Solved Need help, I'm in panic. Detected Trojan by Comodo Internet Security

R

Razer

Posts: 126   +14
about 2-3 days ago, I use remote access (via TeamViewer) to remotely repair my friend's laptop, after that, my pc is

running a bit slow, and detected several virus trojan, later I know it;s infected from my friend's laptop. Then, I scan

(full scan) my PC with Comodo Internet Security premium (detected 106 threats), Emsisoft antimalware, Malwarebytes.. now,

Malwarebyte only show 1 virus but still exist even after reboot my computer.

Even my PC is now running fine, but, I'm still worried since this PC is full of my father's work inside
please help me, I'm in panic right now..

Okay this is all log reports:


Malwarebytes Anti-Malware (PRO) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.04.03.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Razhar :: RAZHAR-PC [administrator]

Protection: Enabled

04/04/2012 1:58:55
mbam-log-2012-04-04 (01-58-55).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 205922
Time elapsed: 7 minute(s), 11 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|15354 (Trojan.Agent) -> Data: C:

\PROGRA~3\LOCALS~1\Temp\msaeod.cmd -> Delete on reboot.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

This is the virus (registry?) that still persist even after restart that I mentioned before.
When I open (double click) the GMER it automatically run scan, then less than 10seconds, it just stop scan and doesn't

generate any report. Then I manually click scan, and this is the result:


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-04-04 02:28:56
Windows 6.1.7601 Service Pack 1
Running: gmer.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\68a3c4cbf2bc




Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\68a3c4cbf2bc@8c541d98ca90



0x3B 0xDC 0xE4 0x82 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\68a3c4cbf2bc (not active ControlSet)




Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\68a3c4cbf2bc@8c541d98ca90



0x3B 0xDC 0xE4 0x82 ...

---- Files - GMER 1.0.15 ----

File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\952D5E36-272D-4943-8101-EC0B24BEEBB8.data.info



250 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\05B83C1F-F0B5-422F-8185-0576A3586DA6.data



25911874 bytes executable
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\05B83C1F-F0B5-422F-8185-0576A3586DA6.data.info



272 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\376E1F02-D011-40B8-A490-CD9C9262C69F.data



607260 bytes executable
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\376E1F02-D011-40B8-A490-CD9C9262C69F.data.info



112 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\41E13CAD-D35A-4FC2-B08E-B3CC8B944F92.data



39198432 bytes executable
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\41E13CAD-D35A-4FC2-B08E-B3CC8B944F92.data.info



160 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\42392354-93DE-4028-B43D-B14BA876AB02.data



92216 bytes executable
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\42392354-93DE-4028-B43D-B14BA876AB02.data.info



260 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\4809DADA-E877-4D56-8818-324BB274A310.data



557765 bytes executable
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\4809DADA-E877-4D56-8818-324BB274A310.data.info



182 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\48542729-D1B6-48C6-BA1B-98A8C4C64ACA.data



25911874 bytes executable
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\48542729-D1B6-48C6-BA1B-98A8C4C64ACA.data.info



172 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\5C003F49-1CD1-423A-9F54-BF00DB28144F.data



32561152 bytes executable
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\5C003F49-1CD1-423A-9F54-BF00DB28144F.data.info



198 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\622D9A4E-ECF8-4B3E-9818-1FE726C45E15.data



92216 bytes executable
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\622D9A4E-ECF8-4B3E-9818-1FE726C45E15.data.info



250 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\952D5E36-272D-4943-8101-EC0B24BEEBB8.data



92216 bytes executable
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\DB7B2DEF-6D46-49B3-94B5-B1E51A1E59AA.data



4107248 bytes executable
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\DB7B2DEF-6D46-49B3-94B5-B1E51A1E59AA.data.info



272 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\E38E15E9-EA74-4A09-9227-D8E99F61E597.data



92216 bytes executable
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\E38E15E9-EA74-4A09-9227-D8E99F61E597.data.info



250 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\E4679DB6-663F-4992-9923-234CF7C81E91.data



7974400 bytes executable
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\E4679DB6-663F-4992-9923-234CF7C81E91.data.info



214 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\E808217F-7EC4-4638-A5D2-A2D9B6752BF6.data



92216 bytes executable
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\E808217F-7EC4-4638-A5D2-A2D9B6752BF6.data.info



250 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\F547578D-D381-4216-ACF9-35F2829DE49C.data



3417496 bytes executable
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\F547578D-D381-4216-ACF9-35F2829DE49C.data.info



174 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Temp



0 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Temp\baseupd



0 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Users\Razhar\Downloads\Anime Lyrics dot Com - Kugutsu Uta--Ura

Mite Chiru - The Ballade of Puppets Flowers Grieve and Fall - Ghost in the Shell; Ghost in the Shell Stand Alone Complex;

Koukaku Kidoutai latin - Anime_files\AL-W1IzU3RT.js 169248 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Users\Razhar\Downloads\Anime Lyrics dot Com - Kugutsu Uta--Ura

Mite Chiru - The Ballade of Puppets Flowers Grieve and Fall - Ghost in the Shell; Ghost in the Shell Stand Alone Complex;

Koukaku Kidoutai latin - Anime_files\alcom.js 4094 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Users\Razhar\Downloads\Anime Lyrics dot Com - Kugutsu Uta--Ura

Mite Chiru - The Ballade of Puppets Flowers Grieve and Fall - Ghost in the Shell; Ghost in the Shell Stand Alone Complex;

Koukaku Kidoutai latin - Anime_files\all.js 149557 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Users\Razhar\Downloads\Anime Lyrics dot Com - Kugutsu Uta--Ura

Mite Chiru - The Ballade of Puppets Flowers Grieve and Fall - Ghost in the Shell; Ghost in the Shell Stand Alone Complex;

Koukaku Kidoutai latin - Anime_files\quant.js 5299 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Users\Razhar\Downloads\Anime Lyrics dot Com - Kugutsu Uta--Ura

Mite Chiru - The Ballade of Puppets Flowers Grieve and Fall - Ghost in the Shell; Ghost in the Shell Stand Alone Complex;

Koukaku Kidoutai latin - Anime_files\show_ads.js 13115 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Users\Razhar\Downloads\Anime Lyrics dot Com - Kugutsu Uta--Ura

Mite Chiru - The Ballade of Puppets Flowers Grieve and Fall - Ghost in the Shell; Ghost in the Shell Stand Alone Complex;

Koukaku Kidoutai latin - Anime_files\supernote.js 7378 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Users\Razhar\Downloads\Anime Lyrics dot Com - Kugutsu Uta--Ura

Mite Chiru - The Ballade of Puppets Flowers Grieve and Fall - Ghost in the Shell; Ghost in the Shell Stand Alone Complex;

Koukaku Kidoutai latin - Anime_files\swfobject.js 6880 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Users\Razhar\Downloads\Anime Lyrics dot Com - Kugutsu Uta--Ura

Mite Chiru - The Ballade of Puppets Flowers Grieve and Fall - Ghost in the Shell; Ghost in the Shell Stand Alone Complex;

Koukaku Kidoutai latin - Anime_files\urchin.js 22678 bytes

---- EOF - GMER 1.0.15 ----
 
This is DDS Log


DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_30
Run by Razhar at 2:36:11 on 2012-04-04
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.62.1033.18.1992.492 [GMT 7:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Advanced System Optimizer 3\ASO3DefragSrv64.exe
C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\taskhost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\Modem AC2726 UI\bin\MonServiceUDisk64.exe
C:\OEM\USBDECTION\USBS3S4Detection.exe
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe
C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\Razhar\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Razhar\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Razhar\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Razhar\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Razhar\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Razhar\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Razhar\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Modem AC2726 UI\bin\App.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Razhar\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Razhar\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\explorer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = my.daemon-search.com
uDefault_Page_URL = hxxp://gateway.msn.com
mDefault_Page_URL = hxxp://gateway.msn.com
mStart Page = hxxp://gateway.msn.com
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~3\Office12\GR469A~1.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
{555d4d79-4bd2-4094-a395-cfc534424a05}
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [SM?RT-Protection] C:\Program Files (x86)\Smadav\SM?RTP.exe rtp
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" /r
mRun: [Hotkey Utility] C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [emsisoft anti-malware] "c:\program files (x86)\emsisoft anti-malware\a2guard.exe" /d=60
mExplorerRun: [15354] C:\PROGRA~3\LOCALS~1\Temp\msaeod.cmd
uPolicies-explorer: HideSCAHealth = 1 (0x1)
uPolicies-explorer: NoInstrumentation = 1
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~3\Office12\GRA32A~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~3\Office12\GR469A~1.DLL
BHO-X64: Octh Class: {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
BHO-X64: btorbit.com - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office12\GR469A~1.DLL
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: Grab Pro: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB-X64: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" /r
mRun-x64: [Hotkey Utility] C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [emsisoft anti-malware] "c:\program files (x86)\emsisoft anti-malware\a2guard.exe" /d=60
AppInit_DLLs-X64: C:\Windows\SysWOW64\guard32.dll
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office12\GR469A~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Razhar\AppData\Roaming\Mozilla\Firefox\Profiles\o2c60my7.default\
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Razhar\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
.
============= SERVICES / DRIVERS ===============
.
R1 A2DDA;A2 Direct Disk Access Support Driver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2012-3-30 23208]
R1 a2injectiondriver;a2injectiondriver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [2012-3-30 41728]
R1 a2util;a-squared Malware-IDS utility driver;C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [2012-3-30 14720]
R1 cmderd;COMODO Internet Security Eradication Driver;C:\Windows\system32\DRIVERS\cmderd.sys --> C:\Windows\system32\DRIVERS\cmderd.sys [?]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys --> C:\Windows\system32\DRIVERS\cmdguard.sys [?]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys --> C:\Windows\system32\DRIVERS\cmdhlp.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [2012-3-30 3025112]
R2 ASO3DiskOptimizer;ASO3DiskOptimizer;C:\Program Files (x86)\Advanced System Optimizer 3\ASO3DefragSrv64.exe [2012-3-31 263480]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]
R2 DragonUpdater;COMODO Dragon Update Service;C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2012-3-28 407288]
R2 GREGService;GREGService;C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe [2010-1-8 23584]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-4-22 13336]
R2 Live Updater Service;Live Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2011-4-22 244624]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-3-15 652360]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-5 503080]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2012-3-16 793048]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-2 483688]
R2 TabletServicePen;TabletServicePen;C:\Program Files\Tablet\Pen\Pen_Tablet.exe [2011-12-28 5790064]
R2 TouchServicePen;Wacom Consumer Touch Service;C:\Program Files\Tablet\Pen\Pen_TouchService.exe [2011-12-28 487280]
R2 UDisk Monitor;UDisk Monitor;C:\Program Files\Modem AC2726 UI\bin\MonServiceUDisk64.exe [2012-1-29 407040]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-7-13 2656280]
R2 USBS3S4Detection;USBS3S4Detection;C:\OEM\USBDECTION\USBS3S4Detection.exe [2011-4-22 76320]
R3 a2acc;a2acc;C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys [2012-3-30 63880]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
R3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys --> C:\Windows\system32\DRIVERS\e1c62x64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MBfilt;MBfilt;C:\Windows\system32\drivers\MBfilt64.sys --> C:\Windows\system32\drivers\MBfilt64.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;C:\Windows\system32\DRIVERS\RTL8192su.sys --> C:\Windows\system32\DRIVERS\RTL8192su.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-2 209768]
R3 ztemtusbser;ZTEMT Legacy Serial Communication;C:\Windows\system32\DRIVERS\CT_ZTEMT_U_USBSER.sys --> C:\Windows\system32\DRIVERS\CT_ZTEMT_U_USBSER.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 HWDeviceService64.exe;HWDeviceService64.exe;C:\ProgramData\DatacardService\HWDeviceService64.exe -/service --> C:\ProgramData\DatacardService\HWDeviceService64.exe -/service [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-30 253600]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-2 183560]
S3 cpuz134;cpuz134;C:\Program Files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys [2011-9-19 21480]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-12-27 1431888]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-13 206072]
S3 HSPADataCardusbmdm;HSPADataCard Proprietary USB Driver;C:\Windows\system32\DRIVERS\HSPADataCardusbmdm.sys --> C:\Windows\system32\DRIVERS\HSPADataCardusbmdm.sys [?]
S3 HSPADataCardusbnmea;HSPADataCard NMEA Port;C:\Windows\system32\DRIVERS\HSPADataCardusbnmea.sys --> C:\Windows\system32\DRIVERS\HSPADataCardusbnmea.sys [?]
S3 HSPADataCardusbser;HSPADataCard Diagnostic Port;C:\Windows\system32\DRIVERS\HSPADataCardusbser.sys --> C:\Windows\system32\DRIVERS\HSPADataCardusbser.sys [?]
S3 massfilter;Mass Storage Filter Driver;C:\Windows\system32\drivers\massfilter.sys --> C:\Windows\system32\drivers\massfilter.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 teamviewervpn;TeamViewer VPN Adapter;C:\Windows\system32\DRIVERS\teamviewervpn.sys --> C:\Windows\system32\DRIVERS\teamviewervpn.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 wacmoumonitor;Wacom Mode Helper;C:\Windows\system32\DRIVERS\wacmoumonitor.sys --> C:\Windows\system32\DRIVERS\wacmoumonitor.sys [?]
S4 mi-raysat_3dsmax2012_64;mental ray 3.9 Satellite for Autodesk 3ds Max 2012 64-bit - English 64-bit;C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [2011-2-22 86016]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2012-04-03 18:26:45 7680 ----a-w- C:\Windows\17425030.exe
2012-04-02 21:13:40 -------- d-----w- C:\Program Files (x86)\Trojan Remover
2012-04-02 16:32:37 -------- d-----w- C:\Program Files (x86)\PC Tools Security
2012-04-02 12:03:13 0 ----a-w- C:\Windows\SysWow64\sho31F9.tmp
2012-04-02 10:55:48 -------- d-----w- C:\Windows\Digital Rescue 4 Premium
2012-04-02 08:40:19 -------- d-----w- C:\Program Files\Diskeeper Corporation
2012-04-01 20:08:49 -------- d-----w- C:\Program Files\CCleaner
2012-04-01 16:00:03 -------- d-----w- C:\Users\Razhar\AppData\Roaming\TeamViewer
2012-04-01 15:52:51 35112 ----a-w- C:\Windows\System32\drivers\teamviewervpn.sys
2012-04-01 15:52:49 -------- d-----w- C:\Program Files (x86)\TeamViewer
2012-04-01 13:58:02 0 ----a-w- C:\Windows\SysWow64\sho3708.tmp
2012-04-01 08:23:42 -------- d-----w- C:\Windows\pss
2012-04-01 08:17:36 -------- d-----w- C:\ProgramData\WEBREG
2012-04-01 08:16:54 -------- d-----w- C:\Users\Razhar\AppData\Local\HP
2012-04-01 08:12:52 -------- d-----w- C:\Program Files (x86)\Common Files\Hewlett-Packard
2012-04-01 08:12:45 -------- d-----w- C:\Program Files (x86)\Common Files\HP
2012-04-01 08:11:16 -------- d-----w- C:\Program Files (x86)\HP
2012-04-01 08:09:22 642360 ----a-w- C:\Windows\System32\hpzids40.dll
2012-04-01 08:09:21 861184 ----a-w- C:\Windows\System32\hpowiav1.dll
2012-04-01 08:09:21 730624 ----a-w- C:\Windows\System32\hpotscl1.dll
2012-04-01 08:09:21 498176 ----a-w- C:\Windows\System32\hpovst01.dll
2012-04-01 08:00:55 -------- d-----w- C:\Users\Razhar\AppData\Roaming\Babylon
2012-04-01 08:00:55 -------- d-----w- C:\ProgramData\Babylon
2012-03-31 19:21:57 29336 ----a-w- C:\Windows\cscmondump.bin
2012-03-31 15:51:28 18744 ----a-w- C:\Windows\System32\roboot64.exe
2012-03-31 15:51:28 16896 ----a-w- C:\Windows\System32\sasnative64.exe
2012-03-31 15:50:54 -------- d-----w- C:\Program Files (x86)\Advanced System Optimizer 3
2012-03-31 15:02:14 -------- d-----w- C:\Windows\Repair
2012-03-31 15:00:25 -------- d-----w- C:\Users\Razhar\AppData\Roaming\Systweak
2012-03-31 15:00:25 -------- d-----w- C:\ProgramData\Systweak
2012-03-30 14:44:21 0 ----a-w- C:\Windows\SysWow64\sho7CF1.tmp
2012-03-30 12:56:02 -------- d-----w- C:\Program Files (x86)\Emsisoft Anti-Malware
2012-03-29 18:12:37 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-03-29 09:19:05 -------- d-----w- C:\Smadav
2012-03-23 18:00:42 0 ----a-w- C:\Windows\SysWow64\shoFC5E.tmp
2012-03-23 11:52:57 -------- d--h--w- C:\VritualRoot
2012-03-23 11:11:49 -------- d-----w- C:\Program Files\COMODO
2012-03-16 08:15:21 -------- d-----w- C:\Users\Razhar\AppData\Roaming\Registry Mechanic
2012-03-16 08:09:54 880640 ----a-w- C:\Windows\SysWow64\UniBox10.ocx
2012-03-16 08:09:54 658432 ----a-w- C:\Windows\SysWow64\MSCOMCT2.OCX
2012-03-16 08:09:54 512472 ----a-w- C:\Windows\SysWow64\msxml.dll
2012-03-16 08:09:54 40408 ----a-w- C:\Windows\System32\CleanMFT64.exe
2012-03-16 08:09:54 212992 ----a-w- C:\Windows\SysWow64\UniBoxVB12.ocx
2012-03-16 08:09:54 1101824 ----a-w- C:\Windows\SysWow64\UniBox210.ocx
2012-03-16 07:47:31 -------- d-----w- C:\Users\Razhar\AppData\Roaming\Product_RM
2012-03-16 07:47:31 -------- d-----w- C:\ProgramData\PC Tools
2012-03-16 07:23:24 44544 ----a-w- C:\Windows\SysWow64\msxml4a.dll
2012-03-16 07:23:22 108056 ----a-w- C:\Windows\SysWow64\drivers\PCTDMDefrag.sys
2012-03-16 06:25:02 0 ----a-w- C:\Windows\SysWow64\sho4CBA.tmp
2012-03-15 18:50:08 -------- d-----w- C:\ProgramData\Comodo
2012-03-15 18:45:19 -------- d-----w- C:\Users\Razhar\AppData\Local\Comodo
2012-03-15 18:25:12 -------- d-----w- C:\ProgramData\CPA_VA
2012-03-15 18:16:21 -------- d-----w- C:\Program Files (x86)\Comodo
2012-03-15 15:31:50 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-15 15:31:50 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-03-15 10:09:30 767952 ----a-w- C:\Windows\BDTSupport.dll0352.old
2012-03-15 10:09:30 2246608 ----a-w- C:\Windows\PCTBDCore.dll0352.old
2012-03-15 10:09:30 149456 ----a-w- C:\Windows\SGDetectionTool.dll0352.old
2012-03-13 11:20:41 -------- d-----w- C:\Users\Razhar\AppData\Local\ElevatedDiagnostics
2012-03-13 09:50:30 -------- d-----w- C:\Users\Razhar\AppData\Local\Apps
2012-03-12 09:58:28 1409 ----a-w- C:\Windows\QTFont.for
2012-03-11 18:42:22 -------- d-----w- C:\Users\Razhar\AppData\Roaming\runic games
2012-03-11 14:13:42 577824 ----a-w- C:\Windows\System32\drivers\cmdGuard.sys
2012-03-11 14:13:42 43248 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys
2012-03-11 14:13:40 22696 ----a-w- C:\Windows\System32\drivers\cmderd.sys
2012-03-11 14:13:22 41200 ----a-w- C:\Windows\System32\cmdcsr.dll
2012-03-11 14:13:20 301224 ----a-w- C:\Windows\SysWow64\guard32.dll
2012-03-11 14:13:18 389840 ----a-w- C:\Windows\System32\guard64.dll
2012-03-11 06:14:34 -------- d-----w- C:\Users\Razhar\AppData\Roaming\isoburnerdata
2012-03-10 14:24:09 -------- d-----w- C:\Users\Razhar\AppData\Roaming\PCTools
2012-03-10 11:50:58 -------- d-----w- C:\Users\Razhar\AppData\Roaming\PC Tools
2012-03-10 07:13:15 -------- d-----w- C:\Users\Razhar\AppData\Roaming\Malwarebytes
2012-03-10 07:13:03 -------- d-----w- C:\ProgramData\Malwarebytes
2012-03-10 06:07:34 -------- d-----w- C:\Program Files (x86)\PC Tools
2012-03-09 19:37:25 230952 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys
2012-03-09 19:37:25 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2012-03-09 19:00:06 -------- d-----w- C:\Users\Razhar\AppData\Roaming\TestApp
2012-03-08 16:48:22 0 ----a-w- C:\Windows\SysWow64\shoFFB3.tmp
2012-03-06 11:12:58 -------- d-----w- C:\Users\Razhar\AppData\Local\{C4C8F44E-D517-4F98-96BC-DE9FFBDF89C3}
2012-03-06 11:11:22 -------- d-----w- C:\Users\Razhar\AppData\Local\{E37E037F-F93F-4CF0-B779-0E99BB351CB7}
2012-03-06 10:44:09 -------- d-----w- C:\Users\Razhar\AppData\Local\{9323FA31-4E95-4A2F-B319-082C04B3413A}
2012-03-06 10:44:09 -------- d-----w- C:\Users\Razhar\AppData\Local\{2DD6BE9A-8A6F-4323-9AF1-A16095E96797}
.
==================== Find3M ====================
.
2012-03-29 18:12:37 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-12 10:42:30 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2012-03-12 10:42:30 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2012-03-12 10:42:30 29480 ----a-w- C:\Windows\SysWow64\msxml3a.dll
.
============= FINISH: 2:37:19,36 ===============
 
And, this is Attach log from DDS

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 16/09/2011 15:20:03
System Uptime: 04/04/2012 2:09:07 (0 hours ago)
.
Motherboard: Gateway | | ZX6960
Processor: Intel(R) Core(TM) i3-2100 CPU @ 3.10GHz | CPU 1 | 3100/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 226 GiB total, 124,484 GiB free.
D: is FIXED (NTFS) - 222 GiB total, 113,062 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is Removable
H: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP49: 31/03/2012 22:02:47 - Advanced System Optimizer - First Install
RP50: 31/03/2012 22:08:50 - Advanced System Optimizer - First Install
RP51: 31/03/2012 23:05:27 - Advanced System Optimizer - First Install
RP52: 02/04/2012 3:15:24 - Advanced System Optimizer - Registry Cleaner
RP53: 02/04/2012 15:59:41 - Installed Diskeeper 2011.
RP54: 02/04/2012 22:38:54 - Removed Diskeeper 2011.
.
==== Installed Programs ======================
.
???? ??? Windows Live
???? Windows Live
????? Windows Live
?????? ??????? ?? Windows Live
???????? ?????????? Windows Live
?????????? Windows Live
??????????? ?? Windows Live
ACDSee Pro 4
Acrobat.com
Adobe After Effects CS4
Adobe After Effects CS4 Presets
Adobe After Effects CS4 Third Party Content
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles AE CS4
Adobe Color Video Profiles CS CS4
Adobe Creative Suite 4 Master Collection
Adobe CS4 American English Speech Analysis Models
Adobe CSI CS4
Adobe Default Language CS4
Adobe Dynamiclink Support
Adobe Encore CS4 Codecs
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash CS4 STI-en
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Illustrator CS4
Adobe Linguistics CS4
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Additional Exporter
Adobe Media Encoder CS4 Dolby
Adobe Media Encoder CS4 Exporter
Adobe Media Encoder CS4 Importer
Adobe Media Player
Adobe MotionPicture Color Files CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4 Support
Adobe Premiere Pro CS4
Adobe Premiere Pro CS4 Functional Content
Adobe Premiere Pro CS4 Third Party Content
Adobe Reader 9.1 MUI
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Soundbooth CS4 Codecs
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Advanced System Optimizer
Agatha Christie - 4:50 from Paddington
AIO_CDB_ProductContext
AIO_CDB_Software
AIO_Scan
Angry Birds
Angry Birds Seasons
Angry Birds Space
Autodesk 3ds Max 2012 64-bit - English SP2
Autodesk Backburner 2012.0.0
Autodesk Material Library 2012
Autodesk Material Library Base Resolution Image Library 2012
Autodesk Material Library Medium Resolution Image Library 2012
Bejeweled 2 Deluxe
Bing Bar
biohazard 4
BufferChm
Cakewalk VST Adapter 4.3.2
Chuzzle Deluxe
Comodo Dragon
Connect
Copy
Corel Graphics - Windows Shell Extension
CorelDRAW Graphics Suite X5
CorelDRAW Graphics Suite X5 - Capture
CorelDRAW Graphics Suite X5 - Common
CorelDRAW Graphics Suite X5 - Connect
CorelDRAW Graphics Suite X5 - Custom Data
CorelDRAW Graphics Suite X5 - Draw
CorelDRAW Graphics Suite X5 - EN
CorelDRAW Graphics Suite X5 - Filters
CorelDRAW Graphics Suite X5 - FontNav
CorelDRAW Graphics Suite X5 - IPM
CorelDRAW Graphics Suite X5 - PHOTO-PAINT
CorelDRAW Graphics Suite X5 - Photozoom Plugin
CorelDRAW Graphics Suite X5 - Redist
CorelDRAW Graphics Suite X5 - Setup Files
CorelDRAW Graphics Suite X5 - VBA
CorelDRAW Graphics Suite X5 - VideoBrowser
CorelDRAW Graphics Suite X5 - VSTA
CorelDRAW Graphics Suite X5 - WT
CorelDRAW(R) Graphics Suite X5
Crazy Chicken Kart 2
Crysis® 2
CyberLink MediaEspresso
CyberLink PowerDVD 10
CyberLink YouCam
D-Link Connection Manager
D3DX10
DAEMON Tools Lite
Destinations
Deus Ex - Human Revolution version 1.0
DeviceDiscovery
Diner Dash 2 Restaurant Rescue
DocProc
Emsisoft Anti-Malware
F300
F300_Help
F300Trb
FATE
Fax
Fotogalerija Windows Live
Galeria de Fotografias do Windows Live
Galeria fotografii uslugi Windows Live
Galeria fotogràfica del Windows Live
Galerie de photos Windows Live
Galerie foto Windows Live
Galería fotográfica de Windows Live
Gateway Games
Gateway Recovery Management
Gateway Registration
Gateway ScreenSaver
Gateway Updater
Google Chrome
GPBaseService2
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
Hotkey Utility
HP Update
HPPhotoGadget
HPProductAssistant
HPSSupply
Identity Card
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
Internet Download Manager
Java Auto Updater
Java(TM) 6 Update 30
John Deere Drive Green
Junk Mail filter update
K-Lite Mega Codec Pack 7.6.0
KeyShot3 3.0 64 bit
kuler
Malwarebytes Anti-Malware version 1.60.1.1000
MarketResearch
Mesh Runtime
Microsoft Office 2010
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Click-to-Run 2010
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Starter 2010 - English
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual Studio Tools for Applications 2.0 - ENU
Microsoft Visual Studio Tools for Applications 2.0 Runtime
Mobile Partner
Mozilla Firefox 9.0.1 (x86 en-US)
MSVCRT
MSVCRT_amd64
Mystery P.I. - The London Caper
n-Track Studio
Native Power Pack vol 1 v2.5
Native Power Pack vol 2 v2.5
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero DiscSpeed 10
Nero DiscSpeed 10 Help (CHM)
Nero Express 10
Nero Express 10 Help (CHM)
Nero Multimedia Suite 10 Essentials
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nero Update
Orbit Downloader
PC Tools Registry Mechanic 11.0
PC Wizard 2010.1.96
PDF Settings CS4
Penguins!
Photoshop Camera Raw
Pixel Bender Toolkit
Plants vs. Zombies - Game of the Year
Poczta uslugi Windows Live
Podstawowe programy Windows Live
Polar Bowler
Pošta Windows Live
QuickTime
Raccolta foto di Windows Live
Realtek High Definition Audio Driver
S?????? f?t???af??? t?? Windows Live
Scan
SmartDraw 2009
SolutionCenter
SONAR 3 Producer Edition
Sonic Foundry Sound Forge 6.0b
Status
Suite Shared Configuration CS4
THX TruStudio Pro
Toolbox
Torchlight
TrayApp
UnloadSupport
Update Installer for WildTangent Games App
Virtual Villagers - The Secret City
Visual Basic for Applications (R) Core
Visual Basic for Applications (R) Core - English
WebReg
WebTablet IE Plugin
WebTablet Netscape Plugin
Wedding Dash
Welcome Center
WildTangent Games App (Gateway Games)
Winamp
Winamp Detector Plug-in
Windows Live
Windows Live ???
Windows Live ????
Windows Live Argazki Galeria
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotótár
Windows Live Fotogalerie
Windows Live Fotogalleri
Windows Live Fotogaléria
Windows Live Fotograf Galerisi
Windows Live Galeria de Fotos
Windows Live Galerija fotografija
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Temel Parçalar
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Liven asennustyökalu
Windows Liven sähköposti
Windows Liven valokuvavalikoima
Yahoo! Messenger
ZBrush 4
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
31/03/2012 23:19:19, Error: Service Control Manager [7034] - The ASO3DiskOptimizer service terminated unexpectedly. It

has done this 2 time(s).
04/04/2012 2:10:07, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to

load: luafv TfFsMon TFSysMon
04/04/2012 2:09:25, Error: Service Control Manager [7001] - The Windows Image Acquisition (WIA) service depends on the

Shell Hardware Detection service which failed to start because of the following error: The service cannot be started,

either because it is disabled or because it has no enabled devices associated with it.
04/04/2012 2:09:21, Error: Service Control Manager [7000] - The HWDeviceService64.exe service failed to start due to the

following error: The system cannot find the file specified.
03/04/2012 4:08:33, Error: Service Control Manager [7001] - The Network List Service service depends on the Network

Location Awareness service which failed to start because of the following error: The dependency service or group failed to

start.
03/04/2012 4:08:32, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the

service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
03/04/2012 4:08:32, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the

service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
03/04/2012 4:08:32, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the

service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
03/04/2012 4:08:32, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the

service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
03/04/2012 4:08:26, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the

service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
03/04/2012 4:08:06, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to

load: a2injectiondriver AFD cmdGuard cmdHlp DfsC discache inspect luafv NetBIOS NetBT nsiproxy Psched rdbss spldr tdx

TfFsMon TFSysMon vwififlt Wanarpv6 WfpLwf
03/04/2012 4:08:06, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface

Service service which failed to start because of the following error: The dependency service or group failed to start.
03/04/2012 4:08:06, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary

Function Driver for Winsock service which failed to start because of the following error: A device attached to the system

is not functioning.
03/04/2012 4:08:06, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on

the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to

the system is not functioning.
03/04/2012 4:08:06, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB

MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or

group failed to start.
03/04/2012 4:08:06, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB

MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or

group failed to start.
03/04/2012 4:08:06, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI

proxy service driver. service which failed to start because of the following error: A device attached to the system is not

functioning.
03/04/2012 4:08:06, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network

Store Interface Service service which failed to start because of the following error: The dependency service or group

failed to start.
03/04/2012 4:08:06, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface

Service service which failed to start because of the following error: The dependency service or group failed to start.
03/04/2012 4:08:06, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support

Driver service which failed to start because of the following error: A device attached to the system is not functioning.
03/04/2012 4:08:06, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function

Driver for Winsock service which failed to start because of the following error: A device attached to the system is not

functioning.
03/04/2012 4:08:06, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the

Application Virtualization Client service which failed to start because of the following error: The dependency service or

group failed to start.
03/04/2012 4:00:13, Error: Application Popup [1060] - \??\C:\Program Files (x86)\Anti Trojan Elite\ATEPMon.sys has been

blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version

of the driver.
03/04/2012 13:16:50, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the

service stisvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
03/04/2012 0:35:57, Error: PCTCore [280] -
02/04/2012 23:33:37, Error: Service Control Manager [7030] - The ThreatFire service is marked as an interactive service.

However, the system is configured to not allow interactive services. This service may not function properly.
02/04/2012 23:25:27, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to

load: luafv pctNdisLW64
02/04/2012 23:24:20, Error: Service Control Manager [7023] - The Windows Update service terminated with the following

error: %%-2147467243
02/04/2012 23:24:17, Error: Service Control Manager [7038] - The sppsvc service was unable to log on as NT AUTHORITY

\NetworkService with the currently configured password due to the following error: The security account manager (SAM) or

local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service

is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
02/04/2012 23:24:17, Error: Service Control Manager [7038] - The NAUpdate service was unable to log on as NT AUTHORITY

\SYSTEM with the currently configured password due to the following error: The security account manager (SAM) or local

security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is

configured properly, use the Services snap-in in Microsoft Management Console (MMC).
02/04/2012 23:24:17, Error: Service Control Manager [7000] - The Software Protection service failed to start due to the

following error: The service did not start due to a logon failure.
01/04/2012 2:21:45, Error: Service Control Manager [7038] - The upnphost service was unable to log on as NT AUTHORITY

\LocalService with the currently configured password due to the following error: The security account manager (SAM) or

local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service

is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
01/04/2012 2:21:45, Error: Service Control Manager [7000] - The UPnP Device Host service failed to start due to the

following error: The service did not start due to a logon failure.
01/04/2012 2:21:45, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the

service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
01/04/2012 0:57:57, Error: Service Control Manager [7034] - The ASO3DiskOptimizer service terminated unexpectedly. It has

done this 1 time(s).
.
==== End Of File ===========================

That's all the report, please! help me! I'm in panic right now.. thanks before..
My timezone is GMT +7
and I'm using Comodo Internet Security premium with firewall, emsisoft antimalware, and MBAM Pro
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

================================================================

Please disable "word wrap" in Notepad as your logs are hard to read.

Uninstall Advanced System Optimizer.
Registry cleaners/optimizers are not recommended for several reasons:

  • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

    The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
  • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
  • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
  • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
  • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".
Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.


==================================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

==================================================================

Download Bootkit Remover to your desktop.

  • Unzip downloaded file to your Desktop.
  • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.
 
Thank you, Broni, for your reply.

for your information, there's anomaly, right after I posted all my logs above (Mbam, Gmer, DDS logs), Comodo Internet Security (CIS) detected file at
C:\users\razhar\appdata\local\google\chrome\user data\default\cache\f_000047 as unrecognized file
and put it on Defense+

I've uninstalled Advanced System Optimizer
here is the Logs:


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-04 08:25:40
-----------------------------
08:25:40.162 OS Version: Windows x64 6.1.7601 Service Pack 1
08:25:40.162 Number of processors: 4 586 0x2A07
08:25:40.172 ComputerName: RAZHAR-PC UserName: Razhar
08:25:40.972 Initialze error C000010E - driver not loaded
08:25:41.122 write error "aswCmnB.dll". The process cannot access the file because it is being used by another process.
08:54:32.371 Service scanning
08:54:48.661 Modules scanning
08:54:48.661 Disk 0 trace - called modules:
08:54:48.661
08:54:48.661 Scan finished successfully
08:55:01.801 The log file has been saved successfully to "C:\Users\Razhar\Desktop\aswMBR.txt"



Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows 7 Home Premium Edition Service Pack 1 (build 7601)
, 64-bit

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000004`6b500000

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Controlled by rootkit!

Boot code on some of your physical disks is hidden by a rootkit.
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]


Done;
Press any key to quit...


From now I'll follow your instructions as soon as possible
 
Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
After I run scan with TDSS killer, the scan only last 19 seconds, processed 468 objects
founds: 0 threats
neutralized : 0 threats
quarantined: 0 objects
details said all OK (if I checked information messages), if I don't checked it, the scan result just blank

here is the log, there are two logs generated

filename: TDSSKiller.2.7.25.0_04.04.2012_10.36.07_log

10:36:07.0254 5328 TDSS rootkit removing tool 2.7.25.0 Apr 3 2012 13:42:32
10:36:07.0479 5328 ============================================================
10:36:07.0479 5328 Current date / time: 2012/04/04 10:36:07.0479
10:36:07.0479 5328 SystemInfo:
10:36:07.0479 5328
10:36:07.0479 5328 OS Version: 6.1.7601 ServicePack: 1.0
10:36:07.0479 5328 Product type: Workstation
10:36:07.0479 5328 ComputerName: RAZHAR-PC
10:36:07.0479 5328 UserName: Razhar
10:36:07.0479 5328 Windows directory: C:\Windows
10:36:07.0479 5328 System windows directory: C:\Windows
10:36:07.0479 5328 Running under WOW64
10:36:07.0479 5328 Processor architecture: Intel x64
10:36:07.0479 5328 Number of processors: 4
10:36:07.0479 5328 Page size: 0x1000
10:36:07.0479 5328 Boot type: Normal boot
10:36:07.0479 5328 ============================================================
10:36:08.0127 5328 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:36:08.0167 5328 \Device\Harddisk0\DR0:
10:36:08.0167 5328 MBR used
10:36:08.0167 5328 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2328800, BlocksNum 0x32000
10:36:08.0167 5328 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x235A800, BlocksNum 0x1C3FE830
10:36:08.0180 5328 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E75A000, BlocksNum 0x1BC2B800
10:36:08.0327 5328 Initialize success
10:36:08.0327 5328 ============================================================
10:36:12.0364 6676 Deinitialize success

continue..
 
here is the second log
filename: TDSSKiller.2.7.25.0_04.04.2012_10.36.13_log


10:36:13.0215 5292 TDSS rootkit removing tool 2.7.25.0 Apr 3 2012 13:42:32
10:36:13.0235 5292 ============================================================
10:36:13.0235 5292 Current date / time: 2012/04/04 10:36:13.0235
10:36:13.0235 5292 SystemInfo:
10:36:13.0235 5292
10:36:13.0235 5292 OS Version: 6.1.7601 ServicePack: 1.0
10:36:13.0235 5292 Product type: Workstation
10:36:13.0235 5292 ComputerName: RAZHAR-PC
10:36:13.0235 5292 UserName: Razhar
10:36:13.0235 5292 Windows directory: C:\Windows
10:36:13.0235 5292 System windows directory: C:\Windows
10:36:13.0235 5292 Running under WOW64
10:36:13.0235 5292 Processor architecture: Intel x64
10:36:13.0235 5292 Number of processors: 4
10:36:13.0235 5292 Page size: 0x1000
10:36:13.0235 5292 Boot type: Normal boot
10:36:13.0235 5292 ============================================================
10:36:13.0511 5292 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:36:13.0526 5292 \Device\Harddisk0\DR0:
10:36:13.0526 5292 MBR used
10:36:13.0526 5292 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2328800, BlocksNum 0x32000
10:36:13.0526 5292 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x235A800, BlocksNum 0x1C3FE830
10:36:13.0548 5292 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E75A000, BlocksNum 0x1BC2B800
10:36:13.0624 5292 Initialize success
10:36:13.0624 5292 ============================================================
10:36:26.0590 5984 ============================================================
10:36:26.0590 5984 Scan started
10:36:26.0590 5984 Mode: Manual;
10:36:26.0590 5984 ============================================================
10:36:27.0556 5984 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
10:36:27.0559 5984 1394ohci - ok
10:36:27.0647 5984 a2acc (922ab7cc2c12c38dc2c4074af893d5fb) C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys
10:36:27.0648 5984 a2acc - ok
10:36:27.0719 5984 a2AntiMalware (5a65a77f7a4a091e896c21db4ef18e1f) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
10:36:27.0765 5984 a2AntiMalware - ok
10:36:27.0795 5984 A2DDA (3044d0f3feb9ffe8bc953d8f34b5b504) C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys
10:36:27.0796 5984 A2DDA - ok
10:36:27.0816 5984 a2injectiondriver (905cda5a8d86f733df8000909b4916ed) C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys
10:36:27.0817 5984 a2injectiondriver - ok
10:36:27.0826 5984 a2util (e41d79682a209f72f4f578cfd4a53952) C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys
10:36:27.0827 5984 a2util - ok
10:36:27.0915 5984 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
10:36:27.0918 5984 ACPI - ok
10:36:27.0945 5984 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
10:36:27.0946 5984 AcpiPmi - ok
10:36:27.0995 5984 adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys
10:36:27.0996 5984 adfs - ok
10:36:28.0082 5984 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:36:28.0084 5984 AdobeFlashPlayerUpdateSvc - ok
10:36:28.0153 5984 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
10:36:28.0158 5984 adp94xx - ok
10:36:28.0187 5984 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
10:36:28.0190 5984 adpahci - ok
10:36:28.0208 5984 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
10:36:28.0210 5984 adpu320 - ok
10:36:28.0236 5984 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
10:36:28.0237 5984 AeLookupSvc - ok
10:36:28.0285 5984 AFD (d31dc7a16dea4a9baf179f3d6fbdb38c) C:\Windows\system32\drivers\afd.sys
10:36:28.0289 5984 AFD - ok
10:36:28.0327 5984 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
10:36:28.0328 5984 agp440 - ok
10:36:28.0350 5984 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
10:36:28.0351 5984 ALG - ok
10:36:28.0381 5984 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
10:36:28.0382 5984 aliide - ok
10:36:28.0397 5984 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
10:36:28.0398 5984 amdide - ok
10:36:28.0430 5984 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
10:36:28.0431 5984 AmdK8 - ok
10:36:28.0446 5984 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
10:36:28.0448 5984 AmdPPM - ok
10:36:28.0479 5984 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
10:36:28.0481 5984 amdsata - ok
10:36:28.0519 5984 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
10:36:28.0521 5984 amdsbs - ok
10:36:28.0533 5984 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
10:36:28.0534 5984 amdxata - ok
10:36:28.0570 5984 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
10:36:28.0571 5984 AppID - ok
10:36:28.0597 5984 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
10:36:28.0598 5984 AppIDSvc - ok
10:36:28.0609 5984 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
10:36:28.0610 5984 Appinfo - ok
10:36:28.0654 5984 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
10:36:28.0655 5984 arc - ok
10:36:28.0672 5984 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
10:36:28.0674 5984 arcsas - ok
10:36:28.0788 5984 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
10:36:28.0831 5984 aspnet_state - ok
10:36:28.0887 5984 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
10:36:28.0888 5984 AsyncMac - ok
10:36:28.0936 5984 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
10:36:28.0937 5984 atapi - ok
10:36:28.0964 5984 ATE_PROCMON - ok
10:36:29.0012 5984 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
10:36:29.0019 5984 AudioEndpointBuilder - ok
10:36:29.0028 5984 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
10:36:29.0032 5984 AudioSrv - ok
10:36:29.0072 5984 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
10:36:29.0074 5984 AxInstSV - ok
10:36:29.0134 5984 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
10:36:29.0138 5984 b06bdrv - ok
10:36:29.0156 5984 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
10:36:29.0159 5984 b57nd60a - ok
10:36:29.0217 5984 BBSvc (93ee7d9c35ae7e9ffda148d7805f1421) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
10:36:29.0219 5984 BBSvc - ok
10:36:29.0291 5984 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
10:36:29.0292 5984 BDESVC - ok
10:36:29.0322 5984 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
10:36:29.0323 5984 Beep - ok
10:36:29.0383 5984 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
10:36:29.0389 5984 BFE - ok
10:36:29.0433 5984 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
10:36:29.0492 5984 BITS - ok
10:36:29.0573 5984 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
10:36:29.0574 5984 blbdrive - ok
10:36:29.0611 5984 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
10:36:29.0612 5984 bowser - ok
10:36:29.0637 5984 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
10:36:29.0638 5984 BrFiltLo - ok
10:36:29.0656 5984 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
10:36:29.0657 5984 BrFiltUp - ok
10:36:29.0683 5984 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
10:36:29.0685 5984 Browser - ok
10:36:29.0713 5984 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
10:36:29.0716 5984 Brserid - ok
10:36:29.0728 5984 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
10:36:29.0730 5984 BrSerWdm - ok
10:36:29.0756 5984 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
10:36:29.0757 5984 BrUsbMdm - ok
10:36:29.0764 5984 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
10:36:29.0765 5984 BrUsbSer - ok
10:36:29.0808 5984 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
10:36:29.0809 5984 BthEnum - ok
10:36:29.0858 5984 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
10:36:29.0859 5984 BTHMODEM - ok
10:36:29.0893 5984 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
10:36:29.0895 5984 BthPan - ok
10:36:29.0947 5984 BTHPORT (0d25b6d300ba26a5f2c3b2a8e96b158b) C:\Windows\system32\Drivers\BTHport.sys
10:36:29.0952 5984 BTHPORT - ok
10:36:29.0989 5984 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
10:36:29.0990 5984 bthserv - ok
10:36:30.0011 5984 BTHUSB (1f9912f8ec5bfa53432e71e150636a8a) C:\Windows\system32\Drivers\BTHUSB.sys
10:36:30.0013 5984 BTHUSB - ok
10:36:30.0058 5984 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
10:36:30.0059 5984 cdfs - ok
10:36:30.0090 5984 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
10:36:30.0092 5984 cdrom - ok
10:36:30.0127 5984 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
10:36:30.0128 5984 CertPropSvc - ok
10:36:30.0158 5984 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
10:36:30.0159 5984 circlass - ok
10:36:30.0181 5984 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
10:36:30.0184 5984 CLFS - ok
10:36:30.0233 5984 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:36:30.0265 5984 clr_optimization_v2.0.50727_32 - ok
10:36:30.0289 5984 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:36:30.0292 5984 clr_optimization_v2.0.50727_64 - ok
10:36:30.0352 5984 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:36:30.0397 5984 clr_optimization_v4.0.30319_32 - ok
10:36:30.0427 5984 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:36:30.0431 5984 clr_optimization_v4.0.30319_64 - ok
10:36:30.0502 5984 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys
10:36:30.0503 5984 clwvd - ok
10:36:30.0545 5984 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
10:36:30.0546 5984 CmBatt - ok
10:36:30.0686 5984 cmdAgent (cee48ccc4d561ddb19c72f9fb55d28d5) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
10:36:30.0698 5984 cmdAgent - ok
10:36:30.0806 5984 cmderd (7eac5e62f0b93262984d450e0d497b61) C:\Windows\system32\DRIVERS\cmderd.sys
10:36:30.0807 5984 cmderd - ok
10:36:30.0859 5984 cmdGuard (0599d5a458d4e0e37ab84e9d1c5c73e5) C:\Windows\system32\DRIVERS\cmdguard.sys
10:36:30.0864 5984 cmdGuard - ok
10:36:30.0877 5984 cmdHlp (2d3e08c7106f748f9eff3dec14142d3e) C:\Windows\system32\DRIVERS\cmdhlp.sys
10:36:30.0879 5984 cmdHlp - ok
10:36:30.0903 5984 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
10:36:30.0904 5984 cmdide - ok
10:36:30.0935 5984 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
10:36:30.0939 5984 CNG - ok
10:36:30.0968 5984 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
10:36:30.0969 5984 Compbatt - ok
10:36:30.0998 5984 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
10:36:30.0999 5984 CompositeBus - ok
10:36:31.0019 5984 COMSysApp - ok
10:36:31.0121 5984 cpuz134 (17719a7f571d4cd08223f0b30f71b8b8) C:\Program Files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys
10:36:31.0122 5984 cpuz134 - ok
10:36:31.0154 5984 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
10:36:31.0155 5984 crcdisk - ok
10:36:31.0203 5984 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
10:36:31.0205 5984 CryptSvc - ok
10:36:31.0328 5984 cvhsvc (61a86809b62769643892bc0812b204aa) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
10:36:31.0334 5984 cvhsvc - ok
10:36:31.0426 5984 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
10:36:31.0431 5984 DcomLaunch - ok
10:36:31.0463 5984 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
10:36:31.0466 5984 defragsvc - ok
10:36:31.0502 5984 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
10:36:31.0503 5984 DfsC - ok
10:36:31.0545 5984 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
10:36:31.0548 5984 Dhcp - ok
10:36:31.0579 5984 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
10:36:31.0580 5984 discache - ok
10:36:31.0621 5984 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
10:36:31.0622 5984 Disk - ok
10:36:31.0641 5984 Dnscache (cd55f5355d8f55d44c9f4ed875705bd6) C:\Windows\System32\dnsrslvr.dll
10:36:31.0643 5984 Dnscache - ok
10:36:31.0682 5984 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
10:36:31.0685 5984 dot3svc - ok
10:36:31.0753 5984 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
10:36:31.0755 5984 Dot4 - ok
10:36:31.0805 5984 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys
10:36:31.0806 5984 Dot4Print - ok
10:36:31.0843 5984 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
10:36:31.0844 5984 dot4usb - ok
10:36:31.0869 5984 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
10:36:31.0872 5984 DPS - ok
10:36:31.0938 5984 DragonUpdater (af4634542c818a8b4182d41e7f00e363) C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
10:36:31.0942 5984 DragonUpdater - ok
10:36:32.0034 5984 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
10:36:32.0035 5984 drmkaud - ok
10:36:32.0095 5984 dtsoftbus01 (fb9bef3401ee5ecc2603311b9c64f44a) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
10:36:32.0098 5984 dtsoftbus01 - ok
10:36:32.0195 5984 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
10:36:32.0205 5984 DXGKrnl - ok
10:36:32.0249 5984 e1cexpress (6bafd9819d9fec2edbaebc8493c711a4) C:\Windows\system32\DRIVERS\e1c62x64.sys
10:36:32.0252 5984 e1cexpress - ok
10:36:32.0284 5984 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
10:36:32.0286 5984 EapHost - ok
10:36:32.0352 5984 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
10:36:32.0402 5984 ebdrv - ok
10:36:32.0444 5984 EFS (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\System32\lsass.exe
10:36:32.0445 5984 EFS - ok
10:36:32.0503 5984 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
10:36:32.0522 5984 ehRecvr - ok
10:36:32.0552 5984 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
10:36:32.0554 5984 ehSched - ok
10:36:32.0628 5984 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
10:36:32.0634 5984 elxstor - ok
10:36:32.0645 5984 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
10:36:32.0646 5984 ErrDev - ok
10:36:32.0688 5984 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
10:36:32.0691 5984 EventSystem - ok
10:36:32.0717 5984 ewusbnet - ok
10:36:32.0724 5984 ew_hwusbdev - ok
10:36:32.0754 5984 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
10:36:32.0756 5984 exfat - ok
10:36:32.0773 5984 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
10:36:32.0775 5984 fastfat - ok
10:36:32.0823 5984 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
10:36:32.0829 5984 Fax - ok
10:36:32.0866 5984 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
10:36:32.0867 5984 fdc - ok
10:36:32.0899 5984 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
10:36:32.0900 5984 fdPHost - ok
10:36:32.0915 5984 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
10:36:32.0916 5984 FDResPub - ok
10:36:32.0952 5984 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
10:36:32.0954 5984 FileInfo - ok
10:36:32.0961 5984 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
10:36:32.0962 5984 Filetrace - ok
10:36:33.0060 5984 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
10:36:33.0067 5984 FLEXnet Licensing Service - ok
10:36:33.0155 5984 FLEXnet Licensing Service 64 (5cee6cd43ae5844c49300ea0b1e557ee) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
10:36:33.0179 5984 FLEXnet Licensing Service 64 - ok
10:36:33.0268 5984 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
10:36:33.0270 5984 flpydisk - ok
10:36:33.0284 5984 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
10:36:33.0287 5984 FltMgr - ok
10:36:33.0325 5984 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
10:36:33.0339 5984 FontCache - ok
10:36:33.0377 5984 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:36:33.0379 5984 FontCache3.0.0.0 - ok
10:36:33.0446 5984 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
10:36:33.0447 5984 FsDepends - ok
10:36:33.0467 5984 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
10:36:33.0468 5984 Fs_Rec - ok
10:36:33.0494 5984 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
10:36:33.0497 5984 fvevol - ok
10:36:33.0514 5984 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
10:36:33.0515 5984 gagp30kx - ok
10:36:33.0601 5984 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
10:36:33.0603 5984 GamesAppService - ok
10:36:33.0697 5984 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
10:36:33.0703 5984 gpsvc - ok
10:36:33.0807 5984 GREGService (0191dee9b9eb7902af2cf4f67301095d) C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
10:36:33.0807 5984 GREGService - ok
10:36:33.0891 5984 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
10:36:33.0893 5984 hcw85cir - ok
10:36:33.0926 5984 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
10:36:33.0930 5984 HdAudAddService - ok
10:36:33.0967 5984 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
10:36:33.0969 5984 HDAudBus - ok
10:36:33.0988 5984 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
10:36:33.0989 5984 HidBatt - ok
10:36:34.0018 5984 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
10:36:34.0019 5984 HidBth - ok
10:36:34.0051 5984 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
10:36:34.0052 5984 HidIr - ok
10:36:34.0073 5984 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
10:36:34.0074 5984 hidserv - ok
10:36:34.0115 5984 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
10:36:34.0116 5984 HidUsb - ok
10:36:34.0163 5984 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
10:36:34.0165 5984 hkmsvc - ok
10:36:34.0196 5984 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
10:36:34.0199 5984 HomeGroupListener - ok
10:36:34.0216 5984 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
10:36:34.0218 5984 HomeGroupProvider - ok
10:36:34.0315 5984 hpqcxs08 (1dae5c46d42b02a6d5862e1482efb390) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
10:36:34.0318 5984 hpqcxs08 - ok
10:36:34.0338 5984 hpqddsvc (99e8eef42fe2f4af29b08c3355dd7685) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
10:36:34.0340 5984 hpqddsvc - ok
10:36:34.0427 5984 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
10:36:34.0429 5984 HpSAMD - ok
10:36:34.0455 5984 HPSLPSVC (7f57926169c1b8aba9274ea7d4b70f18) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
10:36:34.0466 5984 HPSLPSVC - ok
10:36:34.0556 5984 HSPADataCardusbmdm (112dc5ab9f0257416455ee98e96205a7) C:\Windows\system32\DRIVERS\HSPADataCardusbmdm.sys
10:36:34.0557 5984 HSPADataCardusbmdm - ok
10:36:34.0595 5984 HSPADataCardusbnmea (112dc5ab9f0257416455ee98e96205a7) C:\Windows\system32\DRIVERS\HSPADataCardusbnmea.sys
10:36:34.0597 5984 HSPADataCardusbnmea - ok
10:36:34.0621 5984 HSPADataCardusbser (112dc5ab9f0257416455ee98e96205a7) C:\Windows\system32\DRIVERS\HSPADataCardusbser.sys
10:36:34.0623 5984 HSPADataCardusbser - ok
10:36:34.0672 5984 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
10:36:34.0678 5984 HTTP - ok
10:36:34.0685 5984 huawei_enumerator - ok
10:36:34.0726 5984 hwdatacard (21f59a1e203f637563c7fff5de2b2b85) C:\Windows\system32\DRIVERS\ewusbmdm.sys
10:36:34.0728 5984 hwdatacard - ok
10:36:34.0787 5984 HWDeviceService64.exe - ok
10:36:34.0809 5984 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
10:36:34.0810 5984 hwpolicy - ok
10:36:34.0856 5984 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
10:36:34.0857 5984 i8042prt - ok
10:36:34.0907 5984 iaStor (d7921d5a870b11cc1adab198a519d50a) C:\Windows\system32\drivers\iaStor.sys
10:36:34.0909 5984 iaStor - ok
10:36:34.0977 5984 IAStorDataMgrSvc (8fff9083252c16fe3960173722605e9e) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
10:36:34.0978 5984 IAStorDataMgrSvc - ok
10:36:35.0039 5984 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
10:36:35.0043 5984 iaStorV - ok
10:36:35.0111 5984 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:36:35.0119 5984 idsvc - ok
10:36:35.0319 5984 igfx (bc610abb825504272364efe4c831e672) C:\Windows\system32\DRIVERS\igdkmd64.sys
10:36:35.0473 5984 igfx - ok
10:36:35.0538 5984 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
10:36:35.0539 5984 iirsp - ok
10:36:35.0571 5984 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
10:36:35.0578 5984 IKEEXT - ok
10:36:35.0643 5984 inspect (efff0afd27cc97bf0e5e0bab78419de7) C:\Windows\system32\DRIVERS\inspect.sys
10:36:35.0645 5984 inspect - ok
10:36:35.0754 5984 IntcAzAudAddService (150ac23f21dbdbf8488408ba944b0d65) C:\Windows\system32\drivers\RTKVHD64.sys
10:36:35.0839 5984 IntcAzAudAddService - ok
10:36:35.0892 5984 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
10:36:35.0894 5984 intelide - ok
10:36:35.0918 5984 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
10:36:35.0919 5984 intelppm - ok
10:36:35.0960 5984 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
10:36:35.0962 5984 IPBusEnum - ok
10:36:35.0976 5984 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:36:35.0977 5984 IpFilterDriver - ok
10:36:36.0029 5984 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
10:36:36.0034 5984 iphlpsvc - ok
10:36:36.0052 5984 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
10:36:36.0053 5984 IPMIDRV - ok
10:36:36.0064 5984 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
10:36:36.0065 5984 IPNAT - ok
10:36:36.0096 5984 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
10:36:36.0097 5984 IRENUM - ok
10:36:36.0104 5984 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
10:36:36.0105 5984 isapnp - ok
10:36:36.0139 5984 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
10:36:36.0141 5984 iScsiPrt - ok
10:36:36.0158 5984 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
10:36:36.0159 5984 kbdclass - ok
10:36:36.0179 5984 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
10:36:36.0180 5984 kbdhid - ok
10:36:36.0210 5984 KeyIso (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
10:36:36.0211 5984 KeyIso - ok
10:36:36.0247 5984 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
10:36:36.0248 5984 KSecDD - ok
10:36:36.0267 5984 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
10:36:36.0269 5984 KSecPkg - ok
10:36:36.0282 5984 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
10:36:36.0283 5984 ksthunk - ok
10:36:36.0304 5984 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
10:36:36.0308 5984 KtmRm - ok
10:36:36.0345 5984 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
10:36:36.0349 5984 LanmanServer - ok
10:36:36.0372 5984 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
10:36:36.0376 5984 LanmanWorkstation - ok
10:36:36.0441 5984 Live Updater Service (6bcee9c766815bfff89de7d81af34ce1) C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
10:36:36.0444 5984 Live Updater Service - ok
10:36:36.0499 5984 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
10:36:36.0500 5984 lltdio - ok
10:36:36.0529 5984 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
10:36:36.0532 5984 lltdsvc - ok
10:36:36.0566 5984 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
10:36:36.0568 5984 lmhosts - ok
10:36:36.0644 5984 LMS (a63b719f4f8657f3fcd84436d09378c8) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
10:36:36.0647 5984 LMS - ok
10:36:36.0697 5984 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
10:36:36.0698 5984 LSI_FC - ok
10:36:36.0717 5984 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
10:36:36.0718 5984 LSI_SAS - ok
10:36:36.0737 5984 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
10:36:36.0738 5984 LSI_SAS2 - ok
10:36:36.0746 5984 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
10:36:36.0748 5984 LSI_SCSI - ok
10:36:36.0776 5984 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
10:36:36.0777 5984 luafv - ok
10:36:36.0823 5984 massfilter (035c83cd72e06c47000793d32b1a642d) C:\Windows\system32\drivers\massfilter.sys
10:36:36.0824 5984 massfilter - ok
10:36:36.0878 5984 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
10:36:36.0879 5984 MBAMProtector - ok
10:36:36.0947 5984 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
10:36:36.0953 5984 MBAMService - ok
10:36:36.0988 5984 MBfilt (8ff2d95cba49b405c5de27039ff0bf35) C:\Windows\system32\drivers\MBfilt64.sys
10:36:36.0989 5984 MBfilt - ok
10:36:37.0016 5984 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
10:36:37.0018 5984 Mcx2Svc - ok
10:36:37.0134 5984 MDM (7cf1b716372b89568ae4c0fe769f5869) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
10:36:37.0137 5984 MDM - ok
10:36:37.0161 5984 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
10:36:37.0163 5984 megasas - ok
10:36:37.0193 5984 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
10:36:37.0196 5984 MegaSR - ok
10:36:37.0243 5984 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
10:36:37.0244 5984 MEIx64 - ok
10:36:37.0374 5984 mi-raysat_3dsmax2012_64 (e2fc06a57c62282ed57f15546d14f5d7) C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe
10:36:37.0377 5984 mi-raysat_3dsmax2012_64 - ok
10:36:37.0447 5984 Microsoft Office Groove Audit Service (fafe367d032ed82e9332b4c741a20216) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
10:36:37.0448 5984 Microsoft Office Groove Audit Service - ok
10:36:37.0529 5984 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
10:36:37.0530 5984 MMCSS - ok
10:36:37.0564 5984 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
10:36:37.0565 5984 Modem - ok
10:36:37.0595 5984 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
10:36:37.0597 5984 monitor - ok
10:36:37.0626 5984 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
10:36:37.0627 5984 mouclass - ok
10:36:37.0661 5984 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
10:36:37.0662 5984 mouhid - ok
10:36:37.0692 5984 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
10:36:37.0693 5984 mountmgr - ok
10:36:37.0712 5984 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
10:36:37.0714 5984 mpio - ok
10:36:37.0729 5984 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
10:36:37.0730 5984 mpsdrv - ok
10:36:37.0764 5984 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
10:36:37.0771 5984 MpsSvc - ok
10:36:37.0785 5984 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
10:36:37.0787 5984 MRxDAV - ok
10:36:37.0800 5984 mrxsmb (faf015b07e3a2874a790a39b7d2c579f) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:36:37.0803 5984 mrxsmb - ok
10:36:37.0819 5984 mrxsmb10 (08e2345df129082bcdffdc1440f9c00d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:36:37.0822 5984 mrxsmb10 - ok
10:36:37.0838 5984 mrxsmb20 (108d87409c5812ef47d81e22843e8c9d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:36:37.0840 5984 mrxsmb20 - ok
10:36:37.0853 5984 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
10:36:37.0854 5984 msahci - ok
10:36:37.0868 5984 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
10:36:37.0870 5984 msdsm - ok
10:36:37.0890 5984 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
10:36:37.0892 5984 MSDTC - ok
10:36:37.0913 5984 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
10:36:37.0914 5984 Msfs - ok
10:36:37.0947 5984 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
10:36:37.0948 5984 mshidkmdf - ok
10:36:37.0963 5984 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d)

continue..
 
C:\Windows\system32\drivers\msisadrv.sys
10:36:37.0964 5984 msisadrv - ok
10:36:37.0989 5984 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
10:36:37.0991 5984 MSiSCSI - ok
10:36:37.0997 5984 msiserver - ok
10:36:38.0032 5984 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
10:36:38.0033 5984 MSKSSRV - ok
10:36:38.0048 5984 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
10:36:38.0049 5984 MSPCLOCK - ok
10:36:38.0057 5984 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
10:36:38.0058 5984 MSPQM - ok
10:36:38.0081 5984 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
10:36:38.0084 5984 MsRPC - ok
10:36:38.0112 5984 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
10:36:38.0113 5984 mssmbios - ok
10:36:38.0126 5984 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
10:36:38.0127 5984 MSTEE - ok
10:36:38.0158 5984 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
10:36:38.0159 5984 MTConfig - ok
10:36:38.0178 5984 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
10:36:38.0180 5984 Mup - ok
10:36:38.0205 5984 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
10:36:38.0210 5984 napagent - ok
10:36:38.0251 5984 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
10:36:38.0254 5984 NativeWifiP - ok
10:36:38.0319 5984 NAUpdate (9d1cce440552500ded3a62f9d779cdb4) C:\Program Files (x86)\Nero\Update\NASvc.exe
10:36:38.0323 5984 NAUpdate - ok
10:36:38.0350 5984 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
10:36:38.0360 5984 NDIS - ok
10:36:38.0397 5984 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
10:36:38.0398 5984 NdisCap - ok
10:36:38.0425 5984 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
10:36:38.0426 5984 NdisTapi - ok
10:36:38.0451 5984 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
10:36:38.0452 5984 Ndisuio - ok
10:36:38.0467 5984 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
10:36:38.0469 5984 NdisWan - ok
10:36:38.0480 5984 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
10:36:38.0481 5984 NDProxy - ok
10:36:38.0515 5984 Net Driver HPZ12 (d5ac41ae382738483faffbd7e373d49a) C:\Windows\system32\HPZinw12.dll
10:36:38.0516 5984 Net Driver HPZ12 - ok
10:36:38.0533 5984 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
10:36:38.0534 5984 NetBIOS - ok
10:36:38.0552 5984 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
10:36:38.0555 5984 NetBT - ok
10:36:38.0585 5984 Netlogon (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
10:36:38.0586 5984 Netlogon - ok
10:36:38.0635 5984 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
10:36:38.0639 5984 Netman - ok
10:36:38.0721 5984 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:36:38.0733 5984 NetMsmqActivator - ok
10:36:38.0757 5984 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:36:38.0758 5984 NetPipeActivator - ok
10:36:38.0782 5984 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
10:36:38.0786 5984 netprofm - ok
10:36:38.0791 5984 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:36:38.0792 5984 NetTcpActivator - ok
10:36:38.0797 5984 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:36:38.0798 5984 NetTcpPortSharing - ok
10:36:38.0836 5984 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
10:36:38.0837 5984 nfrd960 - ok
10:36:38.0870 5984 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
10:36:38.0874 5984 NlaSvc - ok
10:36:38.0883 5984 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
10:36:38.0884 5984 Npfs - ok
10:36:38.0899 5984 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
10:36:38.0901 5984 nsi - ok
10:36:38.0917 5984 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
10:36:38.0918 5984 nsiproxy - ok
10:36:38.0956 5984 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
10:36:38.0982 5984 Ntfs - ok
10:36:38.0998 5984 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
10:36:38.0999 5984 Null - ok
10:36:39.0027 5984 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
10:36:39.0029 5984 nvraid - ok
10:36:39.0057 5984 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
10:36:39.0059 5984 nvstor - ok
10:36:39.0090 5984 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
10:36:39.0092 5984 nv_agp - ok
10:36:39.0182 5984 odserv (84de1dd996b48b05ace31ad015fa108a) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
10:36:39.0187 5984 odserv - ok
10:36:39.0202 5984 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
10:36:39.0204 5984 ohci1394 - ok
10:36:39.0253 5984 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:36:39.0255 5984 ose - ok
10:36:39.0367 5984 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
10:36:39.0437 5984 osppsvc - ok
10:36:39.0467 5984 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
10:36:39.0472 5984 p2pimsvc - ok
10:36:39.0495 5984 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
10:36:39.0500 5984 p2psvc - ok
10:36:39.0533 5984 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
10:36:39.0534 5984 Parport - ok
10:36:39.0550 5984 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
10:36:39.0551 5984 partmgr - ok
10:36:39.0568 5984 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
10:36:39.0571 5984 PcaSvc - ok
10:36:39.0589 5984 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
10:36:39.0592 5984 pci - ok
10:36:39.0618 5984 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
10:36:39.0619 5984 pciide - ok
10:36:39.0637 5984 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
10:36:39.0639 5984 pcmcia - ok
10:36:39.0775 5984 PCToolsSSDMonitorSvc (a0937771070bf59468b4939dd0ae59fd) C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
10:36:39.0781 5984 PCToolsSSDMonitorSvc - ok
10:36:39.0799 5984 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
10:36:39.0800 5984 pcw - ok
10:36:39.0826 5984 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
10:36:39.0832 5984 PEAUTH - ok
10:36:39.0875 5984 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
10:36:39.0877 5984 PerfHost - ok
10:36:39.0917 5984 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
10:36:39.0942 5984 pla - ok
10:36:39.0992 5984 PlugPlay (b806e50427511bcf4ad8e8239c3e25fa) C:\Windows\system32\umpnpmgr.dll
10:36:39.0996 5984 PlugPlay - ok
10:36:40.0035 5984 Pml Driver HPZ12 (37f6046cdc630442d7dc087501ff6fc6) C:\Windows\system32\HPZipm12.dll
10:36:40.0036 5984 Pml Driver HPZ12 - ok
10:36:40.0055 5984 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
10:36:40.0057 5984 PNRPAutoReg - ok
10:36:40.0075 5984 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
10:36:40.0078 5984 PNRPsvc - ok
10:36:40.0105 5984 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
10:36:40.0110 5984 PolicyAgent - ok
10:36:40.0119 5984 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
10:36:40.0132 5984 Power - ok
10:36:40.0180 5984 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
10:36:40.0182 5984 PptpMiniport - ok
10:36:40.0199 5984 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
10:36:40.0201 5984 Processor - ok
10:36:40.0222 5984 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
10:36:40.0224 5984 ProfSvc - ok
10:36:40.0235 5984 ProtectedStorage (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
10:36:40.0236 5984 ProtectedStorage - ok
10:36:40.0270 5984 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
10:36:40.0271 5984 Psched - ok
10:36:40.0317 5984 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
10:36:40.0341 5984 ql2300 - ok
10:36:40.0360 5984 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
10:36:40.0361 5984 ql40xx - ok
10:36:40.0385 5984 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
10:36:40.0388 5984 QWAVE - ok
10:36:40.0400 5984 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
10:36:40.0401 5984 QWAVEdrv - ok
10:36:40.0418 5984 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
10:36:40.0418 5984 RasAcd - ok
10:36:40.0457 5984 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
10:36:40.0458 5984 RasAgileVpn - ok
10:36:40.0473 5984 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
10:36:40.0475 5984 RasAuto - ok
10:36:40.0490 5984 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:36:40.0491 5984 Rasl2tp - ok
10:36:40.0538 5984 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
10:36:40.0542 5984 RasMan - ok
10:36:40.0556 5984 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
10:36:40.0557 5984 RasPppoe - ok
10:36:40.0585 5984 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
10:36:40.0587 5984 RasSstp - ok
10:36:40.0602 5984 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
10:36:40.0605 5984 rdbss - ok
10:36:40.0619 5984 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
10:36:40.0621 5984 rdpbus - ok
10:36:40.0633 5984 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:36:40.0634 5984 RDPCDD - ok
10:36:40.0643 5984 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
10:36:40.0643 5984 RDPENCDD - ok
10:36:40.0653 5984 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
10:36:40.0653 5984 RDPREFMP - ok
10:36:40.0670 5984 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
10:36:40.0672 5984 RDPWD - ok
10:36:40.0682 5984 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
10:36:40.0685 5984 rdyboost - ok
10:36:40.0717 5984 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
10:36:40.0719 5984 RemoteAccess - ok
10:36:40.0732 5984 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
10:36:40.0735 5984 RemoteRegistry - ok
10:36:40.0780 5984 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
10:36:40.0782 5984 RFCOMM - ok
10:36:40.0795 5984 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
10:36:40.0797 5984 RpcEptMapper - ok
10:36:40.0824 5984 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
10:36:40.0825 5984 RpcLocator - ok
10:36:40.0842 5984 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
10:36:40.0845 5984 RpcSs - ok
10:36:40.0900 5984 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
10:36:40.0901 5984 rspndr - ok
10:36:40.0950 5984 RTL8192su (4629c5c4772d223b0ecd1ea8ba7a2a33) C:\Windows\system32\DRIVERS\RTL8192su.sys
10:36:40.0957 5984 RTL8192su - ok
10:36:40.0968 5984 SamSs (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
10:36:40.0969 5984 SamSs - ok
10:36:40.0988 5984 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
10:36:40.0990 5984 sbp2port - ok
10:36:41.0011 5984 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
10:36:41.0014 5984 SCardSvr - ok
10:36:41.0030 5984 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
10:36:41.0031 5984 scfilter - ok
10:36:41.0057 5984 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
10:36:41.0068 5984 Schedule - ok
10:36:41.0093 5984 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
10:36:41.0094 5984 SCPolicySvc - ok
10:36:41.0110 5984 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
10:36:41.0113 5984 SDRSVC - ok
10:36:41.0191 5984 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
10:36:41.0193 5984 SeaPort - ok
10:36:41.0253 5984 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
10:36:41.0254 5984 secdrv - ok
10:36:41.0276 5984 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
10:36:41.0278 5984 seclogon - ok
10:36:41.0310 5984 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
10:36:41.0313 5984 SENS - ok
10:36:41.0327 5984 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
10:36:41.0330 5984 SensrSvc - ok
10:36:41.0363 5984 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
10:36:41.0364 5984 Serenum - ok
10:36:41.0396 5984 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
10:36:41.0398 5984 Serial - ok
10:36:41.0432 5984 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
10:36:41.0433 5984 sermouse - ok
10:36:41.0458 5984 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
10:36:41.0460 5984 SessionEnv - ok
10:36:41.0467 5984 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
10:36:41.0468 5984 sffdisk - ok
10:36:41.0484 5984 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
10:36:41.0485 5984 sffp_mmc - ok
10:36:41.0493 5984 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
10:36:41.0494 5984 sffp_sd - ok
10:36:41.0524 5984 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
10:36:41.0525 5984 sfloppy - ok
10:36:41.0602 5984 Sftfs (d5183ed285d2795491dc15bddcbee5ad) C:\Windows\system32\DRIVERS\Sftfslh.sys
10:36:41.0609 5984 Sftfs - ok
10:36:41.0673 5984 sftlist (bfdb58616ff5ea540a5f58301d50641e) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
10:36:41.0677 5984 sftlist - ok
10:36:41.0689 5984 Sftplay (00f118b68c50d2206dd51634f9142b83) C:\Windows\system32\DRIVERS\Sftplaylh.sys
10:36:41.0692 5984 Sftplay - ok
10:36:41.0705 5984 Sftredir (76a827df5640bfe16a0cdbb4108adeca) C:\Windows\system32\DRIVERS\Sftredirlh.sys
10:36:41.0706 5984 Sftredir - ok
10:36:41.0713 5984 Sftvol (1b4c9701645086bab8cafffce30ed284) C:\Windows\system32\DRIVERS\Sftvollh.sys
10:36:41.0714 5984 Sftvol - ok
10:36:41.0730 5984 sftvsa (b94c3c4dca2093243c76ca218ede2a97) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
10:36:41.0732 5984 sftvsa - ok
10:36:41.0766 5984 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
10:36:41.0769 5984 SharedAccess - ok
10:36:41.0801 5984 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
10:36:41.0805 5984 ShellHWDetection - ok
10:36:41.0859 5984 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
10:36:41.0860 5984 SiSRaid2 - ok
10:36:41.0880 5984 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
10:36:41.0881 5984 SiSRaid4 - ok
10:36:41.0909 5984 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
10:36:41.0910 5984 Smb - ok
10:36:41.0943 5984 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
10:36:41.0944 5984 SNMPTRAP - ok
10:36:41.0952 5984 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
10:36:41.0953 5984 spldr - ok
10:36:41.0976 5984 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
10:36:41.0981 5984 Spooler - ok
10:36:42.0054 5984 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
10:36:42.0112 5984 sppsvc - ok
10:36:42.0126 5984 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
10:36:42.0128 5984 sppuinotify - ok
10:36:42.0146 5984 srv (2098b8556d1cec2aca9a29cd479e3692) C:\Windows\system32\DRIVERS\srv.sys
10:36:42.0150 5984 srv - ok
10:36:42.0160 5984 srv2 (d0f73a42040f21f92fd314b42ac5c9e7) C:\Windows\system32\DRIVERS\srv2.sys
10:36:42.0164 5984 srv2 - ok
10:36:42.0186 5984 srvnet (2ba8f3250828ccdb4204ecf2c6f40b6a) C:\Windows\system32\DRIVERS\srvnet.sys
10:36:42.0188 5984 srvnet - ok
10:36:42.0221 5984 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
10:36:42.0224 5984 SSDPSRV - ok
10:36:42.0236 5984 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
10:36:42.0239 5984 SstpSvc - ok
10:36:42.0258 5984 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
10:36:42.0259 5984 stexstor - ok
10:36:42.0298 5984 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
10:36:42.0304 5984 stisvc - ok
10:36:42.0319 5984 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
10:36:42.0320 5984 swenum - ok
10:36:42.0362 5984 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
10:36:42.0367 5984 swprv - ok
10:36:42.0399 5984 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
10:36:42.0425 5984 SysMain - ok
10:36:42.0439 5984 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
10:36:42.0441 5984 TabletInputService - ok
10:36:42.0627 5984 TabletServicePen (5f5ac85de73fd25ad36bf591185ec009) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
10:36:42.0703 5984 TabletServicePen - ok
10:36:42.0714 5984 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
10:36:42.0718 5984 TapiSrv - ok
10:36:42.0732 5984 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
10:36:42.0734 5984 TBS - ok
10:36:42.0814 5984 Tcpip (dc08410db2d0cc542dacac7a90e6cb7a) C:\Windows\system32\drivers\tcpip.sys
10:36:42.0846 5984 Tcpip - ok
10:36:42.0876 5984 TCPIP6 (dc08410db2d0cc542dacac7a90e6cb7a) C:\Windows\system32\DRIVERS\tcpip.sys
10:36:42.0885 5984 TCPIP6 - ok
10:36:42.0919 5984 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
10:36:42.0920 5984 tcpipreg - ok
10:36:42.0935 5984 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
10:36:42.0936 5984 TDPIPE - ok
10:36:42.0949 5984 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
10:36:42.0949 5984 TDTCP - ok
10:36:42.0981 5984 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
10:36:42.0983 5984 tdx - ok
10:36:43.0017 5984 teamviewervpn (f5520dbb47c60ee83024b38720abda24) C:\Windows\system32\DRIVERS\teamviewervpn.sys
10:36:43.0018 5984 teamviewervpn - ok
10:36:43.0038 5984 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
10:36:43.0039 5984 TermDD - ok
10:36:43.0073 5984 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
10:36:43.0080 5984 TermService - ok
10:36:43.0099 5984 TfFsMon - ok
10:36:43.0107 5984 TfNetMon - ok
10:36:43.0129 5984 TFSysMon - ok
10:36:43.0151 5984 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
10:36:43.0152 5984 Themes - ok
10:36:43.0170 5984 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
10:36:43.0171 5984 THREADORDER - ok
10:36:43.0298 5984 TouchServicePen (7446e9d669a3b747bc4d11a82f69a5ed) C:\Program Files\Tablet\Pen\Pen_TouchService.exe
10:36:43.0303 5984 TouchServicePen - ok
10:36:43.0334 5984 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
10:36:43.0336 5984 TrkWks - ok
10:36:43.0373 5984 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
10:36:43.0376 5984 TrustedInstaller - ok
10:36:43.0410 5984 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:36:43.0411 5984 tssecsrv - ok
10:36:43.0449 5984 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
10:36:43.0450 5984 TsUsbFlt - ok
10:36:43.0457 5984 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
10:36:43.0458 5984 TsUsbGD - ok
10:36:43.0489 5984 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
10:36:43.0490 5984 tunnel - ok
10:36:43.0506 5984 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
10:36:43.0507 5984 uagp35 - ok
10:36:43.0531 5984 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
10:36:43.0534 5984 udfs - ok
10:36:43.0618 5984 UDisk Monitor (0d67464ec74b460aa57c9ffa45e181db) C:\Program Files\Modem AC2726 UI\bin\MonServiceUDisk64.exe
10:36:43.0622 5984 UDisk Monitor - ok
10:36:43.0669 5984 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
10:36:43.0671 5984 UI0Detect - ok
10:36:43.0715 5984 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
10:36:43.0716 5984 uliagpkx - ok
10:36:43.0743 5984 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
10:36:43.0744 5984 umbus - ok
10:36:43.0759 5984 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
10:36:43.0760 5984 UmPass - ok
10:36:43.0867 5984 UNS (e419566c7918a4c8e9497afbd502fb2a) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
10:36:43.0906 5984 UNS - ok
10:36:43.0935 5984 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
10:36:43.0939 5984 upnphost - ok
10:36:43.0995 5984 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
10:36:43.0996 5984 usbaudio - ok
10:36:44.0026 5984 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\DRIVERS\usbccgp.sys
10:36:44.0028 5984 usbccgp - ok
10:36:44.0046 5984 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
10:36:44.0048 5984 usbcir - ok
10:36:44.0061 5984 usbehci (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\DRIVERS\usbehci.sys
10:36:44.0063 5984 usbehci - ok
10:36:44.0080 5984 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\DRIVERS\usbhub.sys
10:36:44.0084 5984 usbhub - ok
10:36:44.0093 5984 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys
10:36:44.0093 5984 usbohci - ok
10:36:44.0130 5984 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
10:36:44.0131 5984 usbprint - ok
10:36:44.0207 5984 USBS3S4Detection (b5e6c4f280ebf0b16f74a5b415f2e0df) C:\OEM\USBDECTION\USBS3S4Detection.exe
10:36:44.0216 5984 USBS3S4Detection - ok
10:36:44.0254 5984 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
10:36:44.0256 5984 usbscan - ok
10:36:44.0274 5984 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:36:44.0276 5984 USBSTOR - ok
10:36:44.0307 5984 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys
10:36:44.0308 5984 usbuhci - ok
10:36:44.0342 5984 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
10:36:44.0344 5984 usbvideo - ok
10:36:44.0367 5984 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
10:36:44.0369 5984 UxSms - ok
10:36:44.0401 5984 VaultSvc (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
10:36:44.0402 5984 VaultSvc - ok
10:36:44.0441 5984 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
10:36:44.0442 5984 vdrvroot - ok
10:36:44.0462 5984 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
10:36:44.0468 5984 vds - ok
10:36:44.0484 5984 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
10:36:44.0485 5984 vga - ok
10:36:44.0499 5984 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
10:36:44.0500 5984 VgaSave - ok
10:36:44.0515 5984 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
10:36:44.0518 5984 vhdmp - ok
10:36:44.0543 5984 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
10:36:44.0543 5984 viaide - ok
10:36:44.0563 5984 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
10:36:44.0565 5984 volmgr - ok
10:36:44.0584 5984 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
10:36:44.0587 5984 volmgrx - ok
10:36:44.0603 5984 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
10:36:44.0606 5984 volsnap - ok
10:36:44.0638 5984 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
10:36:44.0640 5984 vsmraid - ok
10:36:44.0685 5984 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
10:36:44.0711 5984 VSS - ok
10:36:44.0723 5984 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
10:36:44.0724 5984 vwifibus - ok
10:36:44.0758 5984 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
10:36:44.0760 5984 vwififlt - ok
10:36:44.0798 5984 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
10:36:44.0803 5984 W32Time - ok
10:36:44.0836 5984 wacmoumonitor (43ce14e1e17da81ea71dfe686805ed07) C:\Windows\system32\DRIVERS\wacmoumonitor.sys
10:36:44.0837 5984 wacmoumonitor - ok
10:36:44.0880 5984 wacommousefilter (e04d43c7d1641e95d35cae6086c7e350) C:\Windows\system32\DRIVERS\wacommousefilter.sys
10:36:44.0881 5984 wacommousefilter - ok
10:36:44.0894 5984 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
10:36:44.0895 5984 WacomPen - ok
10:36:44.0950 5984 wacomvhid (ec1ceb237e365330c1fcfc4876aa0ac0) C:\Windows\system32\DRIVERS\wacomvhid.sys
10:36:44.0951 5984 wacomvhid - ok
10:36:44.0979 5984 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:36:44.0980 5984 WANARP - ok
10:36:44.0995 5984 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:36:44.0996 5984 Wanarpv6 - ok
10:36:45.0042 5984 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
10:36:45.0074 5984 wbengine - ok
10:36:45.0109 5984 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
10:36:45.0112 5984 WbioSrvc - ok
10:36:45.0131 5984 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
10:36:45.0135 5984 wcncsvc - ok
10:36:45.0151 5984 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
10:36:45.0153 5984 WcsPlugInService - ok
10:36:45.0175 5984 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
10:36:45.0176 5984 Wd - ok
10:36:45.0203 5984 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
10:36:45.0208 5984 Wdf01000 - ok
10:36:45.0225 5984 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
10:36:45.0227 5984 WdiServiceHost - ok
10:36:45.0230 5984 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
10:36:45.0232 5984 WdiSystemHost - ok
10:36:45.0245 5984 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
10:36:45.0248 5984 WebClient - ok
10:36:45.0263 5984 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
10:36:45.0266 5984 Wecsvc - ok
10:36:45.0284 5984 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
10:36:45.0286 5984 wercplsupport - ok
10:36:45.0317 5984 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
10:36:45.0319 5984 WerSvc - ok
10:36:45.0363 5984 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
10:36:45.0364 5984 WfpLwf - ok
10:36:45.0380 5984 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
10:36:45.0381 5984 WIMMount - ok
10:36:45.0419 5984 WinDefend - ok
10:36:45.0426 5984 WinHttpAutoProxySvc - ok
10:36:45.0467 5984 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
10:36:45.0472 5984 Winmgmt - ok
10:36:45.0520 5984 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
10:36:45.0553 5984 WinRM - ok
10:36:45.0613 5984 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
10:36:45.0632 5984 Wlansvc - ok
10:36:45.0678 5984 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
10:36:45.0679 5984 wlcrasvc - ok
10:36:45.0779 5984 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:36:45.0811 5984 wlidsvc - ok
10:36:45.0905 5984 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
10:36:45.0906 5984 WmiAcpi - ok
10:36:45.0946 5984 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
10:36:45.0948 5984 wmiApSrv - ok
10:36:45.0984 5984 WMPNetworkSvc - ok
10:36:46.0028 5984 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
10:36:46.0030 5984 WPCSvc - ok
10:36:46.0048 5984 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
10:36:46.0050 5984 WPDBusEnum - ok
10:36:46.0090 5984 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
10:36:46.0091 5984 ws2ifsl - ok
10:36:46.0105 5984 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
10:36:46.0107 5984 wscsvc - ok
10:36:46.0114 5984 WSearch - ok
10:36:46.0154 5984 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
10:36:46.0190 5984 wuauserv - ok
10:36:46.0209 5984 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
10:36:46.0211 5984 WudfPf - ok
10:36:46.0239 5984 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:36:46.0242 5984 WUDFRd - ok
10:36:46.0259 5984 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
10:36:46.0261 5984 wudfsvc - ok
10:36:46.0278 5984 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
10:36:46.0306 5984 WwanSvc - ok
10:36:46.0364 5984 ztemtusbser (abea67f122d25a0b1e0f7c0abeeca069) C:\Windows\system32\DRIVERS\CT_ZTEMT_U_USBSER.sys
10:36:46.0366 5984 ztemtusbser - ok
10:36:46.0419 5984 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
10:36:46.0474 5984 \Device\Harddisk0\DR0 - ok
10:36:46.0477 5984 Boot (0x1200) (4831db8892bb992461affe3a7b8ae636) \Device\Harddisk0\DR0\Partition0
10:36:46.0478 5984 \Device\Harddisk0\DR0\Partition0 - ok
10:36:46.0487 5984 Boot (0x1200) (fca6d84c7c6c5cb0efc5660912b1e73b) \Device\Harddisk0\DR0\Partition1
10:36:46.0488 5984 \Device\Harddisk0\DR0\Partition1 - ok
10:36:46.0507 5984 Boot (0x1200) (64efd5c996e6e10bd4aad6518ad9e2fa) \Device\Harddisk0\DR0\Partition2
10:36:46.0508 5984 \Device\Harddisk0\DR0\Partition2 - ok
10:36:46.0508 5984 ============================================================
10:36:46.0508 5984 Scan finished
10:36:46.0508 5984 ============================================================
10:36:46.0517 3908 Detected object count: 0
10:36:46.0517 3908 Actual detected object count: 0

even the report said the date and time: Apr 3 2012 13:42:32
but, the filename said timeTDSSKiller.2.7.25.0_04.04.2012_10.36.13_log
and the window said date modified 04/04/2012 10:36 which is this is my current time.. should I re-scan again? I won't rescan or do anything unless you told me so
 
You did fine.

Download the FixTDSS.exe

Save the file to your Windows desktop.
Close all running programs.
If you are running Windows XP, turn off System Restore. How to turn off or turn on Windows XP System Restore
Double-click the FixTDSS.exe file to start the removal tool.
Click Start to begin the process, and then allow the tool to run.
OK any security prompts.
Restart the computer when prompted by the tool.
After the computer has started, the tool will inform you of the state of infection (make sure to let me know what it said)
If you are running Windows XP, re-enable System Restore.
 
before I'm running FixTDSS.exe, should I turn off system restore? I'm using win 7 64bit

and I'm running Comodo internet security, emsisoft antimalware, and MBAM pro
but, every instructions you given, I'm always disable all protection before running/executions
 
after I double-clicked FixTDSS.exe, the tool asked to restart, I click OK, then the system restart, after system restart, the tool inform me this:

TDSS Fixtool 2.1.3
Scan results:
No infections were found
 
Very good.
That's all I needed to know.

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe
  • Double-click on the Rkill icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
sorry, to make you waiting..
I need time to read it carefully, when I'm start running combofix, it said that I had antivir desktop is still running.. well, I don't use it right now (I'm using comodo internet security, Emsisoft, and MBAM) but, I WAS using it before, and had it uninstalled..
Now, I'm using appremover, and it's still scanning.. I'll execute combofix right after Appremover is done.
 
Broni, something happen to my PC after running Combofix! Help, I'm really panic right now.. after reebot, now, my pc can't run anything, except explorer..

this is what happen:
appremover couldn't find any avira left trace, so I continue running combofix

in the middle running combofix, I left my pc, because I need to the bathroom..
when, I'm back, i found my PC in the middle of rebooting automatically..
then, when booting, before enter windows it showing message:

"sasnative 64 program not found, skipping autocheck"

then, when enter window, combofix dialog box said dont run any programs until it finished make log report

after log report is showing, now I can't running anything except explorer.
There is always a message "registry key that has been marked for deletion" when running anything..

now, I can't post my log, but, I can tell you the size of log 44kb (size on disk 48)

I'm sorry I don't understand what it means in the log, but there's a long list of "Locked registry keys" it fills up about 2/3 of the log (based on scroll)

but, what make me more panic is: the last line from the log, it said
completion time 2012-04-05 03:06:19
quarantined-files-text 2012-04-04 20:06
pre-run 137.102.704.640 bytes free
post-run: 151.978.639.360 bytes free

plus I cannot run any document..

based on the space size, this means the drive is freed a HUGE amount of data, this is what I fear most, does it mean I lost that very much data? and it's said I can't run any document, since it said illegal operation attempted on a registry key that has been marked for deletion, does it mean that data has been deleted? What happen to my PC? is it alright?

There are lot of my father's work in drive C (mostly in my document folder), and I can't afford to lose it, since there is NO any single backup..

right now, I'm using laptop, and my PC that after running combofix is still running (turned on) I won't shut it down until I know it's fine, because I'm totally scared, shut it down could bring catastrophic disaster to my files.. now, I'm totally in panic..

My apologies if I use impolite words/sentences, since I'm in panic..
 
There is always a message "registry key that has been marked for deletion" when running anything..
Click to expand...
You didn't read my instructions carefully enough.
Restart computer to fix the issue.
 
My apologies, I think I miss that, because I'm more focusing how to running the combofix properly in order to prevent unpredictable results..

I'm sorry, because I'm panicked..

here is the Combofix log

ComboFix 12-04-04.02 - Razhar 05/04/2012 2:52.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.62.1033.18.1992.854 [GMT 7:00]
Running from: c:\users\Razhar\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
c:\program files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
c:\program files (x86)\Mozilla Firefox\Plugins\npqtplugin6.dll
c:\program files (x86)\Mozilla Firefox\Plugins\npqtplugin7.dll
c:\program files (x86)\QuickTime\Plugins\npqtplugin2.dll
c:\program files (x86)\QuickTime\Plugins\npqtplugin3.dll
c:\program files (x86)\QuickTime\Plugins\npqtplugin4.dll
c:\program files (x86)\QuickTime\Plugins\npqtplugin5.dll
c:\program files (x86)\QuickTime\Plugins\npqtplugin6.dll
c:\program files (x86)\QuickTime\Plugins\npqtplugin7.dll
c:\windows\17425030.exe
c:\windows\RazorDOX
c:\windows\RazorDOX\RazorDOX.dll
c:\windows\RazorDOX\RazorDOX.ini
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_KXESCORE
.
.
((((((((((((((((((((((((( Files Created from 2012-03-04 to 2012-04-04 )))))))))))))))))))))))))))))))
.
.
2012-04-04 19:58 . 2012-04-04 19:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-04 15:00 . 2012-04-04 15:00 -------- d-----w- c:\users\Razhar\Salitykiller2012
2012-04-03 13:42 . 2012-04-03 13:42 -------- d-----w- c:\program files\Recuva
2012-04-02 21:13 . 2012-04-02 21:46 -------- d-----w- c:\program files (x86)\Trojan Remover
2012-04-02 16:32 . 2012-04-02 20:59 -------- d-----w- c:\program files (x86)\PC Tools Security
2012-04-02 12:03 . 2012-04-02 12:03 0 ----a-w- c:\windows\SysWow64\sho31F9.tmp
2012-04-02 10:55 . 2012-04-02 10:55 -------- d-----w- c:\windows\Digital Rescue 4 Premium
2012-04-02 09:00 . 2012-04-02 15:40 -------- dc----w- c:\windows\system32\DRVSTORE
2012-04-02 08:40 . 2012-04-02 08:40 -------- d-----w- c:\program files\Diskeeper Corporation
2012-04-01 20:08 . 2012-04-02 18:57 -------- d-----w- c:\program files\CCleaner
2012-04-01 16:00 . 2012-04-01 16:56 -------- d-----w- c:\users\Razhar\AppData\Roaming\TeamViewer
2012-04-01 15:52 . 2011-12-16 15:53 35112 ----a-w- c:\windows\system32\drivers\teamviewervpn.sys
2012-04-01 15:52 . 2012-04-01 15:52 -------- d-----w- c:\program files (x86)\TeamViewer
2012-04-01 13:58 . 2012-04-01 13:58 0 ----a-w- c:\windows\SysWow64\sho3708.tmp
2012-04-01 08:17 . 2012-04-01 08:17 -------- d-----w- c:\programdata\WEBREG
2012-04-01 08:17 . 2012-04-01 08:21 -------- d-----w- c:\users\Razhar\AppData\Roaming\HP
2012-04-01 08:16 . 2012-04-01 08:16 -------- d-----w- c:\users\Razhar\AppData\Local\HP
2012-04-01 08:13 . 2012-04-01 08:13 -------- d-----w- c:\programdata\HP Product Assistant
2012-04-01 08:12 . 2012-04-01 08:12 -------- d-----w- c:\program files (x86)\Common Files\Hewlett-Packard
2012-04-01 08:12 . 2012-04-01 08:12 -------- d-----w- c:\program files (x86)\Common Files\HP
2012-04-01 08:11 . 2012-04-01 08:14 -------- d-----w- c:\program files (x86)\HP
2012-04-01 08:09 . 2012-04-01 08:21 -------- d-----w- c:\programdata\HP
2012-04-01 08:09 . 2009-07-08 10:51 642360 ----a-w- c:\windows\system32\hpzids40.dll
2012-04-01 08:09 . 2009-07-08 10:51 861184 ----a-w- c:\windows\system32\hpowiav1.dll
2012-04-01 08:09 . 2009-07-08 10:51 730624 ----a-w- c:\windows\system32\hpotscl1.dll
2012-04-01 08:09 . 2009-07-08 10:51 498176 ----a-w- c:\windows\system32\hpovst01.dll
2012-04-01 08:00 . 2012-04-01 08:00 -------- d-----w- c:\users\Razhar\AppData\Roaming\Babylon
2012-04-01 08:00 . 2012-04-01 08:00 -------- d-----w- c:\programdata\Babylon
2012-03-16 08:15 . 2012-03-16 08:15 -------- d-----w- c:\users\Razhar\AppData\Roaming\Registry Mechanic
2012-03-16 08:09 . 2011-12-12 07:07 512472 ----a-w- c:\windows\SysWow64\msxml.dll
2012-03-16 08:09 . 2011-12-12 07:07 40408 ----a-w- c:\windows\system32\CleanMFT64.exe
2012-03-16 08:09 . 2008-09-17 15:17 658432 ----a-w- c:\windows\SysWow64\MSCOMCT2.OCX
2012-03-16 08:09 . 2008-04-02 09:54 1101824 ----a-w- c:\windows\SysWow64\UniBox210.ocx
2012-03-16 08:09 . 2008-04-02 09:53 212992 ----a-w- c:\windows\SysWow64\UniBoxVB12.ocx
2012-03-16 08:09 . 2008-04-02 09:53 880640 ----a-w- c:\windows\SysWow64\UniBox10.ocx
2012-03-16 07:47 . 2012-04-02 20:12 -------- d-----w- c:\programdata\PC Tools
2012-03-16 07:47 . 2012-03-16 07:47 -------- d-----w- c:\users\Razhar\AppData\Roaming\Product_RM
2012-03-16 07:23 . 2011-03-15 04:10 44544 ----a-w- c:\windows\SysWow64\msxml4a.dll
2012-03-16 07:23 . 2011-02-04 13:32 108056 ----a-w- c:\windows\SysWow64\drivers\PCTDMDefrag.sys
2012-03-16 06:25 . 2012-03-16 06:25 0 ----a-w- c:\windows\SysWow64\sho4CBA.tmp
2012-03-15 18:50 . 2012-03-23 11:48 -------- d-----w- c:\programdata\Comodo
2012-03-15 18:45 . 2012-03-23 15:23 -------- d-----w- c:\users\Razhar\AppData\Local\Comodo
2012-03-15 18:25 . 2012-03-31 19:37 -------- d-----w- c:\programdata\CPA_VA
2012-03-15 18:16 . 2012-03-29 18:20 -------- d-----w- c:\program files (x86)\Comodo
2012-03-15 15:31 . 2012-03-15 15:31 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-15 15:31 . 2011-12-10 08:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-15 10:09 . 2012-01-16 09:28 149456 ----a-w- c:\windows\SGDetectionTool.dll0352.old
2012-03-15 10:09 . 2012-01-16 09:28 2246608 ----a-w- c:\windows\PCTBDCore.dll0352.old
2012-03-15 10:09 . 2012-01-16 09:28 767952 ----a-w- c:\windows\BDTSupport.dll0352.old
2012-03-13 11:20 . 2012-03-27 08:49 -------- d-----w- c:\users\Razhar\AppData\Local\ElevatedDiagnostics
2012-03-13 09:50 . 2012-03-13 09:50 -------- d-----w- c:\users\Razhar\AppData\Local\Apps
2012-03-12 09:58 . 2012-03-12 09:58 1409 ----a-w- c:\windows\QTFont.for
2012-03-11 18:42 . 2012-03-29 13:18 -------- d-----w- c:\users\Razhar\AppData\Roaming\runic games
2012-03-11 14:13 . 2012-03-11 14:13 577824 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2012-03-11 14:13 . 2012-03-11 14:13 43248 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2012-03-11 14:13 . 2012-03-11 14:13 22696 ----a-w- c:\windows\system32\drivers\cmderd.sys
2012-03-11 14:13 . 2012-03-11 14:13 41200 ----a-w- c:\windows\system32\cmdcsr.dll
2012-03-11 14:13 . 2012-03-11 14:13 301224 ----a-w- c:\windows\SysWow64\guard32.dll
2012-03-11 14:13 . 2012-03-11 14:13 389840 ----a-w- c:\windows\system32\guard64.dll
2012-03-11 06:14 . 2012-03-11 06:14 -------- d-----w- c:\users\Razhar\AppData\Roaming\isoburnerdata
2012-03-10 14:24 . 2012-03-10 14:24 -------- d-----w- c:\users\Razhar\AppData\Roaming\PCTools
2012-03-10 11:50 . 2012-03-10 11:50 -------- d-----w- c:\users\Razhar\AppData\Roaming\PC Tools
2012-03-10 07:13 . 2012-03-10 07:13 -------- d-----w- c:\users\Razhar\AppData\Roaming\Malwarebytes
2012-03-10 07:13 . 2012-03-10 07:13 -------- d-----w- c:\programdata\Malwarebytes
2012-03-10 06:07 . 2012-03-16 08:09 -------- d-----w- c:\program files (x86)\PC Tools
2012-03-09 19:37 . 2012-04-02 20:12 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2012-03-09 19:37 . 2012-02-24 03:36 230952 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
2012-03-09 19:00 . 2012-03-09 19:00 -------- d-----w- c:\users\Razhar\AppData\Roaming\TestApp
2012-03-09 06:24 . 2012-03-09 06:24 -------- d-----w- c:\programdata\Local Settings
2012-03-08 16:48 . 2012-03-08 16:48 0 ----a-w- c:\windows\SysWow64\shoFFB3.tmp
2012-03-06 10:50 . 2012-03-06 10:50 -------- d-----w- c:\users\Razhar\AppData\Roaming\Apple Computer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-29 18:12 . 2011-09-16 08:26 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-12 10:42 . 2011-07-13 07:03 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-03-12 10:42 . 2011-07-13 07:03 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-03-12 10:42 . 2011-07-13 07:03 29480 ----a-w- c:\windows\SysWow64\msxml3a.dll
2012-02-03 12:27 . 2012-02-03 12:27 93200 ----a-w- c:\windows\system32\drivers\inspect.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SM?RT-Protection"="c:\program files (x86)\Smadav\SM?RTP.exe" [?]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" [2010-11-01 1374720]
"Hotkey Utility"="c:\program files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe" [2011-01-19 620136]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-02 87336]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
"SSDMonitor"="c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2011-12-12 103896]
"emsisoft anti-malware"="c:\program files (x86)\emsisoft anti-malware\a2guard.exe" [2012-02-01 3357584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ rmslt.nt\0autocheck autochk *\0autocheck sasnative64
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [x]
R0 TFSysMon;TFSysMon;c:\windows\system32\drivers\TfSysMon.sys [x]
R2 ATE_PROCMON;ATE_PROCMON;c:\program files (x86)\Anti Trojan Elite\ATEPMon.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 253600]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
R3 cpuz134;cpuz134;c:\program files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys [2010-07-09 21480]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-12-28 1431888]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 HSPADataCardusbmdm;HSPADataCard Proprietary USB Driver;c:\windows\system32\DRIVERS\HSPADataCardusbmdm.sys [x]
R3 HSPADataCardusbnmea;HSPADataCard NMEA Port;c:\windows\system32\DRIVERS\HSPADataCardusbnmea.sys [x]
R3 HSPADataCardusbser;HSPADataCard Diagnostic Port;c:\windows\system32\DRIVERS\HSPADataCardusbser.sys [x]
R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [x]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [x]
R3 ztemtusbser;ZTEMT Legacy Serial Communication;c:\windows\system32\DRIVERS\CT_ZTEMT_U_USBSER.sys [x]
R4 mi-raysat_3dsmax2012_64;mental ray 3.9 Satellite for Autodesk 3ds Max 2012 64-bit - English 64-bit;c:\program files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe [2012-04-02 86016]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [2011-05-19 23208]
S1 a2injectiondriver;a2injectiondriver;c:\program files (x86)\Emsisoft Anti-Malware\a2dix64.sys [2011-11-02 41728]
S1 a2util;a-squared Malware-IDS utility driver;c:\program files (x86)\Emsisoft Anti-Malware\a2util64.sys [2010-05-05 14720]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe [2012-01-22 3025112]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-27 821664]
S2 DragonUpdater;COMODO Dragon Update Service;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe [2012-03-28 407288]
S2 GREGService;GREGService;c:\program files (x86)\Gateway\Registration\GREGsvc.exe [2010-01-08 23584]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
S2 Live Updater Service;Live Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2011-01-31 244624]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2011-12-12 793048]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-02 483688]
S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2010-10-21 5790064]
S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2010-10-21 487280]
S2 UDisk Monitor;UDisk Monitor;c:\program files\Modem AC2726 UI\bin\MonServiceUDisk64.exe [2009-09-23 407040]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S2 USBS3S4Detection;USBS3S4Detection;c:\oem\USBDECTION\USBS3S4Detection.exe [2009-12-09 76320]
S3 a2acc;a2acc;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [2011-11-02 63880]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-02 209768]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 18:12]
.
2012-04-04 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~2\SMARTD~1\Messages\SDNotify.exe [2011-12-04 00:29]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-10-06 166936]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-10-06 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-10-06 416792]
"THXCfg64"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-12-13 13374568]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 9569096]
"combofix"="c:\combofix\CF7806.3XE" [2010-11-21 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\guard64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = my.daemon-search.com
mStart Page = hxxp://gateway.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Download by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Razhar\AppData\Roaming\Mozilla\Firefox\Profiles\o2c60my7.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-Adobe Reader Speed Launcher - c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
Wow6432Node-HKLM-Explorer_Run-15354 - c:\progra~3\LOCALS~1\Temp\msaeod.cmd
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.032"
.
[HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.abr"
.
[HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.ani"
.
[HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.apd"
.
[HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.arw"
.
[HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.bay"
.
[HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.bmp"
.
[HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.bw"
.
[HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.cr2"
.
[HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.crw"
.
[HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.cs1"
.
[HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.cur"
.
[HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.dcr"
.
[HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.dcx"
.
[HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.dib"
.
[HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.djv"
.
[HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.djvu"
.
[HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.dng"
.
[HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.emf"
.
[HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.eps"
.
[HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.erf"
.
[HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.fff"
.
[HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.fpx"
.
[HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.gif"
.
[HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.hdr"
.
[HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.icl"
.
[HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.icn"
.
[HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (S-1-5-21-2140435408-939192104-1354380877-1000)
@Denied: (2) (LocalSystem)
"Progid"="Winamp.File.iff"
.
[HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.ilbm"
.
[HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.int"
.
[HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.inta"
.
[HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.iw4"
.
[HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.j2c"
.
[HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.j2k"
.
[HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.jbr"
.
[HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.jfif"
.
[HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.jif"
.
[HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.jp2"
.
[HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.jpc"
.
[HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.jpe"
.
[HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.jpeg"
.
[HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.jpg"
.
[HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.jpk"
.
[HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.jpx"
.
[HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.kdc"
.
[HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.lbm"
.
[HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.mef"
.
[HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.mos"
.
[HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.mrw"
.
[HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.nef"
.
[HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.nrw"
.
[HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.orf"
.
[HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.pbm"
.
[HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.pbr"
.
[HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.pcd"
.
[HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.pct"
.
[HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.pcx"
.
[HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.pef"
.
[HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.pgm"
.
[HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.pic"
.
[HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.pict"
.
[HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.pix"
.
[HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.png"
.
[HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.ppm"
.
[HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.psd"
.
[HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.psp"
.
[HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.pspbrush"
.
[HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.pspimage"
.
[HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.raf"
.
[HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.ras"
.
[HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (S-1-5-21-2140435408-939192104-1354380877-1000)
@Denied: (2) (LocalSystem)
"Progid"="Winamp.File.raw"
.
[HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.rgb"
.
[HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.rgba"
.
[HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.rle"
.
[HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.rsb"
.
[HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.rw2"
.
[HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.rwl"
.
[HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.sgi"
.
[HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.sr2"
.
[HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.srf"
.
[HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.srw"
.
[HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.tga"
.
[HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.thm"
.
[HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.tif"
.
[HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.tiff"
.
[HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.ttc"
.
[HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.ttf"
.
[HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v40po\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.v40po"
.
[HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v40pp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.v40pp"
.
[HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v40ppf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.v40ppf"
.
[HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.wbm"
.
[HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.wbmp"
.
[HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.wmf"
.
[HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.xbm"
.
[HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.xif"
.
[HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.xmp"
.
[HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 4.xpm"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-04-05 03:06:19 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-04 20:06
.
Pre-Run: 137.102.704.640 bytes free
Post-Run: 151.978.639.360 bytes free
.
- - End Of File - - E412C1BFE61B6ED42610A72909B81418


and, I have reenabled my system protection, Comodo Internet Security and MBAM
 
I'm sorry, because I'm panicked..
Click to expand...
No worries :)

Combofix log looks good.

How is computer doing?

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\tasks\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
"how is your computer doing?"
well, It's still doing fine just as before, but I feel more satisfied when reading the combofix log said orphan removed--> the persistent registry
:)
but, there is anomaly, before running OTL, my Comodo defense+ sandboxed windows\system32\explorer.exe.. this kind of event happen when infected by virus/done by virus
here is the Logs

========== Processes (SafeList) ==========

PRC - [2012/04/05 05:56:56 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Razhar\Desktop\OTL.exe
PRC - [2012/03/28 20:30:08 | 000,407,288 | ---- | M] () -- C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
PRC - [2012/03/09 21:32:47 | 001,503,232 | ---- | M] (Smadsoft) -- C:\Program Files (x86)\Smadav\SMΔRTP.exe
PRC - [2012/02/01 10:46:36 | 003,357,584 | ---- | M] (Emsi Software GmbH) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe
PRC - [2012/01/22 08:40:04 | 003,025,112 | ---- | M] (Emsi Software GmbH) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/01/13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/12/12 14:07:00 | 000,793,048 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2011/12/12 14:06:58 | 000,103,896 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
PRC - [2011/03/02 11:23:36 | 000,391,432 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\BingBar.exe
PRC - [2011/03/02 11:23:36 | 000,259,336 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\BingApp.exe
PRC - [2011/02/26 00:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/01 12:25:46 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011/02/01 12:25:42 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2011/02/01 03:55:14 | 000,244,624 | ---- | M] (Acer Incorporated) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
PRC - [2011/01/19 08:08:08 | 000,620,136 | ---- | M] () -- C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
PRC - [2010/11/06 13:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/11/06 13:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/11/02 03:25:34 | 001,374,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe
PRC - [2010/05/05 02:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2010/02/03 00:08:56 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
PRC - [2010/01/08 20:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe
PRC - [2009/12/09 16:24:16 | 000,076,320 | ---- | M] () -- C:\OEM\USBDECTION\USBS3S4Detection.exe
PRC - [2009/12/02 22:23:38 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2009/12/02 22:23:32 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/09 21:32:47 | 001,503,232 | ---- | M] () -- C:\Program Files (x86)\Smadav\SM?RTP.exe
MOD - [2011/04/22 15:19:30 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\30a8c29a4e9807d25f7148ba4adbe7b9\IAStorUtil.ni.dll
MOD - [2011/04/22 15:19:30 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\3956b6af532aee63d53f0c15d071b14b\IAStorCommon.ni.dll
MOD - [2011/01/19 08:08:08 | 000,620,136 | ---- | M] () -- C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
MOD - [2011/01/19 08:08:04 | 000,151,656 | ---- | M] () -- C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyHook.dll
MOD - [2010/11/21 10:51:49 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\08d608378aa405adc844f3cf36974b8c\Microsoft.VisualBasic.ni.dll
MOD - [2010/11/21 10:49:13 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5cae93d923c8378370758489e5535820\System.Runtime.Remoting.ni.dll
MOD - [2010/11/21 10:49:02 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\bfaf8f86e69928fb2f67987c0203f603\PresentationFramework.ni.dll
MOD - [2010/11/21 10:48:49 | 012,432,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll
MOD - [2010/11/21 10:48:42 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll
MOD - [2010/11/21 10:48:40 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\2ad23de8284d4594aa658dfb5e667d97\PresentationCore.ni.dll
MOD - [2010/11/21 10:48:30 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf293040f3a93afa1ea782487acae816\WindowsBase.ni.dll
MOD - [2010/11/21 10:48:25 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\461d3b6b3f43e6fbe6c897d5936e17e4\System.Xml.ni.dll
MOD - [2010/11/21 10:48:22 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bc09ad2d49d8535371845cd7532f9271\System.Configuration.ni.dll
MOD - [2010/11/21 10:48:21 | 007,963,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
MOD - [2010/11/21 10:48:14 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/04/03 00:45:59 | 000,086,016 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Autodesk\3ds Max 2012\mentalimages\satellite\raysat_3dsmax2012_64server.exe -- (mi-raysat_3dsmax2012_64)
SRV:64bit: - [2012/03/11 21:13:24 | 002,815,496 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV:64bit: - [2011/12/28 15:36:25 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2011/02/01 03:55:14 | 000,244,624 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -- (Live Updater Service)
SRV:64bit: - [2010/10/21 09:38:38 | 005,790,064 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen)
SRV:64bit: - [2010/10/21 09:38:38 | 000,487,280 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen)
SRV:64bit: - [2010/09/23 08:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/09/23 12:49:44 | 000,407,040 | ---- | M] () [Auto | Running] -- C:\Program Files\Modem AC2726 UI\bin\MonServiceUDisk64.exe -- (UDisk Monitor)
SRV:64bit: - [2009/07/14 08:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/03/30 01:12:37 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/28 20:30:08 | 000,407,288 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe -- (DragonUpdater)
SRV - [2012/01/22 08:40:04 | 003,025,112 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/12/27 19:33:20 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/12/12 14:07:00 | 000,793,048 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2011/03/02 11:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/26 00:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/02/01 12:25:46 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2011/02/01 12:25:42 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010/11/06 13:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010/10/13 00:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/05/05 02:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) @C:\Program Files (x86)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/08 20:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/12/09 16:24:16 | 000,076,320 | ---- | M] () [Auto | Running] -- C:\OEM\USBDECTION\USBS3S4Detection.exe -- (USBS3S4Detection)
SRV - [2009/12/02 22:23:38 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2009/12/02 22:23:32 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2009/09/20 11:55:20 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/06/11 04:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/11 21:13:40 | 000,022,696 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\cmderd.sys -- (cmderd)
DRV:64bit: - [2011/12/27 19:05:16 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/12/16 22:53:01 | 000,035,112 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV:64bit: - [2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/03/02 01:08:56 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/11/21 10:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 10:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/21 10:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 10:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/21 10:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/06 13:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/10/28 09:27:18 | 000,011,776 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV:64bit: - [2010/10/19 15:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010/10/05 13:26:10 | 000,018,288 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV:64bit: - [2010/10/05 13:26:02 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV:64bit: - [2010/10/05 13:26:00 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - [2010/10/01 13:14:34 | 012,157,792 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/09/21 13:34:18 | 000,313,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) Intel(R)
DRV:64bit: - [2010/07/20 14:49:32 | 000,123,648 | ---- | M] (D-Link Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HSPADataCardusbser.sys -- (HSPADataCardusbser)
DRV:64bit: - [2010/07/20 14:49:28 | 000,123,648 | ---- | M] (D-Link Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HSPADataCardusbnmea.sys -- (HSPADataCardusbnmea)
DRV:64bit: - [2010/07/20 14:49:16 | 000,123,648 | ---- | M] (D-Link Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HSPADataCardusbmdm.sys -- (HSPADataCardusbmdm)
DRV:64bit: - [2010/02/06 14:49:24 | 000,690,208 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su)
DRV:64bit: - [2009/12/02 22:23:38 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2009/12/02 22:23:34 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2009/12/02 22:23:32 | 000,269,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2009/12/02 22:23:26 | 000,721,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2009/11/18 13:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt)
DRV:64bit: - [2009/07/28 09:41:06 | 000,119,168 | ---- | M] (ZTEMT Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT_ZTEMT_U_USBSER.sys -- (ztemtusbser)
DRV:64bit: - [2009/07/14 08:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 08:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 08:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/14 08:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/11 03:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/11 03:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/11 03:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/11 03:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/06/27 07:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
DRV:64bit: - [2007/08/24 19:44:24 | 000,112,512 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2011/11/02 10:13:26 | 000,041,728 | ---- | M] (Emsi Software GmbH) [File_System | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys -- (a2injectiondriver)
DRV - [2011/11/02 10:13:12 | 000,063,880 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys -- (a2acc)
DRV - [2011/05/19 13:10:34 | 000,023,208 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys -- (A2DDA)
DRV - [2010/07/09 12:19:04 | 000,021,480 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys -- (cpuz134)
DRV - [2010/05/05 08:40:54 | 000,014,720 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys -- (a2util)
DRV - [2009/07/14 08:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://gateway.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AGWTDF&pc=MAGW&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://gateway.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AGWTDF&pc=MAGW&src=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2140435408-939192104-1354380877-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = my.daemon-search.com
IE - HKU\S-1-5-21-2140435408-939192104-1354380877-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2140435408-939192104-1354380877-1000\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search?q={searchTerms}
IE - HKU\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Razhar\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Razhar\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/03/15 21:49:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/05 02:57:51 | 000,000,000 | ---D | M]

[2011/09/16 15:27:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Razhar\AppData\Roaming\Mozilla\Extensions
[2012/03/10 21:15:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Razhar\AppData\Roaming\Mozilla\Firefox\Profiles\o2c60my7.default\extensions
[2011/12/27 19:05:00 | 000,002,055 | ---- | M] () -- C:\Users\Razhar\AppData\Roaming\Mozilla\Firefox\Profiles\o2c60my7.default\searchplugins\daemon-search.xml
[2012/01/24 22:26:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/03/15 21:49:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\RAZHAR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\O2C60MY7.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/01/03 08:00:23 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/11/10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/07/12 04:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2011/10/23 22:55:48 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/11 12:26:46 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Razhar\AppData\Local\Google\Chrome\Application\18.0.1025.142\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Razhar\AppData\Local\Google\Chrome\Application\18.0.1025.142\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Razhar\AppData\Local\Google\Chrome\Application\18.0.1025.142\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Razhar\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: QuickTime Plug-in 7.1.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Orbit Downloader (Enabled) = C:\Users\Razhar\AppData\Local\Google\Chrome\Application\plugins\nporbit.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - plugin: Wacom Dynamic Link Library (Enabled) = C:\Program Files (x86)\TabletPlugins\npwacom.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Razhar\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: Google Translate = C:\Users\Razhar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\1.2.3.1_0\
CHR - Extension: Angry Birds = C:\Users\Razhar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\
CHR - Extension: Gismeteo = C:\Users\Razhar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfegaehidkkcfaikpaijcdahnpikhobf\2.0.4_0\
CHR - Extension: YouTube = C:\Users\Razhar\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Adblock Plus (Beta) = C:\Users\Razhar\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\
CHR - Extension: Google Search = C:\Users\Razhar\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Search by Image (by Google) = C:\Users\Razhar\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm\1.1.1_0\
CHR - Extension: Full Screen Weather = C:\Users\Razhar\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkaebihfmbofclegkcfkkemepfehibg\1.3_0\
CHR - Extension: Angry Birds Seasons = C:\Users\Razhar\AppData\Local\Google\Chrome\User Data\Default\Extensions\glfgpgljcapdjhcnmecmgihadngabijc\1.1_0\
CHR - Extension: The Weather Channel for Chrome = C:\Users\Razhar\AppData\Local\Google\Chrome\User Data\Default\Extensions\iflpcokdamgefbghpdipcibmhlkdopop\1.0.0.4_0\
CHR - Extension: Forecastfox = C:\Users\Razhar\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihffmkcfkejomlfnilnmkokcpgclhfeg\2.0.10_0\
CHR - Extension: Google +1 Button = C:\Users\Razhar\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgoepmocgafhnchmokaimcmlojpnlkhp\1.1.2.202_0\
CHR - Extension: K-ON! = C:\Users\Razhar\AppData\Local\Google\Chrome\User Data\Default\Extensions\jijlppfhlfgamaofmpafjpibhdmmcbde\3_1\
CHR - Extension: gCast Weather = C:\Users\Razhar\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmmhclhlfcfedmliapdfdkonpceafidj\2.1.2_0\
CHR - Extension: Metric Conversions = C:\Users\Razhar\AppData\Local\Google\Chrome\User Data\Default\Extensions\kninfdohcboilpapkmbbdmcfanlgflld\1.5_0\
CHR - Extension: Gmail = C:\Users\Razhar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/04/05 03:01:20 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2140435408-939192104-1354380877-1000\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKU\S-1-5-21-2140435408-939192104-1354380877-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-2140435408-939192104-1354380877-1000\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [THXCfg64] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: [emsisoft anti-malware] c:\program files (x86)\emsisoft anti-malware\a2guard.exe (Emsi Software GmbH)
O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-2140435408-939192104-1354380877-1000..\Run: [SMΔRT-Protection] C:\Program Files (x86)\Smadav\SMΔRTP.exe (Smadsoft)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 15354 = C:\PROGRA~3\LOCALS~1\Temp\msaeod.cmd
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2140435408-939192104-1354380877-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2140435408-939192104-1354380877-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2140435408-939192104-1354380877-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O7 - HKU\S-1-5-21-2140435408-939192104-1354380877-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (rmslt.nt)
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (autocheck sasnative64)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.ac3acm - C:\Windows\SysWow64\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3fhg - C:\Windows\SysWow64\mp3fhg.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: VIDC.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\Windows\SysWow64\yv12vfw.dll (www.helixcommunity.org)

continue..
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/04/05 05:59:53 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Razhar\Desktop\OTL.exe
[2012/04/05 04:57:29 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/04/05 02:49:32 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/04/05 02:49:32 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/04/05 02:49:32 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/04/05 01:26:31 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/04/05 01:25:53 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/05 01:06:31 | 004,456,875 | R--- | C] (Swearware) -- C:\Users\Razhar\Desktop\ComboFix.exe
[2012/04/04 22:09:19 | 000,171,344 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Razhar\Desktop\SalityKiller.com
[2012/04/04 22:00:09 | 000,000,000 | ---D | C] -- C:\Users\Razhar\Salitykiller2012
[2012/04/04 10:35:51 | 000,000,000 | ---D | C] -- C:\Users\Razhar\Desktop\tdsskiller
[2012/04/04 08:20:18 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Razhar\Desktop\aswMBR.exe
[2012/04/03 20:42:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
[2012/04/03 20:42:10 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2012/04/03 04:14:56 | 000,000,000 | ---D | C] -- C:\Users\Razhar\Documents\Simply Super Software
[2012/04/03 04:13:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojan Remover
[2012/04/02 23:32:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools Security
[2012/04/02 19:16:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
[2012/04/02 17:55:49 | 000,000,000 | ---D | C] -- C:\Users\Razhar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Migo Software
[2012/04/02 17:55:48 | 000,000,000 | ---D | C] -- C:\Windows\Digital Rescue 4 Premium
[2012/04/02 16:00:59 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2012/04/02 15:40:19 | 000,000,000 | ---D | C] -- C:\Program Files\Diskeeper Corporation
[2012/04/02 03:08:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/04/02 03:08:49 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/04/01 23:00:03 | 000,000,000 | ---D | C] -- C:\Users\Razhar\AppData\Roaming\TeamViewer
[2012/04/01 22:52:51 | 000,035,112 | ---- | C] (TeamViewer GmbH) -- C:\Windows\SysNative\drivers\teamviewervpn.sys
[2012/04/01 22:52:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2012/04/01 15:23:42 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/04/01 15:17:36 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBREG
[2012/04/01 15:17:29 | 000,000,000 | ---D | C] -- C:\Users\Razhar\AppData\Roaming\HP
[2012/04/01 15:16:54 | 000,000,000 | ---D | C] -- C:\Users\Razhar\AppData\Local\HP
[2012/04/01 15:13:50 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant
[2012/04/01 15:13:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2012/04/01 15:12:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Hewlett-Packard
[2012/04/01 15:12:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\HP
[2012/04/01 15:11:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2012/04/01 15:11:15 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/04/01 15:09:40 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2012/04/01 15:00:55 | 000,000,000 | ---D | C] -- C:\Users\Razhar\AppData\Roaming\Babylon
[2012/04/01 15:00:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012/03/31 22:51:47 | 000,000,000 | ---D | C] -- C:\Users\Razhar\Desktop\SPC_Report
[2012/03/31 22:50:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Advanced System Optimizer 3
[2012/03/31 22:02:14 | 000,000,000 | ---D | C] -- C:\Windows\Repair
[2012/03/31 22:00:25 | 000,000,000 | ---D | C] -- C:\Users\Razhar\AppData\Roaming\Systweak
[2012/03/31 22:00:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Systweak
[2012/03/30 19:56:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
[2012/03/30 19:56:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware
[2012/03/30 19:56:02 | 000,000,000 | ---D | C] -- C:\Users\Razhar\Documents\Anti-Malware
[2012/03/29 16:19:05 | 000,000,000 | ---D | C] -- C:\Smadav
[2012/03/24 16:58:37 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/03/23 18:52:57 | 000,000,000 | ---D | C] -- C:\VritualRoot
[2012/03/23 18:31:01 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\COMODO
[2012/03/23 18:11:49 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2012/03/23 02:04:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Torchlight
[2012/03/23 01:41:24 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Runic
[2012/03/16 15:15:21 | 000,000,000 | ---D | C] -- C:\Users\Razhar\AppData\Roaming\Registry Mechanic
[2012/03/16 15:09:54 | 001,101,824 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\SysWow64\UniBox210.ocx
[2012/03/16 15:09:54 | 000,880,640 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\SysWow64\UniBox10.ocx
[2012/03/16 15:09:54 | 000,212,992 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\SysWow64\UniBoxVB12.ocx
[2012/03/16 15:09:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Registry Mechanic
[2012/03/16 14:47:31 | 000,000,000 | ---D | C] -- C:\Users\Razhar\AppData\Roaming\Product_RM
[2012/03/16 14:47:31 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/03/16 14:23:22 | 000,108,056 | ---- | C] (PC Tools) -- C:\Windows\SysWow64\drivers\PCTDMDefrag.sys
[2012/03/16 01:50:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2012/03/16 01:45:19 | 000,000,000 | ---D | C] -- C:\Users\Razhar\AppData\Local\Comodo
[2012/03/16 01:25:12 | 000,000,000 | ---D | C] -- C:\ProgramData\CPA_VA
[2012/03/16 01:16:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
[2012/03/16 01:16:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Comodo
[2012/03/15 22:31:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/15 22:31:50 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/03/15 22:31:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/03/15 17:09:30 | 002,246,608 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll0352.old
[2012/03/15 17:09:30 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll0352.old
[2012/03/14 23:02:04 | 000,000,000 | ---D | C] -- C:\Users\Razhar\Desktop\Novel Rhea Attachments_2012_03_14
[2012/03/14 00:57:06 | 000,000,000 | ---D | C] -- C:\Users\Razhar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/03/14 00:57:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012/03/13 18:20:41 | 000,000,000 | ---D | C] -- C:\Users\Razhar\AppData\Local\ElevatedDiagnostics
[2012/03/13 16:50:30 | 000,000,000 | ---D | C] -- C:\Users\Razhar\AppData\Local\Apps
[2012/03/12 17:44:11 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 10
[2012/03/12 01:42:22 | 000,000,000 | ---D | C] -- C:\Users\Razhar\AppData\Roaming\runic games
[2012/03/12 01:39:18 | 000,000,000 | ---D | C] -- C:\Users\Razhar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2012/03/11 21:13:40 | 000,022,696 | ---- | C] (COMODO) -- C:\Windows\SysNative\drivers\cmderd.sys
[2012/03/11 21:13:22 | 000,041,200 | ---- | C] (COMODO) -- C:\Windows\SysNative\cmdcsr.dll
[2012/03/11 21:13:20 | 000,301,224 | ---- | C] (COMODO) -- C:\Windows\SysWow64\guard32.dll
[2012/03/11 21:13:18 | 000,389,840 | ---- | C] (COMODO) -- C:\Windows\SysNative\guard64.dll
[2012/03/11 13:14:34 | 000,000,000 | ---D | C] -- C:\Users\Razhar\AppData\Roaming\isoburnerdata
[2012/03/10 21:24:09 | 000,000,000 | ---D | C] -- C:\Users\Razhar\AppData\Roaming\PCTools
[2012/03/10 21:17:06 | 000,000,000 | ---D | C] -- C:\Users\Razhar\Documents\Data Esir 9 Maret 2012
[2012/03/10 18:50:58 | 000,000,000 | ---D | C] -- C:\Users\Razhar\AppData\Roaming\PC Tools
[2012/03/10 14:13:15 | 000,000,000 | ---D | C] -- C:\Users\Razhar\AppData\Roaming\Malwarebytes
[2012/03/10 14:13:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/03/10 13:07:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools
[2012/03/10 02:37:25 | 000,230,952 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTSD64.sys
[2012/03/10 02:37:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2012/03/10 02:00:06 | 000,000,000 | ---D | C] -- C:\Users\Razhar\AppData\Roaming\TestApp
[2012/03/09 13:24:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Local Settings
[2012/03/06 18:12:58 | 000,000,000 | ---D | C] -- C:\Users\Razhar\AppData\Local\{C4C8F44E-D517-4F98-96BC-DE9FFBDF89C3}
[2012/03/06 18:11:22 | 000,000,000 | ---D | C] -- C:\Users\Razhar\AppData\Local\{E37E037F-F93F-4CF0-B779-0E99BB351CB7}
[2012/03/06 17:50:26 | 000,000,000 | ---D | C] -- C:\Users\Razhar\AppData\Roaming\Apple Computer
[2012/03/06 17:44:09 | 000,000,000 | ---D | C] -- C:\Users\Razhar\AppData\Local\{9323FA31-4E95-4A2F-B319-082C04B3413A}
[2012/03/06 17:44:09 | 000,000,000 | ---D | C] -- C:\Users\Razhar\AppData\Local\{2DD6BE9A-8A6F-4323-9AF1-A16095E96797}
[8 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/04/05 05:56:56 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Razhar\Desktop\OTL.exe
[2012/04/05 05:31:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/05 05:04:53 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/05 05:04:53 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/05 05:02:30 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\SDMsgUpdate (TE).job
[2012/04/05 04:57:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/05 04:57:10 | 1566,580,736 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/05 03:01:20 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/04/05 02:40:22 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat
[2012/04/05 01:22:22 | 000,248,182 | ---- | M] () -- C:\Users\Razhar\Desktop\Combofix instruction.pdf
[2012/04/05 01:16:17 | 000,000,674 | ---- | M] () -- C:\Users\Razhar\Desktop\Smadav - Shortcut.lnk
[2012/04/05 01:09:32 | 004,456,951 | ---- | M] () -- C:\Users\Razhar\Desktop\ComboFix.rar
[2012/04/05 01:08:23 | 004,456,875 | R--- | M] (Swearware) -- C:\Users\Razhar\Desktop\ComboFix.exe
[2012/04/05 00:49:12 | 000,950,528 | ---- | M] () -- C:\Users\Razhar\Desktop\Combofix.pdf
[2012/04/04 21:58:41 | 000,164,296 | ---- | M] () -- C:\Users\Razhar\Salitykiller2012.zip
[2012/04/04 12:56:55 | 000,599,013 | ---- | M] () -- C:\Users\Razhar\Documents\SALITY remove IT CLUB SMAN 1 NGUNUT_ virus win32 sality.pdf
[2012/04/04 12:56:08 | 000,512,017 | ---- | M] () -- C:\Users\Razhar\Documents\Sality Membersihkan Win32 Sality dari Komputer - Anitivirus untuk Win32_Sality _ Belajar SEO _ Tutorial Wordpress Blogger _ Cari Uang di Internet _ Making Money Online.pdf
[2012/04/04 10:29:23 | 002,052,880 | ---- | M] () -- C:\Users\Razhar\Desktop\tdsskiller.zip
[2012/04/04 08:23:09 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Razhar\Desktop\aswMBR.exe
[2012/04/04 02:15:35 | 000,000,726 | ---- | M] () -- C:\Users\Razhar\Desktop\EMERGENCY Kit - Shortcut.lnk
[2012/04/04 01:26:45 | 000,000,004 | ---- | M] () -- C:\Windows\17425030.dat
[2012/04/03 23:05:01 | 000,145,988 | ---- | M] () -- C:\Users\Razhar\Desktop\Special governing rules for the Virus & Malware removal board - TechSpot OpenBoards.pdf
[2012/04/03 23:04:27 | 000,125,861 | ---- | M] () -- C:\Users\Razhar\Desktop\Do NOT follow instructions.pdf
[2012/04/03 23:03:40 | 000,315,132 | ---- | M] () -- C:\Users\Razhar\Desktop\UPDATED 5-step Viruses removal.pdf
[2012/04/03 20:42:11 | 000,001,665 | ---- | M] () -- C:\Users\Public\Desktop\Recuva.lnk
[2012/04/03 18:32:16 | 000,002,078 | ---- | M] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2012/04/03 00:37:09 | 001,733,449 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/04/02 23:13:26 | 000,000,004 | ---- | M] () -- C:\Windows\1299535.dat
[2012/04/02 19:16:02 | 000,001,196 | ---- | M] () -- C:\Users\Razhar\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2012/04/02 17:16:43 | 000,000,056 | ---- | M] () -- C:\Windows\SysNative\RW_{9FD04757-E03C-11E0-809A-68A3C4CBF2BC}.dat
[2012/04/02 17:16:43 | 000,000,056 | ---- | M] () -- C:\Windows\SysNative\RW_{48561C50-AD1B-11E0-ABA7-806E6F6E6963}.dat
[2012/04/02 17:16:43 | 000,000,056 | ---- | M] () -- C:\Windows\SysNative\RW_{48561C4F-AD1B-11E0-ABA7-806E6F6E6963}.dat
[2012/04/02 17:16:43 | 000,000,056 | ---- | M] () -- C:\Windows\SysNative\RW_{48561C4E-AD1B-11E0-ABA7-806E6F6E6963}.dat
[2012/04/02 17:16:43 | 000,000,012 | ---- | M] () -- C:\Windows\SysNative\EvGr_Data{9FD04757-E03C-11E0-809A-68A3C4CBF2BC}.dat
[2012/04/02 17:16:43 | 000,000,012 | ---- | M] () -- C:\Windows\SysNative\EvGr_Data{48561C50-AD1B-11E0-ABA7-806E6F6E6963}.dat
[2012/04/02 17:16:43 | 000,000,012 | ---- | M] () -- C:\Windows\SysNative\EvGr_Data{48561C4F-AD1B-11E0-ABA7-806E6F6E6963}.dat
[2012/04/02 17:16:43 | 000,000,012 | ---- | M] () -- C:\Windows\SysNative\EvGr_Data{48561C4E-AD1B-11E0-ABA7-806E6F6E6963}.dat
[2012/04/02 12:59:02 | 000,706,805 | ---- | M] () -- C:\Users\Razhar\Documents\Mind Hacks how to improve memory.pdf
[2012/04/02 03:08:50 | 000,000,831 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/04/01 15:48:54 | 003,037,960 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/04/01 15:17:22 | 000,221,206 | ---- | M] () -- C:\Windows\hpoins19.dat
[2012/04/01 15:13:48 | 000,001,328 | ---- | M] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2012/04/01 02:36:04 | 000,000,000 | ---- | M] () -- C:\StartUpManager_scandataOUTPUT.xml
[2012/04/01 02:36:02 | 000,000,814 | ---- | M] () -- C:\StartUpManager_scandataINPUT.xml
[2012/04/01 02:21:57 | 000,029,336 | ---- | M] () -- C:\Windows\cscmondump.bin
[2012/04/01 00:43:31 | 000,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn
[2012/03/31 14:04:11 | 000,002,132 | ---- | M] () -- C:\Users\Public\Desktop\Angry Birds Seasons.lnk
[2012/03/31 12:11:48 | 000,001,230 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebyte Anti-Malware.lnk
[2012/03/31 01:26:37 | 000,779,080 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/31 01:26:37 | 000,651,894 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/31 01:26:37 | 000,120,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/30 19:56:14 | 000,001,134 | ---- | M] () -- C:\Users\Razhar\Application Data\Microsoft\Internet Explorer\Quick Launch\Emsisoft Anti-Malware.lnk
[2012/03/30 19:56:14 | 000,001,110 | ---- | M] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2012/03/30 18:18:48 | 000,001,162 | ---- | M] () -- C:\Users\Public\Desktop\Angry Birds Space.lnk
[2012/03/30 16:31:58 | 000,618,909 | ---- | M] () -- C:\Users\Razhar\Documents\Soft Hackz_ Make your Internet connection ultra fast(4X faster).pdf
[2012/03/30 10:47:38 | 000,002,371 | ---- | M] () -- C:\Users\Razhar\Desktop\Google Chrome.lnk
[2012/03/30 01:20:24 | 000,001,045 | ---- | M] () -- C:\Users\Public\Desktop\Comodo Dragon.lnk
[2012/03/23 18:46:22 | 000,001,846 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Internet Security.lnk
[2012/03/23 02:25:23 | 000,001,233 | ---- | M] () -- C:\Users\Razhar\Desktop\Torchlight.lnk
[2012/03/23 02:00:27 | 000,002,541 | ---- | M] () -- C:\Users\Public\Desktop\WildTangent Games App - gateway.lnk
[2012/03/22 19:54:35 | 000,001,425 | ---- | M] () -- C:\Users\Razhar\Desktop\Smart Modem.lnk
[2012/03/16 18:22:37 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/03/16 15:09:55 | 000,001,332 | ---- | M] () -- C:\Users\Public\Desktop\PC Tools Registry Mechanic.lnk
[2012/03/15 14:18:26 | 003,242,465 | ---- | M] () -- C:\Gateway Generic User Guide.pdf
[2012/03/13 17:55:38 | 000,001,404 | ---- | M] () -- C:\Users\Razhar\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/03/13 02:12:43 | 000,001,275 | ---- | M] () -- C:\Users\Razhar\Desktop\WinRAR - Shortcut.lnk
[2012/03/12 17:44:11 | 000,002,173 | ---- | M] () -- C:\Users\Public\Desktop\CyberLink PowerDVD 10.lnk
[2012/03/12 16:58:28 | 000,001,409 | ---- | M] () -- C:\Windows\QTFont.for
[2012/03/11 21:13:40 | 000,022,696 | ---- | M] (COMODO) -- C:\Windows\SysNative\drivers\cmderd.sys
[2012/03/11 21:13:22 | 000,041,200 | ---- | M] (COMODO) -- C:\Windows\SysNative\cmdcsr.dll
[2012/03/11 21:13:20 | 000,301,224 | ---- | M] (COMODO) -- C:\Windows\SysWow64\guard32.dll
[2012/03/11 21:13:18 | 000,389,840 | ---- | M] (COMODO) -- C:\Windows\SysNative\guard64.dll
[2012/03/11 13:11:49 | 000,001,313 | ---- | M] () -- C:\Users\Razhar\Desktop\Deus Ex.lnk
[2012/03/10 18:50:35 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\SM.lock
[2012/03/10 16:52:43 | 000,001,492 | ---- | M] () -- C:\Users\Razhar\Desktop\AngryBirds.lnk
[2012/03/10 16:45:19 | 000,001,421 | ---- | M] () -- C:\Users\Razhar\Desktop\Mozilla Firefox.lnk
[2012/03/10 16:28:02 | 000,001,351 | ---- | M] () -- C:\Users\Razhar\Desktop\Defraggler.lnk
[2012/03/10 16:27:37 | 000,001,275 | ---- | M] () -- C:\Users\Razhar\Desktop\Speccy.lnk
[2012/03/10 16:24:35 | 000,001,473 | ---- | M] () -- C:\Users\Razhar\Desktop\Mobile Partner.lnk
[2012/03/10 16:22:38 | 000,001,289 | ---- | M] () -- C:\Users\Razhar\Desktop\winamp.lnk
[8 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/05 02:49:32 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/04/05 02:49:32 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/04/05 02:49:32 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/04/05 02:49:32 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/04/05 02:49:32 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/04/05 01:22:22 | 000,248,182 | ---- | C] () -- C:\Users\Razhar\Desktop\Combofix instruction.pdf
[2012/04/05 01:16:17 | 000,000,674 | ---- | C] () -- C:\Users\Razhar\Desktop\Smadav - Shortcut.lnk
[2012/04/05 01:09:31 | 004,456,951 | ---- | C] () -- C:\Users\Razhar\Desktop\ComboFix.rar
[2012/04/05 00:49:12 | 000,950,528 | ---- | C] () -- C:\Users\Razhar\Desktop\Combofix.pdf
[2012/04/04 22:09:19 | 000,000,022 | ---- | C] () -- C:\Users\Razhar\Desktop\SalityCure.bat
[2012/04/04 21:59:48 | 000,164,296 | ---- | C] () -- C:\Users\Razhar\Salitykiller2012.zip
[2012/04/04 12:56:54 | 000,599,013 | ---- | C] () -- C:\Users\Razhar\Documents\SALITY remove IT CLUB SMAN 1 NGUNUT_ virus win32 sality.pdf
[2012/04/04 12:56:06 | 000,512,017 | ---- | C] () -- C:\Users\Razhar\Documents\Sality Membersihkan Win32 Sality dari Komputer - Anitivirus untuk Win32_Sality _ Belajar SEO _ Tutorial Wordpress Blogger _ Cari Uang di Internet _ Making Money Online.pdf
[2012/04/04 10:31:35 | 002,052,880 | ---- | C] () -- C:\Users\Razhar\Desktop\tdsskiller.zip
[2012/04/04 02:15:35 | 000,000,726 | ---- | C] () -- C:\Users\Razhar\Desktop\EMERGENCY Kit - Shortcut.lnk
[2012/04/04 01:26:45 | 000,000,004 | ---- | C] () -- C:\Windows\17425030.dat
[2012/04/03 23:05:01 | 000,145,988 | ---- | C] () -- C:\Users\Razhar\Desktop\Special governing rules for the Virus & Malware removal board - TechSpot OpenBoards.pdf
[2012/04/03 23:04:26 | 000,125,861 | ---- | C] () -- C:\Users\Razhar\Desktop\Do NOT follow instructions.pdf
[2012/04/03 23:03:39 | 000,315,132 | ---- | C] () -- C:\Users\Razhar\Desktop\UPDATED 5-step Viruses removal.pdf
[2012/04/03 20:42:11 | 000,001,665 | ---- | C] () -- C:\Users\Public\Desktop\Recuva.lnk
[2012/04/02 23:13:26 | 000,000,004 | ---- | C] () -- C:\Windows\1299535.dat
[2012/04/02 19:16:02 | 000,002,078 | ---- | C] () -- C:\Users\Public\Desktop\Yahoo! Messenger.lnk
[2012/04/02 19:16:02 | 000,001,196 | ---- | C] () -- C:\Users\Razhar\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2012/04/02 17:16:43 | 000,000,056 | ---- | C] () -- C:\Windows\SysNative\RW_{9FD04757-E03C-11E0-809A-68A3C4CBF2BC}.dat
[2012/04/02 17:16:43 | 000,000,056 | ---- | C] () -- C:\Windows\SysNative\RW_{48561C50-AD1B-11E0-ABA7-806E6F6E6963}.dat
[2012/04/02 17:16:43 | 000,000,056 | ---- | C] () -- C:\Windows\SysNative\RW_{48561C4F-AD1B-11E0-ABA7-806E6F6E6963}.dat
[2012/04/02 17:16:43 | 000,000,056 | ---- | C] () -- C:\Windows\SysNative\RW_{48561C4E-AD1B-11E0-ABA7-806E6F6E6963}.dat
[2012/04/02 17:16:43 | 000,000,012 | ---- | C] () -- C:\Windows\SysNative\EvGr_Data{9FD04757-E03C-11E0-809A-68A3C4CBF2BC}.dat
[2012/04/02 17:16:43 | 000,000,012 | ---- | C] () -- C:\Windows\SysNative\EvGr_Data{48561C50-AD1B-11E0-ABA7-806E6F6E6963}.dat
[2012/04/02 17:16:43 | 000,000,012 | ---- | C] () -- C:\Windows\SysNative\EvGr_Data{48561C4F-AD1B-11E0-ABA7-806E6F6E6963}.dat
[2012/04/02 17:16:43 | 000,000,012 | ---- | C] () -- C:\Windows\SysNative\EvGr_Data{48561C4E-AD1B-11E0-ABA7-806E6F6E6963}.dat
[2012/04/02 12:59:02 | 000,706,805 | ---- | C] () -- C:\Users\Razhar\Documents\Mind Hacks how to improve memory.pdf
[2012/04/02 03:08:50 | 000,000,831 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/04/01 15:14:02 | 000,001,054 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
[2012/04/01 15:13:48 | 000,001,328 | ---- | C] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2012/04/01 15:09:55 | 000,221,206 | ---- | C] () -- C:\Windows\hpoins19.dat
[2012/04/01 15:09:55 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2012/04/01 02:21:57 | 000,029,336 | ---- | C] () -- C:\Windows\cscmondump.bin
[2012/04/01 00:46:55 | 000,000,000 | ---- | C] () -- C:\StartUpManager_scandataOUTPUT.xml
[2012/04/01 00:46:54 | 000,000,814 | ---- | C] () -- C:\StartUpManager_scandataINPUT.xml
[2012/03/31 14:04:11 | 000,002,132 | ---- | C] () -- C:\Users\Public\Desktop\Angry Birds Seasons.lnk
[2012/03/30 19:56:14 | 000,001,134 | ---- | C] () -- C:\Users\Razhar\Application Data\Microsoft\Internet Explorer\Quick Launch\Emsisoft Anti-Malware.lnk
[2012/03/30 19:56:14 | 000,001,110 | ---- | C] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2012/03/30 18:18:48 | 000,001,162 | ---- | C] () -- C:\Users\Public\Desktop\Angry Birds Space.lnk
[2012/03/30 16:31:57 | 000,618,909 | ---- | C] () -- C:\Users\Razhar\Documents\Soft Hackz_ Make your Internet connection ultra fast(4X faster).pdf
[2012/03/30 01:12:39 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/03/29 15:07:20 | 000,001,045 | ---- | C] () -- C:\Users\Public\Desktop\Comodo Dragon.lnk
[2012/03/23 18:46:22 | 000,001,846 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Internet Security.lnk
[2012/03/23 02:25:23 | 000,001,233 | ---- | C] () -- C:\Users\Razhar\Desktop\Torchlight.lnk
[2012/03/22 19:54:35 | 000,001,425 | ---- | C] () -- C:\Users\Razhar\Desktop\Smart Modem.lnk
[2012/03/16 18:22:37 | 000,002,021 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/03/16 18:22:34 | 000,002,471 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012/03/16 15:09:55 | 000,001,332 | ---- | C] () -- C:\Users\Public\Desktop\PC Tools Registry Mechanic.lnk
[2012/03/16 15:09:54 | 000,040,408 | ---- | C] () -- C:\Windows\SysNative\CleanMFT64.exe
[2012/03/16 01:18:56 | 001,474,832 | ---- | C] () -- C:\Windows\SysNative\drivers\sfi.dat
[2012/03/15 22:31:51 | 000,001,230 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebyte Anti-Malware.lnk
[2012/03/15 17:09:30 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll0352.old
[2012/03/15 14:18:25 | 003,242,465 | ---- | C] () -- C:\Gateway Generic User Guide.pdf
[2012/03/13 02:12:43 | 000,001,275 | ---- | C] () -- C:\Users\Razhar\Desktop\WinRAR - Shortcut.lnk
[2012/03/12 17:44:11 | 000,002,173 | ---- | C] () -- C:\Users\Public\Desktop\CyberLink PowerDVD 10.lnk
[2012/03/12 16:58:28 | 000,054,156 | -H-- | C] () -- C:\Windows\QTFont.qfn
[2012/03/12 16:58:28 | 000,001,409 | ---- | C] () -- C:\Windows\QTFont.for
[2012/03/12 14:40:22 | 000,002,541 | ---- | C] () -- C:\Users\Public\Desktop\WildTangent Games App - gateway.lnk
[2012/03/11 13:11:49 | 000,001,313 | ---- | C] () -- C:\Users\Razhar\Desktop\Deus Ex.lnk
[2012/03/10 18:50:35 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\SM.lock
[2012/03/10 18:22:33 | 003,037,960 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/03/10 16:52:43 | 000,001,492 | ---- | C] () -- C:\Users\Razhar\Desktop\AngryBirds.lnk
[2012/03/10 16:45:19 | 000,001,421 | ---- | C] () -- C:\Users\Razhar\Desktop\Mozilla Firefox.lnk
[2012/03/10 16:28:02 | 000,001,351 | ---- | C] () -- C:\Users\Razhar\Desktop\Defraggler.lnk
[2012/03/10 16:27:37 | 000,001,275 | ---- | C] () -- C:\Users\Razhar\Desktop\Speccy.lnk
[2012/03/10 16:24:35 | 000,001,473 | ---- | C] () -- C:\Users\Razhar\Desktop\Mobile Partner.lnk
[2012/03/10 16:22:38 | 000,001,289 | ---- | C] () -- C:\Users\Razhar\Desktop\winamp.lnk
[2012/03/10 13:07:54 | 001,733,449 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/03/07 13:27:28 | 000,001,176 | ---- | C] () -- C:\Users\Razhar\Desktop\Adobe Premiere Pro CS4.lnk
[2012/02/08 17:42:20 | 000,129,024 | ---- | C] () -- C:\Windows\UNWISE.EXE
[2012/02/07 03:52:46 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2011/12/10 21:56:33 | 000,007,610 | ---- | C] () -- C:\Users\Razhar\AppData\Local\Resmon.ResmonCfg
[2011/12/04 18:54:45 | 000,010,752 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll
[2011/11/15 22:31:08 | 000,004,608 | ---- | C] () -- C:\Users\Razhar\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/16 15:36:03 | 000,764,636 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/09/16 15:26:37 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011/09/16 15:26:36 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/09/16 15:26:36 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/09/16 15:26:36 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/09/16 15:26:36 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011/07/13 13:55:17 | 000,002,001 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
[2011/07/13 13:55:17 | 000,001,212 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
[2011/07/13 13:55:17 | 000,001,212 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini
[2011/07/13 13:55:15 | 000,183,296 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2011/07/13 13:55:15 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2011/04/22 16:06:29 | 000,798,716 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/04/22 16:06:29 | 000,201,920 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/04/22 16:06:27 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin

========== LOP Check ==========

[2011/09/19 00:51:54 | 000,000,000 | ---D | M] -- C:\Users\Razhar\AppData\Roaming\ACD Systems
[2011/12/28 16:07:00 | 000,000,000 | ---D | M] -- C:\Users\Razhar\AppData\Roaming\Autodesk
[2012/04/01 15:00:55 | 000,000,000 | ---D | M] -- C:\Users\Razhar\AppData\Roaming\Babylon
[2011/12/31 13:59:37 | 000,000,000 | ---D | M] -- C:\Users\Razhar\AppData\Roaming\Blender Foundation
[2011/12/28 13:38:35 | 000,000,000 | ---D | M] -- C:\Users\Razhar\AppData\Roaming\com.adobe.ExMan
[2012/03/10 18:01:13 | 000,000,000 | ---D | M] -- C:\Users\Razhar\AppData\Roaming\DAEMON Tools Lite
[2012/02/01 10:52:11 | 000,000,000 | ---D | M] -- C:\Users\Razhar\AppData\Roaming\GrabPro
[2012/03/11 13:14:34 | 000,000,000 | ---D | M] -- C:\Users\Razhar\AppData\Roaming\isoburnerdata
[2011/09/16 15:21:31 | 000,000,000 | ---D | M] -- C:\Users\Razhar\AppData\Roaming\OEM
[2012/04/05 06:09:45 | 000,000,000 | ---D | M] -- C:\Users\Razhar\AppData\Roaming\Orbit
[2012/03/10 21:24:09 | 000,000,000 | ---D | M] -- C:\Users\Razhar\AppData\Roaming\PCTools
[2012/03/16 14:47:31 | 000,000,000 | ---D | M] -- C:\Users\Razhar\AppData\Roaming\Product_RM
[2012/02/01 10:52:14 | 000,000,000 | ---D | M] -- C:\Users\Razhar\AppData\Roaming\ProgSense
[2012/03/16 15:15:21 | 000,000,000 | ---D | M] -- C:\Users\Razhar\AppData\Roaming\Registry Mechanic
[2012/03/30 18:19:41 | 000,000,000 | ---D | M] -- C:\Users\Razhar\AppData\Roaming\Rovio
[2012/03/29 20:18:32 | 000,000,000 | ---D | M] -- C:\Users\Razhar\AppData\Roaming\runic games
[2012/04/03 19:19:37 | 000,000,000 | ---D | M] -- C:\Users\Razhar\AppData\Roaming\Smadav
[2012/03/15 21:48:52 | 000,000,000 | ---D | M] -- C:\Users\Razhar\AppData\Roaming\SmartDraw
[2012/01/03 22:47:56 | 000,000,000 | ---D | M] -- C:\Users\Razhar\AppData\Roaming\SoftGrid Client
[2012/04/04 08:13:51 | 000,000,000 | ---D | M] -- C:\Users\Razhar\AppData\Roaming\Systweak
[2012/04/01 23:56:57 | 000,000,000 | ---D | M] -- C:\Users\Razhar\AppData\Roaming\TeamViewer
[2012/03/10 02:00:06 | 000,000,000 | ---D | M] -- C:\Users\Razhar\AppData\Roaming\TestApp
[2011/09/17 02:40:27 | 000,000,000 | ---D | M] -- C:\Users\Razhar\AppData\Roaming\Tific
[2011/09/16 15:36:41 | 000,000,000 | ---D | M] -- C:\Users\Razhar\AppData\Roaming\TP
[2012/01/29 22:37:28 | 000,000,000 | ---D | M] -- C:\Users\Razhar\AppData\Roaming\ZTEMTUI
[2012/04/04 01:27:19 | 000,032,548 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/04/05 05:02:30 | 000,000,466 | ---- | M] () -- C:\Windows\Tasks\SDMsgUpdate (TE).job

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2011/04/22 16:09:13 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2012/04/05 03:06:20 | 000,045,482 | ---- | M] () -- C:\ComboFix.txt
[2012/03/15 14:18:26 | 003,242,465 | ---- | M] () -- C:\Gateway Generic User Guide.pdf
[2012/04/05 04:57:10 | 1566,580,736 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/13 11:41:31 | 000,000,588 | ---- | M] () -- C:\LPCD.DAT
[2006/12/02 13:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2011/06/27 10:14:36 | 000,069,632 | ---- | M] ( ) -- C:\nporbit.dll
[2012/04/05 04:57:10 | 2088,775,680 | -HS- | M] () -- C:\pagefile.sys
[2012/04/04 18:08:41 | 000,013,897 | ---- | M] () -- C:\rmslt.log
[2012/04/01 02:36:02 | 000,000,814 | ---- | M] () -- C:\StartUpManager_scandataINPUT.xml
[2012/04/01 02:36:04 | 000,000,000 | ---- | M] () -- C:\StartUpManager_scandataOUTPUT.xml
[2012/04/04 10:36:12 | 000,003,254 | ---- | M] () -- C:\TDSSKiller.2.7.25.0_04.04.2012_10.36.07_log.txt
[2012/04/04 11:01:55 | 000,137,804 | ---- | M] () -- C:\TDSSKiller.2.7.25.0_04.04.2012_10.36.13_log.txt

< %systemroot%\Fonts\*.com >
[2009/07/14 12:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 12:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 12:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 12:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/11 03:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >
[2011/11/25 20:51:15 | 000,917,504 | ---- | M] () -- C:\Windows\system32\Photo0133.jpg
[8 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/11/10 16:28:46 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2012/03/13 19:37:06 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2012/03/13 17:55:38 | 000,000,221 | -HS- | M] () -- C:\Users\Razhar\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2012/04/04 08:23:09 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Razhar\Desktop\aswMBR.exe
[2012/04/05 01:08:23 | 004,456,875 | R--- | M] (Swearware) -- C:\Users\Razhar\Desktop\ComboFix.exe
[2012/04/05 05:56:56 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Razhar\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\tasks\*.* >
[2012/04/05 05:31:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/05 04:57:16 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2012/04/04 01:27:19 | 000,032,548 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT
[2012/04/05 05:02:30 | 000,000,466 | ---- | M] () -- C:\Windows\tasks\SDMsgUpdate (TE).job

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/11 04:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2011/09/16 15:21:25 | 000,000,402 | -HS- | M] () -- C:\Users\Razhar\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2012/04/01 15:59:20 | 000,002,879 | ---- | M] () -- C:\ProgramData\hpzinstall.log

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >
[2011/12/28 15:33:56 | 000,038,912 | ---- | M] (Autodesk, Inc.) -- C:\Windows\Installer\Luc.exe
[27 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 179 bytes -> C:\ProgramData\Temp:D1B5B4F1
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:CB0AACC9
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:0D786AE3

< End of report >

continue..
 
OTL Extras logfile created on: 4/5/2012 6:11:52 AM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Razhar\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Indonesia | Language: IND | Date Format: dd/MM/yyyy

1.95 Gb Total Physical Memory | 0.89 Gb Available Physical Memory | 45.70% Memory free
3.89 Gb Paging File | 2.00 Gb Available in Paging File | 51.44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 226.00 Gb Total Space | 141.96 Gb Free Space | 62.81% Space Free | Partition Type: NTFS
Drive D: | 222.08 Gb Total Space | 113.11 Gb Free Space | 50.93% Space Free | Partition Type: NTFS

Computer Name: RAZHAR-PC | User Name: Razhar | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Pro 4.Manage] -- "C:\Program Files (x86)\ACD Systems\ACDSee Pro\4.0\ACDSeeQVPro4.exe" "%1" (ACD Systems International Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Pro 4.Manage] -- "C:\Program Files (x86)\ACD Systems\ACDSee Pro\4.0\ACDSeeQVPro4.exe" "%1" (ACD Systems International Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallDisableNotify" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0
"UacDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"D:\Source\Data Recovery UnErase\Digital Rescue 4 Premium v4.0.0.2E\Digital Rescue 4 Premium v4.0.0.2E\setupDigitaRescue4_Migo_20071109_V4002.exe" = D:\Source\Data Recovery UnErase\Digital Rescue 4 Premium v4.0.0.2E\Digital Rescue 4 Premium v4.0.0.2E\setupDigitaRescue4_Migo_20071109_V4002.exe:*:Enabled:ipsec
"C:\Users\Razhar\AppData\Local\Google\Update\GoogleUpdate.exe" = C:\Users\Razhar\AppData\Local\Google\Update\GoogleUpdate.exe:*:Enabled:ipsec
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" = C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe:*:Enabled:ipsec -- (Intel Corporation)
"C:\Program Files\Recuva\uninst.exe" = C:\Program Files\Recuva\uninst.exe:*:Enabled:ipsec -- (Piriform Ltd)
"C:\Users\Razhar\AppData\Local\Temp\~nsu.tmp\Au_.exe" = C:\Users\Razhar\AppData\Local\Temp\~nsu.tmp\Au_.exe:*:Enabled:ipsec
"C:\Program Files (x86)\Smadav\SM?RTP.exe" = C:\Program Files (x86)\Smadav\SM?RTP.exe:*:Enabled:ipsec -- ()
"C:\Program Files\Speccy\Speccy.exe" = C:\Program Files\Speccy\Speccy.exe:*:Enabled:ipsec -- (Piriform Ltd)
"C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"D:\Source\Data Recovery UnErase\Digital Rescue 4 Premium v4.0.0.2E\Digital Rescue 4 Premium v4.0.0.2E\setupDigitaRescue4_Migo_20071109_V4002.exe" = D:\Source\Data Recovery UnErase\Digital Rescue 4 Premium v4.0.0.2E\Digital Rescue 4 Premium v4.0.0.2E\setupDigitaRescue4_Migo_20071109_V4002.exe:*:Enabled:ipsec
"C:\Users\Razhar\AppData\Local\Google\Update\GoogleUpdate.exe" = C:\Users\Razhar\AppData\Local\Google\Update\GoogleUpdate.exe:*:Enabled:ipsec
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" = C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe:*:Enabled:ipsec -- (Intel Corporation)
"C:\Program Files\Recuva\uninst.exe" = C:\Program Files\Recuva\uninst.exe:*:Enabled:ipsec -- (Piriform Ltd)
"C:\Users\Razhar\AppData\Local\Temp\~nsu.tmp\Au_.exe" = C:\Users\Razhar\AppData\Local\Temp\~nsu.tmp\Au_.exe:*:Enabled:ipsec
"C:\Program Files (x86)\Smadav\SM?RTP.exe" = C:\Program Files (x86)\Smadav\SM?RTP.exe:*:Enabled:ipsec -- ()
"C:\Program Files\Speccy\Speccy.exe" = C:\Program Files\Speccy\Speccy.exe:*:Enabled:ipsec -- (Piriform Ltd)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0919C44F-F18A-4E3B-A737-03685272CE72}" = Windows Live Remote Service Resources
"{1553D712-B35F-4A82-BC72-D6B11A94BE3E}" = Windows Live Remote Service Resources
"{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources
"{17A4FD95-A507-43F1-BC92-D8572AF8340A}" = Windows Live Remote Service Resources
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{22AB5CFD-B3DB-414E-9F99-4D024CCF1DA6}" = Windows Live Remote Client Resources
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{34384A2A-2CA2-4446-AB0E-1F360BA2AAC5}" = Windows Live Remote Service Resources
"{350FD0E7-175A-4F86-84EF-05B77FCD7161}" = Windows Live Remote Service Resources
"{3921492E-82D2-4180-8124-E347AD2F2DB4}" = Windows Live Remote Client Resources
"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources
"{5141AA6E-5FAC-4473-BFFB-BEE69DDC7F2B}" = Windows Live Remote Service Resources
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5F44A3A1-5D24-4708-8776-66B42B174C64}" = Windows Live Remote Client Resources
"{5FCD6EFE-C2E7-4D77-8212-4BA223D8DF8E}" = Windows Live Remote Client Resources
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{61407251-7F7D-4303-810D-226A04D5CFF3}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{66C10F29-31F0-4A9B-B2CF-465F488AE086}" = CorelDRAW Graphics Suite X5 - Windows Shell Extension 64 Bit
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{702A632F-99CE-4E2D-B8F2-BF980E9CF62F}" = Windows Live Remote Client Resources
"{723C8298-C7B0-0409-A1B6-C3BA6F3FFAB1}" = Autodesk 3ds Max 2012 64-bit - English
"{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{8F7F2D9C-2DBE-4F10-9C7C-2724110A3339}" = Windows Live Remote Service Resources
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97A295A7-8840-4B35-BB61-27A8F4512CA3}" = Windows Live Remote Service Resources
"{9E9C960F-7F47-46D5-A95D-950B354DE2B8}" = Windows Live Remote Service Resources
"{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{A508D5A2-3AC1-4594-A718-A663D6D3CF11}" = Windows Live Remote Service Resources
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{A6E0F6BE-30AC-4D36-97B0-1AC20E23CB83}" = Windows Live Remote Client Resources
"{B0BF8602-EA52-4B0A-A2BD-EDABB0977030}" = Windows Live Remote Client Resources
"{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
"{B680A663-1A15-47A5-A07C-7DF9A97558B7}" = Windows Live Remote Client Resources
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{C504EC13-E122-4939-BD6E-EE5A3BAA5FEC}" = Windows Live Remote Client Resources
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CFF3C688-2198-4BC3-A399-598226949C39}" = Windows Live Remote Client Resources
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D6AB1F5B-FED6-49A9-9747-327BD28FB3C7}" = COMODO Internet Security
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EA234BC3-39FE-4734-B72F-076086889F6D}" = Composite 2012 64-bit
"{ED421F97-E1C3-4E78-9F54-A53888215D58}" = Windows Live Remote Client Resources
"{EFB20CF5-1A6D-41F3-8895-223346CE6291}" = Windows Live Remote Service Resources
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources
"{FAD0EC0B-753B-4A97-AD34-32AC1EC8DB69}" = Windows Live Remote Client Resources
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Autodesk 3ds Max 2012 64-bit - English" = Autodesk 3ds Max 2012 64-bit - English
"Autodesk FBX Plug-in 2012.0 - 3ds Max 2012 64-bit" = Autodesk FBX Plug-in 2012.0 - 3ds Max 2012 64-bit
"Blender" = Blender
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Pen Tablet Driver" = Bamboo
"Recuva" = Recuva
"Shop for HP Supplies" = Shop for HP Supplies
"Speccy" = Speccy
"V-Ray for 3dsmax 2012 for x64" = V-Ray for 3dsmax 2012 for x64
"WinRAR archiver" = WinRAR 4.01 (64-bit)
"ZTEWireless-101_is1" = Modem AC2726 UI

continue..
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{51DD370C-6690-424E-9674-5F14468B323F}" = Corel Graphics - Windows Shell Extension
"_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW(R) Graphics Suite X5
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{0125DB4D-98A0-4DBF-B68A-23BF08FFA6A3}" = Windows Live Messenger
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{039480EE-6933-4845-88B8-77FD0C3D059D}" = Windows Live Mesh
"{03DEEAD2-F3B7-45BF-9006-A25D015F00D2}" = Adobe Flash Player 10 Plugin
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{0557BBDA-69D3-4FA4-A93C-A5300F7034B4}" = Windows Live Writer
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{06B05153-97E4-427E-B1A8-E098F6C5E52F}" = Windows Live Essentials
"{073F306D-9851-4969-B828-7B6444D07D55}" = Windows Live Photo Common
"{0785A0B6-07DF-43CF-B147-E1EB4CEA0345}" = Windows Live Messenger
"{07A6B206-3F11-4D92-92A1-90E116ADD660}" = Angry Birds
"{08094E03-AFE4-4853-9D31-6D0743DF5328}" = QuickTime
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
"{0A4C4B29-5A9D-4910-A13C-B920D5758744}" = بريد Windows Live
"{0A9256E0-C924-46DE-921B-F6C4548A1C64}" = Windows Live Messenger
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan
"{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh
"{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh
"{1146E8F3-4057-4F46-B39C-D18AB4BB1523}_is1" = Deus Ex - Human Revolution version 1.0
"{11778DA1-0495-4ED9-972F-F9E0B0367CD5}" = Windows Live Writer
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{120C160F-F53D-4A15-A873-E79BF5B98B48}" = Windows Live Photo Common
"{128133D3-037A-4C62-B1B7-55666A10587A}" = Windows Live UX Platform Language Pack
"{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{168E7302-890A-4138-9109-A225ACAF7AD1}" = Windows Live Photo Common
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{17835B63-8308-427F-8CF5-D76E0D5FE457}" = Windows Live Essentials
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima
"{1A82AE99-84D3-486D-BAD6-675982603E14}" = Windows Live Writer
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DA6D447-C54D-4833-84D4-3EA31CAECE9B}" = Windows Live UX Platform Language Pack
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20381A8A-808E-4A53-B6CD-AD2B85E16365}" = Windows Live UX Platform Language Pack
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack
"{226F0D93-76DE-4F1C-B14D-DE10443ADB60}" = Windows Live Movie Maker
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{249EE21B-8EDD-4F36-8A23-E580E9DBE80A}" = Windows Live Mail
"{24D9A3E0-D086-4B62-AF93-63CF6B05CB48}" = CorelDRAW Graphics Suite X5 - Custom Data
"{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack
"{2511AAD7-82DF-4B97-B0B3-E1B933317010}" = Windows Live Writer Resources
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
"{260ED378-2B8C-4831-ADAE-D0712D119AC5}" = CorelDRAW Graphics Suite X5 - VSTA
"{26945917-E053-45F6-AF98-309730CFC318}" = Visual Basic for Applications (R) Core
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 30
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger
"{2BA5FD10-653F-4CAF-9CCD-F685082A1DC1}" = Windows Live Writer
"{2C4E06CC-1F04-4C25-8B3C-93A9049EC42C}" = Windows Live UX Platform Language Pack
"{2C7E8AA1-9C03-4606-BF34-5D99D07964DA}" = Windows Live Messenger
"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh
"{2D3E034E-F76B-410A-A169-55755D2637BB}" = Windows Live Mesh
"{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
"{2E87F4AB-99BF-421C-AF7B-365A9C08549A}" = F300
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{303143DD-1F6D-4BC5-9342-FFC2E19B2DBD}" = Windows Live Messenger
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{3472C84E-2FD0-439F-B27F-C290C1E4CD8B}" = CorelDRAW Graphics Suite X5 - Filters
"{34C4F5AF-D757-4E6A-ABCA-65AB5A50A1A8}" = Windows Live Messenger
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39BDD209-5704-480C-9F4A-B69D0370DDBB}" = Windows Live Messenger
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3B72C1E0-26A1-40F6-8516-D50C651DFB3C}" = Windows Live Essentials
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3D0C22FA-96D7-4789-BC5B-991A5A99BFFA}" = Windows Live Messenger
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2012.0.0
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F2A323E-60C4-41E8-8CCB-9715D1D750C3}" = Angry Birds Space
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
"{4264C020-850B-4F08-ACBE-98205D9C336C}" = Windows Live Writer
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4444F27C-B1A8-464E-9486-4C37BAB39A09}" = Фотогалерия на Windows Live
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{458F399F-62AC-4747-99F5-499BBF073D29}" = Windows Live Writer Resources
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{4736B0ED-F6A1-48EC-A1B7-C053027648F1}" = Galeria fotogràfica del Windows Live
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{48F597DD-D397-4CFA-91A0-4C033A0113BD}" = Windows Live Mail
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials
"{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4BF62C05-3943-4ECB-B233-6E37E3FB5BCF}" = ZBrush 4
"{4C378B16-46B7-4DA1-A2CE-2EE676F74680}" = Windows Live UX Platform Language Pack
"{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack
"{4D7BAC8A-51B8-4243-8567-1415C4272D13}" = Windows Live Writer
"{4D83F339-5A5C-4B21-8FD3-5D407B981E72}" = Windows Live Photo Common
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{50300123-F8FC-4B50-B449-E847D04F1BA2}" = Windows Live Messenger
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{51DD370C-6690-424E-9674-5F14468B323F}" = Corel Graphics - Windows Shell Extension
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{5495E9A4-501A-4D4C-87C9-E80916CA9478}" = Windows Live UX Platform Language Pack
"{54B8F4A1-02B0-4D32-8F37-925526C0EEC6}" = CorelDRAW Graphics Suite X5 - Connect
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{57400C1E-BC51-4ECE-AD2A-A6096204DDEC}" = CorelDRAW Graphics Suite X5 - VBA
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{59123CCF-FED2-46FF-9293-D1DC80042219}" = CorelDRAW Graphics Suite X5 - Redist
"{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{5D2E7BD7-4B6F-4086-BA8A-E88484750624}" = Windows Live Writer Resources
"{5D90ABE5-8A35-4947-8269-6F40BCE47A95}" = Windows Live Messenger
"{5DA7D148-D2D2-4C67-8444-2F0F9BD88A06}" = Windows Live Writer
"{5E627606-53B9-42D1-97E1-D03F6229E248}" = Windows Live UX Platform Language Pack
"{5E6D6161-5509-4f55-9372-1E01792F843A}" = F300_Help
"{5F6E678A-7E61-448A-86CB-BC2AD1E04138}" = Windows Live Messenger
"{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2
"{604DF772-D25E-4EFC-B948-3FB393476008}" = Internet Download Manager
"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{625D45F0-5DCB-48BF-8770-C240A84DAAEB}" = Windows Live Mesh
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}" = CorelDRAW Graphics Suite X5 - Draw
"{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}" = Nero Multimedia Suite 10 Essentials
"{63AE67AA-1AB1-4565-B4EF-ABBC5C841E8D}" = Windows Live Messenger
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh
"{6491AB99-A11E-41FD-A5E7-32DE8A097B8E}" = Windows Live Essentials
"{64B2D6B3-71AC-45A7-A6A1-2E07ABF58341}" = Windows Live Movie Maker
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65420DC9-306E-4371-905F-F4DC3B418E52}" = Autodesk Material Library Base Resolution Image Library 2012
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6986737B-F286-40D1-87AF-938339DCF6AB}" = Windows Live Messenger
"{69C9C672-400A-43A0-B2DE-9DB38C371282}" = Windows Live Writer
"{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources
"{6A4ABCDC-0A49-4132-944E-01FBCCB3465C}" = Windows Live UX Platform Language Pack
"{6A563426-3474-41C6-B847-42B39F1485B2}" = Windows Live Messenger
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker
"{6D30E864-46AE-435B-8230-8B5D42B4AE37}" = Windows Live Messenger
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6EE9F44A-B8C7-4CDB-B2A9-441AF2AE315A}" = Windows Live Messenger
"{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker
"{6F37D92B-41AA-44B7-80D2-457ABDE11896}" = Windows Live Photo Common
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{709E38A9-7F80-4598-96CC-44B0D553FECE}" = Windows Live Messenger
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-gateway" = WildTangent Games App (Gateway Games)
"{71527C7C-5289-4CB2-88C9-23344C0FF6C1}" = Windows Live Movie Maker
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7327080F-6673-421F-BBD9-B618F357EEB3}" = Windows Live UX Platform Language Pack
"{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources
"{7373E17D-18E0-44A7-AC3A-6A3BFB85D3B3}" = Windows Live Movie Maker
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7465A996-0FCA-4D2D-A52C-F833B0829B5B}" = Windows Live Movie Maker
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{77F69CA1-E53D-4D77-8BA3-FA07606CC851}" = Фотоальбом Windows Live
"{78906B56-0E81-42A7-AC25-F54C946E1538}" = Windows Live Photo Common
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
"{7AF8E500-B349-4A77-8265-9854E9A47925}" = Windows Live Movie Maker
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7C2A3479-A5A0-412B-B0E6-6D64CBB9B251}" = Windows Live Photo Common
"{7CB529B2-6C74-4878-9C3F-C29C3C3BBDC6}" = Windows Live Writer Resources
"{7D0DE76C-874E-4BDE-A204-F4240160693E}" = Windows Live Photo Common
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7D926AD2-16D6-42C2-8CA1-AB09E96040BA}" = Windows Live Writer Resources
"{7D99B933-E29C-4599-92F0-DAED2AF041E3}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{7F6021AE-E688-4D03-843A-C2260482BA0D}" = Windows Live Messenger
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Gateway Recovery Management
"{7FF11E53-C002-4F40-8D68-6BE751E5DD62}" = Windows Live Writer Resources
"{804DE397-F82C-4867-9085-E0AA539A3294}" = Windows Live Writer
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{80E8C65A-8F70-4585-88A2-ABC54BABD576}" = Windows Live Mesh
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{82803FF3-563F-414F-A403-8D4C167D4120}" = Windows Live Mail
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{84A411F9-40A5-4CDA-BF46-E09FBB2BC313}" = Windows Live Essentials
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{861B1145-7762-4794-B40C-3FF0A389DFE6}" = Windows Live Photo Gallery
"{86F444A5-C9B9-41DC-AF28-B5E46F5497C7}" = Windows Live Argazki Galeria
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
"{88D4FE78-6EA6-4DFB-9FC2-8BC316F0C2FD}" = ACDSee Pro 4
"{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E285C75-9BE2-4349-972B-DECDDF472656}" = Windows Live Writer Resources
"{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}" = Autodesk Material Library 2012
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{9244E956-5939-4B88-930C-0699D4AB2B95}" = CorelDRAW Graphics Suite X5 - WT
"{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{93C4B7D5-4E00-491F-BA3E-25B7B63EE7F6}" = Windows Live Mail
"{93D34EE3-99B3-4DB1-8B0A-0A657466F90D}" = D-Link Connection Manager
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{968CB479-6163-415F-A9D3-4489BF07DAFF}" = Sonic Foundry Sound Forge 6.0b
"{97BE901A-9940-4ACF-9921-A6FAA284AC03}" = THX TruStudio Pro
"{97F77D62-5110-4FA3-A2D3-410B92D31199}" = Windows Live Fotogaléria
"{983F7145-CABF-4EDD-9F3D-E06B2F024BD3}" = CorelDRAW Graphics Suite X5 - FontNav
"{99BE7F5D-AB52-4404-9E03-4240FFAA7DE9}" = Windows Live Mesh
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail
"{9DB90178-B5B0-45BD-B0A7-D40A6A1DF1CA}" = Windows Live Movie Maker
"{9E2C5B0E-7A2D-4767-A9B2-77469FB1873A}" = Windows Live Mesh
"{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker
"{A1B04B6B-25BB-48AD-8BD9-D31A86E89F3E}" = CorelDRAW Graphics Suite X5 - PHOTO-PAINT
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB0B2113-5B96-4B95-8AD1-44613384911F}" = Windows Live Mesh
"{AB78C965-5C67-409B-8433-D7B5BDB12073}" = Windows Live Writer Resources
"{ABD534B7-E951-470E-92C2-CD5AF1735726}" = Windows Live Essentials
"{ABE2F2AA-7ADC-4717-9573-BF3F83C696AC}" = Windows Live Mail
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AD001A69-88CC-4766-B2DB-3C1DFAB9AC72}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AF01B90A-D25C-4F60-AECD-6EEDF509DC11}" = Windows Live Mesh
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B0AD205F-60D0-4084-AFB8-34D9A706D9A8}" = Windows Live Essentials
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2BCA478-EC0F-45EE-A9E9-5EABE87EA72D}" = Windows Live Photo Common
"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
"{B399C91E-96F2-4265-9884-1C9A10E9FCF4}" = CorelDRAW Graphics Suite X5
"{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer
"{B5751715-EC10-43D9-8C95-62E1368433EF}" = Autodesk Material Library Medium Resolution Image Library 2012
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B63F0CE3-CCD0-490A-9A9C-E1A3B3A17137}" = Почта Windows Live
"{B7B67AA5-12DA-4F01-918D-B1BF66779D8A}" = Windows Live Writer Resources
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1" = Emsisoft Anti-Malware
"{BD4EBDB5-EB14-4120-BB04-BE0A26C7FB3E}" = Windows Live Photo Common
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C01FCACE-CC3D-49A2-ADC2-583A49857C58}" = Windows Live Essentials
"{C08D5964-C42F-48EE-A893-2396F9562A7C}" = Windows Live Mesh
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C1C9D199-B4DD-4895-92DD-9A726A2FE341}" = Windows Live Writer
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C454280F-3C3E-4929-B60E-9E6CED5717E7}" = Windows Live Mail
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CA3861BA-1D96-4D66-B577-318E1602C4F3}" = CorelDRAW Graphics Suite X5 - Common
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB66242D-12B1-4494-82D2-6F53A7E024A3}" = Galerie foto Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
"{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common
"{CDC39BF2-9697-4959-B893-A2EE05EF6ACB}" = Windows Live Writer
"{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW Graphics Suite X5 - Setup Files
"{CE929F09-3853-4180-BD90-30764BFF7136}" = גלריית התמונות של Windows Live
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{D07B1FDA-876B-4914-9E9A-309732B6D44F}" = Windows Live Mail
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D299197D-CDEA-41A6-A363-F532DE4114FD}" = Windows Live UX Platform Language Pack
"{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{D54A52A8-DF24-4CE8-850B-074CA47DFA74}" = Windows Live Messenger
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D596EEA2-C6C8-45D3-89DF-FA2DBE99F829}" = Visual Basic for Applications (R) Core - English
"{D642FF8D-438D-4545-A1D5-2EDB4BCAE3BA}" = CorelDRAW Graphics Suite X5 - Photozoom Plugin
"{D6CBB3B2-F510-483D-AE0D-1CF3F43CF1EE}" = Windows Live Writer Resources
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DBAA2B17-D596-4195-A169-BA2166B0D69B}" = Windows Live Mail
"{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer
"{DDC1E1BD-7615-4186-89E1-F5F43F9B6491}" = Windows Live Movie Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE6CBC04-8673-4DBA-BA81-07F1639CEB5F}" = CorelDRAW Graphics Suite X5 - IPM
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack
"{DFFCDB41-C2DA-47D6-96FF-03C05C0BEA22}" = biohazard 4
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E34C6AA4-AE8E-4677-912A-92FC2E039DD9}" = CorelDRAW Graphics Suite X5 - EN
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5377D46-83C5-445A-A1F1-830336B42A10}" = Windows Live Galerija fotografija
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E7688C7D-DE09-4D43-9785-534EDE9BC18E}" = Windows Live Messenger
"{E83DC314-C926-4214-AD58-147691D6FE9F}" = Основные компоненты Windows Live
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{EA777812-4905-4C08-8F6E-13BDCC734609}" = Windows Live UX Platform Language Pack
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EDB98D5A-A6FB-425C-BFB7-51A0924B762D}" = CorelDRAW Graphics Suite X5 - Capture
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Gateway Updater
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{EE492B20-FB15-4A98-883C-3054354A11F8}" = Windows Live Messenger
"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心
"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F0F5D89A-197C-495B-827E-3E98B811CD2E}" = Windows Live Photo Common
"{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F13587F7-AA4C-4C2E-AE7D-F33F3CCE57A9}" = Windows Live Messenger
"{F4BEA6C1-AAC3-4810-AAEA-588E26E0F237}" = Windows Live UX Platform Language Pack
"{F52C5BE7-3F57-464E-8A54-908402E43CE8}" = Windows Live Writer Resources
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F694D1F7-1F12-4550-9B7A-C871273ABAD5}" = Windows Live Messenger
"{F6AC5364-2FB7-437a-811A-D645F22AA6AC}" = F300Trb
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos
"{F7E80BA7-A09D-4DD1-828B-C4A0274D4720}" = Windows Live Mesh
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA6CF94F-DACF-4FE7-959D-55C421B91B17}" = Windows Live Mail
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FB3D07AE-73D0-47A9-AC12-6F50BF8B6202}" = Windows Live Movie Maker
"{FB79FDB7-4DE1-453D-99FE-9A880F57380E}" = Windows Live Fotogalerie
"{FBCA06D2-4642-4F33-B20A-A7AB3F0D2E69}" = معرض صور Windows Live
"{FCBC19F7-E068-4B7A-ACBB-CE9CCEB4B21F}" = Windows Live Messenger
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FDC4C499-7B67-4A58-A30B-E1276C26BFEF}" = Angry Birds Seasons
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE4B83DE-85CF-4DE5-90CE-A2735A0E1F21}" = CorelDRAW Graphics Suite X5 - VideoBrowser
"{FE62C88B-425B-4BDE-8B70-CD5AE3B83176}" = Windows Live Essentials
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF105207-8423-4E13-B0B1-50753170B245}" = Windows Live Movie Maker
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"{FF737490-5A2D-4269-9D82-97DB2F7C0B09}" = Windows Live Movie Maker
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
"Autodesk 3ds Max 2012 64-bit - English SP2" = Autodesk 3ds Max 2012 64-bit - English SP2
"Cakewalk VST Adapter 4.3.2" = Cakewalk VST Adapter 4.3.2
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Comodo Dragon" = Comodo Dragon
"DAEMON Tools Lite" = DAEMON Tools Lite
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Gateway Registration" = Gateway Registration
"Gateway Screensaver" = Gateway ScreenSaver
"Gateway Welcome Center" = Welcome Center
"Hotkey Utility" = Hotkey Utility
"Identity Card" = Identity Card
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{4BF62C05-3943-4ECB-B233-6E37E3FB5BCF}" = ZBrush 4
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso
"KeyShot3_64" = KeyShot3 3.0 64 bit
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 7.6.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"NPP vol 1" = Native Power Pack vol 1 v2.5
"NPP vol 2" = Native Power Pack vol 2 v2.5
"n-Track Studio" = n-Track Studio
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Orbit_is1" = Orbit Downloader
"PC Wizard 2010_is1" = PC Wizard 2010.1.96
"Registry Mechanic_is1" = PC Tools Registry Mechanic 11.0
"Runic Games Torchlight" = Torchlight
"SONAR 3 Producer Edition" = SONAR 3 Producer Edition
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"WildTangent gateway Master Uninstall" = Gateway Games
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WTA-1498d8c8-b37a-45fb-a024-8ecd55b40aee" = Polar Bowler
"WTA-14e75a1b-7418-492c-b145-8e59f0d19e65" = Diner Dash 2 Restaurant Rescue
"WTA-264c4a12-999f-47ab-a65a-6b4d7deb7a54" = Plants vs. Zombies - Game of the Year
"WTA-30171914-2fde-4b23-b9b9-a0de801e2528" = Virtual Villagers - The Secret City
"WTA-4e50aa4c-7276-4735-932a-7a5fa11724d0" = FATE
"WTA-63c83e4d-07b6-4e82-aa28-548547c4040e" = John Deere Drive Green
"WTA-749b48ba-2b55-4b4b-b3b5-eb36d7957489" = Chuzzle Deluxe
"WTA-8672e041-18e7-4c25-9d14-e9abb95bf142" = Crazy Chicken Kart 2
"WTA-8d9bdfab-654e-4abc-a2cc-45207414f58b" = Wedding Dash
"WTA-98f73a44-9d70-4474-82f8-10661912be37" = Mystery P.I. - The London Caper
"WTA-ac491c27-0c06-411d-8c6f-d2d1de736372" = Zuma Deluxe
"WTA-c9254464-8ff8-4471-9fd2-5707fbc4d323" = Penguins!
"WTA-d08aa8b8-e085-4f61-944a-5a4349d6624d" = Bejeweled 2 Deluxe
"WTA-d9c82495-9f40-402c-a256-92c16699ce39" = Agatha Christie - 4:50 from Paddington
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2140435408-939192104-1354380877-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"SmartDraw 2009" = SmartDraw 2009
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/31/2011 10:58:58 AM | Computer Name = Razhar-PC | Source = TabletServicePen | ID = 1
Description =

Error - 12/31/2011 11:00:15 AM | Computer Name = Razhar-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/31/2011 11:46:08 AM | Computer Name = Razhar-PC | Source = CVHSVC | ID = 100
Description = Information only. Error: The connection with the server was terminated
abnormally ErrorCode: 14007(0x36b7).

Error - 12/31/2011 1:39:20 PM | Computer Name = Razhar-PC | Source = TabletServicePen | ID = 1
Description =

Error - 12/31/2011 1:40:37 PM | Computer Name = Razhar-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/31/2011 1:58:19 PM | Computer Name = Razhar-PC | Source = CVHSVC | ID = 100
Description = Information only. Error: The operation timed out ErrorCode: 14007(0x36b7).


Error - 12/31/2011 2:37:44 PM | Computer Name = Razhar-PC | Source = TabletServicePen | ID = 1
Description =

Error - 12/31/2011 2:39:00 PM | Computer Name = Razhar-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/31/2011 2:47:47 PM | Computer Name = Razhar-PC | Source = CVHSVC | ID = 100
Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}):
DownloadLatest Failed: There are currently no active network connections. Background
Intelligent Transfer Service (BITS) will try again when an adapter is connected.


Error - 12/31/2011 10:13:58 PM | Computer Name = Razhar-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 4/4/2012 3:58:24 PM | Computer Name = Razhar-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 4/4/2012 3:58:31 PM | Computer Name = Razhar-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 4/4/2012 4:00:35 PM | Computer Name = Razhar-PC | Source = volsnap | ID = 393241
Description = The shadow copies of volume C: were deleted because the shadow copy
storage could not grow in time. Consider reducing the IO load on the system or
choose a shadow copy storage volume that is not being shadow copied.

Error - 4/4/2012 4:00:41 PM | Computer Name = Razhar-PC | Source = Service Control Manager | ID = 7000
Description = The HWDeviceService64.exe service failed to start due to the following
error: %%2

Error - 4/4/2012 4:00:45 PM | Computer Name = Razhar-PC | Source = Service Control Manager | ID = 7001
Description = The Windows Image Acquisition (WIA) service depends on the Shell Hardware
Detection service which failed to start because of the following error: %%1058

Error - 4/4/2012 4:00:46 PM | Computer Name = Razhar-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Defender service terminated with the following error:
%%126

Error - 4/4/2012 4:01:09 PM | Computer Name = Razhar-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
luafv TfFsMon TFSysMon

Error - 4/4/2012 5:57:17 PM | Computer Name = Razhar-PC | Source = Service Control Manager | ID = 7000
Description = The HWDeviceService64.exe service failed to start due to the following
error: %%2

Error - 4/4/2012 5:57:21 PM | Computer Name = Razhar-PC | Source = Service Control Manager | ID = 7001
Description = The Windows Image Acquisition (WIA) service depends on the Shell Hardware
Detection service which failed to start because of the following error: %%1058

Error - 4/4/2012 5:57:46 PM | Computer Name = Razhar-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
luafv TfFsMon TFSysMon


< End of report >
 
Uninstall
Advanced System Optimizer 3
Click to expand...
.
Registry cleaners/optimizers are not recommended for several reasons:

  • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

    The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
  • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
  • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
  • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
  • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".
Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.


====================================================================

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
MOD - [2012/03/09 21:32:47 | 001,503,232 | ---- | M] () -- C:\Program Files (x86)\Smadav\SM?RTP.exe
O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2140435408-939192104-1354380877-1000\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKU\S-1-5-21-2140435408-939192104-1354380877-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
@Alternate Data Stream - 179 bytes -> C:\ProgramData\Temp:D1B5B4F1
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:CB0AACC9
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:0D786AE3

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

====================================================================

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Do NOT post JavaRa log.

====================================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


3. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


4. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
You must log in or register to reply here.

Similar threads

M
  • Locked
Inactive-A Please help me remove trojan detected by Comodo!
Replies
9
Views
5K
Broni
Broni
A
Solved Help with MoneyPak virus
Replies
24
Views
3K
Broni
Broni
Mark O
Solved Need help...embedded 'updateflashpayer.exe trojan virus
Replies
22
Views
3K
Broni
Broni

Latest posts

Back