[baltimoredude1]

I was affected with the snap do malware. I run the Kaspersky and was able to remove it from my toolbar, but computer is really slow to boot up, go to hibernation. I am not sure what to do. Can you please help? Thank you.

[Advertisements]

Hello and welcome to Geeks to Go! My nickname is Pystryker , and I will be helping you with your issue today.

Please note: I am currently in training and all my fixes must be approved by my teacher before being posted. This gives you the advantage of having two people working to solve your problems.

Before we get started, I have a few things I need to go over with you

• Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
  
• Please subscribe to this topic. By subscribing, the board will notify you when a new reply is added to your topic. You can find instructions on how to do that by clicking here.

• If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.
  
  
• Please read through my instructions carefully and completely before executing them.
  
• Please make sure that all the programs I ask you to download are downloaded to and run from your Desktop.
  
• Please make sure you print out these instructions so that you will be able to refer to them while working on your machine. Part of the solution(s) to your problem may involve us working in Safe Mode and you will need them to go by.
  
• Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  
• Please read through my instructions carefully and make sure you complete them from start to finish. I will make sure that I lay the instructions out in a step by step order to make them easy to follow
  
• This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
  
• Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
  
• Please make sure you reply within 3 days to my responses, if there is no reply within 3 days, the topic will be closed and you will need to request the topic be reopened.
  
• Before we get started, please remember we will do our best to get your machine repaired. However, there are some cases where the only solution is a reformat and reinstall of the operating system. This is a worst case scenario though.
  
• It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
  
• If possible, please have your original Windows installation disks handy, just in case.
  
• If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
  
• If you are unsure of an instruction I give you, or if something unexepected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
  
• Please copy and paste the contents of any requested logs in your replies. Do not attach the log files in your replies unless requested to do so.
  
• Please remember, the fixes are for your machine and your machine ONLY!

Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future

Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way.

Now, let's get started, shall we?



Step 1: Download and Scan with OTL


Download OTL

Download OTL to your desktop by clicking here. If for some reason, that link is not working, please click here for a secondary site.

• Close any open windows and then double click (Vista, Windows 7, 8, right click and then click Run as Administrator) the icon to start OTL.
  
• Please make sure the following boxes are checked.
  
• Scan All Users
• Use Company-Name WhiteList
• Skip Microsoft Files
• Use No-Company-Name Whitelist
• LOP Check
• Purity Check
  
• Please check Use Safelist is checked under Extra Registry.
  
• Copy the contents of the quote box below Do not copy the word quote! and paste them into the Custom Scans/Fixes box at the bottom of OTL's control panel.
  
  

  %SYSTEMDRIVE%\*.exe
  /md5start
  services.*
  explorer.exe
  winlogon.exe
  Userinit.exe
  svchost.exe
  rpcss.dll
  /md5stop
  dir "%systemdrive%\*" /S /A:L /C
  

• Click the Run Scan button.

• Please do not interrupt the scanning process. It may take a while to complete the scan, so please be patient.
  
• When the scan is finished, it will generate 2 logs, OTL.txt and Extras.txt, each in a Notepad window. Both of these logs are saved in the same location as OTL. In this case, on your desktop.
  
• Please post each log in your next reply.

Step 2: aswMBR

• Please download aswMBR.exe to your desktop.
  
• Double click the file to run it.
  
• It will ask if you want to download the latest Avast! virus definitions, please answer yes.

• Click the Scan button to begin the scan.

• Once the scan has finished, click on Save Log, save it to your desktop as asw.txt, and please post it in your next reply.
  
• Click Exit

Things I need to see in your next post:

OTL Log

Extras.txt log

aswMBR Log

[pystryker]

Hello and welcome to Geeks to Go! My nickname is Pystryker , and I will be helping you with your issue today.

Please note: I am currently in training and all my fixes must be approved by my teacher before being posted. This gives you the advantage of having two people working to solve your problems.

Before we get started, I have a few things I need to go over with you

• Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
  
• Please subscribe to this topic. By subscribing, the board will notify you when a new reply is added to your topic. You can find instructions on how to do that by clicking here.

• If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.
  
  
• Please read through my instructions carefully and completely before executing them.
  
• Please make sure that all the programs I ask you to download are downloaded to and run from your Desktop.
  
• Please make sure you print out these instructions so that you will be able to refer to them while working on your machine. Part of the solution(s) to your problem may involve us working in Safe Mode and you will need them to go by.
  
• Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  
• Please read through my instructions carefully and make sure you complete them from start to finish. I will make sure that I lay the instructions out in a step by step order to make them easy to follow
  
• This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
  
• Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
  
• Please make sure you reply within 3 days to my responses, if there is no reply within 3 days, the topic will be closed and you will need to request the topic be reopened.
  
• Before we get started, please remember we will do our best to get your machine repaired. However, there are some cases where the only solution is a reformat and reinstall of the operating system. This is a worst case scenario though.
  
• It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
  
• If possible, please have your original Windows installation disks handy, just in case.
  
• If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
  
• If you are unsure of an instruction I give you, or if something unexepected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
  
• Please copy and paste the contents of any requested logs in your replies. Do not attach the log files in your replies unless requested to do so.
  
• Please remember, the fixes are for your machine and your machine ONLY!

Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future

Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way.

Now, let's get started, shall we?



Step 1: Download and Scan with OTL


Download OTL

Download OTL to your desktop by clicking here. If for some reason, that link is not working, please click here for a secondary site.

• Close any open windows and then double click (Vista, Windows 7, 8, right click and then click Run as Administrator) the icon to start OTL.
  
• Please make sure the following boxes are checked.
  
• Scan All Users
• Use Company-Name WhiteList
• Skip Microsoft Files
• Use No-Company-Name Whitelist
• LOP Check
• Purity Check
  
• Please check Use Safelist is checked under Extra Registry.
  
• Copy the contents of the quote box below Do not copy the word quote! and paste them into the Custom Scans/Fixes box at the bottom of OTL's control panel.
  
  

  %SYSTEMDRIVE%\*.exe
  /md5start
  services.*
  explorer.exe
  winlogon.exe
  Userinit.exe
  svchost.exe
  rpcss.dll
  /md5stop
  dir "%systemdrive%\*" /S /A:L /C
  

• Click the Run Scan button.

• Please do not interrupt the scanning process. It may take a while to complete the scan, so please be patient.
  
• When the scan is finished, it will generate 2 logs, OTL.txt and Extras.txt, each in a Notepad window. Both of these logs are saved in the same location as OTL. In this case, on your desktop.
  
• Please post each log in your next reply.

Step 2: aswMBR

• Please download aswMBR.exe to your desktop.
  
• Double click the file to run it.
  
• It will ask if you want to download the latest Avast! virus definitions, please answer yes.

• Click the Scan button to begin the scan.

• Once the scan has finished, click on Save Log, save it to your desktop as asw.txt, and please post it in your next reply.
  
• Click Exit

Things I need to see in your next post:

OTL Log

Extras.txt log

aswMBR Log

[baltimoredude1]

Hello Thank you for taking time to replying me. I did as you said and is pasting OTL, Extras and aswerMBR txt. thank you.

OTL

OTL logfile created on: 2/6/2014 9:31:30 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\A M Rahman\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.93 Gb Available Physical Memory | 46.51% Memory free
3.85 Gb Paging File | 2.96 Gb Available in Paging File | 76.99% Paging File free
Paging file location(s): C:\pagefile.sys 2048 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.54 Gb Total Space | 23.46 Gb Free Space | 16.35% Space Free | Partition Type: NTFS

Computer Name: AMRLAPTOP | User Name: A M Rahman | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\A M Rahman\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - c:\Program Files\Zune\ZuneBusEnum.exe (Microsoft Corporation)
PRC - C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe (Nuance Communications, Inc.)
PRC - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\WINDOWS\system32\bcm1xsup.dll ()


========== Services (SafeList) ==========

SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Application Updater) -- C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Garmin Core Update Service) -- C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe (Garmin Ltd or its subsidiaries)
SRV - (Skype C2C Service) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (AlotService) -- C:\Documents and Settings\A M Rahman\Application Data\alotservice\alotservice.exe (Vertro Inc.)
SRV - (UMVPFSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (Secunia PSI Agent) -- C:\Program Files\Secunia\PSI\psia.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Program Files\Secunia\PSI\sua.exe (Secunia)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SRV - (ZuneWlanCfgSvc) -- c:\Program Files\Zune\ZuneWlanCfgSvc.exe (Microsoft Corporation)
SRV - (WMZuneComm) -- c:\Program Files\Zune\WMZuneComm.exe (Microsoft Corporation)
SRV - (ZuneNetworkSvc) -- c:\Program Files\Zune\ZuneNss.exe (Microsoft Corporation)
SRV - (ZuneBusEnum) -- c:\Program Files\Zune\ZuneBusEnum.exe (Microsoft Corporation)
SRV - (AntUpdaterService) -- C:\Program Files\Ant.com\IE add-on\AntUpdaterService.exe (Ant.com)
SRV - (PDFProFiltSrvPP) -- C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe (Nuance Communications, Inc.)
SRV - (BrYNSvc) -- C:\Program Files\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
SRV - (WDDMService) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
SRV - (WDSmartWareBackgroundService) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe (Memeo)
SRV - (getPlus® -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (NOS Microsystems Ltd.)
SRV - (aawservice) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
SRV - (sprtsvc_ddoctorv2) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (Basics Service) -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe (Seagate Technology LLC)
SRV - (Imapi Helper) -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe (Alex Feinman)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (wanatw) -- system32\DRIVERS\wanatw4.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (CSS DVP) -- system32\DRIVERS\css-dvp.sys File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOCUME~1\AMRAHM~1\LOCALS~1\Temp\catchme.sys File not found
DRV - (LVUVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.)
DRV - (CompFilter) -- C:\WINDOWS\system32\drivers\lvbusflt.sys (Logitech Inc.)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (PSI) -- C:\WINDOWS\system32\drivers\psi_mf.sys (Secunia)
DRV - (BrUsbSIb) -- C:\WINDOWS\system32\drivers\BrUsbSib.sys (Brother Industries Ltd.)
DRV - (BrSerIb) -- C:\WINDOWS\system32\drivers\BrSerIb.sys (Brother Industries Ltd.)
DRV - (WDC_SAM) -- C:\WINDOWS\system32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (SCDEmu) -- C:\WINDOWS\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (WinUSB) -- C:\WINDOWS\system32\drivers\winusb.sys (Microsoft Corporation)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (DSproct) -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys (GTek Technologies Ltd.)
DRV - (VMnetAdapter) -- C:\WINDOWS\system32\drivers\vmnetadapter.sys (VMware, Inc.)
DRV - (APPDRV) -- C:\WINDOWS\system32\drivers\APPDRV.SYS (Dell Inc)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)
DRV - (omci) -- C:\WINDOWS\system32\drivers\omci.sys (Dell Inc)
DRV - (RRamdisk) -- C:\WINDOWS\system32\drivers\rramdisk.sys (gavotte)
DRV - (SNDM360) -- C:\WINDOWS\system32\drivers\sndm360.sys ()
DRV - (ASPI) -- C:\WINDOWS\system32\drivers\ASPI32.SYS (Adaptec)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.minituner.org/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.minituner.org/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.minituner.org/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.minituner.org/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.minituner.org/
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3061225
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.minituner.org/
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.minituner.org/
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=68.34.125.136:8080

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3061225
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.minituner.org/
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.minituner.org/
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=68.34.125.136:8080

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.c...Date=06/11/2013
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.c...Date=06/11/2013
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://feed.snapdo.c...Date=06/11/2013
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snapdo.c...Date=06/11/2013
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snapdo.c...Date=06/11/2013
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKU\S-1-5-19\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.c...Date=06/11/2013

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.c...Date=06/11/2013
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.c...Date=06/11/2013
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://feed.snapdo.c...Date=06/11/2013
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snapdo.c...Date=06/11/2013
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snapdo.c...Date=06/11/2013
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKU\S-1-5-20\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.c...Date=06/11/2013
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3146927349-1717951873-3320083228-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.c...Date=06/11/2013
IE - HKU\S-1-5-21-3146927349-1717951873-3320083228-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.c...Date=06/11/2013
IE - HKU\S-1-5-21-3146927349-1717951873-3320083228-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-3146927349-1717951873-3320083228-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\S-1-5-21-3146927349-1717951873-3320083228-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = about:Tabs [binary data]
IE - HKU\S-1-5-21-3146927349-1717951873-3320083228-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3146927349-1717951873-3320083228-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3146927349-1717951873-3320083228-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A0 7E 91 F8 A5 1C CF 01 [binary data]
IE - HKU\S-1-5-21-3146927349-1717951873-3320083228-1007\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snapdo.c...Date=06/11/2013
IE - HKU\S-1-5-21-3146927349-1717951873-3320083228-1007\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snapdo.c...Date=06/11/2013
IE - HKU\S-1-5-21-3146927349-1717951873-3320083228-1007\..\URLSearchHook: {05478A66-EDB6-4A22-A870-A5987F80A7DA} - C:\Program Files\Vuze Remote Toolbar\IE\8.5\vuzeToolbarIE.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-3146927349-1717951873-3320083228-1007\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3146927349-1717951873-3320083228-1007\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKU\S-1-5-21-3146927349-1717951873-3320083228-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\A M Rahman\Application Data\Move Networks\plugins\npqmp071706000001.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\A M Rahman\Application Data\Move Networks\plugins\npqmp071706000001.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\A M Rahman\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\A M Rahman\Local Settings\Application Data\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\A M Rahman\Local Settings\Application Data\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\A M Rahman\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Documents and Settings\A M Rahman\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/08/20 14:04:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013/02/11 22:29:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/12/23 02:17:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/12/23 02:18:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\A M Rahman\Application Data\Move Networks [2010/02/18 22:18:14 | 000,000,000 | ---D | M]

[2009/02/06 15:40:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Extensions
[2009/01/03 18:33:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Extensions\{6334D996-EA3E-4a0e-AA8D-15BA56B37241}
[2009/02/06 15:40:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Extensions\[email protected]
[2013/06/24 21:39:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\extensions
[2013/05/21 08:46:56 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013/06/22 15:29:15 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013/06/24 21:39:20 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
[2013/04/23 22:33:56 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\extensions\[email protected]
[2012/05/30 11:19:08 | 000,000,000 | ---D | M] (ALOT Appbar) -- C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\extensions\[email protected]
[2013/12/17 22:21:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\extensions\extensions
[2013/10/29 23:37:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\extensions\searchplugins
[2014/01/23 22:55:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\9uekjrfi.default-1390412299265\extensions
[2014/01/22 12:40:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\9uekjrfi.default-1390412299265\bookmarkbackups\extensions
[2013/12/17 22:21:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\ABE\extensions
[2013/12/17 22:21:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\adblockplus\extensions
[2013/12/17 22:21:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\alot-appbar\extensions
[2013/12/17 22:21:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\bookmarkbackups\extensions
[2013/12/17 22:21:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\browserbackgrounds\extensions
[2013/12/17 22:21:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\foxtab\extensions
[2013/12/17 22:21:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\FVD Single\extensions
[2013/12/17 22:21:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\gm_scripts\extensions
[2013/12/17 22:21:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\gmanager\extensions
[2013/12/17 22:21:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\GoogleToolbarData\extensions
[2013/12/17 22:21:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\healthreport\extensions
[2013/12/17 22:21:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\indexedDB\extensions
[2013/12/17 22:21:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\jetpack\extensions
[2013/12/17 22:21:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\minidumps\extensions
[2013/12/17 22:21:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\morningCoffee\extensions
[2013/12/17 22:21:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\searchplugins\extensions
[2013/12/17 22:21:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\sxipper2\extensions
[2013/12/17 22:21:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\weave\extensions
[2013/12/17 22:21:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\webapps\extensions
[2013/12/17 22:21:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\WOT\extensions
[2013/12/17 22:21:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\y1ck9lhx.default\extensions
[2010/04/16 14:00:03 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\y1ck9lhx.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/08/20 15:12:40 | 000,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\y1ck9lhx.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2010/05/19 01:00:39 | 000,000,000 | ---D | M] ("Walnut for Firefox") -- C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\y1ck9lhx.default\extensions\{5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}
[2010/02/27 02:55:24 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\y1ck9lhx.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/04/08 22:44:22 | 000,000,000 | ---D | M] (Media Converter) -- C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\y1ck9lhx.default\extensions\{6e764c17-863a-450f-bdd0-6772bd5aaa18}
[2008/11/19 01:11:50 | 000,000,000 | ---D | M] (Free eBook Search) -- C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\y1ck9lhx.default\extensions\{7585C31E-1E94-4498-ACEC-CB913A05FC52}
[2009/06/12 11:54:14 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\y1ck9lhx.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2010/05/19 01:00:56 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\y1ck9lhx.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/02/27 02:55:25 | 000,000,000 | ---D | M] ("CoolPreviews") -- C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\y1ck9lhx.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}
[2009/11/30 19:58:38 | 000,000,000 | ---D | M] (Black Steel) -- C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\y1ck9lhx.default\extensions\{e2c58150-9d72-11dd-ad8b-0800200c9a66}
[2009/08/25 10:41:05 | 000,000,000 | ---D | M] (RedShift V3) -- C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\y1ck9lhx.default\extensions\[email protected]
[2010/03/05 17:38:30 | 000,000,000 | ---D | M] (Sxipper) -- C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\y1ck9lhx.default\extensions\[email protected]
[2014/01/23 22:55:38 | 000,940,775 | ---- | M] () (No name found) -- C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\9uekjrfi.default-1390412299265\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/06/24 21:39:20 | 000,304,556 | ---- | M] () (No name found) -- C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\extensions\[email protected]
[2013/06/23 06:44:35 | 000,304,615 | ---- | M] () (No name found) -- C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\extensions\[email protected]
[2013/03/26 08:45:58 | 000,226,606 | ---- | M] () (No name found) -- C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\extensions\[email protected]
[2011/07/29 08:33:06 | 000,006,796 | ---- | M] () (No name found) -- C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\extensions\[email protected]
[2013/06/24 21:39:20 | 000,534,298 | ---- | M] () (No name found) -- C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013/02/12 23:49:32 | 000,328,332 | ---- | M] () (No name found) -- C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}.xpi
[2013/05/09 20:46:44 | 000,870,680 | ---- | M] () (No name found) -- C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/04/21 21:56:02 | 000,765,412 | ---- | M] () (No name found) -- C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2013/12/23 02:17:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/12/23 02:17:31 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2013/12/23 02:17:38 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/12/23 02:17:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/12/23 02:17:16 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/12/23 02:24:13 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/09/15 10:33:39 | 000,113,976 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\mozilla firefox\plugins\atgpcdec.dll
[2013/12/05 13:04:47 | 000,610,832 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\mozilla firefox\plugins\atgpcext.dll
[2010/07/29 10:02:27 | 000,046,408 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\atmccli.dll
[2010/07/29 10:02:35 | 000,099,224 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\ieatgpc.dll
[2010/07/29 10:02:05 | 000,061,848 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\npatgpc.dll
[2009/01/10 00:00:18 | 000,056,576 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2012/08/20 14:04:20 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2012/06/28 10:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - Extension: Learn French - Tr\u00E8s Bien = C:\Documents and Settings\A M Rahman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aeifanonhefcaphaeeknpklkfnjjmpec\1.80.1_0\
CHR - Extension: BIODIGITAL HUMAN = C:\Documents and Settings\A M Rahman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak\0.9.5_0\
CHR - Extension: HD for YouTube\u2122 = C:\Documents and Settings\A M Rahman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\akjbfncbadcmnkopckegnmjgihagponf\1.5_0\
CHR - Extension: Facebook Video Downloader = C:\Documents and Settings\A M Rahman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\amjcoehkcacocffpmhnefgoeanepjfkf\1.4_0\
CHR - Extension: Google Docs = C:\Documents and Settings\A M Rahman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Documents and Settings\A M Rahman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: WOT = C:\Documents and Settings\A M Rahman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\2.4.5_0\
CHR - Extension: WOT = C:\Documents and Settings\A M Rahman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\2.4.6_0\
CHR - Extension: YouTube = C:\Documents and Settings\A M Rahman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: BuzzMath = C:\Documents and Settings\A M Rahman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dekgplobenhhgdanccadonnejajokmbf\1.2_0\
CHR - Extension: Facebook Unseen = C:\Documents and Settings\A M Rahman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmdhkalcecemojegheiohcghkamlipof\0.0.0.3_0\
CHR - Extension: Facebook Theme Creator = C:\Documents and Settings\A M Rahman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ecnnffhckagcpoimngfooggeilkhlnnh\3.0.9_0\
CHR - Extension: Photo Zoom for Facebook = C:\Documents and Settings\A M Rahman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1312.1.2_0\
CHR - Extension: Go to IMDb = C:\Documents and Settings\A M Rahman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fipkcplmpmhcmfgkgahliaabodplkjio\1.2.6_0\
CHR - Extension: C++ Tutorial = C:\Documents and Settings\A M Rahman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fpkdcihamnidijdfmjeckahccaphlofi\1.0_0\
CHR - Extension: enggHeads e-CircuitBox = C:\Documents and Settings\A M Rahman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gdmiejflllpkdilofdhppkpikphgpcgd\2_0\
CHR - Extension: AdBlock = C:\Documents and Settings\A M Rahman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.18_0\
CHR - Extension: LastPass = C:\Documents and Settings\A M Rahman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\3.0.22_0\
CHR - Extension: Domain Error Assistant = C:\Documents and Settings\A M Rahman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj\1.3_0\
CHR - Extension: wikiHow Survival Kit = C:\Documents and Settings\A M Rahman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ickaeddjnhfofihhibhnjemlphjmnchl\1.0.4_0\
CHR - Extension: Wolfram|Alpha (Official) = C:\Documents and Settings\A M Rahman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icncamkooinmbehmkeilcccmoljfkdhp\1.2.2_0\
CHR - Extension: Cargo Bridge = C:\Documents and Settings\A M Rahman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\keembkgclppcbilkekfgpobhldjjhpmn\1.5.7_0\
CHR - Extension: Media file downloader = C:\Documents and Settings\A M Rahman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\khbkckdkhakengfjmejmiabaakdlhaab\2.0_0\
CHR - Extension: Facebook AdBlock = C:\Documents and Settings\A M Rahman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lfpacabphcagfehdgnigmfnbjdampbaa\1.0.10_0\
CHR - Extension: Unfriend Alerts = C:\Documents and Settings\A M Rahman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lgbeldbnadmemecalekdfnffgobkpafc\2.0.1_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\A M Rahman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.9.0.12585_1\
CHR - Extension: Google Wallet = C:\Documents and Settings\A M Rahman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_2\
CHR - Extension: GRE Vocabulary 4800 = C:\Documents and Settings\A M Rahman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\npnelmbegaeghmfgcfidjckefcocieih\4.3.1_0\
CHR - Extension: Origami Player = C:\Documents and Settings\A M Rahman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\oiomepakkenneiifjocbinkmmampfbdn\2.4_0\
CHR - Extension: Gmail = C:\Documents and Settings\A M Rahman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: Yann Arthus-Bertrand = C:\Documents and Settings\A M Rahman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\plaekpceeonanmjojailaojkconcgofc\3_0\
CHR - Extension: Learn Spanish - Qu\u00E9 Onda = C:\Documents and Settings\A M Rahman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pmcdjmebmeoobmdghjbjhbifoocbcmaj\1.77.1_0\

O1 HOSTS File: ([2012/04/15 12:04:01 | 000,000,789 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Vuze Remote Toolbar) - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - C:\Program Files\Vuze Remote Toolbar\IE\8.5\vuzeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll (Conduit Ltd.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Ant.com browser helper (video detector)) - {346FDE31-DFF9-418A-90C8-BA31DC9FF2EF} - C:\Program Files\Ant.com\IE add-on\Download.dll (Ant.com)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (ALOT Appbar Helper) - {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - C:\Program Files\alotappbar\bin\BHO\ALOTHelperBHO.dll (Vertro, Inc)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {05478A66-EDB6-4A22-A870-A5987F80A7DA} - C:\Program Files\Vuze Remote Toolbar\IE\8.5\vuzeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ant.com Video Downloader toolbar) - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files\Ant.com\IE add-on\AntToolbar.dll (Ant.com)
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (ALOT Appbar) - {A531D99C-5A22-449b-83DA-872725C6D0ED} - C:\Program Files\alotappbar\bin\alothelper.dll (Vertro, Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3146927349-1717951873-3320083228-1007\..\Toolbar\ShellBrowser: (Freecorder Toolbar) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files\Freecorder\tbFree.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3146927349-1717951873-3320083228-1007\..\Toolbar\WebBrowser: (Freecorder Toolbar) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files\Freecorder\tbFree.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3146927349-1717951873-3320083228-1007\..\Toolbar\WebBrowser: (Ant.com Video Downloader toolbar) - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files\Ant.com\IE add-on\AntToolbar.dll (Ant.com)
O3 - HKU\S-1-5-21-3146927349-1717951873-3320083228-1007\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKU\S-1-5-21-3146927349-1717951873-3320083228-1007\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PPort12reminder] C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKU\S-1-5-21-3146927349-1717951873-3320083228-1007..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil32_11_9_900_170_Plugin.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Firefox Preloader.lnk = C:\Program Files\FirefoxPreloader\FirefoxPreloader.exe (6XGate Incorporated)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3146927349-1717951873-3320083228-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3146927349-1717951873-3320083228-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3146927349-1717951873-3320083228-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
O7 - HKU\S-1-5-21-3146927349-1717951873-3320083228-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 0
O7 - HKU\S-1-5-21-3146927349-1717951873-3320083228-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 0
O7 - HKU\S-1-5-21-3146927349-1717951873-3320083228-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 0
O7 - HKU\S-1-5-21-3146927349-1717951873-3320083228-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 0
O7 - HKU\S-1-5-21-3146927349-1717951873-3320083228-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKU\S-1-5-21-3146927349-1717951873-3320083228-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 0
O7 - HKU\S-1-5-21-3146927349-1717951873-3320083228-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 0
O7 - HKU\S-1-5-21-3146927349-1717951873-3320083228-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogoff = 0
O7 - HKU\S-1-5-21-3146927349-1717951873-3320083228-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1
O7 - HKU\S-1-5-21-3146927349-1717951873-3320083228-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3146927349-1717951873-3320083228-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Download videos by Ant.com - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - C:\Program Files\Ant.com\IE add-on\Download.dll (Ant.com)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-3146927349-1717951873-3320083228-1007\..Trusted Domains: yahoo.com ([us-mg5.mail] https in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://i.dell.com/im...r/SysProExe.cab (Scanner.SysScanner)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.c.../cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.ado...obat/nos/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FD8FE01C-727B-4F6C-BE54-0EFDA064EB17}: DhcpNameServer = 192.168.1.1 75.75.75.75 75.75.76.76
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\vfsp - No CLSID value found
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\A M Rahman\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\A M Rahman\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/02/06 21:19:13 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\A M Rahman\Desktop\OTL.exe
[2014/02/06 04:06:43 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\A M Rahman\Recent
[2014/01/22 12:40:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\A M Rahman\Desktop\Old Firefox Data
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/02/06 21:48:00 | 000,000,998 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3146927349-1717951873-3320083228-1007UA.job
[2014/02/06 21:18:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\A M Rahman\Desktop\OTL.exe
[2014/02/06 20:56:21 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/06 13:28:06 | 000,001,018 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-3146927349-1717951873-3320083228-1007UA.job
[2014/02/06 11:53:43 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2014/02/06 01:56:04 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/02/05 22:48:03 | 000,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3146927349-1717951873-3320083228-1007Core.job
[2014/02/04 10:54:11 | 000,002,353 | ---- | M] () -- C:\Documents and Settings\A M Rahman\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/02/04 10:54:10 | 000,002,359 | ---- | M] () -- C:\Documents and Settings\A M Rahman\Desktop\Google Chrome.lnk
[2014/02/03 19:28:00 | 000,000,996 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-3146927349-1717951873-3320083228-1007Core.job
[2014/02/03 15:06:04 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3146927349-1717951873-3320083228-1007.job
[2014/02/01 22:40:07 | 000,034,233 | ---- | M] () -- C:\Documents and Settings\A M Rahman\Desktop\1797455_1420735698165409_1965111197_n.jpg
[2014/01/30 01:25:31 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\A M Rahman\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2014/01/28 23:03:48 | 000,001,302 | ---- | M] () -- C:\Documents and Settings\A M Rahman\Desktop\java.cer
[2014/01/28 10:18:45 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Firefox Preloader.lnk
[2014/01/27 09:57:17 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2014/01/24 11:25:43 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/01/24 11:24:14 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3146927349-1717951873-3320083228-1007.job
[2014/01/24 11:20:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/01/24 11:20:42 | 2145,845,248 | -HS- | M] () -- C:\hiberfil.sys
[2014/01/13 14:58:11 | 000,045,285 | ---- | M] () -- C:\Documents and Settings\A M Rahman\Desktop\When you really love someone.jpg
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/02/01 22:40:07 | 000,034,233 | ---- | C] () -- C:\Documents and Settings\A M Rahman\Desktop\1797455_1420735698165409_1965111197_n.jpg
[2014/01/28 23:03:25 | 000,001,302 | ---- | C] () -- C:\Documents and Settings\A M Rahman\Desktop\java.cer
[2014/01/13 14:58:28 | 000,045,285 | ---- | C] () -- C:\Documents and Settings\A M Rahman\Desktop\When you really love someone.jpg
[2014/01/05 16:10:59 | 000,000,928 | ---- | C] () -- C:\Documents and Settings\A M Rahman\Local Settings\Application Data\recently-used.xbel
[2013/10/19 22:50:37 | 000,000,331 | ---- | C] () -- C:\WINDOWS\WINHELP.INI
[2013/10/19 21:33:13 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\A M Rahman\.org.eclipse.epp.usagedata.recording.userId
[2012/12/16 21:06:38 | 000,000,246 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2012/12/16 21:06:38 | 000,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2012/12/16 21:05:14 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL
[2012/12/16 21:05:14 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2012/12/16 21:05:14 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRADM10A.DAT
[2012/12/16 21:03:57 | 000,000,086 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
[2012/12/16 21:03:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2012/08/27 22:05:05 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\A M Rahman\Local Settings\Application Data\PUTTY.RND
[2012/08/16 11:13:19 | 000,769,546 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-3146927349-1717951873-3320083228-1007-0.dat
[2012/08/16 11:12:54 | 000,373,666 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/04/18 19:21:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\setup_xp.ini
[2012/02/15 10:13:27 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2010/09/24 21:22:05 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\A M Rahman\webct_upload_applet.properties
[2009/12/30 01:23:45 | 000,053,660 | ---- | C] () -- C:\Documents and Settings\A M Rahman\.jose.user.preferences
[2008/03/17 23:01:16 | 000,000,554 | ---- | C] () -- C:\Documents and Settings\A M Rahman\Application Data\AutoGK.ini
[2008/03/17 11:04:11 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2007/01/26 17:14:53 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\A M Rahman\Local Settings\Application Data\.mpid
[2007/01/11 08:37:59 | 000,226,816 | ---- | C] () -- C:\Documents and Settings\A M Rahman\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/12/29 17:44:23 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\A M Rahman\Local Settings\Application Data\fusioncache.dat

========== ZeroAccess Check ==========

[2004/08/10 14:09:48 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/10/18 18:04:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A M Rahman\Application Data\.kde
[2009/02/08 07:16:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A M Rahman\Application Data\aignes
[2012/06/23 13:31:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A M Rahman\Application Data\alotappbar
[2012/05/30 11:16:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A M Rahman\Application Data\alotservice
[2012/12/27 15:21:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A M Rahman\Application Data\Applian FLV and Media Player
[2011/09/29 11:00:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A M Rahman\Application Data\Avant Downloader
[2011/04/03 12:39:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A M Rahman\Application Data\Avery
[2012/08/24 00:52:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A M Rahman\Application Data\Azureus
[2013/09/03 12:40:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A M Rahman\Application Data\Blackboard
[2012/08/24 12:09:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A M Rahman\Application Data\Canon
[2009/01/14 16:03:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A M Rahman\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/02/18 14:13:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A M Rahman\Application Data\com.comcast.access.13A1FA90F0FC9DC009FB0956ADD0F13F8608561B.1
[2012/12/16 21:13:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A M Rahman\Application Data\ControlCenter4
[2007/11/27 23:40:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A M Rahman\Application Data\COWON
[2013/10/31 09:39:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A M Rahman\Application Data\Cybele Software
[2013/04/18 22:43:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A M Rahman\Application Data\DDMSettings
[2009/01/10 00:01:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A M Rahman\Application Data\Foxit
[2013/06/27 19:57:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A M Rahman\Application Data\GARMIN
[2008/06/16 07:15:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A M Rahman\Application Data\GrabPro
[2011/02/14 19:25:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A M Rahman\Application Data\gtk-2.0
[2011/08/25 12:02:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A M Rahman\Application Data\Helios
[2011/02/28 19:31:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A M Rahman\Application Data\InfraRecorder
[2007/05/13 00:13:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A M Rahman\Application Data\Leadertech
[2011/12/05 00:39:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A M Rahman\Application Data\LimeWire
[2013/12/21 04:56:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A M Rahman\Application Data\Motorola
[2013/12/19 14:18:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A M Rahman\Application Data\Motorola Mobility
[2009/04/08 20:05:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A M Rahman\Application Data\Nitro PDF
[2012/12/16 20:46:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A M Rahman\Application Data\Nuance
[2013/02/11 22:16:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A M Rahman\Application Data\OpenCandy
[2010/05/30 22:04:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A M Rahman\Application Data\OpenOffice.org
[2012/07/01 20:28:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A M Rahman\Application Data\Oracle
[2008/06/17 13:25:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A M Rahman\Application Data\Orbit
[2009/01/03 18:33:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A M Rahman\Application Data\Participatory Culture Foundation
[2011/12/07 04:08:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A M Rahman\Application Data\PCF-VLC
[2013/12/17 22:21:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A M Rahman\Application Data\Search Settings
[2007/12/02 13:02:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A M Rahman\Application Data\Seven Zip
[2012/11/05 20:04:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A M Rahman\Application Data\TeamViewer
[2008/11/07 10:47:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A M Rahman\Application Data\TigerPlayer
[2007/05/11 19:37:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A M Rahman\Application Data\TrojanHunter
[2009/01/11 11:04:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A M Rahman\Application Data\UltiConverters
[2012/06/19 01:06:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A M Rahman\Application Data\Unity
[2010/12/11 14:09:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A M Rahman\Application Data\VirtualStore
[2012/09/26 20:18:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A M Rahman\Application Data\Vuze Remote
[2012/07/02 18:18:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A M Rahman\Application Data\webex
[2010/10/11 21:15:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A M Rahman\Application Data\Western Digital
[2008/05/05 04:36:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A M Rahman\Application Data\{0B9E3B72-FCE7-4B76-9F99-94E66A8C5760}
[2011/12/21 12:24:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ant.com
[2011/12/21 12:06:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applian
[2011/04/12 13:40:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2009/02/02 10:26:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bluebeam Software
[2009/04/04 19:16:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Blueberry
[2012/07/18 10:44:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2010/02/19 11:01:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\com.comcast.access
[2013/07/17 21:41:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\comcastModemRelease
[2012/12/16 21:04:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ControlCenter4
[2013/10/31 09:39:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cybele Software
[2007/10/20 08:33:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FloodLightGames
[2013/06/27 20:08:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Garmin
[2008/08/15 07:15:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Metacafe
[2013/12/19 14:21:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Motorola
[2009/04/08 20:04:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF
[2012/12/16 20:59:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2013/07/01 12:04:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Package Cache
[2012/12/16 20:57:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2008/08/03 19:46:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2008/03/17 11:04:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2013/09/28 12:39:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2006/12/25 21:48:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/10/11 21:24:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WD_SmartWareCommon
[2007/09/22 12:08:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2012/12/16 20:58:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\zeon
[2013/06/27 19:55:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Garmin
[2007/05/11 18:08:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Someone else\Application Data\Opera
[2013/05/16 10:01:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Someone else\Application Data\Search Settings

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2007/11/27 10:55:42 | 004,301,387 | ---- | M] (Shareaza Development Team ) -- C:\Shareaza_2.2.5.0.exe
[2007/09/10 13:07:14 | 002,841,064 | ---- | M] () -- C:\Shockwave_Installer_Slim.exe
[2007/03/19 07:31:52 | 002,095,604 | ---- | M] () -- C:\sopcast.exe
[2007/10/28 15:54:26 | 025,755,448 | ---- | M] (Microsoft Corporation) -- C:\wmp11-windowsxp-x86-enu.exe
[2013/10/18 19:51:33 | 000,059,904 | ---- | M] () -- C:\wow32_patch.exe

< MD5 for: EXPLORER.EXE >
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe
[2007/06/13 06:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: RPCSS.DLL >
[2009/02/09 05:01:53 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=24B5D53B9ACCC1E2EDCF0A878D6659D4 -- C:\WINDOWS\$NtServicePackUninstall$\rpcss.dll
[2008/04/13 19:12:04 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=2589FE6015A316C0F5D5112B4DA7B509 -- C:\WINDOWS\ServicePackFiles\i386\rpcss.dll
[2009/02/09 07:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=6B27A5C03DFB94B4245739065431322C -- C:\WINDOWS\$hf_mig$\KB956572\SP3GDR\rpcss.dll
[2009/02/09 07:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=6B27A5C03DFB94B4245739065431322C -- C:\WINDOWS\ERDNT\cache\rpcss.dll
[2009/02/09 07:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=6B27A5C03DFB94B4245739065431322C -- C:\WINDOWS\system32\dllcache\rpcss.dll
[2009/02/09 07:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=6B27A5C03DFB94B4245739065431322C -- C:\WINDOWS\system32\rpcss.dll
[2009/02/09 05:56:36 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=9222562D44021B988B9F9F62207FB6F2 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[2005/07/25 23:20:40 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=C369DF215D352B6F3A0B8C3469AA34F8 -- C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\rpcss.dll
[2005/07/25 23:39:49 | 000,397,824 | ---- | M] (Microsoft Corporation) MD5=CE94A2BD25E3E9F4D46A7373FF455C6D -- C:\i386\rpcss.dll
[2005/04/28 14:35:01 | 000,396,288 | ---- | M] (Microsoft Corporation) MD5=DA383FB39A6F1C445F3AFC94B3EB1248 -- C:\WINDOWS\$hf_mig$\KB894391\SP2QFE\rpcss.dll

< MD5 for: SERVICES >
[2013/10/31 11:18:23 | 000,000,094 | --S- | M] () MD5=0398C73EDA82CD1F1DFB17A389D0AEAB -- C:\cygwin\etc\services
[2004/08/04 06:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\i386\services
[2004/08/04 06:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\WINDOWS\system32\drivers\etc\services

< MD5 for: SERVICES.CFG >
[2012/09/23 19:43:36 | 000,603,848 | R--- | M] () MD5=81B120EAEE296F0E54F66C16C5A21367 -- C:\WINDOWS\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744BA0000000010\11.0.0\services.cfg
[2013/09/05 09:04:00 | 000,559,090 | ---- | M] () MD5=8ADD48E413D05BF2E7AEC00173DDFABC -- C:\Program Files\Adobe\Reader 11.0\Reader\Services\Services.cfg

< MD5 for: SERVICES.EXE >
[2009/02/06 06:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/13 19:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2009/02/06 05:22:21 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=4712531AB7A01B7EE059853CA17D39BD -- C:\WINDOWS\$NtServicePackUninstall$\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\$hf_mig$\KB956572\SP3GDR\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\ERDNT\cache\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 06:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
[2004/08/04 06:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\i386\services.exe

< MD5 for: SERVICES.GIF >
[2012/01/06 01:48:00 | 000,001,951 | ---- | M] () MD5=3E90864401C417DCB9BAE6535128D60E -- C:\Documents and Settings\A M Rahman\Shared\CSI 118\Data solution Files for Hands on Practice\chapter4\chapter4\casestudystarters\fishcreek\services.gif
[2012/01/06 01:48:00 | 000,000,712 | ---- | M] () MD5=8D243969007556467E71285A7E0DC3C3 -- C:\Documents and Settings\A M Rahman\Shared\CSI 118\Data solution Files for Hands on Practice\chapter4\chapter4\4.3\services.gif
[2012/01/06 01:48:00 | 000,000,712 | ---- | M] () MD5=8D243969007556467E71285A7E0DC3C3 -- C:\Documents and Settings\A M Rahman\Shared\CSI 118\Data solution Files for Hands on Practice\chapter4\chapter4\4.6\services.gif
[2012/01/06 01:48:00 | 000,000,712 | ---- | M] () MD5=8D243969007556467E71285A7E0DC3C3 -- C:\Documents and Settings\A M Rahman\Shared\CSI 118\Data solution Files for Hands on Practice\chapter4\chapter4\4.7\services.gif
[2012/01/06 01:48:00 | 000,000,712 | ---- | M] () MD5=8D243969007556467E71285A7E0DC3C3 -- C:\Documents and Settings\A M Rahman\Shared\CSI 118\Data solution Files for Hands on Practice\chapter4\chapter4\4.8\services.gif
[2012/01/06 01:48:00 | 000,000,712 | ---- | M] () MD5=8D243969007556467E71285A7E0DC3C3 -- C:\Documents and Settings\A M Rahman\Shared\CSI 118\Data solution Files for Hands on Practice\chapter4\chapter4\starters\services.gif

< MD5 for: SERVICES.HTML >
[2012/01/06 01:47:00 | 000,001,191 | ---- | M] () MD5=115673EBB9BFDAE6CA2F134CDC324F03 -- C:\Documents and Settings\A M Rahman\Shared\CSI 118\Data solution Files for Hands on Practice\chapter3\chapter3\3.8\services.html
[2012/01/06 01:47:00 | 000,001,165 | ---- | M] () MD5=129805EF39C25A818C7A2237FAB9B6CB -- C:\Documents and Settings\A M Rahman\Shared\CSI 118\Data solution Files for Hands on Practice\chapter3\chapter3\3.7\services.html
[2012/01/06 01:47:00 | 000,001,121 | ---- | M] () MD5=4498DF2F73443EEF0329FB995C90DE53 -- C:\Documents and Settings\A M Rahman\Shared\CSI 118\Data solution Files for Hands on Practice\chapter3\chapter3\services.html

< MD5 for: SERVICES.ICO >
[2005/12/14 18:21:08 | 000,007,318 | ---- | M] () MD5=9443DA63ACDF55D7D153D6B22E40722E -- C:\Program Files\Yahoo!\Common\icons\services.ico

< MD5 for: SERVICES.LNK >
[2008/09/30 17:12:51 | 000,001,614 | ---- | M] () MD5=D17A948EB7AB1B7DC331B6682E567AA8 -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk

< MD5 for: SERVICES.MSC >
[2004/08/04 06:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\i386\services.msc
[2004/08/04 06:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\WINDOWS\system32\services.msc

< MD5 for: SERVICES.PNG >
[2013/06/24 12:14:02 | 000,000,540 | ---- | M] () MD5=04E27F38F331B2308A2D474C21744D97 -- C:\Program Files\Simon\share\icons\oxygen\16x16\actions\services.png
[2013/06/24 12:13:44 | 000,001,153 | ---- | M] () MD5=13E58BF4C24678C0BCCDFE10460F235D -- C:\Program Files\Simon\share\icons\oxygen\32x32\actions\services.png
[2013/06/24 12:13:52 | 000,000,722 | ---- | M] () MD5=6BAD4C08F523720DED193C096E5A59D5 -- C:\Program Files\Simon\share\icons\oxygen\22x22\actions\services.png
[2013/06/24 12:13:36 | 000,001,833 | ---- | M] () MD5=757E301CF96862914D139FF0C0C16D19 -- C:\Program Files\Simon\share\icons\oxygen\48x48\actions\services.png

< MD5 for: SERVICES.RDB >
[2010/02/01 23:16:32 | 000,262,144 | ---- | M] () MD5=00D8C85E07B0D69A27816B54E56EF85B -- C:\Program Files\OpenOffice.org 3\URE\misc\services.rdb
[2010/02/01 23:11:04 | 005,505,024 | ---- | M] () MD5=20999743CA8D1F7132B0BFCE952F2295 -- C:\Program Files\OpenOffice.org 3\Basis\program\services.rdb

< MD5 for: SERVICES.SBS >
[2010/04/19 16:25:26 | 000,033,457 | ---- | M] () MD5=3171D886B2782CE1B51E0210BCD4E50C -- C:\Program Files\Spybot - Search & Destroy\Includes\Services.sbs

< MD5 for: SVCHOST.EXE >
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2012/01/13 13:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2004/08/04 06:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\i386\svchost.exe
[2004/08/04 06:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 06:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\i386\userinit.exe
[2004/08/04 06:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 06:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\i386\winlogon.exe
[2004/08/04 06:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2012/01/13 13:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< dir "%systemdrive%\*" /S /A:L /C >
Volume in drive C is Amit's Drive
Volume Serial Number is 14A7-B1E0
Directory of C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices
10/10/2013 10:28 AM <JUNCTION> 2.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Directory of C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote
10/10/2013 10:28 AM <JUNCTION> 2.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Directory of C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices
10/10/2013 10:17 AM <JUNCTION> v4.0_4.0.0.0__b03f5f7f11d50a3a
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
3 Dir(s) 25,163,808,768 bytes free

< End of report >

Extras Txt.

OTL Extras logfile created on: 2/6/2014 9:31:30 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\A M Rahman\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.93 Gb Available Physical Memory | 46.51% Memory free
3.85 Gb Paging File | 2.96 Gb Available in Paging File | 76.99% Paging File free
Paging file location(s): C:\pagefile.sys 2048 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.54 Gb Total Space | 23.46 Gb Free Space | 16.35% Space Free | Partition Type: NTFS

Computer Name: AMRLAPTOP | User Name: A M Rahman | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- C:\Program Files\Avant Browser\avant.exe (Avant Force)

[HKEY_USERS\S-1-5-21-3146927349-1717951873-3320083228-1007\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Avant Browser\avant.exe" "%1" (Avant Force)
htmlfile [opennew] -- "C:\Program Files\Avant Browser\avant.exe" "%1" (Avant Force)
https [open] -- Reg Error: Key error.
InternetShortcut [open] -- "C:\Program Files\Avant Browser\avant.exe" "%1" (Avant Force)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistApplianMP] -- "C:\Program Files\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --playlist-enqueue "%1" ()
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithApplianMP] -- "C:\Program Files\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --no-playlist-enqueue "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"14342:TCP" = 14342:TCP:*:Enabled:Limewire
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"135:TCP" = 135:TCP:*:Enabled:DCOM
"1114:TCP" = 1114:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
"C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe" = C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\HP\QuickTest Professional\bin\AQTRmtAgent.exe" = C:\Program Files\HP\QuickTest Professional\bin\AQTRmtAgent.exe:*:Enabled:AQT Remote Agent
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe" = C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Red Eclipse\bin\reclient.exe" = C:\Program Files\Red Eclipse\bin\reclient.exe:*:Enabled:reclient -- ()
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze -- (Azureus Software, Inc)
"C:\Program Files\Megacubo\megacubo.exe" = C:\Program Files\Megacubo\megacubo.exe:*:Enabled:Megacubo
"C:\Documents and Settings\A M Rahman\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe" = C:\Documents and Settings\A M Rahman\Local Settings\Application Data\Facebook\Video\Skype\FacebookVideoCalling.exe:*:Enabled:Facebook Video Calling Plugin -- (Skype Limited)
"C:\Program Files\Logitech\Vid HD\Vid.exe" = C:\Program Files\Logitech\Vid HD\Vid.exe:*:Enabled:Logitech Vid HD -- (Logitech Inc.)
"C:\Program Files\Java\jre7\bin\javaw.exe" = C:\Program Files\Java\jre7\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Oracle Corporation)
"C:\Documents and Settings\A M Rahman\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\A M Rahman\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\Java\jdk1.7.0_45\bin\java.exe" = C:\Program Files\Java\jdk1.7.0_45\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Oracle Corporation)
"C:\Program Files\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe" = C:\Program Files\Motorola Mobility\MotoCast\bin\MotoCast-thumbnailer.exe:*:Enabled:MotoCast-thumbnailer


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0673654C-5296-453B-9798-B61CD7E03FEB}" = SES Driver
"{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}" = Scansoft PDF Professional
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0CD47142-BA4F-46B0-AA92-2675864928B8}" = Microsoft Security Client
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{13F054F3-0B07-4D15-9E80-C55B496AB557}" = Garmin Communicator Plugin
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{17B66E83-1BC9-11D5-A54A-0090278A1BB8}" = Microsoft FrontPage Client - English
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{195F2C6C-A343-4b10-B1A4-3F00AB9E9DD9}" = Fax
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1A3F6AD7-7A95-439B-BF54-F418C7CC6380}" = WebEx Recorder and Player
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20610409-CA18-41A6-9E21-A93AE82EE7C5}" = Visual Studio .NET Professional 2003 - English
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD LE
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{232DB76D-4751-41A9-9EC2-CDC0DAC1FAB6}" = WD SmartWare
"{26A24AE4-039D-4CA4-87B4-2F83216018F0}" = Java™ 6 Update 18
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 45
"{26E1BFB0-E87E-4696-9F89-B467F01F81E5}" = Broadcom Management Programs
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.1
"{28656860-4728-433C-8AD4-D1A930437BC8}" = Nuance PDF Viewer Plus
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{2B78F6F9-5C63-45AB-ABFD-DDB7946E4C39}" = Ant.com IE add-on
"{2E1DE390-879C-4291-9B68-DA032D2CC98E}" = AudioEdit Deluxe
"{2FBF04DC-404C-4FA4-BA28-99903080D2B9}" = Magnifier Powertoy for Windows XP
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{328019A7-0012-401D-96A2-4CDDD02675A8}" = Garmin POI Loader
"{32A3A4F4-B792-11D6-A78A-00B0D0170450}" = Java SE Development Kit 7 Update 45
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}" = Brother MFL-Pro Suite MFC-7460DN
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{48B0F38D-1913-44F3-99AA-D4C55A2B038E}" = Drive Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.10
"{4EC0616A-CADD-4C2F-B09E-366CE4CCDCB1}" = Integre techexplorer Hypermedia Browser
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65135558-F1AE-4B9B-8C0B-180730ACA261}" = Garmin Express
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{6855CCDD-BDF9-48E4-B80A-80DFB96FE36C}" = CmdHere Powertoy For Windows XP
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6ADD0603-16EF-400D-9F9E-486432835002}" = OpenOffice.org 3.2
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6B437F94-056F-4791-AF2C-0D10E2706AF0}" = PanoStandAlone
"{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}" = Nuance PaperPort 12
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{6EF2FDAB-7FBF-4AB9-92CD-594BDDB6A56B}" = PaperPort Image Printer
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{730E03E4-350E-48E5-9D3E-4329903D454D}" = Itibiti RTC
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{876AB032-B2A4-41FF-AF87-DBC78454C1B0}" = Garmin Update Service
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{8ED84666-3A2A-4E28-AB26-B6B65260CB86}" = Philips FunCam
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{901C0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Access 2003 Runtime
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{93765DFA-8A67-41FB-9FC0-B12341CA65F3}" = Elevated Installer
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A5EC35B-5194-421C-AF39-981DFCE3B1E9}" = BEI Payroll
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A02ED372-22FA-448B-AB6A-1B0FC23B7D08}" = ATI Catalyst Control Center
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{a1f89c34-f061-447d-ac10-b5f1896a5923}" = C4380_Help
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A403D88E-ED7D-48E3-91FD-B8C8A720EDA1}" = Microsoft Speech SDK 5.1
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.05)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B29051F5-5D7D-443e-ABE9-7CBB29EAC200}" = C4380
"{B37C842A-B624-46B8-A727-654E72F1C91A}" = Calculator Powertoy for Windows XP
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6EC7388-E277-4A5B-8C8F-71067A41BA64}" = TextPad 5
"{B702CCCE-3176-4DBF-B932-D1B8F402F330}" = Digital Content Portal
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{b9be267c-e096-4cce-a4fd-f24eec004938}" = PS_AIO_02_ProductContext
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BCE46757-7674-4416-BEDB-68205A60409E}" = Canon CanoScan Toolbox 4.1
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C233BCC3-29C4-49C0-B955-0A94509FC4FC}" = Garmin Express Tray
"{c4549405-195f-4450-8865-6be9dc5ad136}" = PS_AIO_02_Software_Min
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}" = ClearType Tuning Control Panel Applet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{cd0b9359-b716-4fd0-8e0a-09b3e312e8a4}" = PS_AIO_02_Software
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEE2252C-4035-4B27-8EC6-0B085DD3A413}" = Dell Support 3.2.1
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus® for Adobe
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D4D24FE5-FAB3-4FE2-AFFC-623955F4DF3A}" = Visual Studio.NET Baseline - English
"{D87149B3-7A1D-4548-9CBF-032B791E5908}" = Desktop Doctor
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DB0BB9FA-1B60-4036-8E29-3D56D8085256}" = WOT for Internet Explorer
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DFC6573E-124D-4026-BFA4-B433C9D3FF21}" = ISO Recorder
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)
"{e47a5c85-88a2-47d2-b380-fc2e763c2e6d}" = Garmin Express
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{EA710A0A-BF5D-433C-8EB5-D17DC54CC298}" = Microsoft Office Live Meeting 2007
"{EDF914BD-584C-48CE-8254-324201560529}" = Vuze Remote Toolbar v8.5
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{F5346614-B7C4-4E94-826A-E2363155233D}" = EasyCleaner
"{F6BA8EF2-A9F8-45B7-BD59-0A15DA9F7D68}" = Omron Health Management Software
"{F97272B4-82C4-46B2-BCF1-C4D6E8CAB3E6}" = Avery Wizard 4.0
"{FC0C72DD-A491-43FF-B377-67273E4D94D7}" = Opera 9.20
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FEE4185F-3504-4ADB-91F5-521E08232045}" = RAPTOR
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"8461-7759-5462-8226" = Vuze
"ActiveTouchMeetingClient" = Cisco WebEx Meetings
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"aignesamdeadlink" = AM-DeadLink 3.3
"alotAppbar" = ALOT Appbar
"Ant.com IE add-on" = Ant.com IE add-on
"Applian FLV and Media Player" = Applian FLV and Media Player 3.1.1.12
"ATI Display Driver" = ATI Display Driver
"AvantBrowser" = Avant Browser (remove only)
"AxCrypt" = AxCrypt (Remove Only)
"Brain Workshop_is1" = Brain Workshop 4.8.1
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CCleaner" = CCleaner
"CleanUp!" = CleanUp!
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"Defraggler" = Defraggler (remove only)
"Dia" = Dia (remove only)
"DivX Setup" = DivX Setup
"DVD Decrypter" = DVD Decrypter (Remove Only)
"EAGLE 4.09r2" = EAGLE 4.09r2
"EasyLinkAdvisor" = Linksys EasyLink Advisor 1.6 (0032)
"Electronics" = Electronics
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"Firefox Preloader_is1" = Firefox Preloader
"Freecorder Toolbar" = Freecorder Toolbar
"GIMP-2_is1" = GIMP 2.8.0
"Google Desktop" = Google Desktop
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"IE4Dev" = Microsoft Script Debugger
"ie8" = Windows Internet Explorer 8
"InfraRecorder" = InfraRecorder
"InstallShield_{48B0F38D-1913-44F3-99AA-D4C55A2B038E}" = Drive Manager
"jGRASP" = jGRASP
"LastFM_is1" = Last.fm 1.3.1.1
"Learn Electronics Part 1" = Twisted Pair Computer Based Training Learn Electronics Part 1 5.03
"LimeWire" = LimeWire 5.0.11
"Logitech Vid" = Logitech Vid HD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 26.0 (x86 en-US)" = Mozilla Firefox 26.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PowerISO" = PowerISO
"RealPlayer 15.0" = RealPlayer
"Recuva" = Recuva (remove only)
"Red Eclipse" = Red Eclipse
"Secunia PSI" = Secunia PSI (2.0.0.4003)
"Simon" = Simon (remove only)
"Speccy" = Speccy
"SpywareBlaster_is1" = SpywareBlaster 4.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"Tweak UI 2.10" = Tweak UI
"ViewpointMediaPlayer" = Viewpoint Media Player
"Visual Studio .NET Professional 2003 - English" = Microsoft Visual Studio .NET Professional 2003 - English
"VLC media player" = VLC media player 2.1.2
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"winusb0100" = Microsoft WinUsb 1.0
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Customizations" = Yahoo! Browser Services
"Yahoo! Internet Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"Zune" = Zune

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3146927349-1717951873-3320083228-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Google Chrome" = Google Chrome
"Move Media Player" = Move Media Player
"UnityWebPlayer" = Unity Web Player
"Winamp Detect" = Winamp Detector Plug-in
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 1/22/2014 1:41:31 PM | Computer Name = AMRLAPTOP | Source = ESENT | ID = 455
Description = wuaueng.dll (3952) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 1/22/2014 1:41:31 PM | Computer Name = AMRLAPTOP | Source = ESENT | ID = 485
Description = wuauclt (3952) An attempt to delete the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edbtmp.log"
failed with system error 32 (0x00000020): "The process cannot access the file because
it is being used by another process. ". The delete file operation will fail with
error -1032 (0xfffffbf8).

Error - 1/22/2014 1:41:43 PM | Computer Name = AMRLAPTOP | Source = ESENT | ID = 489
Description = wuauclt (1152) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 1/22/2014 1:41:43 PM | Computer Name = AMRLAPTOP | Source = ESENT | ID = 455
Description = wuaueng.dll (1152) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 1/22/2014 1:41:44 PM | Computer Name = AMRLAPTOP | Source = ESENT | ID = 485
Description = wuauclt (1152) An attempt to delete the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edbtmp.log"
failed with system error 32 (0x00000020): "The process cannot access the file because
it is being used by another process. ". The delete file operation will fail with
error -1032 (0xfffffbf8).

Error - 1/23/2014 1:29:22 PM | Computer Name = AMRLAPTOP | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2014/01/23 12:29:22.046]: [00001040]: CUsbScnDev: DeviceIoControl
Illegal response [0x0]

Error - 1/23/2014 9:09:36 PM | Computer Name = AMRLAPTOP | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2014/01/23 20:09:36.671]: [00001040]: CUsbScnDev: DeviceIoControl
Illegal response [0x0]

Error - 1/24/2014 12:25:05 PM | Computer Name = AMRLAPTOP | Source = WmiAdapter | ID = 4099
Description = Open of service failed.

Error - 1/29/2014 3:29:02 PM | Computer Name = AMRLAPTOP | Source = Brother BrLog | ID = 1001
Description = STI BrtSTI: [2014/01/29 14:29:02.000]: [00001800]: CUsbScnDev: DeviceIoControl
Illegal response [0x0]

Error - 1/30/2014 2:25:11 AM | Computer Name = AMRLAPTOP | Source = Microsoft Office 12 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Office Outlook.

[ OSession Events ]
Error - 11/3/2011 4:19:08 PM | Computer Name = AMRLAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 326
seconds with 180 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 2/1/2014 5:56:17 PM | Computer Name = AMRLAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service gupdate with
arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error - 2/1/2014 8:28:07 PM | Computer Name = AMRLAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service MSIServer with
arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

Error - 2/1/2014 10:56:29 PM | Computer Name = AMRLAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service gupdate with
arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error - 2/1/2014 11:28:01 PM | Computer Name = AMRLAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service MSIServer with
arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

Error - 2/2/2014 9:56:48 AM | Computer Name = AMRLAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service gupdate with
arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error - 2/2/2014 11:28:08 AM | Computer Name = AMRLAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service MSIServer with
arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

Error - 2/2/2014 4:56:09 PM | Computer Name = AMRLAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service gupdate with
arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error - 2/2/2014 5:28:05 PM | Computer Name = AMRLAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service MSIServer with
arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

Error - 2/2/2014 8:28:01 PM | Computer Name = AMRLAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service MSIServer with
arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

Error - 2/2/2014 9:56:27 PM | Computer Name = AMRLAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service gupdate with
arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}


< End of report >


MBR txt


aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-02-06 22:36:42
-----------------------------
22:36:42.031 OS Version: Windows 5.1.2600 Service Pack 3
22:36:42.031 Number of processors: 2 586 0xE08
22:36:42.031 ComputerName: AMRLAPTOP UserName:
22:36:51.109 Initialize success
22:51:24.921 AVAST engine defs: 14020601
22:51:48.218 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
22:51:48.218 Disk 0 Vendor: SAMSUNG_HM160JI AD100-12 Size: 152627MB BusType: 3
22:51:48.531 Disk 0 MBR read successfully
22:51:48.546 Disk 0 MBR scan
22:51:48.671 Disk 0 unknown MBR code
22:51:48.671 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 47 MB offset 63
22:51:48.734 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 146985 MB offset 96390
22:51:48.781 Disk 0 Partition - 00 0F Extended LBA 2047 MB offset 301122360
22:51:48.812 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 3545 MB offset 305315325
22:51:48.875 Disk 0 Partition 4 00 DD MSWIN4.1 2047 MB offset 301122423
22:51:49.171 Disk 0 scanning sectors +312576705
22:51:49.421 Disk 0 scanning C:\WINDOWS\system32\drivers
22:53:00.156 Service scanning
22:53:49.218 Service MpKsl70f69cfe c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8B355923-B1E3-49D7-B20C-B7BFB13F67B2}\MpKsl70f69cfe.sys **LOCKED** 32
22:54:54.484 Modules scanning
22:55:24.578 Disk 0 trace - called modules:
22:55:24.593 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
22:55:24.609 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8aab0ab8]
22:55:24.609 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\0000006d[0x8aac7d88]
22:55:24.609 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8aabe940]
22:55:30.218 AVAST engine scan C:\WINDOWS
22:55:50.437 AVAST engine scan C:\WINDOWS\system32
23:14:52.875 AVAST engine scan C:\WINDOWS\system32\drivers
23:16:19.562 AVAST engine scan C:\Documents and Settings\A M Rahman
01:03:17.421 File: C:\Documents and Settings\A M Rahman\Shared\dds.scr **INFECTED** Win32:Malware-gen
01:22:21.812 AVAST engine scan C:\Documents and Settings\All Users
01:36:19.078 Scan finished successfully
01:46:42.375 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\A M Rahman\Desktop\MBR.dat"
01:46:42.406 The log file has been saved successfully to "C:\Documents and Settings\A M Rahman\Desktop\aswMBR.txt"

[pystryker]

Hello You're very welcome. I have your logs, but it will be this evening before I can get started on them. No worries though, we'll get this
whipped.

[baltimoredude1]

No problem take your time.

[pystryker]

Hi

I just wanted to update you. I've submitted my fix, and I'm awaiting my teacher to approve it, then we'll get started getting rid of the junk.

[pystryker]

Hello, we have some work to do, so let's get started.

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.



Step 1: P2P Warning and Program Uninstall


The Dangers of P2P Programs

I noticed that you have a P2P file sharing program on your computer . I cannot stress highly enough the danger in using these types of programs. P2P programs are one of the major avenues of infection these days. The files downloaded with these programs are more likely than not infected with trojans, malware, rootkits, etc.

You run the risk of getting an infection that can compromise your sensitive data, such as financial records, personal information, etc. That is just the infection aspect of using P2P programs. You also run the risk of possible arrest, fines, or in severe cases, jail time for illegal downloading of copyrighted material.

Here are some information sources about the dangers of P2P programs:

FBI - Peer to Peer Scams

USA Today Artticle on P2P Programs

File Sharing Infects 500,000 Computers

I very much recommend you uninstall this program from your machine. If not, I can guarantee you will be back needing help with your machine again. The risks of infections from content downloaded with P2P programs far outweigh any benefit of using them.

It is, of course, your choice as to whether or not you remove the program from your machine. It is my duty though, to point out how dangerous it is to use these programs. However, I must request that you do not use it while we are cleaning your machine.



Please uninstall the following program from your computer:

ALOT Appbar



Step 2: OTL Fix


Let's run an OTL fix:

Warning: This fix is to be used on this system and this system ONLY. Using this fix on any other machine other than yours can seriously damage it.

Be advised that when the fix commences, it will shut down all running processes and you may lose the desktop and icons, they will return on reboot.

Run OTL by double clicking it (Windows Vista, Windows 7, and 8, right click and select "Run as Administrator)

• Copy the text in the quote box below (do not copy the word "quote") and paste in the in the box marked Custom Scans/Fixes as shown in the graphic below.

:Commands
[createrestorepoint]

:OTL
SRV - (Application Updater) -- C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.c...Date=06/11/2013
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.c...Date=06/11/2013
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://feed.snapdo.c...Date=06/11/2013
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snapdo.c...Date=06/11/2013
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snapdo.c...Date=06/11/2013
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKU\S-1-5-19\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.c...Date=06/11/2013
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.c...Date=06/11/2013
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.c...Date=06/11/2013
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://feed.snapdo.c...Date=06/11/2013
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snapdo.c...Date=06/11/2013
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snapdo.c...Date=06/11/2013
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKU\S-1-5-20\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snapdo.c...Date=06/11/2013
IE - HKU\S-1-5-21-3146927349-1717951873-3320083228-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.c...Date=06/11/2013
IE - HKU\S-1-5-21-3146927349-1717951873-3320083228-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.c...Date=06/11/2013
IE - HKU\S-1-5-21-3146927349-1717951873-3320083228-1007\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snapdo.c...Date=06/11/2013
IE - HKU\S-1-5-21-3146927349-1717951873-3320083228-1007\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snapdo.c...Date=06/11/2013
[2012/05/30 11:19:08 | 000,000,000 | ---D | M] (ALOT Appbar) -- C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\extensions\[email protected]
[2013/12/17 22:21:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\alot-appbar
O2 - BHO: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll (Conduit Ltd.)
O2 - BHO: (ALOT Appbar Helper) - {85F5CF95-EC8F-49fc-BB3F-38C79455CBA2} - C:\Program Files\alotappbar\bin\BHO\ALOTHelperBHO.dll (Vertro, Inc)
O3 - HKLM\..\Toolbar: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3146927349-1717951873-3320083228-1007\..\Toolbar\ShellBrowser: (Freecorder Toolbar) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files\Freecorder\tbFree.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3146927349-1717951873-3320083228-1007\..\Toolbar\WebBrowser: (Freecorder Toolbar) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files\Freecorder\tbFree.dll (Conduit Ltd.)
[2012/06/23 13:31:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A M Rahman\Application Data\alotappbar
[2012/05/30 11:16:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A M Rahman\Application Data\alotservice
[2013/02/11 22:16:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A M Rahman\Application Data\OpenCandy
[2009/01/03 18:33:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Extensions\{6334D996-EA3E-4a0e-AA8D-15BA56B37241}
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O15 - HKU\S-1-5-21-3146927349-1717951873-3320083228-1007\..Trusted Domains: yahoo.com ([us-mg5.mail] https in Trusted sites)

:Files
C:\Program Files\Application Updater
C:\WINDOWS\system32\quartz.dll ()
C:\Documents and Settings\A M Rahman\Shared\dds.scr

:Commands
[emptytemp]
[resethosts]

• Click the Run Fix button at the top of the OTL control panel.
  
• Let the program run until it's finished and then reboot the computer.
  
• Once your machine has rebooted, a log will open. Please post that log in your next reply.

If you have any problems, questions, or need further explanation, please post a message in this thread and I will get back to you asap.


Step 3: AdwCleaner


Download ADWcleaner by clicking here. Please save it to your Desktop

• Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
  
• Close any open windows or browsers.
  
• Pause your Anti-Virus program if it is running.
  
• Once it starts, click on the Scan button.
  
• Let the scan complete itself. This may take a few minutes.
  
• Once the scan has finished, "Pending, uncheck elements you don't want to remove."
  click the Clean button. When finished, it will ask to reboot. Please reboot.
  
• When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
  
• Click the Report button and the log will open. Copy and Paste the contents of the log file into your next reply.

This report is also saved at C:\AdwCleaner[R0].txt

Step 4: Junkware Removal Tool


Please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
• The tool will open and start scanning your system.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Post the contents of JRT.txt into your next message.

Step 5: OTL Quick Scan

• Start OTL and this time click the Quick Scan button
  
• OTL will scan your system and produce one log when finished.
  
• Please post that log in your next reply.

Step 6: Reset Your Firewall


Click on Start and then Run. Copy the contents of the quote box below and paste it in the box. Click OK.

firewall.cpl

Click on the Advanced tab then Restore Defaults. When prompted click on Yes then Ok

Now click on the General tab and On(recommended) is selected then click Ok


Things I need to see in your next post:

OTL Fix Log

AdwCleaner Log

Junkware Removal Tool Log

OTL Quick Scan Log

Question: How is the computer running?

[baltimoredude1]

Ok I will go ahead and do what you recommended? One question when you said P2P, what service are you talking about. thanks

[pystryker]

Ok I will go ahead and do what you recommended? One question when you said P2P, what service are you talking about. thanks

P2P's are Peer to Peer programs. File sharing programs like Limewire and the like. We warn against them, as they are great for getting machines infected.

[baltimoredude1]

Are you talking about Limewire?

[pystryker]

Are you talking about Limewire?

Yes.

[baltimoredude1]

ok I do not use the limewire, it's been sitting as lame duck but I will remove it though. Here are the logs. The computer is running a little bit better but still having some problems like loading google chrome browser, and when I try to unload a program from Control Panel Add/remove Program, it takes a long time open,which was not the case earlier. Here are the logs.

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Service Application Updater stopped successfully!
Service Application Updater deleted successfully!
C:\Program Files\Application Updater\ApplicationUpdater.exe moved successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ not found.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ not found.
HKU\S-1-5-21-3146927349-1717951873-3320083228-1007\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKU\S-1-5-21-3146927349-1717951873-3320083228-1007\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKU\S-1-5-21-3146927349-1717951873-3320083228-1007\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!
HKU\S-1-5-21-3146927349-1717951873-3320083228-1007\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\extensions\[email protected]\META-INF folder moved successfully.
C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\extensions\[email protected]\gen folder moved successfully.
C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\extensions\[email protected]\defaults\preferences folder moved successfully.
C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\extensions\[email protected]\defaults folder moved successfully.
C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\extensions\[email protected]\components folder moved successfully.
C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\extensions\[email protected]\chrome folder moved successfully.
C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\extensions\[email protected] folder moved successfully.
C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\alot-appbar\searchplugins folder moved successfully.
C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\alot-appbar\extensions folder moved successfully.
C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\alot-appbar folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\ deleted successfully.
C:\Program Files\Freecorder\tbFree.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{85F5CF95-EC8F-49fc-BB3F-38C79455CBA2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85F5CF95-EC8F-49fc-BB3F-38C79455CBA2}\ not found.
File C:\Program Files\alotappbar\bin\BHO\ALOTHelperBHO.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{1392b8d2-5c05-419f-a8f6-b9f15a596612} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\ not found.
File C:\Program Files\Freecorder\tbFree.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3146927349-1717951873-3320083228-1007\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{1392B8D2-5C05-419F-A8F6-B9F15A596612} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392B8D2-5C05-419F-A8F6-B9F15A596612}\ not found.
File C:\Program Files\Freecorder\tbFree.dll not found.
Registry value HKEY_USERS\S-1-5-21-3146927349-1717951873-3320083228-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1392B8D2-5C05-419F-A8F6-B9F15A596612} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1392B8D2-5C05-419F-A8F6-B9F15A596612}\ not found.
File C:\Program Files\Freecorder\tbFree.dll not found.
Folder C:\Documents and Settings\A M Rahman\Application Data\alotappbar\ not found.
Folder C:\Documents and Settings\A M Rahman\Application Data\alotservice\ not found.
C:\Documents and Settings\A M Rahman\Application Data\OpenCandy\OpenCandy_5017BD667F024D97A572C15FFE1C956D folder moved successfully.
C:\Documents and Settings\A M Rahman\Application Data\OpenCandy\5017BD667F024D97A572C15FFE1C956D folder moved successfully.
C:\Documents and Settings\A M Rahman\Application Data\OpenCandy folder moved successfully.
C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Extensions\{6334D996-EA3E-4a0e-AA8D-15BA56B37241} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_USERS\S-1-5-21-3146927349-1717951873-3320083228-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\yahoo.com\us-mg5.mail\ deleted successfully.
========== FILES ==========
C:\Program Files\Application Updater folder moved successfully.
File\Folder C:\WINDOWS\system32\quartz.dll () not found.
C:\Documents and Settings\A M Rahman\Shared\dds.scr moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: A M Rahman
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1982598 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 253486728 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 2501 bytes

User: All Users

User: Dad
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56468 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes
->Flash cache emptied: 343 bytes

User: NetworkService
->Temp folder emptied: 32802 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Someone else
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 5 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3624725 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 291465000 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 525.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.69.0 log created on 02092014_002351

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\NDP1.1sp1-KB2833941-X86\NDP1.1sp1-KB2833941-X86-msi.0.log not found!
File\Folder C:\WINDOWS\temp\NDP1.1sp1-KB2833941-X86\NDP1.1sp1-KB2833941-X86-wrapper.log not found!
File\Folder C:\WINDOWS\temp\MPInstrumentation\client_manifest.txt not found!
File\Folder C:\WINDOWS\temp\MPInstrumentation\watson_manifest.txt not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


AdwCleaner

# AdwCleaner v3.018 - Report created 09/02/2014 at 01:02:50
# Updated 28/01/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : A M Rahman - AMRLAPTOP
# Running from : C:\Documents and Settings\A M Rahman\Desktop\adwcleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\ABE\Extensions\[email protected]
File Found : C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\adblockplus\Extensions\[email protected]
File Found : C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\bookmarkbackups\Extensions\[email protected]
File Found : C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\browserbackgrounds\Extensions\[email protected]
File Found : C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\extensions\Extensions\[email protected]
File Found : C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\foxtab\Extensions\[email protected]
File Found : C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\FVD Single\Extensions\[email protected]
File Found : C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\gm_scripts\Extensions\[email protected]
File Found : C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\gmanager\Extensions\[email protected]
File Found : C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\GoogleToolbarData\Extensions\[email protected]
File Found : C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\jetpack\Extensions\[email protected]
File Found : C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\minidumps\Extensions\[email protected]
File Found : C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\morningCoffee\Extensions\[email protected]
File Found : C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\searchplugins\Extensions\[email protected]
File Found : C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\sxipper2\Extensions\[email protected]
File Found : C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\weave\Extensions\[email protected]
File Found : C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\webapps\Extensions\[email protected]
File Found : C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\WOT\Extensions\[email protected]
File Found : C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\y1ck9lhx.default\Extensions\[email protected]
Folder Found : C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\y1ck9lhx.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Folder Found C:\Documents and Settings\A M Rahman\Application Data\Search Settings
Folder Found C:\Documents and Settings\A M Rahman\Local Settings\Application Data\Freecorder
Folder Found C:\Documents and Settings\A M Rahman\Local Settings\Application Data\PackageAware
Folder Found C:\Documents and Settings\A M Rahman\Local Settings\Application Data\Smartbar
Folder Found C:\Documents and Settings\All Users\Application Data\boost_interprocess
Folder Found C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Found C:\Documents and Settings\Someone else\Application Data\Search Settings
Folder Found C:\Program Files\Common Files\spigot
Folder Found C:\Program Files\Freecorder
Folder Found C:\Program Files\Viewpoint
Folder Found C:\Program Files\Vuze
Folder Found C:\Program Files\Vuze Remote toolbar

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\Search Settings
Key Found : HKCU\Software\Freecorder
Key Found : HKCU\Software\Microsoft\SystemCertificates\TrustedPublisher\Certificates\7EE743314C844C7F445B8B1D7617612DF1FDD50F
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{05478A66-EDB6-4A22-A870-A5987F80A7DA}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1392B8D2-5C05-419F-A8F6-B9F15A596612}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{05478A66-EDB6-4A22-A870-A5987F80A7DA}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1392B8D2-5C05-419F-A8F6-B9F15A596612}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Orbit
Key Found : HKCU\Software\Search Settings
Key Found : HKCU\Software\smartbar
Key Found : HKCU\Software\smartbarbackup
Key Found : HKCU\Software\smartbarlog
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\Software\Application Updater
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{05478A66-EDB6-4A22-A870-A5987F80A7DA}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.bho
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
Key Found : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Found : HKLM\Software\Freecorder
Key Found : HKLM\Software\MetaStream
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
Key Found : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SearchSettings
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\alotAppbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Freecorder Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{05478A66-EDB6-4A22-A870-A5987F80A7DA}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\alotAppbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Freecorder Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Found : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Found : HKLM\Software\Search Settings
Key Found : HKLM\Software\Viewpoint
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{05478A66-EDB6-4A22-A870-A5987F80A7DA}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{05478A66-EDB6-4A22-A870-A5987F80A7DA}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Vuze\Azureus.exe]

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\9uekjrfi.default-1390412299265\prefs.js ]


[ File : C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\ABE\prefs.js ]


[ File : C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\adblockplus\prefs.js ]


[ File : C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\bookmarkbackups\prefs.js ]


[ File : C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\browserbackgrounds\prefs.js ]


[ File : C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\extensions\prefs.js ]


[ File : C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\foxtab\prefs.js ]


[ File : C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\FVD Single\prefs.js ]


[ File : C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\gmanager\prefs.js ]


[ File : C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\gm_scripts\prefs.js ]


[ File : C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\GoogleToolbarData\prefs.js ]


[ File : C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\healthreport\prefs.js ]


[ File : C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\indexedDB\prefs.js ]


[ File : C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\jetpack\prefs.js ]


[ File : C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\minidumps\prefs.js ]


[ File : C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\morningCoffee\prefs.js ]


[ File : C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\searchplugins\prefs.js ]


[ File : C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\sxipper2\prefs.js ]


[ File : C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\weave\prefs.js ]


[ File : C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\webapps\prefs.js ]


[ File : C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\WOT\prefs.js ]


[ File : C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\y1ck9lhx.default\prefs.js ]

Line Found : user_pref("avg.toolbar.websearchlink", "hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avgb");
Line Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q=");
Line Found : user_pref("extensions.asktb.cbid", "W9");
Line Found : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://www.ask.com/web?q={query}&o={o}&l={l}&qsrc={qsrc}");
Line Found : user_pref("extensions.asktb.fresh-install", false);
Line Found : user_pref("extensions.asktb.l", "dis");
Line Found : user_pref("extensions.asktb.last-config-req", "1237479816151");
Line Found : user_pref("extensions.asktb.locale", "en_US");
Line Found : user_pref("extensions.asktb.o", "14201");
Line Found : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
Line Found : user_pref("extensions.asktb.qsrc", "2871");
Line Found : user_pref("extensions.asktb.r", "2");
Line Found : user_pref("extensions.snipit.askTbInstalled", true);
Line Found : user_pref("surfcanyon.inst_id", "MZ6829289786178087572714715482608");
Line Found : user_pref("surfcanyon.last_seen_splash", "112");

-\\ Google Chrome v

[ File : C:\Documents and Settings\A M Rahman\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [17095 octets] - [09/02/2014 01:02:50]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [17156 octets] ##########


Log for JRT

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Microsoft Windows XP x86
Ran by A M Rahman on Sun 02/09/2014 at 1:37:21.54
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Documents and Settings\A M Rahman\Application Data\mozilla\firefox\profiles\y1ck9lhx.default\prefs.js

user_pref("avg.toolbar.buttons_icon", ",,chrome://avg/skin/safesurf.png,chrome://avg/skin/safesurf.png,chrome://avg/skin/safesearch.png,chrome://avg/skin/avglinks.png,chrome:/
user_pref("extensions.customizegoogle.cookies.SafeSearch", "empty");
user_pref("extensions.customizegoogle.cookies.enableSafeSearch", false);
user_pref("google.toolbar.button_option.cached.gtbSearchBooks", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\" id=\"gtbSearchBooks\" t
user_pref("google.toolbar.button_option.cached.gtbSearchCalendar", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\" id=\"gtbSearchCalend
user_pref("google.toolbar.button_option.cached.gtbSearchDocs", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\" id=\"gtbSearchDocs\" too
user_pref("google.toolbar.button_option.cached.gtbSearchFinance", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\" id=\"gtbSearchFinance
user_pref("google.toolbar.button_option.cached.gtbSearchPatents", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\" id=\"gtbSearchPatents
user_pref("google.toolbar.button_option.cached.gtbSearchPhotos", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\" id=\"gtbSearchPhotos\"
user_pref("google.toolbar.button_option.cached.gtbSearchScholar", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\" id=\"gtbSearchScholar
user_pref("google.toolbar.button_option.cached.gtbSearchVideo", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul\" id=\"gtbSearchVideo\" t
user_pref("google.toolbar.button_option.cached.gtbstoolbar-google-com_CTK0Y7F4MTG6NKYH03WT-xml", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.o
user_pref("google.toolbar.button_option.cached.gtbstoolbar-google-com_J66T77NJDBMW4FEUU7FA-xml", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.o
user_pref("google.toolbar.button_option.cached.gtbswww-dell-com_K3H8LPHVET8G1EW4VPE2-xml", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.only.xu
user_pref("google.toolbar.button_option.cached.gtbuimages-sourceforge-net_CRSK471HJ257HUGGNSE4-xml", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.
user_pref("google.toolbar.button_option.cached.gtbuwww-free-to-try-com_AQS1XEAL236L1H0KFEP1-xml", "<toolbarbutton xmlns=\"hxxp://www.mozilla.org/keymaster/gatekeeper/there.is.
user_pref("google.toolbar.search-icon", "data:image/x-icon;base64,AAABAAEAEBAAAAEAIABoBAAAFgAAACgAAAAQAAAAIAAAAAEAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7PT7/3zF6/9Ptu//RbHx/
user_pref("google.toolbar.trseenlist", "ioYZ24bSIqO2KpmqAnjuGQ==,F3xo71SySLxgriqD7NQHMg==,FcfBxAZcSm7wx0LXaz1jbA==,sODZSFEdMaHWPafUdUrEPw==,fFI7x54NHsgCEmOCElJgNA==,4pcc7IhY/X
Emptied folder: C:\Documents and Settings\A M Rahman\Application Data\mozilla\firefox\profiles\y1ck9lhx.default\minidumps [1 files]



~~~ Chrome

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 02/09/2014 at 1:42:31.21
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

finally OTL log

OTL logfile created on: 2/9/2014 2:07:46 AM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\A M Rahman\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.31 Gb Available Physical Memory | 65.48% Memory free
3.85 Gb Paging File | 3.36 Gb Available in Paging File | 87.21% Paging File free
Paging file location(s): C:\pagefile.sys 2048 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.54 Gb Total Space | 23.45 Gb Free Space | 16.34% Space Free | Partition Type: NTFS

Computer Name: AMRLAPTOP | User Name: A M Rahman | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\A M Rahman\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - c:\Program Files\Zune\ZuneBusEnum.exe (Microsoft Corporation)
PRC - C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe (Nuance Communications, Inc.)
PRC - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\FirefoxPreloader\FirefoxPreloader.exe (6XGate Incorporated)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\WINDOWS\system32\bcm1xsup.dll ()


========== Services (SafeList) ==========

SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Garmin Core Update Service) -- C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe (Garmin Ltd or its subsidiaries)
SRV - (Skype C2C Service) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (UMVPFSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (Secunia PSI Agent) -- C:\Program Files\Secunia\PSI\psia.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Program Files\Secunia\PSI\sua.exe (Secunia)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SRV - (ZuneWlanCfgSvc) -- c:\Program Files\Zune\ZuneWlanCfgSvc.exe (Microsoft Corporation)
SRV - (WMZuneComm) -- c:\Program Files\Zune\WMZuneComm.exe (Microsoft Corporation)
SRV - (ZuneNetworkSvc) -- c:\Program Files\Zune\ZuneNss.exe (Microsoft Corporation)
SRV - (ZuneBusEnum) -- c:\Program Files\Zune\ZuneBusEnum.exe (Microsoft Corporation)
SRV - (AntUpdaterService) -- C:\Program Files\Ant.com\IE add-on\AntUpdaterService.exe (Ant.com)
SRV - (PDFProFiltSrvPP) -- C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe (Nuance Communications, Inc.)
SRV - (BrYNSvc) -- C:\Program Files\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
SRV - (WDDMService) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
SRV - (WDSmartWareBackgroundService) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe (Memeo)
SRV - (getPlus® -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (NOS Microsystems Ltd.)
SRV - (aawservice) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
SRV - (sprtsvc_ddoctorv2) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (Basics Service) -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe (Seagate Technology LLC)
SRV - (Imapi Helper) -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe (Alex Feinman)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (wanatw) -- system32\DRIVERS\wanatw4.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (CSS DVP) -- system32\DRIVERS\css-dvp.sys File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\DOCUME~1\AMRAHM~1\LOCALS~1\Temp\catchme.sys File not found
DRV - (LVUVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.)
DRV - (CompFilter) -- C:\WINDOWS\system32\drivers\lvbusflt.sys (Logitech Inc.)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (PSI) -- C:\WINDOWS\system32\drivers\psi_mf.sys (Secunia)
DRV - (BrUsbSIb) -- C:\WINDOWS\system32\drivers\BrUsbSib.sys (Brother Industries Ltd.)
DRV - (BrSerIb) -- C:\WINDOWS\system32\drivers\BrSerIb.sys (Brother Industries Ltd.)
DRV - (WDC_SAM) -- C:\WINDOWS\system32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (SCDEmu) -- C:\WINDOWS\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (WinUSB) -- C:\WINDOWS\system32\drivers\winusb.sys (Microsoft Corporation)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (DSproct) -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys (GTek Technologies Ltd.)
DRV - (VMnetAdapter) -- C:\WINDOWS\system32\drivers\vmnetadapter.sys (VMware, Inc.)
DRV - (APPDRV) -- C:\WINDOWS\system32\drivers\APPDRV.SYS (Dell Inc)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)
DRV - (omci) -- C:\WINDOWS\system32\drivers\omci.sys (Dell Inc)
DRV - (RRamdisk) -- C:\WINDOWS\system32\drivers\rramdisk.sys (gavotte)
DRV - (SNDM360) -- C:\WINDOWS\system32\drivers\sndm360.sys ()
DRV - (ASPI) -- C:\WINDOWS\system32\drivers\ASPI32.SYS (Adaptec)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.minituner.org/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.minituner.org/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.minituner.org/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://search.minituner.org/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.minituner.org/
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = about:Tabs [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A0 7E 91 F8 A5 1C CF 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7Bb1df372d-8b32-4c7d-b6b4-9c5b78cf6fb1%7D:0.87
FF - prefs.js..extensions.enabledAddons: translator%40zoli.bod:2.1.0.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\A M Rahman\Application Data\Move Networks\plugins\npqmp071706000001.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\PROGRA~1\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\A M Rahman\Application Data\Move Networks\plugins\npqmp071706000001.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\A M Rahman\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\A M Rahman\Local Settings\Application Data\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\A M Rahman\Local Settings\Application Data\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\A M Rahman\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Documents and Settings\A M Rahman\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/08/20 14:04:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013/02/11 22:29:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/12/23 02:17:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/12/23 02:18:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\A M Rahman\Application Data\Move Networks [2010/02/18 22:18:14 | 000,000,000 | ---D | M]

[2009/02/06 15:40:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Extensions
[2009/02/06 15:40:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Extensions\[email protected]
[2014/02/09 01:07:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\extensions
[2013/05/21 08:46:56 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013/06/22 15:29:15 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013/06/24 21:39:20 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
[2013/04/23 22:33:56 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\extensions\[email protected]
[2014/02/09 01:07:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\extensions\extensions
[2013/10/29 23:37:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\extensions\searchplugins
[2014/02/08 08:36:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\9uekjrfi.default-1390412299265\extensions
[2014/01/22 12:40:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\9uekjrfi.default-1390412299265\bookmarkbackups\extensions
[2014/02/09 01:07:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\ABE\extensions
[2014/02/09 01:07:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\adblockplus\extensions
[2014/02/09 01:07:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\bookmarkbackups\extensions
[2014/02/09 01:07:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\browserbackgrounds\extensions
[2014/02/09 01:07:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\foxtab\extensions
[2014/02/09 01:07:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\FVD Single\extensions
[2014/02/09 01:07:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\gm_scripts\extensions
[2014/02/09 01:07:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\gmanager\extensions
[2014/02/09 01:07:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\GoogleToolbarData\extensions
[2013/12/17 22:21:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\healthreport\extensions
[2013/12/17 22:21:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\indexedDB\extensions
[2014/02/09 01:07:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\jetpack\extensions
[2014/02/09 01:07:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\minidumps\extensions
[2014/02/09 01:07:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\morningCoffee\extensions
[2014/02/09 01:07:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\searchplugins\extensions
[2014/02/09 01:07:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\sxipper2\extensions
[2014/02/09 01:07:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\weave\extensions
[2014/02/09 01:07:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\webapps\extensions
[2014/02/09 01:07:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\WOT\extensions
[2014/02/09 01:07:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\y1ck9lhx.default\extensions
[2010/04/16 14:00:03 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\y1ck9lhx.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/08/20 15:12:40 | 000,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\y1ck9lhx.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2010/05/19 01:00:39 | 000,000,000 | ---D | M] ("Walnut for Firefox") -- C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\y1ck9lhx.default\extensions\{5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}
[2009/04/08 22:44:22 | 000,000,000 | ---D | M] (Media Converter) -- C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\y1ck9lhx.default\extensions\{6e764c17-863a-450f-bdd0-6772bd5aaa18}
[2008/11/19 01:11:50 | 000,000,000 | ---D | M] (Free eBook Search) -- C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\y1ck9lhx.default\extensions\{7585C31E-1E94-4498-ACEC-CB913A05FC52}
[2009/06/12 11:54:14 | 000,000,000 | ---D | M] (IE Tab) -- C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\y1ck9lhx.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2010/05/19 01:00:56 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\y1ck9lhx.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/02/27 02:55:25 | 000,000,000 | ---D | M] ("CoolPreviews") -- C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\y1ck9lhx.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}
[2009/11/30 19:58:38 | 000,000,000 | ---D | M] (Black Steel) -- C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\y1ck9lhx.default\extensions\{e2c58150-9d72-11dd-ad8b-0800200c9a66}
[2009/08/25 10:41:05 | 000,000,000 | ---D | M] (RedShift V3) -- C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\y1ck9lhx.default\extensions\[email protected]
[2010/03/05 17:38:30 | 000,000,000 | ---D | M] (Sxipper) -- C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\y1ck9lhx.default\extensions\[email protected]
[2014/02/08 01:30:16 | 000,079,187 | ---- | M] () (No name found) -- C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\9uekjrfi.default-1390412299265\extensions\[email protected]
[2014/02/08 01:25:18 | 000,245,133 | ---- | M] () (No name found) -- C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\9uekjrfi.default-1390412299265\extensions\[email protected]
[2014/02/08 08:36:34 | 000,060,290 | ---- | M] () (No name found) -- C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\9uekjrfi.default-1390412299265\extensions\[email protected]
[2014/02/08 08:36:34 | 000,039,512 | ---- | M] () (No name found) -- C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\9uekjrfi.default-1390412299265\extensions\{b1df372d-8b32-4c7d-b6b4-9c5b78cf6fb1}.xpi
[2014/01/23 22:55:38 | 000,940,775 | ---- | M] () (No name found) -- C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\9uekjrfi.default-1390412299265\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/06/24 21:39:20 | 000,304,556 | ---- | M] () (No name found) -- C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\extensions\[email protected]
[2013/06/23 06:44:35 | 000,304,615 | ---- | M] () (No name found) -- C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\extensions\[email protected]
[2013/03/26 08:45:58 | 000,226,606 | ---- | M] () (No name found) -- C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\extensions\[email protected]
[2011/07/29 08:33:06 | 000,006,796 | ---- | M] () (No name found) -- C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\extensions\[email protected]
[2013/06/24 21:39:20 | 000,534,298 | ---- | M] () (No name found) -- C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013/02/12 23:49:32 | 000,328,332 | ---- | M] () (No name found) -- C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}.xpi
[2013/05/09 20:46:44 | 000,870,680 | ---- | M] () (No name found) -- C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/04/21 21:56:02 | 000,765,412 | ---- | M] () (No name found) -- C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2013/12/23 02:17:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/12/23 02:17:31 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2013/12/23 02:17:38 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/12/23 02:17:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/12/23 02:17:16 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/12/23 02:24:13 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2011/09/15 10:33:39 | 000,113,976 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\mozilla firefox\plugins\atgpcdec.dll
[2013/12/05 13:04:47 | 000,610,832 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\mozilla firefox\plugins\atgpcext.dll
[2010/07/29 10:02:27 | 000,046,408 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\atmccli.dll
[2010/07/29 10:02:35 | 000,099,224 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\ieatgpc.dll
[2010/07/29 10:02:05 | 000,061,848 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\npatgpc.dll
[2009/01/10 00:00:18 | 000,056,576 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2012/08/20 14:04:20 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2012/06/28 10:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - Extension: Learn French - Tr\u00E8s Bien = C:\Documents and Settings\A M Rahman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aeifanonhefcaphaeeknpklkfnjjmpec\1.80.1_0\
CHR - Extension: BIODIGITAL HUMAN = C:\Documents and Settings\A M Rahman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak\0.9.5_0\
CHR - Extension: HD for YouTube\u2122 = C:\Documents and Settings\A M Rahman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\akjbfncbadcmnkopckegnmjgihagponf\1.5_0\
CHR - Extension: Facebook Video Downloader = C:\Documents and Settings\A M Rahman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\amjcoehkcacocffpmhnefgoeanepjfkf\1.4_0\
CHR - Extension: Google Docs = C:\Documents and Settings\A M Rahman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Documents and Settings\A M Rahman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: WOT = C:\Documents and Settings\A M Rahman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\2.4.6_0\
CHR - Extension: YouTube = C:\Documents and Settings\A M Rahman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: BuzzMath = C:\Documents and Settings\A M Rahman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dekgplobenhhgdanccadonnejajokmbf\1.2_0\
CHR - Extension: Facebook Unseen = C:\Documents and Settings\A M Rahman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dmdhkalcecemojegheiohcghkamlipof\0.0.0.3_0\
CHR - Extension: Facebook Theme Creator = C:\Documents and Settings\A M Rahman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ecnnffhckagcpoimngfooggeilkhlnnh\3.0.9_0\
CHR - Extension: Photo Zoom for Facebook = C:\Documents and Settings\A M Rahman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi\1.1312.1.2_0\
CHR - Extension: Go to IMDb = C:\Documents and Settings\A M Rahman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fipkcplmpmhcmfgkgahliaabodplkjio\1.2.6_0\
CHR - Extension: C++ Tutorial = C:\Documents and Settings\A M Rahman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fpkdcihamnidijdfmjeckahccaphlofi\1.0_0\
CHR - Extension: enggHeads e-CircuitBox = C:\Documents and Settings\A M Rahman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gdmiejflllpkdilofdhppkpikphgpcgd\2_0\
CHR - Extension: AdBlock = C:\Documents and Settings\A M Rahman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.18_0\
CHR - Extension: LastPass = C:\Documents and Settings\A M Rahman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\3.0.22_0\
CHR - Extension: wikiHow Survival Kit = C:\Documents and Settings\A M Rahman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ickaeddjnhfofihhibhnjemlphjmnchl\1.0.4_0\
CHR - Extension: Wolfram|Alpha (Official) = C:\Documents and Settings\A M Rahman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icncamkooinmbehmkeilcccmoljfkdhp\1.2.2_0\
CHR - Extension: Cargo Bridge = C:\Documents and Settings\A M Rahman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\keembkgclppcbilkekfgpobhldjjhpmn\1.5.7_0\
CHR - Extension: Media file downloader = C:\Documents and Settings\A M Rahman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\khbkckdkhakengfjmejmiabaakdlhaab\2.0_0\
CHR - Extension: Facebook AdBlock = C:\Documents and Settings\A M Rahman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lfpacabphcagfehdgnigmfnbjdampbaa\1.0.10_0\
CHR - Extension: Unfriend Alerts = C:\Documents and Settings\A M Rahman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lgbeldbnadmemecalekdfnffgobkpafc\2.0.1_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\A M Rahman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.9.0.12585_1\
CHR - Extension: Google Wallet = C:\Documents and Settings\A M Rahman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_2\
CHR - Extension: GRE Vocabulary 4800 = C:\Documents and Settings\A M Rahman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\npnelmbegaeghmfgcfidjckefcocieih\4.3.1_0\
CHR - Extension: Origami Player = C:\Documents and Settings\A M Rahman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\oiomepakkenneiifjocbinkmmampfbdn\2.4_0\
CHR - Extension: Gmail = C:\Documents and Settings\A M Rahman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: Yann Arthus-Bertrand = C:\Documents and Settings\A M Rahman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\plaekpceeonanmjojailaojkconcgofc\3_0\
CHR - Extension: Learn Spanish - Qu\u00E9 Onda = C:\Documents and Settings\A M Rahman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pmcdjmebmeoobmdghjbjhbifoocbcmaj\1.77.1_0\

O1 HOSTS File: ([2014/02/09 00:27:14 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Ant.com browser helper (video detector)) - {346FDE31-DFF9-418A-90C8-BA31DC9FF2EF} - C:\Program Files\Ant.com\IE add-on\Download.dll (Ant.com)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (PlusIEEventHelper Class) - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll (Zeon Corporation)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Ant.com Video Downloader toolbar) - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files\Ant.com\IE add-on\AntToolbar.dll (Ant.com)
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Ant.com Video Downloader toolbar) - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files\Ant.com\IE add-on\AntToolbar.dll (Ant.com)
O3 - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PPort12reminder] C:\Program Files\Nuance\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogoff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Download videos by Ant.com - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - C:\Program Files\Ant.com\IE add-on\Download.dll (Ant.com)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://i.dell.com/im...r/SysProExe.cab (Scanner.SysScanner)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.c.../cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.ado...obat/nos/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FD8FE01C-727B-4F6C-BE54-0EFDA064EB17}: DhcpNameServer = 192.168.1.1 75.75.75.75 75.75.76.76
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\vfsp - No CLSID value found
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\A M Rahman\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\A M Rahman\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/02/09 01:23:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2014/02/09 01:02:44 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/02/09 01:00:20 | 001,037,530 | ---- | C] (Thisisu) -- C:\Documents and Settings\A M Rahman\Desktop\JRT.exe
[2014/02/08 21:56:21 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\A M Rahman\Recent
[2014/02/08 21:55:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\A M Rahman\Desktop\DK
[2014/02/06 22:34:34 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Documents and Settings\A M Rahman\Desktop\aswmbr.exe
[2014/02/06 21:19:13 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\A M Rahman\Desktop\OTL.exe
[2014/01/22 12:40:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\A M Rahman\Desktop\Old Firefox Data

========== Files - Modified Within 30 Days ==========

[2014/02/09 01:56:00 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/02/09 01:56:00 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/02/09 01:48:01 | 000,000,998 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3146927349-1717951873-3320083228-1007UA.job
[2014/02/09 01:28:06 | 000,001,018 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-3146927349-1717951873-3320083228-1007UA.job
[2014/02/09 01:23:28 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2014/02/09 01:23:22 | 000,000,281 | -HS- | M] () -- C:\boot.ini
[2014/02/09 01:16:34 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2014/02/09 01:14:36 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3146927349-1717951873-3320083228-1007.job
[2014/02/09 01:11:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/02/09 01:11:51 | 2145,845,248 | -HS- | M] () -- C:\hiberfil.sys
[2014/02/09 01:00:06 | 001,037,530 | ---- | M] (Thisisu) -- C:\Documents and Settings\A M Rahman\Desktop\JRT.exe
[2014/02/09 00:54:01 | 001,166,132 | ---- | M] () -- C:\Documents and Settings\A M Rahman\Desktop\adwcleaner.exe
[2014/02/09 00:27:14 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2014/02/08 22:48:00 | 000,000,946 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3146927349-1717951873-3320083228-1007Core.job
[2014/02/08 19:28:01 | 000,000,996 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-3146927349-1717951873-3320083228-1007Core.job
[2014/02/07 01:46:42 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\A M Rahman\Desktop\MBR.dat
[2014/02/06 22:33:51 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Documents and Settings\A M Rahman\Desktop\aswmbr.exe
[2014/02/06 21:18:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\A M Rahman\Desktop\OTL.exe
[2014/02/04 10:54:11 | 000,002,353 | ---- | M] () -- C:\Documents and Settings\A M Rahman\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/02/04 10:54:10 | 000,002,359 | ---- | M] () -- C:\Documents and Settings\A M Rahman\Desktop\Google Chrome.lnk
[2014/02/03 15:06:04 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3146927349-1717951873-3320083228-1007.job
[2014/02/01 22:40:07 | 000,034,233 | ---- | M] () -- C:\Documents and Settings\A M Rahman\Desktop\1797455_1420735698165409_1965111197_n.jpg
[2014/01/30 01:25:31 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\A M Rahman\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2014/01/28 23:03:48 | 000,001,302 | ---- | M] () -- C:\Documents and Settings\A M Rahman\Desktop\java.cer
[2014/01/27 09:57:17 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2014/01/13 14:58:11 | 000,045,285 | ---- | M] () -- C:\Documents and Settings\A M Rahman\Desktop\When you really love someone.jpg

========== Files Created - No Company Name ==========

[2014/02/09 00:57:31 | 001,166,132 | ---- | C] () -- C:\Documents and Settings\A M Rahman\Desktop\adwcleaner.exe
[2014/02/07 01:46:42 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\A M Rahman\Desktop\MBR.dat
[2014/02/01 22:40:07 | 000,034,233 | ---- | C] () -- C:\Documents and Settings\A M Rahman\Desktop\1797455_1420735698165409_1965111197_n.jpg
[2014/01/28 23:03:25 | 000,001,302 | ---- | C] () -- C:\Documents and Settings\A M Rahman\Desktop\java.cer
[2014/01/13 14:58:28 | 000,045,285 | ---- | C] () -- C:\Documents and Settings\A M Rahman\Desktop\When you really love someone.jpg
[2014/01/05 16:10:59 | 000,000,928 | ---- | C] () -- C:\Documents and Settings\A M Rahman\Local Settings\Application Data\recently-used.xbel
[2013/10/19 22:50:37 | 000,000,331 | ---- | C] () -- C:\WINDOWS\WINHELP.INI
[2013/10/19 21:33:13 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\A M Rahman\.org.eclipse.epp.usagedata.recording.userId
[2012/12/16 21:06:38 | 000,000,246 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2012/12/16 21:06:38 | 000,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2012/12/16 21:05:14 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL
[2012/12/16 21:05:14 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2012/12/16 21:05:14 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRADM10A.DAT
[2012/12/16 21:03:57 | 000,000,086 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
[2012/12/16 21:03:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2012/08/27 22:05:05 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\A M Rahman\Local Settings\Application Data\PUTTY.RND
[2012/08/16 11:13:19 | 000,769,546 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-3146927349-1717951873-3320083228-1007-0.dat
[2012/08/16 11:12:54 | 000,373,666 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/04/18 19:21:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\setup_xp.ini
[2012/02/15 10:13:27 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2010/09/24 21:22:05 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\A M Rahman\webct_upload_applet.properties
[2009/12/30 01:23:45 | 000,053,660 | ---- | C] () -- C:\Documents and Settings\A M Rahman\.jose.user.preferences
[2008/03/17 23:01:16 | 000,000,554 | ---- | C] () -- C:\Documents and Settings\A M Rahman\Application Data\AutoGK.ini
[2008/03/17 11:04:11 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2007/01/26 17:14:53 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\A M Rahman\Local Settings\Application Data\.mpid
[2007/01/11 08:37:59 | 000,226,816 | ---- | C] () -- C:\Documents and Settings\A M Rahman\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/12/29 17:44:23 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\A M Rahman\Local Settings\Application Data\fusioncache.dat

========== ZeroAccess Check ==========

[2004/08/10 14:09:48 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 19:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 19:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/10/18 18:04:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A M Rahman\Application Data\.kde
[2009/02/08 07:16:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A M Rahman\Application Data\aignes
[2012/12/27 15:21:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A M Rahman\Application Data\Applian FLV and Media Player
[2011/09/29 11:00:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A M Rahman\Application Data\Avant Downloader
[2011/04/03 12:39:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A M Rahman\Application Data\Avery
[2012/08/24 00:52:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A M Rahman\Application Data\Azureus
[2013/09/03 12:40:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A M Rahman\Application Data\Blackboard
[2012/08/24 12:09:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A M Rahman\Application Data\Canon
[2009/01/14 16:03:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A M Rahman\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/02/18 14:13:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A M Rahman\Application Data\com.comcast.access.13A1FA90F0FC9DC009FB0956ADD0F13F8608561B.1
[2012/12/16 21:13:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A M Rahman\Application Data\ControlCenter4
[2007/11/27 23:40:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A M Rahman\Application Data\COWON
[2013/10/31 09:39:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A M Rahman\Application Data\Cybele Software
[2013/04/18 22:43:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A M Rahman\Application Data\DDMSettings
[2009/01/10 00:01:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A M Rahman\Application Data\Foxit
[2013/06/27 19:57:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A M Rahman\Application Data\GARMIN
[2008/06/16 07:15:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A M Rahman\Application Data\GrabPro
[2011/02/14 19:25:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A M Rahman\Application Data\gtk-2.0
[2011/08/25 12:02:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A M Rahman\Application Data\Helios
[2011/02/28 19:31:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A M Rahman\Application Data\InfraRecorder
[2007/05/13 00:13:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A M Rahman\Application Data\Leadertech
[2011/12/05 00:39:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A M Rahman\Application Data\LimeWire
[2013/12/21 04:56:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A M Rahman\Application Data\Motorola
[2013/12/19 14:18:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A M Rahman\Application Data\Motorola Mobility
[2009/04/08 20:05:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A M Rahman\Application Data\Nitro PDF
[2012/12/16 20:46:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A M Rahman\Application Data\Nuance
[2010/05/30 22:04:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A M Rahman\Application Data\OpenOffice.org
[2012/07/01 20:28:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A M Rahman\Application Data\Oracle
[2008/06/17 13:25:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A M Rahman\Application Data\Orbit
[2009/01/03 18:33:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A M Rahman\Application Data\Participatory Culture Foundation
[2011/12/07 04:08:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A M Rahman\Application Data\PCF-VLC
[2007/12/02 13:02:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A M Rahman\Application Data\Seven Zip
[2012/11/05 20:04:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A M Rahman\Application Data\TeamViewer
[2008/11/07 10:47:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A M Rahman\Application Data\TigerPlayer
[2007/05/11 19:37:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A M Rahman\Application Data\TrojanHunter
[2009/01/11 11:04:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A M Rahman\Application Data\UltiConverters
[2012/06/19 01:06:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A M Rahman\Application Data\Unity
[2010/12/11 14:09:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A M Rahman\Application Data\VirtualStore
[2012/09/26 20:18:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A M Rahman\Application Data\Vuze Remote
[2012/07/02 18:18:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A M Rahman\Application Data\webex
[2010/10/11 21:15:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A M Rahman\Application Data\Western Digital
[2008/05/05 04:36:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\A M Rahman\Application Data\{0B9E3B72-FCE7-4B76-9F99-94E66A8C5760}
[2011/12/21 12:24:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ant.com
[2011/12/21 12:06:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applian
[2011/04/12 13:40:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2009/02/02 10:26:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bluebeam Software
[2009/04/04 19:16:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Blueberry
[2010/02/19 11:01:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\com.comcast.access
[2013/07/17 21:41:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\comcastModemRelease
[2012/12/16 21:04:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ControlCenter4
[2013/10/31 09:39:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cybele Software
[2007/10/20 08:33:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FloodLightGames
[2013/06/27 20:08:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Garmin
[2008/08/15 07:15:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Metacafe
[2013/12/19 14:21:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Motorola
[2009/04/08 20:04:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF
[2012/12/16 20:59:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2013/07/01 12:04:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Package Cache
[2012/12/16 20:57:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2008/08/03 19:46:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2008/03/17 11:04:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2013/09/28 12:39:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2010/10/11 21:24:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WD_SmartWareCommon
[2007/09/22 12:08:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2012/12/16 20:58:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\zeon

========== Purity Check ==========



< End of report >

[pystryker]

Thank you for the logs. Please run AdwCleaner again and when it says "Pending, uncheck elements you don't want to remove. " click the Clean button. Please post the log when it finishes cleaning.

[baltimoredude1]

# AdwCleaner v3.018 - Report created 09/02/2014 at 11:30:27
# Updated 28/01/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : A M Rahman - AMRLAPTOP
# Running from : C:\Documents and Settings\A M Rahman\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\9uekjrfi.default-1390412299265\prefs.js ]


[ File : C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\ABE\prefs.js ]


[ File : C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\adblockplus\prefs.js ]


[ File : C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\bookmarkbackups\prefs.js ]


[ File : C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\browserbackgrounds\prefs.js ]


[ File : C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\extensions\prefs.js ]


[ File : C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\foxtab\prefs.js ]


[ File : C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\FVD Single\prefs.js ]


[ File : C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\gmanager\prefs.js ]


[ File : C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\gm_scripts\prefs.js ]


[ File : C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\GoogleToolbarData\prefs.js ]


[ File : C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\healthreport\prefs.js ]


[ File : C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\indexedDB\prefs.js ]


[ File : C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\jetpack\prefs.js ]


[ File : C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\minidumps\prefs.js ]


[ File : C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\morningCoffee\prefs.js ]


[ File : C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\searchplugins\prefs.js ]


[ File : C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\sxipper2\prefs.js ]


[ File : C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\weave\prefs.js ]


[ File : C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\webapps\prefs.js ]


[ File : C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\WOT\prefs.js ]


[ File : C:\Documents and Settings\A M Rahman\Application Data\Mozilla\Firefox\Profiles\y1ck9lhx.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Documents and Settings\A M Rahman\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [17237 octets] - [09/02/2014 01:02:50]
AdwCleaner[R1].txt - [3524 octets] - [09/02/2014 11:18:33]
AdwCleaner[S0].txt - [17617 octets] - [09/02/2014 01:06:37]
AdwCleaner[S1].txt - [3445 octets] - [09/02/2014 11:30:27]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [3505 octets] ##########

[baltimoredude1]

is that the adware thing you were looking for?