:33 | 000,005,988 | ---- | C] () -- C:\Users\SoroushG\Documents\born_of_osiris_dissimulation.gp5
[2012/06/09 13:11:22 | 000,004,953 | ---- | C] () -- C:\Users\SoroushG\Documents\born_of_osiris_behold_sweeps.gp5
[2012/06/09 13:11:14 | 000,141,087 | ---- | C] () -- C:\Users\SoroushG\Documents\born_of_osiris_recreate.gp5
[2012/06/09 13:11:04 | 000,095,249 | ---- | C] () -- C:\Users\SoroushG\Documents\born_of_osiris_singularity.gp5
[2012/04/30 13:50:49 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2012/04/30 13:50:27 | 000,723,230 | ---- | C] () -- C:\Windows\unins000.exe
[2012/04/30 13:50:27 | 000,105,538 | ---- | C] () -- C:\Windows\unins000.dat
[2012/03/22 15:31:29 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012/03/22 15:31:29 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012/02/22 15:57:18 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/02/22 15:57:16 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/02/08 16:58:13 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2012/01/28 21:38:33 | 000,000,271 | ---- | C] () -- C:\Windows\lgfwup.ini
[2012/01/28 20:42:03 | 000,031,419 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2012/01/18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012/01/18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012/01/18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011/05/20 21:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/05/12 11:39:08 | 000,995,328 | ---- | C] () -- C:\Windows\SRFIXMBR.EXE
[2011/05/12 10:06:39 | 000,800,674 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/05/11 17:47:00 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011/05/11 17:46:54 | 000,022,767 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

========== LOP Check ==========

[2012/05/21 14:11:15 | 000,000,000 | ---D | M] -- C:\Users\SoroushG\AppData\Roaming\Ableton
[2012/07/05 12:24:07 | 000,000,000 | ---D | M] -- C:\Users\SoroushG\AppData\Roaming\AVG
[2012/05/12 23:05:10 | 000,000,000 | ---D | M] -- C:\Users\SoroushG\AppData\Roaming\AVG2012
[2012/07/05 11:57:47 | 000,000,000 | ---D | M] -- C:\Users\SoroushG\AppData\Roaming\Azureus
[2012/02/21 16:05:53 | 000,000,000 | ---D | M] -- C:\Users\SoroushG\AppData\Roaming\Babylon
[2012/01/29 21:27:40 | 000,000,000 | ---D | M] -- C:\Users\SoroushG\AppData\Roaming\Cakewalk
[2012/06/11 16:14:52 | 000,000,000 | ---D | M] -- C:\Users\SoroushG\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446 A847B240591D2C99B.1
[2012/02/06 14:45:44 | 000,000,000 | ---D | M] -- C:\Users\SoroushG\AppData\Roaming\DAEMON Tools Pro
[2012/06/26 13:56:20 | 000,000,000 | ---D | M] -- C:\Users\SoroushG\AppData\Roaming\DT
[2012/03/25 21:47:56 | 000,000,000 | ---D | M] -- C:\Users\SoroushG\AppData\Roaming\Etuqfi
[2012/06/09 21:44:05 | 000,000,000 | ---D | M] -- C:\Users\SoroushG\AppData\Roaming\FileZilla
[2012/02/24 15:21:18 | 000,000,000 | ---D | M] -- C:\Users\SoroushG\AppData\Roaming\Fractal Audio
[2012/01/29 22:25:57 | 000,000,000 | ---D | M] -- C:\Users\SoroushG\AppData\Roaming\Guitar Pro 6
[2012/05/13 11:59:51 | 000,000,000 | ---D | M] -- C:\Users\SoroushG\AppData\Roaming\IrfanView
[2012/05/09 15:06:43 | 000,000,000 | ---D | M] -- C:\Users\SoroushG\AppData\Roaming\Leadertech
[2012/01/29 12:24:41 | 000,000,000 | ---D | M] -- C:\Users\SoroushG\AppData\Roaming\Line 6
[2012/05/11 12:09:44 | 000,000,000 | ---D | M] -- C:\Users\SoroushG\AppData\Roaming\ManyCam
[2012/07/04 23:40:26 | 000,000,000 | ---D | M] -- C:\Users\SoroushG\AppData\Roaming\Password Solutions
[2012/02/06 14:47:42 | 000,000,000 | ---D | M] -- C:\Users\SoroushG\AppData\Roaming\Propellerhead Software
[2012/02/22 15:57:15 | 000,000,000 | ---D | M] -- C:\Users\SoroushG\AppData\Roaming\PunkBuster
[2012/02/17 22:55:01 | 000,000,000 | ---D | M] -- C:\Users\SoroushG\AppData\Roaming\Red Kawa
[2012/03/05 23:15:02 | 000,000,000 | ---D | M] -- C:\Users\SoroushG\AppData\Roaming\Regensoft
[2012/05/23 16:11:54 | 000,000,000 | ---D | M] -- C:\Users\SoroushG\AppData\Roaming\SoftGrid Client
[2012/01/31 15:59:28 | 000,000,000 | ---D | M] -- C:\Users\SoroushG\AppData\Roaming\Steinberg
[2012/03/08 19:42:07 | 000,000,000 | ---D | M] -- C:\Users\SoroushG\AppData\Roaming\TP
[2012/06/27 14:53:08 | 000,000,000 | ---D | M] -- C:\Users\SoroushG\AppData\Roaming\Windows Live Writer
[2012/05/13 10:24:35 | 000,000,000 | ---D | M] -- C:\Users\SoroushG\AppData\Roaming\Zekuva
[2012/07/03 21:48:00 | 000,000,918 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2309646660-4243879331-1040206939-1001Core.job
[2012/07/06 18:48:01 | 000,000,940 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2309646660-4243879331-1040206939-1001UA.job
[2012/06/15 10:02:01 | 000,032,644 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %systemroot%\*. /mp /s >

< %systemroot%\*. /rp /s >

< %SYSTEMDRIVE%\*.exe >
[2010/06/26 05:16:54 | 000,680,440 | ---- | M] (Microsoft Corporation) -- C:\DPInst.exe

< %LOCALAPPDATA%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011/02/26 15:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011/02/25 16:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 16:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 16:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/21 13:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011/02/25 15:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 15:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/11/21 13:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/14 11:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 11:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012/06/27 11:58:22 | 000,217,672 | ---- | M] () MD5=A9C46991A06E57AA93CF8D179263C311 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/14 11:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/14 11:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/21 13:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/21 13:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010/11/21 13:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/21 13:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/21 13:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/21 13:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2012/06/27 11:58:22 | 000,217,672 | ---- | M] () MD5=A9C46991A06E57AA93CF8D179263C311 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallI nfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2011/05/12 09:27:22 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallI nfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2011/05/12 09:27:22 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallI nfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2011/05/12 09:27:22 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\na om\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2012/05/18 09:21:54 | 000,748,664 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\op en\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2012/05/18 09:21:54 | 000,748,664 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallI nfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2011/05/12 09:27:22 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallI nfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2011/05/12 09:27:22 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallI nfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2011/05/12 09:27:22 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\na om\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2012/05/18 09:21:54 | 000,748,664 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\op en\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2012/05/18 09:21:54 | 000,748,664 | ---- | M] (Microsoft Corporation)

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:0B4227B4
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp1B5B4F1
< End of report >

Extras.Txt :

OTL Extras logfile created on: 6/07/2012 8:41:47 PM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\SoroushG\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

7.98 Gb Total Physical Memory | 5.93 Gb Available Physical Memory | 74.27% Memory free
31.90 Gb Paging File | 0.39 Gb Available in Paging File | 1.21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1853.24 Gb Total Space | 1345.43 Gb Free Space | 72.60% Space Free | Partition Type: NTFS
Drive I: | 3.74 Gb Total Space | 2.91 Gb Free Space | 77.97% Space Free | Partition Type: FAT32

Computer Name: SOROUSHG-PC | User Name: SoroushG | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-2309646660-4243879331-1040206939-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\FirewallRules]
"{18F75F44-F199-49BC-B576-B6D0630E3A4B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{4D574264-9D75-43D6-ABDD-5F0985BD3817}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{EBC5A652-E20C-4147-8FBD-2D27DF12B57A}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\FirewallRules]
"{053CBBA6-290E-4139-A7AB-4565476B917C}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{09A9DCA6-7FC3-4DE7-B276-6002F3D1C42E}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{0C9C5361-50CF-4828-AA30-4868BF88CAB1}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{13A13376-F9A1-46B5-8642-95AAB3290452}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{1E8F1461-807D-4FF8-958D-DC327D98672F}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{265281A2-A5E7-4C2D-B637-8279C0C39482}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe |
"{299B35D6-785A-4326-8D54-C1E9857C098F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\scruffy1012\counterstrike source beta\hl2.exe |
"{29E3A61D-0311-492F-B425-2642E0554DC5}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{2E0BED88-D93A-431E-A330-19B514FE2D7A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\supermnc\binaries\win32\supermncgameclient.exe |
"{2EE30834-55D0-4BB9-AA87-D1B05986BBE5}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
"{30A66B5D-2525-4A19-9451-4F3F3EFF8C54}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{314FD8C7-7363-46B5-81B3-516FE656D738}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{358278D6-6E51-4299-9F64-CECFB4E65F5E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\lord of the rings online\turbineinvoker.exe |
"{383607E1-359D-4189-8BAD-89521F24A554}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{3FB80839-DFA8-45DB-92F4-4FE80E049599}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\lord of the rings online\turbineinvoker.exe |
"{481C8363-9CFC-4AA7-BB38-7FE368CC2B6A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{48D6996F-4F44-4E0D-920E-D93A5FCF427F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{584D5078-8DF3-4891-B01E-D1937F393AE8}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{5FBCBD22-C034-4FBB-87EB-700FD280D342}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{664101D2-6E32-4778-ADDF-1A365337A63A}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{6C4C1E9A-7981-4D0A-AA39-F7A0FAFE7099}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\scruffy1012\counterstrike source beta\hl2.exe |
"{7FD5E8E4-B3B7-43FC-93ED-D64EB7811C3B}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{8829C14D-2C30-4376-B14D-BC38A12B060A}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{883D98FB-A4D4-4600-A597-752FED911850}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8EE824B2-90AF-4331-9A69-282644D1D58B}" = dir=in | app=c:\users\soroushg\appdata\local\facebook\video\skype\facebookvideocalli ng.exe |
"{95C463EB-1D26-49DA-B1FD-4D9B9CF5835A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{9778D0DF-2D80-412B-AE64-5FB3E7B9105E}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{9AAB8891-FBE7-4C30-8DA4-90CB4CDEBFF0}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{AA597251-C1B1-485D-9950-6C4391EA4F08}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{ACCDCEF9-6738-49CE-BDA4-BCA62083F3E2}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{BBC4613A-3002-4A9E-89C8-2ADFE00964E8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\alien swarm\srcds.exe |
"{BF8E61B3-9A28-462E-B424-5AAB760EE84C}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{C291B3FE-0355-4976-A27A-AE039F29FFDA}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{CE0438FF-EF2D-4B3F-93BD-223446455C6A}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{CF139614-7BA4-4A18-85AF-83B0FF239D6F}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"{D6A40374-6380-4C9E-A9D2-4672A699424E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\supermnc\binaries\win32\supermncgameclient.exe |
"{E29B934C-0A5A-43FC-A37D-C7A26C721E12}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{E5DD549A-0692-4CF3-AFF5-F114D9358BFE}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{EB8A7DAA-FCEC-4014-B440-050071E02776}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech\vid hd\vid.exe |
"{EC4354AC-E5D7-4879-9CE2-9A41DDE465FE}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"TCP Query User{01C5DA5C-B934-4BE7-9833-3FFAE15F14BA}C:\program files (x86)\1clickdownload\1clickdownload.exe" = protocol=6 | dir=in | app=c:\program files (x86)\1clickdownload\1clickdownload.exe |
"TCP Query User{205696E1-2F81-4A22-8DAA-7D6992DC20DF}C:\windows\syswow64\svchost.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\svchost.exe |
"TCP Query User{26B380E6-8653-43F7-8F18-4C30FFCF7DB8}C:\program files (x86)\steam\steamapps\scruffy1012\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\scruffy1012\team fortress 2\hl2.exe |
"TCP Query User{3B0A5671-FED2-44B8-B6E4-B6297F157273}C:\program files (x86)\thq\saints row the third\saintsrowthethird.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\saints row the third\saintsrowthethird.exe |
"TCP Query User{40556AB0-31CF-4455-B812-2BAE1B39059E}C:\program files (x86)\thq\saints row the third\saintsrowthethird_dx11.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\saints row the third\saintsrowthethird_dx11.exe |
"TCP Query User{95C1CC69-1BA0-4104-A94F-E40EE0590C4E}C:\program files (x86)\thq\saints row the third\saintsrowthethird_dx11.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\saints row the third\saintsrowthethird_dx11.exe |
"TCP Query User{96AA7F9D-AE8A-40DC-89D4-B7C2F69E57F7}C:\program files (x86)\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"TCP Query User{9B0FB6D8-4003-4D34-AE9C-B313F52F73C0}C:\program files (x86)\thq\saints row the third\saintsrowthethird.exe" = protocol=6 | dir=in | app=c:\program files (x86)\thq\saints row the third\saintsrowthethird.exe |
"TCP Query User{B7B05488-65BE-40FF-AE0B-84529D6135F2}C:\users\soroushg\documents\left 4 dead 2\left 4 dead 2\left4dead2.exe" = protocol=6 | dir=in | app=c:\users\soroushg\documents\left 4 dead 2\left 4 dead 2\left4dead2.exe |
"TCP Query User{B92ED162-06BB-44BB-B20C-E2963FBF2742}C:\users\soroushg\documents\left 4 dead 2\left 4 dead 2\left4dead2.exe" = protocol=6 | dir=in | app=c:\users\soroushg\documents\left 4 dead 2\left 4 dead 2\left4dead2.exe |
"TCP Query User{EDEF292D-2468-4331-9990-D82E3841F370}C:\windows\syswow64\svchost.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\svchost.exe |
"UDP Query User{01D2BCD6-05E2-4EC3-890E-2A958AB93935}C:\program files (x86)\thq\saints row the third\saintsrowthethird.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\saints row the third\saintsrowthethird.exe |
"UDP Query User{138D38D6-F99C-43CD-A1E2-95B239899328}C:\windows\syswow64\svchost.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\svchost.exe |
"UDP Query User{2CAD9506-04C2-4DA9-BF2B-78F4468B10D8}C:\program files (x86)\1clickdownload\1clickdownload.exe" = protocol=17 | dir=in | app=c:\program files (x86)\1clickdownload\1clickdownload.exe |
"UDP Query User{4ABE4811-47C5-42B7-9344-EFD3EE1DA003}C:\users\soroushg\documents\left 4 dead 2\left 4 dead 2\left4dead2.exe" = protocol=17 | dir=in | app=c:\users\soroushg\documents\left 4 dead 2\left 4 dead 2\left4dead2.exe |
"UDP Query User{605F5E93-889B-450A-9FCA-28F86E567E45}C:\program files (x86)\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |
"UDP Query User{828C22F0-DD74-4560-8FB7-CADB37B8C39A}C:\program files (x86)\thq\saints row the third\saintsrowthethird.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\saints row the third\saintsrowthethird.exe |
"UDP Query User{B64F90A4-4387-44B1-8023-0CCF810EC1EA}C:\users\soroushg\documents\left 4 dead 2\left 4 dead 2\left4dead2.exe" = protocol=17 | dir=in | app=c:\users\soroushg\documents\left 4 dead 2\left 4 dead 2\left4dead2.exe |
"UDP Query User{D2EAEFC4-D6F6-45CC-B444-FA7D3610DCCA}C:\program files (x86)\thq\saints row the third\saintsrowthethird_dx11.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\saints row the third\saintsrowthethird_dx11.exe |
"UDP Query User{D389F574-514E-476F-A007-C46EEF7A5C08}C:\program files (x86)\thq\saints row the third\saintsrowthethird_dx11.exe" = protocol=17 | dir=in | app=c:\program files (x86)\thq\saints row the third\saintsrowthethird_dx11.exe |
"UDP Query User{D6540CB8-6212-402B-8232-E309E5302778}C:\windows\syswow64\svchost.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\svchost.exe |
"UDP Query User{EBD9DEF0-E3AA-49E5-8228-80A84326B4A4}C:\program files (x86)\steam\steamapps\scruffy1012\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\scruffy1012\team fortress 2\hl2.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{02A5BD31-16AC-45DF-BE9F-A3167BC4AFB2}" = Windows Live Family Safety
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{0EDB29CF-5FFC-4824-9F13-3D1C4286CA98}_is1" = Audio Transcoder
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java(TM) 6 Update 24 (64-bit)
"{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{857B32C1-7C87-40B5-B2A5-D06F49B80002}" = AVG 2012
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-001B-0000-1000-0000000FF1CE}" = Microsoft Office Word 2010
"{90140000-001B-0000-1000-0000000FF1CE}_Office14.WORD_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-1000-0000000FF1CE}_Office14.WORD_{EC583796-6BBB-47DD-B9CE-B5DA12D71135}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.WORD_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.WORD_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.WORD_{1779650B-2E44-4A19-8DF6-3866D645764A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-1000-0000000FF1CE}_Office14.WORD_{270CA0B9-9881-44DB-BC3B-37C7E66A044A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.WORD_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-0043-0409-1000-0000000FF1CE}_Office14.WORD_{FCD1C311-8B02-4DBD-BA46-1079C629577E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}_Office14.WORD_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}_Office14.WORD_{516CA4A9-98E6-4F77-A863-CBD8487368E4}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 275.33
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.23.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{BFF4A9FB-75F3-4162-84CD-16CE48C19173}" = AVG 2012
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D4E5A687-797D-44B1-8F96-4FD7A24166A9}" = DEVIL MAY CRY 4
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"6AEB8A42A154DE456DE5E467C01A582911CB5C6A" = Windows Driver Package - Fractal Audio Systems (axefx2load) USB (05/15/2011 1.0.0.9)
"AVG" = AVG 2012
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Office14.WORD" = Microsoft Word 2010
"RolandRDID0102" = A-PRO Driver
"WinRAR archiver" = WinRAR 4.10 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = LG CyberLink YouCam
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1" = Guitar Pro 6
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG Power Tools
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2CC4BC82-41CF-43D3-B533-7283AA8BB86F}" = EZXPercussion
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = LG CyberLink Power2Go
"{430399DC-98BC-4A7F-8F8E-77981CABAE05}" = EZXVintage
"{43E8D9E7-AFC9-4BA3-8106-B95E02B87AB7}" = EZdrummer
"{490BF87E-1F75-4453-BF55-9F540543A3CA}" = Steinberg Drum Loop Expansion 01
"{4A19D6AC-ADE0-4A07-80FF-9C9812C45557}" = Steinberg Cubase 5
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D454CF8-12FD-464D-B57B-B46FE27B78BB}" = Steinberg LoopMash Content
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{532B917B-8235-4FA5-BE36-643A8BB053A5}" = Steinberg REVerence Content 01
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG ODD Auto Firmware Update
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{729E66B3-1B80-4F3F-8D19-342A89631E0A}_is1" = Flac to MP3 Converter
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}" = Steinberg HALionOne Studio Drum Set
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AC997F93-0757-4ED4-A701-F40C2D654D09}" = Steinberg HALionOne GM Drum Set
"{ADD5DB49-72CF-11D8-9D75-000129760D75}" = LG CyberLink PowerBackup
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BD86F1AC-B594-46E4-85DC-1258AC9E2232}" = Steinberg Groove Agent ONE Content
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LG CyberLink LabelPrint
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1EBF11E-8CE3-4EF5-8E2D-FD5B8D6BD294}" = EZXTwisted
"{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}" = Steinberg HALionOne Studio Set
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4E5A687-797D-44B1-8F96-4FD7A24166A9}" = DEVIL MAY CRY 4
"{D793423B-FF18-4A54-B9C9-75B3396BAAC4}" = Browser Configuration Utility
"{D82CDA0D-C182-42C8-8FF2-5649C98D6003}" = Steinberg HALionOne Pro Set
"{D9198056-A296-4583-A790-C0E73694CFE8}" = D-Link DWA-131 Wireless N Nano USB Adapter
"{DB1299AF-9EE0-422B-959E-F4171B2AE0F7}" = EZXDfh
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E22AD5D3-EB60-4A8F-835C-6C10E369DCE2}" = Steinberg HALionOne Expression Set
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E70E7159-93B1-470D-9FBD-D8E9EF34B538}" = Steinberg HALionOne
"{E992CC59-71FD-4199-B04E-6274F7439EA0}_is1" = Axe-Fx II USB Driver Installer 1.50
"{EAD79EE0-7F6E-47bc-9CFD-40E1B07F5381}_is1" = Axe-Edit 1.0
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F057965A-D974-4C64-ADB1-4381CD4B8956}" = Steinberg HALionOne GM Set
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F3AFD063-8BAD-485E-B641-E7F5A2C5AE71}" = Steinberg HALionOne Additional Content Set 01
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"12bbe590-c890-11d9-9669-0800200c9a66_is1" = The Lord of the Rings Online™ v03.07.01.8015
"1ClickDownload" = 1ClickDownload
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AviSynth" = AviSynth 2.5
"Axe-Fx II Driver v1.50.0" = Axe-Fx II Driver v1.50.0
"DAEMON Tools Pro" = DAEMON Tools Pro
"DivX Setup" = DivX Setup
"exent_586350" = 7 Wonders II
"ExpressZip" = Express Zip File Compression Software
"Fraps" = Fraps (remove only)
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = LG CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = LG Power Tools
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = LG CyberLink Power2Go
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LG CyberLink LabelPrint
"Live 8.2.2" = Live 8.2.2
"Logitech Vid" = Logitech Vid HD
"Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1100
"Metal Gear Solid" = Metal Gear Solid
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"NCH_EN Toolbar" = NCH EN Toolbar
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PunkBusterSvc" = PunkBuster Services
"Reason5_is1" = Reason 5.0
"Registry Mechanic_is1" = PC Tools Registry Mechanic 11.0
"ReValver Mk III_is1" = ReValver Mk III
"SONARX1LE_is1" = SONAR X1 LE
"Steam App 104700" = Super Monday Night Combat
"Steam App 212500" = The Lord of the Rings Online™
"Steam App 240" = Counter-Strike: Source
"Steam App 260" = Counter-Strike: Source Beta
"Steam App 300" = Day of Defeat: Source
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 440" = Team Fortress 2
"Switch" = Switch Sound File Converter
"Videora iPod Converter" = Videora iPod Converter 6
"VLC media player" = VLC media player 1.1.11
"Vuze_Remote Toolbar" = Vuze Remote Toolbar
"WavePad" = WavePad Sound Editor
"WinLiveSuite" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
"Xvid Video Codec 1.3.2" = Xvid Video Codec
"YouTube Downloader App" = YouTube Downloader App 3.00

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2309646660-4243879331-1040206939-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"101a9f93b8f0bb6f" = Curse Client
"Half-Life 2" = Half-Life 2

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 4/07/2012 9:13:32 PM | Computer Name = SoroushG-PC | Source = Windows Search Service | ID = 9000
Description =

Error - 4/07/2012 9:13:32 PM | Computer Name = SoroushG-PC | Source = Windows Search Service | ID = 7040
Description =

Error - 4/07/2012 9:13:32 PM | Computer Name = SoroushG-PC | Source = Windows Search Service | ID = 7042
Description =

Error - 4/07/2012 9:13:32 PM | Computer Name = SoroushG-PC | Source = Windows Search Service | ID = 9002
Description =

Error - 4/07/2012 9:13:32 PM | Computer Name = SoroushG-PC | Source = Windows Search Service | ID = 3029
Description =

Error - 4/07/2012 9:13:38 PM | Computer Name = SoroushG-PC | Source = Windows Search Service | ID = 3029
Description =

Error - 4/07/2012 9:13:38 PM | Computer Name = SoroushG-PC | Source = Windows Search Service | ID = 3028
Description =

Error - 4/07/2012 9:13:38 PM | Computer Name = SoroushG-PC | Source = Windows Search Service | ID = 3058
Description =

Error - 4/07/2012 9:13:38 PM | Computer Name = SoroushG-PC | Source = Windows Search Service | ID = 7010
Description =

Error - 4/07/2012 9:14:07 PM | Computer Name = SoroushG-PC | Source = Application Error | ID = 1000
Description = Faulting application name: DTAgent.exe, version: 5.0.316.317, time
stamp: 0xf36bac23 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x20187c70 Faulting process id: 0x8d0 Faulting application
start time: 0x01cd5a4b5a9d772e Faulting application path: C:\Program Files (x86)\DAEMON
Tools Pro\DTAgent.exe Faulting module path: unknown Report Id: b75dd6dd-c63e-11e1-b5b9-f46d049d9437

Error - 4/07/2012 9:14:42 PM | Computer Name = SoroushG-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 9/06/2012 7:58:07 PM | Computer Name = SoroushG-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Windows
Search service to connect.

Error - 9/06/2012 7:58:07 PM | Computer Name = SoroushG-PC | Source = Service Control Manager | ID = 7000
Description = The Windows Search service failed to start due to the following error:
%%1053

Error - 11/06/2012 5:53:51 PM | Computer Name = SoroushG-PC | Source = Service Control Manager | ID = 7024
Description = The AVGIDSAgent service terminated with service-specific error %%-536753636.

Error - 11/06/2012 5:54:04 PM | Computer Name = SoroushG-PC | Source = Service Control Manager | ID = 7034
Description = The Bonjour Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 11/06/2012 5:56:38 PM | Computer Name = SoroushG-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Skype C2C Service service.

Error - 12/06/2012 3:41:26 AM | Computer Name = SoroushG-PC | Source = DCOM | ID = 10010
Description =

Error - 12/06/2012 10:48:02 AM | Computer Name = SoroushG-PC | Source = Service Control Manager | ID = 7031
Description = The Windows Modules Installer service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 120000
milliseconds: Restart the service.

Error - 12/06/2012 10:48:27 AM | Computer Name = SoroushG-PC | Source = DCOM | ID = 10010
Description =

Error - 12/06/2012 8:41:33 PM | Computer Name = SoroushG-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the avgfws service.

Error - 12/06/2012 8:41:39 PM | Computer Name = SoroushG-PC | Source = Service Control Manager | ID = 7024
Description = The AVGIDSAgent service terminated with service-specific error %%-536753636.


< End of report >
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 8,514 posts.
  
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
06-Jul-2012, 07:22 AM #9
I see you already have Malwarebytes installed, will it update and run?
axle1's Avatar
Computer Specs
Member with 30 posts.
THREAD STARTER
  
Join Date: Jul 2012
Experience: Beginner
06-Jul-2012, 07:22 AM #10
nope , it just closes everytime i try to open it :/
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 8,514 posts.
  
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
06-Jul-2012, 07:43 AM #11
As you have Malwarebytes installed lets see if we can get it to run through its protected folder, do the following

Select > Start > All Programs > Malwarebytes` Anti-Malware > Tools folder > Malwarebytes Anti-Malware Chameleon:





A new window will open with Chameleon Tabs to

Select tabs in turn until you get a successful run by double click on the tab,
Vista and Windows 7 user will have to accept UAC prompt. If successful you will see the following:





As instructed press any key to continue, you will now see the following as Malwarebytes attempts to run:





Do nothing, let MB continue, it will try to update:





You may see the following:





Then.....





MB will prompt if successful, do nothing; let it continue.





MB will try to kill known malicious processes, do nothing; let it continue.





MB will try to start a quick scan, if successful the following will open; do nothing the scan will run automatically.





When complete MB will produce a log, save that and copy to next reply.

MB will continue and remove the protective driver, you will then be given the option to "Press any key to continue" do that.





Let me see the log from Malwarebytes in your reply if successful..

Kevin...
axle1's Avatar
Computer Specs
Member with 30 posts.
THREAD STARTER
  
Join Date: Jul 2012
Experience: Beginner
06-Jul-2012, 08:00 AM #12
Malwarebytes Anti-Malware (Trial) 1.62.0.1100
www.malwarebytes.org
Database version: v2012.07.06.05
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
SoroushG :: SOROUSHG-PC [administrator]
Protection: Disabled
6/07/2012 9:58:56 PM
mbam-log-2012-07-06 (21-58-56).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 33219
Time elapsed: 53 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)

Last edited by axle1; 06-Jul-2012 at 08:28 AM..
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is offline kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 8,514 posts.
  
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
06-Jul-2012, 08:49 AM #13
Re-Run by double left click, Vista and Widows 7 users right click and select Run as Administrator.
  • Under the box at the bottom, paste in the following

    Code:
    :OTL
IE - HKLM\..\URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src...q={searchTerms}
IE - HKU\S-1-5-21-2309646660-4243879331-1040206939-1001\..\URLSearchHook: {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2309646660-4243879331-1040206939-1001\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2309646660-4243879331-1040206939-1001\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src...q={searchTerms}
IE - HKU\S-1-5-21-2309646660-4243879331-1040206939-1001\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb133/...R8rs10ZHT&i=26
CHR - default_search_provider: Search the web (Babylon) (Enabled)
CHR - default_search_provider: search_url = http://search.babylon.com/?q={search...0084c9b242f885
O2 - BHO: (NCH EN Toolbar) - {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)
O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files (x86)\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll File not found
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll File not found
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
O3:64bit: - HKLM\..\Toolbar: (no name) - !{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (NCH EN Toolbar) - {37483b40-c254-4a72-bda4-22ee90182c1e} - C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll File not found
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKU\S-1-5-21-2309646660-4243879331-1040206939-1001..\Run: [XdvSpyfk] C:\Users\SoroushG\AppData\Local\pwegcyvw\xdvspyfk.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2309646660-4243879331-1040206939-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
[2012/07/06 09:59:11 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{C1B402D2-D3BA-40F8-BC7A-B3772E0EBBD3}
[2012/07/06 09:58:59 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{0E38F27E-CBE1-42AF-9CD3-2CBE33919736}
[2012/07/05 20:01:43 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{67031DE5-EA40-413C-AEFF-B40AB524FBE0}
[2012/07/05 20:00:21 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{607FCE63-D690-45CC-8D1C-9E0C9D571E45}
[2012/07/05 09:40:57 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{31028D46-6376-4A4C-8D94-4F774BB18969}
[2012/07/05 09:40:43 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{7DBC4632-A2FD-4C8E-BB64-3D59A4978C95}
[2012/07/04 12:48:01 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{D8761A1E-DE68-4E26-8C74-5D35BAA846B9}
[2012/07/04 12:47:48 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{2E2FF6BD-2010-4DA2-B86F-E65DE3BC96EE}
[2012/07/03 18:37:47 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{A21D24A6-ECA6-4AEE-8E8C-C92C5321F2A3}
[2012/07/03 18:37:36 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{E8A81F9E-27AF-40DB-8B4F-C44822D3C61B}
[2012/07/02 13:14:43 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{9A549004-65D5-4013-8F19-719F2679DB9C}
[2012/07/02 13:14:26 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{CF88E378-F4A9-42FC-9B8B-432E48E65ABA}
[2012/07/02 10:26:01 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{72806CA8-E0B5-4C30-B34D-5B8C6048E3F6}
[2012/07/02 10:25:41 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{21796185-53A2-4599-9060-7FEA66735773}
[2012/07/01 21:27:48 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{4D64FEA3-5594-4B3D-941C-B87CC4F29F8B}
[2012/07/01 21:27:37 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{3B5E776B-FF33-4502-8D5A-D23DB4E975D6}
[2012/07/01 09:27:11 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{2CC2EA68-101D-4AC8-927A-DD6BB5988C90}
[2012/07/01 09:26:59 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{57ADDCE6-3DBF-4A83-B330-E60CBA271C94}
[2012/06/30 20:36:45 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{2F82FAF3-D563-4122-A575-CD397A2448C1}
[2012/06/30 20:36:24 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{830BF62E-CC3E-4843-ABE4-BAEA9347A8D5}
[2012/06/30 08:35:43 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{E544DE00-88B2-42E8-A011-EC4305BBFA3E}
[2012/06/30 08:35:19 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{D7E1177B-AB1E-4606-B41E-3F5D6C38C674}
[2012/06/29 10:22:52 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{44EBF1E6-00D8-433E-A7B4-771BCDD6F3FF}
[2012/06/29 10:22:37 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{C609EB48-6DCE-4BC6-B032-D81A94C6903F}
[2012/06/28 09:31:18 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{E695CE18-BFF6-40E9-BD7A-BA607DB91678}
[2012/06/28 09:31:05 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{35127017-37AD-40DE-9B74-B2BB9CF821D5}
[2012/06/27 11:34:40 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{8F41FA2E-C4A3-46E1-917D-E8630D0161A9}
[2012/06/27 11:34:25 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{B0C8A2B4-C472-4201-AACE-86BE581E6089}
[2012/06/27 11:33:34 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{0B64CF55-BF9F-4261-B721-EA56D5A4BF61}
[2012/06/26 15:41:36 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{71F570FD-DF0D-4A22-ACB4-57838066C69F}
[2012/06/26 15:41:25 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{34BE6047-4E04-46BA-B1EE-12E190E7E223}
[2012/06/26 11:27:56 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{C0A8ADCD-88C3-412C-8677-C3C435349018}
[2012/06/25 11:20:00 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{E361E427-DDA2-4A26-A84A-BC4EF5B7969B}
[2012/06/25 11:19:39 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{F4D5CBDE-D47A-4392-86E0-2DB028265AE1}
[2012/06/24 11:43:21 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{0E19CD5A-9723-43E7-98E5-3BAF335EF7FB}
[2012/06/24 11:43:06 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{966CCC46-6D4B-4AE3-847F-C3E85642BFEB}
[2012/06/23 07:43:54 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{3C39D5E1-CEA9-45CC-9698-0570CB9EE45B}
[2012/06/23 07:43:43 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{483B828B-61BF-4753-88F6-EDF2617B44E2}
[2012/06/22 11:16:10 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{98BC77A8-33C5-48D3-ABD4-1D06BB71B8F3}
[2012/06/22 11:15:52 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{F4A899ED-0C79-4E1C-BE52-4A37B047B3B4}
[2012/06/21 11:21:46 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{68DCE7B6-9EAA-41E0-9902-628A6125DC34}
[2012/06/21 11:21:34 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{6942A2E5-B4CE-4F3A-AD79-0F86D329CC8C}
[2012/06/20 23:05:50 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{22B85FDD-8F12-4AF4-8370-DA757B97812F}
[2012/06/20 23:05:18 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{F463C38B-2471-4190-89DF-17CA10B1B6BD}
[2012/06/20 10:43:31 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{DE9AEF90-A6E9-498A-8833-41331AB71C41}
[2012/06/20 10:43:09 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{4DD2A456-530F-470A-AAFA-682ECDE92B33}
[2012/06/19 19:29:41 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{626836D4-0EB4-4EB0-BD11-3B5BE3F6EE3E}
[2012/06/19 19:29:29 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{94843AA3-85B0-4892-9193-21E1A1445A0F}
[2012/06/19 16:25:02 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{D45BDE16-5FF7-4976-881F-876264CBC21B}
[2012/06/19 16:24:52 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{9AA287EC-C2F0-486A-8741-582B485605F8}
[2012/06/19 16:24:44 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{442B03E5-3269-47BA-A6FF-25812E5AD5ED}
[2012/06/19 16:24:10 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{4A5C3B8D-F648-4ACF-8409-06EE327A6FF1}
[2012/06/19 16:23:59 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{4CD83659-AEAC-4442-A8F5-863673D75A20}
[2012/06/19 11:03:37 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{35D33BAA-BAAB-4BE2-BAF5-35A532DF4EEE}
[2012/06/19 11:03:20 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{B24636FC-C08F-4825-AD3E-3964C1B5F194}
[2012/06/18 11:34:40 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{8B4B664C-3952-4D05-B108-6B54B93F117B}
[2012/06/17 10:28:07 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{A540FEBA-9B37-4E66-B00B-1697F0E1DA6B}
[2012/06/17 10:27:42 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{63428F11-FD4B-4774-AFE6-207BE54A3723}
[2012/06/16 16:45:16 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{1AAEA756-E723-491E-AEDD-0D76786DA611}
[2012/06/16 15:30:59 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{352FFB28-97F8-4F9E-827C-35D5B4571005}
[2012/06/16 10:29:47 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{BA9ABC80-8513-42EE-98EA-93532F549A56}
[2012/06/15 16:53:36 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{83D0127F-9954-433E-A21A-87B30ABFCBB0}
[2012/06/15 10:02:48 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{78F44B19-9A1E-41DE-A5FD-A955295160D5}
[2012/06/17 14:16:48 | 000,000,000 | ---D | C] -- C:\ProgramData\{A2B67EC8-CE44-4813-AAC0-BACC1FAF50BE}
[2012/06/13 17:55:15 | 000,000,000 | -H-D | C] -- C:\ProgramData\{07D9EF15-1E96-4C9C-911C-4C7AAC443789}
[2012/06/13 17:47:29 | 000,000,000 | -H-D | C] -- C:\ProgramData\{6268CC84-62BB-4890-B980-FC891FC3470E}
[2012/06/13 17:40:15 | 000,000,000 | -H-D | C] -- C:\ProgramData\{BC727A25-34B7-4B46-9D69-E54457E6DD1C}
[2012/06/13 12:58:25 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{B03898B9-1D59-47F7-84D6-71FCA0404E14}
[2012/06/13 12:58:14 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{CC6BF45B-2EFC-4F36-B11F-2C1CA4FB3B1E}
[2012/06/12 23:42:19 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{11E4D9E2-908E-4964-B490-F285235017F2}
[2012/06/12 23:42:08 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{46325B03-9328-4242-9851-3B94B714E51A}
[2012/06/12 07:56:10 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{B5A99E22-52E4-4524-8869-5932982C8491}
[2012/06/12 07:55:44 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{E0164F7C-F795-433B-981C-DC1079878410}
[2012/06/11 18:20:08 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{BB9A8EDC-E8B9-4576-A9D6-1F266EB3A5E7}
[2012/06/11 18:19:57 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{5FADC5E5-8B06-4512-AA77-B32CC21B6D16}
[2012/06/11 16:39:16 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{55B0E70E-5135-40E2-938A-7CD4E56669C5}
[2012/06/11 16:39:05 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{B000A583-96D9-40A6-9EE3-2720F79BD9AA}
[2012/06/11 15:26:51 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{91092E88-3601-41B1-ADA2-46785ECF5914}
[2012/06/11 15:26:40 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{4741695C-4DCD-46B2-957B-F12912FA2A3E}
[2012/06/11 09:51:11 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{9CA8CEF3-A073-473D-BC03-695B0FAEF028}
[2012/06/11 09:50:56 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{834A0EE4-2506-415D-879C-ADE41755E55A}
[2012/06/10 22:07:41 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{5AD72470-0390-4321-B357-729073F25461}
[2012/06/10 19:31:28 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{40AE7C9A-AE59-4ACC-95BC-625E26849429}
[2012/06/10 13:42:06 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{B3833BD4-9888-4362-AC36-36A1C3F07B8F}
[2012/06/10 13:16:44 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{A16CBAAC-5D1C-4FC7-9993-161052139F43}
[2012/06/10 13:16:34 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{E6C37B77-75CF-4962-8CC5-6EFA66B5A0BD}
[2012/06/09 14:26:22 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{64130B91-4DD2-4EF6-928E-A8C8D1E917A5}
[2012/06/09 14:26:06 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{67302E7F-FB11-46A1-96A0-D89F472A252A}
[2012/06/08 22:37:01 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{0C80EA14-FA64-4BE3-8F43-F7AC04303062}
[2012/06/08 13:20:52 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{8FA41823-C95A-4DF7-A191-69BED11DA485}
[2012/06/08 13:20:41 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{A4F3262D-A05F-4880-B614-CABE4D143233}
[2012/06/08 10:35:19 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{52EA9A05-84FF-4311-8B98-757EAA3C9F0D}
[2012/06/08 10:35:08 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{1AB8A017-A855-4D75-98F8-E54FBA759A95}
[2012/06/07 10:32:46 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{ABE37A04-90FC-43F7-88DB-687232F8D949}
[2012/06/07 10:32:35 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{98309290-86E9-4717-AF66-1A7F1B153909}
[2012/07/04 23:37:15 | 000,093,536 | -H-- | C] () -- C:\Users\SoroushG\Desktop\WX82wvJL
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:0B4227B4
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp1B5B4F1
:Files
ipconfig /flushdns /c
[emptytemp]
[[CREATERESTOREPOINT]
[Reboot]
  • Then click button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start > All Programs > Accessories > Notepad), click File > Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Next,

Double click on OTL to run it again. Make sure all other windows are closed and to let it run uninterrupted.
When the main interface opens change the Standard Registry box to All
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open one notepad window. OTL.Txt a This is saved in the same location as OTL.
Please copy (Edit > Select All, Edit > Copy) the contents of this file and post it with your next reply.

Kevin
axle1's Avatar
Computer Specs
Member with 30 posts.
THREAD STARTER
  
Join Date: Jul 2012
Experience: Beginner
06-Jul-2012, 07:02 PM #14
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{37483b40-c254-4a72-bda4-22ee90182c1e} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37483b40-c254-4a72-bda4-22ee90182c1e}\ deleted successfully.
C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ deleted successfully.
C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry value HKEY_USERS\S-1-5-21-2309646660-4243879331-1040206939-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{37483b40-c254-4a72-bda4-22ee90182c1e} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37483b40-c254-4a72-bda4-22ee90182c1e}\ not found.
File C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll not found.
Registry value HKEY_USERS\S-1-5-21-2309646660-4243879331-1040206939-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found.
File C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll not found.
Registry key HKEY_USERS\S-1-5-21-2309646660-4243879331-1040206939-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_USERS\S-1-5-21-2309646660-4243879331-1040206939-1001\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ not found.
Unable to fix default_search_provider items.
Unable to fix default_search_provider items.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{37483b40-c254-4a72-bda4-22ee90182c1e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37483b40-c254-4a72-bda4-22ee90182c1e}\ not found.
File C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found.
File C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Brows er Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ deleted successfully.
C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{37483b40-c254-4a72-bda4-22ee90182c1e} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37483b40-c254-4a72-bda4-22ee90182c1e}\ not found.
File C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found.
File C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2309646660-4243879331-1040206939-1001\Software\Microsoft\Windows\CurrentVersion\Run\\XdvSpyfk deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2309646660-4243879331-1040206939-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype-ie-addon-data\ deleted successfully.
File Protocol\Handler\skype-ie-addon-data - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol\ deleted successfully.
File Protocol\Handler\viprotocol - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
C:\Users\SoroushG\AppData\Local\{C1B402D2-D3BA-40F8-BC7A-B3772E0EBBD3} folder moved successfully.
C:\Users\SoroushG\AppData\Local\{0E38F27E-CBE1-42AF-9CD3-2CBE33919736} folder moved successfully.
C:\Users\SoroushG\AppData\Local\{67031DE5-EA40-413C-AEFF-B40AB524FBE0} folder moved successfully.
C:\Users\SoroushG\AppData\Local\{607FCE63-D690-45CC-8D1C-9E0C9D571E45} folder moved successfully.
C:\Users\SoroushG\AppData\Local\{31028D46-6376-4A4C-8D94-4F774BB18969} folder moved successfully.
C:\Users\SoroushG\AppData\Local\{7DBC4632-A2FD-4C8E-BB64-3D59A4978C95} folder moved successfully.
C:\Users\SoroushG\AppData\Local\{D8761A1E-DE68-4E26-8C74-5D35BAA846B9} folder moved successfully.
C:\Users\SoroushG\AppData\Local\{2E2FF6BD-2010-4DA2-B86F-E65DE3BC96EE} folder moved successfully.
C:\Users\SoroushG\AppData\Local\{A21D24A6-ECA6-4AEE-8E8C-C92C5321F2A3} folder moved successfully.
C:\Users\SoroushG\AppData\Local\{E8A81F9E-27AF-40DB-8B4F-C44822D3C61B} folder moved successfully.
C:\Users\SoroushG\AppData\Local\{9A549004-65D5-4013-8F19-719F2679DB9C} folder moved successfully.
C:\Users\SoroushG\AppData\Local\{CF88E378-F4A9-42FC-9B8B-432E48E65ABA} folder moved successfully.
C:\Users\SoroushG\AppData\Local\{72806CA8-E0B5-4C30-B34D-5B8C6048E3F6} folder moved successfully.
C:\Users\SoroushG\AppData\Local\{21796185-53A2-4599-9060-7FEA66735773} folder moved successfully.
C:\Users\SoroushG\AppData\Local\{4D64FEA3-5594-4B3D-941C-B87CC4F29F8B} folder moved successfully.
C:\Users\SoroushG\AppData\Local\{3B5E776B-FF33-4502-8D5A-D23DB4E975D6} folder moved successfully.
C:\Users\SoroushG\AppData\Local\{2CC2EA68-101D-4AC8-927A-DD6BB5988C90} folder moved successfully.
C:\Users\SoroushG\AppData\Local\{57ADDCE6-3DBF-4A83-B330-E60CBA271C94} folder moved successfully.
C:\Users\SoroushG\AppData\Local\{2F82FAF3-D563-4122-A575-CD397A2448C1} folder moved successfully.
C:\Users\SoroushG\AppData\Local\{830BF62E-CC3E-4843-ABE4-BAEA9347A8D5} folder moved successfully.
C:\Users\SoroushG\AppData\Local\{E544DE00-88B2-42E8-A011-EC4305BBFA3E} folder moved successfully.
C:\Users\SoroushG\AppData\Local\{D7E1177B-AB1E-4606-B41E-3F5D6C38C674} folder moved successfully.
C:\Users\SoroushG\AppData\Local\{44EBF1E6-00D8-433E-A7B4-771BCDD6F3FF} folder moved successfully.
C:\Users\SoroushG\AppData\Local\{C609EB48-6DCE-4BC6-B032-D81A94C6903F} folder moved successfully.
C:\Users\SoroushG\AppData\Local\{E695CE18-BFF6-40E9-BD7A-BA607DB91678} folder moved successfully.
C:\Users\SoroushG\AppData\Local\{35127017-37AD-40DE-9B74-B2BB9CF821D5} folder moved successfully.
C:\Users\SoroushG\AppData\Local\{8F41FA2E-C4A3-46E1-917D-E8630D0161A9} folder moved successfully.
C:\Users\SoroushG\AppData\Local\{B0C8A2B4-C472-4201-AACE-86BE581E6089} folder moved successfully.
C:\Users\SoroushG\AppData\Local\{0B64CF55-BF9F-4261-B721-EA56D5A4BF61} folder moved successfully.
C:\Users\SoroushG\AppData\Local\{71F570FD-DF0D-4A22-ACB4-57838066C69F} folder moved successfully.
C:\Users\SoroushG\AppData\Local\{34BE6047-4E04-46BA-B1EE-12E190E7E223} folder moved successfully.
C:\Users\SoroushG\AppData\Local\{C0A8ADCD-88C3-412C-8677-C3C435349018} folder moved successfully.
C:\Users\SoroushG\AppData\Local\{E361E427-DDA2-4A26-A84A-BC4EF5B7969B} folder moved successfully.
C:\Users\SoroushG\AppData\Local\{F4D5CBDE-D47A-4392-86E0-2DB028265AE1} folder moved successfully.
C:\Users\SoroushG\AppData\Local\{0E19CD5A-9723-43E7-98E5-3BAF335EF7FB} folder moved successfully.
C:\Users\SoroushG\AppData\Local\{966CCC46-6D4B-4AE3-847F-C3E85642BFEB} folder moved successfully.
C:\Users\SoroushG\AppData\Local\{3C39D5E1-CEA9-45CC-9698-0570CB9EE45B} folder moved successfully.
C:\Users\SoroushG\AppData\Local\{483B828B-61BF-4753-88F6-EDF2617B44E2} folder moved successfully.
C:\Users\SoroushG\AppData\Local\{98BC77A8-33C5-48D3-ABD4-1D06BB71B8F3} folder moved successfully.
C:\Users\SoroushG\AppData\Local\{F4A899ED-0C79-4E1C-BE52-4A37B047B3B4} folder moved successfully.
C:\Users\SoroushG\AppData\Local\{68DCE7B6-9EAA-41E0-9902-628A6125DC34} folder moved successfully.
C:\Users\SoroushG\AppData\Local\{6942A2E5-B4CE-4F3A-AD79-0F86D329CC8C} folder moved successfully.
C:\Users\SoroushG\AppData\Local\{22B85FDD-8F12-4AF4-8370-DA757B97812F} folder moved successfully.
C:\Users\SoroushG\AppData\Local\{F463C38B-2471-4190-89DF-17CA10B1B6BD} folder moved successfully.
C:\Users\SoroushG\AppData\Local\{DE9AEF90-A6E9-498A-8833-41331AB71C41} folder moved successfully.
C:\Users\SoroushG\AppData\Local\{4DD2A456-530F-470A-AAFA-682ECDE92B33} folder moved successfully.
C:\Users\SoroushG\AppData\Local\{626836D4-0EB4-4EB0-BD11-3B5BE3F6EE3E} folder moved successfully.
C:\Users\SoroushG\AppData\Local\{94843AA3-85B0-4892-9193-21E1A1445A0F} folder moved successfully.
C:\Users\SoroushG\AppData\Local\{D45BDE16-5FF7-4976-881F-876264CBC21B} folder moved successfully.
C:\Users\SoroushG\AppData\Local\{9AA287EC-C2F0-486A-8741-582B485605F8} folder moved successfully.
C:\Users\SoroushG\AppData\Local\{442B03E5-3269-47BA-A6FF-25812E5AD5ED} folder moved successfully.
C:\Users\SoroushG\AppData\Local\{4A5C3B8D-F648-4ACF-8409-06EE327A6FF1} folder moved successfully.
C:\Users\SoroushG\AppData\Local\{4CD83659-AEAC-4442-A8F5-863673D75A20} folder moved successfully.
C:\Users\SoroushG\AppData\Local\{35D33BAA-BAAB-4BE2-BAF5-35A532DF4EEE} folder moved successfully.
C:\Users\SoroushG\AppData\Local\{B24636FC-C08F-4825-AD3E-3964C1B5F194} folder moved successfully.
C:\Users\SoroushG\AppData\Local\{8B4B664C-3952-4D05-B108-6B54B93F117B} folder moved successfully.
C:\Users\SoroushG\AppData\Local\{A540FEBA-9B37-4E66-B00B-1697F0E1DA6B} folder moved successfully.
C:\Users\SoroushG\AppData\Local\{63428F11-FD4B-4774-AFE6-207BE54A3723} folder moved successfully.
C:\Users\SoroushG\AppData\Local\{1AAEA756-E723-491E-AEDD-0D76786DA611} folder moved successfully.
C:\Users\SoroushG\AppData\Local\{352FFB28-97F8-4F9E-827C-35D5B4571005} folder moved successfully.
C:\Users\SoroushG\AppData\Local\{BA9ABC80-8513-42EE-98EA-93532F549A56} folder moved successfully.
C:\Users\SoroushG\AppData\Local\{83D0127F-9954-433E-A21A-87B30ABFCBB0} folder moved successfully.
C:\Users\SoroushG\AppData\Local\{78F44B19-9A1E-41DE-A5FD-A955295160D5} folder moved successfully.
C:\ProgramData\{A2B67EC8-CE44-4813-AAC0-BACC1FAF50BE} folder moved successfully.
C:\ProgramData\{07D9EF15-1E96-4C9C-911C-4C7AAC443789} folder moved successfully.
C:\ProgramData\{6268CC84-62BB-4890-B980-FC891FC3470E} folder moved successfully.
C:\ProgramData\{BC727A25-34B7-4B46-9D69-E54457E6DD1C} folder moved successfully.
C:\Users\SoroushG\AppData\Local\{B03898B9-1D59-47F7-84D6-71FCA0404E14} folder moved successfully.
C:\Users\SoroushG\AppData\Local\{CC6BF45B-2EFC-4F36-B11F-2C1CA4FB3B1E} folder moved successfully.
C:\Users\SoroushG\AppData\Local\{11E4D9E2-908E-4964-B490-F285235017F2} folder moved successfully.
C:\Users\SoroushG\AppData\Local\{46325B03-9328-4242-9851-3B94B714E51A} folder moved successfully.
C:\Users\SoroushG\AppData\Local\{B5A99E22-52E4-4524-8869-5932982C8491} folder moved successfully.
C:\Users\SoroushG\AppData\Local\{E0164F7C-F795-433B-981C-DC1079878410} folder moved successfully.
C:\Users\SoroushG\AppData\Local\{BB9A8EDC-E8B9-4576-A9D6-1F266EB3A5E7} folder moved successfully.
C:\Users\SoroushG\AppData\Local\{5FADC5E5-8B06-4512-AA77-B32CC21B6D16} folder moved successfully.
C:\Users\SoroushG\AppData\Local\{55B0E70E-5135-40E2-938A-7CD4E56669C5} folder moved successfully.
C:\Users\SoroushG\AppData\Local\{B000A583-96D9-40A6-9EE3-2720F79BD9AA} folder moved successfully.
C:\Users\SoroushG\AppData\Local\{91092E88-3601-41B1-ADA2-46785ECF5914} folder moved successfully.
C:\Users\SoroushG\AppData\Local\{4741695C-4DCD-46B2-957B-F12912FA2A3E} folder moved successfully.
C:\Users\SoroushG\AppData\Local\{9CA8CEF3-A073-473D-BC03-695B0FAEF028} folder moved successfully.
C:\Users\SoroushG\AppData\Local\{834A0EE4-2506-415D-879C-ADE41755E55A} folder moved successfully.
C:\Users\SoroushG\AppData\Local\{5AD72470-0390-4321-B357-729073F25461} folder moved successfully.
C:\Users\SoroushG\AppData\Local\{40AE7C9A-AE59-4ACC-95BC-625E26849429} folder moved successfully.
C:\Users\SoroushG\AppData\Local\{B3833BD4-9888-4362-AC36-36A1C3F07B8F} folder moved successfully.
C:\Users\SoroushG\AppData\Local\{A16CBAAC-5D1C-4FC7-9993-161052139F43} folder moved successfully.
C:\Users\SoroushG\AppData\Local\{E6C37B77-75CF-4962-8CC5-6EFA66B5A0BD} folder moved successfully.
C:\Users\SoroushG\AppData\Local\{64130B91-4DD2-4EF6-928E-A8C8D1E917A5} folder moved successfully.
C:\Users\SoroushG\AppData\Local\{67302E7F-FB11-46A1-96A0-D89F472A252A} folder moved successfully.
C:\Users\SoroushG\AppData\Local\{0C80EA14-FA64-4BE3-8F43-F7AC04303062} folder moved successfully.
C:\Users\SoroushG\AppData\Local\{8FA41823-C95A-4DF7-A191-69BED11DA485} folder moved successfully.
C:\Users\SoroushG\AppData\Local\{A4F3262D-A05F-4880-B614-CABE4D143233} folder moved successfully.
C:\Users\SoroushG\AppData\Local\{52EA9A05-84FF-4311-8B98-757EAA3C9F0D} folder moved successfully.
C:\Users\SoroushG\AppData\Local\{1AB8A017-A855-4D75-98F8-E54FBA759A95} folder moved successfully.
C:\Users\SoroushG\AppData\Local\{ABE37A04-90FC-43F7-88DB-687232F8D949} folder moved successfully.
C:\Users\SoroushG\AppData\Local\{98309290-86E9-4717-AF66-1A7F1B153909} folder moved successfully.
C:\Users\SoroushG\Desktop\WX82wvJL moved successfully.
ADS C:\ProgramData\Temp:0B4227B4 deleted successfully.
Unable to delete ADS C:\ProgramData\Temp1B5B4F1 .
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\SoroushG\Desktop\cmd.bat deleted successfully.
C:\Users\SoroushG\Desktop\cmd.txt deleted successfully.
File\Folder [emptytemp] not found.
File\Folder [[CREATERESTOREPOINT] not found.
File\Folder [Reboot] not found.

OTL by OldTimer - Version 3.2.53.1 log created on 07062012_230738
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...




OTL logfile created on: 6/07/2012 11:20:51 PM - Run 2
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\SoroushG\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

7.98 Gb Total Physical Memory | 5.94 Gb Available Physical Memory | 74.45% Memory free
30.31 Gb Paging File | 4.11 Gb Available in Paging File | 13.54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1853.24 Gb Total Space | 1346.69 Gb Free Space | 72.67% Space Free | Partition Type: NTFS
Drive I: | 3.74 Gb Total Space | 2.91 Gb Free Space | 77.97% Space Free | Partition Type: FAT32

Computer Name: SOROUSHG-PC | User Name: SoroushG | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/06 20:05:48 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\SoroushG\Desktop\OTL.exe
PRC - [2012/06/19 17:32:30 | 003,048,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/06/12 08:54:35 | 000,935,480 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
PRC - [2012/03/23 05:57:00 | 002,321,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
PRC - [2012/02/22 15:57:16 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/02/03 01:16:56 | 002,671,936 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
PRC - [2012/01/18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2012/01/04 21:24:50 | 000,793,048 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2012/01/04 21:24:50 | 000,103,896 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
PRC - [2012/01/03 23:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/10/25 11:40:44 | 000,389,120 | ---- | M] () -- C:\Program Files\Fractal Audio\Axe-Fx II Driver\FASUSBAudioCpl.exe
PRC - [2011/07/29 09:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/05/20 21:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009/12/15 12:47:00 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/10/26 12:16:00 | 000,223,464 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
PRC - [2009/10/26 12:15:56 | 000,375,000 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
PRC - [2008/10/01 17:43:12 | 000,548,864 | ---- | M] (BL) -- C:\Program Files (x86)\lg_fwupdate\fwupdate.exe
PRC - [2008/06/26 18:09:36 | 000,167,936 | ---- | M] () -- C:\Program Files (x86)\D-Link\DWA-131 revA\WlanWpsSvc.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/01 22:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 22:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/10/25 11:40:44 | 000,389,120 | ---- | M] () -- C:\Program Files\Fractal Audio\Axe-Fx II Driver\FASUSBAudioCpl.exe
MOD - [2011/10/17 03:04:58 | 000,176,128 | ---- | M] () -- C:\Program Files\Fractal Audio\Axe-Fx II Driver\tusbaudioapi.dll
MOD - [2011/07/29 09:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/29 09:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2009/12/15 12:49:20 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/12/15 12:46:38 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2009/06/27 09:11:12 | 000,503,202 | ---- | M] () -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/08/12 09:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/14 11:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 11:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/06/27 11:58:22 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/06/25 11:23:02 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/19 21:28:34 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/06/19 17:32:30 | 003,048,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/06/12 08:54:35 | 000,935,480 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe -- (vToolbarUpdater11.1.0)
SRV - [2012/04/30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/03/23 05:57:00 | 002,321,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgfws.exe -- (avgfws)
SRV - [2012/02/22 15:57:16 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2012/01/18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2012/01/04 21:24:50 | 000,793,048 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2012/01/03 23:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/25 17:25:28 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/05/20 21:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/26 12:16:00 | 000,223,464 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009/06/11 07:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/06/26 18:09:36 | 000,167,936 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\D-Link\DWA-131 revA\WlanWpsSvc.exe -- (WlanWpsSvc)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/06/27 11:58:24 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/03/19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/01 16:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 20:34:36 | 000,028,160 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcaudrv_x64.sys -- (mcaudrv_simple)
DRV:64bit: - [2012/02/22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/02/06 14:42:54 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2012/01/18 16:44:14 | 000,025,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvbflt64.sys -- (CompFilter64)
DRV:64bit: - [2012/01/18 06:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech HD Webcam C615(UVC)
DRV:64bit: - [2012/01/18 06:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2012/01/11 16:11:20 | 000,034,304 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcvidrv_x64.sys -- (ManyCam)
DRV:64bit: - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/12/23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/12/01 06:13:44 | 000,772,096 | ---- | M] (Line 6) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L6PODHDBEAN64.sys -- (L6PODHDBEAN)
DRV:64bit: - [2011/11/01 10:51:44 | 000,055,600 | ---- | M] (Cypress Semiconductor) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\axefx2load.sys -- (axefx2load)
DRV:64bit: - [2011/11/01 10:51:42 | 000,246,576 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fasusbaudio_x64.sys -- (fasusbaudio)
DRV:64bit: - [2011/11/01 10:51:42 | 000,053,040 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fasusbaudioks_x64.sys -- (fasusbaudioks)
DRV:64bit: - [2011/08/02 16:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/07/23 02:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/13 07:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/05/25 17:25:48 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011/05/23 01:03:28 | 000,048,992 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)
DRV:64bit: - [2011/03/11 16:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 16:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/16 17:11:08 | 000,428,136 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/11/21 13:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 13:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/21 13:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 13:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/20 02:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010/10/15 19:42:48 | 000,356,328 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2010/10/15 19:42:48 | 000,121,320 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2009/09/19 04:39:17 | 000,081,920 | ---- | M] (Roland Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rdwm1102.sys -- (RDID1102)
DRV:64bit: - [2009/08/20 10:00:10 | 000,664,576 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su)
DRV:64bit: - [2009/07/14 11:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 11:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 11:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/11 06:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 06:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 06:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 06:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/07/14 11:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-AU
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2B 68 4C 5F 19 DE CC 01 [binary data]
IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={search...0084c9b242f885
IE - HKCU\..\SearchScopes\{5C0523FF-71F5-46ce-87CA-AD87DFD5E6DF}: "URL" = http://www.bing.com/search?q={search...SPLBR2&pc=SPLH
IE - HKCU\..\SearchScopes\{859C9482-2722-4421-9FF3-7CECB3136CDF}: "URL" = http://au.search.yahoo.com/search?p=...evm&type=STDVM
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={1...r&d=2012-05-12 23:04:27&v=11.0.0.9&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{D8400222-D414-4e98-B038-9798204DFB95}: "URL" = http://www.google.com/cse?cx=partner...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\SoroushG\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling .dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/02/15 15:05:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.7\ [2012/07/05 11:56:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/07/05 11:56:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/05 11:56:04 | 000,000,000 | ---D | M]

[2012/04/30 13:50:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Search the web (Babylon) (Enabled)
CHR - default_search_provider: search_url = http://search.babylon.com/?q={search...0084c9b242f885
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:ins tantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.47\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\20.0.1132.47\gcswf32.dll
CHR - plugin: Skype Click to Call (Enabled) = C:\Users\SoroushG\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.0.0.10297_0\npSk ypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\SoroushG\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling .dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll

O1 HOSTS File: ([2009/06/11 07:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll ()
O4:64bit: - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LGODDFU] C:\Program Files (x86)\lg_fwupdate\fwupdate.exe (BL)
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Facebook Update] C:\Users\SoroushG\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [XdvSpyfk] C:\Users\SoroushG\AppData\Local\pwegcyvw\xdvspyfk.exe File not found
O4 - HKCU..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe ()
O4 - Startup: C:\Users\SoroushG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboa rd\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboa rd\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboa rd\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboa rd\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboa rd\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboa rd\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboa rd\ExceptionFormats: CF_DIBV5 = 17
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts.../ieawsdc64.cab (Microsoft Office Template and Media Control)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B7FFD0F4-84B6-42D2-AB03-671310DE1C8D}: DhcpNameServer = 10.0.0.138
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (systempropertiesperformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Users\SoroushG\AppData\Local\pwegcyvw\xdvspyfk.exe) - C:\Users\SoroushG\AppData\Local\pwegcyvw\xdvspyfk.exe File not found
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corp.)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corp.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{91e33863-5070-11e1-971c-f46d049d9437}\Shell - "" = AutoRun
O33 - MountPoints2\{91e33863-5070-11e1-971c-f46d049d9437}\Shell\AutoRun\command - "" = J:\SETUP.EXE
O33 - MountPoints2\{91e33863-5070-11e1-971c-f46d049d9437}\Shell\configure\command - "" = J:\SETUP.EXE
O33 - MountPoints2\{91e33863-5070-11e1-971c-f46d049d9437}\Shell\install\command - "" = J:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/06 23:10:41 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{EA461FD4-0330-4C36-B941-7388B464A545}
[2012/07/06 23:10:16 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{269CEDA8-FAEA-408B-9E58-16435C6D500C}
[2012/07/06 23:07:38 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/07/06 23:01:12 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\{0E9B5A6A-FC5B-43C1-B938-5E0BFE8095A2}
[2012/07/06 20:05:48 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\SoroushG\Desktop\OTL.exe
[2012/07/06 19:24:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/06 19:24:47 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/07/06 19:24:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/07/06 19:11:12 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\pwegcyvw
[2012/07/06 19:06:44 | 000,000,000 | ---D | C] -- C:\_OTM
[2012/07/06 18:53:56 | 000,522,240 | ---- | C] (OldTimer Tools) -- C:\Users\SoroushG\Desktop\OTM.exe
[2012/07/06 17:46:27 | 000,607,260 | ---- | C] (Swearware) -- C:\Users\SoroushG\Desktop\dds.com
[2012/07/06 17:43:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hijackthis
[2012/07/06 15:48:38 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Roaming\SUPERAntiSpyware.com
[2012/07/06 15:48:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/07/06 15:48:29 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/07/06 15:48:29 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/07/06 14:44:06 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\Desktop\SARA
[2012/07/06 10:05:09 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/07/05 23:20:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/07/05 23:08:36 | 000,355,856 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/07/05 23:08:26 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/07/05 23:08:03 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/07/05 20:55:36 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Roaming\Malwarebytes
[2012/07/05 20:55:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/07/05 12:31:11 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/07/05 12:29:56 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/07/05 12:29:56 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/07/05 12:19:41 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Roaming\AVG
[2012/07/05 10:54:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2012/07/05 10:54:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012/07/05 00:24:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Excel Password Unlocker
[2012/07/05 00:24:17 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\lptmp846331700
[2012/07/04 23:40:27 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Office Password Recovery PRO
[2012/07/04 23:40:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Office Password Recovery PRO
[2012/07/04 23:40:26 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Roaming\Password Solutions
[2012/07/04 23:40:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Password Solutions
[2012/07/04 23:40:26 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\Documents\My Password Recovery
[2012/07/04 23:37:49 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\Documents\extract
[2012/07/02 20:50:29 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\Documents\half life 2 episode 2
[2012/07/01 09:41:50 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse
[2012/07/01 01:01:58 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\Documents\daemon
[2012/07/01 01:00:21 | 000,000,000 | ---D | C] -- C:\Trilogy Data
[2012/07/01 01:00:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spectrasonics
[2012/07/01 00:59:47 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Waves
[2012/07/01 00:59:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Waves
[2012/07/01 00:50:31 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Native Instruments Reaktor 5
[2012/07/01 00:50:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Native Instruments
[2012/07/01 00:49:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sonnox
[2012/06/30 13:04:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
[2012/06/30 13:04:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\World of Warcraft
[2012/06/29 20:40:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicISO
[2012/06/29 20:40:34 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MagicISO
[2012/06/29 20:40:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MagicISO
[2012/06/28 19:41:09 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\Documents\My Curse
[2012/06/27 17:34:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2012/06/27 17:32:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2012/06/27 14:51:26 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Roaming\Windows Live Writer
[2012/06/27 14:51:26 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\Windows Live Writer
[2012/06/26 13:56:20 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Roaming\DT
[2012/06/25 22:29:47 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\Documents\The Lord of the Rings Online
[2012/06/25 22:29:47 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\The Lord of the Rings Online
[2012/06/25 22:15:44 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\Turbine
[2012/06/25 22:15:39 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\ApplicationHistory
[2012/06/25 22:13:23 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\URTTEMP
[2012/06/25 15:00:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ReValver Mk III
[2012/06/25 15:00:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Peavey Electronics
[2012/06/24 16:16:46 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\Documents\fraps
[2012/06/24 16:01:48 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fraps
[2012/06/24 16:01:48 | 000,000,000 | ---D | C] -- C:\Fraps
[2012/06/21 11:24:15 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012/06/21 11:24:15 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012/06/21 11:24:15 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012/06/21 11:23:51 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012/06/21 11:23:51 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012/06/21 11:23:51 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012/06/21 11:23:28 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012/06/21 11:23:28 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012/06/19 16:32:09 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012/06/19 16:28:58 | 000,048,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fssfltr.sys
[2012/06/17 14:53:58 | 000,000,000 | ---D | C] -- C:\ProgramData\{00E0164B-B182-4800-96DA-F8D39B3A7189}
[2012/06/17 14:26:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Digidesign
[2012/06/17 14:20:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Native Instruments
[2012/06/14 17:00:28 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\Documents\Youcam
[2012/06/14 10:55:02 | 000,000,000 | ---D | C] -- C:\sprays
[2012/06/14 00:47:30 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/06/14 00:47:30 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/06/14 00:47:29 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/06/14 00:47:29 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/06/14 00:47:27 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/06/14 00:47:27 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/06/14 00:47:26 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/06/14 00:47:26 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/06/14 00:47:24 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/06/14 00:47:24 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/06/14 00:47:23 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/06/14 00:47:23 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/06/14 00:47:22 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/06/13 18:06:02 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Local\Native Instruments
[2012/06/13 18:00:53 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\Documents\Native Instruments
[2012/06/13 17:45:46 | 000,000,000 | -H-D | C] -- C:\ProgramData\{018739C5-9E1C-4C10-A298-77A80A04AD61}
[2012/06/13 17:40:20 | 000,000,000 | ---D | C] -- C:\Program Files\Native Instruments
[2012/06/13 15:29:39 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/06/13 15:29:39 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/06/13 15:29:39 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/06/13 15:29:28 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/06/13 15:29:28 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/06/13 15:29:28 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/06/13 15:29:26 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012/06/13 15:29:18 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/06/13 15:29:18 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012/06/11 20:00:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Utilities
[2012/06/11 19:33:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Metal Gear Solid
[2012/06/11 19:31:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Metal Gear Solid
[2012/06/11 16:14:52 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446 A847B240591D2C99B.1
[2012/06/09 21:27:49 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\Desktop\Sleep Studies
[2012/06/09 21:25:12 | 000,000,000 | ---D | C] -- C:\Users\SoroushG\Desktop\USB Dad

========== Files - Modified Within 30 Days ==========

[2012/07/06 23:21:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/06 23:14:06 | 000,000,271 | ---- | M] () -- C:\Windows\lgfwup.ini
[2012/07/06 23:14:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/06 23:13:43 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/06 23:13:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/06 23:13:34 | 2132,721,663 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/06 23:12:37 | 000,020,528 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/06 23:12:37 | 000,020,528 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/06 22:21:25 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2012/07/06 20:05:48 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\SoroushG\Desktop\OTL.exe
[2012/07/06 19:24:48 | 000,001,144 | ---- | M] () -- C:\Users\SoroushG\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/07/06 19:24:48 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/06 18:53:57 | 000,522,240 | ---- | M] (OldTimer Tools) -- C:\Users\SoroushG\Desktop\OTM.exe
[2012/07/06 18:48:01 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2309646660-4243879331-1040206939-1001UA.job
[2012/07/06 17:46:28 | 000,607,260 | ---- | M] (Swearware) -- C:\Users\SoroushG\Desktop\dds.com
[2012/07/06 15:48:32 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/07/06 14:44:47 | 000,792,978 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/06 14:44:47 | 000,673,446 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/06 14:44:47 | 000,129,440 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/06 10:05:10 | 000,000,829 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/07/05 20:32:48 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/07/05 20:02:35 | 000,000,318 | ---- | M] () -- C:\Users\SoroushG\Desktop\Curse Client.appref-ms
[2012/07/04 02:21:52 | 000,355,856 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/07/04 02:21:52 | 000,059,728 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/07/04 02:21:32 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/07/04 02:21:18 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/07/03 21:48:00 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2309646660-4243879331-1040206939-1001Core.job
[2012/06/29 20:40:35 | 000,001,810 | ---- | M] () -- C:\Users\SoroushG\Desktop\MagicISO.lnk
[2012/06/28 19:41:07 | 000,000,000 | ---- | M] () -- C:\Users\SoroushG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
[2012/06/27 11:58:24 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/06/26 13:56:28 | 000,000,218 | ---- | M] () -- C:\Users\SoroushG\.recently-used.xbel
[2012/06/25 22:16:00 | 000,000,096 | ---- | M] () -- C:\Users\SoroushG\AppData\Local\fusioncache.dat
[2012/06/25 22:15:19 | 000,800,674 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/06/25 11:23:02 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/06/25 11:23:02 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/06/24 16:01:48 | 000,000,569 | ---- | M] () -- C:\Users\SoroushG\Desktop\Fraps.lnk
[2012/06/14 09:59:51 | 000,300,024 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/11 22:26:17 | 100,193,302 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/06/11 20:45:36 | 000,057,316 | ---- | M] () -- C:\Users\SoroushG\Documents\paul_gilbert_curse_of_castle_dragon.gp5
[2012/06/11 20:00:53 | 000,002,221 | ---- | M] () -- C:\Users\Public\Desktop\Express Zip File Compression Software.lnk
[2012/06/11 10:25:32 | 000,256,779 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/06/09 13:11:41 | 000,128,176 | ---- | M] () -- C:\Users\SoroushG\Documents\born_of_osiris_devastate.gp5
[2012/06/09 13:11:33 | 000,005,988 | ---- | M] () -- C:\Users\SoroushG\Documents\born_of_osiris_dissimulation.gp5
[2012/06/09 13:11:22 | 000,004,953 | ---- | M] () -- C:\Users\SoroushG\Documents\born_of_osiris_behold_sweeps.gp5
[2012/06/09 13:11:14 | 000,141,087 | ---- | M] () -- C:\Users\SoroushG\Documents\born_of_osiris_recreate.gp5
[2012/06/09 13:11:04 | 000,095,249 | ---- | M] () -- C:\Users\SoroushG\Documents\born_of_osiris_singularity.gp5

========== Files Created - No Company Name ==========

[2012/07/06 19:24:48 | 000,001,144 | ---- | C] () -- C:\Users\SoroushG\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/07/06 19:24:48 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/06 15:48:32 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/07/06 10:05:10 | 000,000,829 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/07/06 10:04:06 | 000,000,902 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/06 10:04:05 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/05 20:02:35 | 000,000,318 | ---- | C] () -- C:\Users\SoroushG\Desktop\Curse Client.appref-ms
[2012/07/05 12:31:13 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012/06/30 13:04:42 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2012/06/29 20:40:35 | 000,001,810 | ---- | C] () -- C:\Users\SoroushG\Desktop\MagicISO.lnk
[2012/06/28 19:41:07 | 000,000,000 | ---- | C] () -- C:\Users\SoroushG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
[2012/06/26 13:56:28 | 000,000,218 | ---- | C] () -- C:\Users\SoroushG\.recently-used.xbel
[2012/06/25 22:16:00 | 000,000,096 | ---- | C] () -- C:\Users\SoroushG\AppData\Local\fusioncache.dat
[2012/06/24 16:01:48 | 000,000,569 | ---- | C] () -- C:\Users\SoroushG\Desktop\Fraps.lnk
[2012/06/11 20:45:36 | 000,057,316 | ---- | C] () -- C:\Users\SoroushG\Documents\paul_gilbert_curse_of_castle_dragon.gp5
[2012/06/11 20:00:53 | 000,002,221 | ---- | C] () -- C:\Users\Public\Desktop\Express Zip File Compression Software.lnk
[2012/06/11 20:00:53 | 000,001,893 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Zip File Compression Software.lnk
[2012/06/09 13:11:41 | 000,128,176 | ---- | C] () -- C:\Users\SoroushG\Documents\born_of_osiris_devastate.gp5
[2012/06/09 13:11:33 | 000,005,988 | ---- | C] () -- C:\Users\SoroushG\Documents\born_of_osiris_dissimulation.gp5
[2012/06/09 13:11:22 | 000,004,953 | ---- | C] () -- C:\Users\SoroushG\Documents\born_of_osiris_behold_sweeps.gp5
[2012/06/09 13:11:14 | 000,141,087 | ---- | C] () -- C:\Users\SoroushG\Documents\born_of_osiris_recreate.gp5
[2012/06/09 13:11:04 | 000,095,249 | ---- | C] () -- C:\Users\SoroushG\Documents\born_of_osiris_singularity.gp5
[2012/04/30 13:50:49 | 000,000,064 | ---- | C] () -- C:\Windows\GPlrLanc.dat
[2012/04/30 13:50:27 | 000,723,230 | ---- | C] () -- C:\Windows\unins000.exe
[2012/04/30 13:50:27 | 000,105,538 | ---- | C] () -- C:\Windows\unins000.dat
[2012/03/22 15:31:29 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012/03/22 15:31:29 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012/02/22 15:57:18 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/02/22 15:57:16 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/02/08 16:58:13 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2012/01/28 21:38:33 | 000,000,271 | ---- | C] () -- C:\Windows\lgfwup.ini
[2012/01/28 20:42:03 | 000,031,419 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2012/01/18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012/01/18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012/01/18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011/05/20 21:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/05/12 11:39:08 | 000,995,328 | ---- | C] () -- C:\Windows\SRFIXMBR.EXE
[2011/05/12 10:06:39 | 000,800,674 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/05/11 17:47:00 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011/05/11 17:46:54 | 000,022,767 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

========== Alternate Data Streams ==========

@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp1B5B4F1
< End of report >
axle1's Avatar
Computer Specs
Member with 30 posts.
THREAD STARTER
  
Join Date: Jul 2012
Experience: Beginner
07-Jul-2012, 05:10 AM #15
:/, anyone able to help ?
Email This Email  Print This Print  Tweet This Send to Facebook Send to MySpace Send to StumbleUpon Digg This | More Services More
Reply
Page 1 of 4 1 234
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join Today!

(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!

« Previous Thread | Virus & Other Malware Removal | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


TECH SUPPORT GUY
WELCOME
FOLLOW US
 
You Are Using: Server ID
All times are GMT -4. The time now is 11:13 PM.
Advertisements do not imply our endorsement of that product or service.
Copyright © 1996 - 2013 TechGuy, Inc. All rights reserved. Privacy & Terms.

Trusted Website Back to the Top ↑