OTL

OTL logfile created on: 12/6/2011 4:27:43 PM - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Khalili\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.91 Gb Total Physical Memory | 1.01 Gb Available Physical Memory | 25.79% Memory free
7.81 Gb Paging File | 4.86 Gb Available in Paging File | 62.24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.17 Gb Total Space | 59.20 Gb Free Space | 20.76% Space Free | Partition Type: NTFS
Drive D: | 12.72 Gb Total Space | 1.78 Gb Free Space | 14.01% Space Free | Partition Type: NTFS

Computer Name: KHALILI-PC | User Name: Khalili | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2011/12/06 15:32:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Khalili\Desktop\OTL.com
PRC - [2011/11/29 01:50:02 | 010,826,624 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
PRC - [2011/11/29 01:50:02 | 002,916,736 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2011/11/29 01:33:26 | 000,116,608 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
PRC - [2011/11/04 22:53:18 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/11/03 10:25:08 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011/10/24 19:29:34 | 002,398,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
PRC - [2011/10/24 19:29:16 | 002,415,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2011/10/12 05:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/10/07 14:59:45 | 000,189,248 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2011/09/25 07:59:13 | 000,246,600 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/04/13 08:37:22 | 000,070,920 | ---- | M] (Memeo) -- C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe
PRC - [2011/04/13 08:37:22 | 000,014,088 | ---- | M] (Memeo) -- C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
PRC - [2011/04/06 07:16:10 | 000,325,344 | ---- | M] () -- C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe
PRC - [2011/03/25 22:42:16 | 000,334,448 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2011/03/25 22:42:00 | 000,404,080 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2011/03/25 22:41:50 | 000,113,264 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
PRC - [2011/03/25 21:27:40 | 000,539,248 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2011/03/22 08:40:50 | 002,260,992 | ---- | M] (Axentra Corporation) -- C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
PRC - [2010/11/05 22:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/10/14 17:27:38 | 000,092,216 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/05/04 11:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2009/07/24 17:24:02 | 000,427,304 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe
PRC - [2009/07/23 19:45:52 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2009/07/23 10:37:16 | 000,206,120 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2011/11/18 19:04:34 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/11/04 22:53:18 | 001,989,592 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/10/13 07:15:26 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\32f68764be7200d3796b55e377311245\Microsoft.VisualBasic.ni.dll
MOD - [2011/10/13 07:06:49 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\1049a76b3de293df726d380932215c91\System.Management.ni.dll
MOD - [2011/10/12 20:32:04 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\6f2de1cb69aef1946760a70f355a3075\System.ServiceProcess.ni.dll
MOD - [2011/10/12 20:31:51 | 011,819,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\8e7909ef6b5f953d49244c6b9f5f5100\System.Web.ni.dll
MOD - [2011/10/12 20:31:42 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b2622080e047040fa044dd21a04ff10d\System.Runtime.Remoting.ni.dll
MOD - [2011/10/12 20:31:39 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f8196c3588c2229e84516af4b6a0ee60\System.Data.ni.dll
MOD - [2011/10/12 20:30:50 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011/10/12 20:30:42 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011/10/12 20:30:39 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\31fce331fded94dd06627603f6fe4562\Accessibility.ni.dll
MOD - [2011/10/12 20:30:19 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011/10/12 20:30:14 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011/10/12 20:30:13 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011/10/12 20:30:06 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/05/12 20:46:02 | 000,498,760 | ---- | M] () -- C:\Program Files (x86)\ManyCam\Bin\cximagecrt.dll
MOD - [2011/04/13 08:40:40 | 000,030,984 | ---- | M] () -- C:\Program Files (x86)\Seagate\Seagate Dashboard\Plugins\Memeo.Dashboard.SeagateSharePlusPlugin.dll
MOD - [2011/04/13 08:37:18 | 000,108,296 | ---- | M] () -- C:\Program Files (x86)\Seagate\Seagate Dashboard\Memeo.Progress.dll
MOD - [2011/04/06 07:16:30 | 002,896,608 | ---- | M] () -- C:\Program Files (x86)\Memeo\AutoBackup\Memeo.Client.UI.dll
MOD - [2011/04/06 07:16:28 | 000,027,360 | ---- | M] () -- C:\Program Files (x86)\Memeo\AutoBackup\Memeo.Client.DriveDetection.dll
MOD - [2011/04/06 07:16:26 | 000,059,616 | ---- | M] () -- C:\Program Files (x86)\Memeo\AutoBackup\Vista.Api.dll
MOD - [2011/04/06 07:16:10 | 000,325,344 | ---- | M] () -- C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe
MOD - [2011/03/16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/11/04 17:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/10/20 14:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2010/04/20 09:22:32 | 000,971,776 | ---- | M] () -- C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\libxml2.dll
MOD - [2010/04/20 09:22:32 | 000,241,664 | ---- | M] () -- C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\libupnp.dll
MOD - [2010/03/22 14:59:46 | 000,504,293 | ---- | M] () -- C:\Program Files (x86)\Memeo\AutoBackup\sqlite3.dll
MOD - [2010/03/22 14:57:42 | 000,178,176 | ---- | M] () -- C:\Program Files (x86)\Common Files\Memeo\ProfMan.dll
MOD - [2009/07/24 17:24:16 | 000,275,848 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CLCapEngine.dll
MOD - [2009/07/24 17:24:16 | 000,124,288 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CLSchMgr.dll
MOD - [2009/07/24 17:24:14 | 000,349,480 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\CLTinyDB.dll
MOD - [2009/07/23 10:37:14 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV:[b]64bit:[/b] - [2011/06/17 05:30:54 | 000,094,480 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV:[b]64bit:[/b] - [2011/05/13 17:58:10 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:[b]64bit:[/b] - [2011/05/13 13:55:02 | 002,421,384 | ---- | M] (mobile concepts GmbH) [On_Demand | Stopped] -- C:\Program Files\S.A.D\CyberGhost VPN\CGVPNCliService.exe -- (CGVPNCliSrvc)
SRV:[b]64bit:[/b] - [2010/10/19 14:51:44 | 001,430,288 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:[b]64bit:[/b] - [2010/10/19 14:31:40 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:[b]64bit:[/b] - [2010/10/19 14:29:38 | 000,838,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:[b]64bit:[/b] - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:[b]64bit:[/b] - [2010/03/23 07:53:06 | 000,247,808 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\stacsv64.exe -- (STacSV)
SRV:[b]64bit:[/b] - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:[b]64bit:[/b] - [2009/07/13 17:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:[b]64bit:[/b] - [2009/03/27 18:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV:[b]64bit:[/b] - [2009/03/02 11:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe -- (AESTFilters)
SRV - [2011/11/29 01:50:02 | 002,916,736 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011/11/17 17:08:35 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/11/03 10:25:08 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011/10/24 19:29:34 | 002,398,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgfws.exe -- (avgfws)
SRV - [2011/10/12 05:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/10/07 14:59:45 | 000,189,248 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2011/09/27 19:47:03 | 000,102,400 | ---- | M] () [Auto | Running] -- C:\Windows\Installer\MSI4878.tmp -- (HyperDeskCustomThemeEnabler)
SRV - [2011/09/25 07:59:13 | 000,246,600 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe -- (vToolbarUpdater)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/08/02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/07/15 02:47:40 | 000,014,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\VPN4ALL\Connect\openvpnserv.exe -- (OpenVPNService)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/04/13 08:37:22 | 000,014,088 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe -- (SeagateDashboardService)
SRV - [2011/04/06 07:16:14 | 000,025,824 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe -- (MemeoBackgroundService)
SRV - [2011/03/25 22:42:16 | 000,334,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2011/03/25 22:42:00 | 000,404,080 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2011/03/25 22:41:50 | 000,113,264 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2011/03/25 21:27:40 | 000,539,248 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2010/11/20 04:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 04:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 04:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/11/05 22:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010/10/22 12:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/10/14 17:27:38 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/10/12 09:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/08/19 12:57:14 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60)
SRV - [2010/06/25 09:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010/05/04 11:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:[b]64bit:[/b] - [2011/10/07 05:23:46 | 000,283,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:[b]64bit:[/b] - [2011/09/13 05:30:08 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:[b]64bit:[/b] - [2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:[b]64bit:[/b] - [2011/08/08 05:08:58 | 000,046,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:[b]64bit:[/b] - [2011/08/03 16:28:32 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel(R)
DRV:[b]64bit:[/b] - [2011/07/11 00:14:36 | 000,375,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:[b]64bit:[/b] - [2011/07/11 00:14:08 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:[b]64bit:[/b] - [2011/07/11 00:14:06 | 000,120,400 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:[b]64bit:[/b] - [2011/07/11 00:14:06 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:[b]64bit:[/b] - [2011/06/27 10:40:03 | 000,029,808 | ---- | M] (SoftEther Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Neo_0094.sys -- (Neo_vpn)
DRV:[b]64bit:[/b] - [2011/06/17 05:30:50 | 000,154,752 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV:[b]64bit:[/b] - [2011/06/03 12:34:12 | 010,628,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:[b]64bit:[/b] - [2011/05/24 15:40:10 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:[b]64bit:[/b] - [2011/05/13 17:58:16 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:[b]64bit:[/b] - [2011/05/13 17:57:58 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:[b]64bit:[/b] - [2011/05/10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:[b]64bit:[/b] - [2011/05/07 19:29:04 | 000,051,776 | ---- | M] (microOLAP Technologies LTD) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pssdk41.sys -- (PsSdk41)
DRV:[b]64bit:[/b] - [2011/04/26 01:21:06 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:[b]64bit:[/b] - [2011/03/25 22:43:06 | 000,068,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:[b]64bit:[/b] - [2011/03/25 22:43:04 | 000,081,008 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:[b]64bit:[/b] - [2011/03/25 22:41:18 | 000,031,856 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
DRV:[b]64bit:[/b] - [2011/03/25 22:41:08 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:[b]64bit:[/b] - [2011/03/25 21:27:36 | 000,038,512 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:[b]64bit:[/b] - [2011/03/25 19:04:58 | 000,045,104 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:[b]64bit:[/b] - [2011/03/25 19:04:58 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:[b]64bit:[/b] - [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2011/01/15 08:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:[b]64bit:[/b] - [2010/12/16 14:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:[b]64bit:[/b] - [2010/11/20 05:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2010/11/20 03:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2010/11/20 03:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:[b]64bit:[/b] - [2010/11/20 01:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:[b]64bit:[/b] - [2010/11/05 22:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:[b]64bit:[/b] - [2010/11/03 17:39:48 | 000,105,592 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Tpkd.sys -- (Tpkd)
DRV:[b]64bit:[/b] - [2010/10/29 16:11:42 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:[b]64bit:[/b] - [2010/09/22 23:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:[b]64bit:[/b] - [2010/08/20 20:59:12 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:[b]64bit:[/b] - [2010/07/12 03:34:00 | 000,057,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)
DRV:[b]64bit:[/b] - [2010/06/25 09:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:[b]64bit:[/b] - [2010/05/27 21:32:56 | 000,320,560 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:[b]64bit:[/b] - [2010/04/12 00:55:00 | 000,091,568 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:[b]64bit:[/b] - [2010/03/23 13:53:06 | 000,505,344 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:[b]64bit:[/b] - [2010/03/22 12:11:12 | 000,049,752 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\sbredrv.sys -- (SBRE)
DRV:[b]64bit:[/b] - [2010/03/15 06:45:28 | 000,145,408 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV:[b]64bit:[/b] - [2010/01/13 15:37:18 | 007,675,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel(R)
DRV:[b]64bit:[/b] - [2009/12/30 10:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:[b]64bit:[/b] - [2009/11/27 16:45:06 | 000,295,424 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:[b]64bit:[/b] - [2009/08/13 10:20:46 | 001,209,856 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:[b]64bit:[/b] - [2009/07/20 15:33:42 | 007,058,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw1v64.sys -- (NETw1v64) Intel(R)
DRV:[b]64bit:[/b] - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009/07/13 16:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:[b]64bit:[/b] - [2009/07/13 13:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:[b]64bit:[/b] - [2009/06/29 10:17:00 | 000,070,656 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecir.sys -- (enecir)
DRV:[b]64bit:[/b] - [2009/06/10 13:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:[b]64bit:[/b] - [2009/06/10 13:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:[b]64bit:[/b] - [2009/06/10 13:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:[b]64bit:[/b] - [2009/06/10 12:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:[b]64bit:[/b] - [2009/06/10 12:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:[b]64bit:[/b] - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:[b]64bit:[/b] - [2009/05/08 16:08:00 | 000,020,520 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\grmnusb.sys -- (grmnusb)
DRV:[b]64bit:[/b] - [2009/04/29 07:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:[b]64bit:[/b] - [2008/12/26 11:56:04 | 000,021,504 | ---- | M] (Avnex) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vcsvad.sys -- (VCSVADHWSer) Avnex Virtual Audio Device (WDM)
DRV:[b]64bit:[/b] - [2008/03/12 23:46:00 | 000,027,136 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ManyCam_x64.sys -- (ManyCam)
DRV:[b]64bit:[/b] - [2005/09/23 21:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MarvinBus64.sys -- (MarvinBus)
DRV - [2010/08/19 12:56:38 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=Z153&install_date=20111001
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 13 63 06 CB 81 DC CB 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaultthis.engineName: "NeoBux Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2938961&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: compatibility@addons.mozilla.org:0.9
FF - prefs.js..extensions.enabledItems: jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack:2.0
FF - prefs.js..extensions.enabledItems: {038dc421-b19e-4711-a218-1fd10de9163b}:1.0.0.2
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.3.2
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:3.0.1
FF - prefs.js..extensions.enabledItems: {ab91efd4-6975-4081-8552-1b3922ed79e2}:1.0.5.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.7
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51
FF - prefs.js..extensions.enabledItems: {32c1ae0f-a1ed-4128-b922-7e83a47d79b7}:4.0
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: plugin@yontoo.com:1.20.00
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2011.7.1.3
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:5.4
FF - prefs.js..keyword.URL: "http://www.bing.com/search?pc=Z153&form=ZGAADF&install_date=20111001&q="
FF - prefs.js..network.proxy.backup.ftp: "85.235.204.213"
FF - prefs.js..network.proxy.backup.ftp_port: 3128
FF - prefs.js..network.proxy.backup.gopher: "85.235.204.213"
FF - prefs.js..network.proxy.backup.gopher_port: 3128
FF - prefs.js..network.proxy.backup.socks: "85.235.204.213"
FF - prefs.js..network.proxy.backup.socks_port: 3128
FF - prefs.js..network.proxy.backup.ssl: "85.235.204.213"
FF - prefs.js..network.proxy.backup.ssl_port: 3128
FF - prefs.js..network.proxy.ftp: "85.235.204.213"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.gopher: "85.235.204.213"
FF - prefs.js..network.proxy.gopher_port: 3128
FF - prefs.js..network.proxy.http: "85.235.204.213"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "85.235.204.213"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "85.235.204.213"
FF - prefs.js..network.proxy.ssl_port: 3128
FF - prefs.js..network.proxy.type: 0


FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Khalili\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/08/09 00:53:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2011/11/21 12:47:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files (x86)\AVG\AVG10\Toolbar\Firefox\avg@igeared
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{9F6FB1C9-22DA-4123-A7D4-9E7844B60EE5}: C:\Program Files (x86)\FileServe Manager\FireFox_Extension\{9F6FB1C9-22DA-4123-A7D4-9E7844B60EE5} [2011/08/17 21:58:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/21 14:14:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2010/06/06 07:05:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Khalili\AppData\Roaming\Mozilla\Extensions
[2011/12/03 08:07:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Khalili\AppData\Roaming\Mozilla\Firefox\Profiles\1r9y0hss.default\extensions
[2011/08/25 18:38:12 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Khalili\AppData\Roaming\Mozilla\Firefox\Profiles\1r9y0hss.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2011/05/24 20:09:25 | 000,000,000 | ---D | M] (PermissionResearch) -- C:\Users\Khalili\AppData\Roaming\Mozilla\Firefox\Profiles\1r9y0hss.default\extensions\{32c1ae0f-a1ed-4128-b922-7e83a47d79b7}
[2011/02/12 17:31:10 | 000,000,000 | ---D | M] (HP Detect) -- C:\Users\Khalili\AppData\Roaming\Mozilla\Firefox\Profiles\1r9y0hss.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
[2011/11/09 17:52:51 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\Users\Khalili\AppData\Roaming\Mozilla\Firefox\Profiles\1r9y0hss.default\extensions\avg@toolbar
[2011/09/24 14:29:25 | 000,000,000 | ---D | M] (Awesome screenshot: Capture and Annotate) -- C:\Users\Khalili\AppData\Roaming\Mozilla\Firefox\Profiles\1r9y0hss.default\extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack
[2011/08/31 14:13:16 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Users\Khalili\AppData\Roaming\Mozilla\Firefox\Profiles\1r9y0hss.default\extensions\plugin@yontoo.com
[2011/05/28 10:45:16 | 000,002,569 | ---- | M] () -- C:\Users\Khalili\AppData\Roaming\Mozilla\Firefox\Profiles\1r9y0hss.default\searchplugins\askcom.xml
[2011/09/30 16:23:30 | 000,001,945 | ---- | M] () -- C:\Users\Khalili\AppData\Roaming\Mozilla\Firefox\Profiles\1r9y0hss.default\searchplugins\bing-zugo.xml
[2011/10/19 17:02:43 | 000,001,524 | ---- | M] () -- C:\Users\Khalili\AppData\Roaming\Mozilla\Firefox\Profiles\1r9y0hss.default\searchplugins\swagbuckscom.xml
[2011/11/21 14:14:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\KHALILI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1R9Y0HSS.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
() (No name found) -- C:\USERS\KHALILI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1R9Y0HSS.DEFAULT\EXTENSIONS\{C0C9A2C7-2E5C-4447-BC53-97718BC91E1B}.XPI
() (No name found) -- C:\USERS\KHALILI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1R9Y0HSS.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\KHALILI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1R9Y0HSS.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
() (No name found) -- C:\USERS\KHALILI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1R9Y0HSS.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
[2011/11/04 22:53:18 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/11/04 19:21:03 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/04 19:21:03 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/11/21 14:58:09 | 000,000,894 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 apps.sonymediasoftware.com
O2:[b]64bit:[/b] - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:[b]64bit:[/b] - BHO: (no name) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No CLSID value found.
O2 - BHO: (FileServeManager) - {00000001-AB3B-4334-9DA2-EC6B2A02AFC6} - C:\Program Files (x86)\FileServe Manager\FileServeBHO.dll (FileServe Limited)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll ()
O2 - BHO: (hpBHO Class) - {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll (AOL Products)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No CLSID value found.
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:[b]64bit:[/b] - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Memeo Instant Backup] C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe (Memeo Inc.)
O4 - HKLM..\Run: [Seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:[b]64bit:[/b] - Extra context menu item: Download with FileServe Manager - C:\Program Files (x86)\FileServe Manager\GetUrl.htm ()
O8:[b]64bit:[/b] - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Download with FileServe Manager - C:\Program Files (x86)\FileServe Manager\GetUrl.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1979 ([http] in Trusted sites)
O16 - DPF: {298BFFEE-662D-11D5-ADAF-00E0810232D7} https://simulcast.manheim.com/simulcast_docs/av/LiveSound.dll (Reg Error: Key error.)
O16 - DPF: {7206EAAC-5CFA-43A3-9F61-E27E8E51E42F} http://adus1.liveblockauctions.com/container_repository/laiexec.cab (laiExcuter Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8BD21D30-EC42-11CE-9E0D-00AA006002F3} https://www6.mylimobiz.com/royallimousineinc/admin/controls/mspert10.cab (Microsoft Forms 2.0 ComboBox)
O16 - DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} http://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab (IGDTester Class)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.21.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.76.182 68.87.78.134 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1A900EB4-057A-4039-A772-68CDB47EC761}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2FFFD851-DC66-4406-9F69-093503600250}: DhcpNameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{93566C83-10B1-41F2-A389-7F48E4C7C0E3}: DhcpNameServer = 68.87.76.182 68.87.78.134 192.168.1.1
O18:[b]64bit:[/b] - Protocol\Handler\avgsecuritytoolbar - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\belarc - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\gopher - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\ms-itss - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\viprotocol - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\avgsecuritytoolbar - No CLSID value found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll ()
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:[b]64bit:[/b] - SharedTaskScheduler: {F791A188-699D-4FD4-955A-EB59E89B1907} - Ave's 7StartButton Changer - C:\Program Files (x86)\The Skins Factory\Hyperdesk\Common\AveStartButtonChangerInProc.dll (AveApps, Andreas Verhoeven)
O22 - SharedTaskScheduler: {F791A188-699D-4FD4-955A-EB59E89B1907} - Ave's 7StartButton Changer - C:\Program Files (x86)\The Skins Factory\Hyperdesk\DarkMatter Gamma Ray\Hyperdesk Engine\AveStartButtonChangerInProc.dll (AveApps, Andreas Verhoeven)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{f3a25526-a595-11e0-a426-9f7f665b1cb6}\Shell - "" = AutoRun
O33 - MountPoints2\{f3a25526-a595-11e0-a426-9f7f665b1cb6}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:[b]64bit:[/b] AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

MsConfig:64bit - StartUpFolder: C:^Users^Khalili^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OMADE.exe -  - File not found
MsConfig:64bit - StartUpFolder: C:^Users^Khalili^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig:64bit - StartUpReg: [b]Adobe ARM[/b] - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: [b]Adobe Reader Speed Launcher[/b] - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: [b]AdobeCS5.5ServiceManager[/b] - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: [b]AdobeCS5ServiceManager[/b] - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: [b]ApnUpdater[/b] - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: [b]ApplePhotoStreams[/b] - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: [b]APSDaemon[/b] - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: [b]BCSSync[/b] - hkey= - key= - C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: [b]FileServe Manager Task[/b] - hkey= - key= - C:\Program Files (x86)\FileServe Manager\FSStarter.exe (FileServe Limited)
MsConfig:64bit - StartUpReg: [b]HKCU[/b] - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: [b]HP Software Update[/b] - hkey= - key= - C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
MsConfig:64bit - StartUpReg: [b]HPCam_Menu[/b] - hkey= - key= - c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
MsConfig:64bit - StartUpReg: [b]IAStorIcon[/b] - hkey= - key= - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
MsConfig:64bit - StartUpReg: [b]iTunesHelper[/b] - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: [b]LightScribe Control Panel[/b] - hkey= - key= - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
MsConfig:64bit - StartUpReg: [b]Messenger (Yahoo!)[/b] - hkey= - key= - C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
MsConfig:64bit - StartUpReg: [b]MobileDocuments[/b] - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: [b]MSC[/b] - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: [b]NortonOnlineBackupReminder[/b] - hkey= - key= - C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
MsConfig:64bit - StartUpReg: [b]Nvidia driver[/b] - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: [b]PWRISOVM.EXE[/b] - hkey= - key= - C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
MsConfig:64bit - StartUpReg: [b]QlbCtrl.exe[/b] - hkey= - key= - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)
MsConfig:64bit - StartUpReg: [b]QuickTime Task[/b] - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: [b]Registry Cleaner Scheduler[/b] - hkey= - key= - C:\Program Files (x86)\CleanMyPC\Registry Cleaner\RCHelper.exe (CleanMyPC Software)
MsConfig:64bit - StartUpReg: [b]SandboxieControl[/b] - hkey= - key= - C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
MsConfig:64bit - StartUpReg: [b]Seagate Dashboard[/b] - hkey= - key= - C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe ()
MsConfig:64bit - StartUpReg: [b]SmartMenu[/b] - hkey= - key= - C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
MsConfig:64bit - StartUpReg: [b]Spotify[/b] - hkey= - key= - C:\Users\Khalili\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
MsConfig:64bit - StartUpReg: [b]StartNowToolbarHelper[/b] - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: [b]Steam[/b] - hkey= - key= - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
MsConfig:64bit - StartUpReg: [b]svchost.exe[/b] - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: [b]SwitchBoard[/b] - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: [b]SynTPEnh[/b] - hkey= - key= - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)
MsConfig:64bit - StartUpReg: [b]SysTrayApp[/b] - hkey= - key= - C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
MsConfig:64bit - StartUpReg: [b]UpdatePRCShortCut[/b] - hkey= - key= - C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
MsConfig:64bit - StartUpReg: [b]Vagex[/b] - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: [b]VirtualCloneDrive[/b] - hkey= - key= - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
MsConfig:64bit - StartUpReg: [b]vmware-tray[/b] - hkey= - key= - C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
MsConfig:64bit - StartUpReg: [b]VPN4ALL[/b] - hkey= - key= - C:\Program Files (x86)\VPN4ALL\vpn4all.exe (Web Broadcast Ltd.)
MsConfig:64bit - StartUpReg: [b]vProt[/b] - hkey= - key= - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
MsConfig:64bit - StartUpReg: [b]WirelessAssistant[/b] - hkey= - key= - C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "bootini" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.

SafeBootMin:[b]64bit:[/b] AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:[b]64bit:[/b] Base - Driver Group
SafeBootMin:[b]64bit:[/b] Boot Bus Extender - Driver Group
SafeBootMin:[b]64bit:[/b] Boot file system - Driver Group
SafeBootMin:[b]64bit:[/b] File system - Driver Group
SafeBootMin:[b]64bit:[/b] Filter - Driver Group
SafeBootMin:[b]64bit:[/b] HelpSvc - Service
SafeBootMin:[b]64bit:[/b] PCI Configuration - Driver Group
SafeBootMin:[b]64bit:[/b] PNP Filter - Driver Group
SafeBootMin:[b]64bit:[/b] Primary disk - Driver Group
SafeBootMin:[b]64bit:[/b] sacsvr - Service
SafeBootMin:[b]64bit:[/b] SCSI Class - Driver Group
SafeBootMin:[b]64bit:[/b] System Bus Extender - Driver Group
SafeBootMin:[b]64bit:[/b] vmms - Service
SafeBootMin:[b]64bit:[/b] WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:[b]64bit:[/b] {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:[b]64bit:[/b] {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:[b]64bit:[/b] {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:[b]64bit:[/b] {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:[b]64bit:[/b] {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:[b]64bit:[/b] {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:[b]64bit:[/b] {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:[b]64bit:[/b] {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:[b]64bit:[/b] {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:[b]64bit:[/b] {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:[b]64bit:[/b] {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:[b]64bit:[/b] {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:[b]64bit:[/b] {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:[b]64bit:[/b] {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:[b]64bit:[/b] {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:[b]64bit:[/b] {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:[b]64bit:[/b] {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:[b]64bit:[/b] AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:[b]64bit:[/b] Base - Driver Group
SafeBootNet:[b]64bit:[/b] Boot Bus Extender - Driver Group
SafeBootNet:[b]64bit:[/b] Boot file system - Driver Group
SafeBootNet:[b]64bit:[/b] File system - Driver Group
SafeBootNet:[b]64bit:[/b] Filter - Driver Group
SafeBootNet:[b]64bit:[/b] HelpSvc - Service
SafeBootNet:[b]64bit:[/b] Messenger - Service
SafeBootNet:[b]64bit:[/b] NDIS Wrapper - Driver Group
SafeBootNet:[b]64bit:[/b] NetBIOSGroup - Driver Group
SafeBootNet:[b]64bit:[/b] NetDDEGroup - Driver Group
SafeBootNet:[b]64bit:[/b] Network - Driver Group
SafeBootNet:[b]64bit:[/b] NetworkProvider - Driver Group
SafeBootNet:[b]64bit:[/b] PCI Configuration - Driver Group
SafeBootNet:[b]64bit:[/b] PNP Filter - Driver Group
SafeBootNet:[b]64bit:[/b] PNP_TDI - Driver Group
SafeBootNet:[b]64bit:[/b] Primary disk - Driver Group
SafeBootNet:[b]64bit:[/b] rdsessmgr - Service
SafeBootNet:[b]64bit:[/b] sacsvr - Service
SafeBootNet:[b]64bit:[/b] SCSI Class - Driver Group
SafeBootNet:[b]64bit:[/b] Streams Drivers - Driver Group
SafeBootNet:[b]64bit:[/b] System Bus Extender - Driver Group
SafeBootNet:[b]64bit:[/b] TDI - Driver Group
SafeBootNet:[b]64bit:[/b] vmms - Service
SafeBootNet:[b]64bit:[/b] WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:[b]64bit:[/b] WudfUsbccidDriver - Driver
SafeBootNet:[b]64bit:[/b] {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:[b]64bit:[/b] {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:[b]64bit:[/b] {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:[b]64bit:[/b] {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:[b]64bit:[/b] {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:[b]64bit:[/b] {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:[b]64bit:[/b] {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:[b]64bit:[/b] {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:[b]64bit:[/b] {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:[b]64bit:[/b] {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:[b]64bit:[/b] {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:[b]64bit:[/b] {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:[b]64bit:[/b] {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:[b]64bit:[/b] {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:[b]64bit:[/b] {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:[b]64bit:[/b] {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:[b]64bit:[/b] {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:[b]64bit:[/b] {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:[b]64bit:[/b] {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:[b]64bit:[/b] {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:[b]64bit:[/b] {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:[b]64bit:[/b] {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:[b]64bit:[/b] {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:[b]64bit:[/b] {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:[b]64bit:[/b] {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:[b]64bit:[/b] {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:[b]64bit:[/b] {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:[b]64bit:[/b] {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:[b]64bit:[/b] {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:[b]64bit:[/b] {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:[b]64bit:[/b] {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:[b]64bit:[/b] {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:[b]64bit:[/b] {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:[b]64bit:[/b] {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:[b]64bit:[/b] {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:[b]64bit:[/b] {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:[b]64bit:[/b] {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:[b]64bit:[/b] {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:[b]64bit:[/b] {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:[b]64bit:[/b] {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:[b]64bit:[/b] {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:[b]64bit:[/b] {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:[b]64bit:[/b] {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:[b]64bit:[/b] >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:[b]64bit:[/b] >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:[b]64bit:[/b] >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} -
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

Drivers32:[b]64bit:[/b] msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:[b]64bit:[/b] vidc.tscc - C:\Windows\SysWOW64\tsccvid64.dll (TechSmith Corporation)
Drivers32: msacm.dvacm - C:\Program Files (x86)\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codec - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.mpegacm - C:\Program Files (x86)\Common Files\Ulead Systems\MPEG\MPEGACM.acm (Ulead Systems, Inc.)
Drivers32: MSACM.MSNAUDIO - C:\Windows\SysWow64\msnaudio.acm (Microsoft Corporation)
Drivers32: msacm.ulmp3acm - C:\Program Files (x86)\Common Files\Ulead Systems\MPEG\ulmp3acm.acm (Ulead systems)
Drivers32: msacm.vorbis - C:\Windows\SysWow64\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv50 - C:\Windows\SysWow64\ir50_32.dll (Intel Corporation)
Drivers32: vidc.mjpg - pvmjpg30.dll File not found
Drivers32: vidc.tscc - C:\Windows\SysWOW64\tsccvid.dll (TechSmith Corporation)
Drivers32: VIDC.VMnc - C:\Windows\SysWow64\vmnc.dll (VMware, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2011/12/06 15:32:35 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Khalili\Desktop\OTL.com
[2011/12/06 15:16:08 | 000,000,000 | ---D | C] -- C:\ProgramData\MemeoCommon
[2011/12/06 08:25:44 | 000,000,000 | ---D | C] -- C:\Users\Khalili\AppData\Roaming\Memeo
[2011/12/06 08:14:37 | 000,000,000 | ---D | C] -- C:\Users\Khalili\AppData\Roaming\Wireshark
[2011/12/06 08:07:50 | 000,000,000 | ---D | C] -- C:\Program Files\Wireshark
[2011/12/05 20:32:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate Dashboard
[2011/12/05 20:32:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Memeo
[2011/12/05 20:32:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Memeo
[2011/12/05 20:32:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Memeo
[2011/12/03 08:56:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011/11/30 08:26:57 | 000,000,000 | ---D | C] -- C:\Users\Khalili\Desktop\nikki
[2011/11/26 23:55:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DirectVobSub
[2011/11/26 23:55:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DirectVobSub
[2011/11/26 19:53:27 | 000,000,000 | ---D | C] -- C:\Users\Khalili\Desktop\New folder (6)
[2011/11/26 17:04:49 | 000,000,000 | ---D | C] -- C:\Users\Khalili\Desktop\New folder (3)
[2011/11/25 13:56:23 | 000,000,000 | ---D | C] -- C:\Users\Khalili\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cain
[2011/11/24 18:22:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free M4a to MP3 Converter
[2011/11/24 18:22:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free M4a to MP3 Converter
[2011/11/24 18:08:11 | 000,000,000 | ---D | C] -- C:\Users\Khalili\Desktop\New folder (13)
[2011/11/24 14:28:05 | 000,000,000 | ---D | C] -- C:\Users\Khalili\Desktop\New folder (10)
[2011/11/21 15:04:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony Setup
[2011/11/21 14:05:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIM
[2011/11/21 14:05:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AIM7
[2011/11/21 14:05:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Software Update Utility
[2011/11/21 14:04:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AIM
[2011/11/21 10:20:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Safari
[2011/11/20 14:23:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/11/20 14:21:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/11/20 14:19:47 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/11/20 14:19:47 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/11/20 14:14:40 | 000,000,000 | ---D | C] -- C:\Users\Khalili\Documents\Xilisoft
[2011/11/20 14:14:33 | 000,000,000 | ---D | C] -- C:\Users\Khalili\AppData\Roaming\Xilisoft
[2011/11/19 16:06:39 | 000,000,000 | ---D | C] -- C:\Users\Khalili\AppData\Local\{634A3FFE-2CB2-4C03-B39B-7DAA62BBF2ED}
[2011/11/19 16:06:28 | 000,000,000 | ---D | C] -- C:\Users\Khalili\AppData\Local\{375AC332-FB6E-40EE-9DE6-2ABB35806CFF}
[2011/11/19 16:04:54 | 000,000,000 | ---D | C] -- C:\Users\Khalili\AppData\Local\{8D13FB56-AB38-4A72-BAD5-F69210562C3E}
[2011/11/19 16:04:43 | 000,000,000 | ---D | C] -- C:\Users\Khalili\AppData\Local\{39639202-D66F-4C76-9E9F-369FE408E01B}
[2011/11/18 20:05:33 | 000,000,000 | ---D | C] -- C:\Users\Khalili\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Adblock Pro x64
[2011/11/18 20:05:30 | 000,000,000 | ---D | C] -- C:\Program Files\Adblock Pro
[2011/11/18 19:02:41 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2011/11/18 07:49:50 | 000,000,000 | ---D | C] -- C:\Program Files\Valve
[2011/11/17 17:24:23 | 000,000,000 | ---D | C] -- C:\Users\Khalili\AppData\Roaming\Zen Puzzle Garden
[2011/11/17 15:34:17 | 000,000,000 | ---D | C] -- C:\Users\Khalili\AppData\Local\{C884F868-688E-40AE-9A74-3FD50C465421}
[2011/11/17 15:34:07 | 000,000,000 | ---D | C] -- C:\Users\Khalili\AppData\Local\{389FD3AC-1161-48A6-9DA1-69617FAB144F}
[2011/11/16 19:55:40 | 000,000,000 | ---D | C] -- C:\Users\Khalili\AppData\Roaming\Jasper's Journeys
[2011/11/16 16:06:04 | 000,000,000 | ---D | C] -- C:\Users\Khalili\AppData\Local\Spotify
[2011/11/16 16:05:46 | 000,000,000 | ---D | C] -- C:\Users\Khalili\AppData\Roaming\Spotify
[2011/11/15 17:22:50 | 000,000,000 | ---D | C] -- C:\Users\Khalili\AppData\Local\{CC90A74E-0F84-422C-AD10-DB32C5946690}
[2011/11/15 17:22:36 | 000,000,000 | ---D | C] -- C:\Users\Khalili\AppData\Local\{28B3E8A9-96C8-45B1-9D83-9A3B40816703}
[2011/11/14 19:19:57 | 000,000,000 | ---D | C] -- C:\Users\Khalili\Desktop\New folder (9)
[2011/11/14 13:19:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011/11/11 13:45:44 | 000,466,456 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2011/11/11 13:45:44 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2011/11/11 13:45:44 | 000,122,904 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2011/11/11 13:45:44 | 000,109,080 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2011/11/11 13:45:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL
[2011/11/11 13:33:52 | 000,000,000 | ---D | C] -- C:\Users\Khalili\AppData\Roaming\Chocolate Castle
[2011/11/10 20:38:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zen Puzzle Garden
[2011/11/10 20:38:03 | 000,000,000 | ---D | C] -- C:\Users\Khalili\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zen Puzzle Garden
[2011/11/10 20:38:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Zen Puzzle Garden
[2011/11/10 20:37:41 | 000,000,000 | ---D | C] -- C:\Users\Khalili\AppData\Roaming\Voxatron
[2011/11/10 20:37:32 | 000,000,000 | ---D | C] -- C:\Users\Khalili\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Voxatron
[2011/11/10 20:37:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Voxatron
[2011/11/10 20:37:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Voxatron
[2011/11/10 20:37:20 | 000,000,000 | ---D | C] -- C:\Users\Khalili\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jasper's Journeys
[2011/11/10 20:37:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jasper's Journeys
[2011/11/10 20:37:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Jasper's Journeys
[2011/11/10 20:36:15 | 000,000,000 | ---D | C] -- C:\Users\Khalili\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chocolate Castle
[2011/11/10 20:36:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Chocolate Castle
[2011/11/10 20:36:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Chocolate Castle
[2011/11/06 17:29:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cain
[2011/11/06 17:29:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cain
[2011/06/28 18:07:39 | 000,819,729 | ---- | C] (                                                                                                    ) -- C:\Windows\SysWow64\mrvcl32.exe

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2011/12/06 16:17:39 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/06 15:32:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Khalili\Desktop\OTL.com
[2011/12/06 13:17:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/06 08:33:17 | 000,018,784 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/06 08:33:17 | 000,018,784 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/06 08:23:04 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2011/12/06 08:22:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/06 08:21:48 | 3145,089,024 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/06 08:12:29 | 000,011,332 | ---- | M] () -- C:\Users\Khalili\Desktop\Capture1.JPG
[2011/12/06 08:11:03 | 000,012,931 | ---- | M] () -- C:\Users\Khalili\Desktop\Capture.JPG
[2011/12/06 08:08:29 | 000,001,565 | ---- | M] () -- C:\Users\Public\Desktop\Wireshark.lnk
[2011/12/06 02:35:51 | 111,503,533 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2011/12/05 20:32:30 | 000,001,245 | ---- | M] () -- C:\Users\Public\Desktop\Seagate Dashboard.lnk
[2011/12/05 18:00:00 | 000,000,470 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job
[2011/12/05 17:33:51 | 000,446,401 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2011/12/02 16:07:26 | 000,619,258 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavifw.avm
[2011/11/30 18:58:12 | 000,028,735 | ---- | M] () -- C:\Users\Khalili\Desktop\multi_mockingbird.jpg
[2011/11/29 22:04:16 | 000,007,284 | ---- | M] () -- C:\Users\Khalili\Documents\AVID TRF 2009.pdf
[2011/11/29 20:52:06 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForKhalili.job
[2011/11/28 16:58:54 | 000,194,556 | ---- | M] () -- C:\Users\Khalili\Desktop\CIMG9932.JPG
[2011/11/28 16:58:36 | 000,203,444 | ---- | M] () -- C:\Users\Khalili\Desktop\CIMG9931.JPG
[2011/11/28 16:58:14 | 000,204,906 | ---- | M] () -- C:\Users\Khalili\Desktop\CIMG9930.JPG
[2011/11/28 16:56:58 | 000,168,500 | ---- | M] () -- C:\Users\Khalili\Desktop\CIMG9926.JPG
[2011/11/28 16:56:42 | 000,186,990 | ---- | M] () -- C:\Users\Khalili\Desktop\CIMG9925.JPG
[2011/11/28 16:56:32 | 000,201,577 | ---- | M] () -- C:\Users\Khalili\Desktop\CIMG9924.JPG
[2011/11/28 16:07:51 | 000,001,937 | ---- | M] () -- C:\Users\Public\Desktop\boujou 5.0.lnk
[2011/11/27 20:46:33 | 000,001,456 | ---- | M] () -- C:\Users\Khalili\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/11/27 20:35:23 | 000,000,132 | ---- | M] () -- C:\Users\Khalili\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/11/27 12:22:56 | 000,001,496 | ---- | M] () -- C:\Users\Khalili\Desktop\my_skin.png
[2011/11/26 19:11:08 | 002,360,526 | ---- | M] () -- C:\Users\Khalili\Desktop\minecraft.jar
[2011/11/25 13:56:25 | 000,001,787 | ---- | M] () -- C:\Users\Khalili\Desktop\Cain.lnk
[2011/11/24 18:22:42 | 000,001,041 | ---- | M] () -- C:\Users\Khalili\Application Data\Microsoft\Internet Explorer\Quick Launch\Free M4a to MP3 Converter.lnk
[2011/11/24 18:22:42 | 000,001,012 | ---- | M] () -- C:\Users\Khalili\Desktop\My Music Tools.lnk
[2011/11/23 10:48:55 | 001,445,040 | ---- | M] () -- C:\Users\Khalili\Desktop\Untitled-1.png
[2011/11/22 21:35:39 | 011,060,824 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/11/22 20:05:38 | 000,862,540 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/22 20:05:38 | 000,720,964 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/22 20:05:38 | 000,141,950 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/11/21 14:14:44 | 000,001,098 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/11/21 14:05:33 | 000,001,093 | -H-- | M] () -- C:\IPH.PH
[2011/11/21 14:05:21 | 000,001,910 | ---- | M] () -- C:\Users\Khalili\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2011/11/21 14:05:21 | 000,001,886 | ---- | M] () -- C:\Users\Public\Desktop\AIM.lnk
[2011/11/21 12:47:49 | 000,000,925 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2011/11/21 10:21:03 | 000,002,515 | ---- | M] () -- C:\Users\Khalili\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/11/20 14:23:40 | 000,001,805 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/11/20 14:21:03 | 000,001,743 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/11/18 19:04:34 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/11/16 22:38:51 | 000,548,311 | ---- | M] () -- C:\Users\Khalili\Documents\Gasoline-Tax-Map.pdf
[2011/11/14 15:29:05 | 000,009,744 | ---- | M] () -- C:\Users\Khalili\AppData\Roaming\wklnhst.dat
[2011/11/11 13:45:44 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2011/11/11 13:45:44 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2011/11/11 13:45:44 | 000,122,904 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2011/11/11 13:45:44 | 000,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2011/11/10 22:22:34 | 000,178,688 | ---- | M] () -- C:\Windows\SysWow64\unrar.dll

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2011/12/06 08:12:28 | 000,011,332 | ---- | C] () -- C:\Users\Khalili\Desktop\Capture1.JPG
[2011/12/06 08:11:02 | 000,012,931 | ---- | C] () -- C:\Users\Khalili\Desktop\Capture.JPG
[2011/12/06 08:08:29 | 000,001,565 | ---- | C] () -- C:\Users\Public\Desktop\Wireshark.lnk
[2011/12/05 20:32:30 | 000,001,245 | ---- | C] () -- C:\Users\Public\Desktop\Seagate Dashboard.lnk
[2011/12/04 18:13:23 | 000,001,062 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk
[2011/12/04 14:19:12 | 002,360,526 | ---- | C] () -- C:\Users\Khalili\Desktop\minecraft.jar
[2011/11/30 18:58:10 | 000,028,735 | ---- | C] () -- C:\Users\Khalili\Desktop\multi_mockingbird.jpg
[2011/11/29 22:04:16 | 000,007,284 | ---- | C] () -- C:\Users\Khalili\Documents\AVID TRF 2009.pdf
[2011/11/28 17:13:06 | 000,194,556 | ---- | C] () -- C:\Users\Khalili\Desktop\CIMG9932.JPG
[2011/11/28 17:13:02 | 000,203,444 | ---- | C] () -- C:\Users\Khalili\Desktop\CIMG9931.JPG
[2011/11/28 17:13:00 | 000,204,906 | ---- | C] () -- C:\Users\Khalili\Desktop\CIMG9930.JPG
[2011/11/28 17:12:43 | 000,168,500 | ---- | C] () -- C:\Users\Khalili\Desktop\CIMG9926.JPG
[2011/11/28 17:12:41 | 000,186,990 | ---- | C] () -- C:\Users\Khalili\Desktop\CIMG9925.JPG
[2011/11/28 17:12:38 | 000,201,577 | ---- | C] () -- C:\Users\Khalili\Desktop\CIMG9924.JPG
[2011/11/28 16:07:51 | 000,001,937 | ---- | C] () -- C:\Users\Public\Desktop\boujou 5.0.lnk
[2011/11/26 23:55:15 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011/11/25 13:56:25 | 000,001,787 | ---- | C] () -- C:\Users\Khalili\Desktop\Cain.lnk
[2011/11/24 18:22:42 | 000,001,041 | ---- | C] () -- C:\Users\Khalili\Application Data\Microsoft\Internet Explorer\Quick Launch\Free M4a to MP3 Converter.lnk
[2011/11/24 18:22:42 | 000,001,012 | ---- | C] () -- C:\Users\Khalili\Desktop\My Music Tools.lnk
[2011/11/23 10:48:47 | 001,445,040 | ---- | C] () -- C:\Users\Khalili\Desktop\Untitled-1.png
[2011/11/21 14:14:43 | 000,001,110 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/11/21 14:14:43 | 000,001,098 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/11/21 14:05:21 | 000,001,910 | ---- | C] () -- C:\Users\Khalili\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk
[2011/11/21 14:05:21 | 000,001,886 | ---- | C] () -- C:\Users\Public\Desktop\AIM.lnk
[2011/11/21 10:21:03 | 000,002,515 | ---- | C] () -- C:\Users\Khalili\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/11/21 10:21:03 | 000,002,503 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk
[2011/11/20 14:23:40 | 000,001,805 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/11/20 14:21:03 | 000,001,743 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/11/16 22:38:51 | 000,548,311 | ---- | C] () -- C:\Users\Khalili\Documents\Gasoline-Tax-Map.pdf
[2011/11/16 16:06:03 | 000,000,909 | ---- | C] () -- C:\Users\Khalili\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
[2011/10/07 14:59:38 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/07/20 16:05:44 | 000,001,914 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2011/07/10 18:07:52 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\cd.dat
[2011/07/04 10:29:48 | 000,058,141 | ---- | C] () -- C:\Users\Khalili\AppData\Roaming\Khalili3SQLite3.dll
[2011/06/16 11:52:40 | 000,001,456 | ---- | C] () -- C:\Users\Khalili\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/05/31 14:54:39 | 000,000,406 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/05/06 18:24:06 | 000,007,420 | ---- | C] () -- C:\Windows\UA000104.DLL
[2011/05/06 18:22:26 | 000,209,040 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeW7.dll
[2011/05/06 18:22:26 | 000,204,944 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeA6.dll
[2011/05/06 18:22:26 | 000,196,752 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeP6.dll
[2011/05/06 18:22:26 | 000,196,752 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeM6.dll
[2011/05/06 18:22:26 | 000,192,656 | ---- | C] () -- C:\Windows\SysWow64\IVIresizePX.dll
[2011/05/06 18:22:26 | 000,024,720 | ---- | C] () -- C:\Windows\SysWow64\IVIresize.dll
[2011/04/17 19:10:03 | 000,000,132 | ---- | C] () -- C:\Users\Khalili\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/04/10 07:41:33 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2011/04/01 13:28:25 | 000,002,048 | ---- | C] () -- C:\Windows\SysWow64\winver.exe
[2011/03/30 16:14:12 | 000,000,675 | ---- | C] () -- C:\Windows\hpomdl43.dat.temp
[2011/03/30 14:43:55 | 000,193,194 | ---- | C] () -- C:\Windows\hpoins43.dat
[2011/03/21 18:56:22 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/02/18 17:10:25 | 001,211,128 | ---- | C] () -- C:\ProgramData\bdinstall.bin
[2011/02/14 15:14:59 | 000,001,854 | ---- | C] () -- C:\Users\Khalili\AppData\Roaming\GhostObjGAFix.xml
[2011/02/04 16:24:40 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/02/03 18:55:44 | 000,315,682 | ---- | C] () -- C:\Windows\SysWow64\slwc.exe
[2011/02/03 18:52:45 | 000,111,104 | ---- | C] () -- C:\Windows\SysWow64\Uharc.exe
[2011/02/03 18:52:45 | 000,008,636 | ---- | C] () -- C:\Windows\SysWow64\modifype.exe
[2011/01/12 09:16:56 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2011/01/12 09:16:56 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2011/01/12 09:16:56 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2010/12/28 12:10:04 | 000,000,024 | ---- | C] () -- C:\Users\Khalili\AppData\Local\39867-DJIRL-KD938-00PUN-92755
[2010/12/23 23:00:27 | 000,008,192 | ---- | C] () -- C:\Users\Khalili\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/26 15:35:56 | 000,000,600 | ---- | C] () -- C:\Users\Khalili\AppData\Roaming\winscp.rnd
[2010/10/18 06:39:31 | 000,007,598 | ---- | C] () -- C:\Users\Khalili\AppData\Local\resmon.resmoncfg
[2010/09/29 13:09:48 | 000,856,756 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/08/14 17:25:04 | 001,569,259 | ---- | C] () -- C:\Users\Khalili\AppData\Local\tmpCIMG0521.0
[2010/08/14 17:25:04 | 000,657,422 | ---- | C] () -- C:\Users\Khalili\AppData\Local\tmpCIMG0521.JPG
[2010/08/07 20:36:08 | 000,060,368 | ---- | C] () -- C:\Users\Khalili\AppData\Local\tmp36955_441195014084_743434084_6005340_7849190_N[1].JPG
[2010/08/07 20:36:08 | 000,013,735 | ---- | C] () -- C:\Users\Khalili\AppData\Local\tmp36955_441195014084_743434084_6005340_7849190_N[1]_navi.JPG
[2010/07/22 11:46:56 | 000,889,868 | ---- | C] () -- C:\Users\Khalili\AppData\Local\tmpDSCF0466.JPG
[2010/07/21 18:46:54 | 001,669,214 | ---- | C] () -- C:\Users\Khalili\AppData\Local\tmpDSCF0466.0
[2010/07/21 10:59:56 | 001,677,555 | ---- | C] () -- C:\Users\Khalili\AppData\Local\tmpDSC00532.JPG
[2010/07/09 22:43:56 | 000,000,066 | ---- | C] () -- C:\Users\Khalili\AppData\Roaming\MTC-savedfolder.dat
[2010/06/27 23:35:39 | 001,668,673 | ---- | C] () -- C:\Users\Khalili\AppData\Local\tmpCOLOR CHART A(2).JPG
[2010/06/27 23:35:39 | 000,012,301 | ---- | C] () -- C:\Users\Khalili\AppData\Local\tmpCOLOR CHART A(2)_navi.JPG
[2010/06/25 09:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2010/06/14 13:25:26 | 000,054,377 | ---- | C] () -- C:\Users\Khalili\AppData\Local\tmpDSC06891.3
[2010/06/14 13:25:22 | 000,054,452 | ---- | C] () -- C:\Users\Khalili\AppData\Local\tmpDSC06891.2
[2010/06/14 13:25:21 | 000,054,440 | ---- | C] () -- C:\Users\Khalili\AppData\Local\tmpDSC06891.1
[2010/06/14 13:25:20 | 000,059,297 | ---- | C] () -- C:\Users\Khalili\AppData\Local\tmpDSC06891.0
[2010/06/14 10:47:47 | 000,042,333 | ---- | C] () -- C:\Users\Khalili\AppData\Local\tmpLINCOLN-MKS_2009_800X600_WALLPAPER_0B[1].3
[2010/06/14 10:47:46 | 000,042,108 | ---- | C] () -- C:\Users\Khalili\AppData\Local\tmpLINCOLN-MKS_2009_800X600_WALLPAPER_0B[1].2
[2010/06/14 10:47:45 | 000,042,164 | ---- | C] () -- C:\Users\Khalili\AppData\Local\tmpLINCOLN-MKS_2009_800X600_WALLPAPER_0B[1].1
[2010/06/14 10:47:43 | 000,050,509 | ---- | C] () -- C:\Users\Khalili\AppData\Local\tmpLINCOLN-MKS_2009_800X600_WALLPAPER_0B[1].JPG
[2010/06/14 10:47:43 | 000,050,509 | ---- | C] () -- C:\Users\Khalili\AppData\Local\tmpLINCOLN-MKS_2009_800X600_WALLPAPER_0B[1].0
[2010/06/12 11:57:15 | 001,668,673 | ---- | C] () -- C:\Users\Khalili\AppData\Local\tmpCOLOR CHART A.0
[2010/06/12 11:57:15 | 000,412,844 | ---- | C] () -- C:\Users\Khalili\AppData\Local\tmpCOLOR CHART A.JPG
[2010/06/12 11:57:08 | 000,012,301 | ---- | C] () -- C:\Users\Khalili\AppData\Local\tmpCOLOR CHART A_navi.JPG
[2010/06/08 22:45:47 | 000,104,098 | ---- | C] () -- C:\Users\Khalili\AppData\Local\tmpASM3250.JPG
[2010/05/30 12:47:24 | 000,095,334 | ---- | C] () -- C:\Users\Khalili\AppData\Local\tmpCIMG7415.2
[2010/05/30 12:47:23 | 000,145,259 | ---- | C] () -- C:\Users\Khalili\AppData\Local\tmpCIMG7415.0
[2010/05/30 12:47:23 | 000,096,088 | ---- | C] () -- C:\Users\Khalili\AppData\Local\tmpCIMG7415.JPG
[2010/05/30 12:47:23 | 000,095,456 | ---- | C] () -- C:\Users\Khalili\AppData\Local\tmpCIMG7415.1
[2010/05/30 12:47:06 | 000,138,441 | ---- | C] () -- C:\Users\Khalili\AppData\Local\tmpCIMG7434.0
[2010/05/30 12:47:06 | 000,091,744 | ---- | C] () -- C:\Users\Khalili\AppData\Local\tmpCIMG7434.JPG
[2010/05/14 19:56:02 | 000,009,744 | ---- | C] () -- C:\Users\Khalili\AppData\Roaming\wklnhst.dat
[2010/03/24 10:53:58 | 001,245,184 | ---- | C] () -- C:\Windows\SysWow64\sm_free3DLL.dll
[2010/03/24 10:53:58 | 000,192,512 | ---- | C] () -- C:\Windows\SysWow64\libCtilMgr.dll
[2010/03/24 10:53:48 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\cppasn1.dll
[2009/08/08 22:54:43 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/07/13 21:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 18:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 18:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 16:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 13:59:36 | 001,498,564 | ---- | C] () -- C:\Windows\SysWow64\igkrng400.bin
[2009/07/13 13:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/11 02:34:22 | 000,000,675 | ---- | C] () -- C:\Windows\hpomdl43.dat
[2009/06/10 13:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/06/03 11:14:00 | 000,134,592 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2007/04/27 08:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2005/04/01 23:45:57 | 000,278,007 | -H-- | C] () -- C:\Users\Khalili\AppData\Roaming\Khalililog.dat

[color=#E56717]========== Custom Scans ==========[/color]


[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]

[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]

[color=#A23BEC]< %systemroot%\system32\*.exe /lockedfiles >[/color]

[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color]

[color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color]

[color=#A23BEC]< %systemroot%\System32\config\*.sav >[/color]

[color=#A23BEC]< %systemroot%\system32\*.sys >[/color]

[color=#A23BEC]< %systemroot%\system32\drivers\*.dll >[/color]

[color=#A23BEC]< %systemroot%\system32\drivers\*.ini >[/color]

[color=#A23BEC]< %systemroot%\system32\drivers\*.exe >[/color]

[color=#A23BEC]< %SYSTEMDRIVE%\*.* >[/color]
[2011/07/23 09:19:24 | 000,001,024 | ---- | M] () -- C:\.rnd
[2011/02/12 10:36:01 | 000,000,006 | ---- | M] () -- C:\7Loader.TAG
[2011/04/22 17:04:20 | 000,193,057 | ---- | M] () -- C:\bdlog.txt
[2009/07/13 17:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2011/01/17 14:51:47 | 000,000,000 | ---- | M] () -- C:\FileRecovery.log
[2011/01/16 16:26:36 | 000,001,854 | ---- | M] () -- C:\GhostObjGAFix.xml
[2011/02/23 18:20:43 | 000,171,136 | RHS- | M] () -- C:\grldr
[2011/02/23 16:22:40 | 000,171,136 | ---- | M] () -- C:\grldr.bak
[2011/12/06 08:21:48 | 3145,089,024 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/23 13:12:18 | 000,000,752 | ---- | M] () -- C:\HighLogging.log
[2011/11/21 14:04:52 | 000,000,068 | ---- | M] () -- C:\install.log
[2011/11/21 14:05:33 | 000,001,093 | -H-- | M] () -- C:\IPH.PH
[2006/12/01 22:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2011/12/06 08:21:48 | 4193,452,032 | -HS- | M] () -- C:\pagefile.sys
[2011/02/14 18:39:24 | 000,000,270 | ---- | M] () -- C:\WirelessDiagLog.csv

[color=#A23BEC]< %PROGRAMFILES%\*. >[/color]
[2011/07/25 14:41:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\2K Games
[2011/02/19 09:13:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\7-Zip
[2011/09/24 15:05:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe
[2011/02/15 17:24:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe Media Player
[2011/05/05 14:25:03 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe Story
[2011/11/21 14:04:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AIM
[2011/11/21 14:05:20 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AIM7
[2011/04/02 11:43:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AMD APP
[2011/06/13 11:18:20 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Apple Software Update
[2011/06/11 18:59:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Ashampoo
[2011/06/28 18:43:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ASIO4ALL v2
[2011/04/23 19:03:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Atari
[2011/06/11 18:22:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode)
[2011/06/21 09:48:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AV Vcs 7.0 DIAMOND
[2011/09/25 07:57:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AVG
[2011/11/09 20:07:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AVG Secure Search
[2010/06/13 08:49:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AviSynth 2.5
[2011/03/31 11:27:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Belarc
[2011/03/30 16:58:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\BitTorrent
[2011/10/12 14:14:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Bonjour
[2011/12/02 20:57:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Cain
[2011/11/10 20:36:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Chocolate Castle
[2011/02/14 18:57:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Cisco
[2011/05/18 16:58:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Cisco Systems
[2011/05/13 16:51:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\CleanMyPC
[2011/12/05 20:32:09 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files
[2011/02/16 17:17:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Company
[2011/05/06 18:20:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Corel
[2009/08/09 00:43:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\CyberLink
[2011/02/24 15:15:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\DigiDNA
[2011/11/26 23:59:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\DirectVobSub
[2011/04/01 17:40:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Elaborate Bytes
[2011/12/03 08:56:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ESET
[2011/02/20 17:29:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Feedback Tool
[2011/09/30 16:23:09 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\FileServe Manager
[2011/05/14 18:20:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\FLV to AVI MPEG WMV 3GP MP4 iPod Converter
[2011/11/24 18:22:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Free M4a to MP3 Converter
[2011/03/30 16:46:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Full Speed
[2011/02/14 09:15:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Garmin
[2011/11/14 13:19:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Google
[2011/08/02 14:33:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\GridIron Software
[2011/04/02 21:03:20 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Hewlett-Packard
[2011/09/25 08:03:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\HOTSPOT SHIELD
[2011/03/30 14:50:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\HP
[2011/02/03 20:44:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\HP Games
[2010/06/10 11:46:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\HxD
[2011/07/09 13:45:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Image-Line
[2011/02/14 09:15:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ImgBurn
[2011/09/02 15:29:31 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2011/04/02 10:38:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Intel
[2011/10/12 20:23:54 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
[2010/10/17 16:08:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\IObit
[2011/11/20 14:20:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\iTunes
[2011/11/10 20:37:20 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Jasper's Journeys
[2011/10/29 20:52:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Java
[2009/08/09 01:26:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\JunoPreloader
[2011/06/11 18:31:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Lame For Audacity
[2011/08/03 17:02:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\LooksBuilder
[2011/12/06 15:22:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
[2011/11/18 15:30:20 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/05/29 06:58:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ManyCam
[2011/12/05 20:32:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Memeo
[2011/11/21 14:01:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft
[2011/01/29 17:32:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Analysis Services
[2011/01/29 17:32:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office
[2011/10/12 20:23:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Silverlight
[2010/07/19 20:34:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2011/01/29 17:33:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2011/01/29 12:34:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Works
[2011/01/29 17:35:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET
[2011/11/21 14:14:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox
[2011/01/29 17:35:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild
[2011/06/08 14:45:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSN
[2011/02/24 15:29:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSSOAP
[2011/06/08 06:19:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSXML 4.0
[2011/06/02 21:07:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NCH Software
[2011/07/09 14:33:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Nero
[2009/08/09 01:27:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NetZeroPreloader
[2011/06/11 21:34:09 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\No-IP
[2011/09/25 08:16:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Norton 360
[2011/04/02 09:19:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NVIDIA Corporation
[2010/06/12 18:46:35 | 000,000,000 | R--D | M] -- C:\Program Files (x86)\Online Services
[2011/11/11 13:45:44 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\OpenAL
[2011/11/21 18:15:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Origin
[2011/10/09 13:17:06 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Origin Games
[2011/06/28 18:13:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Outsim
[2011/03/11 16:17:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PFStaticIP
[2011/05/04 21:25:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Pinnacle
[2011/01/29 17:00:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PowerISO
[2011/11/20 14:23:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\QuickTime
[2011/03/22 20:19:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Realtek
[2009/07/13 21:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies
[2011/11/21 10:21:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Safari
[2011/06/13 15:19:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Seagate
[2011/06/19 11:49:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SharpReader
[2011/06/20 20:38:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Siber Systems
[2011/02/19 12:38:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Simple Port Forwarding
[2011/10/31 14:13:30 | 000,000,000 | R--D | M] -- C:\Program Files (x86)\Skype
[2010/05/14 16:53:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Sling Media
[2011/11/21 14:57:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Sony
[2011/11/21 15:04:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Sony Setup
[2011/02/16 15:43:22 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2011/12/03 10:51:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\StartNow Toolbar
[2011/11/21 15:23:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Steam
[2011/01/17 14:50:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Stellar Phoenix iPod Recovery
[2009/08/09 00:01:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Symantec
[2011/11/05 14:48:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SystemRequirementsLab
[2011/12/04 18:13:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\TeamViewer
[2011/05/25 19:19:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\TechSmith
[2011/09/27 19:46:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\The Skins Factory
[2009/07/13 20:57:06 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Uninstall Information
[2011/11/28 16:07:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Vicon
[2011/05/29 06:58:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\VideoLAN
[2011/07/23 09:18:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\VMware
[2011/11/10 20:37:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Voxatron
[2011/09/21 14:48:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\VPN4ALL
[2011/06/28 18:44:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\VstPlugins
[2011/07/26 14:16:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\VVVVVV
[2011/02/03 20:43:56 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\WildTangent Games
[2009/07/13 21:37:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender
[2011/04/02 15:20:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live
[2011/04/02 17:00:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail
[2011/05/06 18:22:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Components
[2011/10/08 09:53:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player
[2009/07/13 21:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT
[2011/04/02 17:00:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Viewer
[2011/04/02 17:00:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices
[2011/04/02 17:00:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar
[2011/04/30 15:51:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\WinPcap
[2011/02/14 09:15:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\WinSCP
[2011/06/08 06:19:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Xara
[2011/04/30 10:52:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\XLink Kai
[2011/07/26 07:44:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Yahoo!
[2011/08/31 14:13:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Yontoo Layers Runtime
[2011/11/10 20:38:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Zen Puzzle Garden

[color=#A23BEC]< %appdata%\*.* >[/color]
[2011/11/27 20:35:23 | 000,000,132 | ---- | M] () -- C:\Users\Khalili\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/04/10 12:40:54 | 000,001,854 | ---- | M] () -- C:\Users\Khalili\AppData\Roaming\GhostObjGAFix.xml
[2010/11/17 07:21:13 | 000,000,005 | ---- | M] () -- C:\Users\Khalili\AppData\Roaming\index.txt
[2011/07/04 10:29:48 | 000,058,141 | ---- | M] () -- C:\Users\Khalili\AppData\Roaming\Khalili3SQLite3.dll
[2011/07/25 15:06:42 | 000,278,007 | -H-- | M] () -- C:\Users\Khalili\AppData\Roaming\Khalililog.dat
[2010/07/29 17:32:03 | 000,000,066 | ---- | M] () -- C:\Users\Khalili\AppData\Roaming\MTC-savedfolder.dat
[2011/07/05 18:15:12 | 000,397,962 | ---- | M] () -- C:\Users\Khalili\AppData\Roaming\nvidia.txt
[2011/06/13 10:25:39 | 000,000,600 | ---- | M] () -- C:\Users\Khalili\AppData\Roaming\winscp.rnd
[2011/11/14 15:29:05 | 000,009,744 | ---- | M] () -- C:\Users\Khalili\AppData\Roaming\wklnhst.dat


[color=#A23BEC]< MD5 for: AGP440.SYS  >[/color]
[2009/07/13 17:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009/07/13 17:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/13 17:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

[color=#A23BEC]< MD5 for: ATAPI.SYS  >[/color]
[2009/07/13 17:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/13 17:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/13 17:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

[color=#A23BEC]< MD5 for: CNGAUDIT.DLL  >[/color]
[2009/07/13 17:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 17:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/13 17:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009/07/13 17:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

[color=#A23BEC]< MD5 for: DISK.SYS  >[/color]
[2009/07/13 17:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\SysNative\drivers\disk.sys
[2009/07/13 17:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\SysNative\DriverStore\FileRepository\disk.inf_amd64_neutral_10ce25bbc5a9cc43\disk.sys
[2009/07/13 17:47:48 | 000,073,280 | ---- | M] (Microsoft Corporation) MD5=9819EEE8B5EA3784EC4AF3B137A5244C -- C:\Windows\winsxs\amd64_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_55bb738b8ddd8a01\disk.sys

[color=#A23BEC]< MD5 for: EVENTLOG.DLL  >[/color]
[2007/05/17 20:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll

[color=#A23BEC]< MD5 for: IASTOR.SYS  >[/color]
[2010/11/05 22:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\Windows\SysNative\drivers\iaStor.sys
[2010/11/05 22:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_710b330fb3531234\iaStor.sys

[color=#A23BEC]< MD5 for: IASTORV.SYS  >[/color]
[2010/11/20 05:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 05:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011/03/10 22:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/10 22:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011/03/10 22:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/10 22:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys

[color=#A23BEC]< MD5 for: NETLOGON.DLL  >[/color]
[2010/11/20 05:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010/11/20 05:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 04:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010/11/20 04:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll

[color=#A23BEC]< MD5 for: NVRD32.SYS  >[/color]
[2008/02/11 19:00:16 | 000,131,616 | ---- | M] (NVIDIA Corporation) MD5=049E81B6FB41C73619ED3FE4DF7D8638 -- C:\Drivers\Chipset_9.60\nvrd32.sys

[color=#A23BEC]< MD5 for: NVSTOR.SYS  >[/color]
[2011/03/10 22:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/10 22:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011/03/10 22:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/10 22:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/20 05:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 05:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

[color=#A23BEC]< MD5 for: NVSTOR32.SYS  >[/color]
[2008/02/11 19:00:46 | 000,110,624 | ---- | M] (NVIDIA Corporation) MD5=63B7838E9C272BAAA7B33A0CA4EBB748 -- C:\Drivers\Chipset_9.60\nvstor32.sys

[color=#A23BEC]< MD5 for: SCECLI.DLL  >[/color]
[2010/11/20 04:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010/11/20 04:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/20 05:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010/11/20 05:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

[color=#A23BEC]< MD5 for: USBSTOR.SYS  >[/color]
[2011/03/10 20:21:50 | 000,091,648 | ---- | M] (Microsoft Corporation) MD5=36106AC439EDFBB7B8BDBF99079C7590 -- C:\Windows\winsxs\amd64_usbstor.inf_31bf3856ad364e35_6.1.7601.21680_none_a6e64054c7cca389\USBSTOR.SYS
[2010/11/20 02:44:05 | 000,091,648 | ---- | M] (Microsoft Corporation) MD5=D76510CFA0FC09023077F22C2F979D86 -- C:\Windows\SysNative\DriverStore\FileRepository\usbstor.inf_amd64_neutral_0725c2806a159a9d\USBSTOR.SYS
[2010/11/20 02:44:05 | 000,091,648 | ---- | M] (Microsoft Corporation) MD5=D76510CFA0FC09023077F22C2F979D86 -- C:\Windows\winsxs\amd64_usbstor.inf_31bf3856ad364e35_6.1.7601.17514_none_a6ac5425ae72a584\USBSTOR.SYS
[2011/03/10 20:37:16 | 000,091,648 | ---- | M] (Microsoft Corporation) MD5=FED648B01349A3C8395A5169DB5FB7D6 -- C:\Windows\SysNative\drivers\USBSTOR.SYS
[2011/03/10 20:37:16 | 000,091,648 | ---- | M] (Microsoft Corporation) MD5=FED648B01349A3C8395A5169DB5FB7D6 -- C:\Windows\SysNative\DriverStore\FileRepository\usbstor.inf_amd64_neutral_26b33263a639795d\USBSTOR.SYS
[2011/03/10 20:37:16 | 000,091,648 | ---- | M] (Microsoft Corporation) MD5=FED648B01349A3C8395A5169DB5FB7D6 -- C:\Windows\winsxs\amd64_usbstor.inf_31bf3856ad364e35_6.1.7601.17577_none_a66e757baea0992f\USBSTOR.SYS

[color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >[/color]

[color=#E56717]========== Files - Unicode (All) ==========[/color]
[2011/07/08 16:55:15 | 002,106,616 | ---- | M] ()(C:\Users\Khalili\Documents\_Ramin Atash - Dokhtarak-e Mazari (HD) OFFICIAL Afghan Song March 2010_?.mp3) -- C:\Users\Khalili\Documents\_Ramin Atash - Dokhtarak-e Mazari (HD) OFFICIAL Afghan Song March 2010_‏.mp3
[2011/07/08 16:55:15 | 002,106,616 | ---- | C] ()(C:\Users\Khalili\Documents\_Ramin Atash - Dokhtarak-e Mazari (HD) OFFICIAL Afghan Song March 2010_?.mp3) -- C:\Users\Khalili\Documents\_Ramin Atash - Dokhtarak-e Mazari (HD) OFFICIAL Afghan Song March 2010_‏.mp3
[2011/07/05 16:29:45 | 002,535,119 | ---- | M] ()(C:\Users\Khalili\Desktop\_Dukhtar Afghan_?.mp3) -- C:\Users\Khalili\Desktop\_Dukhtar Afghan_‏.mp3
[2011/07/05 16:29:44 | 002,535,119 | ---- | C] ()(C:\Users\Khalili\Desktop\_Dukhtar Afghan_?.mp3) -- C:\Users\Khalili\Desktop\_Dukhtar Afghan_‏.mp3
[2011/06/03 16:01:14 | 000,000,000 | ---D | M](C:\Users\Khalili\AppData\Local\??) -- C:\Users\Khalili\AppData\Local\ႠႤ
[2011/06/03 16:01:14 | 000,000,000 | ---D | M](C:\Users\Khalili\AppData\Local\??) -- C:\Users\Khalili\AppData\Local\ႠႤ
[2011/04/22 17:06:47 | 000,000,000 | ---- | M] ()(C:\Windows\SysNative\?????) -- C:\Windows\SysNative\獷楬汢捯污
[2011/02/18 17:58:00 | 000,000,000 | ---- | C] ()(C:\Windows\SysNative\?????) -- C:\Windows\SysNative\獷楬汢捯污
[2010/08/08 19:16:57 | 000,360,432 | ---- | M] ()(C:\Users\Khalili\AppData\Local\tmp???????????.JPG) -- C:\Users\Khalili\AppData\Local\tmp٢٠١٠٠٧٢٨٢٩٤.JPG
[2010/08/08 19:16:56 | 000,363,309 | ---- | M] ()(C:\Users\Khalili\AppData\Local\tmp???????????.2) -- C:\Users\Khalili\AppData\Local\tmp٢٠١٠٠٧٢٨٢٩٤.2
[2010/08/08 19:16:55 | 000,363,751 | ---- | M] ()(C:\Users\Khalili\AppData\Local\tmp???????????.1) -- C:\Users\Khalili\AppData\Local\tmp٢٠١٠٠٧٢٨٢٩٤.1
[2010/08/08 19:16:55 | 000,360,432 | ---- | C] ()(C:\Users\Khalili\AppData\Local\tmp???????????.JPG) -- C:\Users\Khalili\AppData\Local\tmp٢٠١٠٠٧٢٨٢٩٤.JPG
[2010/08/08 19:16:55 | 000,310,700 | ---- | M] ()(C:\Users\Khalili\AppData\Local\tmp???????????.0) -- C:\Users\Khalili\AppData\Local\tmp٢٠١٠٠٧٢٨٢٩٤.0
[2010/08/08 19:14:38 | 000,406,713 | ---- | M] ()(C:\Users\Khalili\AppData\Local\tmp???????????.JPG) -- C:\Users\Khalili\AppData\Local\tmp٢٠١٠٠٧٢٨٢٨٩.JPG
[2010/08/08 19:14:38 | 000,406,713 | ---- | C] ()(C:\Users\Khalili\AppData\Local\tmp???????????.JPG) -- C:\Users\Khalili\AppData\Local\tmp٢٠١٠٠٧٢٨٢٨٩.JPG
[2010/08/08 19:14:37 | 000,350,058 | ---- | M] ()(C:\Users\Khalili\AppData\Local\tmp???????????.0) -- C:\Users\Khalili\AppData\Local\tmp٢٠١٠٠٧٢٨٢٨٩.0
[2010/08/08 18:34:54 | 000,363,309 | ---- | C] ()(C:\Users\Khalili\AppData\Local\tmp???????????.2) -- C:\Users\Khalili\AppData\Local\tmp٢٠١٠٠٧٢٨٢٩٤.2
[2010/08/08 18:34:53 | 000,363,751 | ---- | C] ()(C:\Users\Khalili\AppData\Local\tmp???????????.1) -- C:\Users\Khalili\AppData\Local\tmp٢٠١٠٠٧٢٨٢٩٤.1
[2010/08/08 18:34:52 | 000,310,700 | ---- | C] ()(C:\Users\Khalili\AppData\Local\tmp???????????.0) -- C:\Users\Khalili\AppData\Local\tmp٢٠١٠٠٧٢٨٢٩٤.0
[2010/08/08 18:29:00 | 000,405,935 | ---- | C] ()(C:\Users\Khalili\AppData\Local\tmp???????????.2) -- C:\Users\Khalili\AppData\Local\tmp٢٠١٠٠٧٢٨٢٨٩.2
[2010/08/08 18:28:59 | 000,406,856 | ---- | C] ()(C:\Users\Khalili\AppData\Local\tmp???????????.1) -- C:\Users\Khalili\AppData\Local\tmp٢٠١٠٠٧٢٨٢٨٩.1
[2010/08/08 18:28:59 | 000,405,935 | ---- | M] ()(C:\Users\Khalili\AppData\Local\tmp???????????.2) -- C:\Users\Khalili\AppData\Local\tmp٢٠١٠٠٧٢٨٢٨٩.2
[2010/08/08 18:28:58 | 000,406,856 | ---- | M] ()(C:\Users\Khalili\AppData\Local\tmp???????????.1) -- C:\Users\Khalili\AppData\Local\tmp٢٠١٠٠٧٢٨٢٨٩.1
[2010/08/08 18:28:58 | 000,350,058 | ---- | C] ()(C:\Users\Khalili\AppData\Local\tmp???????????.0) -- C:\Users\Khalili\AppData\Local\tmp٢٠١٠٠٧٢٨٢٨٩.0
[2010/06/15 15:45:10 | 000,319,207 | ---- | M] ()(C:\Users\Khalili\AppData\Local\tmp20100609220-???.0) -- C:\Users\Khalili\AppData\Local\tmp20100609220-٠٠١.0
[2010/06/15 15:45:10 | 000,319,207 | ---- | C] ()(C:\Users\Khalili\AppData\Local\tmp20100609220-???.0) -- C:\Users\Khalili\AppData\Local\tmp20100609220-٠٠١.0
[2010/06/15 15:45:10 | 000,209,676 | ---- | M] ()(C:\Users\Khalili\AppData\Local\tmp20100609220-???.JPG) -- C:\Users\Khalili\AppData\Local\tmp20100609220-٠٠١.JPG
[2010/06/15 15:45:10 | 000,209,676 | ---- | C] ()(C:\Users\Khalili\AppData\Local\tmp20100609220-???.JPG) -- C:\Users\Khalili\AppData\Local\tmp20100609220-٠٠١.JPG
(C:\Users\Khalili\AppData\Local\??) -- C:\Users\Khalili\AppData\Local\ႠႤ

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 183 bytes -> C:\ProgramData\Temp:ECF54A0E
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:0B4227B4
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:D1B5B4F1
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:EAD001CC
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:C1DF762D

< End of report >