Need help, I'm in panic. Detected Trojan by Comodo Internet Security

Solved
By Razer
Apr 3, 2012
  1. about 2-3 days ago, I use remote access (via TeamViewer) to remotely repair my friend's laptop, after that, my pc is

    running a bit slow, and detected several virus trojan, later I know it;s infected from my friend's laptop. Then, I scan

    (full scan) my PC with Comodo Internet Security premium (detected 106 threats), Emsisoft antimalware, Malwarebytes.. now,

    Malwarebyte only show 1 virus but still exist even after reboot my computer.

    Even my PC is now running fine, but, I'm still worried since this PC is full of my father's work inside
    please help me, I'm in panic right now..

    Okay this is all log reports:


    Malwarebytes Anti-Malware (PRO) 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.04.03.09

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 8.0.7601.17514
    Razhar :: RAZHAR-PC [administrator]

    Protection: Enabled

    04/04/2012 1:58:55
    mbam-log-2012-04-04 (01-58-55).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 205922
    Time elapsed: 7 minute(s), 11 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|15354 (Trojan.Agent) -> Data: C:

    \PROGRA~3\LOCALS~1\Temp\msaeod.cmd -> Delete on reboot.

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

    This is the virus (registry?) that still persist even after restart that I mentioned before.
    When I open (double click) the GMER it automatically run scan, then less than 10seconds, it just stop scan and doesn't

    generate any report. Then I manually click scan, and this is the result:


    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-04-04 02:28:56
    Windows 6.1.7601 Service Pack 1
    Running: gmer.exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\68a3c4cbf2bc




    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\68a3c4cbf2bc@8c541d98ca90



    0x3B 0xDC 0xE4 0x82 ...
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\68a3c4cbf2bc (not active ControlSet)




    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\68a3c4cbf2bc@8c541d98ca90



    0x3B 0xDC 0xE4 0x82 ...

    ---- Files - GMER 1.0.15 ----

    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\952D5E36-272D-4943-8101-EC0B24BEEBB8.data.info



    250 bytes
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\05B83C1F-F0B5-422F-8185-0576A3586DA6.data



    25911874 bytes executable
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\05B83C1F-F0B5-422F-8185-0576A3586DA6.data.info



    272 bytes
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\376E1F02-D011-40B8-A490-CD9C9262C69F.data



    607260 bytes executable
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\376E1F02-D011-40B8-A490-CD9C9262C69F.data.info



    112 bytes
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\41E13CAD-D35A-4FC2-B08E-B3CC8B944F92.data



    39198432 bytes executable
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\41E13CAD-D35A-4FC2-B08E-B3CC8B944F92.data.info



    160 bytes
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\42392354-93DE-4028-B43D-B14BA876AB02.data



    92216 bytes executable
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\42392354-93DE-4028-B43D-B14BA876AB02.data.info



    260 bytes
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\4809DADA-E877-4D56-8818-324BB274A310.data



    557765 bytes executable
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\4809DADA-E877-4D56-8818-324BB274A310.data.info



    182 bytes
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\48542729-D1B6-48C6-BA1B-98A8C4C64ACA.data



    25911874 bytes executable
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\48542729-D1B6-48C6-BA1B-98A8C4C64ACA.data.info



    172 bytes
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\5C003F49-1CD1-423A-9F54-BF00DB28144F.data



    32561152 bytes executable
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\5C003F49-1CD1-423A-9F54-BF00DB28144F.data.info



    198 bytes
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\622D9A4E-ECF8-4B3E-9818-1FE726C45E15.data



    92216 bytes executable
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\622D9A4E-ECF8-4B3E-9818-1FE726C45E15.data.info



    250 bytes
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\952D5E36-272D-4943-8101-EC0B24BEEBB8.data



    92216 bytes executable
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\DB7B2DEF-6D46-49B3-94B5-B1E51A1E59AA.data



    4107248 bytes executable
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\DB7B2DEF-6D46-49B3-94B5-B1E51A1E59AA.data.info



    272 bytes
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\E38E15E9-EA74-4A09-9227-D8E99F61E597.data



    92216 bytes executable
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\E38E15E9-EA74-4A09-9227-D8E99F61E597.data.info



    250 bytes
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\E4679DB6-663F-4992-9923-234CF7C81E91.data



    7974400 bytes executable
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\E4679DB6-663F-4992-9923-234CF7C81E91.data.info



    214 bytes
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\E808217F-7EC4-4638-A5D2-A2D9B6752BF6.data



    92216 bytes executable
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\E808217F-7EC4-4638-A5D2-A2D9B6752BF6.data.info



    250 bytes
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\F547578D-D381-4216-ACF9-35F2829DE49C.data



    3417496 bytes executable
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\F547578D-D381-4216-ACF9-35F2829DE49C.data.info



    174 bytes
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Temp



    0 bytes
    File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Temp\baseupd



    0 bytes
    File C:\System Volume Information\SystemRestore\FRStaging\Users\Razhar\Downloads\Anime Lyrics dot Com - Kugutsu Uta--Ura

    Mite Chiru - The Ballade of Puppets Flowers Grieve and Fall - Ghost in the Shell; Ghost in the Shell Stand Alone Complex;

    Koukaku Kidoutai latin - Anime_files\AL-W1IzU3RT.js 169248 bytes
    File C:\System Volume Information\SystemRestore\FRStaging\Users\Razhar\Downloads\Anime Lyrics dot Com - Kugutsu Uta--Ura

    Mite Chiru - The Ballade of Puppets Flowers Grieve and Fall - Ghost in the Shell; Ghost in the Shell Stand Alone Complex;

    Koukaku Kidoutai latin - Anime_files\alcom.js 4094 bytes
    File C:\System Volume Information\SystemRestore\FRStaging\Users\Razhar\Downloads\Anime Lyrics dot Com - Kugutsu Uta--Ura

    Mite Chiru - The Ballade of Puppets Flowers Grieve and Fall - Ghost in the Shell; Ghost in the Shell Stand Alone Complex;

    Koukaku Kidoutai latin - Anime_files\all.js 149557 bytes
    File C:\System Volume Information\SystemRestore\FRStaging\Users\Razhar\Downloads\Anime Lyrics dot Com - Kugutsu Uta--Ura

    Mite Chiru - The Ballade of Puppets Flowers Grieve and Fall - Ghost in the Shell; Ghost in the Shell Stand Alone Complex;

    Koukaku Kidoutai latin - Anime_files\quant.js 5299 bytes
    File C:\System Volume Information\SystemRestore\FRStaging\Users\Razhar\Downloads\Anime Lyrics dot Com - Kugutsu Uta--Ura

    Mite Chiru - The Ballade of Puppets Flowers Grieve and Fall - Ghost in the Shell; Ghost in the Shell Stand Alone Complex;

    Koukaku Kidoutai latin - Anime_files\show_ads.js 13115 bytes
    File C:\System Volume Information\SystemRestore\FRStaging\Users\Razhar\Downloads\Anime Lyrics dot Com - Kugutsu Uta--Ura

    Mite Chiru - The Ballade of Puppets Flowers Grieve and Fall - Ghost in the Shell; Ghost in the Shell Stand Alone Complex;

    Koukaku Kidoutai latin - Anime_files\supernote.js 7378 bytes
    File C:\System Volume Information\SystemRestore\FRStaging\Users\Razhar\Downloads\Anime Lyrics dot Com - Kugutsu Uta--Ura

    Mite Chiru - The Ballade of Puppets Flowers Grieve and Fall - Ghost in the Shell; Ghost in the Shell Stand Alone Complex;

    Koukaku Kidoutai latin - Anime_files\swfobject.js 6880 bytes
    File C:\System Volume Information\SystemRestore\FRStaging\Users\Razhar\Downloads\Anime Lyrics dot Com - Kugutsu Uta--Ura

    Mite Chiru - The Ballade of Puppets Flowers Grieve and Fall - Ghost in the Shell; Ghost in the Shell Stand Alone Complex;

    Koukaku Kidoutai latin - Anime_files\urchin.js 22678 bytes

    ---- EOF - GMER 1.0.15 ----
  2. Razer

    Razer TechSpot Enthusiast Topic Starter Posts: 131   +11

    This is DDS Log


    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_30
    Run by Razhar at 2:36:11 on 2012-04-04
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.62.1033.18.1992.492 [GMT 7:00]
    .
    AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\Tablet\Pen\Pen_TouchService.exe
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\System32\spoolsv.exe
    C:\Program Files (x86)\Advanced System Optimizer 3\ASO3DefragSrv64.exe
    C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
    C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
    C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
    C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\taskhost.exe
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
    C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
    C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Tablet\Pen\Pen_Tablet.exe
    C:\Program Files\Modem AC2726 UI\bin\MonServiceUDisk64.exe
    C:\OEM\USBDECTION\USBS3S4Detection.exe
    C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Tablet\Pen\Pen_Tablet.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe
    C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
    C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Windows\system32\svchost.exe -k HPService
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
    C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\Nero\Update\NASvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Users\Razhar\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Razhar\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Razhar\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Razhar\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Razhar\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Razhar\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Razhar\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files\Modem AC2726 UI\bin\App.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Users\Razhar\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Razhar\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\explorer.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = my.daemon-search.com
    uDefault_Page_URL = hxxp://gateway.msn.com
    mDefault_Page_URL = hxxp://gateway.msn.com
    mStart Page = hxxp://gateway.msn.com
    BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~3\Office12\GR469A~1.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll
    TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
    {555d4d79-4bd2-4094-a395-cfc534424a05}
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [SM?RT-Protection] C:\Program Files (x86)\Smadav\SM?RTP.exe rtp
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" /r
    mRun: [Hotkey Utility] C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mRun: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [emsisoft anti-malware] "c:\program files (x86)\emsisoft anti-malware\a2guard.exe" /d=60
    mExplorerRun: [15354] C:\PROGRA~3\LOCALS~1\Temp\msaeod.cmd
    uPolicies-explorer: HideSCAHealth = 1 (0x1)
    uPolicies-explorer: NoInstrumentation = 1
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201
    IE: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204
    IE: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203
    IE: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~3\Office12\GRA32A~1.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~3\Office12\GR469A~1.DLL
    BHO-X64: Octh Class: {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
    BHO-X64: btorbit.com - No File
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office12\GR469A~1.DLL
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    TB-X64: Grab Pro: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll
    TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    TB-X64: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
    EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
    mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun-x64: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" /r
    mRun-x64: [Hotkey Utility] C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
    mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mRun-x64: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun-x64: [emsisoft anti-malware] "c:\program files (x86)\emsisoft anti-malware\a2guard.exe" /d=60
    AppInit_DLLs-X64: C:\Windows\SysWOW64\guard32.dll
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office12\GR469A~1.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Razhar\AppData\Roaming\Mozilla\Firefox\Profiles\o2c60my7.default\
    FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
    FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
    FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\Razhar\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 A2DDA;A2 Direct Disk Access Support Driver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2012-3-30 23208]
    R1 a2injectiondriver;a2injectiondriver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [2012-3-30 41728]
    R1 a2util;a-squared Malware-IDS utility driver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [2012-3-30 14720]
    R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\system32\DRIVERS\cmderd.sys --> C:\Windows\system32\DRIVERS\cmderd.sys [?]
    R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys --> C:\Windows\system32\DRIVERS\cmdguard.sys [?]
    R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys --> C:\Windows\system32\DRIVERS\cmdhlp.sys [?]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [2012-3-30 3025112]
    R2 ASO3DiskOptimizer;ASO3DiskOptimizer;C:\Program Files (x86)\Advanced System Optimizer 3\ASO3DefragSrv64.exe [2012-3-31 263480]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]
    R2 DragonUpdater;COMODO Dragon Update Service;C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2012-3-28 407288]
    R2 GREGService;GREGService;C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe [2010-1-8 23584]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-4-22 13336]
    R2 Live Updater Service;Live Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2011-4-22 244624]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-3-15 652360]
    R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-5 503080]
    R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2012-3-16 793048]
    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-2 483688]
    R2 TabletServicePen;TabletServicePen;C:\Program Files\Tablet\Pen\Pen_Tablet.exe [2011-12-28 5790064]
    R2 TouchServicePen;Wacom Consumer Touch Service;C:\Program Files\Tablet\Pen\Pen_TouchService.exe [2011-12-28 487280]
    R2 UDisk Monitor;UDisk Monitor;C:\Program Files\Modem AC2726 UI\bin\MonServiceUDisk64.exe [2012-1-29 407040]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-7-13 2656280]
    R2 USBS3S4Detection;USBS3S4Detection;C:\OEM\USBDECTION\USBS3S4Detection.exe [2011-4-22 76320]
    R3 a2acc;a2acc;C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys [2012-3-30 63880]
    R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
    R3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys --> C:\Windows\system32\DRIVERS\e1c62x64.sys [?]
    R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    R3 MBfilt;MBfilt;C:\Windows\system32\drivers\MBfilt64.sys --> C:\Windows\system32\drivers\MBfilt64.sys [?]
    R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;C:\Windows\system32\DRIVERS\RTL8192su.sys --> C:\Windows\system32\DRIVERS\RTL8192su.sys [?]
    R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
    R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
    R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
    R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-2 209768]
    R3 ztemtusbser;ZTEMT Legacy Serial Communication;C:\Windows\system32\DRIVERS\CT_ZTEMT_U_USBSER.sys --> C:\Windows\system32\DRIVERS\CT_ZTEMT_U_USBSER.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 HWDeviceService64.exe;HWDeviceService64.exe;C:\ProgramData\DatacardService\HWDeviceService64.exe -/service --> C:\ProgramData\DatacardService\HWDeviceService64.exe -/service [?]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-30 253600]
    S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-2 183560]
    S3 cpuz134;cpuz134;C:\Program Files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys [2011-9-19 21480]
    S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-12-27 1431888]
    S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-13 206072]
    S3 HSPADataCardusbmdm;HSPADataCard Proprietary USB Driver;C:\Windows\system32\DRIVERS\HSPADataCardusbmdm.sys --> C:\Windows\system32\DRIVERS\HSPADataCardusbmdm.sys [?]
    S3 HSPADataCardusbnmea;HSPADataCard NMEA Port;C:\Windows\system32\DRIVERS\HSPADataCardusbnmea.sys --> C:\Windows\system32\DRIVERS\HSPADataCardusbnmea.sys [?]
    S3 HSPADataCardusbser;HSPADataCard Diagnostic Port;C:\Windows\system32\DRIVERS\HSPADataCardusbser.sys --> C:\Windows\system32\DRIVERS\HSPADataCardusbser.sys [?]
    S3 massfilter;Mass Storage Filter Driver;C:\Windows\system32\drivers\massfilter.sys --> C:\Windows\system32\drivers\massfilter.sys [?]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 teamviewervpn;TeamViewer VPN Adapter;C:\Windows\system32\DRIVERS\teamviewervpn.sys --> C:\Windows\system32\DRIVERS\teamviewervpn.sys [?]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
    S3 wacmoumonitor;Wacom Mode Helper;C:\Windows\system32\DRIVERS\wacmoumonitor.sys --> C:\Windows\system32\DRIVERS\wacmoumonitor.sys [?]
    S4 mi-raysat_3dsmax2012_64;mental ray 3.9 Satellite for Autodesk 3ds Max 2012 64-bit - English 64-bit;C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [2011-2-22 86016]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
    .
    =============== Created Last 30 ================
    .
    2012-04-03 18:26:45 7680 ----a-w- C:\Windows\17425030.exe
    2012-04-02 21:13:40 -------- d-----w- C:\Program Files (x86)\Trojan Remover
    2012-04-02 16:32:37 -------- d-----w- C:\Program Files (x86)\PC Tools Security
    2012-04-02 12:03:13 0 ----a-w- C:\Windows\SysWow64\sho31F9.tmp
    2012-04-02 10:55:48 -------- d-----w- C:\Windows\Digital Rescue 4 Premium
    2012-04-02 08:40:19 -------- d-----w- C:\Program Files\Diskeeper Corporation
    2012-04-01 20:08:49 -------- d-----w- C:\Program Files\CCleaner
    2012-04-01 16:00:03 -------- d-----w- C:\Users\Razhar\AppData\Roaming\TeamViewer
    2012-04-01 15:52:51 35112 ----a-w- C:\Windows\System32\drivers\teamviewervpn.sys
    2012-04-01 15:52:49 -------- d-----w- C:\Program Files (x86)\TeamViewer
    2012-04-01 13:58:02 0 ----a-w- C:\Windows\SysWow64\sho3708.tmp
    2012-04-01 08:23:42 -------- d-----w- C:\Windows\pss
    2012-04-01 08:17:36 -------- d-----w- C:\ProgramData\WEBREG
    2012-04-01 08:16:54 -------- d-----w- C:\Users\Razhar\AppData\Local\HP
    2012-04-01 08:12:52 -------- d-----w- C:\Program Files (x86)\Common Files\Hewlett-Packard
    2012-04-01 08:12:45 -------- d-----w- C:\Program Files (x86)\Common Files\HP
    2012-04-01 08:11:16 -------- d-----w- C:\Program Files (x86)\HP
    2012-04-01 08:09:22 642360 ----a-w- C:\Windows\System32\hpzids40.dll
    2012-04-01 08:09:21 861184 ----a-w- C:\Windows\System32\hpowiav1.dll
    2012-04-01 08:09:21 730624 ----a-w- C:\Windows\System32\hpotscl1.dll
    2012-04-01 08:09:21 498176 ----a-w- C:\Windows\System32\hpovst01.dll
    2012-04-01 08:00:55 -------- d-----w- C:\Users\Razhar\AppData\Roaming\Babylon
    2012-04-01 08:00:55 -------- d-----w- C:\ProgramData\Babylon
    2012-03-31 19:21:57 29336 ----a-w- C:\Windows\cscmondump.bin
    2012-03-31 15:51:28 18744 ----a-w- C:\Windows\System32\roboot64.exe
    2012-03-31 15:51:28 16896 ----a-w- C:\Windows\System32\sasnative64.exe
    2012-03-31 15:50:54 -------- d-----w- C:\Program Files (x86)\Advanced System Optimizer 3
    2012-03-31 15:02:14 -------- d-----w- C:\Windows\Repair
    2012-03-31 15:00:25 -------- d-----w- C:\Users\Razhar\AppData\Roaming\Systweak
    2012-03-31 15:00:25 -------- d-----w- C:\ProgramData\Systweak
    2012-03-30 14:44:21 0 ----a-w- C:\Windows\SysWow64\sho7CF1.tmp
    2012-03-30 12:56:02 -------- d-----w- C:\Program Files (x86)\Emsisoft Anti-Malware
    2012-03-29 18:12:37 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-03-29 09:19:05 -------- d-----w- C:\Smadav
    2012-03-23 18:00:42 0 ----a-w- C:\Windows\SysWow64\shoFC5E.tmp
    2012-03-23 11:52:57 -------- d--h--w- C:\VritualRoot
    2012-03-23 11:11:49 -------- d-----w- C:\Program Files\COMODO
    2012-03-16 08:15:21 -------- d-----w- C:\Users\Razhar\AppData\Roaming\Registry Mechanic
    2012-03-16 08:09:54 880640 ----a-w- C:\Windows\SysWow64\UniBox10.ocx
    2012-03-16 08:09:54 658432 ----a-w- C:\Windows\SysWow64\MSCOMCT2.OCX
    2012-03-16 08:09:54 512472 ----a-w- C:\Windows\SysWow64\msxml.dll
    2012-03-16 08:09:54 40408 ----a-w- C:\Windows\System32\CleanMFT64.exe
    2012-03-16 08:09:54 212992 ----a-w- C:\Windows\SysWow64\UniBoxVB12.ocx
    2012-03-16 08:09:54 1101824 ----a-w- C:\Windows\SysWow64\UniBox210.ocx
    2012-03-16 07:47:31 -------- d-----w- C:\Users\Razhar\AppData\Roaming\Product_RM
    2012-03-16 07:47:31 -------- d-----w- C:\ProgramData\PC Tools
    2012-03-16 07:23:24 44544 ----a-w- C:\Windows\SysWow64\msxml4a.dll
    2012-03-16 07:23:22 108056 ----a-w- C:\Windows\SysWow64\drivers\PCTDMDefrag.sys
    2012-03-16 06:25:02 0 ----a-w- C:\Windows\SysWow64\sho4CBA.tmp
    2012-03-15 18:50:08 -------- d-----w- C:\ProgramData\Comodo
    2012-03-15 18:45:19 -------- d-----w- C:\Users\Razhar\AppData\Local\Comodo
    2012-03-15 18:25:12 -------- d-----w- C:\ProgramData\CPA_VA
    2012-03-15 18:16:21 -------- d-----w- C:\Program Files (x86)\Comodo
    2012-03-15 15:31:50 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-03-15 15:31:50 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-03-15 10:09:30 767952 ----a-w- C:\Windows\BDTSupport.dll0352.old
    2012-03-15 10:09:30 2246608 ----a-w- C:\Windows\PCTBDCore.dll0352.old
    2012-03-15 10:09:30 149456 ----a-w- C:\Windows\SGDetectionTool.dll0352.old
    2012-03-13 11:20:41 -------- d-----w- C:\Users\Razhar\AppData\Local\ElevatedDiagnostics
    2012-03-13 09:50:30 -------- d-----w- C:\Users\Razhar\AppData\Local\Apps
    2012-03-12 09:58:28 1409 ----a-w- C:\Windows\QTFont.for
    2012-03-11 18:42:22 -------- d-----w- C:\Users\Razhar\AppData\Roaming\runic games
    2012-03-11 14:13:42 577824 ----a-w- C:\Windows\System32\drivers\cmdGuard.sys
    2012-03-11 14:13:42 43248 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys
    2012-03-11 14:13:40 22696 ----a-w- C:\Windows\System32\drivers\cmderd.sys
    2012-03-11 14:13:22 41200 ----a-w- C:\Windows\System32\cmdcsr.dll
    2012-03-11 14:13:20 301224 ----a-w- C:\Windows\SysWow64\guard32.dll
    2012-03-11 14:13:18 389840 ----a-w- C:\Windows\System32\guard64.dll
    2012-03-11 06:14:34 -------- d-----w- C:\Users\Razhar\AppData\Roaming\isoburnerdata
    2012-03-10 14:24:09 -------- d-----w- C:\Users\Razhar\AppData\Roaming\PCTools
    2012-03-10 11:50:58 -------- d-----w- C:\Users\Razhar\AppData\Roaming\PC Tools
    2012-03-10 07:13:15 -------- d-----w- C:\Users\Razhar\AppData\Roaming\Malwarebytes
    2012-03-10 07:13:03 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-03-10 06:07:34 -------- d-----w- C:\Program Files (x86)\PC Tools
    2012-03-09 19:37:25 230952 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys
    2012-03-09 19:37:25 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
    2012-03-09 19:00:06 -------- d-----w- C:\Users\Razhar\AppData\Roaming\TestApp
    2012-03-08 16:48:22 0 ----a-w- C:\Windows\SysWow64\shoFFB3.tmp
    2012-03-06 11:12:58 -------- d-----w- C:\Users\Razhar\AppData\Local\{C4C8F44E-D517-4F98-96BC-DE9FFBDF89C3}
    2012-03-06 11:11:22 -------- d-----w- C:\Users\Razhar\AppData\Local\{E37E037F-F93F-4CF0-B779-0E99BB351CB7}
    2012-03-06 10:44:09 -------- d-----w- C:\Users\Razhar\AppData\Local\{9323FA31-4E95-4A2F-B319-082C04B3413A}
    2012-03-06 10:44:09 -------- d-----w- C:\Users\Razhar\AppData\Local\{2DD6BE9A-8A6F-4323-9AF1-A16095E96797}
    .
    ==================== Find3M ====================
    .
    2012-03-29 18:12:37 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-03-12 10:42:30 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
    2012-03-12 10:42:30 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
    2012-03-12 10:42:30 29480 ----a-w- C:\Windows\SysWow64\msxml3a.dll
    .
    ============= FINISH: 2:37:19,36 ===============
  3. Razer

    Razer TechSpot Enthusiast Topic Starter Posts: 131   +11

    And, this is Attach log from DDS

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 16/09/2011 15:20:03
    System Uptime: 04/04/2012 2:09:07 (0 hours ago)
    .
    Motherboard: Gateway | | ZX6960
    Processor: Intel(R) Core(TM) i3-2100 CPU @ 3.10GHz | CPU 1 | 3100/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 226 GiB total, 124,484 GiB free.
    D: is FIXED (NTFS) - 222 GiB total, 113,062 GiB free.
    E: is CDROM ()
    F: is CDROM ()
    G: is Removable
    H: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP49: 31/03/2012 22:02:47 - Advanced System Optimizer - First Install
    RP50: 31/03/2012 22:08:50 - Advanced System Optimizer - First Install
    RP51: 31/03/2012 23:05:27 - Advanced System Optimizer - First Install
    RP52: 02/04/2012 3:15:24 - Advanced System Optimizer - Registry Cleaner
    RP53: 02/04/2012 15:59:41 - Installed Diskeeper 2011.
    RP54: 02/04/2012 22:38:54 - Removed Diskeeper 2011.
    .
    ==== Installed Programs ======================
    .
    ???? ??? Windows Live
    ???? Windows Live
    ????? Windows Live
    ?????? ??????? ?? Windows Live
    ???????? ?????????? Windows Live
    ?????????? Windows Live
    ??????????? ?? Windows Live
    ACDSee Pro 4
    Acrobat.com
    Adobe After Effects CS4
    Adobe After Effects CS4 Presets
    Adobe After Effects CS4 Third Party Content
    Adobe AIR
    Adobe Anchor Service CS4
    Adobe Bridge CS4
    Adobe CMaps CS4
    Adobe Color - Photoshop Specific CS4
    Adobe Color EU Extra Settings CS4
    Adobe Color JA Extra Settings CS4
    Adobe Color NA Recommended Settings CS4
    Adobe Color Video Profiles AE CS4
    Adobe Color Video Profiles CS CS4
    Adobe Creative Suite 4 Master Collection
    Adobe CS4 American English Speech Analysis Models
    Adobe CSI CS4
    Adobe Default Language CS4
    Adobe Dynamiclink Support
    Adobe Encore CS4 Codecs
    Adobe ExtendScript Toolkit CS4
    Adobe Extension Manager CS4
    Adobe Flash CS4
    Adobe Flash CS4 Extension - Flash Lite STI en
    Adobe Flash CS4 STI-en
    Adobe Flash Player 10 Plugin
    Adobe Fonts All
    Adobe Illustrator CS4
    Adobe Linguistics CS4
    Adobe Media Encoder CS4
    Adobe Media Encoder CS4 Additional Exporter
    Adobe Media Encoder CS4 Dolby
    Adobe Media Encoder CS4 Exporter
    Adobe Media Encoder CS4 Importer
    Adobe Media Player
    Adobe MotionPicture Color Files CS4
    Adobe Output Module
    Adobe PDF Library Files CS4
    Adobe Photoshop CS4 Support
    Adobe Premiere Pro CS4
    Adobe Premiere Pro CS4 Functional Content
    Adobe Premiere Pro CS4 Third Party Content
    Adobe Reader 9.1 MUI
    Adobe Search for Help
    Adobe Service Manager Extension
    Adobe Setup
    Adobe Soundbooth CS4 Codecs
    Adobe Type Support CS4
    Adobe Update Manager CS4
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS4
    AdobeColorCommonSetCMYK
    AdobeColorCommonSetRGB
    Advanced System Optimizer
    Agatha Christie - 4:50 from Paddington
    AIO_CDB_ProductContext
    AIO_CDB_Software
    AIO_Scan
    Angry Birds
    Angry Birds Seasons
    Angry Birds Space
    Autodesk 3ds Max 2012 64-bit - English SP2
    Autodesk Backburner 2012.0.0
    Autodesk Material Library 2012
    Autodesk Material Library Base Resolution Image Library 2012
    Autodesk Material Library Medium Resolution Image Library 2012
    Bejeweled 2 Deluxe
    Bing Bar
    biohazard 4
    BufferChm
    Cakewalk VST Adapter 4.3.2
    Chuzzle Deluxe
    Comodo Dragon
    Connect
    Copy
    Corel Graphics - Windows Shell Extension
    CorelDRAW Graphics Suite X5
    CorelDRAW Graphics Suite X5 - Capture
    CorelDRAW Graphics Suite X5 - Common
    CorelDRAW Graphics Suite X5 - Connect
    CorelDRAW Graphics Suite X5 - Custom Data
    CorelDRAW Graphics Suite X5 - Draw
    CorelDRAW Graphics Suite X5 - EN
    CorelDRAW Graphics Suite X5 - Filters
    CorelDRAW Graphics Suite X5 - FontNav
    CorelDRAW Graphics Suite X5 - IPM
    CorelDRAW Graphics Suite X5 - PHOTO-PAINT
    CorelDRAW Graphics Suite X5 - Photozoom Plugin
    CorelDRAW Graphics Suite X5 - Redist
    CorelDRAW Graphics Suite X5 - Setup Files
    CorelDRAW Graphics Suite X5 - VBA
    CorelDRAW Graphics Suite X5 - VideoBrowser
    CorelDRAW Graphics Suite X5 - VSTA
    CorelDRAW Graphics Suite X5 - WT
    CorelDRAW(R) Graphics Suite X5
    Crazy Chicken Kart 2
    Crysis® 2
    CyberLink MediaEspresso
    CyberLink PowerDVD 10
    CyberLink YouCam
    D-Link Connection Manager
    D3DX10
    DAEMON Tools Lite
    Destinations
    Deus Ex - Human Revolution version 1.0
    DeviceDiscovery
    Diner Dash 2 Restaurant Rescue
    DocProc
    Emsisoft Anti-Malware
    F300
    F300_Help
    F300Trb
    FATE
    Fax
    Fotogalerija Windows Live
    Galeria de Fotografias do Windows Live
    Galeria fotografii uslugi Windows Live
    Galeria fotogràfica del Windows Live
    Galerie de photos Windows Live
    Galerie foto Windows Live
    Galería fotográfica de Windows Live
    Gateway Games
    Gateway Recovery Management
    Gateway Registration
    Gateway ScreenSaver
    Gateway Updater
    Google Chrome
    GPBaseService2
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
    Hotkey Utility
    HP Update
    HPPhotoGadget
    HPProductAssistant
    HPSSupply
    Identity Card
    Intel(R) Control Center
    Intel(R) Management Engine Components
    Intel(R) Processor Graphics
    Intel(R) Rapid Storage Technology
    Internet Download Manager
    Java Auto Updater
    Java(TM) 6 Update 30
    John Deere Drive Green
    Junk Mail filter update
    K-Lite Mega Codec Pack 7.6.0
    KeyShot3 3.0 64 bit
    kuler
    Malwarebytes Anti-Malware version 1.60.1.1000
    MarketResearch
    Mesh Runtime
    Microsoft Office 2010
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Click-to-Run 2010
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Starter 2010 - English
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable - KB2467175
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Visual Studio Tools for Applications 2.0 - ENU
    Microsoft Visual Studio Tools for Applications 2.0 Runtime
    Mobile Partner
    Mozilla Firefox 9.0.1 (x86 en-US)
    MSVCRT
    MSVCRT_amd64
    Mystery P.I. - The London Caper
    n-Track Studio
    Native Power Pack vol 1 v2.5
    Native Power Pack vol 2 v2.5
    Nero Control Center 10
    Nero ControlCenter 10 Help (CHM)
    Nero Core Components 10
    Nero DiscSpeed 10
    Nero DiscSpeed 10 Help (CHM)
    Nero Express 10
    Nero Express 10 Help (CHM)
    Nero Multimedia Suite 10 Essentials
    Nero StartSmart 10
    Nero StartSmart 10 Help (CHM)
    Nero Update
    Orbit Downloader
    PC Tools Registry Mechanic 11.0
    PC Wizard 2010.1.96
    PDF Settings CS4
    Penguins!
    Photoshop Camera Raw
    Pixel Bender Toolkit
    Plants vs. Zombies - Game of the Year
    Poczta uslugi Windows Live
    Podstawowe programy Windows Live
    Polar Bowler
    Pošta Windows Live
    QuickTime
    Raccolta foto di Windows Live
    Realtek High Definition Audio Driver
    S?????? f?t???af??? t?? Windows Live
    Scan
    SmartDraw 2009
    SolutionCenter
    SONAR 3 Producer Edition
    Sonic Foundry Sound Forge 6.0b
    Status
    Suite Shared Configuration CS4
    THX TruStudio Pro
    Toolbox
    Torchlight
    TrayApp
    UnloadSupport
    Update Installer for WildTangent Games App
    Virtual Villagers - The Secret City
    Visual Basic for Applications (R) Core
    Visual Basic for Applications (R) Core - English
    WebReg
    WebTablet IE Plugin
    WebTablet Netscape Plugin
    Wedding Dash
    Welcome Center
    WildTangent Games App (Gateway Games)
    Winamp
    Winamp Detector Plug-in
    Windows Live
    Windows Live ???
    Windows Live ????
    Windows Live Argazki Galeria
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Fotótár
    Windows Live Fotogalerie
    Windows Live Fotogalleri
    Windows Live Fotogaléria
    Windows Live Fotograf Galerisi
    Windows Live Galeria de Fotos
    Windows Live Galerija fotografija
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Temel Parçalar
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Liven asennustyökalu
    Windows Liven sähköposti
    Windows Liven valokuvavalikoima
    Yahoo! Messenger
    ZBrush 4
    Zuma Deluxe
    .
    ==== Event Viewer Messages From Past Week ========
    .
    31/03/2012 23:19:19, Error: Service Control Manager [7034] - The ASO3DiskOptimizer service terminated unexpectedly. It

    has done this 2 time(s).
    04/04/2012 2:10:07, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to

    load: luafv TfFsMon TFSysMon
    04/04/2012 2:09:25, Error: Service Control Manager [7001] - The Windows Image Acquisition (WIA) service depends on the

    Shell Hardware Detection service which failed to start because of the following error: The service cannot be started,

    either because it is disabled or because it has no enabled devices associated with it.
    04/04/2012 2:09:21, Error: Service Control Manager [7000] - The HWDeviceService64.exe service failed to start due to the

    following error: The system cannot find the file specified.
    03/04/2012 4:08:33, Error: Service Control Manager [7001] - The Network List Service service depends on the Network

    Location Awareness service which failed to start because of the following error: The dependency service or group failed to

    start.
    03/04/2012 4:08:32, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the

    service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    03/04/2012 4:08:32, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the

    service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    03/04/2012 4:08:32, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the

    service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    03/04/2012 4:08:32, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the

    service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    03/04/2012 4:08:26, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the

    service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    03/04/2012 4:08:06, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to

    load: a2injectiondriver AFD cmdGuard cmdHlp DfsC discache inspect luafv NetBIOS NetBT nsiproxy Psched rdbss spldr tdx

    TfFsMon TFSysMon vwififlt Wanarpv6 WfpLwf
    03/04/2012 4:08:06, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface

    Service service which failed to start because of the following error: The dependency service or group failed to start.
    03/04/2012 4:08:06, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary

    Function Driver for Winsock service which failed to start because of the following error: A device attached to the system

    is not functioning.
    03/04/2012 4:08:06, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on

    the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to

    the system is not functioning.
    03/04/2012 4:08:06, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB

    MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or

    group failed to start.
    03/04/2012 4:08:06, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB

    MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or

    group failed to start.
    03/04/2012 4:08:06, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI

    proxy service driver. service which failed to start because of the following error: A device attached to the system is not

    functioning.
    03/04/2012 4:08:06, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network

    Store Interface Service service which failed to start because of the following error: The dependency service or group

    failed to start.
    03/04/2012 4:08:06, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface

    Service service which failed to start because of the following error: The dependency service or group failed to start.
    03/04/2012 4:08:06, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support

    Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    03/04/2012 4:08:06, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function

    Driver for Winsock service which failed to start because of the following error: A device attached to the system is not

    functioning.
    03/04/2012 4:08:06, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the

    Application Virtualization Client service which failed to start because of the following error: The dependency service or

    group failed to start.
    03/04/2012 4:00:13, Error: Application Popup [1060] - \??\C:\Program Files (x86)\Anti Trojan Elite\ATEPMon.sys has been

    blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version

    of the driver.
    03/04/2012 13:16:50, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the

    service stisvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    03/04/2012 0:35:57, Error: PCTCore [280] -
    02/04/2012 23:33:37, Error: Service Control Manager [7030] - The ThreatFire service is marked as an interactive service.

    However, the system is configured to not allow interactive services. This service may not function properly.
    02/04/2012 23:25:27, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to

    load: luafv pctNdisLW64
    02/04/2012 23:24:20, Error: Service Control Manager [7023] - The Windows Update service terminated with the following

    error: %%-2147467243
    02/04/2012 23:24:17, Error: Service Control Manager [7038] - The sppsvc service was unable to log on as NT AUTHORITY

    \NetworkService with the currently configured password due to the following error: The security account manager (SAM) or

    local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service

    is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    02/04/2012 23:24:17, Error: Service Control Manager [7038] - The NAUpdate service was unable to log on as NT AUTHORITY

    \SYSTEM with the currently configured password due to the following error: The security account manager (SAM) or local

    security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is

    configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    02/04/2012 23:24:17, Error: Service Control Manager [7000] - The Software Protection service failed to start due to the

    following error: The service did not start due to a logon failure.
    01/04/2012 2:21:45, Error: Service Control Manager [7038] - The upnphost service was unable to log on as NT AUTHORITY

    \LocalService with the currently configured password due to the following error: The security account manager (SAM) or

    local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service

    is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    01/04/2012 2:21:45, Error: Service Control Manager [7000] - The UPnP Device Host service failed to start due to the

    following error: The service did not start due to a logon failure.
    01/04/2012 2:21:45, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the

    service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
    01/04/2012 0:57:57, Error: Service Control Manager [7034] - The ASO3DiskOptimizer service terminated unexpectedly. It has

    done this 1 time(s).
    .
    ==== End Of File ===========================

    That's all the report, please! help me! I'm in panic right now.. thanks before..
    My timezone is GMT +7
    and I'm using Comodo Internet Security premium with firewall, emsisoft antimalware, and MBAM Pro
  4. Broni

    Broni Malware Annihilator Posts: 46,164   +251

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ================================================================

    Please disable "word wrap" in Notepad as your logs are hard to read.

    Uninstall Advanced System Optimizer.
    Registry cleaners/optimizers are not recommended for several reasons:

    • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

      The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
    • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
    • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
    • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
    • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".
    Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.


    ==================================================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ==================================================================

    Download Bootkit Remover to your desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
  5. Razer

    Razer TechSpot Enthusiast Topic Starter Posts: 131   +11

    Thank you, Broni, for your reply.

    for your information, there's anomaly, right after I posted all my logs above (Mbam, Gmer, DDS logs), Comodo Internet Security (CIS) detected file at
    C:\users\razhar\appdata\local\google\chrome\user data\default\cache\f_000047 as unrecognized file
    and put it on Defense+

    I've uninstalled Advanced System Optimizer
    here is the Logs:


    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-04-04 08:25:40
    -----------------------------
    08:25:40.162 OS Version: Windows x64 6.1.7601 Service Pack 1
    08:25:40.162 Number of processors: 4 586 0x2A07
    08:25:40.172 ComputerName: RAZHAR-PC UserName: Razhar
    08:25:40.972 Initialze error C000010E - driver not loaded
    08:25:41.122 write error "aswCmnB.dll". The process cannot access the file because it is being used by another process.
    08:54:32.371 Service scanning
    08:54:48.661 Modules scanning
    08:54:48.661 Disk 0 trace - called modules:
    08:54:48.661
    08:54:48.661 Scan finished successfully
    08:55:01.801 The log file has been saved successfully to "C:\Users\Razhar\Desktop\aswMBR.txt"



    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows 7 Home Premium Edition Service Pack 1 (build 7601)
    , 64-bit

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000004`6b500000

    Size Device Name MBR Status
    --------------------------------------------
    465 GB \\.\PhysicalDrive0 Controlled by rootkit!

    Boot code on some of your physical disks is hidden by a rootkit.
    To disinfect the master boot sector, use the following command:
    remover.exe fix <device_name>
    To inspect the boot code manually, dump the master boot sector:
    remover.exe dump <device_name> [output_file]


    Done;
    Press any key to quit...


    From now I'll follow your instructions as soon as possible
  6. Broni

    Broni Malware Annihilator Posts: 46,164   +251

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  7. Razer

    Razer TechSpot Enthusiast Topic Starter Posts: 131   +11

    After I run scan with TDSS killer, the scan only last 19 seconds, processed 468 objects
    founds: 0 threats
    neutralized : 0 threats
    quarantined: 0 objects
    details said all OK (if I checked information messages), if I don't checked it, the scan result just blank

    here is the log, there are two logs generated

    filename: TDSSKiller.2.7.25.0_04.04.2012_10.36.07_log

    10:36:07.0254 5328 TDSS rootkit removing tool 2.7.25.0 Apr 3 2012 13:42:32
    10:36:07.0479 5328 ============================================================
    10:36:07.0479 5328 Current date / time: 2012/04/04 10:36:07.0479
    10:36:07.0479 5328 SystemInfo:
    10:36:07.0479 5328
    10:36:07.0479 5328 OS Version: 6.1.7601 ServicePack: 1.0
    10:36:07.0479 5328 Product type: Workstation
    10:36:07.0479 5328 ComputerName: RAZHAR-PC
    10:36:07.0479 5328 UserName: Razhar
    10:36:07.0479 5328 Windows directory: C:\Windows
    10:36:07.0479 5328 System windows directory: C:\Windows
    10:36:07.0479 5328 Running under WOW64
    10:36:07.0479 5328 Processor architecture: Intel x64
    10:36:07.0479 5328 Number of processors: 4
    10:36:07.0479 5328 Page size: 0x1000
    10:36:07.0479 5328 Boot type: Normal boot
    10:36:07.0479 5328 ============================================================
    10:36:08.0127 5328 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    10:36:08.0167 5328 \Device\Harddisk0\DR0:
    10:36:08.0167 5328 MBR used
    10:36:08.0167 5328 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2328800, BlocksNum 0x32000
    10:36:08.0167 5328 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x235A800, BlocksNum 0x1C3FE830
    10:36:08.0180 5328 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E75A000, BlocksNum 0x1BC2B800
    10:36:08.0327 5328 Initialize success
    10:36:08.0327 5328 ============================================================
    10:36:12.0364 6676 Deinitialize success

    continue..
  8. Razer

    Razer TechSpot Enthusiast Topic Starter Posts: 131   +11

    here is the second log
    filename: TDSSKiller.2.7.25.0_04.04.2012_10.36.13_log


    10:36:13.0215 5292 TDSS rootkit removing tool 2.7.25.0 Apr 3 2012 13:42:32
    10:36:13.0235 5292 ============================================================
    10:36:13.0235 5292 Current date / time: 2012/04/04 10:36:13.0235
    10:36:13.0235 5292 SystemInfo:
    10:36:13.0235 5292
    10:36:13.0235 5292 OS Version: 6.1.7601 ServicePack: 1.0
    10:36:13.0235 5292 Product type: Workstation
    10:36:13.0235 5292 ComputerName: RAZHAR-PC
    10:36:13.0235 5292 UserName: Razhar
    10:36:13.0235 5292 Windows directory: C:\Windows
    10:36:13.0235 5292 System windows directory: C:\Windows
    10:36:13.0235 5292 Running under WOW64
    10:36:13.0235 5292 Processor architecture: Intel x64
    10:36:13.0235 5292 Number of processors: 4
    10:36:13.0235 5292 Page size: 0x1000
    10:36:13.0235 5292 Boot type: Normal boot
    10:36:13.0235 5292 ============================================================
    10:36:13.0511 5292 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    10:36:13.0526 5292 \Device\Harddisk0\DR0:
    10:36:13.0526 5292 MBR used
    10:36:13.0526 5292 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2328800, BlocksNum 0x32000
    10:36:13.0526 5292 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x235A800, BlocksNum 0x1C3FE830
    10:36:13.0548 5292 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E75A000, BlocksNum 0x1BC2B800
    10:36:13.0624 5292 Initialize success
    10:36:13.0624 5292 ============================================================
    10:36:26.0590 5984 ============================================================
    10:36:26.0590 5984 Scan started
    10:36:26.0590 5984 Mode: Manual;
    10:36:26.0590 5984 ============================================================
    10:36:27.0556 5984 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
    10:36:27.0559 5984 1394ohci - ok
    10:36:27.0647 5984 a2acc (922ab7cc2c12c38dc2c4074af893d5fb) C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys
    10:36:27.0648 5984 a2acc - ok
    10:36:27.0719 5984 a2AntiMalware (5a65a77f7a4a091e896c21db4ef18e1f) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
    10:36:27.0765 5984 a2AntiMalware - ok
    10:36:27.0795 5984 A2DDA (3044d0f3feb9ffe8bc953d8f34b5b504) C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys
    10:36:27.0796 5984 A2DDA - ok
    10:36:27.0816 5984 a2injectiondriver (905cda5a8d86f733df8000909b4916ed) C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys
    10:36:27.0817 5984 a2injectiondriver - ok
    10:36:27.0826 5984 a2util (e41d79682a209f72f4f578cfd4a53952) C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys
    10:36:27.0827 5984 a2util - ok
    10:36:27.0915 5984 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
    10:36:27.0918 5984 ACPI - ok
    10:36:27.0945 5984 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
    10:36:27.0946 5984 AcpiPmi - ok
    10:36:27.0995 5984 adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys
    10:36:27.0996 5984 adfs - ok
    10:36:28.0082 5984 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    10:36:28.0084 5984 AdobeFlashPlayerUpdateSvc - ok
    10:36:28.0153 5984 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
    10:36:28.0158 5984 adp94xx - ok
    10:36:28.0187 5984 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
    10:36:28.0190 5984 adpahci - ok
    10:36:28.0208 5984 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
    10:36:28.0210 5984 adpu320 - ok
    10:36:28.0236 5984 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
    10:36:28.0237 5984 AeLookupSvc - ok
    10:36:28.0285 5984 AFD (d31dc7a16dea4a9baf179f3d6fbdb38c) C:\Windows\system32\drivers\afd.sys
    10:36:28.0289 5984 AFD - ok
    10:36:28.0327 5984 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
    10:36:28.0328 5984 agp440 - ok
    10:36:28.0350 5984 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
    10:36:28.0351 5984 ALG - ok
    10:36:28.0381 5984 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
    10:36:28.0382 5984 aliide - ok
    10:36:28.0397 5984 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
    10:36:28.0398 5984 amdide - ok
    10:36:28.0430 5984 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
    10:36:28.0431 5984 AmdK8 - ok
    10:36:28.0446 5984 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
    10:36:28.0448 5984 AmdPPM - ok
    10:36:28.0479 5984 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
    10:36:28.0481 5984 amdsata - ok
    10:36:28.0519 5984 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
    10:36:28.0521 5984 amdsbs - ok
    10:36:28.0533 5984 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
    10:36:28.0534 5984 amdxata - ok
    10:36:28.0570 5984 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
    10:36:28.0571 5984 AppID - ok
    10:36:28.0597 5984 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
    10:36:28.0598 5984 AppIDSvc - ok
    10:36:28.0609 5984 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
    10:36:28.0610 5984 Appinfo - ok
    10:36:28.0654 5984 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
    10:36:28.0655 5984 arc - ok
    10:36:28.0672 5984 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
    10:36:28.0674 5984 arcsas - ok
    10:36:28.0788 5984 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
    10:36:28.0831 5984 aspnet_state - ok
    10:36:28.0887 5984 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    10:36:28.0888 5984 AsyncMac - ok
    10:36:28.0936 5984 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
    10:36:28.0937 5984 atapi - ok
    10:36:28.0964 5984 ATE_PROCMON - ok
    10:36:29.0012 5984 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
    10:36:29.0019 5984 AudioEndpointBuilder - ok
    10:36:29.0028 5984 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
    10:36:29.0032 5984 AudioSrv - ok
    10:36:29.0072 5984 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
    10:36:29.0074 5984 AxInstSV - ok
    10:36:29.0134 5984 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
    10:36:29.0138 5984 b06bdrv - ok
    10:36:29.0156 5984 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    10:36:29.0159 5984 b57nd60a - ok
    10:36:29.0217 5984 BBSvc (93ee7d9c35ae7e9ffda148d7805f1421) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
    10:36:29.0219 5984 BBSvc - ok
    10:36:29.0291 5984 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
    10:36:29.0292 5984 BDESVC - ok
    10:36:29.0322 5984 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    10:36:29.0323 5984 Beep - ok
    10:36:29.0383 5984 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
    10:36:29.0389 5984 BFE - ok
    10:36:29.0433 5984 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
    10:36:29.0492 5984 BITS - ok
    10:36:29.0573 5984 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
    10:36:29.0574 5984 blbdrive - ok
    10:36:29.0611 5984 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
    10:36:29.0612 5984 bowser - ok
    10:36:29.0637 5984 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
    10:36:29.0638 5984 BrFiltLo - ok
    10:36:29.0656 5984 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
    10:36:29.0657 5984 BrFiltUp - ok
    10:36:29.0683 5984 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
    10:36:29.0685 5984 Browser - ok
    10:36:29.0713 5984 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    10:36:29.0716 5984 Brserid - ok
    10:36:29.0728 5984 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    10:36:29.0730 5984 BrSerWdm - ok
    10:36:29.0756 5984 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    10:36:29.0757 5984 BrUsbMdm - ok
    10:36:29.0764 5984 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    10:36:29.0765 5984 BrUsbSer - ok
    10:36:29.0808 5984 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
    10:36:29.0809 5984 BthEnum - ok
    10:36:29.0858 5984 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    10:36:29.0859 5984 BTHMODEM - ok
    10:36:29.0893 5984 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
    10:36:29.0895 5984 BthPan - ok
    10:36:29.0947 5984 BTHPORT (0d25b6d300ba26a5f2c3b2a8e96b158b) C:\Windows\system32\Drivers\BTHport.sys
    10:36:29.0952 5984 BTHPORT - ok
    10:36:29.0989 5984 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
    10:36:29.0990 5984 bthserv - ok
    10:36:30.0011 5984 BTHUSB (1f9912f8ec5bfa53432e71e150636a8a) C:\Windows\system32\Drivers\BTHUSB.sys
    10:36:30.0013 5984 BTHUSB - ok
    10:36:30.0058 5984 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    10:36:30.0059 5984 cdfs - ok
    10:36:30.0090 5984 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
    10:36:30.0092 5984 cdrom - ok
    10:36:30.0127 5984 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
    10:36:30.0128 5984 CertPropSvc - ok
    10:36:30.0158 5984 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
    10:36:30.0159 5984 circlass - ok
    10:36:30.0181 5984 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    10:36:30.0184 5984 CLFS - ok
    10:36:30.0233 5984 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    10:36:30.0265 5984 clr_optimization_v2.0.50727_32 - ok
    10:36:30.0289 5984 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    10:36:30.0292 5984 clr_optimization_v2.0.50727_64 - ok
    10:36:30.0352 5984 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    10:36:30.0397 5984 clr_optimization_v4.0.30319_32 - ok
    10:36:30.0427 5984 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    10:36:30.0431 5984 clr_optimization_v4.0.30319_64 - ok
    10:36:30.0502 5984 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys
    10:36:30.0503 5984 clwvd - ok
    10:36:30.0545 5984 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
    10:36:30.0546 5984 CmBatt - ok
    10:36:30.0686 5984 cmdAgent (cee48ccc4d561ddb19c72f9fb55d28d5) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    10:36:30.0698 5984 cmdAgent - ok
    10:36:30.0806 5984 cmderd (7eac5e62f0b93262984d450e0d497b61) C:\Windows\system32\DRIVERS\cmderd.sys
    10:36:30.0807 5984 cmderd - ok
    10:36:30.0859 5984 cmdGuard (0599d5a458d4e0e37ab84e9d1c5c73e5) C:\Windows\system32\DRIVERS\cmdguard.sys
    10:36:30.0864 5984 cmdGuard - ok
    10:36:30.0877 5984 cmdHlp (2d3e08c7106f748f9eff3dec14142d3e) C:\Windows\system32\DRIVERS\cmdhlp.sys
    10:36:30.0879 5984 cmdHlp - ok
    10:36:30.0903 5984 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
    10:36:30.0904 5984 cmdide - ok
    10:36:30.0935 5984 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
    10:36:30.0939 5984 CNG - ok
    10:36:30.0968 5984 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
    10:36:30.0969 5984 Compbatt - ok
    10:36:30.0998 5984 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
    10:36:30.0999 5984 CompositeBus - ok
    10:36:31.0019 5984 COMSysApp - ok
    10:36:31.0121 5984 cpuz134 (17719a7f571d4cd08223f0b30f71b8b8) C:\Program Files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys
    10:36:31.0122 5984 cpuz134 - ok
    10:36:31.0154 5984 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
    10:36:31.0155 5984 crcdisk - ok
    10:36:31.0203 5984 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
    10:36:31.0205 5984 CryptSvc - ok
    10:36:31.0328 5984 cvhsvc (61a86809b62769643892bc0812b204aa) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    10:36:31.0334 5984 cvhsvc - ok
    10:36:31.0426 5984 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
    10:36:31.0431 5984 DcomLaunch - ok
    10:36:31.0463 5984 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
    10:36:31.0466 5984 defragsvc - ok
    10:36:31.0502 5984 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
    10:36:31.0503 5984 DfsC - ok
    10:36:31.0545 5984 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
    10:36:31.0548 5984 Dhcp - ok
    10:36:31.0579 5984 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    10:36:31.0580 5984 discache - ok
    10:36:31.0621 5984 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
    10:36:31.0622 5984 Disk - ok
    10:36:31.0641 5984 Dnscache (cd55f5355d8f55d44c9f4ed875705bd6) C:\Windows\System32\dnsrslvr.dll
    10:36:31.0643 5984 Dnscache - ok
    10:36:31.0682 5984 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
    10:36:31.0685 5984 dot3svc - ok
    10:36:31.0753 5984 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
    10:36:31.0755 5984 Dot4 - ok
    10:36:31.0805 5984 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys
    10:36:31.0806 5984 Dot4Print - ok
    10:36:31.0843 5984 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
    10:36:31.0844 5984 dot4usb - ok
    10:36:31.0869 5984 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
    10:36:31.0872 5984 DPS - ok
    10:36:31.0938 5984 DragonUpdater (af4634542c818a8b4182d41e7f00e363) C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
    10:36:31.0942 5984 DragonUpdater - ok
    10:36:32.0034 5984 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    10:36:32.0035 5984 drmkaud - ok
    10:36:32.0095 5984 dtsoftbus01 (fb9bef3401ee5ecc2603311b9c64f44a) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
    10:36:32.0098 5984 dtsoftbus01 - ok
    10:36:32.0195 5984 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
    10:36:32.0205 5984 DXGKrnl - ok
    10:36:32.0249 5984 e1cexpress (6bafd9819d9fec2edbaebc8493c711a4) C:\Windows\system32\DRIVERS\e1c62x64.sys
    10:36:32.0252 5984 e1cexpress - ok
    10:36:32.0284 5984 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
    10:36:32.0286 5984 EapHost - ok
    10:36:32.0352 5984 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
    10:36:32.0402 5984 ebdrv - ok
    10:36:32.0444 5984 EFS (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\System32\lsass.exe
    10:36:32.0445 5984 EFS - ok
    10:36:32.0503 5984 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
    10:36:32.0522 5984 ehRecvr - ok
    10:36:32.0552 5984 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
    10:36:32.0554 5984 ehSched - ok
    10:36:32.0628 5984 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
    10:36:32.0634 5984 elxstor - ok
    10:36:32.0645 5984 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
    10:36:32.0646 5984 ErrDev - ok
    10:36:32.0688 5984 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
    10:36:32.0691 5984 EventSystem - ok
    10:36:32.0717 5984 ewusbnet - ok
    10:36:32.0724 5984 ew_hwusbdev - ok
    10:36:32.0754 5984 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    10:36:32.0756 5984 exfat - ok
    10:36:32.0773 5984 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    10:36:32.0775 5984 fastfat - ok
    10:36:32.0823 5984 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
    10:36:32.0829 5984 Fax - ok
    10:36:32.0866 5984 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
    10:36:32.0867 5984 fdc - ok
    10:36:32.0899 5984 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
    10:36:32.0900 5984 fdPHost - ok
    10:36:32.0915 5984 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
    10:36:32.0916 5984 FDResPub - ok
    10:36:32.0952 5984 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    10:36:32.0954 5984 FileInfo - ok
    10:36:32.0961 5984 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    10:36:32.0962 5984 Filetrace - ok
    10:36:33.0060 5984 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    10:36:33.0067 5984 FLEXnet Licensing Service - ok
    10:36:33.0155 5984 FLEXnet Licensing Service 64 (5cee6cd43ae5844c49300ea0b1e557ee) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
    10:36:33.0179 5984 FLEXnet Licensing Service 64 - ok
    10:36:33.0268 5984 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
    10:36:33.0270 5984 flpydisk - ok
    10:36:33.0284 5984 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
    10:36:33.0287 5984 FltMgr - ok
    10:36:33.0325 5984 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
    10:36:33.0339 5984 FontCache - ok
    10:36:33.0377 5984 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    10:36:33.0379 5984 FontCache3.0.0.0 - ok
    10:36:33.0446 5984 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    10:36:33.0447 5984 FsDepends - ok
    10:36:33.0467 5984 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
    10:36:33.0468 5984 Fs_Rec - ok
    10:36:33.0494 5984 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
    10:36:33.0497 5984 fvevol - ok
    10:36:33.0514 5984 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
    10:36:33.0515 5984 gagp30kx - ok
    10:36:33.0601 5984 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
    10:36:33.0603 5984 GamesAppService - ok
    10:36:33.0697 5984 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
    10:36:33.0703 5984 gpsvc - ok
    10:36:33.0807 5984 GREGService (0191dee9b9eb7902af2cf4f67301095d) C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
    10:36:33.0807 5984 GREGService - ok
    10:36:33.0891 5984 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    10:36:33.0893 5984 hcw85cir - ok
    10:36:33.0926 5984 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
    10:36:33.0930 5984 HdAudAddService - ok
    10:36:33.0967 5984 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
    10:36:33.0969 5984 HDAudBus - ok
    10:36:33.0988 5984 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
    10:36:33.0989 5984 HidBatt - ok
    10:36:34.0018 5984 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
    10:36:34.0019 5984 HidBth - ok
    10:36:34.0051 5984 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
    10:36:34.0052 5984 HidIr - ok
    10:36:34.0073 5984 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
    10:36:34.0074 5984 hidserv - ok
    10:36:34.0115 5984 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
    10:36:34.0116 5984 HidUsb - ok
    10:36:34.0163 5984 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
    10:36:34.0165 5984 hkmsvc - ok
    10:36:34.0196 5984 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
    10:36:34.0199 5984 HomeGroupListener - ok
    10:36:34.0216 5984 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
    10:36:34.0218 5984 HomeGroupProvider - ok
    10:36:34.0315 5984 hpqcxs08 (1dae5c46d42b02a6d5862e1482efb390) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
    10:36:34.0318 5984 hpqcxs08 - ok
    10:36:34.0338 5984 hpqddsvc (99e8eef42fe2f4af29b08c3355dd7685) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
    10:36:34.0340 5984 hpqddsvc - ok
    10:36:34.0427 5984 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
    10:36:34.0429 5984 HpSAMD - ok
    10:36:34.0455 5984 HPSLPSVC (7f57926169c1b8aba9274ea7d4b70f18) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
    10:36:34.0466 5984 HPSLPSVC - ok
    10:36:34.0556 5984 HSPADataCardusbmdm (112dc5ab9f0257416455ee98e96205a7) C:\Windows\system32\DRIVERS\HSPADataCardusbmdm.sys
    10:36:34.0557 5984 HSPADataCardusbmdm - ok
    10:36:34.0595 5984 HSPADataCardusbnmea (112dc5ab9f0257416455ee98e96205a7) C:\Windows\system32\DRIVERS\HSPADataCardusbnmea.sys
    10:36:34.0597 5984 HSPADataCardusbnmea - ok
    10:36:34.0621 5984 HSPADataCardusbser (112dc5ab9f0257416455ee98e96205a7) C:\Windows\system32\DRIVERS\HSPADataCardusbser.sys
    10:36:34.0623 5984 HSPADataCardusbser - ok
    10:36:34.0672 5984 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
    10:36:34.0678 5984 HTTP - ok
    10:36:34.0685 5984 huawei_enumerator - ok
    10:36:34.0726 5984 hwdatacard (21f59a1e203f637563c7fff5de2b2b85) C:\Windows\system32\DRIVERS\ewusbmdm.sys
    10:36:34.0728 5984 hwdatacard - ok
    10:36:34.0787 5984 HWDeviceService64.exe - ok
    10:36:34.0809 5984 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
    10:36:34.0810 5984 hwpolicy - ok
    10:36:34.0856 5984 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
    10:36:34.0857 5984 i8042prt - ok
    10:36:34.0907 5984 iaStor (d7921d5a870b11cc1adab198a519d50a) C:\Windows\system32\drivers\iaStor.sys
    10:36:34.0909 5984 iaStor - ok
    10:36:34.0977 5984 IAStorDataMgrSvc (8fff9083252c16fe3960173722605e9e) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    10:36:34.0978 5984 IAStorDataMgrSvc - ok
    10:36:35.0039 5984 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
    10:36:35.0043 5984 iaStorV - ok
    10:36:35.0111 5984 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    10:36:35.0119 5984 idsvc - ok
    10:36:35.0319 5984 igfx (bc610abb825504272364efe4c831e672) C:\Windows\system32\DRIVERS\igdkmd64.sys
    10:36:35.0473 5984 igfx - ok
    10:36:35.0538 5984 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
    10:36:35.0539 5984 iirsp - ok
    10:36:35.0571 5984 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
    10:36:35.0578 5984 IKEEXT - ok
    10:36:35.0643 5984 inspect (efff0afd27cc97bf0e5e0bab78419de7) C:\Windows\system32\DRIVERS\inspect.sys
    10:36:35.0645 5984 inspect - ok
    10:36:35.0754 5984 IntcAzAudAddService (150ac23f21dbdbf8488408ba944b0d65) C:\Windows\system32\drivers\RTKVHD64.sys
    10:36:35.0839 5984 IntcAzAudAddService - ok
    10:36:35.0892 5984 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
    10:36:35.0894 5984 intelide - ok
    10:36:35.0918 5984 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    10:36:35.0919 5984 intelppm - ok
    10:36:35.0960 5984 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
    10:36:35.0962 5984 IPBusEnum - ok
    10:36:35.0976 5984 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    10:36:35.0977 5984 IpFilterDriver - ok
    10:36:36.0029 5984 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
    10:36:36.0034 5984 iphlpsvc - ok
    10:36:36.0052 5984 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
    10:36:36.0053 5984 IPMIDRV - ok
    10:36:36.0064 5984 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    10:36:36.0065 5984 IPNAT - ok
    10:36:36.0096 5984 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    10:36:36.0097 5984 IRENUM - ok
    10:36:36.0104 5984 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
    10:36:36.0105 5984 isapnp - ok
    10:36:36.0139 5984 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
    10:36:36.0141 5984 iScsiPrt - ok
    10:36:36.0158 5984 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
    10:36:36.0159 5984 kbdclass - ok
    10:36:36.0179 5984 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
    10:36:36.0180 5984 kbdhid - ok
    10:36:36.0210 5984 KeyIso (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
    10:36:36.0211 5984 KeyIso - ok
    10:36:36.0247 5984 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
    10:36:36.0248 5984 KSecDD - ok
    10:36:36.0267 5984 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
    10:36:36.0269 5984 KSecPkg - ok
    10:36:36.0282 5984 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    10:36:36.0283 5984 ksthunk - ok
    10:36:36.0304 5984 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
    10:36:36.0308 5984 KtmRm - ok
    10:36:36.0345 5984 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
    10:36:36.0349 5984 LanmanServer - ok
    10:36:36.0372 5984 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
    10:36:36.0376 5984 LanmanWorkstation - ok
    10:36:36.0441 5984 Live Updater Service (6bcee9c766815bfff89de7d81af34ce1) C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
    10:36:36.0444 5984 Live Updater Service - ok
    10:36:36.0499 5984 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    10:36:36.0500 5984 lltdio - ok
    10:36:36.0529 5984 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
    10:36:36.0532 5984 lltdsvc - ok
    10:36:36.0566 5984 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
    10:36:36.0568 5984 lmhosts - ok
    10:36:36.0644 5984 LMS (a63b719f4f8657f3fcd84436d09378c8) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    10:36:36.0647 5984 LMS - ok
    10:36:36.0697 5984 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
    10:36:36.0698 5984 LSI_FC - ok
    10:36:36.0717 5984 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
    10:36:36.0718 5984 LSI_SAS - ok
    10:36:36.0737 5984 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
    10:36:36.0738 5984 LSI_SAS2 - ok
    10:36:36.0746 5984 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
    10:36:36.0748 5984 LSI_SCSI - ok
    10:36:36.0776 5984 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    10:36:36.0777 5984 luafv - ok
    10:36:36.0823 5984 massfilter (035c83cd72e06c47000793d32b1a642d) C:\Windows\system32\drivers\massfilter.sys
    10:36:36.0824 5984 massfilter - ok
    10:36:36.0878 5984 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
    10:36:36.0879 5984 MBAMProtector - ok
    10:36:36.0947 5984 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    10:36:36.0953 5984 MBAMService - ok
    10:36:36.0988 5984 MBfilt (8ff2d95cba49b405c5de27039ff0bf35) C:\Windows\system32\drivers\MBfilt64.sys
    10:36:36.0989 5984 MBfilt - ok
    10:36:37.0016 5984 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
    10:36:37.0018 5984 Mcx2Svc - ok
    10:36:37.0134 5984 MDM (7cf1b716372b89568ae4c0fe769f5869) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    10:36:37.0137 5984 MDM - ok
    10:36:37.0161 5984 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
    10:36:37.0163 5984 megasas - ok
    10:36:37.0193 5984 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
    10:36:37.0196 5984 MegaSR - ok
    10:36:37.0243 5984 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
    10:36:37.0244 5984 MEIx64 - ok
    10:36:37.0374 5984 mi-raysat_3dsmax2012_64 (e2fc06a57c62282ed57f15546d14f5d7) C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe
    10:36:37.0377 5984 mi-raysat_3dsmax2012_64 - ok
    10:36:37.0447 5984 Microsoft Office Groove Audit Service (fafe367d032ed82e9332b4c741a20216) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
    10:36:37.0448 5984 Microsoft Office Groove Audit Service - ok
    10:36:37.0529 5984 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    10:36:37.0530 5984 MMCSS - ok
    10:36:37.0564 5984 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    10:36:37.0565 5984 Modem - ok
    10:36:37.0595 5984 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    10:36:37.0597 5984 monitor - ok
    10:36:37.0626 5984 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
    10:36:37.0627 5984 mouclass - ok
    10:36:37.0661 5984 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    10:36:37.0662 5984 mouhid - ok
    10:36:37.0692 5984 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
    10:36:37.0693 5984 mountmgr - ok
    10:36:37.0712 5984 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
    10:36:37.0714 5984 mpio - ok
    10:36:37.0729 5984 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    10:36:37.0730 5984 mpsdrv - ok
    10:36:37.0764 5984 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
    10:36:37.0771 5984 MpsSvc - ok
    10:36:37.0785 5984 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
    10:36:37.0787 5984 MRxDAV - ok
    10:36:37.0800 5984 mrxsmb (faf015b07e3a2874a790a39b7d2c579f) C:\Windows\system32\DRIVERS\mrxsmb.sys
    10:36:37.0803 5984 mrxsmb - ok
    10:36:37.0819 5984 mrxsmb10 (08e2345df129082bcdffdc1440f9c00d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    10:36:37.0822 5984 mrxsmb10 - ok
    10:36:37.0838 5984 mrxsmb20 (108d87409c5812ef47d81e22843e8c9d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    10:36:37.0840 5984 mrxsmb20 - ok
    10:36:37.0853 5984 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
    10:36:37.0854 5984 msahci - ok
    10:36:37.0868 5984 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
    10:36:37.0870 5984 msdsm - ok
    10:36:37.0890 5984 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
    10:36:37.0892 5984 MSDTC - ok
    10:36:37.0913 5984 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    10:36:37.0914 5984 Msfs - ok
    10:36:37.0947 5984 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    10:36:37.0948 5984 mshidkmdf - ok
    10:36:37.0963 5984 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d)

    continue..
  9. Razer

    Razer TechSpot Enthusiast Topic Starter Posts: 131   +11

    C:\Windows\system32\drivers\msisadrv.sys
    10:36:37.0964 5984 msisadrv - ok
    10:36:37.0989 5984 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
    10:36:37.0991 5984 MSiSCSI - ok
    10:36:37.0997 5984 msiserver - ok
    10:36:38.0032 5984 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    10:36:38.0033 5984 MSKSSRV - ok
    10:36:38.0048 5984 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    10:36:38.0049 5984 MSPCLOCK - ok
    10:36:38.0057 5984 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    10:36:38.0058 5984 MSPQM - ok
    10:36:38.0081 5984 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
    10:36:38.0084 5984 MsRPC - ok
    10:36:38.0112 5984 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
    10:36:38.0113 5984 mssmbios - ok
    10:36:38.0126 5984 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    10:36:38.0127 5984 MSTEE - ok
    10:36:38.0158 5984 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
    10:36:38.0159 5984 MTConfig - ok
    10:36:38.0178 5984 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    10:36:38.0180 5984 Mup - ok
    10:36:38.0205 5984 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
    10:36:38.0210 5984 napagent - ok
    10:36:38.0251 5984 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    10:36:38.0254 5984 NativeWifiP - ok
    10:36:38.0319 5984 NAUpdate (9d1cce440552500ded3a62f9d779cdb4) C:\Program Files (x86)\Nero\Update\NASvc.exe
    10:36:38.0323 5984 NAUpdate - ok
    10:36:38.0350 5984 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
    10:36:38.0360 5984 NDIS - ok
    10:36:38.0397 5984 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    10:36:38.0398 5984 NdisCap - ok
    10:36:38.0425 5984 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    10:36:38.0426 5984 NdisTapi - ok
    10:36:38.0451 5984 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
    10:36:38.0452 5984 Ndisuio - ok
    10:36:38.0467 5984 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
    10:36:38.0469 5984 NdisWan - ok
    10:36:38.0480 5984 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
    10:36:38.0481 5984 NDProxy - ok
    10:36:38.0515 5984 Net Driver HPZ12 (d5ac41ae382738483faffbd7e373d49a) C:\Windows\system32\HPZinw12.dll
    10:36:38.0516 5984 Net Driver HPZ12 - ok
    10:36:38.0533 5984 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    10:36:38.0534 5984 NetBIOS - ok
    10:36:38.0552 5984 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
    10:36:38.0555 5984 NetBT - ok
    10:36:38.0585 5984 Netlogon (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
    10:36:38.0586 5984 Netlogon - ok
    10:36:38.0635 5984 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
    10:36:38.0639 5984 Netman - ok
    10:36:38.0721 5984 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    10:36:38.0733 5984 NetMsmqActivator - ok
    10:36:38.0757 5984 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    10:36:38.0758 5984 NetPipeActivator - ok
    10:36:38.0782 5984 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
    10:36:38.0786 5984 netprofm - ok
    10:36:38.0791 5984 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    10:36:38.0792 5984 NetTcpActivator - ok
    10:36:38.0797 5984 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    10:36:38.0798 5984 NetTcpPortSharing - ok
    10:36:38.0836 5984 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
    10:36:38.0837 5984 nfrd960 - ok
    10:36:38.0870 5984 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
    10:36:38.0874 5984 NlaSvc - ok
    10:36:38.0883 5984 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    10:36:38.0884 5984 Npfs - ok
    10:36:38.0899 5984 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
    10:36:38.0901 5984 nsi - ok
    10:36:38.0917 5984 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    10:36:38.0918 5984 nsiproxy - ok
    10:36:38.0956 5984 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
    10:36:38.0982 5984 Ntfs - ok
    10:36:38.0998 5984 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    10:36:38.0999 5984 Null - ok
    10:36:39.0027 5984 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
    10:36:39.0029 5984 nvraid - ok
    10:36:39.0057 5984 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
    10:36:39.0059 5984 nvstor - ok
    10:36:39.0090 5984 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
    10:36:39.0092 5984 nv_agp - ok
    10:36:39.0182 5984 odserv (84de1dd996b48b05ace31ad015fa108a) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    10:36:39.0187 5984 odserv - ok
    10:36:39.0202 5984 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
    10:36:39.0204 5984 ohci1394 - ok
    10:36:39.0253 5984 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    10:36:39.0255 5984 ose - ok
    10:36:39.0367 5984 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    10:36:39.0437 5984 osppsvc - ok
    10:36:39.0467 5984 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    10:36:39.0472 5984 p2pimsvc - ok
    10:36:39.0495 5984 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
    10:36:39.0500 5984 p2psvc - ok
    10:36:39.0533 5984 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
    10:36:39.0534 5984 Parport - ok
    10:36:39.0550 5984 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
    10:36:39.0551 5984 partmgr - ok
    10:36:39.0568 5984 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
    10:36:39.0571 5984 PcaSvc - ok
    10:36:39.0589 5984 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
    10:36:39.0592 5984 pci - ok
    10:36:39.0618 5984 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
    10:36:39.0619 5984 pciide - ok
    10:36:39.0637 5984 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
    10:36:39.0639 5984 pcmcia - ok
    10:36:39.0775 5984 PCToolsSSDMonitorSvc (a0937771070bf59468b4939dd0ae59fd) C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
    10:36:39.0781 5984 PCToolsSSDMonitorSvc - ok
    10:36:39.0799 5984 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    10:36:39.0800 5984 pcw - ok
    10:36:39.0826 5984 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    10:36:39.0832 5984 PEAUTH - ok
    10:36:39.0875 5984 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
    10:36:39.0877 5984 PerfHost - ok
    10:36:39.0917 5984 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
    10:36:39.0942 5984 pla - ok
    10:36:39.0992 5984 PlugPlay (b806e50427511bcf4ad8e8239c3e25fa) C:\Windows\system32\umpnpmgr.dll
    10:36:39.0996 5984 PlugPlay - ok
    10:36:40.0035 5984 Pml Driver HPZ12 (37f6046cdc630442d7dc087501ff6fc6) C:\Windows\system32\HPZipm12.dll
    10:36:40.0036 5984 Pml Driver HPZ12 - ok
    10:36:40.0055 5984 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
    10:36:40.0057 5984 PNRPAutoReg - ok
    10:36:40.0075 5984 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
    10:36:40.0078 5984 PNRPsvc - ok
    10:36:40.0105 5984 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
    10:36:40.0110 5984 PolicyAgent - ok
    10:36:40.0119 5984 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
    10:36:40.0132 5984 Power - ok
    10:36:40.0180 5984 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
    10:36:40.0182 5984 PptpMiniport - ok
    10:36:40.0199 5984 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
    10:36:40.0201 5984 Processor - ok
    10:36:40.0222 5984 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
    10:36:40.0224 5984 ProfSvc - ok
    10:36:40.0235 5984 ProtectedStorage (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
    10:36:40.0236 5984 ProtectedStorage - ok
    10:36:40.0270 5984 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
    10:36:40.0271 5984 Psched - ok
    10:36:40.0317 5984 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
    10:36:40.0341 5984 ql2300 - ok
    10:36:40.0360 5984 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
    10:36:40.0361 5984 ql40xx - ok
    10:36:40.0385 5984 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
    10:36:40.0388 5984 QWAVE - ok
    10:36:40.0400 5984 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    10:36:40.0401 5984 QWAVEdrv - ok
    10:36:40.0418 5984 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    10:36:40.0418 5984 RasAcd - ok
    10:36:40.0457 5984 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    10:36:40.0458 5984 RasAgileVpn - ok
    10:36:40.0473 5984 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
    10:36:40.0475 5984 RasAuto - ok
    10:36:40.0490 5984 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
    10:36:40.0491 5984 Rasl2tp - ok
    10:36:40.0538 5984 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
    10:36:40.0542 5984 RasMan - ok
    10:36:40.0556 5984 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    10:36:40.0557 5984 RasPppoe - ok
    10:36:40.0585 5984 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    10:36:40.0587 5984 RasSstp - ok
    10:36:40.0602 5984 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
    10:36:40.0605 5984 rdbss - ok
    10:36:40.0619 5984 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
    10:36:40.0621 5984 rdpbus - ok
    10:36:40.0633 5984 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    10:36:40.0634 5984 RDPCDD - ok
    10:36:40.0643 5984 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    10:36:40.0643 5984 RDPENCDD - ok
    10:36:40.0653 5984 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    10:36:40.0653 5984 RDPREFMP - ok
    10:36:40.0670 5984 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
    10:36:40.0672 5984 RDPWD - ok
    10:36:40.0682 5984 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
    10:36:40.0685 5984 rdyboost - ok
    10:36:40.0717 5984 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
    10:36:40.0719 5984 RemoteAccess - ok
    10:36:40.0732 5984 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
    10:36:40.0735 5984 RemoteRegistry - ok
    10:36:40.0780 5984 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
    10:36:40.0782 5984 RFCOMM - ok
    10:36:40.0795 5984 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
    10:36:40.0797 5984 RpcEptMapper - ok
    10:36:40.0824 5984 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
    10:36:40.0825 5984 RpcLocator - ok
    10:36:40.0842 5984 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
    10:36:40.0845 5984 RpcSs - ok
    10:36:40.0900 5984 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    10:36:40.0901 5984 rspndr - ok
    10:36:40.0950 5984 RTL8192su (4629c5c4772d223b0ecd1ea8ba7a2a33) C:\Windows\system32\DRIVERS\RTL8192su.sys
    10:36:40.0957 5984 RTL8192su - ok
    10:36:40.0968 5984 SamSs (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
    10:36:40.0969 5984 SamSs - ok
    10:36:40.0988 5984 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
    10:36:40.0990 5984 sbp2port - ok
    10:36:41.0011 5984 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
    10:36:41.0014 5984 SCardSvr - ok
    10:36:41.0030 5984 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
    10:36:41.0031 5984 scfilter - ok
    10:36:41.0057 5984 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
    10:36:41.0068 5984 Schedule - ok
    10:36:41.0093 5984 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
    10:36:41.0094 5984 SCPolicySvc - ok
    10:36:41.0110 5984 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
    10:36:41.0113 5984 SDRSVC - ok
    10:36:41.0191 5984 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    10:36:41.0193 5984 SeaPort - ok
    10:36:41.0253 5984 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    10:36:41.0254 5984 secdrv - ok
    10:36:41.0276 5984 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
    10:36:41.0278 5984 seclogon - ok
    10:36:41.0310 5984 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
    10:36:41.0313 5984 SENS - ok
    10:36:41.0327 5984 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
    10:36:41.0330 5984 SensrSvc - ok
    10:36:41.0363 5984 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
    10:36:41.0364 5984 Serenum - ok
    10:36:41.0396 5984 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
    10:36:41.0398 5984 Serial - ok
    10:36:41.0432 5984 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
    10:36:41.0433 5984 sermouse - ok
    10:36:41.0458 5984 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
    10:36:41.0460 5984 SessionEnv - ok
    10:36:41.0467 5984 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
    10:36:41.0468 5984 sffdisk - ok
    10:36:41.0484 5984 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
    10:36:41.0485 5984 sffp_mmc - ok
    10:36:41.0493 5984 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
    10:36:41.0494 5984 sffp_sd - ok
    10:36:41.0524 5984 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
    10:36:41.0525 5984 sfloppy - ok
    10:36:41.0602 5984 Sftfs (d5183ed285d2795491dc15bddcbee5ad) C:\Windows\system32\DRIVERS\Sftfslh.sys
    10:36:41.0609 5984 Sftfs - ok
    10:36:41.0673 5984 sftlist (bfdb58616ff5ea540a5f58301d50641e) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    10:36:41.0677 5984 sftlist - ok
    10:36:41.0689 5984 Sftplay (00f118b68c50d2206dd51634f9142b83) C:\Windows\system32\DRIVERS\Sftplaylh.sys
    10:36:41.0692 5984 Sftplay - ok
    10:36:41.0705 5984 Sftredir (76a827df5640bfe16a0cdbb4108adeca) C:\Windows\system32\DRIVERS\Sftredirlh.sys
    10:36:41.0706 5984 Sftredir - ok
    10:36:41.0713 5984 Sftvol (1b4c9701645086bab8cafffce30ed284) C:\Windows\system32\DRIVERS\Sftvollh.sys
    10:36:41.0714 5984 Sftvol - ok
    10:36:41.0730 5984 sftvsa (b94c3c4dca2093243c76ca218ede2a97) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    10:36:41.0732 5984 sftvsa - ok
    10:36:41.0766 5984 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
    10:36:41.0769 5984 SharedAccess - ok
    10:36:41.0801 5984 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
    10:36:41.0805 5984 ShellHWDetection - ok
    10:36:41.0859 5984 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
    10:36:41.0860 5984 SiSRaid2 - ok
    10:36:41.0880 5984 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
    10:36:41.0881 5984 SiSRaid4 - ok
    10:36:41.0909 5984 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    10:36:41.0910 5984 Smb - ok
    10:36:41.0943 5984 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
    10:36:41.0944 5984 SNMPTRAP - ok
    10:36:41.0952 5984 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    10:36:41.0953 5984 spldr - ok
    10:36:41.0976 5984 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
    10:36:41.0981 5984 Spooler - ok
    10:36:42.0054 5984 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
    10:36:42.0112 5984 sppsvc - ok
    10:36:42.0126 5984 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
    10:36:42.0128 5984 sppuinotify - ok
    10:36:42.0146 5984 srv (2098b8556d1cec2aca9a29cd479e3692) C:\Windows\system32\DRIVERS\srv.sys
    10:36:42.0150 5984 srv - ok
    10:36:42.0160 5984 srv2 (d0f73a42040f21f92fd314b42ac5c9e7) C:\Windows\system32\DRIVERS\srv2.sys
    10:36:42.0164 5984 srv2 - ok
    10:36:42.0186 5984 srvnet (2ba8f3250828ccdb4204ecf2c6f40b6a) C:\Windows\system32\DRIVERS\srvnet.sys
    10:36:42.0188 5984 srvnet - ok
    10:36:42.0221 5984 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
    10:36:42.0224 5984 SSDPSRV - ok
    10:36:42.0236 5984 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
    10:36:42.0239 5984 SstpSvc - ok
    10:36:42.0258 5984 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
    10:36:42.0259 5984 stexstor - ok
    10:36:42.0298 5984 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
    10:36:42.0304 5984 stisvc - ok
    10:36:42.0319 5984 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
    10:36:42.0320 5984 swenum - ok
    10:36:42.0362 5984 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
    10:36:42.0367 5984 swprv - ok
    10:36:42.0399 5984 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
    10:36:42.0425 5984 SysMain - ok
    10:36:42.0439 5984 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
    10:36:42.0441 5984 TabletInputService - ok
    10:36:42.0627 5984 TabletServicePen (5f5ac85de73fd25ad36bf591185ec009) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
    10:36:42.0703 5984 TabletServicePen - ok
    10:36:42.0714 5984 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
    10:36:42.0718 5984 TapiSrv - ok
    10:36:42.0732 5984 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
    10:36:42.0734 5984 TBS - ok
    10:36:42.0814 5984 Tcpip (dc08410db2d0cc542dacac7a90e6cb7a) C:\Windows\system32\drivers\tcpip.sys
    10:36:42.0846 5984 Tcpip - ok
    10:36:42.0876 5984 TCPIP6 (dc08410db2d0cc542dacac7a90e6cb7a) C:\Windows\system32\DRIVERS\tcpip.sys
    10:36:42.0885 5984 TCPIP6 - ok
    10:36:42.0919 5984 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
    10:36:42.0920 5984 tcpipreg - ok
    10:36:42.0935 5984 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    10:36:42.0936 5984 TDPIPE - ok
    10:36:42.0949 5984 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
    10:36:42.0949 5984 TDTCP - ok
    10:36:42.0981 5984 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
    10:36:42.0983 5984 tdx - ok
    10:36:43.0017 5984 teamviewervpn (f5520dbb47c60ee83024b38720abda24) C:\Windows\system32\DRIVERS\teamviewervpn.sys
    10:36:43.0018 5984 teamviewervpn - ok
    10:36:43.0038 5984 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
    10:36:43.0039 5984 TermDD - ok
    10:36:43.0073 5984 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
    10:36:43.0080 5984 TermService - ok
    10:36:43.0099 5984 TfFsMon - ok
    10:36:43.0107 5984 TfNetMon - ok
    10:36:43.0129 5984 TFSysMon - ok
    10:36:43.0151 5984 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
    10:36:43.0152 5984 Themes - ok
    10:36:43.0170 5984 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
    10:36:43.0171 5984 THREADORDER - ok
    10:36:43.0298 5984 TouchServicePen (7446e9d669a3b747bc4d11a82f69a5ed) C:\Program Files\Tablet\Pen\Pen_TouchService.exe
    10:36:43.0303 5984 TouchServicePen - ok
    10:36:43.0334 5984 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
    10:36:43.0336 5984 TrkWks - ok
    10:36:43.0373 5984 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
    10:36:43.0376 5984 TrustedInstaller - ok
    10:36:43.0410 5984 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
    10:36:43.0411 5984 tssecsrv - ok
    10:36:43.0449 5984 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
    10:36:43.0450 5984 TsUsbFlt - ok
    10:36:43.0457 5984 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
    10:36:43.0458 5984 TsUsbGD - ok
    10:36:43.0489 5984 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
    10:36:43.0490 5984 tunnel - ok
    10:36:43.0506 5984 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
    10:36:43.0507 5984 uagp35 - ok
    10:36:43.0531 5984 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
    10:36:43.0534 5984 udfs - ok
    10:36:43.0618 5984 UDisk Monitor (0d67464ec74b460aa57c9ffa45e181db) C:\Program Files\Modem AC2726 UI\bin\MonServiceUDisk64.exe
    10:36:43.0622 5984 UDisk Monitor - ok
    10:36:43.0669 5984 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
    10:36:43.0671 5984 UI0Detect - ok
    10:36:43.0715 5984 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
    10:36:43.0716 5984 uliagpkx - ok
    10:36:43.0743 5984 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
    10:36:43.0744 5984 umbus - ok
    10:36:43.0759 5984 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
    10:36:43.0760 5984 UmPass - ok
    10:36:43.0867 5984 UNS (e419566c7918a4c8e9497afbd502fb2a) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    10:36:43.0906 5984 UNS - ok
    10:36:43.0935 5984 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
    10:36:43.0939 5984 upnphost - ok
    10:36:43.0995 5984 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
    10:36:43.0996 5984 usbaudio - ok
    10:36:44.0026 5984 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\DRIVERS\usbccgp.sys
    10:36:44.0028 5984 usbccgp - ok
    10:36:44.0046 5984 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
    10:36:44.0048 5984 usbcir - ok
    10:36:44.0061 5984 usbehci (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\DRIVERS\usbehci.sys
    10:36:44.0063 5984 usbehci - ok
    10:36:44.0080 5984 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\DRIVERS\usbhub.sys
    10:36:44.0084 5984 usbhub - ok
    10:36:44.0093 5984 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys
    10:36:44.0093 5984 usbohci - ok
    10:36:44.0130 5984 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    10:36:44.0131 5984 usbprint - ok
    10:36:44.0207 5984 USBS3S4Detection (b5e6c4f280ebf0b16f74a5b415f2e0df) C:\OEM\USBDECTION\USBS3S4Detection.exe
    10:36:44.0216 5984 USBS3S4Detection - ok
    10:36:44.0254 5984 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
    10:36:44.0256 5984 usbscan - ok
    10:36:44.0274 5984 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    10:36:44.0276 5984 USBSTOR - ok
    10:36:44.0307 5984 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys
    10:36:44.0308 5984 usbuhci - ok
    10:36:44.0342 5984 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
    10:36:44.0344 5984 usbvideo - ok
    10:36:44.0367 5984 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
    10:36:44.0369 5984 UxSms - ok
    10:36:44.0401 5984 VaultSvc (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
    10:36:44.0402 5984 VaultSvc - ok
    10:36:44.0441 5984 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
    10:36:44.0442 5984 vdrvroot - ok
    10:36:44.0462 5984 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
    10:36:44.0468 5984 vds - ok
    10:36:44.0484 5984 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    10:36:44.0485 5984 vga - ok
    10:36:44.0499 5984 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    10:36:44.0500 5984 VgaSave - ok
    10:36:44.0515 5984 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
    10:36:44.0518 5984 vhdmp - ok
    10:36:44.0543 5984 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
    10:36:44.0543 5984 viaide - ok
    10:36:44.0563 5984 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
    10:36:44.0565 5984 volmgr - ok
    10:36:44.0584 5984 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
    10:36:44.0587 5984 volmgrx - ok
    10:36:44.0603 5984 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
    10:36:44.0606 5984 volsnap - ok
    10:36:44.0638 5984 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
    10:36:44.0640 5984 vsmraid - ok
    10:36:44.0685 5984 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
    10:36:44.0711 5984 VSS - ok
    10:36:44.0723 5984 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
    10:36:44.0724 5984 vwifibus - ok
    10:36:44.0758 5984 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
    10:36:44.0760 5984 vwififlt - ok
    10:36:44.0798 5984 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
    10:36:44.0803 5984 W32Time - ok
    10:36:44.0836 5984 wacmoumonitor (43ce14e1e17da81ea71dfe686805ed07) C:\Windows\system32\DRIVERS\wacmoumonitor.sys
    10:36:44.0837 5984 wacmoumonitor - ok
    10:36:44.0880 5984 wacommousefilter (e04d43c7d1641e95d35cae6086c7e350) C:\Windows\system32\DRIVERS\wacommousefilter.sys
    10:36:44.0881 5984 wacommousefilter - ok
    10:36:44.0894 5984 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
    10:36:44.0895 5984 WacomPen - ok
    10:36:44.0950 5984 wacomvhid (ec1ceb237e365330c1fcfc4876aa0ac0) C:\Windows\system32\DRIVERS\wacomvhid.sys
    10:36:44.0951 5984 wacomvhid - ok
    10:36:44.0979 5984 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    10:36:44.0980 5984 WANARP - ok
    10:36:44.0995 5984 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    10:36:44.0996 5984 Wanarpv6 - ok
    10:36:45.0042 5984 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
    10:36:45.0074 5984 wbengine - ok
    10:36:45.0109 5984 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
    10:36:45.0112 5984 WbioSrvc - ok
    10:36:45.0131 5984 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
    10:36:45.0135 5984 wcncsvc - ok
    10:36:45.0151 5984 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
    10:36:45.0153 5984 WcsPlugInService - ok
    10:36:45.0175 5984 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
    10:36:45.0176 5984 Wd - ok
    10:36:45.0203 5984 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    10:36:45.0208 5984 Wdf01000 - ok
    10:36:45.0225 5984 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    10:36:45.0227 5984 WdiServiceHost - ok
    10:36:45.0230 5984 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
    10:36:45.0232 5984 WdiSystemHost - ok
    10:36:45.0245 5984 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
    10:36:45.0248 5984 WebClient - ok
    10:36:45.0263 5984 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
    10:36:45.0266 5984 Wecsvc - ok
    10:36:45.0284 5984 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
    10:36:45.0286 5984 wercplsupport - ok
    10:36:45.0317 5984 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
    10:36:45.0319 5984 WerSvc - ok
    10:36:45.0363 5984 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    10:36:45.0364 5984 WfpLwf - ok
    10:36:45.0380 5984 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    10:36:45.0381 5984 WIMMount - ok
    10:36:45.0419 5984 WinDefend - ok
    10:36:45.0426 5984 WinHttpAutoProxySvc - ok
    10:36:45.0467 5984 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
    10:36:45.0472 5984 Winmgmt - ok
    10:36:45.0520 5984 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
    10:36:45.0553 5984 WinRM - ok
    10:36:45.0613 5984 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
    10:36:45.0632 5984 Wlansvc - ok
    10:36:45.0678 5984 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
    10:36:45.0679 5984 wlcrasvc - ok
    10:36:45.0779 5984 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    10:36:45.0811 5984 wlidsvc - ok
    10:36:45.0905 5984 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
    10:36:45.0906 5984 WmiAcpi - ok
    10:36:45.0946 5984 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
    10:36:45.0948 5984 wmiApSrv - ok
    10:36:45.0984 5984 WMPNetworkSvc - ok
    10:36:46.0028 5984 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
    10:36:46.0030 5984 WPCSvc - ok
    10:36:46.0048 5984 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
    10:36:46.0050 5984 WPDBusEnum - ok
    10:36:46.0090 5984 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    10:36:46.0091 5984 ws2ifsl - ok
    10:36:46.0105 5984 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
    10:36:46.0107 5984 wscsvc - ok
    10:36:46.0114 5984 WSearch - ok
    10:36:46.0154 5984 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
    10:36:46.0190 5984 wuauserv - ok
    10:36:46.0209 5984 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
    10:36:46.0211 5984 WudfPf - ok
    10:36:46.0239 5984 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
    10:36:46.0242 5984 WUDFRd - ok
    10:36:46.0259 5984 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
    10:36:46.0261 5984 wudfsvc - ok
    10:36:46.0278 5984 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
    10:36:46.0306 5984 WwanSvc - ok
    10:36:46.0364 5984 ztemtusbser (abea67f122d25a0b1e0f7c0abeeca069) C:\Windows\system32\DRIVERS\CT_ZTEMT_U_USBSER.sys
    10:36:46.0366 5984 ztemtusbser - ok
    10:36:46.0419 5984 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
    10:36:46.0474 5984 \Device\Harddisk0\DR0 - ok
    10:36:46.0477 5984 Boot (0x1200) (4831db8892bb992461affe3a7b8ae636) \Device\Harddisk0\DR0\Partition0
    10:36:46.0478 5984 \Device\Harddisk0\DR0\Partition0 - ok
    10:36:46.0487 5984 Boot (0x1200) (fca6d84c7c6c5cb0efc5660912b1e73b) \Device\Harddisk0\DR0\Partition1
    10:36:46.0488 5984 \Device\Harddisk0\DR0\Partition1 - ok
    10:36:46.0507 5984 Boot (0x1200) (64efd5c996e6e10bd4aad6518ad9e2fa) \Device\Harddisk0\DR0\Partition2
    10:36:46.0508 5984 \Device\Harddisk0\DR0\Partition2 - ok
    10:36:46.0508 5984 ============================================================
    10:36:46.0508 5984 Scan finished
    10:36:46.0508 5984 ============================================================
    10:36:46.0517 3908 Detected object count: 0
    10:36:46.0517 3908 Actual detected object count: 0

    even the report said the date and time: Apr 3 2012 13:42:32
    but, the filename said timeTDSSKiller.2.7.25.0_04.04.2012_10.36.13_log
    and the window said date modified 04/04/2012 10:36 which is this is my current time.. should I re-scan again? I won't rescan or do anything unless you told me so
  10. Broni

    Broni Malware Annihilator Posts: 46,164   +251

    You did fine.

    Download the FixTDSS.exe

    Save the file to your Windows desktop.
    Close all running programs.
    If you are running Windows XP, turn off System Restore. How to turn off or turn on Windows XP System Restore
    Double-click the FixTDSS.exe file to start the removal tool.
    Click Start to begin the process, and then allow the tool to run.
    OK any security prompts.
    Restart the computer when prompted by the tool.
    After the computer has started, the tool will inform you of the state of infection (make sure to let me know what it said)
    If you are running Windows XP, re-enable System Restore.
  11. Razer

    Razer TechSpot Enthusiast Topic Starter Posts: 131   +11

    before I'm running FixTDSS.exe, should I turn off system restore? I'm using win 7 64bit

    and I'm running Comodo internet security, emsisoft antimalware, and MBAM pro
    but, every instructions you given, I'm always disable all protection before running/executions
     
  12. Broni

    Broni Malware Annihilator Posts: 46,164   +251

    No. As it says it's only Windows XP case.
  13. Razer

    Razer TechSpot Enthusiast Topic Starter Posts: 131   +11

    after I double-clicked FixTDSS.exe, the tool asked to restart, I click OK, then the system restart, after system restart, the tool inform me this:

    TDSS Fixtool 2.1.3
    Scan results:
    No infections were found
  14. Broni

    Broni Malware Annihilator Posts: 46,164   +251

    Very good.
    That's all I needed to know.

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  15. Razer

    Razer TechSpot Enthusiast Topic Starter Posts: 131   +11

    sorry, to make you waiting..
    I need time to read it carefully, when I'm start running combofix, it said that I had antivir desktop is still running.. well, I don't use it right now (I'm using comodo internet security, Emsisoft, and MBAM) but, I WAS using it before, and had it uninstalled..
    Now, I'm using appremover, and it's still scanning.. I'll execute combofix right after Appremover is done.
  16. Broni

    Broni Malware Annihilator Posts: 46,164   +251

    If after that Combofix still warns you about Avira disregard that warning.
  17. Razer

    Razer TechSpot Enthusiast Topic Starter Posts: 131   +11

    Broni, something happen to my PC after running Combofix! Help, I'm really panic right now.. after reebot, now, my pc can't run anything, except explorer..

    this is what happen:
    appremover couldn't find any avira left trace, so I continue running combofix

    in the middle running combofix, I left my pc, because I need to the bathroom..
    when, I'm back, i found my PC in the middle of rebooting automatically..
    then, when booting, before enter windows it showing message:

    "sasnative 64 program not found, skipping autocheck"

    then, when enter window, combofix dialog box said dont run any programs until it finished make log report

    after log report is showing, now I can't running anything except explorer.
    There is always a message "registry key that has been marked for deletion" when running anything..

    now, I can't post my log, but, I can tell you the size of log 44kb (size on disk 48)

    I'm sorry I don't understand what it means in the log, but there's a long list of "Locked registry keys" it fills up about 2/3 of the log (based on scroll)

    but, what make me more panic is: the last line from the log, it said
    completion time 2012-04-05 03:06:19
    quarantined-files-text 2012-04-04 20:06
    pre-run 137.102.704.640 bytes free
    post-run: 151.978.639.360 bytes free

    plus I cannot run any document..

    based on the space size, this means the drive is freed a HUGE amount of data, this is what I fear most, does it mean I lost that very much data? and it's said I can't run any document, since it said illegal operation attempted on a registry key that has been marked for deletion, does it mean that data has been deleted? What happen to my PC? is it alright?

    There are lot of my father's work in drive C (mostly in my document folder), and I can't afford to lose it, since there is NO any single backup..

    right now, I'm using laptop, and my PC that after running combofix is still running (turned on) I won't shut it down until I know it's fine, because I'm totally scared, shut it down could bring catastrophic disaster to my files.. now, I'm totally in panic..

    My apologies if I use impolite words/sentences, since I'm in panic..
  18. Broni

    Broni Malware Annihilator Posts: 46,164   +251

    You didn't read my instructions carefully enough.
    Restart computer to fix the issue.
     
  19. Razer

    Razer TechSpot Enthusiast Topic Starter Posts: 131   +11

    My apologies, I think I miss that, because I'm more focusing how to running the combofix properly in order to prevent unpredictable results..

    I'm sorry, because I'm panicked..

    here is the Combofix log

    ComboFix 12-04-04.02 - Razhar 05/04/2012 2:52.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.62.1033.18.1992.854 [GMT 7:00]
    Running from: c:\users\Razhar\Desktop\ComboFix.exe
    AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
    SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
    c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
    c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
    c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
    c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
    c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
    c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
    c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
    c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
    c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
    c:\program files (x86)\Mozilla Firefox\Plugins\npqtplugin6.dll
    c:\program files (x86)\Mozilla Firefox\Plugins\npqtplugin7.dll
    c:\program files (x86)\QuickTime\Plugins\npqtplugin2.dll
    c:\program files (x86)\QuickTime\Plugins\npqtplugin3.dll
    c:\program files (x86)\QuickTime\Plugins\npqtplugin4.dll
    c:\program files (x86)\QuickTime\Plugins\npqtplugin5.dll
    c:\program files (x86)\QuickTime\Plugins\npqtplugin6.dll
    c:\program files (x86)\QuickTime\Plugins\npqtplugin7.dll
    c:\windows\17425030.exe
    c:\windows\RazorDOX
    c:\windows\RazorDOX\RazorDOX.dll
    c:\windows\RazorDOX\RazorDOX.ini
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_KXESCORE
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-03-04 to 2012-04-04 )))))))))))))))))))))))))))))))
    .
    .
    2012-04-04 19:58 . 2012-04-04 19:58 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-04-04 15:00 . 2012-04-04 15:00 -------- d-----w- c:\users\Razhar\Salitykiller2012
    2012-04-03 13:42 . 2012-04-03 13:42 -------- d-----w- c:\program files\Recuva
    2012-04-02 21:13 . 2012-04-02 21:46 -------- d-----w- c:\program files (x86)\Trojan Remover
    2012-04-02 16:32 . 2012-04-02 20:59 -------- d-----w- c:\program files (x86)\PC Tools Security
    2012-04-02 12:03 . 2012-04-02 12:03 0 ----a-w- c:\windows\SysWow64\sho31F9.tmp
    2012-04-02 10:55 . 2012-04-02 10:55 -------- d-----w- c:\windows\Digital Rescue 4 Premium
    2012-04-02 09:00 . 2012-04-02 15:40 -------- dc----w- c:\windows\system32\DRVSTORE
    2012-04-02 08:40 . 2012-04-02 08:40 -------- d-----w- c:\program files\Diskeeper Corporation
    2012-04-01 20:08 . 2012-04-02 18:57 -------- d-----w- c:\program files\CCleaner
    2012-04-01 16:00 . 2012-04-01 16:56 -------- d-----w- c:\users\Razhar\AppData\Roaming\TeamViewer
    2012-04-01 15:52 . 2011-12-16 15:53 35112 ----a-w- c:\windows\system32\drivers\teamviewervpn.sys
    2012-04-01 15:52 . 2012-04-01 15:52 -------- d-----w- c:\program files (x86)\TeamViewer
    2012-04-01 13:58 . 2012-04-01 13:58 0 ----a-w- c:\windows\SysWow64\sho3708.tmp
    2012-04-01 08:17 . 2012-04-01 08:17 -------- d-----w- c:\programdata\WEBREG
    2012-04-01 08:17 . 2012-04-01 08:21 -------- d-----w- c:\users\Razhar\AppData\Roaming\HP
    2012-04-01 08:16 . 2012-04-01 08:16 -------- d-----w- c:\users\Razhar\AppData\Local\HP
    2012-04-01 08:13 . 2012-04-01 08:13 -------- d-----w- c:\programdata\HP Product Assistant
    2012-04-01 08:12 . 2012-04-01 08:12 -------- d-----w- c:\program files (x86)\Common Files\Hewlett-Packard
    2012-04-01 08:12 . 2012-04-01 08:12 -------- d-----w- c:\program files (x86)\Common Files\HP
    2012-04-01 08:11 . 2012-04-01 08:14 -------- d-----w- c:\program files (x86)\HP
    2012-04-01 08:09 . 2012-04-01 08:21 -------- d-----w- c:\programdata\HP
    2012-04-01 08:09 . 2009-07-08 10:51 642360 ----a-w- c:\windows\system32\hpzids40.dll
    2012-04-01 08:09 . 2009-07-08 10:51 861184 ----a-w- c:\windows\system32\hpowiav1.dll
    2012-04-01 08:09 . 2009-07-08 10:51 730624 ----a-w- c:\windows\system32\hpotscl1.dll
    2012-04-01 08:09 . 2009-07-08 10:51 498176 ----a-w- c:\windows\system32\hpovst01.dll
    2012-04-01 08:00 . 2012-04-01 08:00 -------- d-----w- c:\users\Razhar\AppData\Roaming\Babylon
    2012-04-01 08:00 . 2012-04-01 08:00 -------- d-----w- c:\programdata\Babylon
    2012-03-16 08:15 . 2012-03-16 08:15 -------- d-----w- c:\users\Razhar\AppData\Roaming\Registry Mechanic
    2012-03-16 08:09 . 2011-12-12 07:07 512472 ----a-w- c:\windows\SysWow64\msxml.dll
    2012-03-16 08:09 . 2011-12-12 07:07 40408 ----a-w- c:\windows\system32\CleanMFT64.exe
    2012-03-16 08:09 . 2008-09-17 15:17 658432 ----a-w- c:\windows\SysWow64\MSCOMCT2.OCX
    2012-03-16 08:09 . 2008-04-02 09:54 1101824 ----a-w- c:\windows\SysWow64\UniBox210.ocx
    2012-03-16 08:09 . 2008-04-02 09:53 212992 ----a-w- c:\windows\SysWow64\UniBoxVB12.ocx
    2012-03-16 08:09 . 2008-04-02 09:53 880640 ----a-w- c:\windows\SysWow64\UniBox10.ocx
    2012-03-16 07:47 . 2012-04-02 20:12 -------- d-----w- c:\programdata\PC Tools
    2012-03-16 07:47 . 2012-03-16 07:47 -------- d-----w- c:\users\Razhar\AppData\Roaming\Product_RM
    2012-03-16 07:23 . 2011-03-15 04:10 44544 ----a-w- c:\windows\SysWow64\msxml4a.dll
    2012-03-16 07:23 . 2011-02-04 13:32 108056 ----a-w- c:\windows\SysWow64\drivers\PCTDMDefrag.sys
    2012-03-16 06:25 . 2012-03-16 06:25 0 ----a-w- c:\windows\SysWow64\sho4CBA.tmp
    2012-03-15 18:50 . 2012-03-23 11:48 -------- d-----w- c:\programdata\Comodo
    2012-03-15 18:45 . 2012-03-23 15:23 -------- d-----w- c:\users\Razhar\AppData\Local\Comodo
    2012-03-15 18:25 . 2012-03-31 19:37 -------- d-----w- c:\programdata\CPA_VA
    2012-03-15 18:16 . 2012-03-29 18:20 -------- d-----w- c:\program files (x86)\Comodo
    2012-03-15 15:31 . 2012-03-15 15:31 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-03-15 15:31 . 2011-12-10 08:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-03-15 10:09 . 2012-01-16 09:28 149456 ----a-w- c:\windows\SGDetectionTool.dll0352.old
    2012-03-15 10:09 . 2012-01-16 09:28 2246608 ----a-w- c:\windows\PCTBDCore.dll0352.old
    2012-03-15 10:09 . 2012-01-16 09:28 767952 ----a-w- c:\windows\BDTSupport.dll0352.old
    2012-03-13 11:20 . 2012-03-27 08:49 -------- d-----w- c:\users\Razhar\AppData\Local\ElevatedDiagnostics
    2012-03-13 09:50 . 2012-03-13 09:50 -------- d-----w- c:\users\Razhar\AppData\Local\Apps
    2012-03-12 09:58 . 2012-03-12 09:58 1409 ----a-w- c:\windows\QTFont.for
    2012-03-11 18:42 . 2012-03-29 13:18 -------- d-----w- c:\users\Razhar\AppData\Roaming\runic games
    2012-03-11 14:13 . 2012-03-11 14:13 577824 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
    2012-03-11 14:13 . 2012-03-11 14:13 43248 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
    2012-03-11 14:13 . 2012-03-11 14:13 22696 ----a-w- c:\windows\system32\drivers\cmderd.sys
    2012-03-11 14:13 . 2012-03-11 14:13 41200 ----a-w- c:\windows\system32\cmdcsr.dll
    2012-03-11 14:13 . 2012-03-11 14:13 301224 ----a-w- c:\windows\SysWow64\guard32.dll
    2012-03-11 14:13 . 2012-03-11 14:13 389840 ----a-w- c:\windows\system32\guard64.dll
    2012-03-11 06:14 . 2012-03-11 06:14 -------- d-----w- c:\users\Razhar\AppData\Roaming\isoburnerdata
    2012-03-10 14:24 . 2012-03-10 14:24 -------- d-----w- c:\users\Razhar\AppData\Roaming\PCTools
    2012-03-10 11:50 . 2012-03-10 11:50 -------- d-----w- c:\users\Razhar\AppData\Roaming\PC Tools
    2012-03-10 07:13 . 2012-03-10 07:13 -------- d-----w- c:\users\Razhar\AppData\Roaming\Malwarebytes
    2012-03-10 07:13 . 2012-03-10 07:13 -------- d-----w- c:\programdata\Malwarebytes
    2012-03-10 06:07 . 2012-03-16 08:09 -------- d-----w- c:\program files (x86)\PC Tools
    2012-03-09 19:37 . 2012-04-02 20:12 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
    2012-03-09 19:37 . 2012-02-24 03:36 230952 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
    2012-03-09 19:00 . 2012-03-09 19:00 -------- d-----w- c:\users\Razhar\AppData\Roaming\TestApp
    2012-03-09 06:24 . 2012-03-09 06:24 -------- d-----w- c:\programdata\Local Settings
    2012-03-08 16:48 . 2012-03-08 16:48 0 ----a-w- c:\windows\SysWow64\shoFFB3.tmp
    2012-03-06 10:50 . 2012-03-06 10:50 -------- d-----w- c:\users\Razhar\AppData\Roaming\Apple Computer
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-03-29 18:12 . 2011-09-16 08:26 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-03-12 10:42 . 2011-07-13 07:03 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
    2012-03-12 10:42 . 2011-07-13 07:03 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
    2012-03-12 10:42 . 2011-07-13 07:03 29480 ----a-w- c:\windows\SysWow64\msxml3a.dll
    2012-02-03 12:27 . 2012-02-03 12:27 93200 ----a-w- c:\windows\system32\drivers\inspect.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SM?RT-Protection"="c:\program files (x86)\Smadav\SM?RTP.exe" [?]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
    "THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" [2010-11-01 1374720]
    "Hotkey Utility"="c:\program files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe" [2011-01-19 620136]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-02 87336]
    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
    "SSDMonitor"="c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2011-12-12 103896]
    "emsisoft anti-malware"="c:\program files (x86)\emsisoft anti-malware\a2guard.exe" [2012-02-01 3357584]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ rmslt.nt\0autocheck autochk *\0autocheck sasnative64
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
    R0 TFSysMon;TFSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
    R2 ATE_PROCMON;ATE_PROCMON;c:\program files (x86)\Anti Trojan Elite\ATEPMon.sys [x]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [x]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 253600]
    R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
    R3 cpuz134;cpuz134;c:\program files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys [2010-07-09 21480]
    R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
    R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
    R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-12-28 1431888]
    R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    R3 HSPADataCardusbmdm;HSPADataCard Proprietary USB Driver;c:\windows\system32\DRIVERS\HSPADataCardusbmdm.sys [x]
    R3 HSPADataCardusbnmea;HSPADataCard NMEA Port;c:\windows\system32\DRIVERS\HSPADataCardusbnmea.sys [x]
    R3 HSPADataCardusbser;HSPADataCard Diagnostic Port;c:\windows\system32\DRIVERS\HSPADataCardusbser.sys [x]
    R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
    R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
    R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [x]
    R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
    R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [x]
    R3 ztemtusbser;ZTEMT Legacy Serial Communication;c:\windows\system32\DRIVERS\CT_ZTEMT_U_USBSER.sys [x]
    R4 mi-raysat_3dsmax2012_64;mental ray 3.9 Satellite for Autodesk 3ds Max 2012 64-bit - English 64-bit;c:\program files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [2012-04-02 86016]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2011-05-19 23208]
    S1 a2injectiondriver;a2injectiondriver;c:\program files (x86)\Emsisoft Anti-Malware\a2dix64.sys [2011-11-02 41728]
    S1 a2util;a-squared Malware-IDS utility driver;c:\program files (x86)\Emsisoft Anti-Malware\a2util64.sys [2010-05-05 14720]
    S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [x]
    S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]
    S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe [2012-01-22 3025112]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-27 821664]
    S2 DragonUpdater;COMODO Dragon Update Service;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe [2012-03-28 407288]
    S2 GREGService;GREGService;c:\program files (x86)\Gateway\Registration\GREGsvc.exe [2010-01-08 23584]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
    S2 Live Updater Service;Live Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2011-01-31 244624]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
    S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
    S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2011-12-12 793048]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-02 483688]
    S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2010-10-21 5790064]
    S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2010-10-21 487280]
    S2 UDisk Monitor;UDisk Monitor;c:\program files\Modem AC2726 UI\bin\MonServiceUDisk64.exe [2009-09-23 407040]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
    S2 USBS3S4Detection;USBS3S4Detection;c:\oem\USBDECTION\USBS3S4Detection.exe [2009-12-09 76320]
    S3 a2acc;a2acc;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [2011-11-02 63880]
    S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
    S3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [x]
    S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
    S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys [x]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-02 209768]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-04-04 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 18:12]
    .
    2012-04-04 c:\windows\Tasks\SDMsgUpdate (TE).job
    - c:\progra~2\SMARTD~1\Messages\SDNotify.exe [2011-12-04 00:29]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-10-06 166936]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-10-06 391704]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2010-10-06 416792]
    "THXCfg64"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-12-13 13374568]
    "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 9569096]
    "combofix"="c:\combofix\CF7806.3XE" [2010-11-21 345088]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x1
    "AppInit_DLLs"=c:\windows\System32\guard64.dll
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = my.daemon-search.com
    mStart Page = hxxp://gateway.msn.com
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: &Download by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/201
    IE: &Grab video by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/204
    IE: Do&wnload selected by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/203
    IE: Down&load all by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/202
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
    FF - ProfilePath - c:\users\Razhar\AppData\Roaming\Mozilla\Firefox\Profiles\o2c60my7.default\
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Wow6432Node-HKLM-Run-Adobe Reader Speed Launcher - c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
    Wow6432Node-HKLM-Explorer_Run-15354 - c:\progra~3\LOCALS~1\Temp\msaeod.cmd
    Toolbar-Locked - (no file)
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 4.032"
    .
    [HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 4.abr"
    .
    [HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 4.ani"
    .
    [HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 4.apd"
    .
    [HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 4.arw"
    .
    [HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 4.bay"
    .
    [HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 4.bmp"
    .
    [HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 4.bw"
    .
    [HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 4.cr2"
    .
    [HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 4.crw"
    .
    [HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 4.cs1"
    .
    [HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 4.cur"
    .
    [HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 4.dcr"
    .
    [HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 4.dcx"
    .
    [HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 4.dib"
    .
    [HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 4.djv"
    .
    [HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 4.djvu"
    .
    [HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 4.dng"
    .
    [HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 4.emf"
    .
    [HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 4.eps"
    .
    [HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 4.erf"
    .
    [HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 4.fff"
    .
    [HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 4.fpx"
    .
    [HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 4.gif"
    .
    [HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 4.hdr"
    .
    [HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 4.icl"
    .
    [HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 4.icn"
    .
    [HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
    @Denied: (2) (S-1-5-21-2140435408-939192104-1354380877-1000)
    @Denied: (2) (LocalSystem)
    "Progid"="Winamp.File.iff"
    .
    [HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 4.ilbm"
    .
    [HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 4.int"
    .
    [HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 4.inta"
    .
    [HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 4.iw4"
    .
    [HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 4.j2c"
    .
    [HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 4.j2k"
    .
    [HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 4.jbr"
    .
    [HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 4.jfif"
    .
    [HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 4.jif"
    .
    [HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 4.jp2"
    .
    [HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 4.jpc"
    .
    [HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 4.jpe"
    .
    [HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 4.jpeg"
    .
    [HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 4.jpg"
    .
    [HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 4.jpk"
    .
    [HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 4.jpx"
    .
    [HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 4.kdc"
    .
    [HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 4.lbm"
    .
    [HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 4.mef"
    .
    [HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 4.mos"
    .
    [HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 4.mrw"
    .
    [HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 4.nef"
    .
    [HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 4.nrw"
    .
    [HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 4.orf"
    .
    [HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 4.pbm"
    .
    [HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 4.pbr"
    .
    [HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 4.pcd"
    .
    [HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 4.pct"
    .
    [HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 4.pcx"
    .
    [HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 4.pef"
    .
    [HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 4.pgm"
    .
    [HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 4.pic"
    .
    [HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 4.pict"
    .
    [HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 4.pix"
    .
    [HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 4.png"
    .
    [HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 4.ppm"
    .
    [HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 4.psd"
    .
    [HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 4.psp"
    .
    [HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 4.pspbrush"
    .
    [HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 4.pspimage"
    .
    [HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 4.raf"
    .
    [HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 4.ras"
    .
    [HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
    @Denied: (2) (S-1-5-21-2140435408-939192104-1354380877-1000)
    @Denied: (2) (LocalSystem)
    "Progid"="Winamp.File.raw"
    .
    [HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 4.rgb"
    .
    [HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 4.rgba"
    .
    [HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 4.rle"
    .
    [HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 4.rsb"
    .
    [HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 4.rw2"
    .
    [HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 4.rwl"
    .
    [HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 4.sgi"
    .
    [HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 4.sr2"
    .
    [HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 4.srf"
    .
    [HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srw\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 4.srw"
    .
    [HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 4.tga"
    .
    [HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 4.thm"
    .
    [HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 4.tif"
    .
    [HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 4.tiff"
    .
    [HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 4.ttc"
    .
    [HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 4.ttf"
    .
    [HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v40po\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 4.v40po"
    .
    [HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v40pp\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 4.v40pp"
    .
    [HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v40ppf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 4.v40ppf"
    .
    [HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 4.wbm"
    .
    [HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 4.wbmp"
    .
    [HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 4.wmf"
    .
    [HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 4.xbm"
    .
    [HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 4.xif"
    .
    [HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 4.xmp"
    .
    [HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ACDSee Pro 4.xpm"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
    c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    .
    **************************************************************************
    .
    Completion time: 2012-04-05 03:06:19 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-04-04 20:06
    .
    Pre-Run: 137.102.704.640 bytes free
    Post-Run: 151.978.639.360 bytes free
    .
    - - End Of File - - E412C1BFE61B6ED42610A72909B81418


    and, I have reenabled my system protection, Comodo Internet Security and MBAM
  20. Broni

    Broni Malware Annihilator Posts: 46,164   +251

    No worries :)

    Combofix log looks good.

    How is computer doing?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\tasks\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  21. Razer

    Razer TechSpot Enthusiast Topic Starter Posts: 131   +11

    "how is your computer doing?"
    well, It's still doing fine just as before, but I feel more satisfied when reading the combofix log said orphan removed--> the persistent registry
    :)
    but, there is anomaly, before running OTL, my Comodo defense+ sandboxed windows\system32\explorer.exe.. this kind of event happen when infected by virus/done by virus
    here is the Logs

    ========== Processes (SafeList) ==========

    PRC - [2012/04/05 05:56:56 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Razhar\Desktop\OTL.exe
    PRC - [2012/03/28 20:30:08 | 000,407,288 | ---- | M] () -- C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
    PRC - [2012/03/09 21:32:47 | 001,503,232 | ---- | M] (Smadsoft) -- C:\Program Files (x86)\Smadav\SMΔRTP.exe
    PRC - [2012/02/01 10:46:36 | 003,357,584 | ---- | M] (Emsi Software GmbH) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe
    PRC - [2012/01/22 08:40:04 | 003,025,112 | ---- | M] (Emsi Software GmbH) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
    PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2012/01/13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2011/12/12 14:07:00 | 000,793,048 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
    PRC - [2011/12/12 14:06:58 | 000,103,896 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
    PRC - [2011/03/02 11:23:36 | 000,391,432 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\BingBar.exe
    PRC - [2011/03/02 11:23:36 | 000,259,336 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\BingApp.exe
    PRC - [2011/02/26 00:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    PRC - [2011/02/01 12:25:46 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2011/02/01 12:25:42 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2011/02/01 03:55:14 | 000,244,624 | ---- | M] (Acer Incorporated) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
    PRC - [2011/01/19 08:08:08 | 000,620,136 | ---- | M] () -- C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
    PRC - [2010/11/06 13:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    PRC - [2010/11/06 13:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    PRC - [2010/11/02 03:25:34 | 001,374,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe
    PRC - [2010/05/05 02:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
    PRC - [2010/02/03 00:08:56 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
    PRC - [2010/01/08 20:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
    PRC - [2009/12/09 16:24:16 | 000,076,320 | ---- | M] () -- C:\OEM\USBDECTION\USBS3S4Detection.exe
    PRC - [2009/12/02 22:23:38 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    PRC - [2009/12/02 22:23:32 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/03/09 21:32:47 | 001,503,232 | ---- | M] () -- C:\Program Files (x86)\Smadav\SM?RTP.exe
    MOD - [2011/04/22 15:19:30 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\30a8c29a4e9807d25f7148ba4adbe7b9\IAStorUtil.ni.dll
    MOD - [2011/04/22 15:19:30 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\3956b6af532aee63d53f0c15d071b14b\IAStorCommon.ni.dll
    MOD - [2011/01/19 08:08:08 | 000,620,136 | ---- | M] () -- C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
    MOD - [2011/01/19 08:08:04 | 000,151,656 | ---- | M] () -- C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyHook.dll
    MOD - [2010/11/21 10:51:49 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\08d608378aa405adc844f3cf36974b8c\Microsoft.VisualBasic.ni.dll
    MOD - [2010/11/21 10:49:13 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5cae93d923c8378370758489e5535820\System.Runtime.Remoting.ni.dll
    MOD - [2010/11/21 10:49:02 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\bfaf8f86e69928fb2f67987c0203f603\PresentationFramework.ni.dll
    MOD - [2010/11/21 10:48:49 | 012,432,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll
    MOD - [2010/11/21 10:48:42 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll
    MOD - [2010/11/21 10:48:40 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\2ad23de8284d4594aa658dfb5e667d97\PresentationCore.ni.dll
    MOD - [2010/11/21 10:48:30 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf293040f3a93afa1ea782487acae816\WindowsBase.ni.dll
    MOD - [2010/11/21 10:48:25 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\461d3b6b3f43e6fbe6c897d5936e17e4\System.Xml.ni.dll
    MOD - [2010/11/21 10:48:22 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bc09ad2d49d8535371845cd7532f9271\System.Configuration.ni.dll
    MOD - [2010/11/21 10:48:21 | 007,963,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
    MOD - [2010/11/21 10:48:14 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2012/04/03 00:45:59 | 000,086,016 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe -- (mi-raysat_3dsmax2012_64)
    SRV:64bit: - [2012/03/11 21:13:24 | 002,815,496 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
    SRV:64bit: - [2011/12/28 15:36:25 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
    SRV:64bit: - [2011/02/01 03:55:14 | 000,244,624 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -- (Live Updater Service)
    SRV:64bit: - [2010/10/21 09:38:38 | 005,790,064 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen)
    SRV:64bit: - [2010/10/21 09:38:38 | 000,487,280 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen)
    SRV:64bit: - [2010/09/23 08:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2009/09/23 12:49:44 | 000,407,040 | ---- | M] () [Auto | Running] -- C:\Program Files\Modem AC2726 UI\bin\MonServiceUDisk64.exe -- (UDisk Monitor)
    SRV:64bit: - [2009/07/14 08:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2012/03/30 01:12:37 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/03/28 20:30:08 | 000,407,288 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe -- (DragonUpdater)
    SRV - [2012/01/22 08:40:04 | 003,025,112 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
    SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2011/12/27 19:33:20 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2011/12/12 14:07:00 | 000,793,048 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
    SRV - [2011/03/02 11:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
    SRV - [2011/02/26 00:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
    SRV - [2011/02/01 12:25:46 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
    SRV - [2011/02/01 12:25:42 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
    SRV - [2010/11/06 13:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
    SRV - [2010/10/13 00:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
    SRV - [2010/05/05 02:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) @C:\Program Files (x86)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/01/08 20:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe -- (GREGService)
    SRV - [2009/12/09 16:24:16 | 000,076,320 | ---- | M] () [Auto | Running] -- C:\OEM\USBDECTION\USBS3S4Detection.exe -- (USBS3S4Detection)
    SRV - [2009/12/02 22:23:38 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
    SRV - [2009/12/02 22:23:32 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
    SRV - [2009/09/20 11:55:20 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
    SRV - [2009/06/11 04:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/03/11 21:13:40 | 000,022,696 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\cmderd.sys -- (cmderd)
    DRV:64bit: - [2011/12/27 19:05:16 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
    DRV:64bit: - [2011/12/16 22:53:01 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn)
    DRV:64bit: - [2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2011/03/02 01:08:56 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
    DRV:64bit: - [2010/11/21 10:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/21 10:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2010/11/21 10:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/21 10:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2010/11/21 10:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/06 13:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2010/10/28 09:27:18 | 000,011,776 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
    DRV:64bit: - [2010/10/19 15:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
    DRV:64bit: - [2010/10/05 13:26:10 | 000,018,288 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor)
    DRV:64bit: - [2010/10/05 13:26:02 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)
    DRV:64bit: - [2010/10/05 13:26:00 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)
    DRV:64bit: - [2010/10/01 13:14:34 | 012,157,792 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2010/09/21 13:34:18 | 000,313,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) Intel(R)
    DRV:64bit: - [2010/07/20 14:49:32 | 000,123,648 | ---- | M] (D-Link Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HSPADataCardusbser.sys -- (HSPADataCardusbser)
    DRV:64bit: - [2010/07/20 14:49:28 | 000,123,648 | ---- | M] (D-Link Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HSPADataCardusbnmea.sys -- (HSPADataCardusbnmea)
    DRV:64bit: - [2010/07/20 14:49:16 | 000,123,648 | ---- | M] (D-Link Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HSPADataCardusbmdm.sys -- (HSPADataCardusbmdm)
    DRV:64bit: - [2010/02/06 14:49:24 | 000,690,208 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su)
    DRV:64bit: - [2009/12/02 22:23:38 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
    DRV:64bit: - [2009/12/02 22:23:34 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
    DRV:64bit: - [2009/12/02 22:23:32 | 000,269,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
    DRV:64bit: - [2009/12/02 22:23:26 | 000,721,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
    DRV:64bit: - [2009/11/18 13:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt)
    DRV:64bit: - [2009/07/28 09:41:06 | 000,119,168 | ---- | M] (ZTEMT Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT_ZTEMT_U_USBSER.sys -- (ztemtusbser)
    DRV:64bit: - [2009/07/14 08:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/14 08:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/14 08:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2009/07/14 08:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/11 03:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/11 03:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/11 03:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/11 03:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2008/06/27 07:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
    DRV:64bit: - [2007/08/24 19:44:24 | 000,112,512 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
    DRV - [2011/11/02 10:13:26 | 000,041,728 | ---- | M] (Emsi Software GmbH) [File_System | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys -- (a2injectiondriver)
    DRV - [2011/11/02 10:13:12 | 000,063,880 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys -- (a2acc)
    DRV - [2011/05/19 13:10:34 | 000,023,208 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys -- (A2DDA)
    DRV - [2010/07/09 12:19:04 | 000,021,480 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys -- (cpuz134)
    DRV - [2010/05/05 08:40:54 | 000,014,720 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys -- (a2util)
    DRV - [2009/07/14 08:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://gateway.msn.com
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AGWTDF&pc=MAGW&src=IE-SearchBox
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://gateway.msn.com
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AGWTDF&pc=MAGW&src=IE-SearchBox


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-2140435408-939192104-1354380877-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = my.daemon-search.com
    IE - HKU\S-1-5-21-2140435408-939192104-1354380877-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-2140435408-939192104-1354380877-1000\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search?q={searchTerms}
    IE - HKU\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
    FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Razhar\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Razhar\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/15 21:49:18 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/05 02:57:51 | 000,000,000 | ---D | M]

    [2011/09/16 15:27:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Razhar\AppData\Roaming\Mozilla\Extensions
    [2012/03/10 21:15:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Razhar\AppData\Roaming\Mozilla\Firefox\Profiles\o2c60my7.default\extensions
    [2011/12/27 19:05:00 | 000,002,055 | ---- | M] () -- C:\Users\Razhar\AppData\Roaming\Mozilla\Firefox\Profiles\o2c60my7.default\searchplugins\daemon-search.xml
    [2012/01/24 22:26:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/03/15 21:49:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
    () (No name found) -- C:\USERS\RAZHAR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\O2C60MY7.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
    [2012/01/03 08:00:23 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2011/11/10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
    [2011/07/12 04:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
    [2011/10/23 22:55:48 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2011/11/11 12:26:46 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\Razhar\AppData\Local\Google\Chrome\Application\18.0.1025.142\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Razhar\AppData\Local\Google\Chrome\Application\18.0.1025.142\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Razhar\AppData\Local\Google\Chrome\Application\18.0.1025.142\gcswf32.dll
    CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Razhar\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
    CHR - plugin: QuickTime Plug-in 7.1.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
    CHR - plugin: Orbit Downloader (Enabled) = C:\Users\Razhar\AppData\Local\Google\Chrome\Application\plugins\nporbit.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
    CHR - plugin: Wacom Dynamic Link Library (Enabled) = C:\Program Files (x86)\TabletPlugins\npwacom.dll
    CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: Google Update (Enabled) = C:\Users\Razhar\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - Extension: Google Translate = C:\Users\Razhar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\1.2.3.1_0\
    CHR - Extension: Angry Birds = C:\Users\Razhar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\
    CHR - Extension: Gismeteo = C:\Users\Razhar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfegaehidkkcfaikpaijcdahnpikhobf\2.0.4_0\
    CHR - Extension: YouTube = C:\Users\Razhar\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Adblock Plus (Beta) = C:\Users\Razhar\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
    CHR - Extension: Google Search = C:\Users\Razhar\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: Search by Image (by Google) = C:\Users\Razhar\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm\1.1.1_0\
    CHR - Extension: Full Screen Weather = C:\Users\Razhar\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkaebihfmbofclegkcfkkemepfehibg\1.3_0\
    CHR - Extension: Angry Birds Seasons = C:\Users\Razhar\AppData\Local\Google\Chrome\User Data\Default\Extensions\glfgpgljcapdjhcnmecmgihadngabijc\1.1_0\
    CHR - Extension: The Weather Channel for Chrome = C:\Users\Razhar\AppData\Local\Google\Chrome\User Data\Default\Extensions\iflpcokdamgefbghpdipcibmhlkdopop\1.0.0.4_0\
    CHR - Extension: Forecastfox = C:\Users\Razhar\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihffmkcfkejomlfnilnmkokcpgclhfeg\2.0.10_0\
    CHR - Extension: Google +1 Button = C:\Users\Razhar\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgoepmocgafhnchmokaimcmlojpnlkhp\1.1.2.202_0\
    CHR - Extension: K-ON! = C:\Users\Razhar\AppData\Local\Google\Chrome\User Data\Default\Extensions\jijlppfhlfgamaofmpafjpibhdmmcbde\3_1\
    CHR - Extension: gCast Weather = C:\Users\Razhar\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmmhclhlfcfedmliapdfdkonpceafidj\2.1.2_0\
    CHR - Extension: Metric Conversions = C:\Users\Razhar\AppData\Local\Google\Chrome\User Data\Default\Extensions\kninfdohcboilpapkmbbdmcfanlgflld\1.5_0\
    CHR - Extension: Gmail = C:\Users\Razhar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2012/04/05 03:01:20 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKU\S-1-5-21-2140435408-939192104-1354380877-1000\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
    O3 - HKU\S-1-5-21-2140435408-939192104-1354380877-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O3 - HKU\S-1-5-21-2140435408-939192104-1354380877-1000\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
    O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [THXCfg64] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
    O4 - HKLM..\Run: [emsisoft anti-malware] c:\program files (x86)\emsisoft anti-malware\a2guard.exe (Emsi Software GmbH)
    O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe ()
    O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
    O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe (Creative Technology Ltd)
    O4 - HKU\S-1-5-21-2140435408-939192104-1354380877-1000..\Run: [SMΔRT-Protection] C:\Program Files (x86)\Smadav\SMΔRTP.exe (Smadsoft)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 15354 = C:\PROGRA~3\LOCALS~1\Temp\msaeod.cmd
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2140435408-939192104-1354380877-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-2140435408-939192104-1354380877-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
    O7 - HKU\S-1-5-21-2140435408-939192104-1354380877-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8:64bit: - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
    O8:64bit: - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
    O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
    O8:64bit: - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
    O8 - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
    O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
    O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
    O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
    O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O20:64bit: - AppInit_DLLs: (C:\Windows\System32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
    O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (rmslt.nt)
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (autocheck sasnative64)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*


    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.ac3acm - C:\Windows\SysWow64\ac3acm.acm (fccHandler)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3fhg - C:\Windows\SysWow64\mp3fhg.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
    Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
    Drivers32: VIDC.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
    Drivers32: VIDC.YV12 - C:\Windows\SysWow64\yv12vfw.dll (www.helixcommunity.org)

    continue..
  22. Razer

    Razer TechSpot Enthusiast Topic Starter Posts: 131   +11

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/04/05 05:59:53 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Razhar\Desktop\OTL.exe
    [2012/04/05 04:57:29 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/04/05 02:49:32 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/04/05 02:49:32 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/04/05 02:49:32 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/04/05 01:26:31 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2012/04/05 01:25:53 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/04/05 01:06:31 | 004,456,875 | R--- | C] (Swearware) -- C:\Users\Razhar\Desktop\ComboFix.exe
    [2012/04/04 22:09:19 | 000,171,344 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Razhar\Desktop\SalityKiller.com
    [2012/04/04 22:00:09 | 000,000,000 | ---D | C] -- C:\Users\Razhar\Salitykiller2012
    [2012/04/04 10:35:51 | 000,000,000 | ---D | C] -- C:\Users\Razhar\Desktop\tdsskiller
    [2012/04/04 08:20:18 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Razhar\Desktop\aswMBR.exe
    [2012/04/03 20:42:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
    [2012/04/03 20:42:10 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
    [2012/04/03 04:14:56 | 000,000,000 | ---D | C] -- C:\Users\Razhar\Documents\Simply Super Software
    [2012/04/03 04:13:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojan Remover
    [2012/04/02 23:32:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools Security
    [2012/04/02 19:16:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
    [2012/04/02 17:55:49 | 000,000,000 | ---D | C] -- C:\Users\Razhar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Migo Software
    [2012/04/02 17:55:48 | 000,000,000 | ---D | C] -- C:\Windows\Digital Rescue 4 Premium
    [2012/04/02 16:00:59 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
    [2012/04/02 15:40:19 | 000,000,000 | ---D | C] -- C:\Program Files\Diskeeper Corporation
    [2012/04/02 03:08:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    [2012/04/02 03:08:49 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
    [2012/04/01 23:00:03 | 000,000,000 | ---D | C] -- C:\Users\Razhar\AppData\Roaming\TeamViewer
    [2012/04/01 22:52:51 | 000,035,112 | ---- | C] (TeamViewer GmbH) -- C:\Windows\SysNative\drivers\teamviewervpn.sys
    [2012/04/01 22:52:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
    [2012/04/01 15:23:42 | 000,000,000 | ---D | C] -- C:\Windows\pss
    [2012/04/01 15:17:36 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBREG
    [2012/04/01 15:17:29 | 000,000,000 | ---D | C] -- C:\Users\Razhar\AppData\Roaming\HP
    [2012/04/01 15:16:54 | 000,000,000 | ---D | C] -- C:\Users\Razhar\AppData\Local\HP
    [2012/04/01 15:13:50 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant
    [2012/04/01 15:13:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
    [2012/04/01 15:12:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Hewlett-Packard
    [2012/04/01 15:12:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\HP
    [2012/04/01 15:11:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
    [2012/04/01 15:11:15 | 000,000,000 | ---D | C] -- C:\Config.Msi
    [2012/04/01 15:09:40 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
    [2012/04/01 15:00:55 | 000,000,000 | ---D | C] -- C:\Users\Razhar\AppData\Roaming\Babylon
    [2012/04/01 15:00:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
    [2012/03/31 22:51:47 | 000,000,000 | ---D | C] -- C:\Users\Razhar\Desktop\SPC_Report
    [2012/03/31 22:50:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Advanced System Optimizer 3
    [2012/03/31 22:02:14 | 000,000,000 | ---D | C] -- C:\Windows\Repair
    [2012/03/31 22:00:25 | 000,000,000 | ---D | C] -- C:\Users\Razhar\AppData\Roaming\Systweak
    [2012/03/31 22:00:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Systweak
    [2012/03/30 19:56:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
    [2012/03/30 19:56:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware
    [2012/03/30 19:56:02 | 000,000,000 | ---D | C] -- C:\Users\Razhar\Documents\Anti-Malware
    [2012/03/29 16:19:05 | 000,000,000 | ---D | C] -- C:\Smadav
    [2012/03/24 16:58:37 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
    [2012/03/23 18:52:57 | 000,000,000 | ---D | C] -- C:\VritualRoot
    [2012/03/23 18:31:01 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\COMODO
    [2012/03/23 18:11:49 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
    [2012/03/23 02:04:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Torchlight
    [2012/03/23 01:41:24 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Runic
    [2012/03/16 15:15:21 | 000,000,000 | ---D | C] -- C:\Users\Razhar\AppData\Roaming\Registry Mechanic
    [2012/03/16 15:09:54 | 001,101,824 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\SysWow64\UniBox210.ocx
    [2012/03/16 15:09:54 | 000,880,640 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\SysWow64\UniBox10.ocx
    [2012/03/16 15:09:54 | 000,212,992 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\SysWow64\UniBoxVB12.ocx
    [2012/03/16 15:09:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Registry Mechanic
    [2012/03/16 14:47:31 | 000,000,000 | ---D | C] -- C:\Users\Razhar\AppData\Roaming\Product_RM
    [2012/03/16 14:47:31 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
    [2012/03/16 14:23:22 | 000,108,056 | ---- | C] (PC Tools) -- C:\Windows\SysWow64\drivers\PCTDMDefrag.sys
    [2012/03/16 01:50:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
    [2012/03/16 01:45:19 | 000,000,000 | ---D | C] -- C:\Users\Razhar\AppData\Local\Comodo
    [2012/03/16 01:25:12 | 000,000,000 | ---D | C] -- C:\ProgramData\CPA_VA
    [2012/03/16 01:16:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
    [2012/03/16 01:16:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Comodo
    [2012/03/15 22:31:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/03/15 22:31:50 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/03/15 22:31:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/03/15 17:09:30 | 002,246,608 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll0352.old
    [2012/03/15 17:09:30 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll0352.old
    [2012/03/14 23:02:04 | 000,000,000 | ---D | C] -- C:\Users\Razhar\Desktop\Novel Rhea Attachments_2012_03_14
    [2012/03/14 00:57:06 | 000,000,000 | ---D | C] -- C:\Users\Razhar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
    [2012/03/14 00:57:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
    [2012/03/13 18:20:41 | 000,000,000 | ---D | C] -- C:\Users\Razhar\AppData\Local\ElevatedDiagnostics
    [2012/03/13 16:50:30 | 000,000,000 | ---D | C] -- C:\Users\Razhar\AppData\Local\Apps
    [2012/03/12 17:44:11 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 10
    [2012/03/12 01:42:22 | 000,000,000 | ---D | C] -- C:\Users\Razhar\AppData\Roaming\runic games
    [2012/03/12 01:39:18 | 000,000,000 | ---D | C] -- C:\Users\Razhar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
    [2012/03/11 21:13:40 | 000,022,696 | ---- | C] (COMODO) -- C:\Windows\SysNative\drivers\cmderd.sys
    [2012/03/11 21:13:22 | 000,041,200 | ---- | C] (COMODO) -- C:\Windows\SysNative\cmdcsr.dll
    [2012/03/11 21:13:20 | 000,301,224 | ---- | C] (COMODO) -- C:\Windows\SysWow64\guard32.dll
    [2012/03/11 21:13:18 | 000,389,840 | ---- | C] (COMODO) -- C:\Windows\SysNative\guard64.dll
    [2012/03/11 13:14:34 | 000,000,000 | ---D | C] -- C:\Users\Razhar\AppData\Roaming\isoburnerdata
    [2012/03/10 21:24:09 | 000,000,000 | ---D | C] -- C:\Users\Razhar\AppData\Roaming\PCTools
    [2012/03/10 21:17:06 | 000,000,000 | ---D | C] -- C:\Users\Razhar\Documents\Data Esir 9 Maret 2012
    [2012/03/10 18:50:58 | 000,000,000 | ---D | C] -- C:\Users\Razhar\AppData\Roaming\PC Tools
    [2012/03/10 14:13:15 | 000,000,000 | ---D | C] -- C:\Users\Razhar\AppData\Roaming\Malwarebytes
    [2012/03/10 14:13:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/03/10 13:07:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools
    [2012/03/10 02:37:25 | 000,230,952 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTSD64.sys
    [2012/03/10 02:37:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
    [2012/03/10 02:00:06 | 000,000,000 | ---D | C] -- C:\Users\Razhar\AppData\Roaming\TestApp
    [2012/03/09 13:24:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Local Settings
    [2012/03/06 18:12:58 | 000,000,000 | ---D | C] -- C:\Users\Razhar\AppData\Local\{C4C8F44E-D517-4F98-96BC-DE9FFBDF89C3}
    [2012/03/06 18:11:22 | 000,000,000 | ---D | C] -- C:\Users\Razhar\AppData\Local\{E37E037F-F93F-4CF0-B779-0E99BB351CB7}
    [2012/03/06 17:50:26 | 000,000,000 | ---D | C] -- C:\Users\Razhar\AppData\Roaming\Apple Computer
    [2012/03/06 17:44:09 | 000,000,000 | ---D | C] -- C:\Users\Razhar\AppData\Local\{9323FA31-4E95-4A2F-B319-082C04B3413A}
    [2012/03/06 17:44:09 | 000,000,000 | ---D | C] -- C:\Users\Razhar\AppData\Local\{2DD6BE9A-8A6F-4323-9AF1-A16095E96797}
    [8 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/04/05 05:56:56 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Razhar\Desktop\OTL.exe
    [2012/04/05 05:31:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/04/05 05:04:53 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/04/05 05:04:53 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/04/05 05:02:30 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\SDMsgUpdate (TE).job
    [2012/04/05 04:57:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/04/05 04:57:10 | 1566,580,736 | -HS- | M] () -- C:\hiberfil.sys
    [2012/04/05 03:01:20 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/04/05 02:40:22 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat
    [2012/04/05 01:22:22 | 000,248,182 | ---- | M] () -- C:\Users\Razhar\Desktop\Combofix instruction.pdf
    [2012/04/05 01:16:17 | 000,000,674 | ---- | M] () -- C:\Users\Razhar\Desktop\Smadav - Shortcut.lnk
    [2012/04/05 01:09:32 | 004,456,951 | ---- | M] () -- C:\Users\Razhar\Desktop\ComboFix.rar
    [2012/04/05 01:08:23 | 004,456,875 | R--- | M] (Swearware) -- C:\Users\Razhar\Desktop\ComboFix.exe
    [2012/04/05 00:49:12 | 000,950,528 | ---- | M] () -- C:\Users\Razhar\Desktop\Combofix.pdf
    [2012/04/04 21:58:41 | 000,164,296 | ---- | M] () -- C:\Users\Razhar\Salitykiller2012.zip
    [2012/04/04 12:56:55 | 000,599,013 | ---- | M] () -- C:\Users\Razhar\Documents\SALITY remove IT CLUB SMAN 1 NGUNUT_ virus win32 sality.pdf
    [2012/04/04 12:56:08 | 000,512,017 | ---- | M] () -- C:\Users\Razhar\Documents\Sality Membersihkan Win32 Sality dari Komputer - Anitivirus untuk Win32_Sality _ Belajar SEO _ Tutorial Wordpress Blogger _ Cari Uang di Internet _ Making Money Online.pdf
    [2012/04/04 10:29:23 | 002,052,880 | ---- | M] () -- C:\Users\Razhar\Desktop\tdsskiller.zip
    [2012/04/04 08:23:09 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Razhar\Desktop\aswMBR.exe
    [2012/04/04 02:15:35 | 000,000,726 | ---- | M] () -- C:\Users\Razhar\Desktop\EMERGENCY Kit - Shortcut.lnk
    [2012/04/04 01:26:45 | 000,000,004 | ---- | M] () -- C:\Windows\17425030.dat
    [2012/04/03 23:05:01 | 000,145,988 | ---- | M] () -- C:\Users\Razhar\Desktop\Special governing rules for the Virus & Malware removal board - TechSpot OpenBoards.pdf
    [2012/04/03 23:04:27 | 000,125,861 | ---- | M] () -- C:\Users\Razhar\Desktop\Do NOT follow instructions.pdf
    [2012/04/03 23:03:40 | 000,315,132 | ---- | M] () -- C:\Users\Razhar\Desktop\UPDATED 5-step Viruses removal.pdf
    [2012/04/03 20:42:11 | 000,001,665 | ---- | M] () -- C:\Users\Public\Desktop\Recuva.lnk
    [2012/04/03 18:32:16 | 000,002,078 | ---- | M] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
    [2012/04/03 00:37:09 | 001,733,449 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
    [2012/04/02 23:13:26 | 000,000,004 | ---- | M] () -- C:\Windows\1299535.dat
    [2012/04/02 19:16:02 | 000,001,196 | ---- | M] () -- C:\Users\Razhar\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
    [2012/04/02 17:16:43 | 000,000,056 | ---- | M] () -- C:\Windows\SysNative\RW_{9FD04757-E03C-11E0-809A-68A3C4CBF2BC}.dat
    [2012/04/02 17:16:43 | 000,000,056 | ---- | M] () -- C:\Windows\SysNative\RW_{48561C50-AD1B-11E0-ABA7-806E6F6E6963}.dat
    [2012/04/02 17:16:43 | 000,000,056 | ---- | M] () -- C:\Windows\SysNative\RW_{48561C4F-AD1B-11E0-ABA7-806E6F6E6963}.dat
    [2012/04/02 17:16:43 | 000,000,056 | ---- | M] () -- C:\Windows\SysNative\RW_{48561C4E-AD1B-11E0-ABA7-806E6F6E6963}.dat
    [2012/04/02 17:16:43 | 000,000,012 | ---- | M] () -- C:\Windows\SysNative\EvGr_Data{9FD04757-E03C-11E0-809A-68A3C4CBF2BC}.dat
    [2012/04/02 17:16:43 | 000,000,012 | ---- | M] () -- C:\Windows\SysNative\EvGr_Data{48561C50-AD1B-11E0-ABA7-806E6F6E6963}.dat
    [2012/04/02 17:16:43 | 000,000,012 | ---- | M] () -- C:\Windows\SysNative\EvGr_Data{48561C4F-AD1B-11E0-ABA7-806E6F6E6963}.dat
    [2012/04/02 17:16:43 | 000,000,012 | ---- | M] () -- C:\Windows\SysNative\EvGr_Data{48561C4E-AD1B-11E0-ABA7-806E6F6E6963}.dat
    [2012/04/02 12:59:02 | 000,706,805 | ---- | M] () -- C:\Users\Razhar\Documents\Mind Hacks how to improve memory.pdf
    [2012/04/02 03:08:50 | 000,000,831 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2012/04/01 15:48:54 | 003,037,960 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/04/01 15:17:22 | 000,221,206 | ---- | M] () -- C:\Windows\hpoins19.dat
    [2012/04/01 15:13:48 | 000,001,328 | ---- | M] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
    [2012/04/01 02:36:04 | 000,000,000 | ---- | M] () -- C:\StartUpManager_scandataOUTPUT.xml
    [2012/04/01 02:36:02 | 000,000,814 | ---- | M] () -- C:\StartUpManager_scandataINPUT.xml
    [2012/04/01 02:21:57 | 000,029,336 | ---- | M] () -- C:\Windows\cscmondump.bin
    [2012/04/01 00:43:31 | 000,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn
    [2012/03/31 14:04:11 | 000,002,132 | ---- | M] () -- C:\Users\Public\Desktop\Angry Birds Seasons.lnk
    [2012/03/31 12:11:48 | 000,001,230 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebyte Anti-Malware.lnk
    [2012/03/31 01:26:37 | 000,779,080 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/03/31 01:26:37 | 000,651,894 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/03/31 01:26:37 | 000,120,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/03/30 19:56:14 | 000,001,134 | ---- | M] () -- C:\Users\Razhar\Application Data\Microsoft\Internet Explorer\Quick Launch\Emsisoft Anti-Malware.lnk
    [2012/03/30 19:56:14 | 000,001,110 | ---- | M] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
    [2012/03/30 18:18:48 | 000,001,162 | ---- | M] () -- C:\Users\Public\Desktop\Angry Birds Space.lnk
    [2012/03/30 16:31:58 | 000,618,909 | ---- | M] () -- C:\Users\Razhar\Documents\Soft Hackz_ Make your Internet connection ultra fast(4X faster).pdf
    [2012/03/30 10:47:38 | 000,002,371 | ---- | M] () -- C:\Users\Razhar\Desktop\Google Chrome.lnk
    [2012/03/30 01:20:24 | 000,001,045 | ---- | M] () -- C:\Users\Public\Desktop\Comodo Dragon.lnk
    [2012/03/23 18:46:22 | 000,001,846 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Internet Security.lnk
    [2012/03/23 02:25:23 | 000,001,233 | ---- | M] () -- C:\Users\Razhar\Desktop\Torchlight.lnk
    [2012/03/23 02:00:27 | 000,002,541 | ---- | M] () -- C:\Users\Public\Desktop\WildTangent Games App - gateway.lnk
    [2012/03/22 19:54:35 | 000,001,425 | ---- | M] () -- C:\Users\Razhar\Desktop\Smart Modem.lnk
    [2012/03/16 18:22:37 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
    [2012/03/16 15:09:55 | 000,001,332 | ---- | M] () -- C:\Users\Public\Desktop\PC Tools Registry Mechanic.lnk
    [2012/03/15 14:18:26 | 003,242,465 | ---- | M] () -- C:\Gateway Generic User Guide.pdf
    [2012/03/13 17:55:38 | 000,001,404 | ---- | M] () -- C:\Users\Razhar\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2012/03/13 02:12:43 | 000,001,275 | ---- | M] () -- C:\Users\Razhar\Desktop\WinRAR - Shortcut.lnk
    [2012/03/12 17:44:11 | 000,002,173 | ---- | M] () -- C:\Users\Public\Desktop\CyberLink PowerDVD 10.lnk
    [2012/03/12 16:58:28 | 000,001,409 | ---- | M] () -- C:\Windows\QTFont.for
    [2012/03/11 21:13:40 | 000,022,696 | ---- | M] (COMODO) -- C:\Windows\SysNative\drivers\cmderd.sys
    [2012/03/11 21:13:22 | 000,041,200 | ---- | M] (COMODO) -- C:\Windows\SysNative\cmdcsr.dll
    [2012/03/11 21:13:20 | 000,301,224 | ---- | M] (COMODO) -- C:\Windows\SysWow64\guard32.dll
    [2012/03/11 21:13:18 | 000,389,840 | ---- | M] (COMODO) -- C:\Windows\SysNative\guard64.dll
    [2012/03/11 13:11:49 | 000,001,313 | ---- | M] () -- C:\Users\Razhar\Desktop\Deus Ex.lnk
    [2012/03/10 18:50:35 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\SM.lock
    [2012/03/10 16:52:43 | 000,001,492 | ---- | M] () -- C:\Users\Razhar\Desktop\AngryBirds.lnk
    [2012/03/10 16:45:19 | 000,001,421 | ---- | M] () -- C:\Users\Razhar\Desktop\Mozilla Firefox.lnk
    [2012/03/10 16:28:02 | 000,001,351 | ---- | M] () -- C:\Users\Razhar\Desktop\Defraggler.lnk
    [2012/03/10 16:27:37 | 000,001,275 | ---- | M] () -- C:\Users\Razhar\Desktop\Speccy.lnk
    [2012/03/10 16:24:35 | 000,001,473 | ---- | M] () -- C:\Users\Razhar\Desktop\Mobile Partner.lnk
    [2012/03/10 16:22:38 | 000,001,289 | ---- | M] () -- C:\Users\Razhar\Desktop\winamp.lnk
    [8 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/04/05 02:49:32 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/04/05 02:49:32 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/04/05 02:49:32 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/04/05 02:49:32 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/04/05 02:49:32 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/04/05 01:22:22 | 000,248,182 | ---- | C] () -- C:\Users\Razhar\Desktop\Combofix instruction.pdf
    [2012/04/05 01:16:17 | 000,000,674 | ---- | C] () -- C:\Users\Razhar\Desktop\Smadav - Shortcut.lnk
    [2012/04/05 01:09:31 | 004,456,951 | ---- | C] () -- C:\Users\Razhar\Desktop\ComboFix.rar
    [2012/04/05 00:49:12 | 000,950,528 | ---- | C] () -- C:\Users\Razhar\Desktop\Combofix.pdf
    [2012/04/04 22:09:19 | 000,000,022 | ---- | C] () -- C:\Users\Razhar\Desktop\SalityCure.bat
    [2012/04/04 21:59:48 | 000,164,296 | ---- | C] () -- C:\Users\Razhar\Salitykiller2012.zip
    [2012/04/04 12:56:54 | 000,599,013 | ---- | C] () -- C:\Users\Razhar\Documents\SALITY remove IT CLUB SMAN 1 NGUNUT_ virus win32 sality.pdf
    [2012/04/04 12:56:06 | 000,512,017 | ---- | C] () -- C:\Users\Razhar\Documents\Sality Membersihkan Win32 Sality dari Komputer - Anitivirus untuk Win32_Sality _ Belajar SEO _ Tutorial Wordpress Blogger _ Cari Uang di Internet _ Making Money Online.pdf
    [2012/04/04 10:31:35 | 002,052,880 | ---- | C] () -- C:\Users\Razhar\Desktop\tdsskiller.zip
    [2012/04/04 02:15:35 | 000,000,726 | ---- | C] () -- C:\Users\Razhar\Desktop\EMERGENCY Kit - Shortcut.lnk
    [2012/04/04 01:26:45 | 000,000,004 | ---- | C] () -- C:\Windows\17425030.dat
    [2012/04/03 23:05:01 | 000,145,988 | ---- | C] () -- C:\Users\Razhar\Desktop\Special governing rules for the Virus & Malware removal board - TechSpot OpenBoards.pdf
    [2012/04/03 23:04:26 | 000,125,861 | ---- | C] () -- C:\Users\Razhar\Desktop\Do NOT follow instructions.pdf
    [2012/04/03 23:03:39 | 000,315,132 | ---- | C] () -- C:\Users\Razhar\Desktop\UPDATED 5-step Viruses removal.pdf
    [2012/04/03 20:42:11 | 000,001,665 | ---- | C] () -- C:\Users\Public\Desktop\Recuva.lnk
    [2012/04/02 23:13:26 | 000,000,004 | ---- | C] () -- C:\Windows\1299535.dat
    [2012/04/02 19:16:02 | 000,002,078 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
    [2012/04/02 19:16:02 | 000,001,196 | ---- | C] () -- C:\Users\Razhar\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
    [2012/04/02 17:16:43 | 000,000,056 | ---- | C] () -- C:\Windows\SysNative\RW_{9FD04757-E03C-11E0-809A-68A3C4CBF2BC}.dat
    [2012/04/02 17:16:43 | 000,000,056 | ---- | C] () -- C:\Windows\SysNative\RW_{48561C50-AD1B-11E0-ABA7-806E6F6E6963}.dat
    [2012/04/02 17:16:43 | 000,000,056 | ---- | C] () -- C:\Windows\SysNative\RW_{48561C4F-AD1B-11E0-ABA7-806E6F6E6963}.dat
    [2012/04/02 17:16:43 | 000,000,056 | ---- | C] () -- C:\Windows\SysNative\RW_{48561C4E-AD1B-11E0-ABA7-806E6F6E6963}.dat
    [2012/04/02 17:16:43 | 000,000,012 | ---- | C] () -- C:\Windows\SysNative\EvGr_Data{9FD04757-E03C-11E0-809A-68A3C4CBF2BC}.dat
    [2012/04/02 17:16:43 | 000,000,012 | ---- | C] () -- C:\Windows\SysNative\EvGr_Data{48561C50-AD1B-11E0-ABA7-806E6F6E6963}.dat
    [2012/04/02 17:16:43 | 000,000,012 | ---- | C] () -- C:\Windows\SysNative\EvGr_Data{48561C4F-AD1B-11E0-ABA7-806E6F6E6963}.dat
    [2012/04/02 17:16:43 | 000,000,012 | ---- | C] () -- C:\Windows\SysNative\EvGr_Data{48561C4E-AD1B-11E0-ABA7-806E6F6E6963}.dat
    [2012/04/02 12:59:02 | 000,706,805 | ---- | C] () -- C:\Users\Razhar\Documents\Mind Hacks how to improve memory.pdf
    [2012/04/02 03:08:50 | 000,000,831 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2012/04/01 15:14:02 | 000,001,054 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
    [2012/04/01 15:13:48 | 000,001,328 | ---- | C] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
    [2012/04/01 15:09:55 | 000,221,206 | ---- | C] () -- C:\Windows\hpoins19.dat
    [2012/04/01 15:09:55 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
    [2012/04/01 02:21:57 | 000,029,336 | ---- | C] () -- C:\Windows\cscmondump.bin
    [2012/04/01 00:46:55 | 000,000,000 | ---- | C] () -- C:\StartUpManager_scandataOUTPUT.xml
    [2012/04/01 00:46:54 | 000,000,814 | ---- | C] () -- C:\StartUpManager_scandataINPUT.xml
    [2012/03/31 14:04:11 | 000,002,132 | ---- | C] () -- C:\Users\Public\Desktop\Angry Birds Seasons.lnk
    [2012/03/30 19:56:14 | 000,001,134 | ---- | C] () -- C:\Users\Razhar\Application Data\Microsoft\Internet Explorer\Quick Launch\Emsisoft Anti-Malware.lnk
    [2012/03/30 19:56:14 | 000,001,110 | ---- | C] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
    [2012/03/30 18:18:48 | 000,001,162 | ---- | C] () -- C:\Users\Public\Desktop\Angry Birds Space.lnk
    [2012/03/30 16:31:57 | 000,618,909 | ---- | C] () -- C:\Users\Razhar\Documents\Soft Hackz_ Make your Internet connection ultra fast(4X faster).pdf
    [2012/03/30 01:12:39 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/03/29 15:07:20 | 000,001,045 | ---- | C] () -- C:\Users\Public\Desktop\Comodo Dragon.lnk
    [2012/03/23 18:46:22 | 000,001,846 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Internet Security.lnk
    [2012/03/23 02:25:23 | 000,001,233 | ---- | C] () -- C:\Users\Razhar\Desktop\Torchlight.lnk
    [2012/03/22 19:54:35 | 000,001,425 | ---- | C] () -- C:\Users\Razhar\Desktop\Smart Modem.lnk
    [2012/03/16 18:22:37 | 000,002,021 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
    [2012/03/16 18:22:34 | 000,002,471 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
    [2012/03/16 15:09:55 | 000,001,332 | ---- | C] () -- C:\Users\Public\Desktop\PC Tools Registry Mechanic.lnk
    [2012/03/16 15:09:54 | 000,040,408 | ---- | C] () -- C:\Windows\SysNative\CleanMFT64.exe
    [2012/03/16 01:18:56 | 001,474,832 | ---- | C] () -- C:\Windows\SysNative\drivers\sfi.dat
    [2012/03/15 22:31:51 | 000,001,230 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebyte Anti-Malware.lnk
    [2012/03/15 17:09:30 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll0352.old
    [2012/03/15 14:18:25 | 003,242,465 | ---- | C] () -- C:\Gateway Generic User Guide.pdf
    [2012/03/13 02:12:43 | 000,001,275 | ---- | C] () -- C:\Users\Razhar\Desktop\WinRAR - Shortcut.lnk
    [2012/03/12 17:44:11 | 000,002,173 | ---- | C] () -- C:\Users\Public\Desktop\CyberLink PowerDVD 10.lnk
    [2012/03/12 16:58:28 | 000,054,156 | -H-- | C] () -- C:\Windows\QTFont.qfn
    [2012/03/12 16:58:28 | 000,001,409 | ---- | C] () -- C:\Windows\QTFont.for
    [2012/03/12 14:40:22 | 000,002,541 | ---- | C] () -- C:\Users\Public\Desktop\WildTangent Games App - gateway.lnk
    [2012/03/11 13:11:49 | 000,001,313 | ---- | C] () -- C:\Users\Razhar\Desktop\Deus Ex.lnk
    [2012/03/10 18:50:35 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\SM.lock
    [2012/03/10 18:22:33 | 003,037,960 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/03/10 16:52:43 | 000,001,492 | ---- | C] () -- C:\Users\Razhar\Desktop\AngryBirds.lnk
    [2012/03/10 16:45:19 | 000,001,421 | ---- | C] () -- C:\Users\Razhar\Desktop\Mozilla Firefox.lnk
    [2012/03/10 16:28:02 | 000,001,351 | ---- | C] () -- C:\Users\Razhar\Desktop\Defraggler.lnk
    [2012/03/10 16:27:37 | 000,001,275 | ---- | C] () -- C:\Users\Razhar\Desktop\Speccy.lnk
    [2012/03/10 16:24:35 | 000,001,473 | ---- | C] () -- C:\Users\Razhar\Desktop\Mobile Partner.lnk
    [2012/03/10 16:22:38 | 000,001,289 | ---- | C] () -- C:\Users\Razhar\Desktop\winamp.lnk
    [2012/03/10 13:07:54 | 001,733,449 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
    [2012/03/07 13:27:28 | 000,001,176 | ---- | C] () -- C:\Users\Razhar\Desktop\Adobe Premiere Pro CS4.lnk
    [2012/02/08 17:42:20 | 000,129,024 | ---- | C] () -- C:\Windows\UNWISE.EXE
    [2012/02/07 03:52:46 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
    [2011/12/10 21:56:33 | 000,007,610 | ---- | C] () -- C:\Users\Razhar\AppData\Local\Resmon.ResmonCfg
    [2011/12/04 18:54:45 | 000,010,752 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll
    [2011/11/15 22:31:08 | 000,004,608 | ---- | C] () -- C:\Users\Razhar\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/09/16 15:36:03 | 000,764,636 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/09/16 15:26:37 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
    [2011/09/16 15:26:36 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
    [2011/09/16 15:26:36 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
    [2011/09/16 15:26:36 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
    [2011/09/16 15:26:36 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
    [2011/07/13 13:55:17 | 000,002,001 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
    [2011/07/13 13:55:17 | 000,001,212 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
    [2011/07/13 13:55:17 | 000,001,212 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini
    [2011/07/13 13:55:15 | 000,183,296 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
    [2011/07/13 13:55:15 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
    [2011/04/22 16:06:29 | 000,798,716 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
    [2011/04/22 16:06:29 | 000,201,920 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
    [2011/04/22 16:06:27 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin

    ========== LOP Check ==========

    [2011/09/19 00:51:54 | 000,000,000 | ---D | M] -- C:\Users\Razhar\AppData\Roaming\ACD Systems
    [2011/12/28 16:07:00 | 000,000,000 | ---D | M] -- C:\Users\Razhar\AppData\Roaming\Autodesk
    [2012/04/01 15:00:55 | 000,000,000 | ---D | M] -- C:\Users\Razhar\AppData\Roaming\Babylon
    [2011/12/31 13:59:37 | 000,000,000 | ---D | M] -- C:\Users\Razhar\AppData\Roaming\Blender Foundation
    [2011/12/28 13:38:35 | 000,000,000 | ---D | M] -- C:\Users\Razhar\AppData\Roaming\com.adobe.ExMan
    [2012/03/10 18:01:13 | 000,000,000 | ---D | M] -- C:\Users\Razhar\AppData\Roaming\DAEMON Tools Lite
    [2012/02/01 10:52:11 | 000,000,000 | ---D | M] -- C:\Users\Razhar\AppData\Roaming\GrabPro
    [2012/03/11 13:14:34 | 000,000,000 | ---D | M] -- C:\Users\Razhar\AppData\Roaming\isoburnerdata
    [2011/09/16 15:21:31 | 000,000,000 | ---D | M] -- C:\Users\Razhar\AppData\Roaming\OEM
    [2012/04/05 06:09:45 | 000,000,000 | ---D | M] -- C:\Users\Razhar\AppData\Roaming\Orbit
    [2012/03/10 21:24:09 | 000,000,000 | ---D | M] -- C:\Users\Razhar\AppData\Roaming\PCTools
    [2012/03/16 14:47:31 | 000,000,000 | ---D | M] -- C:\Users\Razhar\AppData\Roaming\Product_RM
    [2012/02/01 10:52:14 | 000,000,000 | ---D | M] -- C:\Users\Razhar\AppData\Roaming\ProgSense
    [2012/03/16 15:15:21 | 000,000,000 | ---D | M] -- C:\Users\Razhar\AppData\Roaming\Registry Mechanic
    [2012/03/30 18:19:41 | 000,000,000 | ---D | M] -- C:\Users\Razhar\AppData\Roaming\Rovio
    [2012/03/29 20:18:32 | 000,000,000 | ---D | M] -- C:\Users\Razhar\AppData\Roaming\runic games
    [2012/04/03 19:19:37 | 000,000,000 | ---D | M] -- C:\Users\Razhar\AppData\Roaming\Smadav
    [2012/03/15 21:48:52 | 000,000,000 | ---D | M] -- C:\Users\Razhar\AppData\Roaming\SmartDraw
    [2012/01/03 22:47:56 | 000,000,000 | ---D | M] -- C:\Users\Razhar\AppData\Roaming\SoftGrid Client
    [2012/04/04 08:13:51 | 000,000,000 | ---D | M] -- C:\Users\Razhar\AppData\Roaming\Systweak
    [2012/04/01 23:56:57 | 000,000,000 | ---D | M] -- C:\Users\Razhar\AppData\Roaming\TeamViewer
    [2012/03/10 02:00:06 | 000,000,000 | ---D | M] -- C:\Users\Razhar\AppData\Roaming\TestApp
    [2011/09/17 02:40:27 | 000,000,000 | ---D | M] -- C:\Users\Razhar\AppData\Roaming\Tific
    [2011/09/16 15:36:41 | 000,000,000 | ---D | M] -- C:\Users\Razhar\AppData\Roaming\TP
    [2012/01/29 22:37:28 | 000,000,000 | ---D | M] -- C:\Users\Razhar\AppData\Roaming\ZTEMTUI
    [2012/04/04 01:27:19 | 000,032,548 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
    [2012/04/05 05:02:30 | 000,000,466 | ---- | M] () -- C:\Windows\Tasks\SDMsgUpdate (TE).job

    ========== Purity Check ==========



    ========== Custom Scans ==========

    < %SYSTEMDRIVE%\*.* >
    [2011/04/22 16:09:13 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
    [2012/04/05 03:06:20 | 000,045,482 | ---- | M] () -- C:\ComboFix.txt
    [2012/03/15 14:18:26 | 003,242,465 | ---- | M] () -- C:\Gateway Generic User Guide.pdf
    [2012/04/05 04:57:10 | 1566,580,736 | -HS- | M] () -- C:\hiberfil.sys
    [2011/02/13 11:41:31 | 000,000,588 | ---- | M] () -- C:\LPCD.DAT
    [2006/12/02 13:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
    [2011/06/27 10:14:36 | 000,069,632 | ---- | M] ( ) -- C:\nporbit.dll
    [2012/04/05 04:57:10 | 2088,775,680 | -HS- | M] () -- C:\pagefile.sys
    [2012/04/04 18:08:41 | 000,013,897 | ---- | M] () -- C:\rmslt.log
    [2012/04/01 02:36:02 | 000,000,814 | ---- | M] () -- C:\StartUpManager_scandataINPUT.xml
    [2012/04/01 02:36:04 | 000,000,000 | ---- | M] () -- C:\StartUpManager_scandataOUTPUT.xml
    [2012/04/04 10:36:12 | 000,003,254 | ---- | M] () -- C:\TDSSKiller.2.7.25.0_04.04.2012_10.36.07_log.txt
    [2012/04/04 11:01:55 | 000,137,804 | ---- | M] () -- C:\TDSSKiller.2.7.25.0_04.04.2012_10.36.13_log.txt

    < %systemroot%\Fonts\*.com >
    [2009/07/14 12:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/14 12:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/14 12:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/14 12:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/11 03:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >
    [2011/11/25 20:51:15 | 000,917,504 | ---- | M] () -- C:\Windows\system32\Photo0133.jpg
    [8 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2010/11/10 16:28:46 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2012/03/13 19:37:06 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2012/03/13 17:55:38 | 000,000,221 | -HS- | M] () -- C:\Users\Razhar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2012/04/04 08:23:09 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Razhar\Desktop\aswMBR.exe
    [2012/04/05 01:08:23 | 004,456,875 | R--- | M] (Swearware) -- C:\Users\Razhar\Desktop\ComboFix.exe
    [2012/04/05 05:56:56 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Razhar\Desktop\OTL.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\tasks\*.* >
    [2012/04/05 05:31:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/04/05 04:57:16 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
    [2012/04/04 01:27:19 | 000,032,548 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT
    [2012/04/05 05:02:30 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\SDMsgUpdate (TE).job

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/11 04:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2011/09/16 15:21:25 | 000,000,402 | -HS- | M] () -- C:\Users\Razhar\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2012/04/01 15:59:20 | 000,002,879 | ---- | M] () -- C:\ProgramData\hpzinstall.log

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >
    [2011/12/28 15:33:56 | 000,038,912 | ---- | M] (Autodesk, Inc.) -- C:\Windows\Installer\Luc.exe
    [27 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 179 bytes -> C:\ProgramData\Temp:D1B5B4F1
    @Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:CB0AACC9
    @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:DFC5A2B2
    @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84
    @Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:0D786AE3

    < End of report >

    continue..
  23. Razer

    Razer TechSpot Enthusiast Topic Starter Posts: 131   +11

    OTL Extras logfile created on: 4/5/2012 6:11:52 AM - Run 1
    OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Razhar\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7601.17514)
    Locale: 00000409 | Country: Indonesia | Language: IND | Date Format: dd/MM/yyyy

    1.95 Gb Total Physical Memory | 0.89 Gb Available Physical Memory | 45.70% Memory free
    3.89 Gb Paging File | 2.00 Gb Available in Paging File | 51.44% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 226.00 Gb Total Space | 141.96 Gb Free Space | 62.81% Space Free | Partition Type: NTFS
    Drive D: | 222.08 Gb Total Space | 113.11 Gb Free Space | 50.93% Space Free | Partition Type: NTFS

    Computer Name: RAZHAR-PC | User Name: Razhar | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [ACDSee Pro 4.Manage] -- "C:\Program Files (x86)\ACD Systems\ACDSee Pro\4.0\ACDSeeQVPro4.exe" "%1" (ACD Systems International Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
    Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
    Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [ACDSee Pro 4.Manage] -- "C:\Program Files (x86)\ACD Systems\ACDSee Pro\4.0\ACDSeeQVPro4.exe" "%1" (ACD Systems International Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
    Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
    Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "AntiVirusDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallDisableNotify" = 0
    "FirewallOverride" = 0
    "UpdatesDisableNotify" = 0
    "UacDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 1
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
    "C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
    "D:\Source\Data Recovery UnErase\Digital Rescue 4 Premium v4.0.0.2E\Digital Rescue 4 Premium v4.0.0.2E\setupDigitaRescue4_Migo_20071109_V4002.exe" = D:\Source\Data Recovery UnErase\Digital Rescue 4 Premium v4.0.0.2E\Digital Rescue 4 Premium v4.0.0.2E\setupDigitaRescue4_Migo_20071109_V4002.exe:*:Enabled:ipsec
    "C:\Users\Razhar\AppData\Local\Google\Update\GoogleUpdate.exe" = C:\Users\Razhar\AppData\Local\Google\Update\GoogleUpdate.exe:*:Enabled:ipsec
    "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" = C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe:*:Enabled:ipsec -- (Intel Corporation)
    "C:\Program Files\Recuva\uninst.exe" = C:\Program Files\Recuva\uninst.exe:*:Enabled:ipsec -- (Piriform Ltd)
    "C:\Users\Razhar\AppData\Local\Temp\~nsu.tmp\Au_.exe" = C:\Users\Razhar\AppData\Local\Temp\~nsu.tmp\Au_.exe:*:Enabled:ipsec
    "C:\Program Files (x86)\Smadav\SM?RTP.exe" = C:\Program Files (x86)\Smadav\SM?RTP.exe:*:Enabled:ipsec -- ()
    "C:\Program Files\Speccy\Speccy.exe" = C:\Program Files\Speccy\Speccy.exe:*:Enabled:ipsec -- (Piriform Ltd)
    "C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
    "C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
    "D:\Source\Data Recovery UnErase\Digital Rescue 4 Premium v4.0.0.2E\Digital Rescue 4 Premium v4.0.0.2E\setupDigitaRescue4_Migo_20071109_V4002.exe" = D:\Source\Data Recovery UnErase\Digital Rescue 4 Premium v4.0.0.2E\Digital Rescue 4 Premium v4.0.0.2E\setupDigitaRescue4_Migo_20071109_V4002.exe:*:Enabled:ipsec
    "C:\Users\Razhar\AppData\Local\Google\Update\GoogleUpdate.exe" = C:\Users\Razhar\AppData\Local\Google\Update\GoogleUpdate.exe:*:Enabled:ipsec
    "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" = C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe:*:Enabled:ipsec -- (Intel Corporation)
    "C:\Program Files\Recuva\uninst.exe" = C:\Program Files\Recuva\uninst.exe:*:Enabled:ipsec -- (Piriform Ltd)
    "C:\Users\Razhar\AppData\Local\Temp\~nsu.tmp\Au_.exe" = C:\Users\Razhar\AppData\Local\Temp\~nsu.tmp\Au_.exe:*:Enabled:ipsec
    "C:\Program Files (x86)\Smadav\SM?RTP.exe" = C:\Program Files (x86)\Smadav\SM?RTP.exe:*:Enabled:ipsec -- ()
    "C:\Program Files\Speccy\Speccy.exe" = C:\Program Files\Speccy\Speccy.exe:*:Enabled:ipsec -- (Piriform Ltd)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
    "{1553D712-B35F-4A82-BC72-D6B11A94BE3E}" = Windows Live Remote Service Resources
    "{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources
    "{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
    "{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
    "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
    "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    "{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
    "{22AB5CFD-B3DB-414E-9F99-4D024CCF1DA6}" = Windows Live Remote Client Resources
    "{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
    "{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
    "{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources
    "{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
    "{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
    "{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources
    "{350FD0E7-175A-4F86-84EF-05B77FCD7161}" = Windows Live Remote Service Resources
    "{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources
    "{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
    "{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources
    "{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}" = Windows Live Remote Service Resources
    "{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
    "{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
    "{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources
    "{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
    "{5F44A3A1-5D24-4708-8776-66B42B174C64}" = Windows Live Remote Client Resources
    "{5FCD6EFE-C2E7-4D77-8212-4BA223D8DF8E}" = Windows Live Remote Client Resources
    "{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
    "{61407251-7F7D-4303-810D-226A04D5CFF3}" = Windows Live Remote Service Resources
    "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
    "{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
    "{66C10F29-31F0-4A9B-B2CF-465F488AE086}" = CorelDRAW Graphics Suite X5 - Windows Shell Extension 64 Bit
    "{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
    "{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
    "{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
    "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{702A632F-99CE-4E2D-B8F2-BF980E9CF62F}" = Windows Live Remote Client Resources
    "{723C8298-C7B0-0409-A1B6-C3BA6F3FFAB1}" = Autodesk 3ds Max 2012 64-bit - English
    "{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
    "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
    "{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
    "{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
    "{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
    "{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
    "{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
    "{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
    "{8F7F2D9C-2DBE-4F10-9C7C-2724110A3339}" = Windows Live Remote Service Resources
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
    "{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{97A295A7-8840-4B35-BB61-27A8F4512CA3}" = Windows Live Remote Service Resources
    "{9E9C960F-7F47-46D5-A95D-950B354DE2B8}" = Windows Live Remote Service Resources
    "{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources
    "{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
    "{A508D5A2-3AC1-4594-A718-A663D6D3CF11}" = Windows Live Remote Service Resources
    "{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
    "{A6E0F6BE-30AC-4D36-97B0-1AC20E23CB83}" = Windows Live Remote Client Resources
    "{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
    "{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
    "{B680A663-1A15-47A5-A07C-7DF9A97558B7}" = Windows Live Remote Client Resources
    "{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
    "{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
    "{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
    "{CFF3C688-2198-4BC3-A399-598226949C39}" = Windows Live Remote Client Resources
    "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
    "{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
    "{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
    "{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
    "{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
    "{D6AB1F5B-FED6-49A9-9747-327BD28FB3C7}" = COMODO Internet Security
    "{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{EA234BC3-39FE-4734-B72F-076086889F6D}" = Composite 2012 64-bit
    "{ED421F97-E1C3-4E78-9F54-A53888215D58}" = Windows Live Remote Client Resources
    "{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
    "{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
    "{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
    "Autodesk 3ds Max 2012 64-bit - English" = Autodesk 3ds Max 2012 64-bit - English
    "Autodesk FBX Plug-in 2012.0 - 3ds Max 2012 64-bit" = Autodesk FBX Plug-in 2012.0 - 3ds Max 2012 64-bit
    "Blender" = Blender
    "CCleaner" = CCleaner
    "Defraggler" = Defraggler
    "HP Imaging Device Functions" = HP Imaging Device Functions 13.0
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
    "HPExtendedCapabilities" = HP Customer Participation Program 13.0
    "HPOCR" = OCR Software by I.R.I.S. 13.0
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Pen Tablet Driver" = Bamboo
    "Recuva" = Recuva
    "Shop for HP Supplies" = Shop for HP Supplies
    "Speccy" = Speccy
    "V-Ray for 3dsmax 2012 for x64" = V-Ray for 3dsmax 2012 for x64
    "WinRAR archiver" = WinRAR 4.01 (64-bit)
    "ZTEWireless-101_is1" = Modem AC2726 UI

    continue..
  24. Razer

    Razer TechSpot Enthusiast Topic Starter Posts: 131   +11

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "_{51DD370C-6690-424E-9674-5F14468B323F}" = Corel Graphics - Windows Shell Extension
    "_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW(R) Graphics Suite X5
    "{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
    "{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
    "{0125DB4D-98A0-4DBF-B68A-23BF08FFA6A3}" = Windows Live Messenger
    "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
    "{03DEEAD2-F3B7-45BF-9006-A25D015F00D2}" = Adobe Flash Player 10 Plugin
    "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
    "{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
    "{0557BBDA-69D3-4FA4-A93C-A5300F7034B4}" = Windows Live Writer
    "{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
    "{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
    "{06B05153-97E4-427E-B1A8-E098F6C5E52F}" = Windows Live Essentials
    "{073F306D-9851-4969-B828-7B6444D07D55}" = Windows Live Photo Common
    "{0785A0B6-07DF-43CF-B147-E1EB4CEA0345}" = Windows Live Messenger
    "{07A6B206-3F11-4D92-92A1-90E116ADD660}" = Angry Birds
    "{08094E03-AFE4-4853-9D31-6D0743DF5328}" = QuickTime
    "{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
    "{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
    "{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live
    "{0A9256E0-C924-46DE-921B-F6C4548A1C64}" = Windows Live Messenger
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
    "{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti
    "{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
    "{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
    "{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
    "{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
    "{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
    "{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
    "{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
    "{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan
    "{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh
    "{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh
    "{1146E8F3-4057-4F46-B39C-D18AB4BB1523}_is1" = Deus Ex - Human Revolution version 1.0
    "{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer
    "{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
    "{120C160F-F53D-4A15-A873-E79BF5B98B48}" = Windows Live Photo Common
    "{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack
    "{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
    "{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
    "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
    "{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
    "{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
    "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
    "{17835B63-8308-427F-8CF5-D76E0D5FE457}" = Windows Live Essentials
    "{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
    "{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima
    "{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
    "{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
    "{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack
    "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
    "{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar
    "{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{20381A8A-808E-4A53-B6CD-AD2B85E16365}" = Windows Live UX Platform Language Pack
    "{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
    "{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack
    "{226F0D93-76DE-4F1C-B14D-DE10443ADB60}" = Windows Live Movie Maker
    "{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
    "{249EE21B-8EDD-4F36-8A23-E580E9DBE80A}" = Windows Live Mail
    "{24D9A3E0-D086-4B62-AF93-63CF6B05CB48}" = CorelDRAW Graphics Suite X5 - Custom Data
    "{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack
    "{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
    "{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
    "{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
    "{260ED378-2B8C-4831-ADAE-D0712D119AC5}" = CorelDRAW Graphics Suite X5 - VSTA
    "{26945917-E053-45F6-AF98-309730CFC318}" = Visual Basic for Applications (R) Core
    "{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 30
    "{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
    "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
    "{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
    "{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
    "{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
    "{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
    "{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
    "{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger
    "{2BA5FD10-653F-4CAF-9CCD-F685082A1DC1}" = Windows Live Writer
    "{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack
    "{2C7E8AA1-9C03-4606-BF34-5D99D07964DA}" = Windows Live Messenger
    "{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
    "{2D3E034E-F76B-410A-A169-55755D2637BB}" = Windows Live Mesh
    "{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
    "{2E87F4AB-99BF-421C-AF7B-365A9C08549A}" = F300
    "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
    "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
    "{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
    "{303143DD-1F6D-4BC5-9342-FFC2E19B2DBD}" = Windows Live Messenger
    "{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
    "{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
    "{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
    "{3472C84E-2FD0-439F-B27F-C290C1E4CD8B}" = CorelDRAW Graphics Suite X5 - Filters
    "{34C4F5AF-D757-4E6A-ABCA-65AB5A50A1A8}" = Windows Live Messenger
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
    "{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
    "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
    "{39BDD209-5704-480C-9F4A-B69D0370DDBB}" = Windows Live Messenger
    "{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
    "{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh
    "{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
    "{3B72C1E0-26A1-40F6-8516-D50C651DFB3C}" = Windows Live Essentials
    "{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
    "{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
    "{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger
    "{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
    "{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2012.0.0
    "{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
    "{3F2A323E-60C4-41E8-8CCB-9715D1D750C3}" = Angry Birds Space
    "{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
    "{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
    "{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
    "{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer
    "{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
    "{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
    "{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials
    "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
    "{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
    "{4444F27C-B1A8-464E-9486-4C37BAB39A09}" = Фотогалерия на Windows Live
    "{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
    "{458F399F-62AC-4747-99F5-499BBF073D29}" = Windows Live Writer Resources
    "{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
    "{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources
    "{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
    "{4736B0ED-F6A1-48EC-A1B7-C053027648F1}" = Galeria fotogràfica del Windows Live
    "{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
    "{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
    "{48F597DD-D397-4CFA-91A0-4C033A0113BD}" = Windows Live Mail
    "{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials
    "{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger
    "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
    "{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
    "{4BF62C05-3943-4ECB-B233-6E37E3FB5BCF}" = ZBrush 4
    "{4C378B16-46B7-4DA1-A2CE-2EE676F74680}" = Windows Live UX Platform Language Pack
    "{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack
    "{4D7BAC8A-51B8-4243-8567-1415C4272D13}" = Windows Live Writer
    "{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
    "{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
    "{50300123-F8FC-4B50-B449-E847D04F1BA2}" = Windows Live Messenger
    "{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
    "{51DD370C-6690-424E-9674-5F14468B323F}" = Corel Graphics - Windows Shell Extension
    "{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
    "{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
    "{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
    "{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
    "{5495E9A4-501A-4D4C-87C9-E80916CA9478}" = Windows Live UX Platform Language Pack
    "{54B8F4A1-02B0-4D32-8F37-925526C0EEC6}" = CorelDRAW Graphics Suite X5 - Connect
    "{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
    "{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
    "{57400C1E-BC51-4ECE-AD2A-A6096204DDEC}" = CorelDRAW Graphics Suite X5 - VBA
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{59123CCF-FED2-46FF-9293-D1DC80042219}" = CorelDRAW Graphics Suite X5 - Redist
    "{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
    "{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
    "{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
    "{5D2E7BD7-4B6F-4086-BA8A-E88484750624}" = Windows Live Writer Resources
    "{5D90ABE5-8A35-4947-8269-6F40BCE47A95}" = Windows Live Messenger
    "{5DA7D148-D2D2-4C67-8444-2F0F9BD88A06}" = Windows Live Writer
    "{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack
    "{5E6D6161-5509-4f55-9372-1E01792F843A}" = F300_Help
    "{5F6E678A-7E61-448A-86CB-BC2AD1E04138}" = Windows Live Messenger
    "{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2
    "{604DF772-D25E-4EFC-B948-3FB393476008}" = Internet Download Manager
    "{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
    "{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
    "{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
    "{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
    "{625D45F0-5DCB-48BF-8770-C240A84DAAEB}" = Windows Live Mesh
    "{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
    "{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}" = CorelDRAW Graphics Suite X5 - Draw
    "{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}" = Nero Multimedia Suite 10 Essentials
    "{63AE67AA-1AB1-4565-B4EF-ABBC5C841E8D}" = Windows Live Messenger
    "{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
    "{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
    "{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
    "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
    "{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
    "{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
    "{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh
    "{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials
    "{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{65420DC9-306E-4371-905F-F4DC3B418E52}" = Autodesk Material Library Base Resolution Image Library 2012
    "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
    "{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
    "{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
    "{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
    "{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6986737B-F286-40D1-87AF-938339DCF6AB}" = Windows Live Messenger
    "{69C9C672-400A-43A0-B2DE-9DB38C371282}" = Windows Live Writer
    "{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources
    "{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
    "{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger
    "{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
    "{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
    "{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
    "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
    "{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
    "{6D30E864-46AE-435B-8230-8B5D42B4AE37}" = Windows Live Messenger
    "{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
    "{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
    "{6EE9F44A-B8C7-4CDB-B2A9-441AF2AE315A}" = Windows Live Messenger
    "{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker
    "{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common
    "{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
    "{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
    "{709E38A9-7F80-4598-96CC-44B0D553FECE}" = Windows Live Messenger
    "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-gateway" = WildTangent Games App (Gateway Games)
    "{71527C7C-5289-4CB2-88C9-23344C0FF6C1}" = Windows Live Movie Maker
    "{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
    "{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
    "{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{7327080F-6673-421F-BBD9-B618F357EEB3}" = Windows Live UX Platform Language Pack
    "{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources
    "{7373E17D-18E0-44A7-AC3A-6A3BFB85D3B3}" = Windows Live Movie Maker
    "{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
    "{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
    "{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
    "{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
    "{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
    "{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
    "{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
    "{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
    "{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
    "{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
    "{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
    "{7AF8E500-B349-4A77-8265-9854E9A47925}" = Windows Live Movie Maker
    "{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
    "{7C2A3479-A5A0-412B-B0E6-6D64CBB9B251}" = Windows Live Photo Common
    "{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources
    "{7D0DE76C-874E-4BDE-A204-F4240160693E}" = Windows Live Photo Common
    "{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
    "{7D926AD2-16D6-42C2-8CA1-AB09E96040BA}" = Windows Live Writer Resources
    "{7D99B933-E29C-4599-92F0-DAED2AF041E3}" = Windows Live Essentials
    "{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
    "{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
    "{7F6021AE-E688-4D03-843A-C2260482BA0D}" = Windows Live Messenger
    "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Gateway Recovery Management
    "{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
    "{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh
    "{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
    "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
    "{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
    "{82803FF3-563F-414F-A403-8D4C167D4120}" = Windows Live Mail
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
    "{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
    "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
    "{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
    "{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
    "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
    "{861B1145-7762-4794-B40C-3FF0A389DFE6}" = Windows Live Photo Gallery
    "{86F444A5-C9B9-41DC-AF28-B5E46F5497C7}" = Windows Live Argazki Galeria
    "{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
    "{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
    "{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
    "{88D4FE78-6EA6-4DFB-9FC2-8BC316F0C2FD}" = ACDSee Pro 4
    "{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8E285C75-9BE2-4349-972B-DECDDF472656}" = Windows Live Writer Resources
    "{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}" = Autodesk Material Library 2012
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
    "{9244E956-5939-4B88-930C-0699D4AB2B95}" = CorelDRAW Graphics Suite X5 - WT
    "{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
    "{93C4B7D5-4E00-491F-BA3E-25B7B63EE7F6}" = Windows Live Mail
    "{93D34EE3-99B3-4DB1-8B0A-0A657466F90D}" = D-Link Connection Manager
    "{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
    "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
    "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
    "{968CB479-6163-415F-A9D3-4489BF07DAFF}" = Sonic Foundry Sound Forge 6.0b
    "{97BE901A-9940-4ACF-9921-A6FAA284AC03}" = THX TruStudio Pro
    "{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria
    "{983F7145-CABF-4EDD-9F3D-E06B2F024BD3}" = CorelDRAW Graphics Suite X5 - FontNav
    "{99BE7F5D-AB52-4404-9E03-4240FFAA7DE9}" = Windows Live Mesh
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
    "{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail
    "{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
    "{9E2C5B0E-7A2D-4767-A9B2-77469FB1873A}" = Windows Live Mesh
    "{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software
    "{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
    "{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
    "{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
    "{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker
    "{A1B04B6B-25BB-48AD-8BD9-D31A86E89F3E}" = CorelDRAW Graphics Suite X5 - PHOTO-PAINT
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
    "{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AB0B2113-5B96-4B95-8AD1-44613384911F}" = Windows Live Mesh
    "{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources
    "{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
    "{ABE2F2AA-7ADC-4717-9573-BF3F83C696AC}" = Windows Live Mail
    "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
    "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
    "{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh
    "{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
    "{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
    "{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh
    "{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
    "{B0AD205F-60D0-4084-AFB8-34D9A706D9A8}" = Windows Live Essentials
    "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
    "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
    "{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
    "{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
    "{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
    "{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
    "{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
    "{B399C91E-96F2-4265-9884-1C9A10E9FCF4}" = CorelDRAW Graphics Suite X5
    "{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer
    "{B5751715-EC10-43D9-8C95-62E1368433EF}" = Autodesk Material Library Medium Resolution Image Library 2012
    "{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
    "{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
    "{B7B67AA5-12DA-4F01-918D-B1BF66779D8A}" = Windows Live Writer Resources
    "{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
    "{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1" = Emsisoft Anti-Malware
    "{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}" = Windows Live Photo Common
    "{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
    "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
    "{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
    "{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
    "{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
    "{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
    "{C01FCACE-CC3D-49A2-ADC2-583A49857C58}" = Windows Live Essentials
    "{C08D5964-C42F-48EE-A893-2396F9562A7C}" = Windows Live Mesh
    "{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
    "{C1C9D199-B4DD-4895-92DD-9A726A2FE341}" = Windows Live Writer
    "{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
    "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
    "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
    "{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail
    "{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
    "{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
    "{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
    "{CA3861BA-1D96-4D66-B577-318E1602C4F3}" = CorelDRAW Graphics Suite X5 - Common
    "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
    "{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
    "{CB66242D-12B1-4494-82D2-6F53A7E024A3}" = Galerie foto Windows Live
    "{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
    "{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
    "{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
    "{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common
    "{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
    "{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW Graphics Suite X5 - Setup Files
    "{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
    "{D07B1FDA-876B-4914-9E9A-309732B6D44F}" = Windows Live Mail
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
    "{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
    "{D54A52A8-DF24-4CE8-850B-074CA47DFA74}" = Windows Live Messenger
    "{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
    "{D596EEA2-C6C8-45D3-89DF-FA2DBE99F829}" = Visual Basic for Applications (R) Core - English
    "{D642FF8D-438D-4545-A1D5-2EDB4BCAE3BA}" = CorelDRAW Graphics Suite X5 - Photozoom Plugin
    "{D6CBB3B2-F510-483D-AE0D-1CF3F43CF1EE}" = Windows Live Writer Resources
    "{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
    "{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer
    "{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
    "{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
    "{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
    "{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer
    "{DDC1E1BD-7615-4186-89E1-F5F43F9B6491}" = Windows Live Movie Maker
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DE6CBC04-8673-4DBA-BA81-07F1639CEB5F}" = CorelDRAW Graphics Suite X5 - IPM
    "{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
    "{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
    "{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
    "{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
    "{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack
    "{DFFCDB41-C2DA-47D6-96FF-03C05C0BEA22}" = biohazard 4
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E34C6AA4-AE8E-4677-912A-92FC2E039DD9}" = CorelDRAW Graphics Suite X5 - EN
    "{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso
    "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
    "{E5377D46-83C5-445A-A1F1-830336B42A10}" = Windows Live Galerija fotografija
    "{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
    "{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
    "{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
    "{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
    "{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
    "{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
    "{E7688C7D-DE09-4D43-9785-534EDE9BC18E}" = Windows Live Messenger
    "{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
    "{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
    "{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
    "{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
    "{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
    "{EA777812-4905-4C08-8F6E-13BDCC734609}" = Windows Live UX Platform Language Pack
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
    "{EDB98D5A-A6FB-425C-BFB7-51A0924B762D}" = CorelDRAW Graphics Suite X5 - Capture
    "{EE171732-BEB4-4576-887D-CB62727F01CA}" = Gateway Updater
    "{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
    "{EE492B20-FB15-4A98-883C-3054354A11F8}" = Windows Live Messenger
    "{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
    "{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
    "{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
    "{F0F5D89A-197C-495B-827E-3E98B811CD2E}" = Windows Live Photo Common
    "{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F13587F7-AA4C-4C2E-AE7D-F33F3CCE57A9}" = Windows Live Messenger
    "{F4BEA6C1-AAC3-4810-AAEA-588E26E0F237}" = Windows Live UX Platform Language Pack
    "{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
    "{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
    "{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
    "{F694D1F7-1F12-4550-9B7A-C871273ABAD5}" = Windows Live Messenger
    "{F6AC5364-2FB7-437a-811A-D645F22AA6AC}" = F300Trb
    "{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
    "{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos
    "{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
    "{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
    "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
    "{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
    "{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
    "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
    "{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail
    "{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
    "{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker
    "{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
    "{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live
    "{FCBC19F7-E068-4B7A-ACBB-CE9CCEB4B21F}" = Windows Live Messenger
    "{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
    "{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
    "{FDC4C499-7B67-4A58-A30B-E1276C26BFEF}" = Angry Birds Seasons
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FE4B83DE-85CF-4DE5-90CE-A2735A0E1F21}" = CorelDRAW Graphics Suite X5 - VideoBrowser
    "{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
    "{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
    "{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
    "{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
    "{FF737490-5A2D-4269-9D82-97DB2F7C0B09}" = Windows Live Movie Maker
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
    "Autodesk 3ds Max 2012 64-bit - English SP2" = Autodesk 3ds Max 2012 64-bit - English SP2
    "Cakewalk VST Adapter 4.3.2" = Cakewalk VST Adapter 4.3.2
    "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
    "Comodo Dragon" = Comodo Dragon
    "DAEMON Tools Lite" = DAEMON Tools Lite
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "Gateway Registration" = Gateway Registration
    "Gateway Screensaver" = Gateway ScreenSaver
    "Gateway Welcome Center" = Welcome Center
    "Hotkey Utility" = Hotkey Utility
    "Identity Card" = Identity Card
    "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
    "InstallShield_{4BF62C05-3943-4ECB-B233-6E37E3FB5BCF}" = ZBrush 4
    "InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
    "InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso
    "KeyShot3_64" = KeyShot3 3.0 64 bit
    "KLiteCodecPack_is1" = K-Lite Mega Codec Pack 7.6.0
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
    "Mobile Partner" = Mobile Partner
    "Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
    "NPP vol 1" = Native Power Pack vol 1 v2.5
    "NPP vol 2" = Native Power Pack vol 2 v2.5
    "n-Track Studio" = n-Track Studio
    "Office14.Click2Run" = Microsoft Office Click-to-Run 2010
    "Orbit_is1" = Orbit Downloader
    "PC Wizard 2010_is1" = PC Wizard 2010.1.96
    "Registry Mechanic_is1" = PC Tools Registry Mechanic 11.0
    "Runic Games Torchlight" = Torchlight
    "SONAR 3 Producer Edition" = SONAR 3 Producer Edition
    "Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
    "Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
    "WildTangent gateway Master Uninstall" = Gateway Games
    "Winamp" = Winamp
    "WinLiveSuite" = Windows Live Essentials
    "WTA-1498d8c8-b37a-45fb-a024-8ecd55b40aee" = Polar Bowler
    "WTA-14e75a1b-7418-492c-b145-8e59f0d19e65" = Diner Dash 2 Restaurant Rescue
    "WTA-264c4a12-999f-47ab-a65a-6b4d7deb7a54" = Plants vs. Zombies - Game of the Year
    "WTA-30171914-2fde-4b23-b9b9-a0de801e2528" = Virtual Villagers - The Secret City
    "WTA-4e50aa4c-7276-4735-932a-7a5fa11724d0" = FATE
    "WTA-63c83e4d-07b6-4e82-aa28-548547c4040e" = John Deere Drive Green
    "WTA-749b48ba-2b55-4b4b-b3b5-eb36d7957489" = Chuzzle Deluxe
    "WTA-8672e041-18e7-4c25-9d14-e9abb95bf142" = Crazy Chicken Kart 2
    "WTA-8d9bdfab-654e-4abc-a2cc-45207414f58b" = Wedding Dash
    "WTA-98f73a44-9d70-4474-82f8-10661912be37" = Mystery P.I. - The London Caper
    "WTA-ac491c27-0c06-411d-8c6f-d2d1de736372" = Zuma Deluxe
    "WTA-c9254464-8ff8-4471-9fd2-5707fbc4d323" = Penguins!
    "WTA-d08aa8b8-e085-4f61-944a-5a4349d6624d" = Bejeweled 2 Deluxe
    "WTA-d9c82495-9f40-402c-a256-92c16699ce39" = Agatha Christie - 4:50 from Paddington
    "Yahoo! Messenger" = Yahoo! Messenger

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Google Chrome" = Google Chrome
    "SmartDraw 2009" = SmartDraw 2009
    "Winamp Detect" = Winamp Detector Plug-in

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 12/31/2011 10:58:58 AM | Computer Name = Razhar-PC | Source = TabletServicePen | ID = 1
    Description =

    Error - 12/31/2011 11:00:15 AM | Computer Name = Razhar-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 12/31/2011 11:46:08 AM | Computer Name = Razhar-PC | Source = CVHSVC | ID = 100
    Description = Information only. Error: The connection with the server was terminated
    abnormally ErrorCode: 14007(0x36b7).

    Error - 12/31/2011 1:39:20 PM | Computer Name = Razhar-PC | Source = TabletServicePen | ID = 1
    Description =

    Error - 12/31/2011 1:40:37 PM | Computer Name = Razhar-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 12/31/2011 1:58:19 PM | Computer Name = Razhar-PC | Source = CVHSVC | ID = 100
    Description = Information only. Error: The operation timed out ErrorCode: 14007(0x36b7).


    Error - 12/31/2011 2:37:44 PM | Computer Name = Razhar-PC | Source = TabletServicePen | ID = 1
    Description =

    Error - 12/31/2011 2:39:00 PM | Computer Name = Razhar-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 12/31/2011 2:47:47 PM | Computer Name = Razhar-PC | Source = CVHSVC | ID = 100
    Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}):
    DownloadLatest Failed: There are currently no active network connections. Background
    Intelligent Transfer Service (BITS) will try again when an adapter is connected.


    Error - 12/31/2011 10:13:58 PM | Computer Name = Razhar-PC | Source = WinMgmt | ID = 10
    Description =

    [ System Events ]
    Error - 4/4/2012 3:58:24 PM | Computer Name = Razhar-PC | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 4/4/2012 3:58:31 PM | Computer Name = Razhar-PC | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 4/4/2012 4:00:35 PM | Computer Name = Razhar-PC | Source = volsnap | ID = 393241
    Description = The shadow copies of volume C: were deleted because the shadow copy
    storage could not grow in time. Consider reducing the IO load on the system or
    choose a shadow copy storage volume that is not being shadow copied.

    Error - 4/4/2012 4:00:41 PM | Computer Name = Razhar-PC | Source = Service Control Manager | ID = 7000
    Description = The HWDeviceService64.exe service failed to start due to the following
    error: %%2

    Error - 4/4/2012 4:00:45 PM | Computer Name = Razhar-PC | Source = Service Control Manager | ID = 7001
    Description = The Windows Image Acquisition (WIA) service depends on the Shell Hardware
    Detection service which failed to start because of the following error: %%1058

    Error - 4/4/2012 4:00:46 PM | Computer Name = Razhar-PC | Source = Service Control Manager | ID = 7023
    Description = The Windows Defender service terminated with the following error:
    %%126

    Error - 4/4/2012 4:01:09 PM | Computer Name = Razhar-PC | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    luafv TfFsMon TFSysMon

    Error - 4/4/2012 5:57:17 PM | Computer Name = Razhar-PC | Source = Service Control Manager | ID = 7000
    Description = The HWDeviceService64.exe service failed to start due to the following
    error: %%2

    Error - 4/4/2012 5:57:21 PM | Computer Name = Razhar-PC | Source = Service Control Manager | ID = 7001
    Description = The Windows Image Acquisition (WIA) service depends on the Shell Hardware
    Detection service which failed to start because of the following error: %%1058

    Error - 4/4/2012 5:57:46 PM | Computer Name = Razhar-PC | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    luafv TfFsMon TFSysMon


    < End of report >
  25. Broni

    Broni Malware Annihilator Posts: 46,164   +251

    Uninstall
    .
    Registry cleaners/optimizers are not recommended for several reasons:

    • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

      The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
    • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
    • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
    • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
    • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".
    Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.


    ====================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      MOD - [2012/03/09 21:32:47 | 001,503,232 | ---- | M] () -- C:\Program Files (x86)\Smadav\SM?RTP.exe
      O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
      O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      O3 - HKU\S-1-5-21-2140435408-939192104-1354380877-1000\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
      O3 - HKU\S-1-5-21-2140435408-939192104-1354380877-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
      @Alternate Data Stream - 179 bytes -> C:\ProgramData\Temp:D1B5B4F1
      @Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:CB0AACC9
      @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:DFC5A2B2
      @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84
      @Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:0D786AE3
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ====================================================================

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it.
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.
    • Do NOT post JavaRa log.

    ====================================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.